search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r405: Some docs of vfs_full_audit.c as comment :-)
[Samba/gebeck_regimport.git] / source3 / modules / vfs_full_audit.c
blob993a8ee4cbec0d67fb754b1d494e71a52040c5dc
1 /*
2 * Auditing VFS module for samba. Log selected file operations to syslog
3 * facility.
4 *
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 */
25
26 /*
27 * This module implements parseable logging for all Samba VFS operations.
28 *
29 * You use it as follows:
30 *
31 * [tmp]
32 * path = /tmp
33 * vfs objects = full_audit
34 * full_audit:prefix = %u|%I
35 * full_audit:success = open opendir
36 * full_audit:failure = all
37 *
38 * This leads to syslog entries of the form:
39 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
40 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
41 *
42 * where "nobody" is the connected username and "192.168.234.1" is the
43 * client's IP address.
44 *
45 * Options:
46 *
47 * prefix: A macro expansion template prepended to the syslog entry.
48 *
49 * success: A list of VFS operations for which a successful completion should
50 * be logged. Defaults to no logging at all. The special operation "all" logs
51 * - you guessed it - everything.
52 *
53 * failure: A list of VFS operations for which failure to complete should be
54 * logged. Defaults to logging everything.
55 */
56
57
58 #include "includes.h"
59
60 extern struct current_user current_user;
61
62 static int vfs_full_audit_debug_level = DBGC_VFS;
63
64 #undef DBGC_CLASS
65 #define DBGC_CLASS vfs_full_audit_debug_level
66
67 /* Function prototypes */
68
69 static int audit_connect(vfs_handle_struct *handle, connection_struct *conn,
70 const char *svc, const char *user);
71 static void audit_disconnect(vfs_handle_struct *handle,
72 connection_struct *conn);
73 static SMB_BIG_UINT audit_disk_free(vfs_handle_struct *handle,
74 connection_struct *conn, const char *path,
75 BOOL small_query, SMB_BIG_UINT *bsize,
76 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
77 static int audit_get_quota(struct vfs_handle_struct *handle,
78 struct connection_struct *conn,
79 enum SMB_QUOTA_TYPE qtype, unid_t id,
80 SMB_DISK_QUOTA *qt);
81 static int audit_set_quota(struct vfs_handle_struct *handle,
82 struct connection_struct *conn,
83 enum SMB_QUOTA_TYPE qtype, unid_t id,
84 SMB_DISK_QUOTA *qt);
85 static DIR *audit_opendir(vfs_handle_struct *handle, connection_struct *conn,
86 const char *fname);
87 static struct dirent *audit_readdir(vfs_handle_struct *handle,
88 connection_struct *conn, DIR *dirp);
89 static int audit_mkdir(vfs_handle_struct *handle, connection_struct *conn,
90 const char *path, mode_t mode);
91 static int audit_rmdir(vfs_handle_struct *handle, connection_struct *conn,
92 const char *path);
93 static int audit_closedir(vfs_handle_struct *handle, connection_struct *conn,
94 DIR *dirp);
95 static int audit_open(vfs_handle_struct *handle, connection_struct *conn,
96 const char *fname, int flags, mode_t mode);
97 static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
98 static ssize_t audit_read(vfs_handle_struct *handle, files_struct *fsp,
99 int fd, void *data, size_t n);
100 static ssize_t audit_pread(vfs_handle_struct *handle, files_struct *fsp,
101 int fd, void *data, size_t n, SMB_OFF_T offset);
102 static ssize_t audit_write(vfs_handle_struct *handle, files_struct *fsp,
103 int fd, const void *data, size_t n);
104 static ssize_t audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
105 int fd, const void *data, size_t n,
106 SMB_OFF_T offset);
107 static SMB_OFF_T audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
108 int filedes, SMB_OFF_T offset, int whence);
109 static ssize_t audit_sendfile(vfs_handle_struct *handle, int tofd,
110 files_struct *fsp, int fromfd,
111 const DATA_BLOB *hdr, SMB_OFF_T offset,
112 size_t n);
113 static int audit_rename(vfs_handle_struct *handle, connection_struct *conn,
114 const char *old, const char *new);
115 static int audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd);
116 static int audit_stat(vfs_handle_struct *handle, connection_struct *conn,
117 const char *fname, SMB_STRUCT_STAT *sbuf);
118 static int audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
119 SMB_STRUCT_STAT *sbuf);
120 static int audit_lstat(vfs_handle_struct *handle, connection_struct *conn,
121 const char *path, SMB_STRUCT_STAT *sbuf);
122 static int audit_unlink(vfs_handle_struct *handle, connection_struct *conn,
123 const char *path);
124 static int audit_chmod(vfs_handle_struct *handle, connection_struct *conn,
125 const char *path, mode_t mode);
126 static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
127 mode_t mode);
128 static int audit_chown(vfs_handle_struct *handle, connection_struct *conn,
129 const char *path, uid_t uid, gid_t gid);
130 static int audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
131 uid_t uid, gid_t gid);
132 static int audit_chdir(vfs_handle_struct *handle, connection_struct *conn,
133 const char *path);
134 static char *audit_getwd(vfs_handle_struct *handle, connection_struct *conn,
135 char *path);
136 static int audit_utime(vfs_handle_struct *handle, connection_struct *conn,
137 const char *path, struct utimbuf *times);
138 static int audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
139 int fd, SMB_OFF_T len);
140 static BOOL audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
141 int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
142 static int audit_symlink(vfs_handle_struct *handle, connection_struct *conn,
143 const char *oldpath, const char *newpath);
144 static int audit_readlink(vfs_handle_struct *handle, connection_struct *conn,
145 const char *path, char *buf, size_t bufsiz);
146 static int audit_link(vfs_handle_struct *handle, connection_struct *conn,
147 const char *oldpath, const char *newpath);
148 static int audit_mknod(vfs_handle_struct *handle, connection_struct *conn,
149 const char *pathname, mode_t mode, SMB_DEV_T dev);
150 static char *audit_realpath(vfs_handle_struct *handle, connection_struct *conn,
151 const char *path, char *resolved_path);
152 static size_t audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
153 int fd, uint32 security_info,
154 SEC_DESC **ppdesc);
155 static size_t audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
156 const char *name, uint32 security_info,
157 SEC_DESC **ppdesc);
158 static BOOL audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
159 int fd, uint32 security_info_sent,
160 SEC_DESC *psd);
161 static BOOL audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
162 const char *name, uint32 security_info_sent,
163 SEC_DESC *psd);
164 static int audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn,
165 const char *path, mode_t mode);
166 static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
167 int fd, mode_t mode);
168 static int audit_sys_acl_get_entry(vfs_handle_struct *handle,
169 connection_struct *conn,
170 SMB_ACL_T theacl, int entry_id,
171 SMB_ACL_ENTRY_T *entry_p);
172 static int audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
173 connection_struct *conn,
174 SMB_ACL_ENTRY_T entry_d,
175 SMB_ACL_TAG_T *tag_type_p);
176 static int audit_sys_acl_get_permset(vfs_handle_struct *handle,
177 connection_struct *conn,
178 SMB_ACL_ENTRY_T entry_d,
179 SMB_ACL_PERMSET_T *permset_p);
180 static void * audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
181 connection_struct *conn,
182 SMB_ACL_ENTRY_T entry_d);
183 static SMB_ACL_T audit_sys_acl_get_file(vfs_handle_struct *handle,
184 connection_struct *conn,
185 const char *path_p,
186 SMB_ACL_TYPE_T type);
187 static SMB_ACL_T audit_sys_acl_get_fd(vfs_handle_struct *handle,
188 files_struct *fsp,
189 int fd);
190 static int audit_sys_acl_clear_perms(vfs_handle_struct *handle,
191 connection_struct *conn,
192 SMB_ACL_PERMSET_T permset);
193 static int audit_sys_acl_add_perm(vfs_handle_struct *handle,
194 connection_struct *conn,
195 SMB_ACL_PERMSET_T permset,
196 SMB_ACL_PERM_T perm);
197 static char * audit_sys_acl_to_text(vfs_handle_struct *handle,
198 connection_struct *conn, SMB_ACL_T theacl,
199 ssize_t *plen);
200 static SMB_ACL_T audit_sys_acl_init(vfs_handle_struct *handle,
201 connection_struct *conn,
202 int count);
203 static int audit_sys_acl_create_entry(vfs_handle_struct *handle,
204 connection_struct *conn, SMB_ACL_T *pacl,
205 SMB_ACL_ENTRY_T *pentry);
206 static int audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
207 connection_struct *conn,
208 SMB_ACL_ENTRY_T entry,
209 SMB_ACL_TAG_T tagtype);
210 static int audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
211 connection_struct *conn,
212 SMB_ACL_ENTRY_T entry,
213 void *qual);
214 static int audit_sys_acl_set_permset(vfs_handle_struct *handle,
215 connection_struct *conn,
216 SMB_ACL_ENTRY_T entry,
217 SMB_ACL_PERMSET_T permset);
218 static int audit_sys_acl_valid(vfs_handle_struct *handle,
219 connection_struct *conn,
220 SMB_ACL_T theacl );
221 static int audit_sys_acl_set_file(vfs_handle_struct *handle,
222 connection_struct *conn,
223 const char *name, SMB_ACL_TYPE_T acltype,
224 SMB_ACL_T theacl);
225 static int audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
226 int fd, SMB_ACL_T theacl);
227 static int audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
228 connection_struct *conn,
229 const char *path);
230 static int audit_sys_acl_get_perm(vfs_handle_struct *handle,
231 connection_struct *conn,
232 SMB_ACL_PERMSET_T permset,
233 SMB_ACL_PERM_T perm);
234 static int audit_sys_acl_free_text(vfs_handle_struct *handle,
235 connection_struct *conn,
236 char *text);
237 static int audit_sys_acl_free_acl(vfs_handle_struct *handle,
238 connection_struct *conn,
239 SMB_ACL_T posix_acl);
240 static int audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
241 connection_struct *conn,
242 void *qualifier,
243 SMB_ACL_TAG_T tagtype);
244 static ssize_t audit_getxattr(struct vfs_handle_struct *handle,
245 struct connection_struct *conn, const char *path,
246 const char *name, void *value, size_t size);
247 static ssize_t audit_lgetxattr(struct vfs_handle_struct *handle,
248 struct connection_struct *conn,
249 const char *path, const char *name,
250 void *value, size_t size);
251 static ssize_t audit_fgetxattr(struct vfs_handle_struct *handle,
252 struct files_struct *fsp, int fd,
253 const char *name, void *value, size_t size);
254 static ssize_t audit_listxattr(struct vfs_handle_struct *handle,
255 struct connection_struct *conn,
256 const char *path, char *list, size_t size);
257 static ssize_t audit_llistxattr(struct vfs_handle_struct *handle,
258 struct connection_struct *conn,
259 const char *path, char *list, size_t size);
260 static ssize_t audit_flistxattr(struct vfs_handle_struct *handle,
261 struct files_struct *fsp, int fd, char *list,
262 size_t size);
263 static int audit_removexattr(struct vfs_handle_struct *handle,
264 struct connection_struct *conn, const char *path,
265 const char *name);
266 static int audit_lremovexattr(struct vfs_handle_struct *handle,
267 struct connection_struct *conn, const char *path,
268 const char *name);
269 static int audit_fremovexattr(struct vfs_handle_struct *handle,
270 struct files_struct *fsp, int fd,
271 const char *name);
272 static int audit_setxattr(struct vfs_handle_struct *handle,
273 struct connection_struct *conn, const char *path,
274 const char *name, const void *value, size_t size,
275 int flags);
276 static int audit_lsetxattr(struct vfs_handle_struct *handle,
277 struct connection_struct *conn, const char *path,
278 const char *name, const void *value, size_t size,
279 int flags);
280 static int audit_fsetxattr(struct vfs_handle_struct *handle,
281 struct files_struct *fsp, int fd, const char *name,
282 const void *value, size_t size, int flags);
283
284 /* VFS operations */
285
286 static vfs_op_tuple audit_op_tuples[] = {
287
288 /* Disk operations */
289
290 {SMB_VFS_OP(audit_connect), SMB_VFS_OP_CONNECT,
291 SMB_VFS_LAYER_LOGGER},
292 {SMB_VFS_OP(audit_disconnect), SMB_VFS_OP_DISCONNECT,
293 SMB_VFS_LAYER_LOGGER},
294 {SMB_VFS_OP(audit_disk_free), SMB_VFS_OP_DISK_FREE,
295 SMB_VFS_LAYER_LOGGER},
296 {SMB_VFS_OP(audit_get_quota), SMB_VFS_OP_GET_QUOTA,
297 SMB_VFS_LAYER_LOGGER},
298 {SMB_VFS_OP(audit_set_quota), SMB_VFS_OP_SET_QUOTA,
299 SMB_VFS_LAYER_LOGGER},
300
301 /* Directory operations */
302
303 {SMB_VFS_OP(audit_opendir), SMB_VFS_OP_OPENDIR,
304 SMB_VFS_LAYER_LOGGER},
305 {SMB_VFS_OP(audit_readdir), SMB_VFS_OP_READDIR,
306 SMB_VFS_LAYER_LOGGER},
307 {SMB_VFS_OP(audit_mkdir), SMB_VFS_OP_MKDIR,
308 SMB_VFS_LAYER_LOGGER},
309 {SMB_VFS_OP(audit_rmdir), SMB_VFS_OP_RMDIR,
310 SMB_VFS_LAYER_LOGGER},
311 {SMB_VFS_OP(audit_closedir), SMB_VFS_OP_CLOSEDIR,
312 SMB_VFS_LAYER_LOGGER},
313
314 /* File operations */
315
316 {SMB_VFS_OP(audit_open), SMB_VFS_OP_OPEN,
317 SMB_VFS_LAYER_LOGGER},
318 {SMB_VFS_OP(audit_close), SMB_VFS_OP_CLOSE,
319 SMB_VFS_LAYER_LOGGER},
320 {SMB_VFS_OP(audit_read), SMB_VFS_OP_READ,
321 SMB_VFS_LAYER_LOGGER},
322 {SMB_VFS_OP(audit_pread), SMB_VFS_OP_PREAD,
323 SMB_VFS_LAYER_LOGGER},
324 {SMB_VFS_OP(audit_write), SMB_VFS_OP_WRITE,
325 SMB_VFS_LAYER_LOGGER},
326 {SMB_VFS_OP(audit_pwrite), SMB_VFS_OP_PWRITE,
327 SMB_VFS_LAYER_LOGGER},
328 {SMB_VFS_OP(audit_lseek), SMB_VFS_OP_LSEEK,
329 SMB_VFS_LAYER_LOGGER},
330 {SMB_VFS_OP(audit_sendfile), SMB_VFS_OP_SENDFILE,
331 SMB_VFS_LAYER_LOGGER},
332 {SMB_VFS_OP(audit_rename), SMB_VFS_OP_RENAME,
333 SMB_VFS_LAYER_LOGGER},
334 {SMB_VFS_OP(audit_fsync), SMB_VFS_OP_FSYNC,
335 SMB_VFS_LAYER_LOGGER},
336 {SMB_VFS_OP(audit_stat), SMB_VFS_OP_STAT,
337 SMB_VFS_LAYER_LOGGER},
338 {SMB_VFS_OP(audit_fstat), SMB_VFS_OP_FSTAT,
339 SMB_VFS_LAYER_LOGGER},
340 {SMB_VFS_OP(audit_lstat), SMB_VFS_OP_LSTAT,
341 SMB_VFS_LAYER_LOGGER},
342 {SMB_VFS_OP(audit_unlink), SMB_VFS_OP_UNLINK,
343 SMB_VFS_LAYER_LOGGER},
344 {SMB_VFS_OP(audit_chmod), SMB_VFS_OP_CHMOD,
345 SMB_VFS_LAYER_LOGGER},
346 {SMB_VFS_OP(audit_fchmod), SMB_VFS_OP_FCHMOD,
347 SMB_VFS_LAYER_LOGGER},
348 {SMB_VFS_OP(audit_chown), SMB_VFS_OP_CHOWN,
349 SMB_VFS_LAYER_LOGGER},
350 {SMB_VFS_OP(audit_fchown), SMB_VFS_OP_FCHOWN,
351 SMB_VFS_LAYER_LOGGER},
352 {SMB_VFS_OP(audit_chdir), SMB_VFS_OP_CHDIR,
353 SMB_VFS_LAYER_LOGGER},
354 {SMB_VFS_OP(audit_getwd), SMB_VFS_OP_GETWD,
355 SMB_VFS_LAYER_LOGGER},
356 {SMB_VFS_OP(audit_utime), SMB_VFS_OP_UTIME,
357 SMB_VFS_LAYER_LOGGER},
358 {SMB_VFS_OP(audit_ftruncate), SMB_VFS_OP_FTRUNCATE,
359 SMB_VFS_LAYER_LOGGER},
360 {SMB_VFS_OP(audit_lock), SMB_VFS_OP_LOCK,
361 SMB_VFS_LAYER_LOGGER},
362 {SMB_VFS_OP(audit_symlink), SMB_VFS_OP_SYMLINK,
363 SMB_VFS_LAYER_LOGGER},
364 {SMB_VFS_OP(audit_readlink), SMB_VFS_OP_READLINK,
365 SMB_VFS_LAYER_LOGGER},
366 {SMB_VFS_OP(audit_link), SMB_VFS_OP_LINK,
367 SMB_VFS_LAYER_LOGGER},
368 {SMB_VFS_OP(audit_mknod), SMB_VFS_OP_MKNOD,
369 SMB_VFS_LAYER_LOGGER},
370 {SMB_VFS_OP(audit_realpath), SMB_VFS_OP_REALPATH,
371 SMB_VFS_LAYER_LOGGER},
372
373 /* NT ACL operations. */
374
375 {SMB_VFS_OP(audit_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
376 SMB_VFS_LAYER_LOGGER},
377 {SMB_VFS_OP(audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
378 SMB_VFS_LAYER_LOGGER},
379 {SMB_VFS_OP(audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
380 SMB_VFS_LAYER_LOGGER},
381 {SMB_VFS_OP(audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
382 SMB_VFS_LAYER_LOGGER},
383
384 /* POSIX ACL operations. */
385
386 {SMB_VFS_OP(audit_chmod_acl), SMB_VFS_OP_CHMOD,
387 SMB_VFS_LAYER_LOGGER},
388 {SMB_VFS_OP(audit_fchmod_acl), SMB_VFS_OP_FCHMOD,
389 SMB_VFS_LAYER_LOGGER},
390 {SMB_VFS_OP(audit_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY,
391 SMB_VFS_LAYER_LOGGER},
392 {SMB_VFS_OP(audit_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
393 SMB_VFS_LAYER_LOGGER},
394 {SMB_VFS_OP(audit_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET,
395 SMB_VFS_LAYER_LOGGER},
396 {SMB_VFS_OP(audit_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
397 SMB_VFS_LAYER_LOGGER},
398 {SMB_VFS_OP(audit_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
399 SMB_VFS_LAYER_LOGGER},
400 {SMB_VFS_OP(audit_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
401 SMB_VFS_LAYER_LOGGER},
402 {SMB_VFS_OP(audit_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
403 SMB_VFS_LAYER_LOGGER},
404 {SMB_VFS_OP(audit_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM,
405 SMB_VFS_LAYER_LOGGER},
406 {SMB_VFS_OP(audit_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT,
407 SMB_VFS_LAYER_LOGGER},
408 {SMB_VFS_OP(audit_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT,
409 SMB_VFS_LAYER_LOGGER},
410 {SMB_VFS_OP(audit_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
411 SMB_VFS_LAYER_LOGGER},
412 {SMB_VFS_OP(audit_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
413 SMB_VFS_LAYER_LOGGER},
414 {SMB_VFS_OP(audit_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
415 SMB_VFS_LAYER_LOGGER},
416 {SMB_VFS_OP(audit_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET,
417 SMB_VFS_LAYER_LOGGER},
418 {SMB_VFS_OP(audit_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID,
419 SMB_VFS_LAYER_LOGGER},
420 {SMB_VFS_OP(audit_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
421 SMB_VFS_LAYER_LOGGER},
422 {SMB_VFS_OP(audit_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
423 SMB_VFS_LAYER_LOGGER},
424 {SMB_VFS_OP(audit_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
425 SMB_VFS_LAYER_LOGGER},
426 {SMB_VFS_OP(audit_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM,
427 SMB_VFS_LAYER_LOGGER},
428 {SMB_VFS_OP(audit_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT,
429 SMB_VFS_LAYER_LOGGER},
430 {SMB_VFS_OP(audit_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL,
431 SMB_VFS_LAYER_LOGGER},
432 {SMB_VFS_OP(audit_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
433 SMB_VFS_LAYER_LOGGER},
434
435 /* EA operations. */
436
437 {SMB_VFS_OP(audit_getxattr), SMB_VFS_OP_GETXATTR,
438 SMB_VFS_LAYER_LOGGER},
439 {SMB_VFS_OP(audit_lgetxattr), SMB_VFS_OP_LGETXATTR,
440 SMB_VFS_LAYER_LOGGER},
441 {SMB_VFS_OP(audit_fgetxattr), SMB_VFS_OP_FGETXATTR,
442 SMB_VFS_LAYER_LOGGER},
443 {SMB_VFS_OP(audit_listxattr), SMB_VFS_OP_LISTXATTR,
444 SMB_VFS_LAYER_LOGGER},
445 {SMB_VFS_OP(audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
446 SMB_VFS_LAYER_LOGGER},
447 {SMB_VFS_OP(audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
448 SMB_VFS_LAYER_LOGGER},
449 {SMB_VFS_OP(audit_removexattr), SMB_VFS_OP_REMOVEXATTR,
450 SMB_VFS_LAYER_LOGGER},
451 {SMB_VFS_OP(audit_lremovexattr), SMB_VFS_OP_LREMOVEXATTR,
452 SMB_VFS_LAYER_LOGGER},
453 {SMB_VFS_OP(audit_fremovexattr), SMB_VFS_OP_FREMOVEXATTR,
454 SMB_VFS_LAYER_LOGGER},
455 {SMB_VFS_OP(audit_setxattr), SMB_VFS_OP_SETXATTR,
456 SMB_VFS_LAYER_LOGGER},
457 {SMB_VFS_OP(audit_lsetxattr), SMB_VFS_OP_LSETXATTR,
458 SMB_VFS_LAYER_LOGGER},
459 {SMB_VFS_OP(audit_fsetxattr), SMB_VFS_OP_FSETXATTR,
460 SMB_VFS_LAYER_LOGGER},
461
462 /* Finish VFS operations definition */
463
464 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP,
465 SMB_VFS_LAYER_NOOP}
466 };
467
468 /* The following array *must* be in the same order as defined in vfs.h */
469
470 static struct {
471 vfs_op_type type;
472 const char *name;
473 } vfs_op_names[] = {
474 { SMB_VFS_OP_CONNECT, "connect" },
475 { SMB_VFS_OP_DISCONNECT, "disconnect" },
476 { SMB_VFS_OP_DISK_FREE, "disk_free" },
477 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
478 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
479 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
480 { SMB_VFS_OP_OPENDIR, "opendir" },
481 { SMB_VFS_OP_READDIR, "readdir" },
482 { SMB_VFS_OP_MKDIR, "mkdir" },
483 { SMB_VFS_OP_RMDIR, "rmdir" },
484 { SMB_VFS_OP_CLOSEDIR, "closedir" },
485 { SMB_VFS_OP_OPEN, "open" },
486 { SMB_VFS_OP_CLOSE, "close" },
487 { SMB_VFS_OP_READ, "read" },
488 { SMB_VFS_OP_PREAD, "pread" },
489 { SMB_VFS_OP_WRITE, "write" },
490 { SMB_VFS_OP_PWRITE, "pwrite" },
491 { SMB_VFS_OP_LSEEK, "lseek" },
492 { SMB_VFS_OP_SENDFILE, "sendfile" },
493 { SMB_VFS_OP_RENAME, "rename" },
494 { SMB_VFS_OP_FSYNC, "fsync" },
495 { SMB_VFS_OP_STAT, "stat" },
496 { SMB_VFS_OP_FSTAT, "fstat" },
497 { SMB_VFS_OP_LSTAT, "lstat" },
498 { SMB_VFS_OP_UNLINK, "unlink" },
499 { SMB_VFS_OP_CHMOD, "chmod" },
500 { SMB_VFS_OP_FCHMOD, "fchmod" },
501 { SMB_VFS_OP_CHOWN, "chown" },
502 { SMB_VFS_OP_FCHOWN, "fchown" },
503 { SMB_VFS_OP_CHDIR, "chdir" },
504 { SMB_VFS_OP_GETWD, "getwd" },
505 { SMB_VFS_OP_UTIME, "utime" },
506 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
507 { SMB_VFS_OP_LOCK, "lock" },
508 { SMB_VFS_OP_SYMLINK, "symlink" },
509 { SMB_VFS_OP_READLINK, "readlink" },
510 { SMB_VFS_OP_LINK, "link" },
511 { SMB_VFS_OP_MKNOD, "mknod" },
512 { SMB_VFS_OP_REALPATH, "realpath" },
513 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
514 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
515 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
516 { SMB_VFS_OP_SET_NT_ACL, "set_nt_acl" },
517 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
518 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
519 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
520 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
521 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
522 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
523 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
524 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
525 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
526 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
527 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
528 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
529 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
530 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
531 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
532 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
533 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
534 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
535 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
536 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
537 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
538 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
539 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
540 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
541 { SMB_VFS_OP_GETXATTR, "getxattr" },
542 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
543 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
544 { SMB_VFS_OP_LISTXATTR, "listxattr" },
545 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
546 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
547 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
548 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
549 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
550 { SMB_VFS_OP_SETXATTR, "setxattr" },
551 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
552 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
553 { SMB_VFS_OP_LAST, NULL }
554 };
555
556 static int audit_syslog_facility(vfs_handle_struct *handle)
557 {
558 /* fix me: let this be configurable by:
559 * lp_param_enum(SNUM(handle->conn),
560 * (handle->param?handle->param:"full_audit"),
561 * "syslog facility",
562 * audit_enum_facility,LOG_USER);
563 */
564 return LOG_USER;
565 }
566
567 static int audit_syslog_priority(vfs_handle_struct *handle)
568 {
569 /* fix me: let this be configurable by:
570 * lp_param_enum(SNUM(handle->conn),
571 * (handle->param?handle->param:"full_audit"),
572 * "syslog priority",
573 * audit_enum_priority,LOG_NOTICE);
574 */
575 return LOG_NOTICE;
576 }
577
578 static char *audit_prefix(connection_struct *conn)
579 {
580 static pstring prefix;
581
582 pstrcpy(prefix, lp_parm_const_string(SNUM(conn), "full_audit",
583 "prefix", "%u|%I"));
584 standard_sub_snum(SNUM(conn), prefix, sizeof(prefix)-1);
585 return prefix;
586 }
587
588 static struct bitmap *success_ops = NULL;
589
590 static BOOL log_success(vfs_op_type op)
591 {
592 if (success_ops == NULL)
593 return True;
594
595 return bitmap_query(success_ops, op);
596 }
597
598 static struct bitmap *failure_ops = NULL;
599
600 static BOOL log_failure(vfs_op_type op)
601 {
602 if (failure_ops == NULL)
603 return True;
604
605 return bitmap_query(failure_ops, op);
606 }
607
608 static void init_bitmap(struct bitmap **bm, const char **ops)
609 {
610 BOOL log_all = False;
611
612 if (*bm != NULL)
613 return;
614
615 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
616
617 if (*bm == NULL) {
618 DEBUG(0, ("Could not alloc bitmap -- "
619 "defaulting to logging everything\n"));
620 return;
621 }
622
623 while (*ops != NULL) {
624 int i;
625 BOOL found = False;
626
627 if (strequal(*ops, "all")) {
628 log_all = True;
629 break;
630 }
631
632 for (i=0; i<SMB_VFS_OP_LAST; i++) {
633 if (strequal(*ops, vfs_op_names[i].name)) {
634 bitmap_set(*bm, i);
635 found = True;
636 }
637 }
638 if (!found) {
639 DEBUG(0, ("Could not find opname %s, logging all\n",
640 *ops));
641 log_all = True;
642 break;
643 }
644 ops += 1;
645 }
646
647 if (log_all) {
648 /* The query functions default to True */
649 bitmap_free(*bm);
650 *bm = NULL;
651 }
652 }
653
654 static const char *audit_opname(vfs_op_type op)
655 {
656 if (op >= SMB_VFS_OP_LAST)
657 return "INVALID VFS OP";
658 return vfs_op_names[op].name;
659 }
660
661 static void do_log(vfs_op_type op, BOOL success, vfs_handle_struct *handle,
662 const char *format, ...)
663 {
664 fstring err_msg;
665 pstring op_msg;
666 va_list ap;
667
668 if (success && (!log_success(op)))
669 return;
670
671 if (!success && (!log_failure(op)))
672 return;
673
674 if (success)
675 fstrcpy(err_msg, "ok");
676 else
677 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
678
679 va_start(ap, format);
680 vsnprintf(op_msg, sizeof(op_msg), format, ap);
681 va_end(ap);
682
683 syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
684 audit_prefix(handle->conn), audit_opname(op), err_msg, op_msg);
685
686 return;
687 }
688
689 /* Implementation of vfs_ops. Pass everything on to the default
690 operation but log event first. */
691
692 static int audit_connect(vfs_handle_struct *handle, connection_struct *conn,
693 const char *svc, const char *user)
694 {
695 int result;
696 const char *none[] = { NULL };
697 const char *all [] = { "all" };
698
699 openlog("smbd_audit", 0, audit_syslog_facility(handle));
700
701 init_bitmap(&success_ops,
702 lp_parm_string_list(SNUM(conn), "full_audit", "success",
703 none));
704 init_bitmap(&failure_ops,
705 lp_parm_string_list(SNUM(conn), "full_audit", "failure",
706 all));
707
708 result = SMB_VFS_NEXT_CONNECT(handle, conn, svc, user);
709
710 do_log(SMB_VFS_OP_CONNECT, True, handle,
711 "%s", svc);
712
713 return result;
714 }
715
716 static void audit_disconnect(vfs_handle_struct *handle,
717 connection_struct *conn)
718 {
719 SMB_VFS_NEXT_DISCONNECT(handle, conn);
720
721 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
722 "%s", lp_servicename(SNUM(conn)));
723
724 bitmap_free(success_ops);
725 success_ops = NULL;
726
727 bitmap_free(failure_ops);
728 failure_ops = NULL;
729
730 return;
731 }
732
733 static SMB_BIG_UINT audit_disk_free(vfs_handle_struct *handle,
734 connection_struct *conn, const char *path,
735 BOOL small_query, SMB_BIG_UINT *bsize,
736 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
737 {
738 SMB_BIG_UINT result;
739
740 result = SMB_VFS_NEXT_DISK_FREE(handle, conn, path, small_query, bsize,
741 dfree, dsize);
742
743 /* Don't have a reasonable notion of failure here */
744
745 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
746
747 return result;
748 }
749
750 static int audit_get_quota(struct vfs_handle_struct *handle,
751 struct connection_struct *conn,
752 enum SMB_QUOTA_TYPE qtype, unid_t id,
753 SMB_DISK_QUOTA *qt)
754 {
755 int result;
756
757 result = SMB_VFS_NEXT_GET_QUOTA(handle, conn, qtype, id, qt);
758
759 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
760
761 return result;
762 }
763
764
765 static int audit_set_quota(struct vfs_handle_struct *handle,
766 struct connection_struct *conn,
767 enum SMB_QUOTA_TYPE qtype, unid_t id,
768 SMB_DISK_QUOTA *qt)
769 {
770 int result;
771
772 result = SMB_VFS_NEXT_SET_QUOTA(handle, conn, qtype, id, qt);
773
774 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
775
776 return result;
777 }
778
779 static DIR *audit_opendir(vfs_handle_struct *handle, connection_struct *conn,
780 const char *fname)
781 {
782 DIR *result;
783
784 result = SMB_VFS_NEXT_OPENDIR(handle, conn, fname);
785
786 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
787
788 return result;
789 }
790
791 static struct dirent *audit_readdir(vfs_handle_struct *handle,
792 connection_struct *conn, DIR *dirp)
793 {
794 struct dirent *result;
795
796 result = SMB_VFS_NEXT_READDIR(handle, conn, dirp);
797
798 /* This operation has no reasonable error condition
799 * (End of dir is also failure), so always succeed.
800 */
801 do_log(SMB_VFS_OP_READDIR, True, handle, "");
802
803 return result;
804 }
805
806 static int audit_mkdir(vfs_handle_struct *handle, connection_struct *conn,
807 const char *path, mode_t mode)
808 {
809 int result;
810
811 result = SMB_VFS_NEXT_MKDIR(handle, conn, path, mode);
812
813 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
814
815 return result;
816 }
817
818 static int audit_rmdir(vfs_handle_struct *handle, connection_struct *conn,
819 const char *path)
820 {
821 int result;
822
823 result = SMB_VFS_NEXT_RMDIR(handle, conn, path);
824
825 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
826
827 return result;
828 }
829
830 static int audit_closedir(vfs_handle_struct *handle, connection_struct *conn,
831 DIR *dirp)
832 {
833 int result;
834
835 result = SMB_VFS_NEXT_CLOSEDIR(handle, conn, dirp);
836
837 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
838
839 return result;
840 }
841
842 static int audit_open(vfs_handle_struct *handle, connection_struct *conn,
843 const char *fname, int flags, mode_t mode)
844 {
845 int result;
846
847 result = SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode);
848
849 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
850 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
851 fname);
852
853 return result;
854 }
855
856 static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
857 {
858 int result;
859
860 result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
861
862 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
863
864 return result;
865 }
866
867 static ssize_t audit_read(vfs_handle_struct *handle, files_struct *fsp,
868 int fd, void *data, size_t n)
869 {
870 ssize_t result;
871
872 result = SMB_VFS_NEXT_READ(handle, fsp, fd, data, n);
873
874 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
875
876 return result;
877 }
878
879 static ssize_t audit_pread(vfs_handle_struct *handle, files_struct *fsp,
880 int fd, void *data, size_t n, SMB_OFF_T offset)
881 {
882 ssize_t result;
883
884 result = SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, offset);
885
886 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
887
888 return result;
889 }
890
891 static ssize_t audit_write(vfs_handle_struct *handle, files_struct *fsp,
892 int fd, const void *data, size_t n)
893 {
894 ssize_t result;
895
896 result = SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n);
897
898 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
899
900 return result;
901 }
902
903 static ssize_t audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
904 int fd, const void *data, size_t n,
905 SMB_OFF_T offset)
906 {
907 ssize_t result;
908
909 result = SMB_VFS_NEXT_PWRITE(handle, fsp, fd, data, n, offset);
910
911 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
912
913 return result;
914 }
915
916 static SMB_OFF_T audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
917 int filedes, SMB_OFF_T offset, int whence)
918 {
919 ssize_t result;
920
921 result = SMB_VFS_NEXT_LSEEK(handle, fsp, filedes, offset, whence);
922
923 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
924 "%s", fsp->fsp_name);
925
926 return result;
927 }
928
929 static ssize_t audit_sendfile(vfs_handle_struct *handle, int tofd,
930 files_struct *fsp, int fromfd,
931 const DATA_BLOB *hdr, SMB_OFF_T offset,
932 size_t n)
933 {
934 ssize_t result;
935
936 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, hdr,
937 offset, n);
938
939 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
940 "%s", fsp->fsp_name);
941
942 return result;
943 }
944
945 static int audit_rename(vfs_handle_struct *handle, connection_struct *conn,
946 const char *old, const char *new)
947 {
948 int result;
949
950 result = SMB_VFS_NEXT_RENAME(handle, conn, old, new);
951
952 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", old, new);
953
954 return result;
955 }
956
957 static int audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd)
958 {
959 int result;
960
961 result = SMB_VFS_NEXT_FSYNC(handle, fsp, fd);
962
963 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
964
965 return result;
966 }
967
968 static int audit_stat(vfs_handle_struct *handle, connection_struct *conn,
969 const char *fname, SMB_STRUCT_STAT *sbuf)
970 {
971 int result;
972
973 result = SMB_VFS_NEXT_STAT(handle, conn, fname, sbuf);
974
975 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
976
977 return result;
978 }
979
980 static int audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
981 SMB_STRUCT_STAT *sbuf)
982 {
983 int result;
984
985 result = SMB_VFS_NEXT_FSTAT(handle, fsp, fd, sbuf);
986
987 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
988
989 return result;
990 }
991
992 static int audit_lstat(vfs_handle_struct *handle, connection_struct *conn,
993 const char *path, SMB_STRUCT_STAT *sbuf)
994 {
995 int result;
996
997 result = SMB_VFS_NEXT_LSTAT(handle, conn, path, sbuf);
998
999 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1000
1001 return result;
1002 }
1003
1004 static int audit_unlink(vfs_handle_struct *handle, connection_struct *conn,
1005 const char *path)
1006 {
1007 int result;
1008
1009 result = SMB_VFS_NEXT_UNLINK(handle, conn, path);
1010
1011 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1012
1013 return result;
1014 }
1015
1016 static int audit_chmod(vfs_handle_struct *handle, connection_struct *conn,
1017 const char *path, mode_t mode)
1018 {
1019 int result;
1020
1021 result = SMB_VFS_NEXT_CHMOD(handle, conn, path, mode);
1022
1023 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1024
1025 return result;
1026 }
1027
1028 static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
1029 mode_t mode)
1030 {
1031 int result;
1032
1033 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
1034
1035 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1036 "%s|%o", fsp->fsp_name, mode);
1037
1038 return result;
1039 }
1040
1041 static int audit_chown(vfs_handle_struct *handle, connection_struct *conn,
1042 const char *path, uid_t uid, gid_t gid)
1043 {
1044 int result;
1045
1046 result = SMB_VFS_NEXT_CHOWN(handle, conn, path, uid, gid);
1047
1048 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1049 path, (long int)uid, (long int)gid);
1050
1051 return result;
1052 }
1053
1054 static int audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
1055 uid_t uid, gid_t gid)
1056 {
1057 int result;
1058
1059 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, fd, uid, gid);
1060
1061 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1062 fsp->fsp_name, (long int)uid, (long int)gid);
1063
1064 return result;
1065 }
1066
1067 static int audit_chdir(vfs_handle_struct *handle, connection_struct *conn,
1068 const char *path)
1069 {
1070 int result;
1071
1072 result = SMB_VFS_NEXT_CHDIR(handle, conn, path);
1073
1074 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1075
1076 return result;
1077 }
1078
1079 static char *audit_getwd(vfs_handle_struct *handle, connection_struct *conn,
1080 char *path)
1081 {
1082 char *result;
1083
1084 result = SMB_VFS_NEXT_GETWD(handle, conn, path);
1085
1086 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1087
1088 return result;
1089 }
1090
1091 static int audit_utime(vfs_handle_struct *handle, connection_struct *conn,
1092 const char *path, struct utimbuf *times)
1093 {
1094 int result;
1095
1096 result = SMB_VFS_NEXT_UTIME(handle, conn, path, times);
1097
1098 do_log(SMB_VFS_OP_UTIME, (result >= 0), handle, "%s", path);
1099
1100 return result;
1101 }
1102
1103 static int audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1104 int fd, SMB_OFF_T len)
1105 {
1106 int result;
1107
1108 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, fd, len);
1109
1110 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1111 "%s", fsp->fsp_name);
1112
1113 return result;
1114 }
1115
1116 static BOOL audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
1117 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1118 {
1119 BOOL result;
1120
1121 result = SMB_VFS_NEXT_LOCK(handle, fsp, fd, op, offset, count, type);
1122
1123 do_log(SMB_VFS_OP_LOCK, (result >= 0), handle, "%s", fsp->fsp_name);
1124
1125 return result;
1126 }
1127
1128 static int audit_symlink(vfs_handle_struct *handle, connection_struct *conn,
1129 const char *oldpath, const char *newpath)
1130 {
1131 int result;
1132
1133 result = SMB_VFS_NEXT_SYMLINK(handle, conn, oldpath, newpath);
1134
1135 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1136 "%s|%s", oldpath, newpath);
1137
1138 return result;
1139 }
1140
1141 static int audit_readlink(vfs_handle_struct *handle, connection_struct *conn,
1142 const char *path, char *buf, size_t bufsiz)
1143 {
1144 int result;
1145
1146 result = SMB_VFS_NEXT_READLINK(handle, conn, path, buf, bufsiz);
1147
1148 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1149
1150 return result;
1151 }
1152
1153 static int audit_link(vfs_handle_struct *handle, connection_struct *conn,
1154 const char *oldpath, const char *newpath)
1155 {
1156 int result;
1157
1158 result = SMB_VFS_NEXT_LINK(handle, conn, oldpath, newpath);
1159
1160 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1161 "%s|%s", oldpath, newpath);
1162
1163 return result;
1164 }
1165
1166 static int audit_mknod(vfs_handle_struct *handle, connection_struct *conn,
1167 const char *pathname, mode_t mode, SMB_DEV_T dev)
1168 {
1169 int result;
1170
1171 result = SMB_VFS_NEXT_MKNOD(handle, conn, pathname, mode, dev);
1172
1173 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1174
1175 return result;
1176 }
1177
1178 static char *audit_realpath(vfs_handle_struct *handle, connection_struct *conn,
1179 const char *path, char *resolved_path)
1180 {
1181 char *result;
1182
1183 result = SMB_VFS_NEXT_REALPATH(handle, conn, path, resolved_path);
1184
1185 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1186
1187 return result;
1188 }
1189
1190 static size_t audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1191 int fd, uint32 security_info,
1192 SEC_DESC **ppdesc)
1193 {
1194 size_t result;
1195
1196 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info,
1197 ppdesc);
1198
1199 do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle,
1200 "%s", fsp->fsp_name);
1201
1202 return result;
1203 }
1204
1205 static size_t audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1206 const char *name, uint32 security_info,
1207 SEC_DESC **ppdesc)
1208 {
1209 size_t result;
1210
1211 result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
1212 ppdesc);
1213
1214 do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle,
1215 "%s", fsp->fsp_name);
1216
1217 return result;
1218 }
1219
1220 static BOOL audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1221 int fd, uint32 security_info_sent,
1222 SEC_DESC *psd)
1223 {
1224 BOOL result;
1225
1226 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent,
1227 psd);
1228
1229 do_log(SMB_VFS_OP_FSET_NT_ACL, result, handle, "%s", fsp->fsp_name);
1230
1231 return result;
1232 }
1233
1234 static BOOL audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1235 const char *name, uint32 security_info_sent,
1236 SEC_DESC *psd)
1237 {
1238 BOOL result;
1239
1240 result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
1241 psd);
1242
1243 do_log(SMB_VFS_OP_SET_NT_ACL, result, handle, "%s", fsp->fsp_name);
1244
1245 return result;
1246 }
1247
1248 static int audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn,
1249 const char *path, mode_t mode)
1250 {
1251 int result;
1252
1253 result = SMB_VFS_NEXT_CHMOD_ACL(handle, conn, path, mode);
1254
1255 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1256 "%s|%o", path, mode);
1257
1258 return result;
1259 }
1260
1261 static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1262 int fd, mode_t mode)
1263 {
1264 int result;
1265
1266 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);
1267
1268 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1269 "%s|%o", fsp->fsp_name, mode);
1270
1271 return result;
1272 }
1273
1274 static int audit_sys_acl_get_entry(vfs_handle_struct *handle,
1275 connection_struct *conn,
1276 SMB_ACL_T theacl, int entry_id,
1277 SMB_ACL_ENTRY_T *entry_p)
1278 {
1279 int result;
1280
1281 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, conn, theacl, entry_id,
1282 entry_p);
1283
1284 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1285 "");
1286
1287 return result;
1288 }
1289
1290 static int audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1291 connection_struct *conn,
1292 SMB_ACL_ENTRY_T entry_d,
1293 SMB_ACL_TAG_T *tag_type_p)
1294 {
1295 int result;
1296
1297 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, conn, entry_d,
1298 tag_type_p);
1299
1300 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1301 "");
1302
1303 return result;
1304 }
1305
1306 static int audit_sys_acl_get_permset(vfs_handle_struct *handle,
1307 connection_struct *conn,
1308 SMB_ACL_ENTRY_T entry_d,
1309 SMB_ACL_PERMSET_T *permset_p)
1310 {
1311 int result;
1312
1313 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, conn, entry_d,
1314 permset_p);
1315
1316 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1317 "");
1318
1319 return result;
1320 }
1321
1322 static void * audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1323 connection_struct *conn,
1324 SMB_ACL_ENTRY_T entry_d)
1325 {
1326 void *result;
1327
1328 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, conn, entry_d);
1329
1330 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1331 "");
1332
1333 return result;
1334 }
1335
1336 static SMB_ACL_T audit_sys_acl_get_file(vfs_handle_struct *handle,
1337 connection_struct *conn,
1338 const char *path_p,
1339 SMB_ACL_TYPE_T type)
1340 {
1341 SMB_ACL_T result;
1342
1343 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, conn, path_p, type);
1344
1345 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1346 "%s", path_p);
1347
1348 return result;
1349 }
1350
1351 static SMB_ACL_T audit_sys_acl_get_fd(vfs_handle_struct *handle,
1352 files_struct *fsp, int fd)
1353 {
1354 SMB_ACL_T result;
1355
1356 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, fd);
1357
1358 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1359 "%s", fsp->fsp_name);
1360
1361 return result;
1362 }
1363
1364 static int audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1365 connection_struct *conn,
1366 SMB_ACL_PERMSET_T permset)
1367 {
1368 int result;
1369
1370 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, conn, permset);
1371
1372 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1373 "");
1374
1375 return result;
1376 }
1377
1378 static int audit_sys_acl_add_perm(vfs_handle_struct *handle,
1379 connection_struct *conn,
1380 SMB_ACL_PERMSET_T permset,
1381 SMB_ACL_PERM_T perm)
1382 {
1383 int result;
1384
1385 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, conn, permset, perm);
1386
1387 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1388 "");
1389
1390 return result;
1391 }
1392
1393 static char * audit_sys_acl_to_text(vfs_handle_struct *handle,
1394 connection_struct *conn, SMB_ACL_T theacl,
1395 ssize_t *plen)
1396 {
1397 char * result;
1398
1399 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, conn, theacl, plen);
1400
1401 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1402 "");
1403
1404 return result;
1405 }
1406
1407 static SMB_ACL_T audit_sys_acl_init(vfs_handle_struct *handle,
1408 connection_struct *conn,
1409 int count)
1410 {
1411 SMB_ACL_T result;
1412
1413 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, conn, count);
1414
1415 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1416 "");
1417
1418 return result;
1419 }
1420
1421 static int audit_sys_acl_create_entry(vfs_handle_struct *handle,
1422 connection_struct *conn, SMB_ACL_T *pacl,
1423 SMB_ACL_ENTRY_T *pentry)
1424 {
1425 int result;
1426
1427 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, conn, pacl, pentry);
1428
1429 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1430 "");
1431
1432 return result;
1433 }
1434
1435 static int audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1436 connection_struct *conn,
1437 SMB_ACL_ENTRY_T entry,
1438 SMB_ACL_TAG_T tagtype)
1439 {
1440 int result;
1441
1442 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, conn, entry,
1443 tagtype);
1444
1445 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1446 "");
1447
1448 return result;
1449 }
1450
1451 static int audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1452 connection_struct *conn,
1453 SMB_ACL_ENTRY_T entry,
1454 void *qual)
1455 {
1456 int result;
1457
1458 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, conn, entry, qual);
1459
1460 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1461 "");
1462
1463 return result;
1464 }
1465
1466 static int audit_sys_acl_set_permset(vfs_handle_struct *handle,
1467 connection_struct *conn,
1468 SMB_ACL_ENTRY_T entry,
1469 SMB_ACL_PERMSET_T permset)
1470 {
1471 int result;
1472
1473 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, conn, entry, permset);
1474
1475 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1476 "");
1477
1478 return result;
1479 }
1480
1481 static int audit_sys_acl_valid(vfs_handle_struct *handle,
1482 connection_struct *conn,
1483 SMB_ACL_T theacl )
1484 {
1485 int result;
1486
1487 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, conn, theacl);
1488
1489 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1490 "");
1491
1492 return result;
1493 }
1494
1495 static int audit_sys_acl_set_file(vfs_handle_struct *handle,
1496 connection_struct *conn,
1497 const char *name, SMB_ACL_TYPE_T acltype,
1498 SMB_ACL_T theacl)
1499 {
1500 int result;
1501
1502 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, conn, name, acltype,
1503 theacl);
1504
1505 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1506 "%s", name);
1507
1508 return result;
1509 }
1510
1511 static int audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1512 int fd, SMB_ACL_T theacl)
1513 {
1514 int result;
1515
1516 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, fd, theacl);
1517
1518 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1519 "%s", fsp->fsp_name);
1520
1521 return result;
1522 }
1523
1524 static int audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1525 connection_struct *conn,
1526 const char *path)
1527 {
1528 int result;
1529
1530 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, conn, path);
1531
1532 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1533 "%s", path);
1534
1535 return result;
1536 }
1537
1538 static int audit_sys_acl_get_perm(vfs_handle_struct *handle,
1539 connection_struct *conn,
1540 SMB_ACL_PERMSET_T permset,
1541 SMB_ACL_PERM_T perm)
1542 {
1543 int result;
1544
1545 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, conn, permset, perm);
1546
1547 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1548 "");
1549
1550 return result;
1551 }
1552
1553 static int audit_sys_acl_free_text(vfs_handle_struct *handle,
1554 connection_struct *conn,
1555 char *text)
1556 {
1557 int result;
1558
1559 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, conn, text);
1560
1561 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1562 "");
1563
1564 return result;
1565 }
1566
1567 static int audit_sys_acl_free_acl(vfs_handle_struct *handle,
1568 connection_struct *conn,
1569 SMB_ACL_T posix_acl)
1570 {
1571 int result;
1572
1573 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, conn, posix_acl);
1574
1575 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1576 "");
1577
1578 return result;
1579 }
1580
1581 static int audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1582 connection_struct *conn,
1583 void *qualifier,
1584 SMB_ACL_TAG_T tagtype)
1585 {
1586 int result;
1587
1588 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, conn, qualifier,
1589 tagtype);
1590
1591 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1592 "");
1593
1594 return result;
1595 }
1596
1597 static ssize_t audit_getxattr(struct vfs_handle_struct *handle,
1598 struct connection_struct *conn, const char *path,
1599 const char *name, void *value, size_t size)
1600 {
1601 ssize_t result;
1602
1603 result = SMB_VFS_NEXT_GETXATTR(handle, conn, path, name, value, size);
1604
1605 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1606 "%s|%s", path, name);
1607
1608 return result;
1609 }
1610
1611 static ssize_t audit_lgetxattr(struct vfs_handle_struct *handle,
1612 struct connection_struct *conn,
1613 const char *path, const char *name,
1614 void *value, size_t size)
1615 {
1616 ssize_t result;
1617
1618 result = SMB_VFS_NEXT_LGETXATTR(handle, conn, path, name, value, size);
1619
1620 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1621 "%s|%s", path, name);
1622
1623 return result;
1624 }
1625
1626 static ssize_t audit_fgetxattr(struct vfs_handle_struct *handle,
1627 struct files_struct *fsp, int fd,
1628 const char *name, void *value, size_t size)
1629 {
1630 ssize_t result;
1631
1632 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, fd, name, value, size);
1633
1634 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1635 "%s|%s", fsp->fsp_name, name);
1636
1637 return result;
1638 }
1639
1640 static ssize_t audit_listxattr(struct vfs_handle_struct *handle,
1641 struct connection_struct *conn,
1642 const char *path, char *list, size_t size)
1643 {
1644 ssize_t result;
1645
1646 result = SMB_VFS_NEXT_LISTXATTR(handle, conn, path, list, size);
1647
1648 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1649
1650 return result;
1651 }
1652
1653 static ssize_t audit_llistxattr(struct vfs_handle_struct *handle,
1654 struct connection_struct *conn,
1655 const char *path, char *list, size_t size)
1656 {
1657 ssize_t result;
1658
1659 result = SMB_VFS_NEXT_LLISTXATTR(handle, conn, path, list, size);
1660
1661 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1662
1663 return result;
1664 }
1665
1666 static ssize_t audit_flistxattr(struct vfs_handle_struct *handle,
1667 struct files_struct *fsp, int fd, char *list,
1668 size_t size)
1669 {
1670 ssize_t result;
1671
1672 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, fd, list, size);
1673
1674 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1675 "%s", fsp->fsp_name);
1676
1677 return result;
1678 }
1679
1680 static int audit_removexattr(struct vfs_handle_struct *handle,
1681 struct connection_struct *conn, const char *path,
1682 const char *name)
1683 {
1684 int result;
1685
1686 result = SMB_VFS_NEXT_REMOVEXATTR(handle, conn, path, name);
1687
1688 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
1689 "%s|%s", path, name);
1690
1691 return result;
1692 }
1693
1694 static int audit_lremovexattr(struct vfs_handle_struct *handle,
1695 struct connection_struct *conn, const char *path,
1696 const char *name)
1697 {
1698 int result;
1699
1700 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, conn, path, name);
1701
1702 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
1703 "%s|%s", path, name);
1704
1705 return result;
1706 }
1707
1708 static int audit_fremovexattr(struct vfs_handle_struct *handle,
1709 struct files_struct *fsp, int fd,
1710 const char *name)
1711 {
1712 int result;
1713
1714 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, fd, name);
1715
1716 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
1717 "%s|%s", fsp->fsp_name, name);
1718
1719 return result;
1720 }
1721
1722 static int audit_setxattr(struct vfs_handle_struct *handle,
1723 struct connection_struct *conn, const char *path,
1724 const char *name, const void *value, size_t size,
1725 int flags)
1726 {
1727 int result;
1728
1729 result = SMB_VFS_NEXT_SETXATTR(handle, conn, path, name, value, size,
1730 flags);
1731
1732 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
1733 "%s|%s", path, name);
1734
1735 return result;
1736 }
1737
1738 static int audit_lsetxattr(struct vfs_handle_struct *handle,
1739 struct connection_struct *conn, const char *path,
1740 const char *name, const void *value, size_t size,
1741 int flags)
1742 {
1743 int result;
1744
1745 result = SMB_VFS_NEXT_LSETXATTR(handle, conn, path, name, value, size,
1746 flags);
1747
1748 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
1749 "%s|%s", path, name);
1750
1751 return result;
1752 }
1753
1754 static int audit_fsetxattr(struct vfs_handle_struct *handle,
1755 struct files_struct *fsp, int fd, const char *name,
1756 const void *value, size_t size, int flags)
1757 {
1758 int result;
1759
1760 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, fd, name, value, size,
1761 flags);
1762
1763 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
1764 "%s|%s", fsp->fsp_name, name);
1765
1766 return result;
1767 }
1768
1769 NTSTATUS vfs_full_audit_init(void)
1770 {
1771 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
1772 "full_audit", audit_op_tuples);
1773
1774 if (!NT_STATUS_IS_OK(ret))
1775 return ret;
1776
1777 vfs_full_audit_debug_level = debug_add_class("full_audit");
1778 if (vfs_full_audit_debug_level == -1) {
1779 vfs_full_audit_debug_level = DBGC_VFS;
1780 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
1781 "class!\n"));
1782 } else {
1783 DEBUG(10, ("vfs_full_audit: Debug class number of "
1784 "'full_audit': %d\n", vfs_full_audit_debug_level));
1785 }
1786
1787 return ret;
1788 }
1789
reg import