search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r404: Revert the change 378 to vfs_extd_audit.c, the parseable auditing
[Samba/gebeck_regimport.git] / source3 / modules / vfs_full_audit.c
blob2371c406364f090b24bacd1f45e2d8666bcf5e50
1 /*
2 * Auditing VFS module for samba. Log selected file operations to syslog
3 * facility.
4 *
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 */
25
26
27 #include "includes.h"
28
29 extern struct current_user current_user;
30
31 static int vfs_full_audit_debug_level = DBGC_VFS;
32
33 #undef DBGC_CLASS
34 #define DBGC_CLASS vfs_full_audit_debug_level
35
36 /* Function prototypes */
37
38 static int audit_connect(vfs_handle_struct *handle, connection_struct *conn,
39 const char *svc, const char *user);
40 static void audit_disconnect(vfs_handle_struct *handle,
41 connection_struct *conn);
42 static SMB_BIG_UINT audit_disk_free(vfs_handle_struct *handle,
43 connection_struct *conn, const char *path,
44 BOOL small_query, SMB_BIG_UINT *bsize,
45 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
46 static int audit_get_quota(struct vfs_handle_struct *handle,
47 struct connection_struct *conn,
48 enum SMB_QUOTA_TYPE qtype, unid_t id,
49 SMB_DISK_QUOTA *qt);
50 static int audit_set_quota(struct vfs_handle_struct *handle,
51 struct connection_struct *conn,
52 enum SMB_QUOTA_TYPE qtype, unid_t id,
53 SMB_DISK_QUOTA *qt);
54 static DIR *audit_opendir(vfs_handle_struct *handle, connection_struct *conn,
55 const char *fname);
56 static struct dirent *audit_readdir(vfs_handle_struct *handle,
57 connection_struct *conn, DIR *dirp);
58 static int audit_mkdir(vfs_handle_struct *handle, connection_struct *conn,
59 const char *path, mode_t mode);
60 static int audit_rmdir(vfs_handle_struct *handle, connection_struct *conn,
61 const char *path);
62 static int audit_closedir(vfs_handle_struct *handle, connection_struct *conn,
63 DIR *dirp);
64 static int audit_open(vfs_handle_struct *handle, connection_struct *conn,
65 const char *fname, int flags, mode_t mode);
66 static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
67 static ssize_t audit_read(vfs_handle_struct *handle, files_struct *fsp,
68 int fd, void *data, size_t n);
69 static ssize_t audit_pread(vfs_handle_struct *handle, files_struct *fsp,
70 int fd, void *data, size_t n, SMB_OFF_T offset);
71 static ssize_t audit_write(vfs_handle_struct *handle, files_struct *fsp,
72 int fd, const void *data, size_t n);
73 static ssize_t audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
74 int fd, const void *data, size_t n,
75 SMB_OFF_T offset);
76 static SMB_OFF_T audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
77 int filedes, SMB_OFF_T offset, int whence);
78 static ssize_t audit_sendfile(vfs_handle_struct *handle, int tofd,
79 files_struct *fsp, int fromfd,
80 const DATA_BLOB *hdr, SMB_OFF_T offset,
81 size_t n);
82 static int audit_rename(vfs_handle_struct *handle, connection_struct *conn,
83 const char *old, const char *new);
84 static int audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd);
85 static int audit_stat(vfs_handle_struct *handle, connection_struct *conn,
86 const char *fname, SMB_STRUCT_STAT *sbuf);
87 static int audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
88 SMB_STRUCT_STAT *sbuf);
89 static int audit_lstat(vfs_handle_struct *handle, connection_struct *conn,
90 const char *path, SMB_STRUCT_STAT *sbuf);
91 static int audit_unlink(vfs_handle_struct *handle, connection_struct *conn,
92 const char *path);
93 static int audit_chmod(vfs_handle_struct *handle, connection_struct *conn,
94 const char *path, mode_t mode);
95 static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
96 mode_t mode);
97 static int audit_chown(vfs_handle_struct *handle, connection_struct *conn,
98 const char *path, uid_t uid, gid_t gid);
99 static int audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
100 uid_t uid, gid_t gid);
101 static int audit_chdir(vfs_handle_struct *handle, connection_struct *conn,
102 const char *path);
103 static char *audit_getwd(vfs_handle_struct *handle, connection_struct *conn,
104 char *path);
105 static int audit_utime(vfs_handle_struct *handle, connection_struct *conn,
106 const char *path, struct utimbuf *times);
107 static int audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
108 int fd, SMB_OFF_T len);
109 static BOOL audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
110 int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
111 static int audit_symlink(vfs_handle_struct *handle, connection_struct *conn,
112 const char *oldpath, const char *newpath);
113 static int audit_readlink(vfs_handle_struct *handle, connection_struct *conn,
114 const char *path, char *buf, size_t bufsiz);
115 static int audit_link(vfs_handle_struct *handle, connection_struct *conn,
116 const char *oldpath, const char *newpath);
117 static int audit_mknod(vfs_handle_struct *handle, connection_struct *conn,
118 const char *pathname, mode_t mode, SMB_DEV_T dev);
119 static char *audit_realpath(vfs_handle_struct *handle, connection_struct *conn,
120 const char *path, char *resolved_path);
121 static size_t audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
122 int fd, uint32 security_info,
123 SEC_DESC **ppdesc);
124 static size_t audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
125 const char *name, uint32 security_info,
126 SEC_DESC **ppdesc);
127 static BOOL audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
128 int fd, uint32 security_info_sent,
129 SEC_DESC *psd);
130 static BOOL audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
131 const char *name, uint32 security_info_sent,
132 SEC_DESC *psd);
133 static int audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn,
134 const char *path, mode_t mode);
135 static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
136 int fd, mode_t mode);
137 static int audit_sys_acl_get_entry(vfs_handle_struct *handle,
138 connection_struct *conn,
139 SMB_ACL_T theacl, int entry_id,
140 SMB_ACL_ENTRY_T *entry_p);
141 static int audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
142 connection_struct *conn,
143 SMB_ACL_ENTRY_T entry_d,
144 SMB_ACL_TAG_T *tag_type_p);
145 static int audit_sys_acl_get_permset(vfs_handle_struct *handle,
146 connection_struct *conn,
147 SMB_ACL_ENTRY_T entry_d,
148 SMB_ACL_PERMSET_T *permset_p);
149 static void * audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
150 connection_struct *conn,
151 SMB_ACL_ENTRY_T entry_d);
152 static SMB_ACL_T audit_sys_acl_get_file(vfs_handle_struct *handle,
153 connection_struct *conn,
154 const char *path_p,
155 SMB_ACL_TYPE_T type);
156 static SMB_ACL_T audit_sys_acl_get_fd(vfs_handle_struct *handle,
157 files_struct *fsp,
158 int fd);
159 static int audit_sys_acl_clear_perms(vfs_handle_struct *handle,
160 connection_struct *conn,
161 SMB_ACL_PERMSET_T permset);
162 static int audit_sys_acl_add_perm(vfs_handle_struct *handle,
163 connection_struct *conn,
164 SMB_ACL_PERMSET_T permset,
165 SMB_ACL_PERM_T perm);
166 static char * audit_sys_acl_to_text(vfs_handle_struct *handle,
167 connection_struct *conn, SMB_ACL_T theacl,
168 ssize_t *plen);
169 static SMB_ACL_T audit_sys_acl_init(vfs_handle_struct *handle,
170 connection_struct *conn,
171 int count);
172 static int audit_sys_acl_create_entry(vfs_handle_struct *handle,
173 connection_struct *conn, SMB_ACL_T *pacl,
174 SMB_ACL_ENTRY_T *pentry);
175 static int audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
176 connection_struct *conn,
177 SMB_ACL_ENTRY_T entry,
178 SMB_ACL_TAG_T tagtype);
179 static int audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
180 connection_struct *conn,
181 SMB_ACL_ENTRY_T entry,
182 void *qual);
183 static int audit_sys_acl_set_permset(vfs_handle_struct *handle,
184 connection_struct *conn,
185 SMB_ACL_ENTRY_T entry,
186 SMB_ACL_PERMSET_T permset);
187 static int audit_sys_acl_valid(vfs_handle_struct *handle,
188 connection_struct *conn,
189 SMB_ACL_T theacl );
190 static int audit_sys_acl_set_file(vfs_handle_struct *handle,
191 connection_struct *conn,
192 const char *name, SMB_ACL_TYPE_T acltype,
193 SMB_ACL_T theacl);
194 static int audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
195 int fd, SMB_ACL_T theacl);
196 static int audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
197 connection_struct *conn,
198 const char *path);
199 static int audit_sys_acl_get_perm(vfs_handle_struct *handle,
200 connection_struct *conn,
201 SMB_ACL_PERMSET_T permset,
202 SMB_ACL_PERM_T perm);
203 static int audit_sys_acl_free_text(vfs_handle_struct *handle,
204 connection_struct *conn,
205 char *text);
206 static int audit_sys_acl_free_acl(vfs_handle_struct *handle,
207 connection_struct *conn,
208 SMB_ACL_T posix_acl);
209 static int audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
210 connection_struct *conn,
211 void *qualifier,
212 SMB_ACL_TAG_T tagtype);
213 static ssize_t audit_getxattr(struct vfs_handle_struct *handle,
214 struct connection_struct *conn, const char *path,
215 const char *name, void *value, size_t size);
216 static ssize_t audit_lgetxattr(struct vfs_handle_struct *handle,
217 struct connection_struct *conn,
218 const char *path, const char *name,
219 void *value, size_t size);
220 static ssize_t audit_fgetxattr(struct vfs_handle_struct *handle,
221 struct files_struct *fsp, int fd,
222 const char *name, void *value, size_t size);
223 static ssize_t audit_listxattr(struct vfs_handle_struct *handle,
224 struct connection_struct *conn,
225 const char *path, char *list, size_t size);
226 static ssize_t audit_llistxattr(struct vfs_handle_struct *handle,
227 struct connection_struct *conn,
228 const char *path, char *list, size_t size);
229 static ssize_t audit_flistxattr(struct vfs_handle_struct *handle,
230 struct files_struct *fsp, int fd, char *list,
231 size_t size);
232 static int audit_removexattr(struct vfs_handle_struct *handle,
233 struct connection_struct *conn, const char *path,
234 const char *name);
235 static int audit_lremovexattr(struct vfs_handle_struct *handle,
236 struct connection_struct *conn, const char *path,
237 const char *name);
238 static int audit_fremovexattr(struct vfs_handle_struct *handle,
239 struct files_struct *fsp, int fd,
240 const char *name);
241 static int audit_setxattr(struct vfs_handle_struct *handle,
242 struct connection_struct *conn, const char *path,
243 const char *name, const void *value, size_t size,
244 int flags);
245 static int audit_lsetxattr(struct vfs_handle_struct *handle,
246 struct connection_struct *conn, const char *path,
247 const char *name, const void *value, size_t size,
248 int flags);
249 static int audit_fsetxattr(struct vfs_handle_struct *handle,
250 struct files_struct *fsp, int fd, const char *name,
251 const void *value, size_t size, int flags);
252
253 /* VFS operations */
254
255 static vfs_op_tuple audit_op_tuples[] = {
256
257 /* Disk operations */
258
259 {SMB_VFS_OP(audit_connect), SMB_VFS_OP_CONNECT,
260 SMB_VFS_LAYER_LOGGER},
261 {SMB_VFS_OP(audit_disconnect), SMB_VFS_OP_DISCONNECT,
262 SMB_VFS_LAYER_LOGGER},
263 {SMB_VFS_OP(audit_disk_free), SMB_VFS_OP_DISK_FREE,
264 SMB_VFS_LAYER_LOGGER},
265 {SMB_VFS_OP(audit_get_quota), SMB_VFS_OP_GET_QUOTA,
266 SMB_VFS_LAYER_LOGGER},
267 {SMB_VFS_OP(audit_set_quota), SMB_VFS_OP_SET_QUOTA,
268 SMB_VFS_LAYER_LOGGER},
269
270 /* Directory operations */
271
272 {SMB_VFS_OP(audit_opendir), SMB_VFS_OP_OPENDIR,
273 SMB_VFS_LAYER_LOGGER},
274 {SMB_VFS_OP(audit_readdir), SMB_VFS_OP_READDIR,
275 SMB_VFS_LAYER_LOGGER},
276 {SMB_VFS_OP(audit_mkdir), SMB_VFS_OP_MKDIR,
277 SMB_VFS_LAYER_LOGGER},
278 {SMB_VFS_OP(audit_rmdir), SMB_VFS_OP_RMDIR,
279 SMB_VFS_LAYER_LOGGER},
280 {SMB_VFS_OP(audit_closedir), SMB_VFS_OP_CLOSEDIR,
281 SMB_VFS_LAYER_LOGGER},
282
283 /* File operations */
284
285 {SMB_VFS_OP(audit_open), SMB_VFS_OP_OPEN,
286 SMB_VFS_LAYER_LOGGER},
287 {SMB_VFS_OP(audit_close), SMB_VFS_OP_CLOSE,
288 SMB_VFS_LAYER_LOGGER},
289 {SMB_VFS_OP(audit_read), SMB_VFS_OP_READ,
290 SMB_VFS_LAYER_LOGGER},
291 {SMB_VFS_OP(audit_pread), SMB_VFS_OP_PREAD,
292 SMB_VFS_LAYER_LOGGER},
293 {SMB_VFS_OP(audit_write), SMB_VFS_OP_WRITE,
294 SMB_VFS_LAYER_LOGGER},
295 {SMB_VFS_OP(audit_pwrite), SMB_VFS_OP_PWRITE,
296 SMB_VFS_LAYER_LOGGER},
297 {SMB_VFS_OP(audit_lseek), SMB_VFS_OP_LSEEK,
298 SMB_VFS_LAYER_LOGGER},
299 {SMB_VFS_OP(audit_sendfile), SMB_VFS_OP_SENDFILE,
300 SMB_VFS_LAYER_LOGGER},
301 {SMB_VFS_OP(audit_rename), SMB_VFS_OP_RENAME,
302 SMB_VFS_LAYER_LOGGER},
303 {SMB_VFS_OP(audit_fsync), SMB_VFS_OP_FSYNC,
304 SMB_VFS_LAYER_LOGGER},
305 {SMB_VFS_OP(audit_stat), SMB_VFS_OP_STAT,
306 SMB_VFS_LAYER_LOGGER},
307 {SMB_VFS_OP(audit_fstat), SMB_VFS_OP_FSTAT,
308 SMB_VFS_LAYER_LOGGER},
309 {SMB_VFS_OP(audit_lstat), SMB_VFS_OP_LSTAT,
310 SMB_VFS_LAYER_LOGGER},
311 {SMB_VFS_OP(audit_unlink), SMB_VFS_OP_UNLINK,
312 SMB_VFS_LAYER_LOGGER},
313 {SMB_VFS_OP(audit_chmod), SMB_VFS_OP_CHMOD,
314 SMB_VFS_LAYER_LOGGER},
315 {SMB_VFS_OP(audit_fchmod), SMB_VFS_OP_FCHMOD,
316 SMB_VFS_LAYER_LOGGER},
317 {SMB_VFS_OP(audit_chown), SMB_VFS_OP_CHOWN,
318 SMB_VFS_LAYER_LOGGER},
319 {SMB_VFS_OP(audit_fchown), SMB_VFS_OP_FCHOWN,
320 SMB_VFS_LAYER_LOGGER},
321 {SMB_VFS_OP(audit_chdir), SMB_VFS_OP_CHDIR,
322 SMB_VFS_LAYER_LOGGER},
323 {SMB_VFS_OP(audit_getwd), SMB_VFS_OP_GETWD,
324 SMB_VFS_LAYER_LOGGER},
325 {SMB_VFS_OP(audit_utime), SMB_VFS_OP_UTIME,
326 SMB_VFS_LAYER_LOGGER},
327 {SMB_VFS_OP(audit_ftruncate), SMB_VFS_OP_FTRUNCATE,
328 SMB_VFS_LAYER_LOGGER},
329 {SMB_VFS_OP(audit_lock), SMB_VFS_OP_LOCK,
330 SMB_VFS_LAYER_LOGGER},
331 {SMB_VFS_OP(audit_symlink), SMB_VFS_OP_SYMLINK,
332 SMB_VFS_LAYER_LOGGER},
333 {SMB_VFS_OP(audit_readlink), SMB_VFS_OP_READLINK,
334 SMB_VFS_LAYER_LOGGER},
335 {SMB_VFS_OP(audit_link), SMB_VFS_OP_LINK,
336 SMB_VFS_LAYER_LOGGER},
337 {SMB_VFS_OP(audit_mknod), SMB_VFS_OP_MKNOD,
338 SMB_VFS_LAYER_LOGGER},
339 {SMB_VFS_OP(audit_realpath), SMB_VFS_OP_REALPATH,
340 SMB_VFS_LAYER_LOGGER},
341
342 /* NT ACL operations. */
343
344 {SMB_VFS_OP(audit_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
345 SMB_VFS_LAYER_LOGGER},
346 {SMB_VFS_OP(audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
347 SMB_VFS_LAYER_LOGGER},
348 {SMB_VFS_OP(audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
349 SMB_VFS_LAYER_LOGGER},
350 {SMB_VFS_OP(audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
351 SMB_VFS_LAYER_LOGGER},
352
353 /* POSIX ACL operations. */
354
355 {SMB_VFS_OP(audit_chmod_acl), SMB_VFS_OP_CHMOD,
356 SMB_VFS_LAYER_LOGGER},
357 {SMB_VFS_OP(audit_fchmod_acl), SMB_VFS_OP_FCHMOD,
358 SMB_VFS_LAYER_LOGGER},
359 {SMB_VFS_OP(audit_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY,
360 SMB_VFS_LAYER_LOGGER},
361 {SMB_VFS_OP(audit_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
362 SMB_VFS_LAYER_LOGGER},
363 {SMB_VFS_OP(audit_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET,
364 SMB_VFS_LAYER_LOGGER},
365 {SMB_VFS_OP(audit_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
366 SMB_VFS_LAYER_LOGGER},
367 {SMB_VFS_OP(audit_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
368 SMB_VFS_LAYER_LOGGER},
369 {SMB_VFS_OP(audit_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
370 SMB_VFS_LAYER_LOGGER},
371 {SMB_VFS_OP(audit_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
372 SMB_VFS_LAYER_LOGGER},
373 {SMB_VFS_OP(audit_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM,
374 SMB_VFS_LAYER_LOGGER},
375 {SMB_VFS_OP(audit_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT,
376 SMB_VFS_LAYER_LOGGER},
377 {SMB_VFS_OP(audit_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT,
378 SMB_VFS_LAYER_LOGGER},
379 {SMB_VFS_OP(audit_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
380 SMB_VFS_LAYER_LOGGER},
381 {SMB_VFS_OP(audit_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
382 SMB_VFS_LAYER_LOGGER},
383 {SMB_VFS_OP(audit_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
384 SMB_VFS_LAYER_LOGGER},
385 {SMB_VFS_OP(audit_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET,
386 SMB_VFS_LAYER_LOGGER},
387 {SMB_VFS_OP(audit_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID,
388 SMB_VFS_LAYER_LOGGER},
389 {SMB_VFS_OP(audit_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
390 SMB_VFS_LAYER_LOGGER},
391 {SMB_VFS_OP(audit_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
392 SMB_VFS_LAYER_LOGGER},
393 {SMB_VFS_OP(audit_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
394 SMB_VFS_LAYER_LOGGER},
395 {SMB_VFS_OP(audit_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM,
396 SMB_VFS_LAYER_LOGGER},
397 {SMB_VFS_OP(audit_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT,
398 SMB_VFS_LAYER_LOGGER},
399 {SMB_VFS_OP(audit_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL,
400 SMB_VFS_LAYER_LOGGER},
401 {SMB_VFS_OP(audit_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
402 SMB_VFS_LAYER_LOGGER},
403
404 /* EA operations. */
405
406 {SMB_VFS_OP(audit_getxattr), SMB_VFS_OP_GETXATTR,
407 SMB_VFS_LAYER_LOGGER},
408 {SMB_VFS_OP(audit_lgetxattr), SMB_VFS_OP_LGETXATTR,
409 SMB_VFS_LAYER_LOGGER},
410 {SMB_VFS_OP(audit_fgetxattr), SMB_VFS_OP_FGETXATTR,
411 SMB_VFS_LAYER_LOGGER},
412 {SMB_VFS_OP(audit_listxattr), SMB_VFS_OP_LISTXATTR,
413 SMB_VFS_LAYER_LOGGER},
414 {SMB_VFS_OP(audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
415 SMB_VFS_LAYER_LOGGER},
416 {SMB_VFS_OP(audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
417 SMB_VFS_LAYER_LOGGER},
418 {SMB_VFS_OP(audit_removexattr), SMB_VFS_OP_REMOVEXATTR,
419 SMB_VFS_LAYER_LOGGER},
420 {SMB_VFS_OP(audit_lremovexattr), SMB_VFS_OP_LREMOVEXATTR,
421 SMB_VFS_LAYER_LOGGER},
422 {SMB_VFS_OP(audit_fremovexattr), SMB_VFS_OP_FREMOVEXATTR,
423 SMB_VFS_LAYER_LOGGER},
424 {SMB_VFS_OP(audit_setxattr), SMB_VFS_OP_SETXATTR,
425 SMB_VFS_LAYER_LOGGER},
426 {SMB_VFS_OP(audit_lsetxattr), SMB_VFS_OP_LSETXATTR,
427 SMB_VFS_LAYER_LOGGER},
428 {SMB_VFS_OP(audit_fsetxattr), SMB_VFS_OP_FSETXATTR,
429 SMB_VFS_LAYER_LOGGER},
430
431 /* Finish VFS operations definition */
432
433 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP,
434 SMB_VFS_LAYER_NOOP}
435 };
436
437 /* The following array *must* be in the same order as defined in vfs.h */
438
439 static struct {
440 vfs_op_type type;
441 const char *name;
442 } vfs_op_names[] = {
443 { SMB_VFS_OP_CONNECT, "connect" },
444 { SMB_VFS_OP_DISCONNECT, "disconnect" },
445 { SMB_VFS_OP_DISK_FREE, "disk_free" },
446 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
447 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
448 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
449 { SMB_VFS_OP_OPENDIR, "opendir" },
450 { SMB_VFS_OP_READDIR, "readdir" },
451 { SMB_VFS_OP_MKDIR, "mkdir" },
452 { SMB_VFS_OP_RMDIR, "rmdir" },
453 { SMB_VFS_OP_CLOSEDIR, "closedir" },
454 { SMB_VFS_OP_OPEN, "open" },
455 { SMB_VFS_OP_CLOSE, "close" },
456 { SMB_VFS_OP_READ, "read" },
457 { SMB_VFS_OP_PREAD, "pread" },
458 { SMB_VFS_OP_WRITE, "write" },
459 { SMB_VFS_OP_PWRITE, "pwrite" },
460 { SMB_VFS_OP_LSEEK, "lseek" },
461 { SMB_VFS_OP_SENDFILE, "sendfile" },
462 { SMB_VFS_OP_RENAME, "rename" },
463 { SMB_VFS_OP_FSYNC, "fsync" },
464 { SMB_VFS_OP_STAT, "stat" },
465 { SMB_VFS_OP_FSTAT, "fstat" },
466 { SMB_VFS_OP_LSTAT, "lstat" },
467 { SMB_VFS_OP_UNLINK, "unlink" },
468 { SMB_VFS_OP_CHMOD, "chmod" },
469 { SMB_VFS_OP_FCHMOD, "fchmod" },
470 { SMB_VFS_OP_CHOWN, "chown" },
471 { SMB_VFS_OP_FCHOWN, "fchown" },
472 { SMB_VFS_OP_CHDIR, "chdir" },
473 { SMB_VFS_OP_GETWD, "getwd" },
474 { SMB_VFS_OP_UTIME, "utime" },
475 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
476 { SMB_VFS_OP_LOCK, "lock" },
477 { SMB_VFS_OP_SYMLINK, "symlink" },
478 { SMB_VFS_OP_READLINK, "readlink" },
479 { SMB_VFS_OP_LINK, "link" },
480 { SMB_VFS_OP_MKNOD, "mknod" },
481 { SMB_VFS_OP_REALPATH, "realpath" },
482 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
483 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
484 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
485 { SMB_VFS_OP_SET_NT_ACL, "set_nt_acl" },
486 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
487 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
488 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
489 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
490 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
491 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
492 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
493 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
494 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
495 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
496 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
497 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
498 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
499 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
500 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
501 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
502 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
503 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
504 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
505 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
506 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
507 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
508 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
509 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
510 { SMB_VFS_OP_GETXATTR, "getxattr" },
511 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
512 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
513 { SMB_VFS_OP_LISTXATTR, "listxattr" },
514 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
515 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
516 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
517 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
518 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
519 { SMB_VFS_OP_SETXATTR, "setxattr" },
520 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
521 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
522 { SMB_VFS_OP_LAST, NULL }
523 };
524
525 static int audit_syslog_facility(vfs_handle_struct *handle)
526 {
527 /* fix me: let this be configurable by:
528 * lp_param_enum(SNUM(handle->conn),
529 * (handle->param?handle->param:"full_audit"),
530 * "syslog facility",
531 * audit_enum_facility,LOG_USER);
532 */
533 return LOG_USER;
534 }
535
536 static int audit_syslog_priority(vfs_handle_struct *handle)
537 {
538 /* fix me: let this be configurable by:
539 * lp_param_enum(SNUM(handle->conn),
540 * (handle->param?handle->param:"full_audit"),
541 * "syslog priority",
542 * audit_enum_priority,LOG_NOTICE);
543 */
544 return LOG_NOTICE;
545 }
546
547 static char *audit_prefix(connection_struct *conn)
548 {
549 static pstring prefix;
550
551 pstrcpy(prefix, lp_parm_const_string(SNUM(conn), "full_audit",
552 "prefix", "%u|%I"));
553 standard_sub_snum(SNUM(conn), prefix, sizeof(prefix)-1);
554 return prefix;
555 }
556
557 static struct bitmap *success_ops = NULL;
558
559 static BOOL log_success(vfs_op_type op)
560 {
561 if (success_ops == NULL)
562 return True;
563
564 return bitmap_query(success_ops, op);
565 }
566
567 static struct bitmap *failure_ops = NULL;
568
569 static BOOL log_failure(vfs_op_type op)
570 {
571 if (failure_ops == NULL)
572 return True;
573
574 return bitmap_query(failure_ops, op);
575 }
576
577 static void init_bitmap(struct bitmap **bm, const char **ops)
578 {
579 BOOL log_all = False;
580
581 if (*bm != NULL)
582 return;
583
584 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
585
586 if (*bm == NULL) {
587 DEBUG(0, ("Could not alloc bitmap -- "
588 "defaulting to logging everything\n"));
589 return;
590 }
591
592 while (*ops != NULL) {
593 int i;
594 BOOL found = False;
595
596 if (strequal(*ops, "all")) {
597 log_all = True;
598 break;
599 }
600
601 for (i=0; i<SMB_VFS_OP_LAST; i++) {
602 if (strequal(*ops, vfs_op_names[i].name)) {
603 bitmap_set(*bm, i);
604 found = True;
605 }
606 }
607 if (!found) {
608 DEBUG(0, ("Could not find opname %s, logging all\n",
609 *ops));
610 log_all = True;
611 break;
612 }
613 ops += 1;
614 }
615
616 if (log_all) {
617 /* The query functions default to True */
618 bitmap_free(*bm);
619 *bm = NULL;
620 }
621 }
622
623 static const char *audit_opname(vfs_op_type op)
624 {
625 if (op >= SMB_VFS_OP_LAST)
626 return "INVALID VFS OP";
627 return vfs_op_names[op].name;
628 }
629
630 static void do_log(vfs_op_type op, BOOL success, vfs_handle_struct *handle,
631 const char *format, ...)
632 {
633 fstring err_msg;
634 pstring op_msg;
635 va_list ap;
636
637 if (success && (!log_success(op)))
638 return;
639
640 if (!success && (!log_failure(op)))
641 return;
642
643 if (success)
644 fstrcpy(err_msg, "ok");
645 else
646 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
647
648 va_start(ap, format);
649 vsnprintf(op_msg, sizeof(op_msg), format, ap);
650 va_end(ap);
651
652 syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
653 audit_prefix(handle->conn), audit_opname(op), err_msg, op_msg);
654
655 return;
656 }
657
658 /* Implementation of vfs_ops. Pass everything on to the default
659 operation but log event first. */
660
661 static int audit_connect(vfs_handle_struct *handle, connection_struct *conn,
662 const char *svc, const char *user)
663 {
664 int result;
665 const char *none[] = { NULL };
666 const char *all [] = { "all" };
667
668 openlog("smbd_audit", 0, audit_syslog_facility(handle));
669
670 init_bitmap(&success_ops,
671 lp_parm_string_list(SNUM(conn), "full_audit", "success",
672 none));
673 init_bitmap(&failure_ops,
674 lp_parm_string_list(SNUM(conn), "full_audit", "failure",
675 all));
676
677 result = SMB_VFS_NEXT_CONNECT(handle, conn, svc, user);
678
679 do_log(SMB_VFS_OP_CONNECT, True, handle,
680 "%s", svc);
681
682 return result;
683 }
684
685 static void audit_disconnect(vfs_handle_struct *handle,
686 connection_struct *conn)
687 {
688 SMB_VFS_NEXT_DISCONNECT(handle, conn);
689
690 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
691 "%s", lp_servicename(SNUM(conn)));
692
693 bitmap_free(success_ops);
694 success_ops = NULL;
695
696 bitmap_free(failure_ops);
697 failure_ops = NULL;
698
699 return;
700 }
701
702 static SMB_BIG_UINT audit_disk_free(vfs_handle_struct *handle,
703 connection_struct *conn, const char *path,
704 BOOL small_query, SMB_BIG_UINT *bsize,
705 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
706 {
707 SMB_BIG_UINT result;
708
709 result = SMB_VFS_NEXT_DISK_FREE(handle, conn, path, small_query, bsize,
710 dfree, dsize);
711
712 /* Don't have a reasonable notion of failure here */
713
714 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
715
716 return result;
717 }
718
719 static int audit_get_quota(struct vfs_handle_struct *handle,
720 struct connection_struct *conn,
721 enum SMB_QUOTA_TYPE qtype, unid_t id,
722 SMB_DISK_QUOTA *qt)
723 {
724 int result;
725
726 result = SMB_VFS_NEXT_GET_QUOTA(handle, conn, qtype, id, qt);
727
728 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
729
730 return result;
731 }
732
733
734 static int audit_set_quota(struct vfs_handle_struct *handle,
735 struct connection_struct *conn,
736 enum SMB_QUOTA_TYPE qtype, unid_t id,
737 SMB_DISK_QUOTA *qt)
738 {
739 int result;
740
741 result = SMB_VFS_NEXT_SET_QUOTA(handle, conn, qtype, id, qt);
742
743 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
744
745 return result;
746 }
747
748 static DIR *audit_opendir(vfs_handle_struct *handle, connection_struct *conn,
749 const char *fname)
750 {
751 DIR *result;
752
753 result = SMB_VFS_NEXT_OPENDIR(handle, conn, fname);
754
755 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
756
757 return result;
758 }
759
760 static struct dirent *audit_readdir(vfs_handle_struct *handle,
761 connection_struct *conn, DIR *dirp)
762 {
763 struct dirent *result;
764
765 result = SMB_VFS_NEXT_READDIR(handle, conn, dirp);
766
767 /* This operation has no reasonable error condition
768 * (End of dir is also failure), so always succeed.
769 */
770 do_log(SMB_VFS_OP_READDIR, True, handle, "");
771
772 return result;
773 }
774
775 static int audit_mkdir(vfs_handle_struct *handle, connection_struct *conn,
776 const char *path, mode_t mode)
777 {
778 int result;
779
780 result = SMB_VFS_NEXT_MKDIR(handle, conn, path, mode);
781
782 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
783
784 return result;
785 }
786
787 static int audit_rmdir(vfs_handle_struct *handle, connection_struct *conn,
788 const char *path)
789 {
790 int result;
791
792 result = SMB_VFS_NEXT_RMDIR(handle, conn, path);
793
794 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
795
796 return result;
797 }
798
799 static int audit_closedir(vfs_handle_struct *handle, connection_struct *conn,
800 DIR *dirp)
801 {
802 int result;
803
804 result = SMB_VFS_NEXT_CLOSEDIR(handle, conn, dirp);
805
806 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
807
808 return result;
809 }
810
811 static int audit_open(vfs_handle_struct *handle, connection_struct *conn,
812 const char *fname, int flags, mode_t mode)
813 {
814 int result;
815
816 result = SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode);
817
818 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
819 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
820 fname);
821
822 return result;
823 }
824
825 static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
826 {
827 int result;
828
829 result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
830
831 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
832
833 return result;
834 }
835
836 static ssize_t audit_read(vfs_handle_struct *handle, files_struct *fsp,
837 int fd, void *data, size_t n)
838 {
839 ssize_t result;
840
841 result = SMB_VFS_NEXT_READ(handle, fsp, fd, data, n);
842
843 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
844
845 return result;
846 }
847
848 static ssize_t audit_pread(vfs_handle_struct *handle, files_struct *fsp,
849 int fd, void *data, size_t n, SMB_OFF_T offset)
850 {
851 ssize_t result;
852
853 result = SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, offset);
854
855 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
856
857 return result;
858 }
859
860 static ssize_t audit_write(vfs_handle_struct *handle, files_struct *fsp,
861 int fd, const void *data, size_t n)
862 {
863 ssize_t result;
864
865 result = SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n);
866
867 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
868
869 return result;
870 }
871
872 static ssize_t audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
873 int fd, const void *data, size_t n,
874 SMB_OFF_T offset)
875 {
876 ssize_t result;
877
878 result = SMB_VFS_NEXT_PWRITE(handle, fsp, fd, data, n, offset);
879
880 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
881
882 return result;
883 }
884
885 static SMB_OFF_T audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
886 int filedes, SMB_OFF_T offset, int whence)
887 {
888 ssize_t result;
889
890 result = SMB_VFS_NEXT_LSEEK(handle, fsp, filedes, offset, whence);
891
892 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
893 "%s", fsp->fsp_name);
894
895 return result;
896 }
897
898 static ssize_t audit_sendfile(vfs_handle_struct *handle, int tofd,
899 files_struct *fsp, int fromfd,
900 const DATA_BLOB *hdr, SMB_OFF_T offset,
901 size_t n)
902 {
903 ssize_t result;
904
905 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, hdr,
906 offset, n);
907
908 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
909 "%s", fsp->fsp_name);
910
911 return result;
912 }
913
914 static int audit_rename(vfs_handle_struct *handle, connection_struct *conn,
915 const char *old, const char *new)
916 {
917 int result;
918
919 result = SMB_VFS_NEXT_RENAME(handle, conn, old, new);
920
921 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", old, new);
922
923 return result;
924 }
925
926 static int audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd)
927 {
928 int result;
929
930 result = SMB_VFS_NEXT_FSYNC(handle, fsp, fd);
931
932 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
933
934 return result;
935 }
936
937 static int audit_stat(vfs_handle_struct *handle, connection_struct *conn,
938 const char *fname, SMB_STRUCT_STAT *sbuf)
939 {
940 int result;
941
942 result = SMB_VFS_NEXT_STAT(handle, conn, fname, sbuf);
943
944 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
945
946 return result;
947 }
948
949 static int audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
950 SMB_STRUCT_STAT *sbuf)
951 {
952 int result;
953
954 result = SMB_VFS_NEXT_FSTAT(handle, fsp, fd, sbuf);
955
956 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
957
958 return result;
959 }
960
961 static int audit_lstat(vfs_handle_struct *handle, connection_struct *conn,
962 const char *path, SMB_STRUCT_STAT *sbuf)
963 {
964 int result;
965
966 result = SMB_VFS_NEXT_LSTAT(handle, conn, path, sbuf);
967
968 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
969
970 return result;
971 }
972
973 static int audit_unlink(vfs_handle_struct *handle, connection_struct *conn,
974 const char *path)
975 {
976 int result;
977
978 result = SMB_VFS_NEXT_UNLINK(handle, conn, path);
979
980 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
981
982 return result;
983 }
984
985 static int audit_chmod(vfs_handle_struct *handle, connection_struct *conn,
986 const char *path, mode_t mode)
987 {
988 int result;
989
990 result = SMB_VFS_NEXT_CHMOD(handle, conn, path, mode);
991
992 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
993
994 return result;
995 }
996
997 static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
998 mode_t mode)
999 {
1000 int result;
1001
1002 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
1003
1004 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1005 "%s|%o", fsp->fsp_name, mode);
1006
1007 return result;
1008 }
1009
1010 static int audit_chown(vfs_handle_struct *handle, connection_struct *conn,
1011 const char *path, uid_t uid, gid_t gid)
1012 {
1013 int result;
1014
1015 result = SMB_VFS_NEXT_CHOWN(handle, conn, path, uid, gid);
1016
1017 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1018 path, (long int)uid, (long int)gid);
1019
1020 return result;
1021 }
1022
1023 static int audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
1024 uid_t uid, gid_t gid)
1025 {
1026 int result;
1027
1028 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, fd, uid, gid);
1029
1030 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1031 fsp->fsp_name, (long int)uid, (long int)gid);
1032
1033 return result;
1034 }
1035
1036 static int audit_chdir(vfs_handle_struct *handle, connection_struct *conn,
1037 const char *path)
1038 {
1039 int result;
1040
1041 result = SMB_VFS_NEXT_CHDIR(handle, conn, path);
1042
1043 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1044
1045 return result;
1046 }
1047
1048 static char *audit_getwd(vfs_handle_struct *handle, connection_struct *conn,
1049 char *path)
1050 {
1051 char *result;
1052
1053 result = SMB_VFS_NEXT_GETWD(handle, conn, path);
1054
1055 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1056
1057 return result;
1058 }
1059
1060 static int audit_utime(vfs_handle_struct *handle, connection_struct *conn,
1061 const char *path, struct utimbuf *times)
1062 {
1063 int result;
1064
1065 result = SMB_VFS_NEXT_UTIME(handle, conn, path, times);
1066
1067 do_log(SMB_VFS_OP_UTIME, (result >= 0), handle, "%s", path);
1068
1069 return result;
1070 }
1071
1072 static int audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1073 int fd, SMB_OFF_T len)
1074 {
1075 int result;
1076
1077 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, fd, len);
1078
1079 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1080 "%s", fsp->fsp_name);
1081
1082 return result;
1083 }
1084
1085 static BOOL audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
1086 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1087 {
1088 BOOL result;
1089
1090 result = SMB_VFS_NEXT_LOCK(handle, fsp, fd, op, offset, count, type);
1091
1092 do_log(SMB_VFS_OP_LOCK, (result >= 0), handle, "%s", fsp->fsp_name);
1093
1094 return result;
1095 }
1096
1097 static int audit_symlink(vfs_handle_struct *handle, connection_struct *conn,
1098 const char *oldpath, const char *newpath)
1099 {
1100 int result;
1101
1102 result = SMB_VFS_NEXT_SYMLINK(handle, conn, oldpath, newpath);
1103
1104 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1105 "%s|%s", oldpath, newpath);
1106
1107 return result;
1108 }
1109
1110 static int audit_readlink(vfs_handle_struct *handle, connection_struct *conn,
1111 const char *path, char *buf, size_t bufsiz)
1112 {
1113 int result;
1114
1115 result = SMB_VFS_NEXT_READLINK(handle, conn, path, buf, bufsiz);
1116
1117 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1118
1119 return result;
1120 }
1121
1122 static int audit_link(vfs_handle_struct *handle, connection_struct *conn,
1123 const char *oldpath, const char *newpath)
1124 {
1125 int result;
1126
1127 result = SMB_VFS_NEXT_LINK(handle, conn, oldpath, newpath);
1128
1129 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1130 "%s|%s", oldpath, newpath);
1131
1132 return result;
1133 }
1134
1135 static int audit_mknod(vfs_handle_struct *handle, connection_struct *conn,
1136 const char *pathname, mode_t mode, SMB_DEV_T dev)
1137 {
1138 int result;
1139
1140 result = SMB_VFS_NEXT_MKNOD(handle, conn, pathname, mode, dev);
1141
1142 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1143
1144 return result;
1145 }
1146
1147 static char *audit_realpath(vfs_handle_struct *handle, connection_struct *conn,
1148 const char *path, char *resolved_path)
1149 {
1150 char *result;
1151
1152 result = SMB_VFS_NEXT_REALPATH(handle, conn, path, resolved_path);
1153
1154 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1155
1156 return result;
1157 }
1158
1159 static size_t audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1160 int fd, uint32 security_info,
1161 SEC_DESC **ppdesc)
1162 {
1163 size_t result;
1164
1165 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info,
1166 ppdesc);
1167
1168 do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle,
1169 "%s", fsp->fsp_name);
1170
1171 return result;
1172 }
1173
1174 static size_t audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1175 const char *name, uint32 security_info,
1176 SEC_DESC **ppdesc)
1177 {
1178 size_t result;
1179
1180 result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
1181 ppdesc);
1182
1183 do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle,
1184 "%s", fsp->fsp_name);
1185
1186 return result;
1187 }
1188
1189 static BOOL audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1190 int fd, uint32 security_info_sent,
1191 SEC_DESC *psd)
1192 {
1193 BOOL result;
1194
1195 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent,
1196 psd);
1197
1198 do_log(SMB_VFS_OP_FSET_NT_ACL, result, handle, "%s", fsp->fsp_name);
1199
1200 return result;
1201 }
1202
1203 static BOOL audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1204 const char *name, uint32 security_info_sent,
1205 SEC_DESC *psd)
1206 {
1207 BOOL result;
1208
1209 result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
1210 psd);
1211
1212 do_log(SMB_VFS_OP_SET_NT_ACL, result, handle, "%s", fsp->fsp_name);
1213
1214 return result;
1215 }
1216
1217 static int audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn,
1218 const char *path, mode_t mode)
1219 {
1220 int result;
1221
1222 result = SMB_VFS_NEXT_CHMOD_ACL(handle, conn, path, mode);
1223
1224 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1225 "%s|%o", path, mode);
1226
1227 return result;
1228 }
1229
1230 static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1231 int fd, mode_t mode)
1232 {
1233 int result;
1234
1235 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);
1236
1237 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1238 "%s|%o", fsp->fsp_name, mode);
1239
1240 return result;
1241 }
1242
1243 static int audit_sys_acl_get_entry(vfs_handle_struct *handle,
1244 connection_struct *conn,
1245 SMB_ACL_T theacl, int entry_id,
1246 SMB_ACL_ENTRY_T *entry_p)
1247 {
1248 int result;
1249
1250 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, conn, theacl, entry_id,
1251 entry_p);
1252
1253 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1254 "");
1255
1256 return result;
1257 }
1258
1259 static int audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1260 connection_struct *conn,
1261 SMB_ACL_ENTRY_T entry_d,
1262 SMB_ACL_TAG_T *tag_type_p)
1263 {
1264 int result;
1265
1266 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, conn, entry_d,
1267 tag_type_p);
1268
1269 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1270 "");
1271
1272 return result;
1273 }
1274
1275 static int audit_sys_acl_get_permset(vfs_handle_struct *handle,
1276 connection_struct *conn,
1277 SMB_ACL_ENTRY_T entry_d,
1278 SMB_ACL_PERMSET_T *permset_p)
1279 {
1280 int result;
1281
1282 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, conn, entry_d,
1283 permset_p);
1284
1285 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1286 "");
1287
1288 return result;
1289 }
1290
1291 static void * audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1292 connection_struct *conn,
1293 SMB_ACL_ENTRY_T entry_d)
1294 {
1295 void *result;
1296
1297 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, conn, entry_d);
1298
1299 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1300 "");
1301
1302 return result;
1303 }
1304
1305 static SMB_ACL_T audit_sys_acl_get_file(vfs_handle_struct *handle,
1306 connection_struct *conn,
1307 const char *path_p,
1308 SMB_ACL_TYPE_T type)
1309 {
1310 SMB_ACL_T result;
1311
1312 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, conn, path_p, type);
1313
1314 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1315 "%s", path_p);
1316
1317 return result;
1318 }
1319
1320 static SMB_ACL_T audit_sys_acl_get_fd(vfs_handle_struct *handle,
1321 files_struct *fsp, int fd)
1322 {
1323 SMB_ACL_T result;
1324
1325 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, fd);
1326
1327 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1328 "%s", fsp->fsp_name);
1329
1330 return result;
1331 }
1332
1333 static int audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1334 connection_struct *conn,
1335 SMB_ACL_PERMSET_T permset)
1336 {
1337 int result;
1338
1339 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, conn, permset);
1340
1341 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1342 "");
1343
1344 return result;
1345 }
1346
1347 static int audit_sys_acl_add_perm(vfs_handle_struct *handle,
1348 connection_struct *conn,
1349 SMB_ACL_PERMSET_T permset,
1350 SMB_ACL_PERM_T perm)
1351 {
1352 int result;
1353
1354 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, conn, permset, perm);
1355
1356 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1357 "");
1358
1359 return result;
1360 }
1361
1362 static char * audit_sys_acl_to_text(vfs_handle_struct *handle,
1363 connection_struct *conn, SMB_ACL_T theacl,
1364 ssize_t *plen)
1365 {
1366 char * result;
1367
1368 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, conn, theacl, plen);
1369
1370 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1371 "");
1372
1373 return result;
1374 }
1375
1376 static SMB_ACL_T audit_sys_acl_init(vfs_handle_struct *handle,
1377 connection_struct *conn,
1378 int count)
1379 {
1380 SMB_ACL_T result;
1381
1382 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, conn, count);
1383
1384 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1385 "");
1386
1387 return result;
1388 }
1389
1390 static int audit_sys_acl_create_entry(vfs_handle_struct *handle,
1391 connection_struct *conn, SMB_ACL_T *pacl,
1392 SMB_ACL_ENTRY_T *pentry)
1393 {
1394 int result;
1395
1396 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, conn, pacl, pentry);
1397
1398 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1399 "");
1400
1401 return result;
1402 }
1403
1404 static int audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1405 connection_struct *conn,
1406 SMB_ACL_ENTRY_T entry,
1407 SMB_ACL_TAG_T tagtype)
1408 {
1409 int result;
1410
1411 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, conn, entry,
1412 tagtype);
1413
1414 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1415 "");
1416
1417 return result;
1418 }
1419
1420 static int audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1421 connection_struct *conn,
1422 SMB_ACL_ENTRY_T entry,
1423 void *qual)
1424 {
1425 int result;
1426
1427 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, conn, entry, qual);
1428
1429 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1430 "");
1431
1432 return result;
1433 }
1434
1435 static int audit_sys_acl_set_permset(vfs_handle_struct *handle,
1436 connection_struct *conn,
1437 SMB_ACL_ENTRY_T entry,
1438 SMB_ACL_PERMSET_T permset)
1439 {
1440 int result;
1441
1442 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, conn, entry, permset);
1443
1444 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1445 "");
1446
1447 return result;
1448 }
1449
1450 static int audit_sys_acl_valid(vfs_handle_struct *handle,
1451 connection_struct *conn,
1452 SMB_ACL_T theacl )
1453 {
1454 int result;
1455
1456 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, conn, theacl);
1457
1458 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1459 "");
1460
1461 return result;
1462 }
1463
1464 static int audit_sys_acl_set_file(vfs_handle_struct *handle,
1465 connection_struct *conn,
1466 const char *name, SMB_ACL_TYPE_T acltype,
1467 SMB_ACL_T theacl)
1468 {
1469 int result;
1470
1471 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, conn, name, acltype,
1472 theacl);
1473
1474 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1475 "%s", name);
1476
1477 return result;
1478 }
1479
1480 static int audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1481 int fd, SMB_ACL_T theacl)
1482 {
1483 int result;
1484
1485 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, fd, theacl);
1486
1487 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1488 "%s", fsp->fsp_name);
1489
1490 return result;
1491 }
1492
1493 static int audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1494 connection_struct *conn,
1495 const char *path)
1496 {
1497 int result;
1498
1499 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, conn, path);
1500
1501 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1502 "%s", path);
1503
1504 return result;
1505 }
1506
1507 static int audit_sys_acl_get_perm(vfs_handle_struct *handle,
1508 connection_struct *conn,
1509 SMB_ACL_PERMSET_T permset,
1510 SMB_ACL_PERM_T perm)
1511 {
1512 int result;
1513
1514 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, conn, permset, perm);
1515
1516 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1517 "");
1518
1519 return result;
1520 }
1521
1522 static int audit_sys_acl_free_text(vfs_handle_struct *handle,
1523 connection_struct *conn,
1524 char *text)
1525 {
1526 int result;
1527
1528 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, conn, text);
1529
1530 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1531 "");
1532
1533 return result;
1534 }
1535
1536 static int audit_sys_acl_free_acl(vfs_handle_struct *handle,
1537 connection_struct *conn,
1538 SMB_ACL_T posix_acl)
1539 {
1540 int result;
1541
1542 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, conn, posix_acl);
1543
1544 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1545 "");
1546
1547 return result;
1548 }
1549
1550 static int audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1551 connection_struct *conn,
1552 void *qualifier,
1553 SMB_ACL_TAG_T tagtype)
1554 {
1555 int result;
1556
1557 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, conn, qualifier,
1558 tagtype);
1559
1560 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1561 "");
1562
1563 return result;
1564 }
1565
1566 static ssize_t audit_getxattr(struct vfs_handle_struct *handle,
1567 struct connection_struct *conn, const char *path,
1568 const char *name, void *value, size_t size)
1569 {
1570 ssize_t result;
1571
1572 result = SMB_VFS_NEXT_GETXATTR(handle, conn, path, name, value, size);
1573
1574 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1575 "%s|%s", path, name);
1576
1577 return result;
1578 }
1579
1580 static ssize_t audit_lgetxattr(struct vfs_handle_struct *handle,
1581 struct connection_struct *conn,
1582 const char *path, const char *name,
1583 void *value, size_t size)
1584 {
1585 ssize_t result;
1586
1587 result = SMB_VFS_NEXT_LGETXATTR(handle, conn, path, name, value, size);
1588
1589 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1590 "%s|%s", path, name);
1591
1592 return result;
1593 }
1594
1595 static ssize_t audit_fgetxattr(struct vfs_handle_struct *handle,
1596 struct files_struct *fsp, int fd,
1597 const char *name, void *value, size_t size)
1598 {
1599 ssize_t result;
1600
1601 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, fd, name, value, size);
1602
1603 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1604 "%s|%s", fsp->fsp_name, name);
1605
1606 return result;
1607 }
1608
1609 static ssize_t audit_listxattr(struct vfs_handle_struct *handle,
1610 struct connection_struct *conn,
1611 const char *path, char *list, size_t size)
1612 {
1613 ssize_t result;
1614
1615 result = SMB_VFS_NEXT_LISTXATTR(handle, conn, path, list, size);
1616
1617 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1618
1619 return result;
1620 }
1621
1622 static ssize_t audit_llistxattr(struct vfs_handle_struct *handle,
1623 struct connection_struct *conn,
1624 const char *path, char *list, size_t size)
1625 {
1626 ssize_t result;
1627
1628 result = SMB_VFS_NEXT_LLISTXATTR(handle, conn, path, list, size);
1629
1630 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1631
1632 return result;
1633 }
1634
1635 static ssize_t audit_flistxattr(struct vfs_handle_struct *handle,
1636 struct files_struct *fsp, int fd, char *list,
1637 size_t size)
1638 {
1639 ssize_t result;
1640
1641 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, fd, list, size);
1642
1643 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1644 "%s", fsp->fsp_name);
1645
1646 return result;
1647 }
1648
1649 static int audit_removexattr(struct vfs_handle_struct *handle,
1650 struct connection_struct *conn, const char *path,
1651 const char *name)
1652 {
1653 int result;
1654
1655 result = SMB_VFS_NEXT_REMOVEXATTR(handle, conn, path, name);
1656
1657 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
1658 "%s|%s", path, name);
1659
1660 return result;
1661 }
1662
1663 static int audit_lremovexattr(struct vfs_handle_struct *handle,
1664 struct connection_struct *conn, const char *path,
1665 const char *name)
1666 {
1667 int result;
1668
1669 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, conn, path, name);
1670
1671 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
1672 "%s|%s", path, name);
1673
1674 return result;
1675 }
1676
1677 static int audit_fremovexattr(struct vfs_handle_struct *handle,
1678 struct files_struct *fsp, int fd,
1679 const char *name)
1680 {
1681 int result;
1682
1683 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, fd, name);
1684
1685 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
1686 "%s|%s", fsp->fsp_name, name);
1687
1688 return result;
1689 }
1690
1691 static int audit_setxattr(struct vfs_handle_struct *handle,
1692 struct connection_struct *conn, const char *path,
1693 const char *name, const void *value, size_t size,
1694 int flags)
1695 {
1696 int result;
1697
1698 result = SMB_VFS_NEXT_SETXATTR(handle, conn, path, name, value, size,
1699 flags);
1700
1701 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
1702 "%s|%s", path, name);
1703
1704 return result;
1705 }
1706
1707 static int audit_lsetxattr(struct vfs_handle_struct *handle,
1708 struct connection_struct *conn, const char *path,
1709 const char *name, const void *value, size_t size,
1710 int flags)
1711 {
1712 int result;
1713
1714 result = SMB_VFS_NEXT_LSETXATTR(handle, conn, path, name, value, size,
1715 flags);
1716
1717 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
1718 "%s|%s", path, name);
1719
1720 return result;
1721 }
1722
1723 static int audit_fsetxattr(struct vfs_handle_struct *handle,
1724 struct files_struct *fsp, int fd, const char *name,
1725 const void *value, size_t size, int flags)
1726 {
1727 int result;
1728
1729 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, fd, name, value, size,
1730 flags);
1731
1732 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
1733 "%s|%s", fsp->fsp_name, name);
1734
1735 return result;
1736 }
1737
1738 NTSTATUS vfs_full_audit_init(void)
1739 {
1740 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
1741 "full_audit", audit_op_tuples);
1742
1743 if (!NT_STATUS_IS_OK(ret))
1744 return ret;
1745
1746 vfs_full_audit_debug_level = debug_add_class("full_audit");
1747 if (vfs_full_audit_debug_level == -1) {
1748 vfs_full_audit_debug_level = DBGC_VFS;
1749 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
1750 "class!\n"));
1751 } else {
1752 DEBUG(10, ("vfs_full_audit: Debug class number of "
1753 "'full_audit': %d\n", vfs_full_audit_debug_level));
1754 }
1755
1756 return ret;
1757 }
1758
reg import