2003-02-07 04:53:15 +00:00
/*
* Auditing VFS module for samba . Log selected file operations to syslog
* facility .
*
* Copyright ( C ) Tim Potter , 1999 - 2000
* Copyright ( C ) Alexander Bokovoy , 2002
2003-02-07 05:01:06 +00:00
* Copyright ( C ) John H Terpstra , 2003
2003-05-11 23:34:18 +00:00
* Copyright ( C ) Stefan ( metze ) Metzmacher , 2003
2003-02-07 04:53:15 +00:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
2003-05-11 23:34:18 +00:00
# include "includes.h"
static int vfs_extd_audit_debug_level = DBGC_VFS ;
# undef DBGC_CLASS
# define DBGC_CLASS vfs_extd_audit_debug_level
2003-02-07 04:53:15 +00:00
/* Function prototypes */
2006-07-11 18:01:26 +00:00
static int audit_connect ( vfs_handle_struct * handle , const char * svc , const char * user ) ;
static void audit_disconnect ( vfs_handle_struct * handle ) ;
static SMB_STRUCT_DIR * audit_opendir ( vfs_handle_struct * handle , const char * fname , const char * mask , uint32 attr ) ;
static int audit_mkdir ( vfs_handle_struct * handle , const char * path , mode_t mode ) ;
static int audit_rmdir ( vfs_handle_struct * handle , const char * path ) ;
static int audit_open ( vfs_handle_struct * handle , const char * fname , files_struct * fsp , int flags , mode_t mode ) ;
2003-05-11 23:34:18 +00:00
static int audit_close ( vfs_handle_struct * handle , files_struct * fsp , int fd ) ;
2006-07-11 18:01:26 +00:00
static int audit_rename ( vfs_handle_struct * handle , const char * oldname , const char * newname ) ;
static int audit_unlink ( vfs_handle_struct * handle , const char * path ) ;
static int audit_chmod ( vfs_handle_struct * handle , const char * path , mode_t mode ) ;
static int audit_chmod_acl ( vfs_handle_struct * handle , const char * name , mode_t mode ) ;
2003-05-11 23:34:18 +00:00
static int audit_fchmod ( vfs_handle_struct * handle , files_struct * fsp , int fd , mode_t mode ) ;
static int audit_fchmod_acl ( vfs_handle_struct * handle , files_struct * fsp , int fd , mode_t mode ) ;
2003-02-07 04:53:15 +00:00
/* VFS operations */
2003-05-11 23:34:18 +00:00
static vfs_op_tuple audit_op_tuples [ ] = {
2003-02-07 04:53:15 +00:00
/* Disk operations */
2003-05-14 10:59:01 +00:00
{ SMB_VFS_OP ( audit_connect ) , SMB_VFS_OP_CONNECT , SMB_VFS_LAYER_LOGGER } ,
{ SMB_VFS_OP ( audit_disconnect ) , SMB_VFS_OP_DISCONNECT , SMB_VFS_LAYER_LOGGER } ,
2003-02-07 04:53:15 +00:00
/* Directory operations */
2003-05-14 10:59:01 +00:00
{ SMB_VFS_OP ( audit_opendir ) , SMB_VFS_OP_OPENDIR , SMB_VFS_LAYER_LOGGER } ,
{ SMB_VFS_OP ( audit_mkdir ) , SMB_VFS_OP_MKDIR , SMB_VFS_LAYER_LOGGER } ,
{ SMB_VFS_OP ( audit_rmdir ) , SMB_VFS_OP_RMDIR , SMB_VFS_LAYER_LOGGER } ,
2003-02-07 04:53:15 +00:00
/* File operations */
2003-05-14 10:59:01 +00:00
{ SMB_VFS_OP ( audit_open ) , SMB_VFS_OP_OPEN , SMB_VFS_LAYER_LOGGER } ,
{ SMB_VFS_OP ( audit_close ) , SMB_VFS_OP_CLOSE , SMB_VFS_LAYER_LOGGER } ,
{ SMB_VFS_OP ( audit_rename ) , SMB_VFS_OP_RENAME , SMB_VFS_LAYER_LOGGER } ,
{ SMB_VFS_OP ( audit_unlink ) , SMB_VFS_OP_UNLINK , SMB_VFS_LAYER_LOGGER } ,
{ SMB_VFS_OP ( audit_chmod ) , SMB_VFS_OP_CHMOD , SMB_VFS_LAYER_LOGGER } ,
{ SMB_VFS_OP ( audit_fchmod ) , SMB_VFS_OP_FCHMOD , SMB_VFS_LAYER_LOGGER } ,
{ SMB_VFS_OP ( audit_chmod_acl ) , SMB_VFS_OP_CHMOD_ACL , SMB_VFS_LAYER_LOGGER } ,
{ SMB_VFS_OP ( audit_fchmod_acl ) , SMB_VFS_OP_FCHMOD_ACL , SMB_VFS_LAYER_LOGGER } ,
2003-02-07 04:53:15 +00:00
/* Finish VFS operations definition */
2003-05-14 10:59:01 +00:00
{ SMB_VFS_OP ( NULL ) , SMB_VFS_OP_NOOP , SMB_VFS_LAYER_NOOP }
2003-02-07 04:53:15 +00:00
} ;
2003-05-11 23:34:18 +00:00
static int audit_syslog_facility ( vfs_handle_struct * handle )
2003-02-07 04:53:15 +00:00
{
2005-09-29 15:57:21 +00:00
static const struct enum_list enum_log_facilities [ ] = {
{ LOG_USER , " USER " } ,
{ LOG_LOCAL0 , " LOCAL0 " } ,
{ LOG_LOCAL1 , " LOCAL1 " } ,
{ LOG_LOCAL2 , " LOCAL2 " } ,
{ LOG_LOCAL3 , " LOCAL3 " } ,
{ LOG_LOCAL4 , " LOCAL4 " } ,
{ LOG_LOCAL5 , " LOCAL5 " } ,
{ LOG_LOCAL6 , " LOCAL6 " } ,
{ LOG_LOCAL7 , " LOCAL7 " }
} ;
int facility ;
facility = lp_parm_enum ( SNUM ( handle - > conn ) , " extd_audit " , " facility " , enum_log_facilities , LOG_USER ) ;
return facility ;
2003-05-11 23:34:18 +00:00
}
2003-02-07 04:53:15 +00:00
2003-05-11 23:34:18 +00:00
static int audit_syslog_priority ( vfs_handle_struct * handle )
{
2005-09-29 15:57:21 +00:00
static const struct enum_list enum_log_priorities [ ] = {
{ LOG_EMERG , " EMERG " } ,
{ LOG_ALERT , " ALERT " } ,
{ LOG_CRIT , " CRIT " } ,
{ LOG_ERR , " ERR " } ,
{ LOG_WARNING , " WARNING " } ,
{ LOG_NOTICE , " NOTICE " } ,
{ LOG_INFO , " INFO " } ,
{ LOG_DEBUG , " DEBUG " }
} ;
int priority ;
priority = lp_parm_enum ( SNUM ( handle - > conn ) , " extd_audit " , " priority " , enum_log_priorities , LOG_NOTICE ) ;
return priority ;
2003-02-07 04:53:15 +00:00
}
/* Implementation of vfs_ops. Pass everything on to the default
operation but log event first . */
2006-07-11 18:01:26 +00:00
static int audit_connect ( vfs_handle_struct * handle , const char * svc , const char * user )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
openlog ( " smbd_audit " , LOG_PID , audit_syslog_facility ( handle ) ) ;
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " connect to service %s by user %s \n " ,
svc , user ) ;
DEBUG ( 10 , ( " Connected to service %s as user %s \n " ,
svc , user ) ) ;
2003-02-07 04:53:15 +00:00
2006-07-11 18:01:26 +00:00
result = SMB_VFS_NEXT_CONNECT ( handle , svc , user ) ;
2003-05-11 23:34:18 +00:00
return result ;
2003-02-07 04:53:15 +00:00
}
2006-07-11 18:01:26 +00:00
static void audit_disconnect ( vfs_handle_struct * handle )
2003-02-07 04:53:15 +00:00
{
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " disconnected \n " ) ;
DEBUG ( 10 , ( " Disconnected from VFS module extd_audit \n " ) ) ;
2006-07-11 18:01:26 +00:00
SMB_VFS_NEXT_DISCONNECT ( handle ) ;
2003-02-07 04:53:15 +00:00
2003-05-11 23:34:18 +00:00
return ;
2003-02-07 04:53:15 +00:00
}
2006-07-11 18:01:26 +00:00
static SMB_STRUCT_DIR * audit_opendir ( vfs_handle_struct * handle , const char * fname , const char * mask , uint32 attr )
2003-02-07 04:53:15 +00:00
{
2005-08-22 18:03:08 +00:00
SMB_STRUCT_DIR * result ;
2003-05-11 23:34:18 +00:00
2006-07-11 18:01:26 +00:00
result = SMB_VFS_NEXT_OPENDIR ( handle , fname , mask , attr ) ;
2003-02-07 04:53:15 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " opendir %s %s%s \n " ,
fname ,
( result = = NULL ) ? " failed: " : " " ,
( result = = NULL ) ? strerror ( errno ) : " " ) ;
DEBUG ( 1 , ( " vfs_extd_audit: opendir %s %s %s \n " ,
fname ,
( result = = NULL ) ? " failed: " : " " ,
( result = = NULL ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2006-07-11 18:01:26 +00:00
static int audit_mkdir ( vfs_handle_struct * handle , const char * path , mode_t mode )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
2006-07-11 18:01:26 +00:00
result = SMB_VFS_NEXT_MKDIR ( handle , path , mode ) ;
2003-05-11 23:34:18 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " mkdir %s %s%s \n " ,
path ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ;
DEBUG ( 0 , ( " vfs_extd_audit: mkdir %s %s %s \n " ,
path ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2006-07-11 18:01:26 +00:00
static int audit_rmdir ( vfs_handle_struct * handle , const char * path )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
2006-07-11 18:01:26 +00:00
result = SMB_VFS_NEXT_RMDIR ( handle , path ) ;
2003-02-07 04:53:15 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " rmdir %s %s%s \n " ,
path ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ;
DEBUG ( 0 , ( " vfs_extd_audit: rmdir %s %s %s \n " ,
path ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2006-07-11 18:01:26 +00:00
static int audit_open ( vfs_handle_struct * handle , const char * fname , files_struct * fsp , int flags , mode_t mode )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
2006-07-11 18:01:26 +00:00
result = SMB_VFS_NEXT_OPEN ( handle , fname , fsp , flags , mode ) ;
2003-02-07 04:53:15 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " open %s (fd %d) %s%s%s \n " ,
fname , result ,
( ( flags & O_WRONLY ) | | ( flags & O_RDWR ) ) ? " for writing " : " " ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ;
DEBUG ( 2 , ( " vfs_extd_audit: open %s %s %s \n " ,
fname ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2003-05-11 23:34:18 +00:00
static int audit_close ( vfs_handle_struct * handle , files_struct * fsp , int fd )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
2003-05-14 10:59:01 +00:00
result = SMB_VFS_NEXT_CLOSE ( handle , fsp , fd ) ;
2003-02-07 04:53:15 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " close fd %d %s%s \n " ,
fd ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ;
DEBUG ( 2 , ( " vfs_extd_audit: close fd %d %s %s \n " ,
fd ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2006-07-11 18:01:26 +00:00
static int audit_rename ( vfs_handle_struct * handle , const char * oldname , const char * newname )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
2006-07-11 18:01:26 +00:00
result = SMB_VFS_NEXT_RENAME ( handle , oldname , newname ) ;
2003-02-07 04:53:15 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " rename %s -> %s %s%s \n " ,
2005-06-24 20:25:18 +00:00
oldname , newname ,
2004-04-29 12:11:59 +00:00
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ;
2005-06-24 20:25:18 +00:00
DEBUG ( 1 , ( " vfs_extd_audit: rename old: %s newname: %s %s %s \n " ,
oldname , newname ,
2004-04-29 12:11:59 +00:00
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2006-07-11 18:01:26 +00:00
static int audit_unlink ( vfs_handle_struct * handle , const char * path )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
2006-07-11 18:01:26 +00:00
result = SMB_VFS_NEXT_UNLINK ( handle , path ) ;
2003-02-07 04:53:15 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " unlink %s %s%s \n " ,
path ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ;
DEBUG ( 0 , ( " vfs_extd_audit: unlink %s %s %s \n " ,
path ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2006-07-11 18:01:26 +00:00
static int audit_chmod ( vfs_handle_struct * handle , const char * path , mode_t mode )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
2003-02-07 04:53:15 +00:00
2006-07-11 18:01:26 +00:00
result = SMB_VFS_NEXT_CHMOD ( handle , path , mode ) ;
2003-05-11 23:34:18 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " chmod %s mode 0x%x %s%s \n " ,
path , mode ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ;
DEBUG ( 1 , ( " vfs_extd_audit: chmod %s mode 0x%x %s %s \n " ,
path , mode ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2006-07-11 18:01:26 +00:00
static int audit_chmod_acl ( vfs_handle_struct * handle , const char * path , mode_t mode )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
2006-07-11 18:01:26 +00:00
result = SMB_VFS_NEXT_CHMOD_ACL ( handle , path , mode ) ;
2003-02-07 04:53:15 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " chmod_acl %s mode 0x%x %s%s \n " ,
path , mode ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ;
DEBUG ( 1 , ( " vfs_extd_audit: chmod_acl %s mode 0x%x %s %s \n " ,
path , mode ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2003-05-11 23:34:18 +00:00
static int audit_fchmod ( vfs_handle_struct * handle , files_struct * fsp , int fd , mode_t mode )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
2003-05-14 10:59:01 +00:00
result = SMB_VFS_NEXT_FCHMOD ( handle , fsp , fd , mode ) ;
2003-02-07 04:53:15 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " fchmod %s mode 0x%x %s%s \n " ,
fsp - > fsp_name , mode ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ;
DEBUG ( 1 , ( " vfs_extd_audit: fchmod %s mode 0x%x %s %s " ,
fsp - > fsp_name , mode ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2003-05-11 23:34:18 +00:00
static int audit_fchmod_acl ( vfs_handle_struct * handle , files_struct * fsp , int fd , mode_t mode )
2003-02-07 04:53:15 +00:00
{
2003-05-11 23:34:18 +00:00
int result ;
2003-05-14 10:59:01 +00:00
result = SMB_VFS_NEXT_FCHMOD_ACL ( handle , fsp , fd , mode ) ;
2003-02-07 04:53:15 +00:00
2004-04-29 12:11:59 +00:00
syslog ( audit_syslog_priority ( handle ) , " fchmod_acl %s mode 0x%x %s%s \n " ,
fsp - > fsp_name , mode ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ;
DEBUG ( 1 , ( " vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s " ,
fsp - > fsp_name , mode ,
( result < 0 ) ? " failed: " : " " ,
( result < 0 ) ? strerror ( errno ) : " " ) ) ;
2003-02-07 04:53:15 +00:00
return result ;
}
2003-04-16 14:45:11 +00:00
2003-04-28 17:48:48 +00:00
NTSTATUS vfs_extd_audit_init ( void )
2003-04-16 14:45:11 +00:00
{
2003-05-11 23:34:18 +00:00
NTSTATUS ret = smb_register_vfs ( SMB_VFS_INTERFACE_VERSION , " extd_audit " , audit_op_tuples ) ;
2003-06-22 10:09:52 +00:00
if ( ! NT_STATUS_IS_OK ( ret ) )
2003-05-11 23:34:18 +00:00
return ret ;
vfs_extd_audit_debug_level = debug_add_class ( " extd_audit " ) ;
if ( vfs_extd_audit_debug_level = = - 1 ) {
vfs_extd_audit_debug_level = DBGC_VFS ;
DEBUG ( 0 , ( " vfs_extd_audit: Couldn't register custom debugging class! \n " ) ) ;
} else {
DEBUG ( 10 , ( " vfs_extd_audit: Debug class number of 'extd_audit': %d \n " , vfs_extd_audit_debug_level ) ) ;
}
return ret ;
2003-04-16 14:45:11 +00:00
}