2004-04-29 16:11:59 +04:00
/*
* Auditing VFS module for samba . Log selected file operations to syslog
* facility .
*
* Copyright ( C ) Tim Potter , 1999 - 2000
* Copyright ( C ) Alexander Bokovoy , 2002
* Copyright ( C ) John H Terpstra , 2003
* Copyright ( C ) Stefan ( metze ) Metzmacher , 2003
* Copyright ( C ) Volker Lendecke , 2004
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2004-04-29 16:11:59 +04:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2004-04-29 16:11:59 +04:00
*/
2004-04-29 17:07:34 +04:00
/*
* This module implements parseable logging for all Samba VFS operations .
*
* You use it as follows :
*
* [ tmp ]
* path = / tmp
* vfs objects = full_audit
* full_audit : prefix = % u | % I
* full_audit : success = open opendir
* full_audit : failure = all
*
2006-01-19 03:34:48 +03:00
* vfs op can be " all " which means log all operations .
* vfs op can be " none " which means no logging .
*
2004-04-29 17:07:34 +04:00
* This leads to syslog entries of the form :
* smbd_audit : nobody | 192.168 .234 .1 | opendir | ok | .
* smbd_audit : nobody | 192.168 .234 .1 | open | fail ( File not found ) | r | x . txt
*
* where " nobody " is the connected username and " 192.168.234.1 " is the
* client ' s IP address .
*
* Options :
*
* prefix : A macro expansion template prepended to the syslog entry .
*
* success : A list of VFS operations for which a successful completion should
* be logged . Defaults to no logging at all . The special operation " all " logs
* - you guessed it - everything .
*
* failure : A list of VFS operations for which failure to complete should be
* logged . Defaults to logging everything .
*/
2004-04-29 16:11:59 +04:00
# include "includes.h"
2011-02-26 01:20:06 +03:00
# include "system/filesys.h"
2011-02-25 18:19:10 +03:00
# include "system/syslog.h"
2011-03-23 00:34:22 +03:00
# include "smbd/smbd.h"
2010-08-05 17:14:04 +04:00
# include "../librpc/gen_ndr/ndr_netlogon.h"
2011-03-24 16:15:54 +03:00
# include "auth.h"
2011-03-25 15:42:42 +03:00
# include "ntioctl.h"
2011-06-29 09:33:54 +04:00
# include "lib/param/loadparm.h"
2011-07-07 15:04:31 +04:00
# include "lib/util/bitmap.h"
2012-07-09 19:17:25 +04:00
# include "lib/util/tevent_unix.h"
2014-08-07 14:53:33 +04:00
# include "libcli/security/sddl.h"
# include "passdb/machine_sid.h"
2004-04-29 16:11:59 +04:00
static int vfs_full_audit_debug_level = DBGC_VFS ;
2006-01-19 03:34:48 +03:00
struct vfs_full_audit_private_data {
struct bitmap * success_ops ;
struct bitmap * failure_ops ;
2014-08-07 14:34:18 +04:00
int syslog_facility ;
2014-08-07 14:34:18 +04:00
int syslog_priority ;
2014-08-07 14:53:33 +04:00
bool log_secdesc ;
2014-08-07 14:44:01 +04:00
bool do_syslog ;
2006-01-19 03:34:48 +03:00
} ;
2004-04-29 16:11:59 +04:00
# undef DBGC_CLASS
# define DBGC_CLASS vfs_full_audit_debug_level
2009-07-24 18:43:02 +04:00
typedef enum _vfs_op_type {
SMB_VFS_OP_NOOP = - 1 ,
/* Disk operations */
SMB_VFS_OP_CONNECT = 0 ,
SMB_VFS_OP_DISCONNECT ,
SMB_VFS_OP_DISK_FREE ,
SMB_VFS_OP_GET_QUOTA ,
SMB_VFS_OP_SET_QUOTA ,
SMB_VFS_OP_GET_SHADOW_COPY_DATA ,
SMB_VFS_OP_STATVFS ,
SMB_VFS_OP_FS_CAPABILITIES ,
2012-04-10 05:16:57 +04:00
SMB_VFS_OP_SNAP_CHECK_PATH ,
SMB_VFS_OP_SNAP_CREATE ,
SMB_VFS_OP_SNAP_DELETE ,
2009-07-24 18:43:02 +04:00
/* Directory operations */
SMB_VFS_OP_OPENDIR ,
2011-02-09 02:07:48 +03:00
SMB_VFS_OP_FDOPENDIR ,
2009-07-24 18:43:02 +04:00
SMB_VFS_OP_READDIR ,
SMB_VFS_OP_SEEKDIR ,
SMB_VFS_OP_TELLDIR ,
SMB_VFS_OP_REWINDDIR ,
SMB_VFS_OP_MKDIR ,
SMB_VFS_OP_RMDIR ,
SMB_VFS_OP_CLOSEDIR ,
SMB_VFS_OP_INIT_SEARCH_OP ,
/* File operations */
SMB_VFS_OP_OPEN ,
SMB_VFS_OP_CREATE_FILE ,
SMB_VFS_OP_CLOSE ,
SMB_VFS_OP_READ ,
SMB_VFS_OP_PREAD ,
2012-07-09 19:17:25 +04:00
SMB_VFS_OP_PREAD_SEND ,
SMB_VFS_OP_PREAD_RECV ,
2009-07-24 18:43:02 +04:00
SMB_VFS_OP_WRITE ,
SMB_VFS_OP_PWRITE ,
2012-07-09 19:17:25 +04:00
SMB_VFS_OP_PWRITE_SEND ,
SMB_VFS_OP_PWRITE_RECV ,
2009-07-24 18:43:02 +04:00
SMB_VFS_OP_LSEEK ,
SMB_VFS_OP_SENDFILE ,
SMB_VFS_OP_RECVFILE ,
SMB_VFS_OP_RENAME ,
SMB_VFS_OP_FSYNC ,
2012-07-13 12:22:25 +04:00
SMB_VFS_OP_FSYNC_SEND ,
SMB_VFS_OP_FSYNC_RECV ,
2009-07-24 18:43:02 +04:00
SMB_VFS_OP_STAT ,
SMB_VFS_OP_FSTAT ,
SMB_VFS_OP_LSTAT ,
SMB_VFS_OP_GET_ALLOC_SIZE ,
SMB_VFS_OP_UNLINK ,
SMB_VFS_OP_CHMOD ,
SMB_VFS_OP_FCHMOD ,
SMB_VFS_OP_CHOWN ,
SMB_VFS_OP_FCHOWN ,
SMB_VFS_OP_LCHOWN ,
SMB_VFS_OP_CHDIR ,
SMB_VFS_OP_GETWD ,
SMB_VFS_OP_NTIMES ,
SMB_VFS_OP_FTRUNCATE ,
2010-12-18 10:08:01 +03:00
SMB_VFS_OP_FALLOCATE ,
2009-07-24 18:43:02 +04:00
SMB_VFS_OP_LOCK ,
SMB_VFS_OP_KERNEL_FLOCK ,
SMB_VFS_OP_LINUX_SETLEASE ,
SMB_VFS_OP_GETLOCK ,
SMB_VFS_OP_SYMLINK ,
SMB_VFS_OP_READLINK ,
SMB_VFS_OP_LINK ,
SMB_VFS_OP_MKNOD ,
SMB_VFS_OP_REALPATH ,
SMB_VFS_OP_NOTIFY_WATCH ,
SMB_VFS_OP_CHFLAGS ,
SMB_VFS_OP_FILE_ID_CREATE ,
SMB_VFS_OP_STREAMINFO ,
SMB_VFS_OP_GET_REAL_FILENAME ,
SMB_VFS_OP_CONNECTPATH ,
SMB_VFS_OP_BRL_LOCK_WINDOWS ,
SMB_VFS_OP_BRL_UNLOCK_WINDOWS ,
SMB_VFS_OP_BRL_CANCEL_WINDOWS ,
SMB_VFS_OP_STRICT_LOCK ,
SMB_VFS_OP_STRICT_UNLOCK ,
2009-08-27 01:56:09 +04:00
SMB_VFS_OP_TRANSLATE_NAME ,
2013-01-15 20:22:59 +04:00
SMB_VFS_OP_COPY_CHUNK_SEND ,
SMB_VFS_OP_COPY_CHUNK_RECV ,
2013-11-18 17:54:30 +04:00
SMB_VFS_OP_GET_COMPRESSION ,
SMB_VFS_OP_SET_COMPRESSION ,
2014-11-26 16:30:37 +03:00
SMB_VFS_OP_READDIR_ATTR ,
2009-07-24 18:43:02 +04:00
/* NT ACL operations. */
SMB_VFS_OP_FGET_NT_ACL ,
SMB_VFS_OP_GET_NT_ACL ,
SMB_VFS_OP_FSET_NT_ACL ,
/* POSIX ACL operations. */
SMB_VFS_OP_CHMOD_ACL ,
SMB_VFS_OP_FCHMOD_ACL ,
SMB_VFS_OP_SYS_ACL_GET_FILE ,
SMB_VFS_OP_SYS_ACL_GET_FD ,
2012-09-10 06:44:01 +04:00
SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE ,
SMB_VFS_OP_SYS_ACL_BLOB_GET_FD ,
2009-07-24 18:43:02 +04:00
SMB_VFS_OP_SYS_ACL_SET_FILE ,
SMB_VFS_OP_SYS_ACL_SET_FD ,
SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE ,
/* EA operations. */
SMB_VFS_OP_GETXATTR ,
SMB_VFS_OP_FGETXATTR ,
SMB_VFS_OP_LISTXATTR ,
SMB_VFS_OP_FLISTXATTR ,
SMB_VFS_OP_REMOVEXATTR ,
SMB_VFS_OP_FREMOVEXATTR ,
SMB_VFS_OP_SETXATTR ,
SMB_VFS_OP_FSETXATTR ,
/* aio operations */
SMB_VFS_OP_AIO_FORCE ,
/* offline operations */
SMB_VFS_OP_IS_OFFLINE ,
SMB_VFS_OP_SET_OFFLINE ,
/* This should always be last enum value */
SMB_VFS_OP_LAST
} vfs_op_type ;
2012-09-27 14:34:53 +04:00
/* The following array *must* be in the same order as defined in vfs_op_type */
2004-04-29 16:11:59 +04:00
static struct {
vfs_op_type type ;
const char * name ;
} vfs_op_names [ ] = {
{ SMB_VFS_OP_CONNECT , " connect " } ,
{ SMB_VFS_OP_DISCONNECT , " disconnect " } ,
{ SMB_VFS_OP_DISK_FREE , " disk_free " } ,
{ SMB_VFS_OP_GET_QUOTA , " get_quota " } ,
{ SMB_VFS_OP_SET_QUOTA , " set_quota " } ,
{ SMB_VFS_OP_GET_SHADOW_COPY_DATA , " get_shadow_copy_data " } ,
2005-10-20 21:33:17 +04:00
{ SMB_VFS_OP_STATVFS , " statvfs " } ,
2008-03-21 12:20:53 +03:00
{ SMB_VFS_OP_FS_CAPABILITIES , " fs_capabilities " } ,
2012-04-10 05:16:57 +04:00
{ SMB_VFS_OP_SNAP_CHECK_PATH , " snap_check_path " } ,
{ SMB_VFS_OP_SNAP_CREATE , " snap_create " } ,
{ SMB_VFS_OP_SNAP_DELETE , " snap_delete " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_OPENDIR , " opendir " } ,
2011-02-09 02:07:48 +03:00
{ SMB_VFS_OP_FDOPENDIR , " fdopendir " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_READDIR , " readdir " } ,
2005-05-13 16:05:14 +04:00
{ SMB_VFS_OP_SEEKDIR , " seekdir " } ,
{ SMB_VFS_OP_TELLDIR , " telldir " } ,
{ SMB_VFS_OP_REWINDDIR , " rewinddir " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_MKDIR , " mkdir " } ,
{ SMB_VFS_OP_RMDIR , " rmdir " } ,
{ SMB_VFS_OP_CLOSEDIR , " closedir " } ,
2009-02-03 08:37:51 +03:00
{ SMB_VFS_OP_INIT_SEARCH_OP , " init_search_op " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_OPEN , " open " } ,
2009-01-05 15:08:07 +03:00
{ SMB_VFS_OP_CREATE_FILE , " create_file " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_CLOSE , " close " } ,
{ SMB_VFS_OP_READ , " read " } ,
{ SMB_VFS_OP_PREAD , " pread " } ,
2012-07-09 19:17:25 +04:00
{ SMB_VFS_OP_PREAD_SEND , " pread_send " } ,
{ SMB_VFS_OP_PREAD_RECV , " pread_recv " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_WRITE , " write " } ,
{ SMB_VFS_OP_PWRITE , " pwrite " } ,
2012-09-27 13:50:22 +04:00
{ SMB_VFS_OP_PWRITE_SEND , " pwrite_send " } ,
{ SMB_VFS_OP_PWRITE_RECV , " pwrite_recv " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_LSEEK , " lseek " } ,
{ SMB_VFS_OP_SENDFILE , " sendfile " } ,
2008-07-04 16:51:01 +04:00
{ SMB_VFS_OP_RECVFILE , " recvfile " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_RENAME , " rename " } ,
{ SMB_VFS_OP_FSYNC , " fsync " } ,
2012-07-13 12:22:25 +04:00
{ SMB_VFS_OP_FSYNC_SEND , " fsync_send " } ,
{ SMB_VFS_OP_FSYNC_RECV , " fsync_recv " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_STAT , " stat " } ,
{ SMB_VFS_OP_FSTAT , " fstat " } ,
{ SMB_VFS_OP_LSTAT , " lstat " } ,
2009-01-27 02:39:40 +03:00
{ SMB_VFS_OP_GET_ALLOC_SIZE , " get_alloc_size " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_UNLINK , " unlink " } ,
{ SMB_VFS_OP_CHMOD , " chmod " } ,
{ SMB_VFS_OP_FCHMOD , " fchmod " } ,
{ SMB_VFS_OP_CHOWN , " chown " } ,
{ SMB_VFS_OP_FCHOWN , " fchown " } ,
2007-05-24 03:55:12 +04:00
{ SMB_VFS_OP_LCHOWN , " lchown " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_CHDIR , " chdir " } ,
{ SMB_VFS_OP_GETWD , " getwd " } ,
2007-03-06 02:40:03 +03:00
{ SMB_VFS_OP_NTIMES , " ntimes " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_FTRUNCATE , " ftruncate " } ,
2010-12-18 10:08:01 +03:00
{ SMB_VFS_OP_FALLOCATE , " fallocate " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_LOCK , " lock " } ,
2006-12-06 13:21:20 +03:00
{ SMB_VFS_OP_KERNEL_FLOCK , " kernel_flock " } ,
2007-02-14 05:37:14 +03:00
{ SMB_VFS_OP_LINUX_SETLEASE , " linux_setlease " } ,
2006-04-10 19:33:04 +04:00
{ SMB_VFS_OP_GETLOCK , " getlock " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_SYMLINK , " symlink " } ,
{ SMB_VFS_OP_READLINK , " readlink " } ,
{ SMB_VFS_OP_LINK , " link " } ,
{ SMB_VFS_OP_MKNOD , " mknod " } ,
{ SMB_VFS_OP_REALPATH , " realpath " } ,
2007-03-20 00:03:30 +03:00
{ SMB_VFS_OP_NOTIFY_WATCH , " notify_watch " } ,
2007-03-08 04:40:49 +03:00
{ SMB_VFS_OP_CHFLAGS , " chflags " } ,
2007-08-02 13:19:04 +04:00
{ SMB_VFS_OP_FILE_ID_CREATE , " file_id_create " } ,
2008-06-07 11:04:03 +04:00
{ SMB_VFS_OP_STREAMINFO , " streaminfo " } ,
2009-01-05 14:58:23 +03:00
{ SMB_VFS_OP_GET_REAL_FILENAME , " get_real_filename " } ,
2009-05-28 21:20:14 +04:00
{ SMB_VFS_OP_CONNECTPATH , " connectpath " } ,
2009-02-10 08:51:29 +03:00
{ SMB_VFS_OP_BRL_LOCK_WINDOWS , " brl_lock_windows " } ,
{ SMB_VFS_OP_BRL_UNLOCK_WINDOWS , " brl_unlock_windows " } ,
{ SMB_VFS_OP_BRL_CANCEL_WINDOWS , " brl_cancel_windows " } ,
2009-03-14 00:15:28 +03:00
{ SMB_VFS_OP_STRICT_LOCK , " strict_lock " } ,
{ SMB_VFS_OP_STRICT_UNLOCK , " strict_unlock " } ,
2009-08-27 01:56:09 +04:00
{ SMB_VFS_OP_TRANSLATE_NAME , " translate_name " } ,
2013-01-15 20:22:59 +04:00
{ SMB_VFS_OP_COPY_CHUNK_SEND , " copy_chunk_send " } ,
{ SMB_VFS_OP_COPY_CHUNK_RECV , " copy_chunk_recv " } ,
2013-11-18 17:54:30 +04:00
{ SMB_VFS_OP_GET_COMPRESSION , " get_compression " } ,
{ SMB_VFS_OP_SET_COMPRESSION , " set_compression " } ,
2014-11-26 16:30:37 +03:00
{ SMB_VFS_OP_READDIR_ATTR , " readdir_attr " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_FGET_NT_ACL , " fget_nt_acl " } ,
{ SMB_VFS_OP_GET_NT_ACL , " get_nt_acl " } ,
{ SMB_VFS_OP_FSET_NT_ACL , " fset_nt_acl " } ,
{ SMB_VFS_OP_CHMOD_ACL , " chmod_acl " } ,
{ SMB_VFS_OP_FCHMOD_ACL , " fchmod_acl " } ,
{ SMB_VFS_OP_SYS_ACL_GET_FILE , " sys_acl_get_file " } ,
{ SMB_VFS_OP_SYS_ACL_GET_FD , " sys_acl_get_fd " } ,
2012-09-10 06:44:01 +04:00
{ SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE , " sys_acl_blob_get_file " } ,
{ SMB_VFS_OP_SYS_ACL_BLOB_GET_FD , " sys_acl_blob_get_fd " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_SYS_ACL_SET_FILE , " sys_acl_set_file " } ,
{ SMB_VFS_OP_SYS_ACL_SET_FD , " sys_acl_set_fd " } ,
{ SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE , " sys_acl_delete_def_file " } ,
{ SMB_VFS_OP_GETXATTR , " getxattr " } ,
{ SMB_VFS_OP_FGETXATTR , " fgetxattr " } ,
{ SMB_VFS_OP_LISTXATTR , " listxattr " } ,
{ SMB_VFS_OP_FLISTXATTR , " flistxattr " } ,
{ SMB_VFS_OP_REMOVEXATTR , " removexattr " } ,
{ SMB_VFS_OP_FREMOVEXATTR , " fremovexattr " } ,
{ SMB_VFS_OP_SETXATTR , " setxattr " } ,
{ SMB_VFS_OP_FSETXATTR , " fsetxattr " } ,
2008-03-21 12:20:53 +03:00
{ SMB_VFS_OP_AIO_FORCE , " aio_force " } ,
2011-02-25 16:28:30 +03:00
{ SMB_VFS_OP_IS_OFFLINE , " is_offline " } ,
{ SMB_VFS_OP_SET_OFFLINE , " set_offline " } ,
2004-04-29 16:11:59 +04:00
{ SMB_VFS_OP_LAST , NULL }
2009-02-10 23:14:39 +03:00
} ;
2004-04-29 16:11:59 +04:00
static int audit_syslog_facility ( vfs_handle_struct * handle )
{
2005-09-29 19:57:21 +04:00
static const struct enum_list enum_log_facilities [ ] = {
{ LOG_USER , " USER " } ,
{ LOG_LOCAL0 , " LOCAL0 " } ,
{ LOG_LOCAL1 , " LOCAL1 " } ,
{ LOG_LOCAL2 , " LOCAL2 " } ,
{ LOG_LOCAL3 , " LOCAL3 " } ,
{ LOG_LOCAL4 , " LOCAL4 " } ,
{ LOG_LOCAL5 , " LOCAL5 " } ,
{ LOG_LOCAL6 , " LOCAL6 " } ,
2011-05-24 19:19:52 +04:00
{ LOG_LOCAL7 , " LOCAL7 " } ,
{ - 1 , NULL }
2005-09-29 19:57:21 +04:00
} ;
int facility ;
facility = lp_parm_enum ( SNUM ( handle - > conn ) , " full_audit " , " facility " , enum_log_facilities , LOG_USER ) ;
return facility ;
2004-04-29 16:11:59 +04:00
}
static int audit_syslog_priority ( vfs_handle_struct * handle )
{
2005-09-29 19:57:21 +04:00
static const struct enum_list enum_log_priorities [ ] = {
{ LOG_EMERG , " EMERG " } ,
{ LOG_ALERT , " ALERT " } ,
{ LOG_CRIT , " CRIT " } ,
{ LOG_ERR , " ERR " } ,
{ LOG_WARNING , " WARNING " } ,
{ LOG_NOTICE , " NOTICE " } ,
{ LOG_INFO , " INFO " } ,
2011-05-24 19:19:52 +04:00
{ LOG_DEBUG , " DEBUG " } ,
{ - 1 , NULL }
2005-09-29 19:57:21 +04:00
} ;
int priority ;
2008-03-23 19:50:55 +03:00
priority = lp_parm_enum ( SNUM ( handle - > conn ) , " full_audit " , " priority " ,
enum_log_priorities , LOG_NOTICE ) ;
if ( priority = = - 1 ) {
priority = LOG_WARNING ;
}
2005-09-29 19:57:21 +04:00
return priority ;
2004-04-29 16:11:59 +04:00
}
2007-11-17 04:07:11 +03:00
static char * audit_prefix ( TALLOC_CTX * ctx , connection_struct * conn )
2004-04-29 16:11:59 +04:00
{
2007-11-17 04:07:11 +03:00
char * prefix = NULL ;
2009-01-05 15:32:53 +03:00
char * result ;
2004-04-29 16:11:59 +04:00
2007-11-17 04:07:11 +03:00
prefix = talloc_strdup ( ctx ,
lp_parm_const_string ( SNUM ( conn ) , " full_audit " ,
2004-04-29 16:11:59 +04:00
" prefix " , " %u|%I " ) ) ;
2007-11-17 04:07:11 +03:00
if ( ! prefix ) {
return NULL ;
}
2009-01-05 15:32:53 +03:00
result = talloc_sub_advanced ( ctx ,
2012-07-18 09:37:23 +04:00
lp_servicename ( talloc_tos ( ) , SNUM ( conn ) ) ,
2011-07-15 09:55:31 +04:00
conn - > session_info - > unix_info - > unix_name ,
2008-05-08 17:53:55 +04:00
conn - > connectpath ,
2011-07-15 08:59:14 +04:00
conn - > session_info - > unix_token - > gid ,
2011-07-15 09:55:31 +04:00
conn - > session_info - > unix_info - > sanitized_username ,
2011-07-18 06:58:25 +04:00
conn - > session_info - > info - > domain_name ,
2007-11-17 04:07:11 +03:00
prefix ) ;
2009-01-05 15:32:53 +03:00
TALLOC_FREE ( prefix ) ;
return result ;
2004-04-29 16:11:59 +04:00
}
2014-08-07 14:23:25 +04:00
static bool log_success ( struct vfs_full_audit_private_data * pd , vfs_op_type op )
2004-04-29 16:11:59 +04:00
{
2006-01-19 03:34:48 +03:00
if ( pd - > success_ops = = NULL ) {
2004-04-29 16:11:59 +04:00
return True ;
2006-01-19 03:34:48 +03:00
}
2004-04-29 16:11:59 +04:00
2006-01-19 03:34:48 +03:00
return bitmap_query ( pd - > success_ops , op ) ;
2004-04-29 16:11:59 +04:00
}
2014-08-07 14:23:25 +04:00
static bool log_failure ( struct vfs_full_audit_private_data * pd , vfs_op_type op )
2004-04-29 16:11:59 +04:00
{
2006-01-19 03:34:48 +03:00
if ( pd - > failure_ops = = NULL )
2004-04-29 16:11:59 +04:00
return True ;
2006-01-19 03:34:48 +03:00
return bitmap_query ( pd - > failure_ops , op ) ;
2004-04-29 16:11:59 +04:00
}
2010-03-28 16:26:53 +04:00
static struct bitmap * init_bitmap ( TALLOC_CTX * mem_ctx , const char * * ops )
2004-04-29 16:11:59 +04:00
{
2010-03-28 16:26:53 +04:00
struct bitmap * bm ;
2004-04-29 16:11:59 +04:00
2010-02-18 17:13:59 +03:00
if ( ops = = NULL ) {
2010-03-28 16:26:53 +04:00
return NULL ;
2010-02-18 17:13:59 +03:00
}
2004-04-29 16:11:59 +04:00
2010-03-28 16:26:53 +04:00
bm = bitmap_talloc ( mem_ctx , SMB_VFS_OP_LAST ) ;
if ( bm = = NULL ) {
2004-04-29 16:11:59 +04:00
DEBUG ( 0 , ( " Could not alloc bitmap -- "
" defaulting to logging everything \n " ) ) ;
2010-03-28 16:26:53 +04:00
return NULL ;
2004-04-29 16:11:59 +04:00
}
2010-02-18 17:13:59 +03:00
for ( ; * ops ! = NULL ; ops + = 1 ) {
2004-04-29 16:11:59 +04:00
int i ;
2010-02-18 17:13:59 +03:00
bool neg = false ;
const char * op ;
2004-04-29 16:11:59 +04:00
if ( strequal ( * ops , " all " ) ) {
2010-02-18 17:13:59 +03:00
for ( i = 0 ; i < SMB_VFS_OP_LAST ; i + + ) {
2010-03-28 16:26:53 +04:00
bitmap_set ( bm , i ) ;
2010-02-18 17:13:59 +03:00
}
continue ;
2004-04-29 16:11:59 +04:00
}
2006-01-19 03:34:48 +03:00
if ( strequal ( * ops , " none " ) ) {
break ;
}
2010-02-18 17:13:59 +03:00
op = ops [ 0 ] ;
if ( op [ 0 ] = = ' ! ' ) {
neg = true ;
op + = 1 ;
}
2004-04-29 16:11:59 +04:00
for ( i = 0 ; i < SMB_VFS_OP_LAST ; i + + ) {
2012-09-27 14:34:53 +04:00
if ( ( vfs_op_names [ i ] . name = = NULL )
| | ( vfs_op_names [ i ] . type ! = i ) ) {
2005-05-13 16:05:14 +04:00
smb_panic ( " vfs_full_audit.c: name table not "
2012-09-27 14:34:53 +04:00
" in sync with vfs_op_type enums \n " ) ;
2005-05-13 16:05:14 +04:00
}
2010-02-18 17:13:59 +03:00
if ( strequal ( op , vfs_op_names [ i ] . name ) ) {
if ( neg ) {
2010-03-28 16:26:53 +04:00
bitmap_clear ( bm , i ) ;
2010-02-18 17:13:59 +03:00
} else {
2010-03-28 16:26:53 +04:00
bitmap_set ( bm , i ) ;
2010-02-18 17:13:59 +03:00
}
break ;
2004-04-29 16:11:59 +04:00
}
}
2010-02-18 17:13:59 +03:00
if ( i = = SMB_VFS_OP_LAST ) {
2004-04-29 16:11:59 +04:00
DEBUG ( 0 , ( " Could not find opname %s, logging all \n " ,
* ops ) ) ;
2010-03-28 16:26:53 +04:00
TALLOC_FREE ( bm ) ;
return NULL ;
2004-04-29 16:11:59 +04:00
}
}
2010-03-28 16:26:53 +04:00
return bm ;
2004-04-29 16:11:59 +04:00
}
static const char * audit_opname ( vfs_op_type op )
{
if ( op > = SMB_VFS_OP_LAST )
return " INVALID VFS OP " ;
return vfs_op_names [ op ] . name ;
}
2009-07-01 10:08:02 +04:00
static TALLOC_CTX * tmp_do_log_ctx ;
/*
* Get us a temporary talloc context usable just for DEBUG arguments
*/
static TALLOC_CTX * do_log_ctx ( void )
{
if ( tmp_do_log_ctx = = NULL ) {
tmp_do_log_ctx = talloc_named_const ( NULL , 0 , " do_log_ctx " ) ;
}
return tmp_do_log_ctx ;
}
2007-10-19 04:40:25 +04:00
static void do_log ( vfs_op_type op , bool success , vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * format , . . . )
{
2014-08-07 14:23:25 +04:00
struct vfs_full_audit_private_data * pd ;
2004-04-29 16:11:59 +04:00
fstring err_msg ;
2007-11-17 04:07:11 +03:00
char * audit_pre = NULL ;
2004-04-29 16:11:59 +04:00
va_list ap ;
2007-11-17 04:07:11 +03:00
char * op_msg = NULL ;
2004-04-29 16:11:59 +04:00
2014-08-07 14:23:25 +04:00
SMB_VFS_HANDLE_GET_DATA ( handle , pd ,
struct vfs_full_audit_private_data ,
return ; ) ;
if ( success & & ( ! log_success ( pd , op ) ) )
2009-07-01 10:08:02 +04:00
goto out ;
2004-04-29 16:11:59 +04:00
2014-08-07 14:23:25 +04:00
if ( ! success & & ( ! log_failure ( pd , op ) ) )
2009-07-01 10:08:02 +04:00
goto out ;
2004-04-29 16:11:59 +04:00
if ( success )
fstrcpy ( err_msg , " ok " ) ;
else
fstr_sprintf ( err_msg , " fail (%s) " , strerror ( errno ) ) ;
va_start ( ap , format ) ;
2009-01-05 15:33:20 +03:00
op_msg = talloc_vasprintf ( talloc_tos ( ) , format , ap ) ;
2004-04-29 16:11:59 +04:00
va_end ( ap ) ;
2007-11-17 04:07:11 +03:00
if ( ! op_msg ) {
2009-07-01 10:08:02 +04:00
goto out ;
2007-11-17 04:07:11 +03:00
}
2009-01-05 15:33:20 +03:00
audit_pre = audit_prefix ( talloc_tos ( ) , handle - > conn ) ;
2007-11-17 04:07:11 +03:00
2014-08-07 14:44:01 +04:00
if ( pd - > do_syslog ) {
int priority ;
/*
* Specify the facility to interoperate with other syslog
* callers ( smbd for example ) .
*/
priority = pd - > syslog_priority | pd - > syslog_facility ;
syslog ( priority , " %s|%s|%s|%s \n " ,
audit_pre ? audit_pre : " " ,
audit_opname ( op ) , err_msg , op_msg ) ;
} else {
DEBUG ( 1 , ( " %s|%s|%s|%s \n " ,
audit_pre ? audit_pre : " " ,
audit_opname ( op ) , err_msg , op_msg ) ) ;
}
2009-07-01 10:08:02 +04:00
out :
2007-11-17 04:07:11 +03:00
TALLOC_FREE ( audit_pre ) ;
TALLOC_FREE ( op_msg ) ;
2009-07-01 10:08:02 +04:00
TALLOC_FREE ( tmp_do_log_ctx ) ;
2004-04-29 16:11:59 +04:00
}
2009-07-01 10:08:02 +04:00
/**
* Return a string using the do_log_ctx ( )
*/
static const char * smb_fname_str_do_log ( const struct smb_filename * smb_fname )
{
char * fname = NULL ;
NTSTATUS status ;
if ( smb_fname = = NULL ) {
return " " ;
}
status = get_full_smb_filename ( do_log_ctx ( ) , smb_fname , & fname ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return " " ;
}
return fname ;
}
2009-07-11 05:11:32 +04:00
/**
* Return an fsp debug string using the do_log_ctx ( )
*/
static const char * fsp_str_do_log ( const struct files_struct * fsp )
{
return smb_fname_str_do_log ( fsp - > fsp_name ) ;
}
2009-07-01 10:08:02 +04:00
2004-04-29 16:11:59 +04:00
/* Implementation of vfs_ops. Pass everything on to the default
operation but log event first . */
2006-07-11 22:01:26 +04:00
static int smb_full_audit_connect ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * svc , const char * user )
{
int result ;
2006-01-19 03:34:48 +03:00
struct vfs_full_audit_private_data * pd = NULL ;
2004-04-29 16:11:59 +04:00
2009-12-01 02:53:04 +03:00
result = SMB_VFS_NEXT_CONNECT ( handle , svc , user ) ;
if ( result < 0 ) {
return result ;
2006-03-13 21:42:57 +03:00
}
2011-06-07 05:44:43 +04:00
pd = talloc_zero ( handle , struct vfs_full_audit_private_data ) ;
2006-01-19 03:34:48 +03:00
if ( ! pd ) {
2009-12-01 02:53:04 +03:00
SMB_VFS_NEXT_DISCONNECT ( handle ) ;
2006-01-19 03:34:48 +03:00
return - 1 ;
}
2014-08-07 14:34:18 +04:00
pd - > syslog_facility = audit_syslog_facility ( handle ) ;
if ( pd - > syslog_facility = = - 1 ) {
DEBUG ( 1 , ( " %s: Unknown facility %s \n " , __func__ ,
lp_parm_const_string ( SNUM ( handle - > conn ) ,
" full_audit " , " facility " ,
" USER " ) ) ) ;
SMB_VFS_NEXT_DISCONNECT ( handle ) ;
return - 1 ;
}
2014-08-07 14:34:18 +04:00
pd - > syslog_priority = audit_syslog_priority ( handle ) ;
2014-08-07 14:53:33 +04:00
pd - > log_secdesc = lp_parm_bool ( SNUM ( handle - > conn ) ,
" full_audit " , " log_secdesc " , false ) ;
2014-08-07 14:44:01 +04:00
pd - > do_syslog = lp_parm_bool ( SNUM ( handle - > conn ) ,
" full_audit " , " syslog " , true ) ;
2011-05-25 23:28:39 +04:00
# ifdef WITH_SYSLOG
2014-08-07 14:44:01 +04:00
if ( pd - > do_syslog ) {
openlog ( " smbd_audit " , 0 , pd - > syslog_facility ) ;
}
2009-08-26 05:38:14 +04:00
# endif
2004-04-29 16:11:59 +04:00
2010-03-28 16:26:53 +04:00
pd - > success_ops = init_bitmap (
pd , lp_parm_string_list ( SNUM ( handle - > conn ) , " full_audit " ,
" success " , NULL ) ) ;
pd - > failure_ops = init_bitmap (
pd , lp_parm_string_list ( SNUM ( handle - > conn ) , " full_audit " ,
" failure " , NULL ) ) ;
2004-04-29 16:11:59 +04:00
2006-01-19 03:34:48 +03:00
/* Store the private data. */
2010-03-28 16:26:53 +04:00
SMB_VFS_HANDLE_SET_DATA ( handle , pd , NULL ,
2006-01-19 03:34:48 +03:00
struct vfs_full_audit_private_data , return - 1 ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_CONNECT , True , handle ,
" %s " , svc ) ;
2009-12-01 02:53:04 +03:00
return 0 ;
2004-04-29 16:11:59 +04:00
}
2006-07-11 22:01:26 +04:00
static void smb_full_audit_disconnect ( vfs_handle_struct * handle )
2004-04-29 16:11:59 +04:00
{
2006-07-11 22:01:26 +04:00
SMB_VFS_NEXT_DISCONNECT ( handle ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_DISCONNECT , True , handle ,
2012-07-18 09:37:23 +04:00
" %s " , lp_servicename ( talloc_tos ( ) , SNUM ( handle - > conn ) ) ) ;
2004-04-29 16:11:59 +04:00
2006-01-19 03:34:48 +03:00
/* The bitmaps will be disconnected when the private
data is deleted . */
2004-04-29 16:11:59 +04:00
}
2008-10-14 03:59:36 +04:00
static uint64_t smb_full_audit_disk_free ( vfs_handle_struct * handle ,
2015-02-16 21:26:24 +03:00
const char * path , uint64_t * bsize ,
2008-10-14 03:59:36 +04:00
uint64_t * dfree , uint64_t * dsize )
2004-04-29 16:11:59 +04:00
{
2008-10-14 03:59:36 +04:00
uint64_t result ;
2004-04-29 16:11:59 +04:00
2015-02-16 21:26:24 +03:00
result = SMB_VFS_NEXT_DISK_FREE ( handle , path , bsize , dfree , dsize ) ;
2004-04-29 16:11:59 +04:00
/* Don't have a reasonable notion of failure here */
do_log ( SMB_VFS_OP_DISK_FREE , True , handle , " %s " , path ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_get_quota ( struct vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
enum SMB_QUOTA_TYPE qtype , unid_t id ,
SMB_DISK_QUOTA * qt )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_GET_QUOTA ( handle , qtype , id , qt ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_GET_QUOTA , ( result > = 0 ) , handle , " " ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_set_quota ( struct vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
enum SMB_QUOTA_TYPE qtype , unid_t id ,
SMB_DISK_QUOTA * qt )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_SET_QUOTA ( handle , qtype , id , qt ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_SET_QUOTA , ( result > = 0 ) , handle , " " ) ;
return result ;
}
2005-03-16 03:40:28 +03:00
static int smb_full_audit_get_shadow_copy_data ( struct vfs_handle_struct * handle ,
struct files_struct * fsp ,
2011-05-30 14:06:31 +04:00
struct shadow_copy_data * shadow_copy_data ,
bool labels )
2005-03-16 03:40:28 +03:00
{
int result ;
result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA ( handle , fsp , shadow_copy_data , labels ) ;
do_log ( SMB_VFS_OP_GET_SHADOW_COPY_DATA , ( result > = 0 ) , handle , " " ) ;
return result ;
}
2005-10-20 21:33:17 +04:00
static int smb_full_audit_statvfs ( struct vfs_handle_struct * handle ,
const char * path ,
struct vfs_statvfs_struct * statbuf )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_STATVFS ( handle , path , statbuf ) ;
2005-10-20 21:33:17 +04:00
do_log ( SMB_VFS_OP_STATVFS , ( result > = 0 ) , handle , " " ) ;
return result ;
}
2009-08-25 07:57:37 +04:00
static uint32_t smb_full_audit_fs_capabilities ( struct vfs_handle_struct * handle , enum timestamp_set_resolution * p_ts_res )
2009-02-10 23:14:39 +03:00
{
int result ;
2009-08-25 07:57:37 +04:00
result = SMB_VFS_NEXT_FS_CAPABILITIES ( handle , p_ts_res ) ;
2009-02-10 23:14:39 +03:00
do_log ( SMB_VFS_OP_FS_CAPABILITIES , true , handle , " " ) ;
return result ;
}
2012-04-10 05:16:57 +04:00
static NTSTATUS smb_full_audit_snap_check_path ( struct vfs_handle_struct * handle ,
TALLOC_CTX * mem_ctx ,
const char * service_path ,
char * * base_volume )
{
NTSTATUS status ;
status = SMB_VFS_NEXT_SNAP_CHECK_PATH ( handle , mem_ctx , service_path ,
base_volume ) ;
do_log ( SMB_VFS_OP_SNAP_CHECK_PATH , NT_STATUS_IS_OK ( status ) ,
handle , " " ) ;
return status ;
}
static NTSTATUS smb_full_audit_snap_create ( struct vfs_handle_struct * handle ,
TALLOC_CTX * mem_ctx ,
const char * base_volume ,
time_t * tstamp ,
bool rw ,
char * * base_path ,
char * * snap_path )
{
NTSTATUS status ;
status = SMB_VFS_NEXT_SNAP_CREATE ( handle , mem_ctx , base_volume , tstamp ,
rw , base_path , snap_path ) ;
do_log ( SMB_VFS_OP_SNAP_CREATE , NT_STATUS_IS_OK ( status ) , handle , " " ) ;
return status ;
}
static NTSTATUS smb_full_audit_snap_delete ( struct vfs_handle_struct * handle ,
TALLOC_CTX * mem_ctx ,
char * base_path ,
char * snap_path )
{
NTSTATUS status ;
status = SMB_VFS_NEXT_SNAP_DELETE ( handle , mem_ctx , base_path ,
snap_path ) ;
do_log ( SMB_VFS_OP_SNAP_DELETE , NT_STATUS_IS_OK ( status ) , handle , " " ) ;
return status ;
}
2012-03-28 06:22:03 +04:00
static DIR * smb_full_audit_opendir ( vfs_handle_struct * handle ,
2005-06-25 07:03:44 +04:00
const char * fname , const char * mask , uint32 attr )
2004-04-29 16:11:59 +04:00
{
2012-03-28 06:22:03 +04:00
DIR * result ;
2004-04-29 16:11:59 +04:00
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_OPENDIR ( handle , fname , mask , attr ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_OPENDIR , ( result ! = NULL ) , handle , " %s " , fname ) ;
return result ;
}
2012-03-28 06:22:03 +04:00
static DIR * smb_full_audit_fdopendir ( vfs_handle_struct * handle ,
2011-02-09 02:07:48 +03:00
files_struct * fsp , const char * mask , uint32 attr )
{
2012-03-28 06:22:03 +04:00
DIR * result ;
2011-02-09 02:07:48 +03:00
result = SMB_VFS_NEXT_FDOPENDIR ( handle , fsp , mask , attr ) ;
do_log ( SMB_VFS_OP_FDOPENDIR , ( result ! = NULL ) , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
return result ;
}
2012-03-28 06:18:14 +04:00
static struct dirent * smb_full_audit_readdir ( vfs_handle_struct * handle ,
2012-03-28 06:22:03 +04:00
DIR * dirp , SMB_STRUCT_STAT * sbuf )
2004-04-29 16:11:59 +04:00
{
2012-03-28 06:18:14 +04:00
struct dirent * result ;
2004-04-29 16:11:59 +04:00
2009-01-23 07:14:38 +03:00
result = SMB_VFS_NEXT_READDIR ( handle , dirp , sbuf ) ;
2004-04-29 16:11:59 +04:00
/* This operation has no reasonable error condition
* ( End of dir is also failure ) , so always succeed .
*/
do_log ( SMB_VFS_OP_READDIR , True , handle , " " ) ;
return result ;
}
2006-07-11 22:01:26 +04:00
static void smb_full_audit_seekdir ( vfs_handle_struct * handle ,
2012-03-28 06:22:03 +04:00
DIR * dirp , long offset )
2004-11-11 02:02:48 +03:00
{
2006-07-11 22:01:26 +04:00
SMB_VFS_NEXT_SEEKDIR ( handle , dirp , offset ) ;
2004-11-11 02:02:48 +03:00
do_log ( SMB_VFS_OP_SEEKDIR , True , handle , " " ) ;
}
2006-07-11 22:01:26 +04:00
static long smb_full_audit_telldir ( vfs_handle_struct * handle ,
2012-03-28 06:22:03 +04:00
DIR * dirp )
2004-11-11 02:02:48 +03:00
{
long result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_TELLDIR ( handle , dirp ) ;
2004-11-11 02:02:48 +03:00
2005-09-15 15:02:03 +04:00
do_log ( SMB_VFS_OP_TELLDIR , True , handle , " " ) ;
2004-11-11 02:02:48 +03:00
return result ;
}
2006-07-11 22:01:26 +04:00
static void smb_full_audit_rewinddir ( vfs_handle_struct * handle ,
2012-03-28 06:22:03 +04:00
DIR * dirp )
2004-11-11 02:02:48 +03:00
{
2006-07-11 22:01:26 +04:00
SMB_VFS_NEXT_REWINDDIR ( handle , dirp ) ;
2004-11-11 02:02:48 +03:00
do_log ( SMB_VFS_OP_REWINDDIR , True , handle , " " ) ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_mkdir ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * path , mode_t mode )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_MKDIR ( handle , path , mode ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_MKDIR , ( result > = 0 ) , handle , " %s " , path ) ;
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_rmdir ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * path )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_RMDIR ( handle , path ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_RMDIR , ( result > = 0 ) , handle , " %s " , path ) ;
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_closedir ( vfs_handle_struct * handle ,
2012-03-28 06:22:03 +04:00
DIR * dirp )
2004-04-29 16:11:59 +04:00
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_CLOSEDIR ( handle , dirp ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_CLOSEDIR , ( result > = 0 ) , handle , " " ) ;
return result ;
}
2009-02-03 08:37:51 +03:00
static void smb_full_audit_init_search_op ( vfs_handle_struct * handle ,
2012-03-28 06:22:03 +04:00
DIR * dirp )
2009-02-03 08:37:51 +03:00
{
SMB_VFS_NEXT_INIT_SEARCH_OP ( handle , dirp ) ;
do_log ( SMB_VFS_OP_INIT_SEARCH_OP , True , handle , " " ) ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_open ( vfs_handle_struct * handle ,
2009-06-16 23:01:13 +04:00
struct smb_filename * smb_fname ,
files_struct * fsp , int flags , mode_t mode )
2004-04-29 16:11:59 +04:00
{
int result ;
2009-06-16 23:01:13 +04:00
result = SMB_VFS_NEXT_OPEN ( handle , smb_fname , fsp , flags , mode ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_OPEN , ( result > = 0 ) , handle , " %s|%s " ,
( ( flags & O_WRONLY ) | | ( flags & O_RDWR ) ) ? " w " : " r " ,
2009-07-01 10:08:02 +04:00
smb_fname_str_do_log ( smb_fname ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2008-11-24 01:37:37 +03:00
static NTSTATUS smb_full_audit_create_file ( vfs_handle_struct * handle ,
struct smb_request * req ,
uint16_t root_dir_fid ,
2009-06-12 23:54:11 +04:00
struct smb_filename * smb_fname ,
2008-11-24 01:37:37 +03:00
uint32_t access_mask ,
uint32_t share_access ,
uint32_t create_disposition ,
uint32_t create_options ,
uint32_t file_attributes ,
uint32_t oplock_request ,
2013-08-21 17:56:14 +04:00
struct smb2_lease * lease ,
2008-11-24 01:37:37 +03:00
uint64_t allocation_size ,
2010-03-06 02:10:30 +03:00
uint32_t private_flags ,
2008-11-24 01:37:37 +03:00
struct security_descriptor * sd ,
struct ea_list * ea_list ,
files_struct * * result_fsp ,
2014-11-26 16:12:51 +03:00
int * pinfo ,
const struct smb2_create_blobs * in_context_blobs ,
struct smb2_create_blobs * out_context_blobs )
2008-11-24 01:37:37 +03:00
{
NTSTATUS result ;
2009-08-26 05:38:07 +04:00
const char * str_create_disposition ;
switch ( create_disposition ) {
case FILE_SUPERSEDE :
str_create_disposition = " supersede " ;
break ;
case FILE_OVERWRITE_IF :
str_create_disposition = " overwrite_if " ;
break ;
case FILE_OPEN :
str_create_disposition = " open " ;
break ;
case FILE_OVERWRITE :
str_create_disposition = " overwrite " ;
break ;
case FILE_CREATE :
str_create_disposition = " create " ;
break ;
case FILE_OPEN_IF :
str_create_disposition = " open_if " ;
break ;
default :
str_create_disposition = " unknown " ;
}
2008-11-24 01:37:37 +03:00
result = SMB_VFS_NEXT_CREATE_FILE (
handle , /* handle */
req , /* req */
root_dir_fid , /* root_dir_fid */
2009-06-12 23:54:11 +04:00
smb_fname , /* fname */
2008-11-24 01:37:37 +03:00
access_mask , /* access_mask */
share_access , /* share_access */
create_disposition , /* create_disposition*/
create_options , /* create_options */
file_attributes , /* file_attributes */
oplock_request , /* oplock_request */
2013-08-21 17:56:14 +04:00
lease , /* lease */
2008-11-24 01:37:37 +03:00
allocation_size , /* allocation_size */
2010-03-06 02:10:30 +03:00
private_flags ,
2008-11-24 01:37:37 +03:00
sd , /* sd */
ea_list , /* ea_list */
result_fsp , /* result */
2014-11-26 16:12:51 +03:00
pinfo , /* pinfo */
in_context_blobs , out_context_blobs ) ; /* create context */
2008-11-24 01:37:37 +03:00
2009-08-26 05:38:07 +04:00
do_log ( SMB_VFS_OP_CREATE_FILE , ( NT_STATUS_IS_OK ( result ) ) , handle ,
" 0x%x|%s|%s|%s " , access_mask ,
create_options & FILE_DIRECTORY_FILE ? " dir " : " file " ,
str_create_disposition , smb_fname_str_do_log ( smb_fname ) ) ;
2008-11-24 01:37:37 +03:00
return result ;
}
2008-01-11 16:19:28 +03:00
static int smb_full_audit_close ( vfs_handle_struct * handle , files_struct * fsp )
2004-04-29 16:11:59 +04:00
{
int result ;
2008-01-11 16:19:28 +03:00
result = SMB_VFS_NEXT_CLOSE ( handle , fsp ) ;
2004-04-29 16:11:59 +04:00
2009-07-11 05:11:32 +04:00
do_log ( SMB_VFS_OP_CLOSE , ( result > = 0 ) , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2004-08-31 19:11:41 +04:00
static ssize_t smb_full_audit_read ( vfs_handle_struct * handle , files_struct * fsp ,
2008-01-10 17:33:51 +03:00
void * data , size_t n )
2004-04-29 16:11:59 +04:00
{
ssize_t result ;
2008-01-10 17:33:51 +03:00
result = SMB_VFS_NEXT_READ ( handle , fsp , data , n ) ;
2004-04-29 16:11:59 +04:00
2009-07-11 05:11:32 +04:00
do_log ( SMB_VFS_OP_READ , ( result > = 0 ) , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2004-08-31 19:11:41 +04:00
static ssize_t smb_full_audit_pread ( vfs_handle_struct * handle , files_struct * fsp ,
2012-04-05 08:53:08 +04:00
void * data , size_t n , off_t offset )
2004-04-29 16:11:59 +04:00
{
ssize_t result ;
2008-01-07 02:14:19 +03:00
result = SMB_VFS_NEXT_PREAD ( handle , fsp , data , n , offset ) ;
2004-04-29 16:11:59 +04:00
2009-07-11 05:11:32 +04:00
do_log ( SMB_VFS_OP_PREAD , ( result > = 0 ) , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2012-07-09 19:17:25 +04:00
struct smb_full_audit_pread_state {
vfs_handle_struct * handle ;
files_struct * fsp ;
ssize_t ret ;
int err ;
} ;
static void smb_full_audit_pread_done ( struct tevent_req * subreq ) ;
static struct tevent_req * smb_full_audit_pread_send (
struct vfs_handle_struct * handle , TALLOC_CTX * mem_ctx ,
struct tevent_context * ev , struct files_struct * fsp ,
void * data , size_t n , off_t offset )
{
struct tevent_req * req , * subreq ;
struct smb_full_audit_pread_state * state ;
req = tevent_req_create ( mem_ctx , & state ,
struct smb_full_audit_pread_state ) ;
if ( req = = NULL ) {
do_log ( SMB_VFS_OP_PREAD_SEND , false , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
return NULL ;
}
state - > handle = handle ;
state - > fsp = fsp ;
subreq = SMB_VFS_NEXT_PREAD_SEND ( state , ev , handle , fsp , data ,
n , offset ) ;
if ( tevent_req_nomem ( subreq , req ) ) {
do_log ( SMB_VFS_OP_PREAD_SEND , false , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
return tevent_req_post ( req , ev ) ;
}
tevent_req_set_callback ( subreq , smb_full_audit_pread_done , req ) ;
do_log ( SMB_VFS_OP_PREAD_SEND , true , handle , " %s " , fsp_str_do_log ( fsp ) ) ;
return req ;
}
static void smb_full_audit_pread_done ( struct tevent_req * subreq )
{
struct tevent_req * req = tevent_req_callback_data (
subreq , struct tevent_req ) ;
struct smb_full_audit_pread_state * state = tevent_req_data (
req , struct smb_full_audit_pread_state ) ;
state - > ret = SMB_VFS_PREAD_RECV ( subreq , & state - > err ) ;
TALLOC_FREE ( subreq ) ;
tevent_req_done ( req ) ;
}
static ssize_t smb_full_audit_pread_recv ( struct tevent_req * req , int * err )
{
struct smb_full_audit_pread_state * state = tevent_req_data (
req , struct smb_full_audit_pread_state ) ;
if ( tevent_req_is_unix_error ( req , err ) ) {
do_log ( SMB_VFS_OP_PREAD_RECV , false , state - > handle , " %s " ,
fsp_str_do_log ( state - > fsp ) ) ;
return - 1 ;
}
do_log ( SMB_VFS_OP_PREAD_RECV , ( state - > ret > = 0 ) , state - > handle , " %s " ,
fsp_str_do_log ( state - > fsp ) ) ;
* err = state - > err ;
return state - > ret ;
}
2004-08-31 19:11:41 +04:00
static ssize_t smb_full_audit_write ( vfs_handle_struct * handle , files_struct * fsp ,
2008-01-10 17:49:35 +03:00
const void * data , size_t n )
2004-04-29 16:11:59 +04:00
{
ssize_t result ;
2008-01-10 17:49:35 +03:00
result = SMB_VFS_NEXT_WRITE ( handle , fsp , data , n ) ;
2004-04-29 16:11:59 +04:00
2009-07-11 05:11:32 +04:00
do_log ( SMB_VFS_OP_WRITE , ( result > = 0 ) , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2004-08-31 19:11:41 +04:00
static ssize_t smb_full_audit_pwrite ( vfs_handle_struct * handle , files_struct * fsp ,
2008-01-07 11:23:04 +03:00
const void * data , size_t n ,
2012-04-05 08:53:08 +04:00
off_t offset )
2004-04-29 16:11:59 +04:00
{
ssize_t result ;
2008-01-07 11:23:04 +03:00
result = SMB_VFS_NEXT_PWRITE ( handle , fsp , data , n , offset ) ;
2004-04-29 16:11:59 +04:00
2009-07-11 05:11:32 +04:00
do_log ( SMB_VFS_OP_PWRITE , ( result > = 0 ) , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2012-07-09 19:17:25 +04:00
struct smb_full_audit_pwrite_state {
vfs_handle_struct * handle ;
files_struct * fsp ;
ssize_t ret ;
int err ;
} ;
static void smb_full_audit_pwrite_done ( struct tevent_req * subreq ) ;
static struct tevent_req * smb_full_audit_pwrite_send (
struct vfs_handle_struct * handle , TALLOC_CTX * mem_ctx ,
struct tevent_context * ev , struct files_struct * fsp ,
const void * data , size_t n , off_t offset )
{
struct tevent_req * req , * subreq ;
struct smb_full_audit_pwrite_state * state ;
req = tevent_req_create ( mem_ctx , & state ,
struct smb_full_audit_pwrite_state ) ;
if ( req = = NULL ) {
do_log ( SMB_VFS_OP_PWRITE_SEND , false , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
return NULL ;
}
state - > handle = handle ;
state - > fsp = fsp ;
subreq = SMB_VFS_NEXT_PWRITE_SEND ( state , ev , handle , fsp , data ,
n , offset ) ;
if ( tevent_req_nomem ( subreq , req ) ) {
do_log ( SMB_VFS_OP_PWRITE_SEND , false , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
return tevent_req_post ( req , ev ) ;
}
tevent_req_set_callback ( subreq , smb_full_audit_pwrite_done , req ) ;
do_log ( SMB_VFS_OP_PWRITE_SEND , true , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
return req ;
}
static void smb_full_audit_pwrite_done ( struct tevent_req * subreq )
{
struct tevent_req * req = tevent_req_callback_data (
subreq , struct tevent_req ) ;
struct smb_full_audit_pwrite_state * state = tevent_req_data (
req , struct smb_full_audit_pwrite_state ) ;
state - > ret = SMB_VFS_PWRITE_RECV ( subreq , & state - > err ) ;
TALLOC_FREE ( subreq ) ;
tevent_req_done ( req ) ;
}
static ssize_t smb_full_audit_pwrite_recv ( struct tevent_req * req , int * err )
{
struct smb_full_audit_pwrite_state * state = tevent_req_data (
req , struct smb_full_audit_pwrite_state ) ;
if ( tevent_req_is_unix_error ( req , err ) ) {
do_log ( SMB_VFS_OP_PWRITE_RECV , false , state - > handle , " %s " ,
fsp_str_do_log ( state - > fsp ) ) ;
return - 1 ;
}
do_log ( SMB_VFS_OP_PWRITE_RECV , ( state - > ret > = 0 ) , state - > handle , " %s " ,
fsp_str_do_log ( state - > fsp ) ) ;
* err = state - > err ;
return state - > ret ;
}
2012-04-05 08:53:08 +04:00
static off_t smb_full_audit_lseek ( vfs_handle_struct * handle , files_struct * fsp ,
off_t offset , int whence )
2004-04-29 16:11:59 +04:00
{
ssize_t result ;
2008-01-07 12:15:08 +03:00
result = SMB_VFS_NEXT_LSEEK ( handle , fsp , offset , whence ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_LSEEK , ( result ! = ( ssize_t ) - 1 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s " , fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2004-08-31 19:11:41 +04:00
static ssize_t smb_full_audit_sendfile ( vfs_handle_struct * handle , int tofd ,
2008-01-11 02:51:19 +03:00
files_struct * fromfsp ,
2012-04-05 08:53:08 +04:00
const DATA_BLOB * hdr , off_t offset ,
2004-04-29 16:11:59 +04:00
size_t n )
{
ssize_t result ;
2008-01-11 02:51:19 +03:00
result = SMB_VFS_NEXT_SENDFILE ( handle , tofd , fromfsp , hdr , offset , n ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_SENDFILE , ( result > = 0 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s " , fsp_str_do_log ( fromfsp ) ) ;
2007-10-30 03:16:13 +03:00
return result ;
}
static ssize_t smb_full_audit_recvfile ( vfs_handle_struct * handle , int fromfd ,
2008-01-11 03:26:54 +03:00
files_struct * tofsp ,
2012-04-05 08:53:08 +04:00
off_t offset ,
2007-10-30 03:16:13 +03:00
size_t n )
{
ssize_t result ;
2008-01-11 03:26:54 +03:00
result = SMB_VFS_NEXT_RECVFILE ( handle , fromfd , tofsp , offset , n ) ;
2007-10-30 03:16:13 +03:00
do_log ( SMB_VFS_OP_RECVFILE , ( result > = 0 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s " , fsp_str_do_log ( tofsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_rename ( vfs_handle_struct * handle ,
2009-07-01 04:04:38 +04:00
const struct smb_filename * smb_fname_src ,
const struct smb_filename * smb_fname_dst )
2004-04-29 16:11:59 +04:00
{
int result ;
2009-07-01 04:04:38 +04:00
result = SMB_VFS_NEXT_RENAME ( handle , smb_fname_src , smb_fname_dst ) ;
2004-04-29 16:11:59 +04:00
2009-07-01 04:04:38 +04:00
do_log ( SMB_VFS_OP_RENAME , ( result > = 0 ) , handle , " %s|%s " ,
2009-07-01 10:08:02 +04:00
smb_fname_str_do_log ( smb_fname_src ) ,
smb_fname_str_do_log ( smb_fname_dst ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2008-01-07 14:49:02 +03:00
static int smb_full_audit_fsync ( vfs_handle_struct * handle , files_struct * fsp )
2004-04-29 16:11:59 +04:00
{
int result ;
2008-01-07 14:49:02 +03:00
result = SMB_VFS_NEXT_FSYNC ( handle , fsp ) ;
2004-04-29 16:11:59 +04:00
2009-07-11 05:11:32 +04:00
do_log ( SMB_VFS_OP_FSYNC , ( result > = 0 ) , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2012-07-13 12:22:25 +04:00
struct smb_full_audit_fsync_state {
vfs_handle_struct * handle ;
files_struct * fsp ;
int ret ;
int err ;
} ;
static void smb_full_audit_fsync_done ( struct tevent_req * subreq ) ;
static struct tevent_req * smb_full_audit_fsync_send (
struct vfs_handle_struct * handle , TALLOC_CTX * mem_ctx ,
struct tevent_context * ev , struct files_struct * fsp )
{
struct tevent_req * req , * subreq ;
struct smb_full_audit_fsync_state * state ;
req = tevent_req_create ( mem_ctx , & state ,
struct smb_full_audit_fsync_state ) ;
if ( req = = NULL ) {
do_log ( SMB_VFS_OP_FSYNC_SEND , false , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
return NULL ;
}
state - > handle = handle ;
state - > fsp = fsp ;
subreq = SMB_VFS_NEXT_FSYNC_SEND ( state , ev , handle , fsp ) ;
if ( tevent_req_nomem ( subreq , req ) ) {
do_log ( SMB_VFS_OP_FSYNC_SEND , false , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
return tevent_req_post ( req , ev ) ;
}
tevent_req_set_callback ( subreq , smb_full_audit_fsync_done , req ) ;
do_log ( SMB_VFS_OP_FSYNC_SEND , true , handle , " %s " , fsp_str_do_log ( fsp ) ) ;
return req ;
}
static void smb_full_audit_fsync_done ( struct tevent_req * subreq )
{
struct tevent_req * req = tevent_req_callback_data (
subreq , struct tevent_req ) ;
struct smb_full_audit_fsync_state * state = tevent_req_data (
req , struct smb_full_audit_fsync_state ) ;
state - > ret = SMB_VFS_FSYNC_RECV ( subreq , & state - > err ) ;
TALLOC_FREE ( subreq ) ;
tevent_req_done ( req ) ;
}
static int smb_full_audit_fsync_recv ( struct tevent_req * req , int * err )
{
struct smb_full_audit_fsync_state * state = tevent_req_data (
req , struct smb_full_audit_fsync_state ) ;
if ( tevent_req_is_unix_error ( req , err ) ) {
do_log ( SMB_VFS_OP_FSYNC_RECV , false , state - > handle , " %s " ,
fsp_str_do_log ( state - > fsp ) ) ;
return - 1 ;
}
do_log ( SMB_VFS_OP_FSYNC_RECV , ( state - > ret > = 0 ) , state - > handle , " %s " ,
fsp_str_do_log ( state - > fsp ) ) ;
* err = state - > err ;
return state - > ret ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_stat ( vfs_handle_struct * handle ,
2009-06-23 02:26:56 +04:00
struct smb_filename * smb_fname )
2004-04-29 16:11:59 +04:00
{
int result ;
2009-06-23 02:26:56 +04:00
result = SMB_VFS_NEXT_STAT ( handle , smb_fname ) ;
2004-04-29 16:11:59 +04:00
2009-06-23 02:26:56 +04:00
do_log ( SMB_VFS_OP_STAT , ( result > = 0 ) , handle , " %s " ,
2009-07-01 10:08:02 +04:00
smb_fname_str_do_log ( smb_fname ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2008-01-07 15:21:26 +03:00
static int smb_full_audit_fstat ( vfs_handle_struct * handle , files_struct * fsp ,
2004-04-29 16:11:59 +04:00
SMB_STRUCT_STAT * sbuf )
{
int result ;
2008-01-07 15:21:26 +03:00
result = SMB_VFS_NEXT_FSTAT ( handle , fsp , sbuf ) ;
2004-04-29 16:11:59 +04:00
2009-07-11 05:11:32 +04:00
do_log ( SMB_VFS_OP_FSTAT , ( result > = 0 ) , handle , " %s " ,
fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_lstat ( vfs_handle_struct * handle ,
2009-06-23 02:26:56 +04:00
struct smb_filename * smb_fname )
2004-04-29 16:11:59 +04:00
{
int result ;
2009-06-23 02:26:56 +04:00
result = SMB_VFS_NEXT_LSTAT ( handle , smb_fname ) ;
2004-04-29 16:11:59 +04:00
2009-06-23 02:26:56 +04:00
do_log ( SMB_VFS_OP_LSTAT , ( result > = 0 ) , handle , " %s " ,
2009-07-01 10:08:02 +04:00
smb_fname_str_do_log ( smb_fname ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2009-07-19 04:32:44 +04:00
static uint64_t smb_full_audit_get_alloc_size ( vfs_handle_struct * handle ,
2009-01-27 02:39:40 +03:00
files_struct * fsp , const SMB_STRUCT_STAT * sbuf )
{
2010-04-06 00:50:59 +04:00
uint64_t result ;
2009-01-27 02:39:40 +03:00
result = SMB_VFS_NEXT_GET_ALLOC_SIZE ( handle , fsp , sbuf ) ;
2010-04-06 00:50:59 +04:00
do_log ( SMB_VFS_OP_GET_ALLOC_SIZE , ( result ! = ( uint64_t ) - 1 ) , handle ,
" %llu " , result ) ;
2009-01-27 02:39:40 +03:00
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_unlink ( vfs_handle_struct * handle ,
2009-07-02 20:27:44 +04:00
const struct smb_filename * smb_fname )
2004-04-29 16:11:59 +04:00
{
int result ;
2009-07-02 20:27:44 +04:00
result = SMB_VFS_NEXT_UNLINK ( handle , smb_fname ) ;
2004-04-29 16:11:59 +04:00
2009-07-02 20:27:44 +04:00
do_log ( SMB_VFS_OP_UNLINK , ( result > = 0 ) , handle , " %s " ,
smb_fname_str_do_log ( smb_fname ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_chmod ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * path , mode_t mode )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_CHMOD ( handle , path , mode ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_CHMOD , ( result > = 0 ) , handle , " %s|%o " , path , mode ) ;
return result ;
}
2008-01-07 15:44:37 +03:00
static int smb_full_audit_fchmod ( vfs_handle_struct * handle , files_struct * fsp ,
2004-04-29 16:11:59 +04:00
mode_t mode )
{
int result ;
2008-01-07 15:44:37 +03:00
result = SMB_VFS_NEXT_FCHMOD ( handle , fsp , mode ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_FCHMOD , ( result > = 0 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s|%o " , fsp_str_do_log ( fsp ) , mode ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_chown ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * path , uid_t uid , gid_t gid )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_CHOWN ( handle , path , uid , gid ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_CHOWN , ( result > = 0 ) , handle , " %s|%ld|%ld " ,
path , ( long int ) uid , ( long int ) gid ) ;
return result ;
}
2008-01-07 16:26:00 +03:00
static int smb_full_audit_fchown ( vfs_handle_struct * handle , files_struct * fsp ,
2004-04-29 16:11:59 +04:00
uid_t uid , gid_t gid )
{
int result ;
2008-01-07 16:26:00 +03:00
result = SMB_VFS_NEXT_FCHOWN ( handle , fsp , uid , gid ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_FCHOWN , ( result > = 0 ) , handle , " %s|%ld|%ld " ,
2009-07-11 05:11:32 +04:00
fsp_str_do_log ( fsp ) , ( long int ) uid , ( long int ) gid ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2007-05-24 03:55:12 +04:00
static int smb_full_audit_lchown ( vfs_handle_struct * handle ,
const char * path , uid_t uid , gid_t gid )
{
int result ;
result = SMB_VFS_NEXT_LCHOWN ( handle , path , uid , gid ) ;
do_log ( SMB_VFS_OP_LCHOWN , ( result > = 0 ) , handle , " %s|%ld|%ld " ,
path , ( long int ) uid , ( long int ) gid ) ;
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_chdir ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * path )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_CHDIR ( handle , path ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_CHDIR , ( result > = 0 ) , handle , " chdir|%s " , path ) ;
return result ;
}
2011-06-01 03:36:06 +04:00
static char * smb_full_audit_getwd ( vfs_handle_struct * handle )
2004-04-29 16:11:59 +04:00
{
char * result ;
2011-06-01 03:36:06 +04:00
result = SMB_VFS_NEXT_GETWD ( handle ) ;
2004-04-29 16:11:59 +04:00
2011-06-01 03:36:06 +04:00
do_log ( SMB_VFS_OP_GETWD , ( result ! = NULL ) , handle , " %s " ,
result = = NULL ? " " : result ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2007-03-06 02:40:03 +03:00
static int smb_full_audit_ntimes ( vfs_handle_struct * handle ,
2009-07-03 00:39:20 +04:00
const struct smb_filename * smb_fname ,
struct smb_file_time * ft )
2004-04-29 16:11:59 +04:00
{
int result ;
2009-07-03 00:39:20 +04:00
result = SMB_VFS_NEXT_NTIMES ( handle , smb_fname , ft ) ;
2004-04-29 16:11:59 +04:00
2009-07-03 00:39:20 +04:00
do_log ( SMB_VFS_OP_NTIMES , ( result > = 0 ) , handle , " %s " ,
smb_fname_str_do_log ( smb_fname ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_ftruncate ( vfs_handle_struct * handle , files_struct * fsp ,
2012-04-05 08:53:08 +04:00
off_t len )
2004-04-29 16:11:59 +04:00
{
int result ;
2008-01-07 17:55:09 +03:00
result = SMB_VFS_NEXT_FTRUNCATE ( handle , fsp , len ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_FTRUNCATE , ( result > = 0 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s " , fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2010-12-18 10:08:01 +03:00
static int smb_full_audit_fallocate ( vfs_handle_struct * handle , files_struct * fsp ,
2015-02-09 20:21:59 +03:00
uint32_t mode ,
2012-04-05 08:53:08 +04:00
off_t offset ,
off_t len )
2010-12-03 03:25:59 +03:00
{
int result ;
2010-12-18 10:08:01 +03:00
result = SMB_VFS_NEXT_FALLOCATE ( handle , fsp , mode , offset , len ) ;
2010-12-03 03:25:59 +03:00
2010-12-18 10:08:01 +03:00
do_log ( SMB_VFS_OP_FALLOCATE , ( result > = 0 ) , handle ,
2010-12-03 03:25:59 +03:00
" %s " , fsp_str_do_log ( fsp ) ) ;
return result ;
}
2008-01-07 18:38:23 +03:00
static bool smb_full_audit_lock ( vfs_handle_struct * handle , files_struct * fsp ,
2012-04-05 08:53:08 +04:00
int op , off_t offset , off_t count , int type )
2004-04-29 16:11:59 +04:00
{
2007-10-19 04:40:25 +04:00
bool result ;
2004-04-29 16:11:59 +04:00
2008-01-07 18:38:23 +03:00
result = SMB_VFS_NEXT_LOCK ( handle , fsp , op , offset , count , type ) ;
2004-04-29 16:11:59 +04:00
2009-07-11 05:11:32 +04:00
do_log ( SMB_VFS_OP_LOCK , result , handle , " %s " , fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2006-12-06 13:21:20 +03:00
static int smb_full_audit_kernel_flock ( struct vfs_handle_struct * handle ,
2008-01-07 19:14:20 +03:00
struct files_struct * fsp ,
2009-10-06 19:14:56 +04:00
uint32 share_mode , uint32 access_mask )
2006-12-06 13:21:20 +03:00
{
int result ;
2009-10-06 19:14:56 +04:00
result = SMB_VFS_NEXT_KERNEL_FLOCK ( handle , fsp , share_mode , access_mask ) ;
2006-12-06 13:21:20 +03:00
do_log ( SMB_VFS_OP_KERNEL_FLOCK , ( result > = 0 ) , handle , " %s " ,
2009-07-11 05:11:32 +04:00
fsp_str_do_log ( fsp ) ) ;
2006-12-06 13:21:20 +03:00
return result ;
}
2007-02-14 05:37:14 +03:00
static int smb_full_audit_linux_setlease ( vfs_handle_struct * handle , files_struct * fsp ,
2008-01-07 23:47:53 +03:00
int leasetype )
2007-02-14 05:37:14 +03:00
{
int result ;
2008-01-07 23:47:53 +03:00
result = SMB_VFS_NEXT_LINUX_SETLEASE ( handle , fsp , leasetype ) ;
2007-02-14 05:37:14 +03:00
do_log ( SMB_VFS_OP_LINUX_SETLEASE , ( result > = 0 ) , handle , " %s " ,
2009-07-11 05:11:32 +04:00
fsp_str_do_log ( fsp ) ) ;
2007-02-14 05:37:14 +03:00
return result ;
}
2008-01-08 00:18:50 +03:00
static bool smb_full_audit_getlock ( vfs_handle_struct * handle , files_struct * fsp ,
2012-04-05 08:53:08 +04:00
off_t * poffset , off_t * pcount , int * ptype , pid_t * ppid )
2006-04-10 19:33:04 +04:00
{
2007-10-19 04:40:25 +04:00
bool result ;
2006-04-10 19:33:04 +04:00
2008-01-08 00:18:50 +03:00
result = SMB_VFS_NEXT_GETLOCK ( handle , fsp , poffset , pcount , ptype , ppid ) ;
2006-04-10 19:33:04 +04:00
2009-07-11 05:11:32 +04:00
do_log ( SMB_VFS_OP_GETLOCK , result , handle , " %s " , fsp_str_do_log ( fsp ) ) ;
2006-04-10 19:33:04 +04:00
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_symlink ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * oldpath , const char * newpath )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_SYMLINK ( handle , oldpath , newpath ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_SYMLINK , ( result > = 0 ) , handle ,
" %s|%s " , oldpath , newpath ) ;
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_readlink ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * path , char * buf , size_t bufsiz )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_READLINK ( handle , path , buf , bufsiz ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_READLINK , ( result > = 0 ) , handle , " %s " , path ) ;
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_link ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * oldpath , const char * newpath )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_LINK ( handle , oldpath , newpath ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_LINK , ( result > = 0 ) , handle ,
" %s|%s " , oldpath , newpath ) ;
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_mknod ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * pathname , mode_t mode , SMB_DEV_T dev )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_MKNOD ( handle , pathname , mode , dev ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_MKNOD , ( result > = 0 ) , handle , " %s " , pathname ) ;
return result ;
}
2006-07-11 22:01:26 +04:00
static char * smb_full_audit_realpath ( vfs_handle_struct * handle ,
2010-11-20 03:29:26 +03:00
const char * path )
2004-04-29 16:11:59 +04:00
{
char * result ;
2010-11-20 03:29:26 +03:00
result = SMB_VFS_NEXT_REALPATH ( handle , path ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_REALPATH , ( result ! = NULL ) , handle , " %s " , path ) ;
return result ;
}
2007-03-19 20:02:15 +03:00
static NTSTATUS smb_full_audit_notify_watch ( struct vfs_handle_struct * handle ,
struct sys_notify_context * ctx ,
2012-03-20 00:57:50 +04:00
const char * path ,
2012-03-26 14:46:11 +04:00
uint32_t * filter ,
uint32_t * subdir_filter ,
2007-03-19 20:02:15 +03:00
void ( * callback ) ( struct sys_notify_context * ctx ,
void * private_data ,
struct notify_event * ev ) ,
void * private_data , void * handle_p )
{
NTSTATUS result ;
2012-03-26 14:46:11 +04:00
result = SMB_VFS_NEXT_NOTIFY_WATCH ( handle , ctx , path ,
filter , subdir_filter , callback ,
2012-03-20 00:57:50 +04:00
private_data , handle_p ) ;
2007-03-19 20:02:15 +03:00
do_log ( SMB_VFS_OP_NOTIFY_WATCH , NT_STATUS_IS_OK ( result ) , handle , " " ) ;
return result ;
}
2007-03-08 04:40:49 +03:00
static int smb_full_audit_chflags ( vfs_handle_struct * handle ,
2007-09-28 05:32:08 +04:00
const char * path , unsigned int flags )
2007-03-08 04:40:49 +03:00
{
int result ;
result = SMB_VFS_NEXT_CHFLAGS ( handle , path , flags ) ;
do_log ( SMB_VFS_OP_CHFLAGS , ( result ! = 0 ) , handle , " %s " , path ) ;
return result ;
}
2007-08-02 13:19:04 +04:00
static struct file_id smb_full_audit_file_id_create ( struct vfs_handle_struct * handle ,
2009-02-16 10:38:53 +03:00
const SMB_STRUCT_STAT * sbuf )
2007-08-02 13:19:04 +04:00
{
struct file_id id_zero ;
struct file_id result ;
ZERO_STRUCT ( id_zero ) ;
2009-02-16 10:38:53 +03:00
result = SMB_VFS_NEXT_FILE_ID_CREATE ( handle , sbuf ) ;
2007-08-02 13:19:04 +04:00
do_log ( SMB_VFS_OP_FILE_ID_CREATE ,
! file_id_equal ( & id_zero , & result ) ,
2007-09-10 14:56:07 +04:00
handle , " %s " , file_id_string_tos ( & result ) ) ;
2007-08-02 13:19:04 +04:00
return result ;
}
2008-06-07 11:04:03 +04:00
static NTSTATUS smb_full_audit_streaminfo ( vfs_handle_struct * handle ,
struct files_struct * fsp ,
const char * fname ,
TALLOC_CTX * mem_ctx ,
unsigned int * pnum_streams ,
struct stream_struct * * pstreams )
{
NTSTATUS result ;
result = SMB_VFS_NEXT_STREAMINFO ( handle , fsp , fname , mem_ctx ,
pnum_streams , pstreams ) ;
do_log ( SMB_VFS_OP_STREAMINFO , NT_STATUS_IS_OK ( result ) , handle ,
" %s " , fname ) ;
return result ;
}
2009-01-05 14:58:23 +03:00
static int smb_full_audit_get_real_filename ( struct vfs_handle_struct * handle ,
const char * path ,
const char * name ,
TALLOC_CTX * mem_ctx ,
char * * found_name )
{
int result ;
result = SMB_VFS_NEXT_GET_REAL_FILENAME ( handle , path , name , mem_ctx ,
found_name ) ;
do_log ( SMB_VFS_OP_GET_REAL_FILENAME , ( result = = 0 ) , handle ,
" %s/%s->%s " , path , name , ( result = = 0 ) ? " " : * found_name ) ;
return result ;
}
2009-05-28 21:20:14 +04:00
static const char * smb_full_audit_connectpath ( vfs_handle_struct * handle ,
const char * fname )
{
const char * result ;
result = SMB_VFS_NEXT_CONNECTPATH ( handle , fname ) ;
do_log ( SMB_VFS_OP_CONNECTPATH , result ! = NULL , handle ,
" %s " , fname ) ;
return result ;
}
2009-02-10 08:51:29 +03:00
static NTSTATUS smb_full_audit_brl_lock_windows ( struct vfs_handle_struct * handle ,
struct byte_range_lock * br_lck ,
struct lock_struct * plock ,
2014-07-03 17:51:45 +04:00
bool blocking_lock )
2009-02-10 08:51:29 +03:00
{
NTSTATUS result ;
result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS ( handle , br_lck , plock ,
2014-07-03 17:51:45 +04:00
blocking_lock ) ;
2009-02-10 08:51:29 +03:00
do_log ( SMB_VFS_OP_BRL_LOCK_WINDOWS , NT_STATUS_IS_OK ( result ) , handle ,
2013-09-10 21:41:32 +04:00
" %s:%llu-%llu. type=%d. blocking=%d " ,
fsp_str_do_log ( brl_fsp ( br_lck ) ) ,
2012-09-20 10:20:57 +04:00
plock - > start , plock - > size , plock - > lock_type , blocking_lock ) ;
2009-02-10 08:51:29 +03:00
return result ;
}
static bool smb_full_audit_brl_unlock_windows ( struct vfs_handle_struct * handle ,
struct messaging_context * msg_ctx ,
struct byte_range_lock * br_lck ,
const struct lock_struct * plock )
{
bool result ;
result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS ( handle , msg_ctx , br_lck ,
plock ) ;
do_log ( SMB_VFS_OP_BRL_UNLOCK_WINDOWS , ( result = = 0 ) , handle ,
2013-09-10 21:41:32 +04:00
" %s:%llu-%llu:%d " , fsp_str_do_log ( brl_fsp ( br_lck ) ) ,
plock - > start ,
2009-02-10 08:51:29 +03:00
plock - > size , plock - > lock_type ) ;
return result ;
}
static bool smb_full_audit_brl_cancel_windows ( struct vfs_handle_struct * handle ,
struct byte_range_lock * br_lck ,
2014-07-03 17:51:45 +04:00
struct lock_struct * plock )
2009-02-10 08:51:29 +03:00
{
bool result ;
2014-07-03 17:51:45 +04:00
result = SMB_VFS_NEXT_BRL_CANCEL_WINDOWS ( handle , br_lck , plock ) ;
2009-02-10 08:51:29 +03:00
do_log ( SMB_VFS_OP_BRL_CANCEL_WINDOWS , ( result = = 0 ) , handle ,
2013-09-10 21:41:32 +04:00
" %s:%llu-%llu:%d " , fsp_str_do_log ( brl_fsp ( br_lck ) ) ,
plock - > start ,
2012-09-20 10:20:57 +04:00
plock - > size , plock - > lock_type ) ;
2009-02-10 08:51:29 +03:00
return result ;
}
2009-03-14 00:15:28 +03:00
static bool smb_full_audit_strict_lock ( struct vfs_handle_struct * handle ,
struct files_struct * fsp ,
struct lock_struct * plock )
{
bool result ;
result = SMB_VFS_NEXT_STRICT_LOCK ( handle , fsp , plock ) ;
do_log ( SMB_VFS_OP_STRICT_LOCK , result , handle ,
2009-07-11 05:11:32 +04:00
" %s:%llu-%llu:%d " , fsp_str_do_log ( fsp ) , plock - > start ,
2012-09-20 10:20:57 +04:00
plock - > size , plock - > lock_type ) ;
2009-03-14 00:15:28 +03:00
return result ;
}
static void smb_full_audit_strict_unlock ( struct vfs_handle_struct * handle ,
struct files_struct * fsp ,
struct lock_struct * plock )
{
SMB_VFS_NEXT_STRICT_UNLOCK ( handle , fsp , plock ) ;
do_log ( SMB_VFS_OP_STRICT_UNLOCK , true , handle ,
2009-07-11 05:11:32 +04:00
" %s:%llu-%llu:%d " , fsp_str_do_log ( fsp ) , plock - > start ,
2012-09-20 10:20:57 +04:00
plock - > size , plock - > lock_type ) ;
2009-03-14 00:15:28 +03:00
}
2009-11-16 11:49:23 +03:00
static NTSTATUS smb_full_audit_translate_name ( struct vfs_handle_struct * handle ,
const char * name ,
enum vfs_translate_direction direction ,
TALLOC_CTX * mem_ctx ,
char * * mapped_name )
2009-08-27 01:56:09 +04:00
{
NTSTATUS result ;
2009-11-16 11:49:23 +03:00
result = SMB_VFS_NEXT_TRANSLATE_NAME ( handle , name , direction , mem_ctx ,
mapped_name ) ;
2009-08-27 01:56:09 +04:00
do_log ( SMB_VFS_OP_TRANSLATE_NAME , NT_STATUS_IS_OK ( result ) , handle , " " ) ;
return result ;
}
2013-01-15 20:22:59 +04:00
static struct tevent_req * smb_full_audit_copy_chunk_send ( struct vfs_handle_struct * handle ,
TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
struct files_struct * src_fsp ,
off_t src_off ,
struct files_struct * dest_fsp ,
off_t dest_off ,
off_t num )
{
struct tevent_req * req ;
req = SMB_VFS_NEXT_COPY_CHUNK_SEND ( handle , mem_ctx , ev , src_fsp ,
src_off , dest_fsp , dest_off , num ) ;
do_log ( SMB_VFS_OP_COPY_CHUNK_SEND , req , handle , " " ) ;
return req ;
}
static NTSTATUS smb_full_audit_copy_chunk_recv ( struct vfs_handle_struct * handle ,
struct tevent_req * req ,
off_t * copied )
{
NTSTATUS result ;
result = SMB_VFS_NEXT_COPY_CHUNK_RECV ( handle , req , copied ) ;
do_log ( SMB_VFS_OP_COPY_CHUNK_RECV , NT_STATUS_IS_OK ( result ) , handle , " " ) ;
return result ;
}
2013-11-18 17:54:30 +04:00
static NTSTATUS smb_full_audit_get_compression ( vfs_handle_struct * handle ,
TALLOC_CTX * mem_ctx ,
struct files_struct * fsp ,
struct smb_filename * smb_fname ,
uint16_t * _compression_fmt )
{
NTSTATUS result ;
result = SMB_VFS_NEXT_GET_COMPRESSION ( handle , mem_ctx , fsp , smb_fname ,
_compression_fmt ) ;
do_log ( SMB_VFS_OP_GET_COMPRESSION , NT_STATUS_IS_OK ( result ) , handle ,
" %s " ,
( fsp ? fsp_str_do_log ( fsp ) : smb_fname_str_do_log ( smb_fname ) ) ) ;
return result ;
}
static NTSTATUS smb_full_audit_set_compression ( vfs_handle_struct * handle ,
TALLOC_CTX * mem_ctx ,
struct files_struct * fsp ,
uint16_t compression_fmt )
{
NTSTATUS result ;
result = SMB_VFS_NEXT_SET_COMPRESSION ( handle , mem_ctx , fsp ,
compression_fmt ) ;
do_log ( SMB_VFS_OP_SET_COMPRESSION , NT_STATUS_IS_OK ( result ) , handle ,
" %s " , fsp_str_do_log ( fsp ) ) ;
return result ;
}
2014-11-26 16:30:37 +03:00
static NTSTATUS smb_full_audit_readdir_attr ( struct vfs_handle_struct * handle ,
const struct smb_filename * fname ,
TALLOC_CTX * mem_ctx ,
struct readdir_attr_data * * pattr_data )
{
NTSTATUS status ;
status = SMB_VFS_NEXT_READDIR_ATTR ( handle , fname , mem_ctx , pattr_data ) ;
do_log ( SMB_VFS_OP_READDIR_ATTR , NT_STATUS_IS_OK ( status ) , handle , " %s " ,
smb_fname_str_do_log ( fname ) ) ;
return status ;
}
2007-10-13 23:06:49 +04:00
static NTSTATUS smb_full_audit_fget_nt_acl ( vfs_handle_struct * handle , files_struct * fsp ,
2012-10-10 04:50:27 +04:00
uint32 security_info ,
TALLOC_CTX * mem_ctx ,
struct security_descriptor * * ppdesc )
2004-04-29 16:11:59 +04:00
{
2007-10-13 23:06:49 +04:00
NTSTATUS result ;
2004-04-29 16:11:59 +04:00
2012-10-10 04:50:27 +04:00
result = SMB_VFS_NEXT_FGET_NT_ACL ( handle , fsp , security_info ,
mem_ctx , ppdesc ) ;
2004-04-29 16:11:59 +04:00
2007-10-13 23:06:49 +04:00
do_log ( SMB_VFS_OP_FGET_NT_ACL , NT_STATUS_IS_OK ( result ) , handle ,
2009-07-11 05:11:32 +04:00
" %s " , fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2007-10-13 23:06:49 +04:00
static NTSTATUS smb_full_audit_get_nt_acl ( vfs_handle_struct * handle ,
const char * name ,
uint32 security_info ,
2012-10-10 04:50:27 +04:00
TALLOC_CTX * mem_ctx ,
2010-05-18 12:29:34 +04:00
struct security_descriptor * * ppdesc )
2004-04-29 16:11:59 +04:00
{
2007-10-13 23:06:49 +04:00
NTSTATUS result ;
2004-04-29 16:11:59 +04:00
2012-10-10 04:50:27 +04:00
result = SMB_VFS_NEXT_GET_NT_ACL ( handle , name , security_info ,
mem_ctx , ppdesc ) ;
2004-04-29 16:11:59 +04:00
2007-10-13 23:06:49 +04:00
do_log ( SMB_VFS_OP_GET_NT_ACL , NT_STATUS_IS_OK ( result ) , handle ,
2008-08-14 21:58:50 +04:00
" %s " , name ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2007-06-27 02:49:10 +04:00
static NTSTATUS smb_full_audit_fset_nt_acl ( vfs_handle_struct * handle , files_struct * fsp ,
2008-01-06 20:48:02 +03:00
uint32 security_info_sent ,
2010-05-18 12:29:34 +04:00
const struct security_descriptor * psd )
2004-04-29 16:11:59 +04:00
{
2014-08-07 14:53:33 +04:00
struct vfs_full_audit_private_data * pd ;
2007-06-27 02:49:10 +04:00
NTSTATUS result ;
2014-08-07 14:53:33 +04:00
char * sd = NULL ;
SMB_VFS_HANDLE_GET_DATA ( handle , pd ,
struct vfs_full_audit_private_data ,
return NT_STATUS_INTERNAL_ERROR ) ;
if ( pd - > log_secdesc ) {
sd = sddl_encode ( talloc_tos ( ) , psd , get_global_sam_sid ( ) ) ;
}
2004-04-29 16:11:59 +04:00
2008-01-06 20:48:02 +03:00
result = SMB_VFS_NEXT_FSET_NT_ACL ( handle , fsp , security_info_sent , psd ) ;
2004-04-29 16:11:59 +04:00
2014-08-07 14:53:33 +04:00
do_log ( SMB_VFS_OP_FSET_NT_ACL , NT_STATUS_IS_OK ( result ) , handle ,
" %s [%s] " , fsp_str_do_log ( fsp ) , sd ? sd : " " ) ;
TALLOC_FREE ( sd ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2006-07-11 22:01:26 +04:00
static int smb_full_audit_chmod_acl ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * path , mode_t mode )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_CHMOD_ACL ( handle , path , mode ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_CHMOD_ACL , ( result > = 0 ) , handle ,
" %s|%o " , path , mode ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_fchmod_acl ( vfs_handle_struct * handle , files_struct * fsp ,
2008-01-08 03:14:24 +03:00
mode_t mode )
2004-04-29 16:11:59 +04:00
{
int result ;
2008-01-08 03:14:24 +03:00
result = SMB_VFS_NEXT_FCHMOD_ACL ( handle , fsp , mode ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_FCHMOD_ACL , ( result > = 0 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s|%o " , fsp_str_do_log ( fsp ) , mode ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2004-08-31 19:11:41 +04:00
static SMB_ACL_T smb_full_audit_sys_acl_get_file ( vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * path_p ,
2012-10-10 03:18:32 +04:00
SMB_ACL_TYPE_T type ,
TALLOC_CTX * mem_ctx )
2004-04-29 16:11:59 +04:00
{
SMB_ACL_T result ;
2012-10-10 03:18:32 +04:00
result = SMB_VFS_NEXT_SYS_ACL_GET_FILE ( handle , path_p , type , mem_ctx ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_SYS_ACL_GET_FILE , ( result ! = NULL ) , handle ,
" %s " , path_p ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static SMB_ACL_T smb_full_audit_sys_acl_get_fd ( vfs_handle_struct * handle ,
2012-10-10 03:18:32 +04:00
files_struct * fsp , TALLOC_CTX * mem_ctx )
2004-04-29 16:11:59 +04:00
{
SMB_ACL_T result ;
2012-10-10 03:18:32 +04:00
result = SMB_VFS_NEXT_SYS_ACL_GET_FD ( handle , fsp , mem_ctx ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_SYS_ACL_GET_FD , ( result ! = NULL ) , handle ,
2009-07-11 05:11:32 +04:00
" %s " , fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2012-09-10 06:44:01 +04:00
static int smb_full_audit_sys_acl_blob_get_file ( vfs_handle_struct * handle ,
const char * path_p ,
2012-09-20 10:35:27 +04:00
TALLOC_CTX * mem_ctx ,
2012-09-10 06:44:01 +04:00
char * * blob_description ,
DATA_BLOB * blob )
{
2012-09-20 10:35:27 +04:00
int result ;
2012-09-10 06:44:01 +04:00
2012-10-10 09:44:41 +04:00
result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE ( handle , path_p , mem_ctx , blob_description , blob ) ;
2012-09-10 06:44:01 +04:00
2012-09-20 10:35:27 +04:00
do_log ( SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE , ( result > = 0 ) , handle ,
2012-09-10 06:44:01 +04:00
" %s " , path_p ) ;
return result ;
}
static int smb_full_audit_sys_acl_blob_get_fd ( vfs_handle_struct * handle ,
2012-09-20 10:35:27 +04:00
files_struct * fsp ,
TALLOC_CTX * mem_ctx ,
2012-09-10 06:44:01 +04:00
char * * blob_description ,
DATA_BLOB * blob )
{
2012-09-20 10:35:27 +04:00
int result ;
2012-09-10 06:44:01 +04:00
2012-09-20 10:35:27 +04:00
result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD ( handle , fsp , mem_ctx , blob_description , blob ) ;
2012-09-10 06:44:01 +04:00
2012-09-20 10:35:27 +04:00
do_log ( SMB_VFS_OP_SYS_ACL_BLOB_GET_FD , ( result > = 0 ) , handle ,
2012-09-10 06:44:01 +04:00
" %s " , fsp_str_do_log ( fsp ) ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_sys_acl_set_file ( vfs_handle_struct * handle ,
2006-07-11 22:01:26 +04:00
2004-04-29 16:11:59 +04:00
const char * name , SMB_ACL_TYPE_T acltype ,
SMB_ACL_T theacl )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_SYS_ACL_SET_FILE ( handle , name , acltype ,
2004-04-29 16:11:59 +04:00
theacl ) ;
do_log ( SMB_VFS_OP_SYS_ACL_SET_FILE , ( result > = 0 ) , handle ,
" %s " , name ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_sys_acl_set_fd ( vfs_handle_struct * handle , files_struct * fsp ,
2008-01-08 03:54:19 +03:00
SMB_ACL_T theacl )
2004-04-29 16:11:59 +04:00
{
int result ;
2008-01-08 03:54:19 +03:00
result = SMB_VFS_NEXT_SYS_ACL_SET_FD ( handle , fsp , theacl ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_SYS_ACL_SET_FD , ( result > = 0 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s " , fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_sys_acl_delete_def_file ( vfs_handle_struct * handle ,
2006-07-11 22:01:26 +04:00
2004-04-29 16:11:59 +04:00
const char * path )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE ( handle , path ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE , ( result > = 0 ) , handle ,
" %s " , path ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static ssize_t smb_full_audit_getxattr ( struct vfs_handle_struct * handle ,
2006-07-11 22:01:26 +04:00
const char * path ,
2004-04-29 16:11:59 +04:00
const char * name , void * value , size_t size )
{
ssize_t result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_GETXATTR ( handle , path , name , value , size ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_GETXATTR , ( result > = 0 ) , handle ,
" %s|%s " , path , name ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static ssize_t smb_full_audit_fgetxattr ( struct vfs_handle_struct * handle ,
2008-01-08 12:00:47 +03:00
struct files_struct * fsp ,
2004-04-29 16:11:59 +04:00
const char * name , void * value , size_t size )
{
ssize_t result ;
2008-01-08 12:00:47 +03:00
result = SMB_VFS_NEXT_FGETXATTR ( handle , fsp , name , value , size ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_FGETXATTR , ( result > = 0 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s|%s " , fsp_str_do_log ( fsp ) , name ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2004-08-31 19:11:41 +04:00
static ssize_t smb_full_audit_listxattr ( struct vfs_handle_struct * handle ,
2004-04-29 16:11:59 +04:00
const char * path , char * list , size_t size )
{
ssize_t result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_LISTXATTR ( handle , path , list , size ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_LISTXATTR , ( result > = 0 ) , handle , " %s " , path ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static ssize_t smb_full_audit_flistxattr ( struct vfs_handle_struct * handle ,
2008-01-08 12:51:40 +03:00
struct files_struct * fsp , char * list ,
2004-04-29 16:11:59 +04:00
size_t size )
{
ssize_t result ;
2008-01-08 12:51:40 +03:00
result = SMB_VFS_NEXT_FLISTXATTR ( handle , fsp , list , size ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_FLISTXATTR , ( result > = 0 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s " , fsp_str_do_log ( fsp ) ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_removexattr ( struct vfs_handle_struct * handle ,
2006-07-11 22:01:26 +04:00
const char * path ,
2004-04-29 16:11:59 +04:00
const char * name )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_REMOVEXATTR ( handle , path , name ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_REMOVEXATTR , ( result > = 0 ) , handle ,
" %s|%s " , path , name ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_fremovexattr ( struct vfs_handle_struct * handle ,
2008-01-08 13:29:09 +03:00
struct files_struct * fsp ,
2004-04-29 16:11:59 +04:00
const char * name )
{
int result ;
2008-01-08 13:29:09 +03:00
result = SMB_VFS_NEXT_FREMOVEXATTR ( handle , fsp , name ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_FREMOVEXATTR , ( result > = 0 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s|%s " , fsp_str_do_log ( fsp ) , name ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_setxattr ( struct vfs_handle_struct * handle ,
2006-07-11 22:01:26 +04:00
const char * path ,
2004-04-29 16:11:59 +04:00
const char * name , const void * value , size_t size ,
int flags )
{
int result ;
2006-07-11 22:01:26 +04:00
result = SMB_VFS_NEXT_SETXATTR ( handle , path , name , value , size ,
2004-04-29 16:11:59 +04:00
flags ) ;
do_log ( SMB_VFS_OP_SETXATTR , ( result > = 0 ) , handle ,
" %s|%s " , path , name ) ;
return result ;
}
2004-08-31 19:11:41 +04:00
static int smb_full_audit_fsetxattr ( struct vfs_handle_struct * handle ,
2008-01-08 13:47:33 +03:00
struct files_struct * fsp , const char * name ,
2004-04-29 16:11:59 +04:00
const void * value , size_t size , int flags )
{
int result ;
2008-01-08 13:47:33 +03:00
result = SMB_VFS_NEXT_FSETXATTR ( handle , fsp , name , value , size , flags ) ;
2004-04-29 16:11:59 +04:00
do_log ( SMB_VFS_OP_FSETXATTR , ( result > = 0 ) , handle ,
2009-07-11 05:11:32 +04:00
" %s|%s " , fsp_str_do_log ( fsp ) , name ) ;
2004-04-29 16:11:59 +04:00
return result ;
}
2009-02-10 23:14:39 +03:00
static bool smb_full_audit_aio_force ( struct vfs_handle_struct * handle ,
struct files_struct * fsp )
{
bool result ;
result = SMB_VFS_NEXT_AIO_FORCE ( handle , fsp ) ;
do_log ( SMB_VFS_OP_AIO_FORCE , result , handle ,
2009-07-11 05:11:32 +04:00
" %s " , fsp_str_do_log ( fsp ) ) ;
2009-02-10 23:14:39 +03:00
return result ;
}
2005-06-28 02:53:56 +04:00
2011-02-25 16:37:34 +03:00
static bool smb_full_audit_is_offline ( struct vfs_handle_struct * handle ,
const struct smb_filename * fname ,
SMB_STRUCT_STAT * sbuf )
{
bool result ;
result = SMB_VFS_NEXT_IS_OFFLINE ( handle , fname , sbuf ) ;
do_log ( SMB_VFS_OP_IS_OFFLINE , result , handle , " %s " ,
smb_fname_str_do_log ( fname ) ) ;
return result ;
}
2011-02-25 16:43:52 +03:00
static int smb_full_audit_set_offline ( struct vfs_handle_struct * handle ,
const struct smb_filename * fname )
{
int result ;
result = SMB_VFS_NEXT_SET_OFFLINE ( handle , fname ) ;
do_log ( SMB_VFS_OP_SET_OFFLINE , result > = 0 , handle , " %s " ,
smb_fname_str_do_log ( fname ) ) ;
return result ;
}
2009-07-24 04:28:58 +04:00
static struct vfs_fn_pointers vfs_full_audit_fns = {
2009-07-01 09:44:39 +04:00
/* Disk operations */
2009-07-24 04:28:58 +04:00
. connect_fn = smb_full_audit_connect ,
2011-12-04 08:45:04 +04:00
. disconnect_fn = smb_full_audit_disconnect ,
. disk_free_fn = smb_full_audit_disk_free ,
. get_quota_fn = smb_full_audit_get_quota ,
. set_quota_fn = smb_full_audit_set_quota ,
. get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data ,
. statvfs_fn = smb_full_audit_statvfs ,
. fs_capabilities_fn = smb_full_audit_fs_capabilities ,
2012-04-10 05:16:57 +04:00
. snap_check_path_fn = smb_full_audit_snap_check_path ,
. snap_create_fn = smb_full_audit_snap_create ,
. snap_delete_fn = smb_full_audit_snap_delete ,
2011-12-04 08:45:04 +04:00
. opendir_fn = smb_full_audit_opendir ,
. fdopendir_fn = smb_full_audit_fdopendir ,
. readdir_fn = smb_full_audit_readdir ,
. seekdir_fn = smb_full_audit_seekdir ,
. telldir_fn = smb_full_audit_telldir ,
. rewind_dir_fn = smb_full_audit_rewinddir ,
. mkdir_fn = smb_full_audit_mkdir ,
. rmdir_fn = smb_full_audit_rmdir ,
. closedir_fn = smb_full_audit_closedir ,
. init_search_op_fn = smb_full_audit_init_search_op ,
2011-04-21 00:55:25 +04:00
. open_fn = smb_full_audit_open ,
2011-12-04 08:45:04 +04:00
. create_file_fn = smb_full_audit_create_file ,
2009-07-24 04:28:58 +04:00
. close_fn = smb_full_audit_close ,
2011-12-04 08:45:04 +04:00
. read_fn = smb_full_audit_read ,
. pread_fn = smb_full_audit_pread ,
2012-07-09 19:17:25 +04:00
. pread_send_fn = smb_full_audit_pread_send ,
. pread_recv_fn = smb_full_audit_pread_recv ,
2011-12-04 08:45:04 +04:00
. write_fn = smb_full_audit_write ,
. pwrite_fn = smb_full_audit_pwrite ,
2012-07-09 19:17:25 +04:00
. pwrite_send_fn = smb_full_audit_pwrite_send ,
. pwrite_recv_fn = smb_full_audit_pwrite_recv ,
2011-12-04 08:45:04 +04:00
. lseek_fn = smb_full_audit_lseek ,
. sendfile_fn = smb_full_audit_sendfile ,
. recvfile_fn = smb_full_audit_recvfile ,
. rename_fn = smb_full_audit_rename ,
. fsync_fn = smb_full_audit_fsync ,
2012-07-13 12:22:25 +04:00
. fsync_send_fn = smb_full_audit_fsync_send ,
. fsync_recv_fn = smb_full_audit_fsync_recv ,
2011-12-04 08:45:04 +04:00
. stat_fn = smb_full_audit_stat ,
. fstat_fn = smb_full_audit_fstat ,
. lstat_fn = smb_full_audit_lstat ,
. get_alloc_size_fn = smb_full_audit_get_alloc_size ,
. unlink_fn = smb_full_audit_unlink ,
. chmod_fn = smb_full_audit_chmod ,
. fchmod_fn = smb_full_audit_fchmod ,
. chown_fn = smb_full_audit_chown ,
. fchown_fn = smb_full_audit_fchown ,
. lchown_fn = smb_full_audit_lchown ,
. chdir_fn = smb_full_audit_chdir ,
. getwd_fn = smb_full_audit_getwd ,
. ntimes_fn = smb_full_audit_ntimes ,
. ftruncate_fn = smb_full_audit_ftruncate ,
. fallocate_fn = smb_full_audit_fallocate ,
. lock_fn = smb_full_audit_lock ,
. kernel_flock_fn = smb_full_audit_kernel_flock ,
. linux_setlease_fn = smb_full_audit_linux_setlease ,
. getlock_fn = smb_full_audit_getlock ,
. symlink_fn = smb_full_audit_symlink ,
. readlink_fn = smb_full_audit_readlink ,
. link_fn = smb_full_audit_link ,
. mknod_fn = smb_full_audit_mknod ,
. realpath_fn = smb_full_audit_realpath ,
. notify_watch_fn = smb_full_audit_notify_watch ,
. chflags_fn = smb_full_audit_chflags ,
. file_id_create_fn = smb_full_audit_file_id_create ,
. streaminfo_fn = smb_full_audit_streaminfo ,
. get_real_filename_fn = smb_full_audit_get_real_filename ,
. connectpath_fn = smb_full_audit_connectpath ,
. brl_lock_windows_fn = smb_full_audit_brl_lock_windows ,
. brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows ,
. brl_cancel_windows_fn = smb_full_audit_brl_cancel_windows ,
. strict_lock_fn = smb_full_audit_strict_lock ,
. strict_unlock_fn = smb_full_audit_strict_unlock ,
. translate_name_fn = smb_full_audit_translate_name ,
2013-01-15 20:22:59 +04:00
. copy_chunk_send_fn = smb_full_audit_copy_chunk_send ,
. copy_chunk_recv_fn = smb_full_audit_copy_chunk_recv ,
2013-11-18 17:54:30 +04:00
. get_compression_fn = smb_full_audit_get_compression ,
. set_compression_fn = smb_full_audit_set_compression ,
2014-11-26 16:30:37 +03:00
. readdir_attr_fn = smb_full_audit_readdir_attr ,
2011-12-04 08:45:04 +04:00
. fget_nt_acl_fn = smb_full_audit_fget_nt_acl ,
. get_nt_acl_fn = smb_full_audit_get_nt_acl ,
. fset_nt_acl_fn = smb_full_audit_fset_nt_acl ,
. chmod_acl_fn = smb_full_audit_chmod_acl ,
. fchmod_acl_fn = smb_full_audit_fchmod_acl ,
. sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file ,
. sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd ,
2012-09-20 10:35:27 +04:00
. sys_acl_blob_get_file_fn = smb_full_audit_sys_acl_blob_get_file ,
. sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd ,
2011-12-04 08:45:04 +04:00
. sys_acl_set_file_fn = smb_full_audit_sys_acl_set_file ,
. sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd ,
. sys_acl_delete_def_file_fn = smb_full_audit_sys_acl_delete_def_file ,
. getxattr_fn = smb_full_audit_getxattr ,
. fgetxattr_fn = smb_full_audit_fgetxattr ,
. listxattr_fn = smb_full_audit_listxattr ,
. flistxattr_fn = smb_full_audit_flistxattr ,
. removexattr_fn = smb_full_audit_removexattr ,
. fremovexattr_fn = smb_full_audit_fremovexattr ,
. setxattr_fn = smb_full_audit_setxattr ,
. fsetxattr_fn = smb_full_audit_fsetxattr ,
. aio_force_fn = smb_full_audit_aio_force ,
. is_offline_fn = smb_full_audit_is_offline ,
. set_offline_fn = smb_full_audit_set_offline ,
2009-07-01 09:44:39 +04:00
} ;
2004-04-29 16:11:59 +04:00
NTSTATUS vfs_full_audit_init ( void )
{
NTSTATUS ret = smb_register_vfs ( SMB_VFS_INTERFACE_VERSION ,
2009-07-24 04:28:58 +04:00
" full_audit " , & vfs_full_audit_fns ) ;
2004-04-29 16:11:59 +04:00
if ( ! NT_STATUS_IS_OK ( ret ) )
return ret ;
vfs_full_audit_debug_level = debug_add_class ( " full_audit " ) ;
if ( vfs_full_audit_debug_level = = - 1 ) {
vfs_full_audit_debug_level = DBGC_VFS ;
DEBUG ( 0 , ( " vfs_full_audit: Couldn't register custom debugging "
" class! \n " ) ) ;
} else {
DEBUG ( 10 , ( " vfs_full_audit: Debug class number of "
" 'full_audit': %d \n " , vfs_full_audit_debug_level ) ) ;
}
return ret ;
}