mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r378: Add an option extd_audit:parseable=True. This gives messages of the form
Apr 27 16:05:59 delphin smbd_audit[14946]: 1011|192.168.234.100|unlink|New Folder/TESTDIR.TMP
where 1011 is the user's uid, 192.168.234.100 is the client IP etc.
Volker
(This used to be commit 9a1a8e2663
)
This commit is contained in:
parent
43fb4632c6
commit
87a9681a00
@ -25,6 +25,8 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
extern struct current_user current_user;
|
||||
|
||||
static int vfs_extd_audit_debug_level = DBGC_VFS;
|
||||
|
||||
#undef DBGC_CLASS
|
||||
@ -106,10 +108,17 @@ static int audit_connect(vfs_handle_struct *handle, connection_struct *conn, con
|
||||
|
||||
openlog("smbd_audit", LOG_PID, audit_syslog_facility(handle));
|
||||
|
||||
syslog(audit_syslog_priority(handle), "connect to service %s by user %s\n",
|
||||
svc, user);
|
||||
DEBUG(10, ("Connected to service %s as user %s\n",
|
||||
svc, user));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|connect|%s\n", current_user.uid,
|
||||
handle->conn->client_address, svc);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"connect to service %s by user %s\n", svc, user);
|
||||
DEBUG(10, ("Connected to service %s as user %s\n",
|
||||
svc, user));
|
||||
}
|
||||
|
||||
result = SMB_VFS_NEXT_CONNECT(handle, conn, svc, user);
|
||||
|
||||
@ -118,8 +127,17 @@ static int audit_connect(vfs_handle_struct *handle, connection_struct *conn, con
|
||||
|
||||
static void audit_disconnect(vfs_handle_struct *handle, connection_struct *conn)
|
||||
{
|
||||
syslog(audit_syslog_priority(handle), "disconnected\n");
|
||||
DEBUG(10, ("Disconnected from VFS module extd_audit\n"));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|disconnect|%s\n", current_user.uid,
|
||||
handle->conn->client_address,
|
||||
lp_servicename(SNUM(conn)));
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle), "disconnected\n");
|
||||
DEBUG(10, ("Disconnected from VFS module extd_audit\n"));
|
||||
}
|
||||
|
||||
SMB_VFS_NEXT_DISCONNECT(handle, conn);
|
||||
|
||||
return;
|
||||
@ -131,14 +149,21 @@ static DIR *audit_opendir(vfs_handle_struct *handle, connection_struct *conn, co
|
||||
|
||||
result = SMB_VFS_NEXT_OPENDIR(handle, conn, fname);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",
|
||||
fname,
|
||||
(result == NULL) ? "failed: " : "",
|
||||
(result == NULL) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: opendir %s %s %s\n",
|
||||
fname,
|
||||
(result == NULL) ? "failed: " : "",
|
||||
(result == NULL) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|opendir|%s\n", current_user.uid,
|
||||
handle->conn->client_address, fname);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",
|
||||
fname,
|
||||
(result == NULL) ? "failed: " : "",
|
||||
(result == NULL) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: opendir %s %s %s\n",
|
||||
fname,
|
||||
(result == NULL) ? "failed: " : "",
|
||||
(result == NULL) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -149,14 +174,21 @@ static int audit_mkdir(vfs_handle_struct *handle, connection_struct *conn, const
|
||||
|
||||
result = SMB_VFS_NEXT_MKDIR(handle, conn, path, mode);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|mkdir|%s\n", current_user.uid,
|
||||
handle->conn->client_address, path);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -167,14 +199,21 @@ static int audit_rmdir(vfs_handle_struct *handle, connection_struct *conn, const
|
||||
|
||||
result = SMB_VFS_NEXT_RMDIR(handle, conn, path);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|rmdir|%s\n", current_user.uid,
|
||||
handle->conn->client_address, path);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -185,15 +224,26 @@ static int audit_open(vfs_handle_struct *handle, connection_struct *conn, const
|
||||
|
||||
result = SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n",
|
||||
fname, result,
|
||||
((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "",
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(2, ("vfs_extd_audit: open %s %s %s\n",
|
||||
fname,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|open|%s|%s\n", current_user.uid,
|
||||
handle->conn->client_address,
|
||||
((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
|
||||
fname);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"open %s (fd %d) %s%s%s\n",
|
||||
fname, result,
|
||||
((flags & O_WRONLY) || (flags & O_RDWR))
|
||||
? "for writing " : "",
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(2, ("vfs_extd_audit: open %s %s %s\n",
|
||||
fname,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -204,14 +254,21 @@ static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
|
||||
|
||||
result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",
|
||||
fd,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n",
|
||||
fd,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|close|%s\n", current_user.uid,
|
||||
handle->conn->client_address, fsp->fsp_name);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",
|
||||
fd,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n",
|
||||
fd,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -222,14 +279,21 @@ static int audit_rename(vfs_handle_struct *handle, connection_struct *conn, cons
|
||||
|
||||
result = SMB_VFS_NEXT_RENAME(handle, conn, old, new);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",
|
||||
old, new,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: rename old: %s new: %s %s %s\n",
|
||||
old, new,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|rename|%s|%s\n", current_user.uid,
|
||||
handle->conn->client_address, old, new);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",
|
||||
old, new,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: rename old: %s new: %s %s %s\n",
|
||||
old, new,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -240,14 +304,21 @@ static int audit_unlink(vfs_handle_struct *handle, connection_struct *conn, cons
|
||||
|
||||
result = SMB_VFS_NEXT_UNLINK(handle, conn, path);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|unlink|%s\n", current_user.uid,
|
||||
handle->conn->client_address, path);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n",
|
||||
path,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -258,14 +329,22 @@ static int audit_chmod(vfs_handle_struct *handle, connection_struct *conn, const
|
||||
|
||||
result = SMB_VFS_NEXT_CHMOD(handle, conn, path, mode);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
|
||||
path, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n",
|
||||
path, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|chmod|%s|%o\n", current_user.uid,
|
||||
handle->conn->client_address, path, mode);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"chmod %s mode 0x%x %s%s\n",
|
||||
path, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n",
|
||||
path, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -276,14 +355,22 @@ static int audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn, c
|
||||
|
||||
result = SMB_VFS_NEXT_CHMOD_ACL(handle, conn, path, mode);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n",
|
||||
path, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n",
|
||||
path, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|chmod_acl|%s|%o\n", current_user.uid,
|
||||
handle->conn->client_address, path, mode);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"chmod_acl %s mode 0x%x %s%s\n",
|
||||
path, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n",
|
||||
path, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -294,14 +381,22 @@ static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mo
|
||||
|
||||
result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n",
|
||||
fsp->fsp_name, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s",
|
||||
fsp->fsp_name, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|fchmod|%s|%o\n", current_user.uid,
|
||||
handle->conn->client_address, fsp->fsp_name, mode);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"fchmod %s mode 0x%x %s%s\n",
|
||||
fsp->fsp_name, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s",
|
||||
fsp->fsp_name, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -312,14 +407,22 @@ static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd
|
||||
|
||||
result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);
|
||||
|
||||
syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n",
|
||||
fsp->fsp_name, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s",
|
||||
fsp->fsp_name, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",
|
||||
False)) {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"%d|%s|fchmod_acl|%s|%o\n", current_user.uid,
|
||||
handle->conn->client_address, fsp->fsp_name, mode);
|
||||
} else {
|
||||
syslog(audit_syslog_priority(handle),
|
||||
"fchmod_acl %s mode 0x%x %s%s\n",
|
||||
fsp->fsp_name, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : "");
|
||||
DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s",
|
||||
fsp->fsp_name, mode,
|
||||
(result < 0) ? "failed: " : "",
|
||||
(result < 0) ? strerror(errno) : ""));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user