sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
1304041a4f
samba-mirror/source3/modules/vfs_time_audit.c
Ralph Boehme 8fa7848b4a vfs: Add flags and xferlen args to SMB_VFS_OFFLOAD_READ_RECV 
We missed these values which follow from MS-FSCC 2.3.80 “FSCTL_OFFLOAD_READ
Reply”:

  Flags (4 bytes):

    A 32-bit unsigned integer that indicates which flags were returned for this
    operation. Possible values for the flags follow. All unused bits are reserved
    for future use, SHOULD be set to 0, and MUST be ignored.

    OFFLOAD_READ_FLAG_ALL_ZERO_BEYOND_CURRENT_RANGE (0x00000001)
    => The data beyond the current range is logically equivalent to zero.

  TransferLength (8 bytes):

    A 64-bit unsigned integer that contains the amount, in bytes, of data that the
    Token logically represents. This value indicates a contiguous region of the
    file from the beginning of the requested offset in the FileOffset field in the
    FSCTL_OFFLOAD_READ_INPUT data element (section 2.3.79). This value can be
    smaller than the CopyLength field specified in the FSCTL_OFFLOAD_READ_INPUT
    data element, which indicates that less data was logically
    represented (logically read) with the Token than was requested. The value of
    this field MUST be greater than 0x0000000000000000 and MUST be aligned to a
    logical sector boundary on the volume.

As we currently only implement COPY_CHUNK over the OFFLOAD VFS interface, the
VFS COPY_CHUNK backend in vfs_default just sets both values to 0 and they are
unused in the SMB frontend.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00

2824 lines
69 KiB
C
Raw Blame History

/*
* Time auditing VFS module for samba. Log time taken for VFS call to syslog
* facility.
*
* Copyright (C) Abhidnya Chirmule <achirmul@in.ibm.com> 2009
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/*
* This module implements logging for time taken for all Samba VFS operations.
*
* vfs objects = time_audit
*/
#include "includes.h"
#include "smbd/smbd.h"
#include "ntioctl.h"
#include "lib/util/tevent_unix.h"
#include "lib/util/tevent_ntstatus.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
static double audit_timeout;
static void smb_time_audit_log_msg(const char *syscallname, double elapsed,
const char *msg)
{
DEBUG(0, ("WARNING: VFS call \"%s\" took unexpectedly long "
"(%.2f seconds) %s%s-- Validate that file and storage "
"subsystems are operating normally\n", syscallname,
elapsed, (msg != NULL) ? msg : "",
(msg != NULL) ? " " : ""));
}
static void smb_time_audit_log(const char *syscallname, double elapsed)
{
smb_time_audit_log_msg(syscallname, elapsed, NULL);
}
static void smb_time_audit_log_fsp(const char *syscallname, double elapsed,
const struct files_struct *fsp)
{
char *base_name = NULL;
char *connectpath = NULL;
char *msg = NULL;
if (fsp == NULL) {
smb_time_audit_log(syscallname, elapsed);
return;
}
if (fsp->conn)
connectpath = fsp->conn->connectpath;
if (fsp->fsp_name)
base_name = fsp->fsp_name->base_name;
if (connectpath != NULL && base_name != NULL) {
msg = talloc_asprintf(talloc_tos(), "filename = \"%s/%s\"",
connectpath, base_name);
} else if (connectpath != NULL && base_name == NULL) {
msg = talloc_asprintf(talloc_tos(), "connectpath = \"%s\", "
"base_name = <NULL>",
connectpath);
} else if (connectpath == NULL && base_name != NULL) {
msg = talloc_asprintf(talloc_tos(), "connectpath = <NULL>, "
"base_name = \"%s\"",
base_name);
} else { /* connectpath == NULL && base_name == NULL */
msg = talloc_asprintf(talloc_tos(), "connectpath = <NULL>, "
"base_name = <NULL>");
}
smb_time_audit_log_msg(syscallname, elapsed, msg);
TALLOC_FREE(msg);
}
static void smb_time_audit_log_at(const char *syscallname,
double elapsed,
const struct files_struct *dir_fsp,
const struct smb_filename *smb_fname)
{
char *msg = NULL;
msg = talloc_asprintf(talloc_tos(),
"filename = \"%s/%s/%s\"",
dir_fsp->conn->connectpath,
dir_fsp->fsp_name->base_name,
smb_fname->base_name);
smb_time_audit_log_msg(syscallname, elapsed, msg);
TALLOC_FREE(msg);
}
static void smb_time_audit_log_fname(const char *syscallname, double elapsed,
const char *fname)
{
char cwd[PATH_MAX];
char *msg = NULL;
if (getcwd(cwd, sizeof(cwd)) == NULL) {
snprintf(cwd, sizeof(cwd), "<getcwd() error %d>", errno);
}
if (fname != NULL) {
msg = talloc_asprintf(talloc_tos(),
"cwd = \"%s\", filename = \"%s\"",
cwd, fname);
} else {
msg = talloc_asprintf(talloc_tos(),
"cwd = \"%s\", filename = <NULL>",
cwd);
}
smb_time_audit_log_msg(syscallname, elapsed, msg);
TALLOC_FREE(msg);
}
static void smb_time_audit_log_smb_fname(const char *syscallname, double elapsed,
const struct smb_filename *smb_fname)
{
if (smb_fname != NULL) {
smb_time_audit_log_fname(syscallname, elapsed,
smb_fname->base_name);
} else {
smb_time_audit_log_fname(syscallname, elapsed,
"smb_fname = <NULL>");
}
}
static int smb_time_audit_connect(vfs_handle_struct *handle,
const char *svc, const char *user)
{
int result;
struct timespec ts1,ts2;
double timediff;
if (!handle) {
return -1;
}
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_msg("connect", timediff, user);
}
return result;
}
static void smb_time_audit_disconnect(vfs_handle_struct *handle)
{
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
SMB_VFS_NEXT_DISCONNECT(handle);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("disconnect", timediff);
}
}
static uint64_t smb_time_audit_disk_free(vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
uint64_t *bsize,
uint64_t *dfree,
uint64_t *dsize)
{
uint64_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_DISK_FREE(handle, smb_fname, bsize, dfree, dsize);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
/* Don't have a reasonable notion of failure here */
if (timediff > audit_timeout) {
smb_time_audit_log_fname("disk_free",
timediff,
smb_fname->base_name);
}
return result;
}
static int smb_time_audit_get_quota(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
enum SMB_QUOTA_TYPE qtype,
unid_t id,
SMB_DISK_QUOTA *qt)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname, qtype, id, qt);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("get_quota",
timediff,
smb_fname->base_name);
}
return result;
}
static int smb_time_audit_set_quota(struct vfs_handle_struct *handle,
enum SMB_QUOTA_TYPE qtype, unid_t id,
SMB_DISK_QUOTA *qt)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("set_quota", timediff);
}
return result;
}
static int smb_time_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
struct files_struct *fsp,
struct shadow_copy_data *shadow_copy_data,
bool labels)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp,
shadow_copy_data, labels);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("get_shadow_copy_data", timediff, fsp);
}
return result;
}
static int smb_time_audit_statvfs(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
struct vfs_statvfs_struct *statbuf)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_STATVFS(handle, smb_fname, statbuf);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("statvfs", timediff,
smb_fname->base_name);
}
return result;
}
static uint32_t smb_time_audit_fs_capabilities(struct vfs_handle_struct *handle,
enum timestamp_set_resolution *p_ts_res)
{
uint32_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("fs_capabilities", timediff);
}
return result;
}
static NTSTATUS smb_time_audit_get_dfs_referrals(
struct vfs_handle_struct *handle,
struct dfs_GetDFSReferral *r)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_GET_DFS_REFERRALS(handle, r);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("get_dfs_referrals", timediff);
}
return result;
}
static NTSTATUS smb_time_audit_create_dfs_pathat(struct vfs_handle_struct *handle,
struct files_struct *dirfsp,
const struct smb_filename *smb_fname,
const struct referral *reflist,
size_t referral_count)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
struct smb_filename *full_fname = NULL;
full_fname = full_path_from_dirfsp_atname(talloc_tos(),
dirfsp,
smb_fname);
if (full_fname == NULL) {
return NT_STATUS_NO_MEMORY;
}
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_CREATE_DFS_PATHAT(handle,
dirfsp,
smb_fname,
reflist,
referral_count);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_smb_fname("create_dfs_pathat",
timediff,
full_fname);
}
TALLOC_FREE(full_fname);
return result;
}
static NTSTATUS smb_time_audit_read_dfs_pathat(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
struct files_struct *dirfsp,
struct smb_filename *smb_fname,
struct referral **ppreflist,
size_t *preferral_count)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
struct smb_filename *full_fname = NULL;
full_fname = full_path_from_dirfsp_atname(talloc_tos(),
dirfsp,
smb_fname);
if (full_fname == NULL) {
return NT_STATUS_NO_MEMORY;
}
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_READ_DFS_PATHAT(handle,
mem_ctx,
dirfsp,
smb_fname,
ppreflist,
preferral_count);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_smb_fname("read_dfs_pathat",
timediff,
full_fname);
}
TALLOC_FREE(full_fname);
return result;
}
static NTSTATUS smb_time_audit_snap_check_path(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
const char *service_path,
char **base_volume)
{
NTSTATUS status;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
status = SMB_VFS_NEXT_SNAP_CHECK_PATH(handle, mem_ctx, service_path,
base_volume);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2, &ts1) * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("snap_check_path", timediff);
}
return status;
}
static NTSTATUS smb_time_audit_snap_create(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
const char *base_volume,
time_t *tstamp,
bool rw,
char **base_path,
char **snap_path)
{
NTSTATUS status;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
status = SMB_VFS_NEXT_SNAP_CREATE(handle, mem_ctx, base_volume, tstamp,
rw, base_path, snap_path);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2 ,&ts1) * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("snap_create", timediff);
}
return status;
}
static NTSTATUS smb_time_audit_snap_delete(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
char *base_path,
char *snap_path)
{
NTSTATUS status;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
status = SMB_VFS_NEXT_SNAP_DELETE(handle, mem_ctx, base_path,
snap_path);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2, &ts1) * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("snap_delete", timediff);
}
return status;
}
static DIR *smb_time_audit_fdopendir(vfs_handle_struct *handle,
files_struct *fsp,
const char *mask, uint32_t attr)
{
DIR *result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fdopendir", timediff, fsp);
}
return result;
}
static struct dirent *smb_time_audit_readdir(vfs_handle_struct *handle,
struct files_struct *dirfsp,
DIR *dirp,
SMB_STRUCT_STAT *sbuf)
{
struct dirent *result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_READDIR(handle, dirfsp, dirp, sbuf);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("readdir", timediff);
}
return result;
}
static void smb_time_audit_seekdir(vfs_handle_struct *handle,
DIR *dirp, long offset)
{
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("seekdir", timediff);
}
}
static long smb_time_audit_telldir(vfs_handle_struct *handle,
DIR *dirp)
{
long result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("telldir", timediff);
}
return result;
}
static void smb_time_audit_rewinddir(vfs_handle_struct *handle,
DIR *dirp)
{
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
SMB_VFS_NEXT_REWINDDIR(handle, dirp);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("rewinddir", timediff);
}
}
static int smb_time_audit_mkdirat(vfs_handle_struct *handle,
struct files_struct *dirfsp,
const struct smb_filename *smb_fname,
mode_t mode)
{
struct smb_filename *full_fname = NULL;
int result;
struct timespec ts1,ts2;
double timediff;
full_fname = full_path_from_dirfsp_atname(talloc_tos(),
dirfsp,
smb_fname);
if (full_fname == NULL) {
errno = ENOMEM;
return -1;
}
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_MKDIRAT(handle,
dirfsp,
smb_fname,
mode);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_smb_fname("mkdirat",
timediff,
full_fname);
}
TALLOC_FREE(full_fname);
return result;
}
static int smb_time_audit_closedir(vfs_handle_struct *handle,
DIR *dirp)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("closedir", timediff);
}
return result;
}
static int smb_time_audit_openat(vfs_handle_struct *handle,
const struct files_struct *dirfsp,
const struct smb_filename *smb_fname,
struct files_struct *fsp,
int flags,
mode_t mode)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_OPENAT(handle,
dirfsp,
smb_fname,
fsp,
flags,
mode);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("openat", timediff, fsp);
}
return result;
}
static NTSTATUS smb_time_audit_create_file(vfs_handle_struct *handle,
struct smb_request *req,
struct smb_filename *fname,
uint32_t access_mask,
uint32_t share_access,
uint32_t create_disposition,
uint32_t create_options,
uint32_t file_attributes,
uint32_t oplock_request,
const struct smb2_lease *lease,
uint64_t allocation_size,
uint32_t private_flags,
struct security_descriptor *sd,
struct ea_list *ea_list,
files_struct **result_fsp,
int *pinfo,
const struct smb2_create_blobs *in_context_blobs,
struct smb2_create_blobs *out_context_blobs)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_CREATE_FILE(
handle, /* handle */
req, /* req */
fname, /* fname */
access_mask, /* access_mask */
share_access, /* share_access */
create_disposition, /* create_disposition*/
create_options, /* create_options */
file_attributes, /* file_attributes */
oplock_request, /* oplock_request */
lease, /* lease */
allocation_size, /* allocation_size */
private_flags,
sd, /* sd */
ea_list, /* ea_list */
result_fsp, /* result */
pinfo,
in_context_blobs, out_context_blobs); /* create context */
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
/*
* can't use result_fsp this time, may have
* invalid content causing smbd crash
*/
smb_time_audit_log_smb_fname("create_file", timediff,
fname);
}
return result;
}
static int smb_time_audit_close(vfs_handle_struct *handle, files_struct *fsp)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_CLOSE(handle, fsp);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("close", timediff, fsp);
}
return result;
}
static ssize_t smb_time_audit_pread(vfs_handle_struct *handle,
files_struct *fsp,
void *data, size_t n, off_t offset)
{
ssize_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("pread", timediff, fsp);
}
return result;
}
struct smb_time_audit_pread_state {
struct files_struct *fsp;
ssize_t ret;
struct vfs_aio_state vfs_aio_state;
};
static void smb_time_audit_pread_done(struct tevent_req *subreq);
static struct tevent_req *smb_time_audit_pread_send(
struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
struct tevent_context *ev, struct files_struct *fsp,
void *data, size_t n, off_t offset)
{
struct tevent_req *req, *subreq;
struct smb_time_audit_pread_state *state;
req = tevent_req_create(mem_ctx, &state,
struct smb_time_audit_pread_state);
if (req == NULL) {
return NULL;
}
state->fsp = fsp;
subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
n, offset);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
tevent_req_set_callback(subreq, smb_time_audit_pread_done, req);
return req;
}
static void smb_time_audit_pread_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
struct smb_time_audit_pread_state *state = tevent_req_data(
req, struct smb_time_audit_pread_state);
state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state);
TALLOC_FREE(subreq);
tevent_req_done(req);
}
static ssize_t smb_time_audit_pread_recv(struct tevent_req *req,
struct vfs_aio_state *vfs_aio_state)
{
struct smb_time_audit_pread_state *state = tevent_req_data(
req, struct smb_time_audit_pread_state);
double timediff;
timediff = state->vfs_aio_state.duration * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("async pread", timediff, state->fsp);
}
if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
return -1;
}
*vfs_aio_state = state->vfs_aio_state;
return state->ret;
}
static ssize_t smb_time_audit_pwrite(vfs_handle_struct *handle,
files_struct *fsp,
const void *data, size_t n,
off_t offset)
{
ssize_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("pwrite", timediff, fsp);
}
return result;
}
struct smb_time_audit_pwrite_state {
struct files_struct *fsp;
ssize_t ret;
struct vfs_aio_state vfs_aio_state;
};
static void smb_time_audit_pwrite_done(struct tevent_req *subreq);
static struct tevent_req *smb_time_audit_pwrite_send(
struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
struct tevent_context *ev, struct files_struct *fsp,
const void *data, size_t n, off_t offset)
{
struct tevent_req *req, *subreq;
struct smb_time_audit_pwrite_state *state;
req = tevent_req_create(mem_ctx, &state,
struct smb_time_audit_pwrite_state);
if (req == NULL) {
return NULL;
}
state->fsp = fsp;
subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
n, offset);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
tevent_req_set_callback(subreq, smb_time_audit_pwrite_done, req);
return req;
}
static void smb_time_audit_pwrite_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
struct smb_time_audit_pwrite_state *state = tevent_req_data(
req, struct smb_time_audit_pwrite_state);
state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state);
TALLOC_FREE(subreq);
tevent_req_done(req);
}
static ssize_t smb_time_audit_pwrite_recv(struct tevent_req *req,
struct vfs_aio_state *vfs_aio_state)
{
struct smb_time_audit_pwrite_state *state = tevent_req_data(
req, struct smb_time_audit_pwrite_state);
double timediff;
timediff = state->vfs_aio_state.duration * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("async pwrite", timediff, state->fsp);
}
if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
return -1;
}
*vfs_aio_state = state->vfs_aio_state;
return state->ret;
}
static off_t smb_time_audit_lseek(vfs_handle_struct *handle,
files_struct *fsp,
off_t offset, int whence)
{
off_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("lseek", timediff, fsp);
}
return result;
}
static ssize_t smb_time_audit_sendfile(vfs_handle_struct *handle, int tofd,
files_struct *fromfsp,
const DATA_BLOB *hdr, off_t offset,
size_t n)
{
ssize_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("sendfile", timediff, fromfsp);
}
return result;
}
static ssize_t smb_time_audit_recvfile(vfs_handle_struct *handle, int fromfd,
files_struct *tofsp,
off_t offset,
size_t n)
{
ssize_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("recvfile", timediff, tofsp);
}
return result;
}
static int smb_time_audit_renameat(vfs_handle_struct *handle,
files_struct *srcfsp,
const struct smb_filename *oldname,
files_struct *dstfsp,
const struct smb_filename *newname)
{
int result;
struct timespec ts1,ts2;
double timediff;
struct smb_filename *new_full_fname = NULL;
new_full_fname = full_path_from_dirfsp_atname(talloc_tos(),
dstfsp,
newname);
if (new_full_fname == NULL) {
errno = ENOMEM;
return -1;
}
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_RENAMEAT(handle,
srcfsp,
oldname,
dstfsp,
newname);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_smb_fname("renameat",
timediff,
new_full_fname);
}
TALLOC_FREE(new_full_fname);
return result;
}
struct smb_time_audit_fsync_state {
struct files_struct *fsp;
int ret;
struct vfs_aio_state vfs_aio_state;
};
static void smb_time_audit_fsync_done(struct tevent_req *subreq);
static struct tevent_req *smb_time_audit_fsync_send(
struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
struct tevent_context *ev, struct files_struct *fsp)
{
struct tevent_req *req, *subreq;
struct smb_time_audit_fsync_state *state;
req = tevent_req_create(mem_ctx, &state,
struct smb_time_audit_fsync_state);
if (req == NULL) {
return NULL;
}
state->fsp = fsp;
subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
tevent_req_set_callback(subreq, smb_time_audit_fsync_done, req);
return req;
}
static void smb_time_audit_fsync_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
struct smb_time_audit_fsync_state *state = tevent_req_data(
req, struct smb_time_audit_fsync_state);
state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state);
TALLOC_FREE(subreq);
tevent_req_done(req);
}
static int smb_time_audit_fsync_recv(struct tevent_req *req,
struct vfs_aio_state *vfs_aio_state)
{
struct smb_time_audit_fsync_state *state = tevent_req_data(
req, struct smb_time_audit_fsync_state);
double timediff;
timediff = state->vfs_aio_state.duration * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("async fsync", timediff, state->fsp);
}
if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
return -1;
}
*vfs_aio_state = state->vfs_aio_state;
return state->ret;
}
static int smb_time_audit_stat(vfs_handle_struct *handle,
struct smb_filename *fname)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_STAT(handle, fname);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_smb_fname("stat", timediff, fname);
}
return result;
}
static int smb_time_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
SMB_STRUCT_STAT *sbuf)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fstat", timediff, fsp);
}
return result;
}
static int smb_time_audit_lstat(vfs_handle_struct *handle,
struct smb_filename *path)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_LSTAT(handle, path);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_smb_fname("lstat", timediff, path);
}
return result;
}
static uint64_t smb_time_audit_get_alloc_size(vfs_handle_struct *handle,
files_struct *fsp,
const SMB_STRUCT_STAT *sbuf)
{
uint64_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("get_alloc_size", timediff, fsp);
}
return result;
}
static int smb_time_audit_unlinkat(vfs_handle_struct *handle,
struct files_struct *dirfsp,
const struct smb_filename *path,
int flags)
{
struct smb_filename *full_fname = NULL;
int result;
struct timespec ts1,ts2;
double timediff;
full_fname = full_path_from_dirfsp_atname(talloc_tos(),
dirfsp,
path);
if (full_fname == NULL) {
return -1;
}
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_UNLINKAT(handle,
dirfsp,
path,
flags);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_smb_fname("unlinkat", timediff, full_fname);
}
TALLOC_FREE(full_fname);
return result;
}
static int smb_time_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
mode_t mode)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fchmod", timediff, fsp);
}
return result;
}
static int smb_time_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
uid_t uid, gid_t gid)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fchown", timediff, fsp);
}
return result;
}
static int smb_time_audit_lchown(vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
uid_t uid,
gid_t gid)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("lchown",
timediff,
smb_fname->base_name);
}
return result;
}
static int smb_time_audit_chdir(vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_CHDIR(handle, smb_fname);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("chdir",
timediff,
smb_fname->base_name);
}
return result;
}
static struct smb_filename *smb_time_audit_getwd(vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx)
{
struct smb_filename *result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_GETWD(handle, mem_ctx);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("getwd", timediff);
}
return result;
}
static int smb_time_audit_fntimes(vfs_handle_struct *handle,
files_struct *fsp,
struct smb_file_time *ft)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FNTIMES(handle, fsp, ft);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2, &ts1) * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fntimes", timediff, fsp);
}
return result;
}
static int smb_time_audit_ftruncate(vfs_handle_struct *handle,
files_struct *fsp,
off_t len)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("ftruncate", timediff, fsp);
}
return result;
}
static int smb_time_audit_fallocate(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t mode,
off_t offset,
off_t len)
{
int result;
int saved_errno = 0;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
if (result == -1) {
saved_errno = errno;
}
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fallocate", timediff, fsp);
}
if (result == -1) {
errno = saved_errno;
}
return result;
}
static bool smb_time_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
int op, off_t offset, off_t count,
int type)
{
bool result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("lock", timediff, fsp);
}
return result;
}
static int smb_time_audit_filesystem_sharemode(struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32_t share_access,
uint32_t access_mask)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FILESYSTEM_SHAREMODE(handle,
fsp,
share_access,
access_mask);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("filesystem_sharemode", timediff, fsp);
}
return result;
}
static int smb_time_audit_fcntl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
int cmd, va_list cmd_arg)
{
void *arg;
va_list dup_cmd_arg;
int result;
struct timespec ts1,ts2;
double timediff;
va_copy(dup_cmd_arg, cmd_arg);
arg = va_arg(dup_cmd_arg, void *);
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FCNTL(handle, fsp, cmd, arg);
clock_gettime_mono(&ts2);
va_end(dup_cmd_arg);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fcntl", timediff, fsp);
}
return result;
}
static int smb_time_audit_linux_setlease(vfs_handle_struct *handle,
files_struct *fsp,
int leasetype)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("linux_setlease", timediff, fsp);
}
return result;
}
static bool smb_time_audit_getlock(vfs_handle_struct *handle,
files_struct *fsp,
off_t *poffset, off_t *pcount,
int *ptype, pid_t *ppid)
{
bool result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype,
ppid);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("getlock", timediff, fsp);
}
return result;
}
static int smb_time_audit_symlinkat(vfs_handle_struct *handle,
const struct smb_filename *link_contents,
struct files_struct *dirfsp,
const struct smb_filename *new_smb_fname)
{
struct smb_filename *full_fname = NULL;
int result;
struct timespec ts1,ts2;
double timediff;
full_fname = full_path_from_dirfsp_atname(talloc_tos(),
dirfsp,
new_smb_fname);
if (full_fname == NULL) {
errno = ENOMEM;
return -1;
}
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_SYMLINKAT(handle,
link_contents,
dirfsp,
new_smb_fname);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("symlinkat", timediff,
full_fname->base_name);
}
TALLOC_FREE(full_fname);
return result;
}
static int smb_time_audit_readlinkat(vfs_handle_struct *handle,
const struct files_struct *dirfsp,
const struct smb_filename *smb_fname,
char *buf,
size_t bufsiz)
{
struct smb_filename *full_fname = NULL;
int result;
struct timespec ts1,ts2;
double timediff;
full_fname = full_path_from_dirfsp_atname(talloc_tos(),
dirfsp,
smb_fname);
if (full_fname == NULL) {
errno = ENOMEM;
return -1;
}
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_READLINKAT(handle,
dirfsp,
smb_fname,
buf,
bufsiz);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("readlinkat", timediff,
full_fname->base_name);
}
TALLOC_FREE(full_fname);
return result;
}
static int smb_time_audit_linkat(vfs_handle_struct *handle,
files_struct *srcfsp,
const struct smb_filename *old_smb_fname,
files_struct *dstfsp,
const struct smb_filename *new_smb_fname,
int flags)
{
struct smb_filename *new_full_fname = NULL;
int result;
struct timespec ts1,ts2;
double timediff;
new_full_fname = full_path_from_dirfsp_atname(talloc_tos(),
dstfsp,
new_smb_fname);
if (new_full_fname == NULL) {
errno = ENOMEM;
return -1;
}
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_LINKAT(handle,
srcfsp,
old_smb_fname,
dstfsp,
new_smb_fname,
flags);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("linkat", timediff,
new_full_fname->base_name);
}
TALLOC_FREE(new_full_fname);
return result;
}
static int smb_time_audit_mknodat(vfs_handle_struct *handle,
files_struct *dirfsp,
const struct smb_filename *smb_fname,
mode_t mode,
SMB_DEV_T dev)
{
struct smb_filename *full_fname = NULL;
int result;
struct timespec ts1,ts2;
double timediff;
full_fname = full_path_from_dirfsp_atname(talloc_tos(),
dirfsp,
smb_fname);
if (full_fname == NULL) {
errno = ENOMEM;
return -1;
}
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_MKNODAT(handle,
dirfsp,
smb_fname,
mode,
dev);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_smb_fname("mknodat", timediff, full_fname);
}
TALLOC_FREE(full_fname);
return result;
}
static struct smb_filename *smb_time_audit_realpath(vfs_handle_struct *handle,
TALLOC_CTX *ctx,
const struct smb_filename *smb_fname)
{
struct smb_filename *result_fname;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result_fname = SMB_VFS_NEXT_REALPATH(handle, ctx, smb_fname);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("realpath", timediff,
smb_fname->base_name);
}
return result_fname;
}
static int smb_time_audit_fchflags(vfs_handle_struct *handle,
struct files_struct *fsp,
unsigned int flags)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FCHFLAGS(handle, fsp, flags);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_smb_fname("chflags",
timediff,
fsp->fsp_name);
}
return result;
}
static struct file_id smb_time_audit_file_id_create(struct vfs_handle_struct *handle,
const SMB_STRUCT_STAT *sbuf)
{
struct file_id id_zero;
struct file_id result;
struct timespec ts1,ts2;
double timediff;
ZERO_STRUCT(id_zero);
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("file_id_create", timediff);
}
return result;
}
static uint64_t smb_time_audit_fs_file_id(struct vfs_handle_struct *handle,
const SMB_STRUCT_STAT *sbuf)
{
uint64_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FS_FILE_ID(handle, sbuf);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("fs_file_id", timediff);
}
return result;
}
static NTSTATUS smb_time_audit_fstreaminfo(vfs_handle_struct *handle,
struct files_struct *fsp,
TALLOC_CTX *mem_ctx,
unsigned int *pnum_streams,
struct stream_struct **pstreams)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FSTREAMINFO(handle, fsp, mem_ctx,
pnum_streams, pstreams);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fstreaminfo", timediff, fsp);
}
return result;
}
static int smb_time_audit_get_real_filename(struct vfs_handle_struct *handle,
const struct smb_filename *path,
const char *name,
TALLOC_CTX *mem_ctx,
char **found_name)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
found_name);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("get_real_filename",
timediff, path->base_name);
}
return result;
}
static const char *smb_time_audit_connectpath(vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
const char *result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_CONNECTPATH(handle, smb_fname);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("connectpath", timediff,
smb_fname->base_name);
}
return result;
}
static NTSTATUS smb_time_audit_brl_lock_windows(struct vfs_handle_struct *handle,
struct byte_range_lock *br_lck,
struct lock_struct *plock)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("brl_lock_windows", timediff,
brl_fsp(br_lck));
}
return result;
}
static bool smb_time_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
struct byte_range_lock *br_lck,
const struct lock_struct *plock)
{
bool result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, br_lck, plock);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("brl_unlock_windows", timediff,
brl_fsp(br_lck));
}
return result;
}
static bool smb_time_audit_strict_lock_check(struct vfs_handle_struct *handle,
struct files_struct *fsp,
struct lock_struct *plock)
{
bool result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_STRICT_LOCK_CHECK(handle, fsp, plock);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("strict_lock_check", timediff, fsp);
}
return result;
}
static NTSTATUS smb_time_audit_translate_name(struct vfs_handle_struct *handle,
const char *name,
enum vfs_translate_direction direction,
TALLOC_CTX *mem_ctx,
char **mapped_name)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
mapped_name);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("translate_name", timediff, name);
}
return result;
}
static NTSTATUS smb_time_audit_parent_pathname(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
const struct smb_filename *smb_fname_in,
struct smb_filename **parent_dir_out,
struct smb_filename **atname_out)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_PARENT_PATHNAME(handle,
mem_ctx,
smb_fname_in,
parent_dir_out,
atname_out);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("parent_pathname",
timediff,
smb_fname_in->base_name);
}
return result;
}
static NTSTATUS smb_time_audit_fsctl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
TALLOC_CTX *ctx,
uint32_t function,
uint16_t req_flags,
const uint8_t *_in_data,
uint32_t in_len,
uint8_t **_out_data,
uint32_t max_out_len,
uint32_t *out_len)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FSCTL(handle,
fsp,
ctx,
function,
req_flags,
_in_data,
in_len,
_out_data,
max_out_len,
out_len);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fsctl", timediff, fsp);
}
return result;
}
struct smb_time_audit_get_dos_attributes_state {
struct vfs_aio_state aio_state;
files_struct *dir_fsp;
const struct smb_filename *smb_fname;
uint32_t dosmode;
};
static void smb_time_audit_get_dos_attributes_done(struct tevent_req *subreq);
static struct tevent_req *smb_time_audit_get_dos_attributes_send(
TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct vfs_handle_struct *handle,
files_struct *dir_fsp,
struct smb_filename *smb_fname)
{
struct tevent_req *req = NULL;
struct smb_time_audit_get_dos_attributes_state *state = NULL;
struct tevent_req *subreq = NULL;
req = tevent_req_create(mem_ctx, &state,
struct smb_time_audit_get_dos_attributes_state);
if (req == NULL) {
return NULL;
}
*state = (struct smb_time_audit_get_dos_attributes_state) {
.dir_fsp = dir_fsp,
.smb_fname = smb_fname,
};
subreq = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_SEND(mem_ctx,
ev,
handle,
dir_fsp,
smb_fname);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
tevent_req_set_callback(subreq,
smb_time_audit_get_dos_attributes_done,
req);
return req;
}
static void smb_time_audit_get_dos_attributes_done(struct tevent_req *subreq)
{
struct tevent_req *req =
tevent_req_callback_data(subreq,
struct tevent_req);
struct smb_time_audit_get_dos_attributes_state *state =
tevent_req_data(req,
struct smb_time_audit_get_dos_attributes_state);
NTSTATUS status;
status = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_RECV(subreq,
&state->aio_state,
&state->dosmode);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
}
tevent_req_done(req);
return;
}
static NTSTATUS smb_time_audit_get_dos_attributes_recv(struct tevent_req *req,
struct vfs_aio_state *aio_state,
uint32_t *dosmode)
{
struct smb_time_audit_get_dos_attributes_state *state =
tevent_req_data(req,
struct smb_time_audit_get_dos_attributes_state);
NTSTATUS status;
double timediff;
timediff = state->aio_state.duration * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_at("async get_dos_attributes",
timediff,
state->dir_fsp,
state->smb_fname);
}
if (tevent_req_is_nterror(req, &status)) {
tevent_req_received(req);
return status;
}
*aio_state = state->aio_state;
*dosmode = state->dosmode;
tevent_req_received(req);
return NT_STATUS_OK;
}
static NTSTATUS smb_time_fget_dos_attributes(struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32_t *dosmode)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle,
fsp,
dosmode);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fget_dos_attributes", timediff, fsp);
}
return result;
}
static NTSTATUS smb_time_fset_dos_attributes(struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32_t dosmode)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle,
fsp,
dosmode);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fset_dos_attributes", timediff, fsp);
}
return result;
}
struct time_audit_offload_read_state {
struct vfs_handle_struct *handle;
struct timespec ts_send;
uint32_t flags;
uint64_t xferlen;
DATA_BLOB token_blob;
};
static void smb_time_audit_offload_read_done(struct tevent_req *subreq);
static struct tevent_req *smb_time_audit_offload_read_send(
TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32_t fsctl,
uint32_t ttl,
off_t offset,
size_t to_copy)
{
struct tevent_req *req = NULL;
struct tevent_req *subreq = NULL;
struct time_audit_offload_read_state *state = NULL;
req = tevent_req_create(mem_ctx, &state,
struct time_audit_offload_read_state);
if (req == NULL) {
return NULL;
}
state->handle = handle;
clock_gettime_mono(&state->ts_send);
subreq = SMB_VFS_NEXT_OFFLOAD_READ_SEND(mem_ctx, ev,
handle, fsp,
fsctl, ttl,
offset, to_copy);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
tevent_req_set_callback(subreq, smb_time_audit_offload_read_done, req);
return req;
}
static void smb_time_audit_offload_read_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
struct time_audit_offload_read_state *state = tevent_req_data(
req, struct time_audit_offload_read_state);
NTSTATUS status;
status = SMB_VFS_NEXT_OFFLOAD_READ_RECV(subreq,
state->handle,
state,
&state->flags,
&state->xferlen,
&state->token_blob);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
}
tevent_req_done(req);
}
static NTSTATUS smb_time_audit_offload_read_recv(
struct tevent_req *req,
struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
uint32_t *flags,
uint64_t *xferlen,
DATA_BLOB *token_blob)
{
struct time_audit_offload_read_state *state = tevent_req_data(
req, struct time_audit_offload_read_state);
struct timespec ts_recv;
double timediff;
NTSTATUS status;
clock_gettime_mono(&ts_recv);
timediff = nsec_time_diff(&ts_recv, &state->ts_send) * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("offload_read", timediff);
}
if (tevent_req_is_nterror(req, &status)) {
tevent_req_received(req);
return status;
}
*flags = state->flags;
*xferlen = state->xferlen;
token_blob->length = state->token_blob.length;
token_blob->data = talloc_move(mem_ctx, &state->token_blob.data);
tevent_req_received(req);
return NT_STATUS_OK;
}
struct time_audit_offload_write_state {
struct timespec ts_send;
struct vfs_handle_struct *handle;
off_t copied;
};
static void smb_time_audit_offload_write_done(struct tevent_req *subreq);
static struct tevent_req *smb_time_audit_offload_write_send(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
uint32_t fsctl,
DATA_BLOB *token,
off_t transfer_offset,
struct files_struct *dest_fsp,
off_t dest_off,
off_t num)
{
struct tevent_req *req;
struct tevent_req *subreq;
struct time_audit_offload_write_state *state;
req = tevent_req_create(mem_ctx, &state,
struct time_audit_offload_write_state);
if (req == NULL) {
return NULL;
}
state->handle = handle;
clock_gettime_mono(&state->ts_send);
subreq = SMB_VFS_NEXT_OFFLOAD_WRITE_SEND(handle, state, ev,
fsctl, token, transfer_offset,
dest_fsp, dest_off, num);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
tevent_req_set_callback(subreq, smb_time_audit_offload_write_done, req);
return req;
}
static void smb_time_audit_offload_write_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
struct time_audit_offload_write_state *state = tevent_req_data(
req, struct time_audit_offload_write_state);
NTSTATUS status;
status = SMB_VFS_NEXT_OFFLOAD_WRITE_RECV(state->handle,
subreq,
&state->copied);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
}
tevent_req_done(req);
}
static NTSTATUS smb_time_audit_offload_write_recv(struct vfs_handle_struct *handle,
struct tevent_req *req,
off_t *copied)
{
struct time_audit_offload_write_state *state = tevent_req_data(
req, struct time_audit_offload_write_state);
struct timespec ts_recv;
double timediff;
NTSTATUS status;
clock_gettime_mono(&ts_recv);
timediff = nsec_time_diff(&ts_recv, &state->ts_send)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("offload_write", timediff);
}
*copied = state->copied;
if (tevent_req_is_nterror(req, &status)) {
tevent_req_received(req);
return status;
}
tevent_req_received(req);
return NT_STATUS_OK;
}
static NTSTATUS smb_time_audit_fget_compression(vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
struct files_struct *fsp,
uint16_t *_compression_fmt)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FGET_COMPRESSION(handle, mem_ctx, fsp,
_compression_fmt);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("get_compression",
timediff, fsp);
}
return result;
}
static NTSTATUS smb_time_audit_set_compression(vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
struct files_struct *fsp,
uint16_t compression_fmt)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_SET_COMPRESSION(handle, mem_ctx, fsp,
compression_fmt);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("set_compression", timediff, fsp);
}
return result;
}
static NTSTATUS smb_time_audit_freaddir_attr(struct vfs_handle_struct *handle,
struct files_struct *fsp,
TALLOC_CTX *mem_ctx,
struct readdir_attr_data **pattr_data)
{
NTSTATUS status;
struct timespec ts1, ts2;
double timediff;
clock_gettime_mono(&ts1);
status = SMB_VFS_NEXT_FREADDIR_ATTR(handle, fsp, mem_ctx, pattr_data);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2, &ts1) * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("freaddir_attr", timediff, fsp);
}
return status;
}
static NTSTATUS smb_time_audit_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
mem_ctx, ppdesc);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fget_nt_acl", timediff, fsp);
}
return result;
}
static NTSTATUS smb_time_audit_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t security_info_sent,
const struct security_descriptor *psd)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent,
psd);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fset_nt_acl", timediff, fsp);
}
return result;
}
static NTSTATUS smb_time_audit_audit_file(struct vfs_handle_struct *handle,
struct smb_filename *smb_fname,
struct security_acl *sacl,
uint32_t access_requested,
uint32_t access_denied)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_AUDIT_FILE(handle,
smb_fname,
sacl,
access_requested,
access_denied);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fname("audit_file",
timediff,
smb_fname->base_name);
}
return result;
}
static SMB_ACL_T smb_time_audit_sys_acl_get_fd(vfs_handle_struct *handle,
files_struct *fsp,
SMB_ACL_TYPE_T type,
TALLOC_CTX *mem_ctx)
{
SMB_ACL_T result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, type, mem_ctx);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("sys_acl_get_fd", timediff, fsp);
}
return result;
}
static int smb_time_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
files_struct *fsp,
TALLOC_CTX *mem_ctx,
char **blob_description,
DATA_BLOB *blob)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("sys_acl_blob_get_fd", timediff);
}
return result;
}
static int smb_time_audit_sys_acl_set_fd(vfs_handle_struct *handle,
files_struct *fsp,
SMB_ACL_TYPE_T type,
SMB_ACL_T theacl)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, type, theacl);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("sys_acl_set_fd", timediff, fsp);
}
return result;
}
static int smb_time_audit_sys_acl_delete_def_fd(vfs_handle_struct *handle,
files_struct *fsp)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FD(handle, fsp);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("sys_acl_delete_def_fd", timediff, fsp);
}
return result;
}
struct smb_time_audit_getxattrat_state {
struct vfs_aio_state aio_state;
files_struct *dir_fsp;
const struct smb_filename *smb_fname;
const char *xattr_name;
ssize_t xattr_size;
uint8_t *xattr_value;
};
static void smb_time_audit_getxattrat_done(struct tevent_req *subreq);
static struct tevent_req *smb_time_audit_getxattrat_send(
TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct vfs_handle_struct *handle,
files_struct *dir_fsp,
const struct smb_filename *smb_fname,
const char *xattr_name,
size_t alloc_hint)
{
struct tevent_req *req = NULL;
struct tevent_req *subreq = NULL;
struct smb_time_audit_getxattrat_state *state = NULL;
req = tevent_req_create(mem_ctx, &state,
struct smb_time_audit_getxattrat_state);
if (req == NULL) {
return NULL;
}
*state = (struct smb_time_audit_getxattrat_state) {
.dir_fsp = dir_fsp,
.smb_fname = smb_fname,
.xattr_name = xattr_name,
};
subreq = SMB_VFS_NEXT_GETXATTRAT_SEND(state,
ev,
handle,
dir_fsp,
smb_fname,
xattr_name,
alloc_hint);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
tevent_req_set_callback(subreq, smb_time_audit_getxattrat_done, req);
return req;
}
static void smb_time_audit_getxattrat_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
struct smb_time_audit_getxattrat_state *state = tevent_req_data(
req, struct smb_time_audit_getxattrat_state);
state->xattr_size = SMB_VFS_NEXT_GETXATTRAT_RECV(subreq,
&state->aio_state,
state,
&state->xattr_value);
TALLOC_FREE(subreq);
if (state->xattr_size == -1) {
tevent_req_error(req, state->aio_state.error);
return;
}
tevent_req_done(req);
}
static ssize_t smb_time_audit_getxattrat_recv(struct tevent_req *req,
struct vfs_aio_state *aio_state,
TALLOC_CTX *mem_ctx,
uint8_t **xattr_value)
{
struct smb_time_audit_getxattrat_state *state = tevent_req_data(
req, struct smb_time_audit_getxattrat_state);
ssize_t xattr_size;
double timediff;
timediff = state->aio_state.duration * 1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_at("async getxattrat",
timediff,
state->dir_fsp,
state->smb_fname);
}
if (tevent_req_is_unix_error(req, &aio_state->error)) {
tevent_req_received(req);
return -1;
}
*aio_state = state->aio_state;
xattr_size = state->xattr_size;
if (xattr_value != NULL) {
*xattr_value = talloc_move(mem_ctx, &state->xattr_value);
}
tevent_req_received(req);
return xattr_size;
}
static ssize_t smb_time_audit_fgetxattr(struct vfs_handle_struct *handle,
struct files_struct *fsp,
const char *name, void *value,
size_t size)
{
ssize_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fgetxattr", timediff, fsp);
}
return result;
}
static ssize_t smb_time_audit_flistxattr(struct vfs_handle_struct *handle,
struct files_struct *fsp, char *list,
size_t size)
{
ssize_t result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("flistxattr", timediff, fsp);
}
return result;
}
static int smb_time_audit_fremovexattr(struct vfs_handle_struct *handle,
struct files_struct *fsp,
const char *name)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fremovexattr", timediff, fsp);
}
return result;
}
static int smb_time_audit_fsetxattr(struct vfs_handle_struct *handle,
struct files_struct *fsp, const char *name,
const void *value, size_t size, int flags)
{
int result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("fsetxattr", timediff, fsp);
}
return result;
}
static bool smb_time_audit_aio_force(struct vfs_handle_struct *handle,
struct files_struct *fsp)
{
bool result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("aio_force", timediff, fsp);
}
return result;
}
static NTSTATUS smb_time_audit_durable_cookie(struct vfs_handle_struct *handle,
struct files_struct *fsp,
TALLOC_CTX *mem_ctx,
DATA_BLOB *cookie)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_DURABLE_COOKIE(handle, fsp, mem_ctx, cookie);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("durable_cookie", timediff, fsp);
}
return result;
}
static NTSTATUS smb_time_audit_durable_disconnect(struct vfs_handle_struct *handle,
struct files_struct *fsp,
const DATA_BLOB old_cookie,
TALLOC_CTX *mem_ctx,
DATA_BLOB *new_cookie)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_DURABLE_DISCONNECT(handle, fsp, old_cookie,
mem_ctx, new_cookie);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log_fsp("durable_disconnect", timediff, fsp);
}
return result;
}
static NTSTATUS smb_time_audit_durable_reconnect(struct vfs_handle_struct *handle,
struct smb_request *smb1req,
struct smbXsrv_open *op,
const DATA_BLOB old_cookie,
TALLOC_CTX *mem_ctx,
struct files_struct **fsp,
DATA_BLOB *new_cookie)
{
NTSTATUS result;
struct timespec ts1,ts2;
double timediff;
clock_gettime_mono(&ts1);
result = SMB_VFS_NEXT_DURABLE_RECONNECT(handle, smb1req, op, old_cookie,
mem_ctx, fsp, new_cookie);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
smb_time_audit_log("durable_reconnect", timediff);
}
return result;
}
/* VFS operations */
static struct vfs_fn_pointers vfs_time_audit_fns = {
.connect_fn = smb_time_audit_connect,
.disconnect_fn = smb_time_audit_disconnect,
.disk_free_fn = smb_time_audit_disk_free,
.get_quota_fn = smb_time_audit_get_quota,
.set_quota_fn = smb_time_audit_set_quota,
.get_shadow_copy_data_fn = smb_time_audit_get_shadow_copy_data,
.statvfs_fn = smb_time_audit_statvfs,
.fs_capabilities_fn = smb_time_audit_fs_capabilities,
.get_dfs_referrals_fn = smb_time_audit_get_dfs_referrals,
.create_dfs_pathat_fn = smb_time_audit_create_dfs_pathat,
.read_dfs_pathat_fn = smb_time_audit_read_dfs_pathat,
.fdopendir_fn = smb_time_audit_fdopendir,
.readdir_fn = smb_time_audit_readdir,
.seekdir_fn = smb_time_audit_seekdir,
.telldir_fn = smb_time_audit_telldir,
.rewind_dir_fn = smb_time_audit_rewinddir,
.mkdirat_fn = smb_time_audit_mkdirat,
.closedir_fn = smb_time_audit_closedir,
.openat_fn = smb_time_audit_openat,
.create_file_fn = smb_time_audit_create_file,
.close_fn = smb_time_audit_close,
.pread_fn = smb_time_audit_pread,
.pread_send_fn = smb_time_audit_pread_send,
.pread_recv_fn = smb_time_audit_pread_recv,
.pwrite_fn = smb_time_audit_pwrite,
.pwrite_send_fn = smb_time_audit_pwrite_send,
.pwrite_recv_fn = smb_time_audit_pwrite_recv,
.lseek_fn = smb_time_audit_lseek,
.sendfile_fn = smb_time_audit_sendfile,
.recvfile_fn = smb_time_audit_recvfile,
.renameat_fn = smb_time_audit_renameat,
.fsync_send_fn = smb_time_audit_fsync_send,
.fsync_recv_fn = smb_time_audit_fsync_recv,
.stat_fn = smb_time_audit_stat,
.fstat_fn = smb_time_audit_fstat,
.lstat_fn = smb_time_audit_lstat,
.get_alloc_size_fn = smb_time_audit_get_alloc_size,
.unlinkat_fn = smb_time_audit_unlinkat,
.fchmod_fn = smb_time_audit_fchmod,
.fchown_fn = smb_time_audit_fchown,
.lchown_fn = smb_time_audit_lchown,
.chdir_fn = smb_time_audit_chdir,
.getwd_fn = smb_time_audit_getwd,
.fntimes_fn = smb_time_audit_fntimes,
.ftruncate_fn = smb_time_audit_ftruncate,
.fallocate_fn = smb_time_audit_fallocate,
.lock_fn = smb_time_audit_lock,
.filesystem_sharemode_fn = smb_time_audit_filesystem_sharemode,
.fcntl_fn = smb_time_audit_fcntl,
.linux_setlease_fn = smb_time_audit_linux_setlease,
.getlock_fn = smb_time_audit_getlock,
.symlinkat_fn = smb_time_audit_symlinkat,
.readlinkat_fn = smb_time_audit_readlinkat,
.linkat_fn = smb_time_audit_linkat,
.mknodat_fn = smb_time_audit_mknodat,
.realpath_fn = smb_time_audit_realpath,
.fchflags_fn = smb_time_audit_fchflags,
.file_id_create_fn = smb_time_audit_file_id_create,
.fs_file_id_fn = smb_time_audit_fs_file_id,
.offload_read_send_fn = smb_time_audit_offload_read_send,
.offload_read_recv_fn = smb_time_audit_offload_read_recv,
.offload_write_send_fn = smb_time_audit_offload_write_send,
.offload_write_recv_fn = smb_time_audit_offload_write_recv,
.fget_compression_fn = smb_time_audit_fget_compression,
.set_compression_fn = smb_time_audit_set_compression,
.snap_check_path_fn = smb_time_audit_snap_check_path,
.snap_create_fn = smb_time_audit_snap_create,
.snap_delete_fn = smb_time_audit_snap_delete,
.fstreaminfo_fn = smb_time_audit_fstreaminfo,
.get_real_filename_fn = smb_time_audit_get_real_filename,
.connectpath_fn = smb_time_audit_connectpath,
.brl_lock_windows_fn = smb_time_audit_brl_lock_windows,
.brl_unlock_windows_fn = smb_time_audit_brl_unlock_windows,
.strict_lock_check_fn = smb_time_audit_strict_lock_check,
.translate_name_fn = smb_time_audit_translate_name,
.parent_pathname_fn = smb_time_audit_parent_pathname,
.fsctl_fn = smb_time_audit_fsctl,
.get_dos_attributes_send_fn = smb_time_audit_get_dos_attributes_send,
.get_dos_attributes_recv_fn = smb_time_audit_get_dos_attributes_recv,
.fget_dos_attributes_fn = smb_time_fget_dos_attributes,
.fset_dos_attributes_fn = smb_time_fset_dos_attributes,
.fget_nt_acl_fn = smb_time_audit_fget_nt_acl,
.fset_nt_acl_fn = smb_time_audit_fset_nt_acl,
.audit_file_fn = smb_time_audit_audit_file,
.sys_acl_get_fd_fn = smb_time_audit_sys_acl_get_fd,
.sys_acl_blob_get_fd_fn = smb_time_audit_sys_acl_blob_get_fd,
.sys_acl_set_fd_fn = smb_time_audit_sys_acl_set_fd,
.sys_acl_delete_def_fd_fn = smb_time_audit_sys_acl_delete_def_fd,
.getxattrat_send_fn = smb_time_audit_getxattrat_send,
.getxattrat_recv_fn = smb_time_audit_getxattrat_recv,
.fgetxattr_fn = smb_time_audit_fgetxattr,
.flistxattr_fn = smb_time_audit_flistxattr,
.fremovexattr_fn = smb_time_audit_fremovexattr,
.fsetxattr_fn = smb_time_audit_fsetxattr,
.aio_force_fn = smb_time_audit_aio_force,
.durable_cookie_fn = smb_time_audit_durable_cookie,
.durable_disconnect_fn = smb_time_audit_durable_disconnect,
.durable_reconnect_fn = smb_time_audit_durable_reconnect,
.freaddir_attr_fn = smb_time_audit_freaddir_attr,
};
static_decl_vfs;
NTSTATUS vfs_time_audit_init(TALLOC_CTX *ctx)
{
smb_vfs_assert_all_fns(&vfs_time_audit_fns, "time_audit");
audit_timeout = (double)lp_parm_int(-1, "time_audit", "timeout",
10000) / 1000.0;
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "time_audit",
&vfs_time_audit_fns);
}
View Git Blame Copy Permalink