diff options
Diffstat (limited to 'source3/modules/vfs_full_audit.c')
-rw-r--r-- | source3/modules/vfs_full_audit.c | 3062 |
1 files changed, 3062 insertions, 0 deletions
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c new file mode 100644 index 0000000..25fd0ca --- /dev/null +++ b/source3/modules/vfs_full_audit.c @@ -0,0 +1,3062 @@ +/* + * Auditing VFS module for samba. Log selected file operations to syslog + * facility. + * + * Copyright (C) Tim Potter, 1999-2000 + * Copyright (C) Alexander Bokovoy, 2002 + * Copyright (C) John H Terpstra, 2003 + * Copyright (C) Stefan (metze) Metzmacher, 2003 + * Copyright (C) Volker Lendecke, 2004 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +/* + * This module implements parseable logging for all Samba VFS operations. + * + * You use it as follows: + * + * [tmp] + * path = /tmp + * vfs objects = full_audit + * full_audit:prefix = %u|%I + * full_audit:success = open opendir create_file + * full_audit:failure = all + * + * vfs op can be "all" which means log all operations. + * vfs op can be "none" which means no logging. + * + * This leads to syslog entries of the form: + * smbd_audit: nobody|192.168.234.1|opendir|ok|/tmp + * smbd_audit: nobody|192.168.234.1|create_file|fail (No such file or directory)|0x1|file|open|/ts/doesNotExist + * smbd_audit: nobody|192.168.234.1|open|ok|w|/tmp/file.txt + * smbd_audit: nobody|192.168.234.1|create_file|ok|0x3|file|open|/tmp/file.txt + * + * where "nobody" is the connected username and "192.168.234.1" is the + * client's IP address. + * + * Options: + * + * prefix: A macro expansion template prepended to the syslog entry. + * + * success: A list of VFS operations for which a successful completion should + * be logged. Defaults to no logging at all. The special operation "all" logs + * - you guessed it - everything. + * + * failure: A list of VFS operations for which failure to complete should be + * logged. Defaults to logging everything. + */ + + +#include "includes.h" +#include "system/filesys.h" +#include "system/syslog.h" +#include "smbd/smbd.h" +#include "../librpc/gen_ndr/ndr_netlogon.h" +#include "auth.h" +#include "ntioctl.h" +#include "lib/param/loadparm.h" +#include "lib/util/bitmap.h" +#include "lib/util/tevent_unix.h" +#include "libcli/security/sddl.h" +#include "passdb/machine_sid.h" +#include "lib/util/tevent_ntstatus.h" +#include "lib/util/string_wrappers.h" +#include "source3/lib/substitute.h" + +static int vfs_full_audit_debug_level = DBGC_VFS; + +struct vfs_full_audit_private_data { + struct bitmap *success_ops; + struct bitmap *failure_ops; + int syslog_facility; + int syslog_priority; + bool log_secdesc; + bool do_syslog; +}; + +#undef DBGC_CLASS +#define DBGC_CLASS vfs_full_audit_debug_level + +typedef enum _vfs_op_type { + SMB_VFS_OP_NOOP = -1, + + /* Disk operations */ + + SMB_VFS_OP_CONNECT = 0, + SMB_VFS_OP_DISCONNECT, + SMB_VFS_OP_DISK_FREE, + SMB_VFS_OP_GET_QUOTA, + SMB_VFS_OP_SET_QUOTA, + SMB_VFS_OP_GET_SHADOW_COPY_DATA, + SMB_VFS_OP_STATVFS, + SMB_VFS_OP_FS_CAPABILITIES, + SMB_VFS_OP_GET_DFS_REFERRALS, + SMB_VFS_OP_CREATE_DFS_PATHAT, + SMB_VFS_OP_READ_DFS_PATHAT, + + /* Directory operations */ + + SMB_VFS_OP_FDOPENDIR, + SMB_VFS_OP_READDIR, + SMB_VFS_OP_SEEKDIR, + SMB_VFS_OP_TELLDIR, + SMB_VFS_OP_REWINDDIR, + SMB_VFS_OP_MKDIRAT, + SMB_VFS_OP_CLOSEDIR, + + /* File operations */ + + SMB_VFS_OP_OPEN, + SMB_VFS_OP_OPENAT, + SMB_VFS_OP_CREATE_FILE, + SMB_VFS_OP_CLOSE, + SMB_VFS_OP_READ, + SMB_VFS_OP_PREAD, + SMB_VFS_OP_PREAD_SEND, + SMB_VFS_OP_PREAD_RECV, + SMB_VFS_OP_WRITE, + SMB_VFS_OP_PWRITE, + SMB_VFS_OP_PWRITE_SEND, + SMB_VFS_OP_PWRITE_RECV, + SMB_VFS_OP_LSEEK, + SMB_VFS_OP_SENDFILE, + SMB_VFS_OP_RECVFILE, + SMB_VFS_OP_RENAMEAT, + SMB_VFS_OP_FSYNC, + SMB_VFS_OP_FSYNC_SEND, + SMB_VFS_OP_FSYNC_RECV, + SMB_VFS_OP_STAT, + SMB_VFS_OP_FSTAT, + SMB_VFS_OP_LSTAT, + SMB_VFS_OP_FSTATAT, + SMB_VFS_OP_GET_ALLOC_SIZE, + SMB_VFS_OP_UNLINKAT, + SMB_VFS_OP_FCHMOD, + SMB_VFS_OP_FCHOWN, + SMB_VFS_OP_LCHOWN, + SMB_VFS_OP_CHDIR, + SMB_VFS_OP_GETWD, + SMB_VFS_OP_NTIMES, + SMB_VFS_OP_FNTIMES, + SMB_VFS_OP_FTRUNCATE, + SMB_VFS_OP_FALLOCATE, + SMB_VFS_OP_LOCK, + SMB_VFS_OP_FILESYSTEM_SHAREMODE, + SMB_VFS_OP_FCNTL, + SMB_VFS_OP_LINUX_SETLEASE, + SMB_VFS_OP_GETLOCK, + SMB_VFS_OP_SYMLINKAT, + SMB_VFS_OP_READLINKAT, + SMB_VFS_OP_LINKAT, + SMB_VFS_OP_MKNODAT, + SMB_VFS_OP_REALPATH, + SMB_VFS_OP_FCHFLAGS, + SMB_VFS_OP_FILE_ID_CREATE, + SMB_VFS_OP_FS_FILE_ID, + SMB_VFS_OP_FSTREAMINFO, + SMB_VFS_OP_GET_REAL_FILENAME, + SMB_VFS_OP_GET_REAL_FILENAME_AT, + SMB_VFS_OP_CONNECTPATH, + SMB_VFS_OP_BRL_LOCK_WINDOWS, + SMB_VFS_OP_BRL_UNLOCK_WINDOWS, + SMB_VFS_OP_STRICT_LOCK_CHECK, + SMB_VFS_OP_TRANSLATE_NAME, + SMB_VFS_OP_PARENT_PATHNAME, + SMB_VFS_OP_FSCTL, + SMB_VFS_OP_OFFLOAD_READ_SEND, + SMB_VFS_OP_OFFLOAD_READ_RECV, + SMB_VFS_OP_OFFLOAD_WRITE_SEND, + SMB_VFS_OP_OFFLOAD_WRITE_RECV, + SMB_VFS_OP_FGET_COMPRESSION, + SMB_VFS_OP_SET_COMPRESSION, + SMB_VFS_OP_SNAP_CHECK_PATH, + SMB_VFS_OP_SNAP_CREATE, + SMB_VFS_OP_SNAP_DELETE, + + /* DOS attribute operations. */ + SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND, + SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV, + SMB_VFS_OP_FGET_DOS_ATTRIBUTES, + SMB_VFS_OP_FSET_DOS_ATTRIBUTES, + + /* NT ACL operations. */ + + SMB_VFS_OP_FGET_NT_ACL, + SMB_VFS_OP_FSET_NT_ACL, + SMB_VFS_OP_AUDIT_FILE, + + /* POSIX ACL operations. */ + + SMB_VFS_OP_SYS_ACL_GET_FD, + SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, + SMB_VFS_OP_SYS_ACL_SET_FD, + SMB_VFS_OP_SYS_ACL_DELETE_DEF_FD, + + /* EA operations. */ + SMB_VFS_OP_GETXATTRAT_SEND, + SMB_VFS_OP_GETXATTRAT_RECV, + SMB_VFS_OP_FGETXATTR, + SMB_VFS_OP_FLISTXATTR, + SMB_VFS_OP_REMOVEXATTR, + SMB_VFS_OP_FREMOVEXATTR, + SMB_VFS_OP_FSETXATTR, + + /* aio operations */ + SMB_VFS_OP_AIO_FORCE, + + /* offline operations */ + SMB_VFS_OP_IS_OFFLINE, + SMB_VFS_OP_SET_OFFLINE, + + /* Durable handle operations. */ + SMB_VFS_OP_DURABLE_COOKIE, + SMB_VFS_OP_DURABLE_DISCONNECT, + SMB_VFS_OP_DURABLE_RECONNECT, + + SMB_VFS_OP_FREADDIR_ATTR, + + /* This should always be last enum value */ + + SMB_VFS_OP_LAST +} vfs_op_type; + +/* The following array *must* be in the same order as defined in vfs_op_type */ + +static struct { + vfs_op_type type; + const char *name; +} vfs_op_names[] = { + { SMB_VFS_OP_CONNECT, "connect" }, + { SMB_VFS_OP_DISCONNECT, "disconnect" }, + { SMB_VFS_OP_DISK_FREE, "disk_free" }, + { SMB_VFS_OP_GET_QUOTA, "get_quota" }, + { SMB_VFS_OP_SET_QUOTA, "set_quota" }, + { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" }, + { SMB_VFS_OP_STATVFS, "statvfs" }, + { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" }, + { SMB_VFS_OP_GET_DFS_REFERRALS, "get_dfs_referrals" }, + { SMB_VFS_OP_CREATE_DFS_PATHAT, "create_dfs_pathat" }, + { SMB_VFS_OP_READ_DFS_PATHAT, "read_dfs_pathat" }, + { SMB_VFS_OP_FDOPENDIR, "fdopendir" }, + { SMB_VFS_OP_READDIR, "readdir" }, + { SMB_VFS_OP_SEEKDIR, "seekdir" }, + { SMB_VFS_OP_TELLDIR, "telldir" }, + { SMB_VFS_OP_REWINDDIR, "rewinddir" }, + { SMB_VFS_OP_MKDIRAT, "mkdirat" }, + { SMB_VFS_OP_CLOSEDIR, "closedir" }, + { SMB_VFS_OP_OPEN, "open" }, + { SMB_VFS_OP_OPENAT, "openat" }, + { SMB_VFS_OP_CREATE_FILE, "create_file" }, + { SMB_VFS_OP_CLOSE, "close" }, + { SMB_VFS_OP_READ, "read" }, + { SMB_VFS_OP_PREAD, "pread" }, + { SMB_VFS_OP_PREAD_SEND, "pread_send" }, + { SMB_VFS_OP_PREAD_RECV, "pread_recv" }, + { SMB_VFS_OP_WRITE, "write" }, + { SMB_VFS_OP_PWRITE, "pwrite" }, + { SMB_VFS_OP_PWRITE_SEND, "pwrite_send" }, + { SMB_VFS_OP_PWRITE_RECV, "pwrite_recv" }, + { SMB_VFS_OP_LSEEK, "lseek" }, + { SMB_VFS_OP_SENDFILE, "sendfile" }, + { SMB_VFS_OP_RECVFILE, "recvfile" }, + { SMB_VFS_OP_RENAMEAT, "renameat" }, + { SMB_VFS_OP_FSYNC, "fsync" }, + { SMB_VFS_OP_FSYNC_SEND, "fsync_send" }, + { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" }, + { SMB_VFS_OP_STAT, "stat" }, + { SMB_VFS_OP_FSTAT, "fstat" }, + { SMB_VFS_OP_LSTAT, "lstat" }, + { SMB_VFS_OP_FSTATAT, "fstatat" }, + { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" }, + { SMB_VFS_OP_UNLINKAT, "unlinkat" }, + { SMB_VFS_OP_FCHMOD, "fchmod" }, + { SMB_VFS_OP_FCHOWN, "fchown" }, + { SMB_VFS_OP_LCHOWN, "lchown" }, + { SMB_VFS_OP_CHDIR, "chdir" }, + { SMB_VFS_OP_GETWD, "getwd" }, + { SMB_VFS_OP_NTIMES, "ntimes" }, + { SMB_VFS_OP_FNTIMES, "fntimes" }, + { SMB_VFS_OP_FTRUNCATE, "ftruncate" }, + { SMB_VFS_OP_FALLOCATE,"fallocate" }, + { SMB_VFS_OP_LOCK, "lock" }, + { SMB_VFS_OP_FILESYSTEM_SHAREMODE, "filesystem_sharemode" }, + { SMB_VFS_OP_FCNTL, "fcntl" }, + { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" }, + { SMB_VFS_OP_GETLOCK, "getlock" }, + { SMB_VFS_OP_SYMLINKAT, "symlinkat" }, + { SMB_VFS_OP_READLINKAT,"readlinkat" }, + { SMB_VFS_OP_LINKAT, "linkat" }, + { SMB_VFS_OP_MKNODAT, "mknodat" }, + { SMB_VFS_OP_REALPATH, "realpath" }, + { SMB_VFS_OP_FCHFLAGS, "fchflags" }, + { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" }, + { SMB_VFS_OP_FS_FILE_ID, "fs_file_id" }, + { SMB_VFS_OP_FSTREAMINFO, "fstreaminfo" }, + { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" }, + { SMB_VFS_OP_GET_REAL_FILENAME_AT, "get_real_filename_at" }, + { SMB_VFS_OP_CONNECTPATH, "connectpath" }, + { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" }, + { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" }, + { SMB_VFS_OP_STRICT_LOCK_CHECK, "strict_lock_check" }, + { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" }, + { SMB_VFS_OP_PARENT_PATHNAME, "parent_pathname" }, + { SMB_VFS_OP_FSCTL, "fsctl" }, + { SMB_VFS_OP_OFFLOAD_READ_SEND, "offload_read_send" }, + { SMB_VFS_OP_OFFLOAD_READ_RECV, "offload_read_recv" }, + { SMB_VFS_OP_OFFLOAD_WRITE_SEND, "offload_write_send" }, + { SMB_VFS_OP_OFFLOAD_WRITE_RECV, "offload_write_recv" }, + { SMB_VFS_OP_FGET_COMPRESSION, "fget_compression" }, + { SMB_VFS_OP_SET_COMPRESSION, "set_compression" }, + { SMB_VFS_OP_SNAP_CHECK_PATH, "snap_check_path" }, + { SMB_VFS_OP_SNAP_CREATE, "snap_create" }, + { SMB_VFS_OP_SNAP_DELETE, "snap_delete" }, + { SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND, "get_dos_attributes_send" }, + { SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV, "get_dos_attributes_recv" }, + { SMB_VFS_OP_FGET_DOS_ATTRIBUTES, "fget_dos_attributes" }, + { SMB_VFS_OP_FSET_DOS_ATTRIBUTES, "fset_dos_attributes" }, + { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" }, + { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" }, + { SMB_VFS_OP_AUDIT_FILE, "audit_file" }, + { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" }, + { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" }, + { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" }, + { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FD, "sys_acl_delete_def_fd" }, + { SMB_VFS_OP_GETXATTRAT_SEND, "getxattrat_send" }, + { SMB_VFS_OP_GETXATTRAT_RECV, "getxattrat_recv" }, + { SMB_VFS_OP_FGETXATTR, "fgetxattr" }, + { SMB_VFS_OP_FLISTXATTR, "flistxattr" }, + { SMB_VFS_OP_REMOVEXATTR, "removexattr" }, + { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" }, + { SMB_VFS_OP_FSETXATTR, "fsetxattr" }, + { SMB_VFS_OP_AIO_FORCE, "aio_force" }, + { SMB_VFS_OP_IS_OFFLINE, "is_offline" }, + { SMB_VFS_OP_SET_OFFLINE, "set_offline" }, + { SMB_VFS_OP_DURABLE_COOKIE, "durable_cookie" }, + { SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" }, + { SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" }, + { SMB_VFS_OP_FREADDIR_ATTR, "freaddir_attr" }, + { SMB_VFS_OP_LAST, NULL } +}; + +static int audit_syslog_facility(vfs_handle_struct *handle) +{ + static const struct enum_list enum_log_facilities[] = { +#ifdef LOG_AUTH + { LOG_AUTH, "AUTH" }, +#endif +#ifdef LOG_AUTHPRIV + { LOG_AUTHPRIV, "AUTHPRIV" }, +#endif +#ifdef LOG_AUDIT + { LOG_AUDIT, "AUDIT" }, +#endif +#ifdef LOG_CONSOLE + { LOG_CONSOLE, "CONSOLE" }, +#endif +#ifdef LOG_CRON + { LOG_CRON, "CRON" }, +#endif +#ifdef LOG_DAEMON + { LOG_DAEMON, "DAEMON" }, +#endif +#ifdef LOG_FTP + { LOG_FTP, "FTP" }, +#endif +#ifdef LOG_INSTALL + { LOG_INSTALL, "INSTALL" }, +#endif +#ifdef LOG_KERN + { LOG_KERN, "KERN" }, +#endif +#ifdef LOG_LAUNCHD + { LOG_LAUNCHD, "LAUNCHD" }, +#endif +#ifdef LOG_LFMT + { LOG_LFMT, "LFMT" }, +#endif +#ifdef LOG_LPR + { LOG_LPR, "LPR" }, +#endif +#ifdef LOG_MAIL + { LOG_MAIL, "MAIL" }, +#endif +#ifdef LOG_MEGASAFE + { LOG_MEGASAFE, "MEGASAFE" }, +#endif +#ifdef LOG_NETINFO + { LOG_NETINFO, "NETINFO" }, +#endif +#ifdef LOG_NEWS + { LOG_NEWS, "NEWS" }, +#endif +#ifdef LOG_NFACILITIES + { LOG_NFACILITIES, "NFACILITIES" }, +#endif +#ifdef LOG_NTP + { LOG_NTP, "NTP" }, +#endif +#ifdef LOG_RAS + { LOG_RAS, "RAS" }, +#endif +#ifdef LOG_REMOTEAUTH + { LOG_REMOTEAUTH, "REMOTEAUTH" }, +#endif +#ifdef LOG_SECURITY + { LOG_SECURITY, "SECURITY" }, +#endif +#ifdef LOG_SYSLOG + { LOG_SYSLOG, "SYSLOG" }, +#endif +#ifdef LOG_USER + { LOG_USER, "USER" }, +#endif +#ifdef LOG_UUCP + { LOG_UUCP, "UUCP" }, +#endif + { LOG_LOCAL0, "LOCAL0" }, + { LOG_LOCAL1, "LOCAL1" }, + { LOG_LOCAL2, "LOCAL2" }, + { LOG_LOCAL3, "LOCAL3" }, + { LOG_LOCAL4, "LOCAL4" }, + { LOG_LOCAL5, "LOCAL5" }, + { LOG_LOCAL6, "LOCAL6" }, + { LOG_LOCAL7, "LOCAL7" }, + { -1, NULL } + }; + + int facility; + + facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER); + + return facility; +} + +static int audit_syslog_priority(vfs_handle_struct *handle) +{ + static const struct enum_list enum_log_priorities[] = { + { LOG_EMERG, "EMERG" }, + { LOG_ALERT, "ALERT" }, + { LOG_CRIT, "CRIT" }, + { LOG_ERR, "ERR" }, + { LOG_WARNING, "WARNING" }, + { LOG_NOTICE, "NOTICE" }, + { LOG_INFO, "INFO" }, + { LOG_DEBUG, "DEBUG" }, + { -1, NULL } + }; + + int priority; + + priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority", + enum_log_priorities, LOG_NOTICE); + if (priority == -1) { + priority = LOG_WARNING; + } + + return priority; +} + +static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn) +{ + const struct loadparm_substitution *lp_sub = + loadparm_s3_global_substitution(); + char *prefix = NULL; + char *result; + + prefix = talloc_strdup(ctx, + lp_parm_const_string(SNUM(conn), "full_audit", + "prefix", "%u|%I")); + if (!prefix) { + return NULL; + } + result = talloc_sub_full(ctx, + lp_servicename(talloc_tos(), lp_sub, SNUM(conn)), + conn->session_info->unix_info->unix_name, + conn->connectpath, + conn->session_info->unix_token->gid, + conn->session_info->unix_info->sanitized_username, + conn->session_info->info->domain_name, + prefix); + TALLOC_FREE(prefix); + return result; +} + +static bool log_success(struct vfs_full_audit_private_data *pd, vfs_op_type op) +{ + if (pd->success_ops == NULL) { + return True; + } + + return bitmap_query(pd->success_ops, op); +} + +static bool log_failure(struct vfs_full_audit_private_data *pd, vfs_op_type op) +{ + if (pd->failure_ops == NULL) + return True; + + return bitmap_query(pd->failure_ops, op); +} + +static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops) +{ + struct bitmap *bm; + + if (ops == NULL) { + DBG_ERR("init_bitmap, ops list is empty (logic error)\n"); + return NULL; + } + + bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST); + if (bm == NULL) { + DBG_ERR("Could not alloc bitmap\n"); + return NULL; + } + + for (; *ops != NULL; ops += 1) { + int i; + bool neg = false; + const char *op; + + if (strequal(*ops, "all")) { + for (i=0; i<SMB_VFS_OP_LAST; i++) { + bitmap_set(bm, i); + } + continue; + } + + if (strequal(*ops, "none")) { + break; + } + + op = ops[0]; + if (op[0] == '!') { + neg = true; + op += 1; + } + + for (i=0; i<SMB_VFS_OP_LAST; i++) { + if ((vfs_op_names[i].name == NULL) + || (vfs_op_names[i].type != i)) { + smb_panic("vfs_full_audit.c: name table not " + "in sync with vfs_op_type enums\n"); + } + if (strequal(op, vfs_op_names[i].name)) { + if (neg) { + bitmap_clear(bm, i); + } else { + bitmap_set(bm, i); + } + break; + } + } + if (i == SMB_VFS_OP_LAST) { + DBG_ERR("Could not find opname %s\n", *ops); + TALLOC_FREE(bm); + return NULL; + } + } + return bm; +} + +static const char *audit_opname(vfs_op_type op) +{ + if (op >= SMB_VFS_OP_LAST) + return "INVALID VFS OP"; + return vfs_op_names[op].name; +} + +static TALLOC_CTX *tmp_do_log_ctx; +/* + * Get us a temporary talloc context usable just for DEBUG arguments + */ +static TALLOC_CTX *do_log_ctx(void) +{ + if (tmp_do_log_ctx == NULL) { + tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx"); + } + return tmp_do_log_ctx; +} + +static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle, + const char *format, ...) PRINTF_ATTRIBUTE(4, 5); + +static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle, + const char *format, ...) +{ + struct vfs_full_audit_private_data *pd; + fstring err_msg; + char *audit_pre = NULL; + va_list ap; + char *op_msg = NULL; + + SMB_VFS_HANDLE_GET_DATA(handle, pd, + struct vfs_full_audit_private_data, + return;); + + if (success && (!log_success(pd, op))) + goto out; + + if (!success && (!log_failure(pd, op))) + goto out; + + if (success) + fstrcpy(err_msg, "ok"); + else + fstr_sprintf(err_msg, "fail (%s)", strerror(errno)); + + va_start(ap, format); + op_msg = talloc_vasprintf(talloc_tos(), format, ap); + va_end(ap); + + if (!op_msg) { + goto out; + } + + audit_pre = audit_prefix(talloc_tos(), handle->conn); + + if (pd->do_syslog) { + int priority; + + /* + * Specify the facility to interoperate with other syslog + * callers (smbd for example). + */ + priority = pd->syslog_priority | pd->syslog_facility; + + syslog(priority, "%s|%s|%s|%s\n", + audit_pre ? audit_pre : "", + audit_opname(op), err_msg, op_msg); + } else { + DEBUG(1, ("%s|%s|%s|%s\n", + audit_pre ? audit_pre : "", + audit_opname(op), err_msg, op_msg)); + } + out: + TALLOC_FREE(audit_pre); + TALLOC_FREE(op_msg); + TALLOC_FREE(tmp_do_log_ctx); +} + +/** + * Return a string using the do_log_ctx() + */ +static const char *smb_fname_str_do_log(struct connection_struct *conn, + const struct smb_filename *smb_fname) +{ + char *fname = NULL; + NTSTATUS status; + + if (smb_fname == NULL) { + return ""; + } + + if (smb_fname->base_name[0] != '/') { + char *abs_name = NULL; + struct smb_filename *fname_copy = cp_smb_filename( + do_log_ctx(), + smb_fname); + if (fname_copy == NULL) { + return ""; + } + + if (!ISDOT(smb_fname->base_name)) { + abs_name = talloc_asprintf(do_log_ctx(), + "%s/%s", + conn->cwd_fsp->fsp_name->base_name, + smb_fname->base_name); + } else { + abs_name = talloc_strdup(do_log_ctx(), + conn->cwd_fsp->fsp_name->base_name); + } + if (abs_name == NULL) { + return ""; + } + fname_copy->base_name = abs_name; + smb_fname = fname_copy; + } + + status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname); + if (!NT_STATUS_IS_OK(status)) { + return ""; + } + return fname; +} + +/** + * Return an fsp debug string using the do_log_ctx() + */ +static const char *fsp_str_do_log(const struct files_struct *fsp) +{ + return smb_fname_str_do_log(fsp->conn, fsp->fsp_name); +} + +/* Implementation of vfs_ops. Pass everything on to the default + operation but log event first. */ + +static int smb_full_audit_connect(vfs_handle_struct *handle, + const char *svc, const char *user) +{ + int result; + const char *none[] = { "none" }; + struct vfs_full_audit_private_data *pd = NULL; + + result = SMB_VFS_NEXT_CONNECT(handle, svc, user); + if (result < 0) { + return result; + } + + pd = talloc_zero(handle, struct vfs_full_audit_private_data); + if (!pd) { + SMB_VFS_NEXT_DISCONNECT(handle); + return -1; + } + + pd->syslog_facility = audit_syslog_facility(handle); + if (pd->syslog_facility == -1) { + DEBUG(1, ("%s: Unknown facility %s\n", __func__, + lp_parm_const_string(SNUM(handle->conn), + "full_audit", "facility", + "USER"))); + SMB_VFS_NEXT_DISCONNECT(handle); + return -1; + } + + pd->syslog_priority = audit_syslog_priority(handle); + + pd->log_secdesc = lp_parm_bool(SNUM(handle->conn), + "full_audit", "log_secdesc", false); + + pd->do_syslog = lp_parm_bool(SNUM(handle->conn), + "full_audit", "syslog", true); + +#ifdef WITH_SYSLOG + if (pd->do_syslog) { + openlog("smbd_audit", 0, pd->syslog_facility); + } +#endif + + pd->success_ops = init_bitmap( + pd, lp_parm_string_list(SNUM(handle->conn), "full_audit", + "success", none)); + if (pd->success_ops == NULL) { + DBG_ERR("Invalid success operations list. Failing connect\n"); + SMB_VFS_NEXT_DISCONNECT(handle); + return -1; + } + pd->failure_ops = init_bitmap( + pd, lp_parm_string_list(SNUM(handle->conn), "full_audit", + "failure", none)); + if (pd->failure_ops == NULL) { + DBG_ERR("Invalid failure operations list. Failing connect\n"); + SMB_VFS_NEXT_DISCONNECT(handle); + return -1; + } + + /* Store the private data. */ + SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL, + struct vfs_full_audit_private_data, return -1); + + do_log(SMB_VFS_OP_CONNECT, True, handle, + "%s", svc); + + return 0; +} + +static void smb_full_audit_disconnect(vfs_handle_struct *handle) +{ + const struct loadparm_substitution *lp_sub = + loadparm_s3_global_substitution(); + + SMB_VFS_NEXT_DISCONNECT(handle); + + do_log(SMB_VFS_OP_DISCONNECT, True, handle, + "%s", lp_servicename(talloc_tos(), lp_sub, SNUM(handle->conn))); + + /* The bitmaps will be disconnected when the private + data is deleted. */ +} + +static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + uint64_t *bsize, + uint64_t *dfree, + uint64_t *dsize) +{ + uint64_t result; + + result = SMB_VFS_NEXT_DISK_FREE(handle, smb_fname, bsize, dfree, dsize); + + /* Don't have a reasonable notion of failure here */ + + do_log(SMB_VFS_OP_DISK_FREE, + True, + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); + + return result; +} + +static int smb_full_audit_get_quota(struct vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + enum SMB_QUOTA_TYPE qtype, + unid_t id, + SMB_DISK_QUOTA *qt) +{ + int result; + + result = SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname, qtype, id, qt); + + do_log(SMB_VFS_OP_GET_QUOTA, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); + + return result; +} + +static int smb_full_audit_set_quota(struct vfs_handle_struct *handle, + enum SMB_QUOTA_TYPE qtype, unid_t id, + SMB_DISK_QUOTA *qt) +{ + int result; + + result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt); + + do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, ""); + + return result; +} + +static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle, + struct files_struct *fsp, + struct shadow_copy_data *shadow_copy_data, + bool labels) +{ + int result; + + result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels); + + do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, ""); + + return result; +} + +static int smb_full_audit_statvfs(struct vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + struct vfs_statvfs_struct *statbuf) +{ + int result; + + result = SMB_VFS_NEXT_STATVFS(handle, smb_fname, statbuf); + + do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, ""); + + return result; +} + +static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res) +{ + int result; + + result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res); + + do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, ""); + + return result; +} + +static NTSTATUS smb_full_audit_get_dfs_referrals( + struct vfs_handle_struct *handle, + struct dfs_GetDFSReferral *r) +{ + NTSTATUS status; + + status = SMB_VFS_NEXT_GET_DFS_REFERRALS(handle, r); + + do_log(SMB_VFS_OP_GET_DFS_REFERRALS, NT_STATUS_IS_OK(status), + handle, ""); + + return status; +} + +static NTSTATUS smb_full_audit_create_dfs_pathat(struct vfs_handle_struct *handle, + struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + const struct referral *reflist, + size_t referral_count) +{ + NTSTATUS status; + struct smb_filename *full_fname = NULL; + + full_fname = full_path_from_dirfsp_atname(talloc_tos(), + dirfsp, + smb_fname); + if (full_fname == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = SMB_VFS_NEXT_CREATE_DFS_PATHAT(handle, + dirfsp, + smb_fname, + reflist, + referral_count); + + do_log(SMB_VFS_OP_CREATE_DFS_PATHAT, + NT_STATUS_IS_OK(status), + handle, + "%s", + smb_fname_str_do_log(handle->conn, full_fname)); + + TALLOC_FREE(full_fname); + return status; +} + +static NTSTATUS smb_full_audit_read_dfs_pathat(struct vfs_handle_struct *handle, + TALLOC_CTX *mem_ctx, + struct files_struct *dirfsp, + struct smb_filename *smb_fname, + struct referral **ppreflist, + size_t *preferral_count) +{ + struct smb_filename *full_fname = NULL; + NTSTATUS status; + + full_fname = full_path_from_dirfsp_atname(talloc_tos(), + dirfsp, + smb_fname); + if (full_fname == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = SMB_VFS_NEXT_READ_DFS_PATHAT(handle, + mem_ctx, + dirfsp, + smb_fname, + ppreflist, + preferral_count); + + do_log(SMB_VFS_OP_READ_DFS_PATHAT, + NT_STATUS_IS_OK(status), + handle, + "%s", + smb_fname_str_do_log(handle->conn, full_fname)); + + TALLOC_FREE(full_fname); + return status; +} + +static NTSTATUS smb_full_audit_snap_check_path(struct vfs_handle_struct *handle, + TALLOC_CTX *mem_ctx, + const char *service_path, + char **base_volume) +{ + NTSTATUS status; + + status = SMB_VFS_NEXT_SNAP_CHECK_PATH(handle, mem_ctx, service_path, + base_volume); + do_log(SMB_VFS_OP_SNAP_CHECK_PATH, NT_STATUS_IS_OK(status), + handle, ""); + + return status; +} + +static NTSTATUS smb_full_audit_snap_create(struct vfs_handle_struct *handle, + TALLOC_CTX *mem_ctx, + const char *base_volume, + time_t *tstamp, + bool rw, + char **base_path, + char **snap_path) +{ + NTSTATUS status; + + status = SMB_VFS_NEXT_SNAP_CREATE(handle, mem_ctx, base_volume, tstamp, + rw, base_path, snap_path); + do_log(SMB_VFS_OP_SNAP_CREATE, NT_STATUS_IS_OK(status), handle, ""); + + return status; +} + +static NTSTATUS smb_full_audit_snap_delete(struct vfs_handle_struct *handle, + TALLOC_CTX *mem_ctx, + char *base_path, + char *snap_path) +{ + NTSTATUS status; + + status = SMB_VFS_NEXT_SNAP_DELETE(handle, mem_ctx, base_path, + snap_path); + do_log(SMB_VFS_OP_SNAP_DELETE, NT_STATUS_IS_OK(status), handle, ""); + + return status; +} + +static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle, + files_struct *fsp, const char *mask, uint32_t attr) +{ + DIR *result; + + result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr); + + do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s", + fsp_str_do_log(fsp)); + + return result; +} + +static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle, + struct files_struct *dirfsp, + DIR *dirp, + SMB_STRUCT_STAT *sbuf) +{ + struct dirent *result; + + result = SMB_VFS_NEXT_READDIR(handle, dirfsp, dirp, sbuf); + + /* This operation has no reasonable error condition + * (End of dir is also failure), so always succeed. + */ + do_log(SMB_VFS_OP_READDIR, True, handle, ""); + + return result; +} + +static void smb_full_audit_seekdir(vfs_handle_struct *handle, + DIR *dirp, long offset) +{ + SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset); + + do_log(SMB_VFS_OP_SEEKDIR, True, handle, ""); +} + +static long smb_full_audit_telldir(vfs_handle_struct *handle, + DIR *dirp) +{ + long result; + + result = SMB_VFS_NEXT_TELLDIR(handle, dirp); + + do_log(SMB_VFS_OP_TELLDIR, True, handle, ""); + + return result; +} + +static void smb_full_audit_rewinddir(vfs_handle_struct *handle, + DIR *dirp) +{ + SMB_VFS_NEXT_REWINDDIR(handle, dirp); + + do_log(SMB_VFS_OP_REWINDDIR, True, handle, ""); +} + +static int smb_full_audit_mkdirat(vfs_handle_struct *handle, + struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + mode_t mode) +{ + struct smb_filename *full_fname = NULL; + int result; + + full_fname = full_path_from_dirfsp_atname(talloc_tos(), + dirfsp, + smb_fname); + if (full_fname == NULL) { + errno = ENOMEM; + return -1; + } + + result = SMB_VFS_NEXT_MKDIRAT(handle, + dirfsp, + smb_fname, + mode); + + do_log(SMB_VFS_OP_MKDIRAT, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, full_fname)); + + TALLOC_FREE(full_fname); + + return result; +} + +static int smb_full_audit_closedir(vfs_handle_struct *handle, + DIR *dirp) +{ + int result; + + result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp); + + do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, ""); + + return result; +} + +static int smb_full_audit_openat(vfs_handle_struct *handle, + const struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + struct files_struct *fsp, + const struct vfs_open_how *how) +{ + int result; + + result = SMB_VFS_NEXT_OPENAT(handle, dirfsp, smb_fname, fsp, how); + + do_log(SMB_VFS_OP_OPENAT, (result >= 0), handle, "%s|%s", + ((how->flags & O_WRONLY) || (how->flags & O_RDWR))?"w":"r", + fsp_str_do_log(fsp)); + + return result; +} + +static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle, + struct smb_request *req, + struct files_struct *dirfsp, + struct smb_filename *smb_fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + const struct smb2_lease *lease, + uint64_t allocation_size, + uint32_t private_flags, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result_fsp, + int *pinfo, + const struct smb2_create_blobs *in_context_blobs, + struct smb2_create_blobs *out_context_blobs) +{ + NTSTATUS result; + const char* str_create_disposition; + + switch (create_disposition) { + case FILE_SUPERSEDE: + str_create_disposition = "supersede"; + break; + case FILE_OVERWRITE_IF: + str_create_disposition = "overwrite_if"; + break; + case FILE_OPEN: + str_create_disposition = "open"; + break; + case FILE_OVERWRITE: + str_create_disposition = "overwrite"; + break; + case FILE_CREATE: + str_create_disposition = "create"; + break; + case FILE_OPEN_IF: + str_create_disposition = "open_if"; + break; + default: + str_create_disposition = "unknown"; + } + + result = SMB_VFS_NEXT_CREATE_FILE( + handle, /* handle */ + req, /* req */ + dirfsp, /* dirfsp */ + smb_fname, /* fname */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + lease, /* lease */ + allocation_size, /* allocation_size */ + private_flags, + sd, /* sd */ + ea_list, /* ea_list */ + result_fsp, /* result */ + pinfo, /* pinfo */ + in_context_blobs, out_context_blobs); /* create context */ + + do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, + "0x%x|%s|%s|%s", access_mask, + create_options & FILE_DIRECTORY_FILE ? "dir" : "file", + str_create_disposition, + smb_fname_str_do_log(handle->conn, smb_fname)); + + return result; +} + +static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp) +{ + int result; + + result = SMB_VFS_NEXT_CLOSE(handle, fsp); + + do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", + fsp_str_do_log(fsp)); + + return result; +} + +static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp, + void *data, size_t n, off_t offset) +{ + ssize_t result; + + result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); + + do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", + fsp_str_do_log(fsp)); + + return result; +} + +struct smb_full_audit_pread_state { + vfs_handle_struct *handle; + files_struct *fsp; + ssize_t ret; + struct vfs_aio_state vfs_aio_state; +}; + +static void smb_full_audit_pread_done(struct tevent_req *subreq); + +static struct tevent_req *smb_full_audit_pread_send( + struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx, + struct tevent_context *ev, struct files_struct *fsp, + void *data, size_t n, off_t offset) +{ + struct tevent_req *req, *subreq; + struct smb_full_audit_pread_state *state; + + req = tevent_req_create(mem_ctx, &state, + struct smb_full_audit_pread_state); + if (req == NULL) { + do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s", + fsp_str_do_log(fsp)); + return NULL; + } + state->handle = handle; + state->fsp = fsp; + + subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data, + n, offset); + if (tevent_req_nomem(subreq, req)) { + do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s", + fsp_str_do_log(fsp)); + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, smb_full_audit_pread_done, req); + + do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp)); + return req; +} + +static void smb_full_audit_pread_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct smb_full_audit_pread_state *state = tevent_req_data( + req, struct smb_full_audit_pread_state); + + state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state); + TALLOC_FREE(subreq); + tevent_req_done(req); +} + +static ssize_t smb_full_audit_pread_recv(struct tevent_req *req, + struct vfs_aio_state *vfs_aio_state) +{ + struct smb_full_audit_pread_state *state = tevent_req_data( + req, struct smb_full_audit_pread_state); + + if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) { + do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s", + fsp_str_do_log(state->fsp)); + return -1; + } + + do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s", + fsp_str_do_log(state->fsp)); + + *vfs_aio_state = state->vfs_aio_state; + return state->ret; +} + +static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp, + const void *data, size_t n, + off_t offset) +{ + ssize_t result; + + result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); + + do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", + fsp_str_do_log(fsp)); + + return result; +} + +struct smb_full_audit_pwrite_state { + vfs_handle_struct *handle; + files_struct *fsp; + ssize_t ret; + struct vfs_aio_state vfs_aio_state; +}; + +static void smb_full_audit_pwrite_done(struct tevent_req *subreq); + +static struct tevent_req *smb_full_audit_pwrite_send( + struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx, + struct tevent_context *ev, struct files_struct *fsp, + const void *data, size_t n, off_t offset) +{ + struct tevent_req *req, *subreq; + struct smb_full_audit_pwrite_state *state; + + req = tevent_req_create(mem_ctx, &state, + struct smb_full_audit_pwrite_state); + if (req == NULL) { + do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s", + fsp_str_do_log(fsp)); + return NULL; + } + state->handle = handle; + state->fsp = fsp; + + subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data, + n, offset); + if (tevent_req_nomem(subreq, req)) { + do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s", + fsp_str_do_log(fsp)); + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req); + + do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s", + fsp_str_do_log(fsp)); + return req; +} + +static void smb_full_audit_pwrite_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct smb_full_audit_pwrite_state *state = tevent_req_data( + req, struct smb_full_audit_pwrite_state); + + state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state); + TALLOC_FREE(subreq); + tevent_req_done(req); +} + +static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req, + struct vfs_aio_state *vfs_aio_state) +{ + struct smb_full_audit_pwrite_state *state = tevent_req_data( + req, struct smb_full_audit_pwrite_state); + + if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) { + do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s", + fsp_str_do_log(state->fsp)); + return -1; + } + + do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s", + fsp_str_do_log(state->fsp)); + + *vfs_aio_state = state->vfs_aio_state; + return state->ret; +} + +static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp, + off_t offset, int whence) +{ + ssize_t result; + + result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence); + + do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd, + files_struct *fromfsp, + const DATA_BLOB *hdr, off_t offset, + size_t n) +{ + ssize_t result; + + result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n); + + do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle, + "%s", fsp_str_do_log(fromfsp)); + + return result; +} + +static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd, + files_struct *tofsp, + off_t offset, + size_t n) +{ + ssize_t result; + + result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n); + + do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle, + "%s", fsp_str_do_log(tofsp)); + + return result; +} + +static int smb_full_audit_renameat(vfs_handle_struct *handle, + files_struct *srcfsp, + const struct smb_filename *smb_fname_src, + files_struct *dstfsp, + const struct smb_filename *smb_fname_dst) +{ + int result; + int saved_errno; + struct smb_filename *full_fname_src = NULL; + struct smb_filename *full_fname_dst = NULL; + + full_fname_src = full_path_from_dirfsp_atname(talloc_tos(), + srcfsp, + smb_fname_src); + if (full_fname_src == NULL) { + errno = ENOMEM; + return -1; + } + full_fname_dst = full_path_from_dirfsp_atname(talloc_tos(), + dstfsp, + smb_fname_dst); + if (full_fname_dst == NULL) { + TALLOC_FREE(full_fname_src); + errno = ENOMEM; + return -1; + } + + result = SMB_VFS_NEXT_RENAMEAT(handle, + srcfsp, + smb_fname_src, + dstfsp, + smb_fname_dst); + + if (result == -1) { + saved_errno = errno; + } + do_log(SMB_VFS_OP_RENAMEAT, (result >= 0), handle, "%s|%s", + smb_fname_str_do_log(handle->conn, full_fname_src), + smb_fname_str_do_log(handle->conn, full_fname_dst)); + + TALLOC_FREE(full_fname_src); + TALLOC_FREE(full_fname_dst); + + if (result == -1) { + errno = saved_errno; + } + return result; +} + +struct smb_full_audit_fsync_state { + vfs_handle_struct *handle; + files_struct *fsp; + int ret; + struct vfs_aio_state vfs_aio_state; +}; + +static void smb_full_audit_fsync_done(struct tevent_req *subreq); + +static struct tevent_req *smb_full_audit_fsync_send( + struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx, + struct tevent_context *ev, struct files_struct *fsp) +{ + struct tevent_req *req, *subreq; + struct smb_full_audit_fsync_state *state; + + req = tevent_req_create(mem_ctx, &state, + struct smb_full_audit_fsync_state); + if (req == NULL) { + do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s", + fsp_str_do_log(fsp)); + return NULL; + } + state->handle = handle; + state->fsp = fsp; + + subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp); + if (tevent_req_nomem(subreq, req)) { + do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s", + fsp_str_do_log(fsp)); + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req); + + do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp)); + return req; +} + +static void smb_full_audit_fsync_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct smb_full_audit_fsync_state *state = tevent_req_data( + req, struct smb_full_audit_fsync_state); + + state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state); + TALLOC_FREE(subreq); + tevent_req_done(req); +} + +static int smb_full_audit_fsync_recv(struct tevent_req *req, + struct vfs_aio_state *vfs_aio_state) +{ + struct smb_full_audit_fsync_state *state = tevent_req_data( + req, struct smb_full_audit_fsync_state); + + if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) { + do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s", + fsp_str_do_log(state->fsp)); + return -1; + } + + do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s", + fsp_str_do_log(state->fsp)); + + *vfs_aio_state = state->vfs_aio_state; + return state->ret; +} + +static int smb_full_audit_stat(vfs_handle_struct *handle, + struct smb_filename *smb_fname) +{ + int result; + + result = SMB_VFS_NEXT_STAT(handle, smb_fname); + + do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); + + return result; +} + +static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, + SMB_STRUCT_STAT *sbuf) +{ + int result; + + result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf); + + do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", + fsp_str_do_log(fsp)); + + return result; +} + +static int smb_full_audit_lstat(vfs_handle_struct *handle, + struct smb_filename *smb_fname) +{ + int result; + + result = SMB_VFS_NEXT_LSTAT(handle, smb_fname); + + do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); + + return result; +} + +static int smb_full_audit_fstatat( + struct vfs_handle_struct *handle, + const struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + SMB_STRUCT_STAT *sbuf, + int flags) +{ + int result; + + result = SMB_VFS_NEXT_FSTATAT(handle, dirfsp, smb_fname, sbuf, flags); + + do_log(SMB_VFS_OP_FSTATAT, + (result >= 0), + handle, + "%s/%s", + fsp_str_do_log(dirfsp), + smb_fname_str_do_log(handle->conn, smb_fname)); + + return result; +} +static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle, + files_struct *fsp, const SMB_STRUCT_STAT *sbuf) +{ + uint64_t result; + + result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf); + + do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle, + "%llu", (unsigned long long)result); + + return result; +} + +static int smb_full_audit_unlinkat(vfs_handle_struct *handle, + struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + int flags) +{ + struct smb_filename *full_fname = NULL; + int result; + + full_fname = full_path_from_dirfsp_atname(talloc_tos(), + dirfsp, + smb_fname); + if (full_fname == NULL) { + return -1; + } + + result = SMB_VFS_NEXT_UNLINKAT(handle, + dirfsp, + smb_fname, + flags); + + do_log(SMB_VFS_OP_UNLINKAT, (result >= 0), handle, "%s", + smb_fname_str_do_log(handle->conn, full_fname)); + + TALLOC_FREE(full_fname); + return result; +} + +static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, + mode_t mode) +{ + int result; + + result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode); + + do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle, + "%s|%o", fsp_str_do_log(fsp), mode); + + return result; +} + +static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, + uid_t uid, gid_t gid) +{ + int result; + + result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid); + + do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld", + fsp_str_do_log(fsp), (long int)uid, (long int)gid); + + return result; +} + +static int smb_full_audit_lchown(vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + uid_t uid, + gid_t gid) +{ + int result; + + result = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid); + + do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld", + smb_fname->base_name, (long int)uid, (long int)gid); + + return result; +} + +static int smb_full_audit_chdir(vfs_handle_struct *handle, + const struct smb_filename *smb_fname) +{ + int result; + + result = SMB_VFS_NEXT_CHDIR(handle, smb_fname); + + do_log(SMB_VFS_OP_CHDIR, + (result >= 0), + handle, + "chdir|%s", + smb_fname_str_do_log(handle->conn, smb_fname)); + + return result; +} + +static struct smb_filename *smb_full_audit_getwd(vfs_handle_struct *handle, + TALLOC_CTX *ctx) +{ + struct smb_filename *result; + + result = SMB_VFS_NEXT_GETWD(handle, ctx); + + do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", + result == NULL? "" : result->base_name); + + return result; +} + +static int smb_full_audit_fntimes(vfs_handle_struct *handle, + files_struct *fsp, + struct smb_file_time *ft) +{ + int result; + time_t create_time = convert_timespec_to_time_t(ft->create_time); + time_t atime = convert_timespec_to_time_t(ft->atime); + time_t mtime = convert_timespec_to_time_t(ft->mtime); + time_t ctime = convert_timespec_to_time_t(ft->ctime); + const char *create_time_str = ""; + const char *atime_str = ""; + const char *mtime_str = ""; + const char *ctime_str = ""; + TALLOC_CTX *frame = talloc_stackframe(); + + if (frame == NULL) { + errno = ENOMEM; + return -1; + } + + result = SMB_VFS_NEXT_FNTIMES(handle, fsp, ft); + + if (create_time > 0) { + create_time_str = timestring(frame, create_time); + } + if (atime > 0) { + atime_str = timestring(frame, atime); + } + if (mtime > 0) { + mtime_str = timestring(frame, mtime); + } + if (ctime > 0) { + ctime_str = timestring(frame, ctime); + } + + do_log(SMB_VFS_OP_FNTIMES, + (result >= 0), + handle, + "%s|%s|%s|%s|%s", + fsp_str_do_log(fsp), + create_time_str, + atime_str, + mtime_str, + ctime_str); + + TALLOC_FREE(frame); + + return result; +} + +static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp, + off_t len) +{ + int result; + + result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len); + + do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp, + uint32_t mode, + off_t offset, + off_t len) +{ + int result; + + result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len); + + do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, + int op, off_t offset, off_t count, int type) +{ + bool result; + + result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type); + + do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp)); + + return result; +} + +static int smb_full_audit_filesystem_sharemode(struct vfs_handle_struct *handle, + struct files_struct *fsp, + uint32_t share_access, + uint32_t access_mask) +{ + int result; + + result = SMB_VFS_NEXT_FILESYSTEM_SHAREMODE(handle, + fsp, + share_access, + access_mask); + + do_log(SMB_VFS_OP_FILESYSTEM_SHAREMODE, (result >= 0), handle, "%s", + fsp_str_do_log(fsp)); + + return result; +} + +static int smb_full_audit_fcntl(struct vfs_handle_struct *handle, + struct files_struct *fsp, + int cmd, va_list cmd_arg) +{ + void *arg; + va_list dup_cmd_arg; + int result; + + va_copy(dup_cmd_arg, cmd_arg); + arg = va_arg(dup_cmd_arg, void *); + result = SMB_VFS_NEXT_FCNTL(handle, fsp, cmd, arg); + va_end(dup_cmd_arg); + + do_log(SMB_VFS_OP_FCNTL, (result >= 0), handle, "%s", + fsp_str_do_log(fsp)); + + return result; +} + +static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp, + int leasetype) +{ + int result; + + result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype); + + do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s", + fsp_str_do_log(fsp)); + + return result; +} + +static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp, + off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid) +{ + bool result; + + result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid); + + do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp)); + + return result; +} + +static int smb_full_audit_symlinkat(vfs_handle_struct *handle, + const struct smb_filename *link_contents, + struct files_struct *dirfsp, + const struct smb_filename *new_smb_fname) +{ + struct smb_filename *full_fname = NULL; + int result; + + full_fname = full_path_from_dirfsp_atname(talloc_tos(), + dirfsp, + new_smb_fname); + if (full_fname == NULL) { + return -1; + } + + result = SMB_VFS_NEXT_SYMLINKAT(handle, + link_contents, + dirfsp, + new_smb_fname); + + do_log(SMB_VFS_OP_SYMLINKAT, + (result >= 0), + handle, + "%s|%s", + link_contents->base_name, + smb_fname_str_do_log(handle->conn, full_fname)); + + TALLOC_FREE(full_fname); + + return result; +} + +static int smb_full_audit_readlinkat(vfs_handle_struct *handle, + const struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + char *buf, + size_t bufsiz) +{ + struct smb_filename *full_fname = NULL; + int result; + + full_fname = full_path_from_dirfsp_atname(talloc_tos(), + dirfsp, + smb_fname); + if (full_fname == NULL) { + return -1; + } + + result = SMB_VFS_NEXT_READLINKAT(handle, + dirfsp, + smb_fname, + buf, + bufsiz); + + do_log(SMB_VFS_OP_READLINKAT, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, full_fname)); + + TALLOC_FREE(full_fname); + + return result; +} + +static int smb_full_audit_linkat(vfs_handle_struct *handle, + files_struct *srcfsp, + const struct smb_filename *old_smb_fname, + files_struct *dstfsp, + const struct smb_filename *new_smb_fname, + int flags) +{ + struct smb_filename *old_full_fname = NULL; + struct smb_filename *new_full_fname = NULL; + int result; + + old_full_fname = full_path_from_dirfsp_atname(talloc_tos(), + srcfsp, + old_smb_fname); + if (old_full_fname == NULL) { + return -1; + } + new_full_fname = full_path_from_dirfsp_atname(talloc_tos(), + dstfsp, + new_smb_fname); + if (new_full_fname == NULL) { + TALLOC_FREE(old_full_fname); + return -1; + } + result = SMB_VFS_NEXT_LINKAT(handle, + srcfsp, + old_smb_fname, + dstfsp, + new_smb_fname, + flags); + + do_log(SMB_VFS_OP_LINKAT, + (result >= 0), + handle, + "%s|%s", + smb_fname_str_do_log(handle->conn, old_full_fname), + smb_fname_str_do_log(handle->conn, new_full_fname)); + + TALLOC_FREE(old_full_fname); + TALLOC_FREE(new_full_fname); + + return result; +} + +static int smb_full_audit_mknodat(vfs_handle_struct *handle, + files_struct *dirfsp, + const struct smb_filename *smb_fname, + mode_t mode, + SMB_DEV_T dev) +{ + struct smb_filename *full_fname = NULL; + int result; + + full_fname = full_path_from_dirfsp_atname(talloc_tos(), + dirfsp, + smb_fname); + if (full_fname == NULL) { + return -1; + } + + result = SMB_VFS_NEXT_MKNODAT(handle, + dirfsp, + smb_fname, + mode, + dev); + + do_log(SMB_VFS_OP_MKNODAT, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, full_fname)); + + TALLOC_FREE(full_fname); + + return result; +} + +static struct smb_filename *smb_full_audit_realpath(vfs_handle_struct *handle, + TALLOC_CTX *ctx, + const struct smb_filename *smb_fname) +{ + struct smb_filename *result_fname = NULL; + + result_fname = SMB_VFS_NEXT_REALPATH(handle, ctx, smb_fname); + + do_log(SMB_VFS_OP_REALPATH, + (result_fname != NULL), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); + + return result_fname; +} + +static int smb_full_audit_fchflags(vfs_handle_struct *handle, + struct files_struct *fsp, + unsigned int flags) +{ + int result; + + result = SMB_VFS_NEXT_FCHFLAGS(handle, fsp, flags); + + do_log(SMB_VFS_OP_FCHFLAGS, + (result != 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, fsp->fsp_name)); + + return result; +} + +static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle, + const SMB_STRUCT_STAT *sbuf) +{ + struct file_id id_zero = { 0 }; + struct file_id result; + struct file_id_buf idbuf; + + result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf); + + do_log(SMB_VFS_OP_FILE_ID_CREATE, + !file_id_equal(&id_zero, &result), + handle, + "%s", + file_id_str_buf(result, &idbuf)); + + return result; +} + +static uint64_t smb_full_audit_fs_file_id(struct vfs_handle_struct *handle, + const SMB_STRUCT_STAT *sbuf) +{ + uint64_t result; + + result = SMB_VFS_NEXT_FS_FILE_ID(handle, sbuf); + + do_log(SMB_VFS_OP_FS_FILE_ID, + result != 0, + handle, "%" PRIu64, result); + + return result; +} + +static NTSTATUS smb_full_audit_fstreaminfo(vfs_handle_struct *handle, + struct files_struct *fsp, + TALLOC_CTX *mem_ctx, + unsigned int *pnum_streams, + struct stream_struct **pstreams) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_FSTREAMINFO(handle, fsp, mem_ctx, + pnum_streams, pstreams); + + do_log(SMB_VFS_OP_FSTREAMINFO, + NT_STATUS_IS_OK(result), + handle, + "%s", + smb_fname_str_do_log(handle->conn, fsp->fsp_name)); + + return result; +} + +static NTSTATUS smb_full_audit_get_real_filename_at( + struct vfs_handle_struct *handle, + struct files_struct *dirfsp, + const char *name, + TALLOC_CTX *mem_ctx, + char **found_name) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_GET_REAL_FILENAME_AT( + handle, dirfsp, name, mem_ctx, found_name); + + do_log(SMB_VFS_OP_GET_REAL_FILENAME_AT, + NT_STATUS_IS_OK(result), + handle, + "%s/%s->%s", + fsp_str_dbg(dirfsp), + name, + NT_STATUS_IS_OK(result) ? *found_name : ""); + + return result; +} + +static const char *smb_full_audit_connectpath(vfs_handle_struct *handle, + const struct smb_filename *smb_fname) +{ + const char *result; + + result = SMB_VFS_NEXT_CONNECTPATH(handle, smb_fname); + + do_log(SMB_VFS_OP_CONNECTPATH, + result != NULL, + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); + + return result; +} + +static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle, + struct byte_range_lock *br_lck, + struct lock_struct *plock) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock); + + do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle, + "%s:%llu-%llu. type=%d.", + fsp_str_do_log(brl_fsp(br_lck)), + (unsigned long long)plock->start, + (unsigned long long)plock->size, + plock->lock_type); + + return result; +} + +static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle, + struct byte_range_lock *br_lck, + const struct lock_struct *plock) +{ + bool result; + + result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, br_lck, plock); + + do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle, + "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)), + (unsigned long long)plock->start, + (unsigned long long)plock->size, + plock->lock_type); + + return result; +} + +static bool smb_full_audit_strict_lock_check(struct vfs_handle_struct *handle, + struct files_struct *fsp, + struct lock_struct *plock) +{ + bool result; + + result = SMB_VFS_NEXT_STRICT_LOCK_CHECK(handle, fsp, plock); + + do_log(SMB_VFS_OP_STRICT_LOCK_CHECK, result, handle, + "%s:%llu-%llu:%d", fsp_str_do_log(fsp), + (unsigned long long)plock->start, + (unsigned long long)plock->size, + plock->lock_type); + + return result; +} + +static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle, + const char *name, + enum vfs_translate_direction direction, + TALLOC_CTX *mem_ctx, + char **mapped_name) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx, + mapped_name); + + do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, ""); + + return result; +} + +static NTSTATUS smb_full_audit_parent_pathname(struct vfs_handle_struct *handle, + TALLOC_CTX *mem_ctx, + const struct smb_filename *smb_fname_in, + struct smb_filename **parent_dir_out, + struct smb_filename **atname_out) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_PARENT_PATHNAME(handle, + mem_ctx, + smb_fname_in, + parent_dir_out, + atname_out); + do_log(SMB_VFS_OP_CONNECTPATH, + NT_STATUS_IS_OK(result), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname_in)); + + return result; +} + +static NTSTATUS smb_full_audit_fsctl(struct vfs_handle_struct *handle, + struct files_struct *fsp, + TALLOC_CTX *ctx, + uint32_t function, + uint16_t req_flags, + const uint8_t *_in_data, + uint32_t in_len, + uint8_t **_out_data, + uint32_t max_out_len, + uint32_t *out_len) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_FSCTL(handle, + fsp, + ctx, + function, + req_flags, + _in_data, + in_len, + _out_data, + max_out_len, + out_len); + + do_log(SMB_VFS_OP_FSCTL, NT_STATUS_IS_OK(result), handle, ""); + + return result; +} + +static struct tevent_req *smb_full_audit_offload_read_send( + TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct vfs_handle_struct *handle, + struct files_struct *fsp, + uint32_t fsctl, + uint32_t ttl, + off_t offset, + size_t to_copy) +{ + struct tevent_req *req = NULL; + + req = SMB_VFS_NEXT_OFFLOAD_READ_SEND(mem_ctx, ev, handle, fsp, + fsctl, ttl, offset, to_copy); + + do_log(SMB_VFS_OP_OFFLOAD_READ_SEND, req, handle, ""); + + return req; +} + +static NTSTATUS smb_full_audit_offload_read_recv( + struct tevent_req *req, + struct vfs_handle_struct *handle, + TALLOC_CTX *mem_ctx, + uint32_t *flags, + uint64_t *xferlen, + DATA_BLOB *_token_blob) +{ + NTSTATUS status; + + status = SMB_VFS_NEXT_OFFLOAD_READ_RECV(req, handle, mem_ctx, + flags, xferlen, _token_blob); + + do_log(SMB_VFS_OP_OFFLOAD_READ_RECV, NT_STATUS_IS_OK(status), handle, ""); + + return status; +} + +static struct tevent_req *smb_full_audit_offload_write_send(struct vfs_handle_struct *handle, + TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + uint32_t fsctl, + DATA_BLOB *token, + off_t transfer_offset, + struct files_struct *dest_fsp, + off_t dest_off, + off_t num) +{ + struct tevent_req *req; + + req = SMB_VFS_NEXT_OFFLOAD_WRITE_SEND(handle, mem_ctx, ev, + fsctl, token, transfer_offset, + dest_fsp, dest_off, num); + + do_log(SMB_VFS_OP_OFFLOAD_WRITE_SEND, req, handle, ""); + + return req; +} + +static NTSTATUS smb_full_audit_offload_write_recv(struct vfs_handle_struct *handle, + struct tevent_req *req, + off_t *copied) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_OFFLOAD_WRITE_RECV(handle, req, copied); + + do_log(SMB_VFS_OP_OFFLOAD_WRITE_RECV, NT_STATUS_IS_OK(result), handle, ""); + + return result; +} + +static NTSTATUS smb_full_audit_fget_compression(vfs_handle_struct *handle, + TALLOC_CTX *mem_ctx, + struct files_struct *fsp, + uint16_t *_compression_fmt) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_FGET_COMPRESSION(handle, mem_ctx, fsp, + _compression_fmt); + + do_log(SMB_VFS_OP_FGET_COMPRESSION, NT_STATUS_IS_OK(result), handle, + "%s", + fsp_str_do_log(fsp)); + + return result; +} + +static NTSTATUS smb_full_audit_set_compression(vfs_handle_struct *handle, + TALLOC_CTX *mem_ctx, + struct files_struct *fsp, + uint16_t compression_fmt) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_SET_COMPRESSION(handle, mem_ctx, fsp, + compression_fmt); + + do_log(SMB_VFS_OP_SET_COMPRESSION, NT_STATUS_IS_OK(result), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static NTSTATUS smb_full_audit_freaddir_attr(struct vfs_handle_struct *handle, + struct files_struct *fsp, + TALLOC_CTX *mem_ctx, + struct readdir_attr_data **pattr_data) +{ + NTSTATUS status; + + status = SMB_VFS_NEXT_FREADDIR_ATTR(handle, fsp, mem_ctx, pattr_data); + + do_log(SMB_VFS_OP_FREADDIR_ATTR, + NT_STATUS_IS_OK(status), + handle, + "%s", + fsp_str_do_log(fsp)); + + return status; +} + +struct smb_full_audit_get_dos_attributes_state { + struct vfs_aio_state aio_state; + vfs_handle_struct *handle; + files_struct *dir_fsp; + const struct smb_filename *smb_fname; + uint32_t dosmode; +}; + +static void smb_full_audit_get_dos_attributes_done(struct tevent_req *subreq); + +static struct tevent_req *smb_full_audit_get_dos_attributes_send( + TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct vfs_handle_struct *handle, + files_struct *dir_fsp, + struct smb_filename *smb_fname) +{ + struct tevent_req *req = NULL; + struct smb_full_audit_get_dos_attributes_state *state = NULL; + struct tevent_req *subreq = NULL; + + req = tevent_req_create(mem_ctx, &state, + struct smb_full_audit_get_dos_attributes_state); + if (req == NULL) { + do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND, + false, + handle, + "%s/%s", + fsp_str_do_log(dir_fsp), + smb_fname->base_name); + return NULL; + } + *state = (struct smb_full_audit_get_dos_attributes_state) { + .handle = handle, + .dir_fsp = dir_fsp, + .smb_fname = smb_fname, + }; + + subreq = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_SEND(mem_ctx, + ev, + handle, + dir_fsp, + smb_fname); + if (tevent_req_nomem(subreq, req)) { + do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND, + false, + handle, + "%s/%s", + fsp_str_do_log(dir_fsp), + smb_fname->base_name); + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, + smb_full_audit_get_dos_attributes_done, + req); + + do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND, + true, + handle, + "%s/%s", + fsp_str_do_log(dir_fsp), + smb_fname->base_name); + + return req; +} + +static void smb_full_audit_get_dos_attributes_done(struct tevent_req *subreq) +{ + struct tevent_req *req = + tevent_req_callback_data(subreq, + struct tevent_req); + struct smb_full_audit_get_dos_attributes_state *state = + tevent_req_data(req, + struct smb_full_audit_get_dos_attributes_state); + NTSTATUS status; + + status = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_RECV(subreq, + &state->aio_state, + &state->dosmode); + TALLOC_FREE(subreq); + if (tevent_req_nterror(req, status)) { + return; + } + + tevent_req_done(req); + return; +} + +static NTSTATUS smb_full_audit_get_dos_attributes_recv(struct tevent_req *req, + struct vfs_aio_state *aio_state, + uint32_t *dosmode) +{ + struct smb_full_audit_get_dos_attributes_state *state = + tevent_req_data(req, + struct smb_full_audit_get_dos_attributes_state); + NTSTATUS status; + + if (tevent_req_is_nterror(req, &status)) { + do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV, + false, + state->handle, + "%s/%s", + fsp_str_do_log(state->dir_fsp), + state->smb_fname->base_name); + tevent_req_received(req); + return status; + } + + do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV, + true, + state->handle, + "%s/%s", + fsp_str_do_log(state->dir_fsp), + state->smb_fname->base_name); + + *aio_state = state->aio_state; + *dosmode = state->dosmode; + tevent_req_received(req); + return NT_STATUS_OK; +} + +static NTSTATUS smb_full_audit_fget_dos_attributes( + struct vfs_handle_struct *handle, + struct files_struct *fsp, + uint32_t *dosmode) +{ + NTSTATUS status; + + status = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle, + fsp, + dosmode); + + do_log(SMB_VFS_OP_FGET_DOS_ATTRIBUTES, + NT_STATUS_IS_OK(status), + handle, + "%s", + fsp_str_do_log(fsp)); + + return status; +} + +static NTSTATUS smb_full_audit_fset_dos_attributes( + struct vfs_handle_struct *handle, + struct files_struct *fsp, + uint32_t dosmode) +{ + NTSTATUS status; + + status = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle, + fsp, + dosmode); + + do_log(SMB_VFS_OP_FSET_DOS_ATTRIBUTES, + NT_STATUS_IS_OK(status), + handle, + "%s", + fsp_str_do_log(fsp)); + + return status; +} + +static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, + uint32_t security_info, + TALLOC_CTX *mem_ctx, + struct security_descriptor **ppdesc) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, + mem_ctx, ppdesc); + + do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, + uint32_t security_info_sent, + const struct security_descriptor *psd) +{ + struct vfs_full_audit_private_data *pd; + NTSTATUS result; + char *sd = NULL; + + SMB_VFS_HANDLE_GET_DATA(handle, pd, + struct vfs_full_audit_private_data, + return NT_STATUS_INTERNAL_ERROR); + + if (pd->log_secdesc) { + sd = sddl_encode(talloc_tos(), psd, get_global_sam_sid()); + } + + result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); + + do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, + "%s [%s]", fsp_str_do_log(fsp), sd ? sd : ""); + + TALLOC_FREE(sd); + + return result; +} + +static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle, + struct smb_filename *file, + struct security_acl *sacl, + uint32_t access_requested, + uint32_t access_denied) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_AUDIT_FILE(handle, + file, + sacl, + access_requested, + access_denied); + + do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle, + "%s", + smb_fname_str_do_log(handle->conn, file)); + + return result; +} + +static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle, + files_struct *fsp, + SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx) +{ + SMB_ACL_T result; + + result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, + fsp, + type, + mem_ctx); + + do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle, + files_struct *fsp, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + int result; + + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob); + + do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, + struct files_struct *fsp, + SMB_ACL_TYPE_T type, + SMB_ACL_T theacl) +{ + int result; + + result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, type, theacl); + + do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static int smb_full_audit_sys_acl_delete_def_fd(vfs_handle_struct *handle, + struct files_struct *fsp) +{ + int result; + + result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FD(handle, fsp); + + do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FD, + (result >= 0), + handle, + "%s", + fsp_str_do_log(fsp)); + + return result; +} + +struct smb_full_audit_getxattrat_state { + struct vfs_aio_state aio_state; + vfs_handle_struct *handle; + files_struct *dir_fsp; + const struct smb_filename *smb_fname; + const char *xattr_name; + ssize_t xattr_size; + uint8_t *xattr_value; +}; + +static void smb_full_audit_getxattrat_done(struct tevent_req *subreq); + +static struct tevent_req *smb_full_audit_getxattrat_send( + TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct vfs_handle_struct *handle, + files_struct *dir_fsp, + const struct smb_filename *smb_fname, + const char *xattr_name, + size_t alloc_hint) +{ + struct tevent_req *req = NULL; + struct tevent_req *subreq = NULL; + struct smb_full_audit_getxattrat_state *state = NULL; + + req = tevent_req_create(mem_ctx, &state, + struct smb_full_audit_getxattrat_state); + if (req == NULL) { + do_log(SMB_VFS_OP_GETXATTRAT_SEND, + false, + handle, + "%s/%s|%s", + fsp_str_do_log(dir_fsp), + smb_fname->base_name, + xattr_name); + return NULL; + } + *state = (struct smb_full_audit_getxattrat_state) { + .handle = handle, + .dir_fsp = dir_fsp, + .smb_fname = smb_fname, + .xattr_name = xattr_name, + }; + + subreq = SMB_VFS_NEXT_GETXATTRAT_SEND(state, + ev, + handle, + dir_fsp, + smb_fname, + xattr_name, + alloc_hint); + if (tevent_req_nomem(subreq, req)) { + do_log(SMB_VFS_OP_GETXATTRAT_SEND, + false, + handle, + "%s/%s|%s", + fsp_str_do_log(dir_fsp), + smb_fname->base_name, + xattr_name); + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, smb_full_audit_getxattrat_done, req); + + do_log(SMB_VFS_OP_GETXATTRAT_SEND, + true, + handle, + "%s/%s|%s", + fsp_str_do_log(dir_fsp), + smb_fname->base_name, + xattr_name); + + return req; +} + +static void smb_full_audit_getxattrat_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct smb_full_audit_getxattrat_state *state = tevent_req_data( + req, struct smb_full_audit_getxattrat_state); + + state->xattr_size = SMB_VFS_NEXT_GETXATTRAT_RECV(subreq, + &state->aio_state, + state, + &state->xattr_value); + TALLOC_FREE(subreq); + if (state->xattr_size == -1) { + tevent_req_error(req, state->aio_state.error); + return; + } + + tevent_req_done(req); +} + +static ssize_t smb_full_audit_getxattrat_recv(struct tevent_req *req, + struct vfs_aio_state *aio_state, + TALLOC_CTX *mem_ctx, + uint8_t **xattr_value) +{ + struct smb_full_audit_getxattrat_state *state = tevent_req_data( + req, struct smb_full_audit_getxattrat_state); + ssize_t xattr_size; + + if (tevent_req_is_unix_error(req, &aio_state->error)) { + do_log(SMB_VFS_OP_GETXATTRAT_RECV, + false, + state->handle, + "%s/%s|%s", + fsp_str_do_log(state->dir_fsp), + state->smb_fname->base_name, + state->xattr_name); + tevent_req_received(req); + return -1; + } + + do_log(SMB_VFS_OP_GETXATTRAT_RECV, + true, + state->handle, + "%s/%s|%s", + fsp_str_do_log(state->dir_fsp), + state->smb_fname->base_name, + state->xattr_name); + + *aio_state = state->aio_state; + xattr_size = state->xattr_size; + if (xattr_value != NULL) { + *xattr_value = talloc_move(mem_ctx, &state->xattr_value); + } + + tevent_req_received(req); + return xattr_size; +} + +static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle, + struct files_struct *fsp, + const char *name, void *value, size_t size) +{ + ssize_t result; + + result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size); + + do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle, + "%s|%s", fsp_str_do_log(fsp), name); + + return result; +} + +static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle, + struct files_struct *fsp, char *list, + size_t size) +{ + ssize_t result; + + result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size); + + do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle, + struct files_struct *fsp, + const char *name) +{ + int result; + + result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name); + + do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle, + "%s|%s", fsp_str_do_log(fsp), name); + + return result; +} + +static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle, + struct files_struct *fsp, const char *name, + const void *value, size_t size, int flags) +{ + int result; + + result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags); + + do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle, + "%s|%s", fsp_str_do_log(fsp), name); + + return result; +} + +static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle, + struct files_struct *fsp) +{ + bool result; + + result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp); + do_log(SMB_VFS_OP_AIO_FORCE, result, handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static NTSTATUS smb_full_audit_durable_cookie(struct vfs_handle_struct *handle, + struct files_struct *fsp, + TALLOC_CTX *mem_ctx, + DATA_BLOB *cookie) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_DURABLE_COOKIE(handle, + fsp, + mem_ctx, + cookie); + + do_log(SMB_VFS_OP_DURABLE_COOKIE, NT_STATUS_IS_OK(result), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static NTSTATUS smb_full_audit_durable_disconnect( + struct vfs_handle_struct *handle, + struct files_struct *fsp, + const DATA_BLOB old_cookie, + TALLOC_CTX *mem_ctx, + DATA_BLOB *new_cookie) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_DURABLE_DISCONNECT(handle, + fsp, + old_cookie, + mem_ctx, + new_cookie); + + do_log(SMB_VFS_OP_DURABLE_DISCONNECT, NT_STATUS_IS_OK(result), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + +static NTSTATUS smb_full_audit_durable_reconnect( + struct vfs_handle_struct *handle, + struct smb_request *smb1req, + struct smbXsrv_open *op, + const DATA_BLOB old_cookie, + TALLOC_CTX *mem_ctx, + struct files_struct **fsp, + DATA_BLOB *new_cookie) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_DURABLE_RECONNECT(handle, + smb1req, + op, + old_cookie, + mem_ctx, + fsp, + new_cookie); + + do_log(SMB_VFS_OP_DURABLE_RECONNECT, + NT_STATUS_IS_OK(result), + handle, + ""); + + return result; +} + +static struct vfs_fn_pointers vfs_full_audit_fns = { + + /* Disk operations */ + + .connect_fn = smb_full_audit_connect, + .disconnect_fn = smb_full_audit_disconnect, + .disk_free_fn = smb_full_audit_disk_free, + .get_quota_fn = smb_full_audit_get_quota, + .set_quota_fn = smb_full_audit_set_quota, + .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data, + .statvfs_fn = smb_full_audit_statvfs, + .fs_capabilities_fn = smb_full_audit_fs_capabilities, + .get_dfs_referrals_fn = smb_full_audit_get_dfs_referrals, + .create_dfs_pathat_fn = smb_full_audit_create_dfs_pathat, + .read_dfs_pathat_fn = smb_full_audit_read_dfs_pathat, + .fdopendir_fn = smb_full_audit_fdopendir, + .readdir_fn = smb_full_audit_readdir, + .seekdir_fn = smb_full_audit_seekdir, + .telldir_fn = smb_full_audit_telldir, + .rewind_dir_fn = smb_full_audit_rewinddir, + .mkdirat_fn = smb_full_audit_mkdirat, + .closedir_fn = smb_full_audit_closedir, + .openat_fn = smb_full_audit_openat, + .create_file_fn = smb_full_audit_create_file, + .close_fn = smb_full_audit_close, + .pread_fn = smb_full_audit_pread, + .pread_send_fn = smb_full_audit_pread_send, + .pread_recv_fn = smb_full_audit_pread_recv, + .pwrite_fn = smb_full_audit_pwrite, + .pwrite_send_fn = smb_full_audit_pwrite_send, + .pwrite_recv_fn = smb_full_audit_pwrite_recv, + .lseek_fn = smb_full_audit_lseek, + .sendfile_fn = smb_full_audit_sendfile, + .recvfile_fn = smb_full_audit_recvfile, + .renameat_fn = smb_full_audit_renameat, + .fsync_send_fn = smb_full_audit_fsync_send, + .fsync_recv_fn = smb_full_audit_fsync_recv, + .stat_fn = smb_full_audit_stat, + .fstat_fn = smb_full_audit_fstat, + .lstat_fn = smb_full_audit_lstat, + .fstatat_fn = smb_full_audit_fstatat, + .get_alloc_size_fn = smb_full_audit_get_alloc_size, + .unlinkat_fn = smb_full_audit_unlinkat, + .fchmod_fn = smb_full_audit_fchmod, + .fchown_fn = smb_full_audit_fchown, + .lchown_fn = smb_full_audit_lchown, + .chdir_fn = smb_full_audit_chdir, + .getwd_fn = smb_full_audit_getwd, + .fntimes_fn = smb_full_audit_fntimes, + .ftruncate_fn = smb_full_audit_ftruncate, + .fallocate_fn = smb_full_audit_fallocate, + .lock_fn = smb_full_audit_lock, + .filesystem_sharemode_fn = smb_full_audit_filesystem_sharemode, + .fcntl_fn = smb_full_audit_fcntl, + .linux_setlease_fn = smb_full_audit_linux_setlease, + .getlock_fn = smb_full_audit_getlock, + .symlinkat_fn = smb_full_audit_symlinkat, + .readlinkat_fn = smb_full_audit_readlinkat, + .linkat_fn = smb_full_audit_linkat, + .mknodat_fn = smb_full_audit_mknodat, + .realpath_fn = smb_full_audit_realpath, + .fchflags_fn = smb_full_audit_fchflags, + .file_id_create_fn = smb_full_audit_file_id_create, + .fs_file_id_fn = smb_full_audit_fs_file_id, + .offload_read_send_fn = smb_full_audit_offload_read_send, + .offload_read_recv_fn = smb_full_audit_offload_read_recv, + .offload_write_send_fn = smb_full_audit_offload_write_send, + .offload_write_recv_fn = smb_full_audit_offload_write_recv, + .fget_compression_fn = smb_full_audit_fget_compression, + .set_compression_fn = smb_full_audit_set_compression, + .snap_check_path_fn = smb_full_audit_snap_check_path, + .snap_create_fn = smb_full_audit_snap_create, + .snap_delete_fn = smb_full_audit_snap_delete, + .fstreaminfo_fn = smb_full_audit_fstreaminfo, + .get_real_filename_at_fn = smb_full_audit_get_real_filename_at, + .connectpath_fn = smb_full_audit_connectpath, + .brl_lock_windows_fn = smb_full_audit_brl_lock_windows, + .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows, + .strict_lock_check_fn = smb_full_audit_strict_lock_check, + .translate_name_fn = smb_full_audit_translate_name, + .parent_pathname_fn = smb_full_audit_parent_pathname, + .fsctl_fn = smb_full_audit_fsctl, + .get_dos_attributes_send_fn = smb_full_audit_get_dos_attributes_send, + .get_dos_attributes_recv_fn = smb_full_audit_get_dos_attributes_recv, + .fget_dos_attributes_fn = smb_full_audit_fget_dos_attributes, + .fset_dos_attributes_fn = smb_full_audit_fset_dos_attributes, + .fget_nt_acl_fn = smb_full_audit_fget_nt_acl, + .fset_nt_acl_fn = smb_full_audit_fset_nt_acl, + .audit_file_fn = smb_full_audit_audit_file, + .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd, + .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd, + .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd, + .sys_acl_delete_def_fd_fn = smb_full_audit_sys_acl_delete_def_fd, + .getxattrat_send_fn = smb_full_audit_getxattrat_send, + .getxattrat_recv_fn = smb_full_audit_getxattrat_recv, + .fgetxattr_fn = smb_full_audit_fgetxattr, + .flistxattr_fn = smb_full_audit_flistxattr, + .fremovexattr_fn = smb_full_audit_fremovexattr, + .fsetxattr_fn = smb_full_audit_fsetxattr, + .aio_force_fn = smb_full_audit_aio_force, + .durable_cookie_fn = smb_full_audit_durable_cookie, + .durable_disconnect_fn = smb_full_audit_durable_disconnect, + .durable_reconnect_fn = smb_full_audit_durable_reconnect, + .freaddir_attr_fn = smb_full_audit_freaddir_attr, +}; + +static_decl_vfs; +NTSTATUS vfs_full_audit_init(TALLOC_CTX *ctx) +{ + NTSTATUS ret; + + smb_vfs_assert_all_fns(&vfs_full_audit_fns, "full_audit"); + + ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "full_audit", + &vfs_full_audit_fns); + + if (!NT_STATUS_IS_OK(ret)) + return ret; + + vfs_full_audit_debug_level = debug_add_class("full_audit"); + if (vfs_full_audit_debug_level == -1) { + vfs_full_audit_debug_level = DBGC_VFS; + DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging " + "class!\n")); + } else { + DEBUG(10, ("vfs_full_audit: Debug class number of " + "'full_audit': %d\n", vfs_full_audit_debug_level)); + } + + return ret; +} |