/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- audit_syslog_facility
- audit_syslog_priority
- audit_connect
- audit_disconnect
- audit_opendir
- audit_mkdir
- audit_rmdir
- audit_open
- audit_close
- audit_rename
- audit_unlink
- audit_chmod
- audit_chmod_acl
- audit_fchmod
- audit_fchmod_acl
- vfs_extd_audit_init
1 /*
2 * Auditing VFS module for samba. Log selected file operations to syslog
3 * facility.
4 *
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 */
23
24
25 #include "includes.h"
26
27 static int vfs_extd_audit_debug_level = DBGC_VFS;
28
29 #undef DBGC_CLASS
30 #define DBGC_CLASS vfs_extd_audit_debug_level
31
32 /* Function prototypes */
33
34 static int audit_connect(vfs_handle_struct *handle, const char *svc, const char *user);
35 static void audit_disconnect(vfs_handle_struct *handle);
36 static SMB_STRUCT_DIR *audit_opendir(vfs_handle_struct *handle, const char *fname, const char *mask, uint32 attr);
37 static int audit_mkdir(vfs_handle_struct *handle, const char *path, mode_t mode);
38 static int audit_rmdir(vfs_handle_struct *handle, const char *path);
39 static int audit_open(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode);
40 static int audit_close(vfs_handle_struct *handle, files_struct *fsp);
41 static int audit_rename(vfs_handle_struct *handle, const char *oldname, const char *newname);
42 static int audit_unlink(vfs_handle_struct *handle, const char *path);
43 static int audit_chmod(vfs_handle_struct *handle, const char *path, mode_t mode);
44 static int audit_chmod_acl(vfs_handle_struct *handle, const char *name, mode_t mode);
45 static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode);
46 static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t mode);
47
48 /* VFS operations */
49
50 static vfs_op_tuple audit_op_tuples[] = {
51
52 /* Disk operations */
53
54 {SMB_VFS_OP(audit_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_LOGGER},
55 {SMB_VFS_OP(audit_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_LOGGER},
56
57 /* Directory operations */
58
59 {SMB_VFS_OP(audit_opendir), SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_LOGGER},
60 {SMB_VFS_OP(audit_mkdir), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_LOGGER},
61 {SMB_VFS_OP(audit_rmdir), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_LOGGER},
62
63 /* File operations */
64
65 {SMB_VFS_OP(audit_open), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_LOGGER},
66 {SMB_VFS_OP(audit_close), SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_LOGGER},
67 {SMB_VFS_OP(audit_rename), SMB_VFS_OP_RENAME, SMB_VFS_LAYER_LOGGER},
68 {SMB_VFS_OP(audit_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_LOGGER},
69 {SMB_VFS_OP(audit_chmod), SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_LOGGER},
70 {SMB_VFS_OP(audit_fchmod), SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_LOGGER},
71 {SMB_VFS_OP(audit_chmod_acl), SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_LOGGER},
72 {SMB_VFS_OP(audit_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL, SMB_VFS_LAYER_LOGGER},
73
74 /* Finish VFS operations definition */
75
76 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
77 };
78
79
80 static int audit_syslog_facility(vfs_handle_struct *handle)
/* [<][>][^][v][top][bottom][index][help] */
81 {
82 static const struct enum_list enum_log_facilities[] = {
83 { LOG_USER, "USER" },
84 { LOG_LOCAL0, "LOCAL0" },
85 { LOG_LOCAL1, "LOCAL1" },
86 { LOG_LOCAL2, "LOCAL2" },
87 { LOG_LOCAL3, "LOCAL3" },
88 { LOG_LOCAL4, "LOCAL4" },
89 { LOG_LOCAL5, "LOCAL5" },
90 { LOG_LOCAL6, "LOCAL6" },
91 { LOG_LOCAL7, "LOCAL7" }
92 };
93
94 int facility;
95
96 facility = lp_parm_enum(SNUM(handle->conn), "extd_audit", "facility", enum_log_facilities, LOG_USER);
97
98 return facility;
99 }
100
101
102 static int audit_syslog_priority(vfs_handle_struct *handle)
/* [<][>][^][v][top][bottom][index][help] */
103 {
104 static const struct enum_list enum_log_priorities[] = {
105 { LOG_EMERG, "EMERG" },
106 { LOG_ALERT, "ALERT" },
107 { LOG_CRIT, "CRIT" },
108 { LOG_ERR, "ERR" },
109 { LOG_WARNING, "WARNING" },
110 { LOG_NOTICE, "NOTICE" },
111 { LOG_INFO, "INFO" },
112 { LOG_DEBUG, "DEBUG" }
113 };
114
115 int priority;
116
117 priority = lp_parm_enum(SNUM(handle->conn), "extd_audit", "priority",
118 enum_log_priorities, LOG_NOTICE);
119 if (priority == -1) {
120 priority = LOG_WARNING;
121 }
122
123 return priority;
124 }
125
126 /* Implementation of vfs_ops. Pass everything on to the default
127 operation but log event first. */
128
129 static int audit_connect(vfs_handle_struct *handle, const char *svc, const char *user)
/* [<][>][^][v][top][bottom][index][help] */
130 {
131 int result;
132
133 openlog("smbd_audit", LOG_PID, audit_syslog_facility(handle));
134
135 if (lp_syslog() > 0) {
136 syslog(audit_syslog_priority(handle),
137 "connect to service %s by user %s\n",
138 svc, user);
139 }
140 DEBUG(10, ("Connected to service %s as user %s\n",
141 svc, user));
142
143 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
144
145 return result;
146 }
147
148 static void audit_disconnect(vfs_handle_struct *handle)
/* [<][>][^][v][top][bottom][index][help] */
149 {
150 if (lp_syslog() > 0) {
151 syslog(audit_syslog_priority(handle), "disconnected\n");
152 }
153 DEBUG(10, ("Disconnected from VFS module extd_audit\n"));
154 SMB_VFS_NEXT_DISCONNECT(handle);
155
156 return;
157 }
158
159 static SMB_STRUCT_DIR *audit_opendir(vfs_handle_struct *handle, const char *fname, const char *mask, uint32 attr)
/* [<][>][^][v][top][bottom][index][help] */
160 {
161 SMB_STRUCT_DIR *result;
162
163 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
164
165 if (lp_syslog() > 0) {
166 syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",
167 fname,
168 (result == NULL) ? "failed: " : "",
169 (result == NULL) ? strerror(errno) : "");
170 }
171 DEBUG(1, ("vfs_extd_audit: opendir %s %s %s\n",
172 fname,
173 (result == NULL) ? "failed: " : "",
174 (result == NULL) ? strerror(errno) : ""));
175
176 return result;
177 }
178
179 static int audit_mkdir(vfs_handle_struct *handle, const char *path, mode_t mode)
/* [<][>][^][v][top][bottom][index][help] */
180 {
181 int result;
182
183 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
184
185 if (lp_syslog() > 0) {
186 syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n",
187 path,
188 (result < 0) ? "failed: " : "",
189 (result < 0) ? strerror(errno) : "");
190 }
191 DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n",
192 path,
193 (result < 0) ? "failed: " : "",
194 (result < 0) ? strerror(errno) : ""));
195
196 return result;
197 }
198
199 static int audit_rmdir(vfs_handle_struct *handle, const char *path)
/* [<][>][^][v][top][bottom][index][help] */
200 {
201 int result;
202
203 result = SMB_VFS_NEXT_RMDIR(handle, path);
204
205 if (lp_syslog() > 0) {
206 syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n",
207 path,
208 (result < 0) ? "failed: " : "",
209 (result < 0) ? strerror(errno) : "");
210 }
211 DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n",
212 path,
213 (result < 0) ? "failed: " : "",
214 (result < 0) ? strerror(errno) : ""));
215
216 return result;
217 }
218
219 static int audit_open(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode)
/* [<][>][^][v][top][bottom][index][help] */
220 {
221 int result;
222
223 result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
224
225 if (lp_syslog() > 0) {
226 syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n",
227 fname, result,
228 ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "",
229 (result < 0) ? "failed: " : "",
230 (result < 0) ? strerror(errno) : "");
231 }
232 DEBUG(2, ("vfs_extd_audit: open %s %s %s\n",
233 fname,
234 (result < 0) ? "failed: " : "",
235 (result < 0) ? strerror(errno) : ""));
236
237 return result;
238 }
239
240 static int audit_close(vfs_handle_struct *handle, files_struct *fsp)
/* [<][>][^][v][top][bottom][index][help] */
241 {
242 int result;
243
244 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
245
246 if (lp_syslog() > 0) {
247 syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",
248 fsp->fh->fd,
249 (result < 0) ? "failed: " : "",
250 (result < 0) ? strerror(errno) : "");
251 }
252 DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n",
253 fsp->fh->fd,
254 (result < 0) ? "failed: " : "",
255 (result < 0) ? strerror(errno) : ""));
256
257 return result;
258 }
259
260 static int audit_rename(vfs_handle_struct *handle, const char *oldname, const char *newname)
/* [<][>][^][v][top][bottom][index][help] */
261 {
262 int result;
263
264 result = SMB_VFS_NEXT_RENAME(handle, oldname, newname);
265
266 if (lp_syslog() > 0) {
267 syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",
268 oldname, newname,
269 (result < 0) ? "failed: " : "",
270 (result < 0) ? strerror(errno) : "");
271 }
272 DEBUG(1, ("vfs_extd_audit: rename old: %s newname: %s %s %s\n",
273 oldname, newname,
274 (result < 0) ? "failed: " : "",
275 (result < 0) ? strerror(errno) : ""));
276
277 return result;
278 }
279
280 static int audit_unlink(vfs_handle_struct *handle, const char *path)
/* [<][>][^][v][top][bottom][index][help] */
281 {
282 int result;
283
284 result = SMB_VFS_NEXT_UNLINK(handle, path);
285
286 if (lp_syslog() > 0) {
287 syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",
288 path,
289 (result < 0) ? "failed: " : "",
290 (result < 0) ? strerror(errno) : "");
291 }
292 DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n",
293 path,
294 (result < 0) ? "failed: " : "",
295 (result < 0) ? strerror(errno) : ""));
296
297 return result;
298 }
299
300 static int audit_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
/* [<][>][^][v][top][bottom][index][help] */
301 {
302 int result;
303
304 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
305
306 if (lp_syslog() > 0) {
307 syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
308 path, mode,
309 (result < 0) ? "failed: " : "",
310 (result < 0) ? strerror(errno) : "");
311 }
312 DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n",
313 path, (unsigned int)mode,
314 (result < 0) ? "failed: " : "",
315 (result < 0) ? strerror(errno) : ""));
316
317 return result;
318 }
319
320 static int audit_chmod_acl(vfs_handle_struct *handle, const char *path, mode_t mode)
/* [<][>][^][v][top][bottom][index][help] */
321 {
322 int result;
323
324 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
325
326 if (lp_syslog() > 0) {
327 syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n",
328 path, mode,
329 (result < 0) ? "failed: " : "",
330 (result < 0) ? strerror(errno) : "");
331 }
332 DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n",
333 path, (unsigned int)mode,
334 (result < 0) ? "failed: " : "",
335 (result < 0) ? strerror(errno) : ""));
336
337 return result;
338 }
339
340 static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
/* [<][>][^][v][top][bottom][index][help] */
341 {
342 int result;
343
344 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
345
346 if (lp_syslog() > 0) {
347 syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n",
348 fsp->fsp_name, mode,
349 (result < 0) ? "failed: " : "",
350 (result < 0) ? strerror(errno) : "");
351 }
352 DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s",
353 fsp->fsp_name, (unsigned int)mode,
354 (result < 0) ? "failed: " : "",
355 (result < 0) ? strerror(errno) : ""));
356
357 return result;
358 }
359
360 static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
/* [<][>][^][v][top][bottom][index][help] */
361 {
362 int result;
363
364 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
365
366 if (lp_syslog() > 0) {
367 syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n",
368 fsp->fsp_name, mode,
369 (result < 0) ? "failed: " : "",
370 (result < 0) ? strerror(errno) : "");
371 }
372 DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s",
373 fsp->fsp_name, (unsigned int)mode,
374 (result < 0) ? "failed: " : "",
375 (result < 0) ? strerror(errno) : ""));
376
377 return result;
378 }
379
380 NTSTATUS vfs_extd_audit_init(void);
381 NTSTATUS vfs_extd_audit_init(void)
/* [<][>][^][v][top][bottom][index][help] */
382 {
383 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "extd_audit", audit_op_tuples);
384
385 if (!NT_STATUS_IS_OK(ret))
386 return ret;
387
388 vfs_extd_audit_debug_level = debug_add_class("extd_audit");
389 if (vfs_extd_audit_debug_level == -1) {
390 vfs_extd_audit_debug_level = DBGC_VFS;
391 DEBUG(0, ("vfs_extd_audit: Couldn't register custom debugging class!\n"));
392 } else {
393 DEBUG(10, ("vfs_extd_audit: Debug class number of 'extd_audit': %d\n", vfs_extd_audit_debug_level));
394 }
395
396 return ret;
397 }