diff options
author | Andrew Tridgell <tridge@samba.org> | 2003-08-13 01:53:07 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2003-08-13 01:53:07 +0000 |
commit | ef2e26c91b80556af033d3335e55f5dfa6fff31d (patch) | |
tree | faa21bfd7e7b5247250b47c7891dc1a5ebee6be9 /source4/modules/vfs_audit.c | |
download | samba-ef2e26c91b80556af033d3335e55f5dfa6fff31d.tar.gz samba-ef2e26c91b80556af033d3335e55f5dfa6fff31d.tar.bz2 samba-ef2e26c91b80556af033d3335e55f5dfa6fff31d.zip |
first public release of samba4 code
(This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
Diffstat (limited to 'source4/modules/vfs_audit.c')
-rw-r--r-- | source4/modules/vfs_audit.c | 278 |
1 files changed, 278 insertions, 0 deletions
diff --git a/source4/modules/vfs_audit.c b/source4/modules/vfs_audit.c new file mode 100644 index 0000000000..b99d93d0f0 --- /dev/null +++ b/source4/modules/vfs_audit.c @@ -0,0 +1,278 @@ +/* + * Auditing VFS module for samba. Log selected file operations to syslog + * facility. + * + * Copyright (C) Tim Potter, 1999-2000 + * Copyright (C) Alexander Bokovoy, 2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "config.h" +#include <stdio.h> +#include <sys/stat.h> +#ifdef HAVE_UTIME_H +#include <utime.h> +#endif +#ifdef HAVE_DIRENT_H +#include <dirent.h> +#endif +#include <syslog.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#include <errno.h> +#include <string.h> +#include <includes.h> +#include <vfs.h> + +#ifndef SYSLOG_FACILITY +#define SYSLOG_FACILITY LOG_USER +#endif + +#ifndef SYSLOG_PRIORITY +#define SYSLOG_PRIORITY LOG_NOTICE +#endif + +/* Function prototypes */ + +static int audit_connect(struct tcon_context *conn, const char *svc, const char *user); +static void audit_disconnect(struct tcon_context *conn); +static DIR *audit_opendir(struct tcon_context *conn, const char *fname); +static int audit_mkdir(struct tcon_context *conn, const char *path, mode_t mode); +static int audit_rmdir(struct tcon_context *conn, const char *path); +static int audit_open(struct tcon_context *conn, const char *fname, int flags, mode_t mode); +static int audit_close(struct files_struct *fsp, int fd); +static int audit_rename(struct tcon_context *conn, const char *old, const char *new); +static int audit_unlink(struct tcon_context *conn, const char *path); +static int audit_chmod(struct tcon_context *conn, const char *path, mode_t mode); +static int audit_chmod_acl(struct tcon_context *conn, const char *name, mode_t mode); +static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode); +static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode); + +/* VFS operations */ + +static struct vfs_ops default_vfs_ops; /* For passthrough operation */ +static struct smb_vfs_handle_struct *audit_handle; + +static vfs_op_tuple audit_ops[] = { + + /* Disk operations */ + + {audit_connect, SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_LOGGER}, + {audit_disconnect, SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_LOGGER}, + + /* Directory operations */ + + {audit_opendir, SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_LOGGER}, + {audit_mkdir, SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_LOGGER}, + {audit_rmdir, SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_LOGGER}, + + /* File operations */ + + {audit_open, SMB_VFS_OP_OPEN, SMB_VFS_LAYER_LOGGER}, + {audit_close, SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_LOGGER}, + {audit_rename, SMB_VFS_OP_RENAME, SMB_VFS_LAYER_LOGGER}, + {audit_unlink, SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_LOGGER}, + {audit_chmod, SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_LOGGER}, + {audit_fchmod, SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_LOGGER}, + {audit_chmod_acl, SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_LOGGER}, + {audit_fchmod_acl, SMB_VFS_OP_FCHMOD_ACL, SMB_VFS_LAYER_LOGGER}, + + /* Finish VFS operations definition */ + + {NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + +/* VFS initialisation function. Return vfs_op_tuple array back to SAMBA. */ + +vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops, + struct smb_vfs_handle_struct *vfs_handle) +{ + *vfs_version = SMB_VFS_INTERFACE_VERSION; + memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops)); + + audit_handle = vfs_handle; + + openlog("smbd_audit", LOG_PID, SYSLOG_FACILITY); + syslog(SYSLOG_PRIORITY, "VFS_INIT: vfs_ops loaded\n"); + return audit_ops; +} + +/* VFS finalization function. */ +void vfs_done(struct tcon_context *conn) +{ + syslog(SYSLOG_PRIORITY, "VFS_DONE: vfs module unloaded\n"); +} + +/* Implementation of vfs_ops. Pass everything on to the default + operation but log event first. */ + +static int audit_connect(struct tcon_context *conn, const char *svc, const char *user) +{ + syslog(SYSLOG_PRIORITY, "connect to service %s by user %s\n", + svc, user); + + return default_vfs_ops.connect(conn, svc, user); +} + +static void audit_disconnect(struct tcon_context *conn) +{ + syslog(SYSLOG_PRIORITY, "disconnected\n"); + default_vfs_ops.disconnect(conn); +} + +static DIR *audit_opendir(struct tcon_context *conn, const char *fname) +{ + DIR *result = default_vfs_ops.opendir(conn, fname); + + syslog(SYSLOG_PRIORITY, "opendir %s %s%s\n", + fname, + (result == NULL) ? "failed: " : "", + (result == NULL) ? strerror(errno) : ""); + + return result; +} + +static int audit_mkdir(struct tcon_context *conn, const char *path, mode_t mode) +{ + int result = default_vfs_ops.mkdir(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "mkdir %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_rmdir(struct tcon_context *conn, const char *path) +{ + int result = default_vfs_ops.rmdir(conn, path); + + syslog(SYSLOG_PRIORITY, "rmdir %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_open(struct tcon_context *conn, const char *fname, int flags, mode_t mode) +{ + int result = default_vfs_ops.open(conn, fname, flags, mode); + + syslog(SYSLOG_PRIORITY, "open %s (fd %d) %s%s%s\n", + fname, result, + ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "", + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_close(struct files_struct *fsp, int fd) +{ + int result = default_vfs_ops.close(fsp, fd); + + syslog(SYSLOG_PRIORITY, "close fd %d %s%s\n", + fd, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_rename(struct tcon_context *conn, const char *old, const char *new) +{ + int result = default_vfs_ops.rename(conn, old, new); + + syslog(SYSLOG_PRIORITY, "rename %s -> %s %s%s\n", + old, new, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_unlink(struct tcon_context *conn, const char *path) +{ + int result = default_vfs_ops.unlink(conn, path); + + syslog(SYSLOG_PRIORITY, "unlink %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_chmod(struct tcon_context *conn, const char *path, mode_t mode) +{ + int result = default_vfs_ops.chmod(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "chmod %s mode 0x%x %s%s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_chmod_acl(struct tcon_context *conn, const char *path, mode_t mode) +{ + int result; + + if ( !default_vfs_ops.chmod_acl ) + return 0; + + result = default_vfs_ops.chmod_acl(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "chmod_acl %s mode 0x%x %s%s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode) +{ + int result = default_vfs_ops.fchmod(fsp, fd, mode); + + syslog(SYSLOG_PRIORITY, "fchmod %s mode 0x%x %s%s\n", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode) +{ + int result; + + if ( !default_vfs_ops.fchmod_acl ) + return 0; + + result = default_vfs_ops.fchmod_acl(fsp, fd, mode); + + syslog(SYSLOG_PRIORITY, "fchmod_acl %s mode 0x%x %s%s\n", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} |