diff options
-rw-r--r-- | source3/modules/vfs_extd_audit.c | 293 |
1 files changed, 198 insertions, 95 deletions
diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c index 06cddc78e4..0cc60f4afd 100644 --- a/source3/modules/vfs_extd_audit.c +++ b/source3/modules/vfs_extd_audit.c @@ -25,6 +25,8 @@ #include "includes.h" +extern struct current_user current_user; + static int vfs_extd_audit_debug_level = DBGC_VFS; #undef DBGC_CLASS @@ -106,10 +108,17 @@ static int audit_connect(vfs_handle_struct *handle, connection_struct *conn, con openlog("smbd_audit", LOG_PID, audit_syslog_facility(handle)); - syslog(audit_syslog_priority(handle), "connect to service %s by user %s\n", - svc, user); - DEBUG(10, ("Connected to service %s as user %s\n", - svc, user)); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|connect|%s\n", current_user.uid, + handle->conn->client_address, svc); + } else { + syslog(audit_syslog_priority(handle), + "connect to service %s by user %s\n", svc, user); + DEBUG(10, ("Connected to service %s as user %s\n", + svc, user)); + } result = SMB_VFS_NEXT_CONNECT(handle, conn, svc, user); @@ -118,8 +127,17 @@ static int audit_connect(vfs_handle_struct *handle, connection_struct *conn, con static void audit_disconnect(vfs_handle_struct *handle, connection_struct *conn) { - syslog(audit_syslog_priority(handle), "disconnected\n"); - DEBUG(10, ("Disconnected from VFS module extd_audit\n")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|disconnect|%s\n", current_user.uid, + handle->conn->client_address, + lp_servicename(SNUM(conn))); + } else { + syslog(audit_syslog_priority(handle), "disconnected\n"); + DEBUG(10, ("Disconnected from VFS module extd_audit\n")); + } + SMB_VFS_NEXT_DISCONNECT(handle, conn); return; @@ -131,14 +149,21 @@ static DIR *audit_opendir(vfs_handle_struct *handle, connection_struct *conn, co result = SMB_VFS_NEXT_OPENDIR(handle, conn, fname); - syslog(audit_syslog_priority(handle), "opendir %s %s%s\n", - fname, - (result == NULL) ? "failed: " : "", - (result == NULL) ? strerror(errno) : ""); - DEBUG(1, ("vfs_extd_audit: opendir %s %s %s\n", - fname, - (result == NULL) ? "failed: " : "", - (result == NULL) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|opendir|%s\n", current_user.uid, + handle->conn->client_address, fname); + } else { + syslog(audit_syslog_priority(handle), "opendir %s %s%s\n", + fname, + (result == NULL) ? "failed: " : "", + (result == NULL) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: opendir %s %s %s\n", + fname, + (result == NULL) ? "failed: " : "", + (result == NULL) ? strerror(errno) : "")); + } return result; } @@ -149,14 +174,21 @@ static int audit_mkdir(vfs_handle_struct *handle, connection_struct *conn, const result = SMB_VFS_NEXT_MKDIR(handle, conn, path, mode); - syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n", - path, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : ""); - DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n", - path, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|mkdir|%s\n", current_user.uid, + handle->conn->client_address, path); + } else { + syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + } return result; } @@ -167,14 +199,21 @@ static int audit_rmdir(vfs_handle_struct *handle, connection_struct *conn, const result = SMB_VFS_NEXT_RMDIR(handle, conn, path); - syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n", - path, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : ""); - DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n", - path, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|rmdir|%s\n", current_user.uid, + handle->conn->client_address, path); + } else { + syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + } return result; } @@ -185,15 +224,26 @@ static int audit_open(vfs_handle_struct *handle, connection_struct *conn, const result = SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode); - syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n", - fname, result, - ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "", - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : ""); - DEBUG(2, ("vfs_extd_audit: open %s %s %s\n", - fname, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|open|%s|%s\n", current_user.uid, + handle->conn->client_address, + ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r", + fname); + } else { + syslog(audit_syslog_priority(handle), + "open %s (fd %d) %s%s%s\n", + fname, result, + ((flags & O_WRONLY) || (flags & O_RDWR)) + ? "for writing " : "", + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(2, ("vfs_extd_audit: open %s %s %s\n", + fname, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + } return result; } @@ -204,14 +254,21 @@ static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd) result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd); - syslog(audit_syslog_priority(handle), "close fd %d %s%s\n", - fd, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : ""); - DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n", - fd, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|close|%s\n", current_user.uid, + handle->conn->client_address, fsp->fsp_name); + } else { + syslog(audit_syslog_priority(handle), "close fd %d %s%s\n", + fd, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n", + fd, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + } return result; } @@ -222,14 +279,21 @@ static int audit_rename(vfs_handle_struct *handle, connection_struct *conn, cons result = SMB_VFS_NEXT_RENAME(handle, conn, old, new); - syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n", - old, new, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : ""); - DEBUG(1, ("vfs_extd_audit: rename old: %s new: %s %s %s\n", - old, new, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|rename|%s|%s\n", current_user.uid, + handle->conn->client_address, old, new); + } else { + syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n", + old, new, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: rename old: %s new: %s %s %s\n", + old, new, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + } return result; } @@ -240,14 +304,21 @@ static int audit_unlink(vfs_handle_struct *handle, connection_struct *conn, cons result = SMB_VFS_NEXT_UNLINK(handle, conn, path); - syslog(audit_syslog_priority(handle), "unlink %s %s%s\n", - path, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : ""); - DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n", - path, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|unlink|%s\n", current_user.uid, + handle->conn->client_address, path); + } else { + syslog(audit_syslog_priority(handle), "unlink %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + } return result; } @@ -258,14 +329,22 @@ static int audit_chmod(vfs_handle_struct *handle, connection_struct *conn, const result = SMB_VFS_NEXT_CHMOD(handle, conn, path, mode); - syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n", - path, mode, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : ""); - DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n", - path, mode, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|chmod|%s|%o\n", current_user.uid, + handle->conn->client_address, path, mode); + } else { + syslog(audit_syslog_priority(handle), + "chmod %s mode 0x%x %s%s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + } return result; } @@ -276,14 +355,22 @@ static int audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn, c result = SMB_VFS_NEXT_CHMOD_ACL(handle, conn, path, mode); - syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n", - path, mode, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : ""); - DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n", - path, mode, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|chmod_acl|%s|%o\n", current_user.uid, + handle->conn->client_address, path, mode); + } else { + syslog(audit_syslog_priority(handle), + "chmod_acl %s mode 0x%x %s%s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + } return result; } @@ -294,14 +381,22 @@ static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mo result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode); - syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n", - fsp->fsp_name, mode, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : ""); - DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s", - fsp->fsp_name, mode, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|fchmod|%s|%o\n", current_user.uid, + handle->conn->client_address, fsp->fsp_name, mode); + } else { + syslog(audit_syslog_priority(handle), + "fchmod %s mode 0x%x %s%s\n", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + } return result; } @@ -312,14 +407,22 @@ static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode); - syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n", - fsp->fsp_name, mode, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : ""); - DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s", - fsp->fsp_name, mode, - (result < 0) ? "failed: " : "", - (result < 0) ? strerror(errno) : "")); + if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable", + False)) { + syslog(audit_syslog_priority(handle), + "%d|%s|fchmod_acl|%s|%o\n", current_user.uid, + handle->conn->client_address, fsp->fsp_name, mode); + } else { + syslog(audit_syslog_priority(handle), + "fchmod_acl %s mode 0x%x %s%s\n", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : "")); + } return result; } |