summaryrefslogtreecommitdiff
path: root/source3/modules/vfs_full_audit.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/modules/vfs_full_audit.c')
-rw-r--r--source3/modules/vfs_full_audit.c84
1 files changed, 64 insertions, 20 deletions
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index d9d898dc0e..52e245a176 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -35,6 +35,9 @@
* full_audit:success = open opendir
* full_audit:failure = all
*
+ * vfs op can be "all" which means log all operations.
+ * vfs op can be "none" which means no logging.
+ *
* This leads to syslog entries of the form:
* smbd_audit: nobody|192.168.234.1|opendir|ok|.
* smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
@@ -61,6 +64,11 @@ extern struct current_user current_user;
static int vfs_full_audit_debug_level = DBGC_VFS;
+struct vfs_full_audit_private_data {
+ struct bitmap *success_ops;
+ struct bitmap *failure_ops;
+};
+
#undef DBGC_CLASS
#define DBGC_CLASS vfs_full_audit_debug_level
@@ -662,24 +670,33 @@ static char *audit_prefix(connection_struct *conn)
return prefix;
}
-static struct bitmap *success_ops = NULL;
-
-static BOOL log_success(vfs_op_type op)
+static BOOL log_success(vfs_handle_struct *handle, vfs_op_type op)
{
- if (success_ops == NULL)
+ struct vfs_full_audit_private_data *pd = NULL;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, pd,
+ struct vfs_full_audit_private_data,
+ return True);
+
+ if (pd->success_ops == NULL) {
return True;
+ }
- return bitmap_query(success_ops, op);
+ return bitmap_query(pd->success_ops, op);
}
-static struct bitmap *failure_ops = NULL;
-
-static BOOL log_failure(vfs_op_type op)
+static BOOL log_failure(vfs_handle_struct *handle, vfs_op_type op)
{
- if (failure_ops == NULL)
+ struct vfs_full_audit_private_data *pd = NULL;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, pd,
+ struct vfs_full_audit_private_data,
+ return True);
+
+ if (pd->failure_ops == NULL)
return True;
- return bitmap_query(failure_ops, op);
+ return bitmap_query(pd->failure_ops, op);
}
static void init_bitmap(struct bitmap **bm, const char **ops)
@@ -706,6 +723,10 @@ static void init_bitmap(struct bitmap **bm, const char **ops)
break;
}
+ if (strequal(*ops, "none")) {
+ break;
+ }
+
for (i=0; i<SMB_VFS_OP_LAST; i++) {
if (vfs_op_names[i].name == NULL) {
smb_panic("vfs_full_audit.c: name table not "
@@ -747,10 +768,10 @@ static void do_log(vfs_op_type op, BOOL success, vfs_handle_struct *handle,
pstring op_msg;
va_list ap;
- if (success && (!log_success(op)))
+ if (success && (!log_success(handle, op)))
return;
- if (!success && (!log_failure(op)))
+ if (!success && (!log_failure(handle, op)))
return;
if (success)
@@ -768,6 +789,22 @@ static void do_log(vfs_op_type op, BOOL success, vfs_handle_struct *handle,
return;
}
+/* Free function for the private data. */
+
+static void free_private_data(void **p_data)
+{
+ struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
+
+ if (pd->success_ops) {
+ bitmap_free(pd->success_ops);
+ }
+ if (pd->failure_ops) {
+ bitmap_free(pd->failure_ops);
+ }
+ SAFE_FREE(pd);
+ *p_data = NULL;
+}
+
/* Implementation of vfs_ops. Pass everything on to the default
operation but log event first. */
@@ -775,18 +812,29 @@ static int smb_full_audit_connect(vfs_handle_struct *handle, connection_struct *
const char *svc, const char *user)
{
int result;
+ struct vfs_full_audit_private_data *pd = NULL;
const char *none[] = { NULL };
const char *all [] = { "all" };
+ pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
+ if (!pd) {
+ return -1;
+ }
+ ZERO_STRUCTP(pd);
+
openlog("smbd_audit", 0, audit_syslog_facility(handle));
- init_bitmap(&success_ops,
+ init_bitmap(&pd->success_ops,
lp_parm_string_list(SNUM(conn), "full_audit", "success",
none));
- init_bitmap(&failure_ops,
+ init_bitmap(&pd->failure_ops,
lp_parm_string_list(SNUM(conn), "full_audit", "failure",
all));
+ /* Store the private data. */
+ SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
+ struct vfs_full_audit_private_data, return -1);
+
result = SMB_VFS_NEXT_CONNECT(handle, conn, svc, user);
do_log(SMB_VFS_OP_CONNECT, True, handle,
@@ -803,11 +851,8 @@ static void smb_full_audit_disconnect(vfs_handle_struct *handle,
do_log(SMB_VFS_OP_DISCONNECT, True, handle,
"%s", lp_servicename(SNUM(conn)));
- bitmap_free(success_ops);
- success_ops = NULL;
-
- bitmap_free(failure_ops);
- failure_ops = NULL;
+ /* The bitmaps will be disconnected when the private
+ data is deleted. */
return;
}
@@ -2003,4 +2048,3 @@ NTSTATUS vfs_full_audit_init(void)
return ret;
}
-