📄 vfs_full_audit.c
字号:
/* * Auditing VFS module for samba. Log selected file operations to syslog * facility. * * Copyright (C) Tim Potter, 1999-2000 * Copyright (C) Alexander Bokovoy, 2002 * Copyright (C) John H Terpstra, 2003 * Copyright (C) Stefan (metze) Metzmacher, 2003 * Copyright (C) Volker Lendecke, 2004 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. *//* * This module implements parseable logging for all Samba VFS operations. * * You use it as follows: * * [tmp] * path = /tmp * vfs objects = full_audit * full_audit:prefix = %u|%I * full_audit:success = open opendir * full_audit:failure = all * * vfs op can be "all" which means log all operations. * vfs op can be "none" which means no logging. * * This leads to syslog entries of the form: * smbd_audit: nobody|192.168.234.1|opendir|ok|. * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt * * where "nobody" is the connected username and "192.168.234.1" is the * client's IP address. * * Options: * * prefix: A macro expansion template prepended to the syslog entry. * * success: A list of VFS operations for which a successful completion should * be logged. Defaults to no logging at all. The special operation "all" logs * - you guessed it - everything. * * failure: A list of VFS operations for which failure to complete should be * logged. Defaults to logging everything. */#include "includes.h"extern struct current_user current_user;static int vfs_full_audit_debug_level = DBGC_VFS;struct vfs_full_audit_private_data { struct bitmap *success_ops; struct bitmap *failure_ops;};#undef DBGC_CLASS#define DBGC_CLASS vfs_full_audit_debug_level/* Function prototypes */static int smb_full_audit_connect(vfs_handle_struct *handle, connection_struct *conn, const char *svc, const char *user);static void smb_full_audit_disconnect(vfs_handle_struct *handle, connection_struct *conn);static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle, connection_struct *conn, const char *path, BOOL small_query, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);static int smb_full_audit_get_quota(struct vfs_handle_struct *handle, struct connection_struct *conn, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *qt);static int smb_full_audit_set_quota(struct vfs_handle_struct *handle, struct connection_struct *conn, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *qt);static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle, struct files_struct *fsp, SHADOW_COPY_DATA *shadow_copy_data, BOOL labels);static int smb_full_audit_statvfs(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, struct vfs_statvfs_struct *statbuf);static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle, connection_struct *conn, const char *fname, const char *mask, uint32 attr);static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle, connection_struct *conn, SMB_STRUCT_DIR *dirp);static void smb_full_audit_seekdir(vfs_handle_struct *handle, connection_struct *conn, SMB_STRUCT_DIR *dirp, long offset);static long smb_full_audit_telldir(vfs_handle_struct *handle, connection_struct *conn, SMB_STRUCT_DIR *dirp);static void smb_full_audit_rewinddir(vfs_handle_struct *handle, connection_struct *conn, SMB_STRUCT_DIR *dirp);static int smb_full_audit_mkdir(vfs_handle_struct *handle, connection_struct *conn, const char *path, mode_t mode);static int smb_full_audit_rmdir(vfs_handle_struct *handle, connection_struct *conn, const char *path);static int smb_full_audit_closedir(vfs_handle_struct *handle, connection_struct *conn, SMB_STRUCT_DIR *dirp);static int smb_full_audit_open(vfs_handle_struct *handle, connection_struct *conn, const char *fname, int flags, mode_t mode);static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp, int fd, void *data, size_t n);static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp, int fd, void *data, size_t n, SMB_OFF_T offset);static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp, int fd, const void *data, size_t n);static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp, int fd, const void *data, size_t n, SMB_OFF_T offset);static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp, int filedes, SMB_OFF_T offset, int whence);static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd, files_struct *fsp, int fromfd, const DATA_BLOB *hdr, SMB_OFF_T offset, size_t n);static int smb_full_audit_rename(vfs_handle_struct *handle, connection_struct *conn, const char *oldname, const char *newname);static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd);static int smb_full_audit_stat(vfs_handle_struct *handle, connection_struct *conn, const char *fname, SMB_STRUCT_STAT *sbuf);static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_STRUCT_STAT *sbuf);static int smb_full_audit_lstat(vfs_handle_struct *handle, connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf);static int smb_full_audit_unlink(vfs_handle_struct *handle, connection_struct *conn, const char *path);static int smb_full_audit_chmod(vfs_handle_struct *handle, connection_struct *conn, const char *path, mode_t mode);static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode);static int smb_full_audit_chown(vfs_handle_struct *handle, connection_struct *conn, const char *path, uid_t uid, gid_t gid);static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd, uid_t uid, gid_t gid);static int smb_full_audit_chdir(vfs_handle_struct *handle, connection_struct *conn, const char *path);static char *smb_full_audit_getwd(vfs_handle_struct *handle, connection_struct *conn, char *path);static int smb_full_audit_utime(vfs_handle_struct *handle, connection_struct *conn, const char *path, struct utimbuf *times);static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_OFF_T len);static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type);static int smb_full_audit_symlink(vfs_handle_struct *handle, connection_struct *conn, const char *oldpath, const char *newpath);static int smb_full_audit_readlink(vfs_handle_struct *handle, connection_struct *conn, const char *path, char *buf, size_t bufsiz);static int smb_full_audit_link(vfs_handle_struct *handle, connection_struct *conn, const char *oldpath, const char *newpath);static int smb_full_audit_mknod(vfs_handle_struct *handle, connection_struct *conn, const char *pathname, mode_t mode, SMB_DEV_T dev);static char *smb_full_audit_realpath(vfs_handle_struct *handle, connection_struct *conn, const char *path, char *resolved_path);static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, SEC_DESC **ppdesc);static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, SEC_DESC **ppdesc);static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd);static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd);static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn, const char *path, mode_t mode);static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode);static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p);static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p);static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p);static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry_d);static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle, connection_struct *conn, const char *path_p, SMB_ACL_TYPE_T type);static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd);static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_PERMSET_T permset);static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T theacl, ssize_t *plen);static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle, connection_struct *conn, int count);static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry);static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype);static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry, void *qual);static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset);static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T theacl );static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle, connection_struct *conn, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_ACL_T theacl);static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle, connection_struct *conn, const char *path);static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle, connection_struct *conn, char *text);static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle, connection_struct *conn, SMB_ACL_T posix_acl);static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle, connection_struct *conn, void *qualifier, SMB_ACL_TAG_T tagtype);static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, const char *name, void *value, size_t size);static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, const char *name, void *value, size_t size);static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, const char *name, void *value, size_t size);static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, char *list, size_t size);static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, char *list, size_t size);static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, char *list, size_t size);static int smb_full_audit_removexattr(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, const char *name);static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, const char *name);static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, const char *name);static int smb_full_audit_setxattr(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, const char *name, const void *value, size_t size, int flags);static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, const char *name, const void *value, size_t size, int flags);static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, const char *name, const void *value, size_t size, int flags);static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, SMB_STRUCT_AIOCB *aiocb);static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts);/* VFS operations */static vfs_op_tuple audit_op_tuples[] = { /* Disk operations */ {SMB_VFS_OP(smb_full_audit_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_disk_free), SMB_VFS_OP_DISK_FREE, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_get_quota), SMB_VFS_OP_GET_QUOTA, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_set_quota), SMB_VFS_OP_SET_QUOTA, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_get_shadow_copy_data), SMB_VFS_OP_GET_SHADOW_COPY_DATA, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_statvfs), SMB_VFS_OP_STATVFS, SMB_VFS_LAYER_LOGGER}, /* Directory operations */ {SMB_VFS_OP(smb_full_audit_opendir), SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_readdir), SMB_VFS_OP_READDIR, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_seekdir), SMB_VFS_OP_SEEKDIR, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_telldir), SMB_VFS_OP_TELLDIR, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_rewinddir), SMB_VFS_OP_REWINDDIR, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_mkdir), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_rmdir), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_closedir), SMB_VFS_OP_CLOSEDIR, SMB_VFS_LAYER_LOGGER}, /* File operations */ {SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_pread), SMB_VFS_OP_PREAD, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_write), SMB_VFS_OP_WRITE, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_pwrite), SMB_VFS_OP_PWRITE, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_lseek), SMB_VFS_OP_LSEEK, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_sendfile), SMB_VFS_OP_SENDFILE, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_rename), SMB_VFS_OP_RENAME, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_fsync), SMB_VFS_OP_FSYNC, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_stat), SMB_VFS_OP_STAT, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_fstat), SMB_VFS_OP_FSTAT, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_lstat), SMB_VFS_OP_LSTAT, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_chmod), SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_fchmod), SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_chown), SMB_VFS_OP_CHOWN, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_fchown), SMB_VFS_OP_FCHOWN, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_chdir), SMB_VFS_OP_CHDIR, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_getwd), SMB_VFS_OP_GETWD, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_utime), SMB_VFS_OP_UTIME, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_ftruncate), SMB_VFS_OP_FTRUNCATE, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_lock), SMB_VFS_OP_LOCK, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_symlink), SMB_VFS_OP_SYMLINK, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_readlink), SMB_VFS_OP_READLINK, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_link), SMB_VFS_OP_LINK, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_mknod), SMB_VFS_OP_MKNOD, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_realpath), SMB_VFS_OP_REALPATH, SMB_VFS_LAYER_LOGGER},⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -