Commit 87a9681a authored by Volker Lendecke's avatar Volker Lendecke Committed by Gerald (Jerry) Carter
Browse files

r378: Add an option extd_audit:parseable=True. This gives messages of the form 

Apr 27 16:05:59 delphin smbd_audit[14946]: 1011|192.168.234.100|unlink|New Folder/TESTDIR.TMP

where 1011 is the user's uid, 192.168.234.100 is the client IP etc.

Volker
(This used to be commit 9a1a8e26636d75cb7d1880558430bbffd5057052)
parent 43fb4632

source3/modules/vfs_extd_audit.c

+198 −95
Original line number Diff line number Diff line
@@ -25,6 +25,8 @@ 


#include "includes.h"



extern struct current_user current_user;



static int vfs_extd_audit_debug_level = DBGC_VFS;



#undef DBGC_CLASS
@@ -106,10 +108,17 @@ static int audit_connect(vfs_handle_struct *handle, connection_struct *conn, con 


	openlog("smbd_audit", LOG_PID, audit_syslog_facility(handle));



	syslog(audit_syslog_priority(handle), "connect to service %s by user %s\n", 

	       svc, user);

	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|connect|%s\n", current_user.uid,

		       handle->conn->client_address, svc);

	} else {

		syslog(audit_syslog_priority(handle),

		       "connect to service %s by user %s\n",  svc, user);

		DEBUG(10, ("Connected to service %s as user %s\n",

			   svc, user));

	}



	result = SMB_VFS_NEXT_CONNECT(handle, conn, svc, user);
@@ -118,8 +127,17 @@ static int audit_connect(vfs_handle_struct *handle, connection_struct *conn, con 


static void audit_disconnect(vfs_handle_struct *handle, connection_struct *conn)

{

	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|disconnect|%s\n", current_user.uid,

		       handle->conn->client_address,

		       lp_servicename(SNUM(conn)));

	} else {

		syslog(audit_syslog_priority(handle), "disconnected\n");

		DEBUG(10, ("Disconnected from VFS module extd_audit\n"));

	}



	SMB_VFS_NEXT_DISCONNECT(handle, conn);



	return;
@@ -131,6 +149,12 @@ static DIR *audit_opendir(vfs_handle_struct *handle, connection_struct *conn, co 


	result = SMB_VFS_NEXT_OPENDIR(handle, conn, fname);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|opendir|%s\n", current_user.uid,

		       handle->conn->client_address, fname);

	} else {

		syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",

		       fname,

		       (result == NULL) ? "failed: " : "",
@@ -139,6 +163,7 @@ static DIR *audit_opendir(vfs_handle_struct *handle, connection_struct *conn, co 
			  fname,

			  (result == NULL) ? "failed: " : "",

			  (result == NULL) ? strerror(errno) : ""));

	}



	return result;

}
@@ -149,6 +174,12 @@ static int audit_mkdir(vfs_handle_struct *handle, connection_struct *conn, const 
	

	result = SMB_VFS_NEXT_MKDIR(handle, conn, path, mode);

	

	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|mkdir|%s\n", current_user.uid,

		       handle->conn->client_address, path);

	} else {

		syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n", 

		       path,

		       (result < 0) ? "failed: " : "",
@@ -157,6 +188,7 @@ static int audit_mkdir(vfs_handle_struct *handle, connection_struct *conn, const 
			  path,

			  (result < 0) ? "failed: " : "",

			  (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -167,6 +199,12 @@ static int audit_rmdir(vfs_handle_struct *handle, connection_struct *conn, const 
	

	result = SMB_VFS_NEXT_RMDIR(handle, conn, path);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|rmdir|%s\n", current_user.uid,

		       handle->conn->client_address, path);

	} else {

		syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n", 

		       path, 

		       (result < 0) ? "failed: " : "",
@@ -175,6 +213,7 @@ static int audit_rmdir(vfs_handle_struct *handle, connection_struct *conn, const 
			  path,

			  (result < 0) ? "failed: " : "",

			  (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -185,15 +224,26 @@ static int audit_open(vfs_handle_struct *handle, connection_struct *conn, const 
	

	result = SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode);



	syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n", 

	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|open|%s|%s\n", current_user.uid,

		       handle->conn->client_address,

		       ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",

		       fname);

	} else {

		syslog(audit_syslog_priority(handle),

		       "open %s (fd %d) %s%s%s\n", 

		       fname, result,

	       ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "", 

		       ((flags & O_WRONLY) || (flags & O_RDWR))

		       ? "for writing " : "", 

		       (result < 0) ? "failed: " : "",

		       (result < 0) ? strerror(errno) : "");

		DEBUG(2, ("vfs_extd_audit: open %s %s %s\n",

			  fname,

			  (result < 0) ? "failed: " : "",

			  (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -204,6 +254,12 @@ static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd) 
	

	result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|close|%s\n", current_user.uid,

		       handle->conn->client_address, fsp->fsp_name);

	} else {

		syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",

		       fd,

		       (result < 0) ? "failed: " : "",
@@ -212,6 +268,7 @@ static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd) 
			  fd,

			  (result < 0) ? "failed: " : "",

			  (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -222,6 +279,12 @@ static int audit_rename(vfs_handle_struct *handle, connection_struct *conn, cons 
	

	result = SMB_VFS_NEXT_RENAME(handle, conn, old, new);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|rename|%s|%s\n", current_user.uid,

		       handle->conn->client_address, old, new);

	} else {

		syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",

		       old, new,

		       (result < 0) ? "failed: " : "",
@@ -230,6 +293,7 @@ static int audit_rename(vfs_handle_struct *handle, connection_struct *conn, cons 
			  old, new,

			  (result < 0) ? "failed: " : "",

			  (result < 0) ? strerror(errno) : ""));

	}



	return result;    

}
@@ -240,6 +304,12 @@ static int audit_unlink(vfs_handle_struct *handle, connection_struct *conn, cons 
	

	result = SMB_VFS_NEXT_UNLINK(handle, conn, path);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|unlink|%s\n", current_user.uid,

		       handle->conn->client_address, path);

	} else {

		syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",

		       path,

		       (result < 0) ? "failed: " : "",
@@ -248,6 +318,7 @@ static int audit_unlink(vfs_handle_struct *handle, connection_struct *conn, cons 
			  path,

			  (result < 0) ? "failed: " : "",

			  (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -258,7 +329,14 @@ static int audit_chmod(vfs_handle_struct *handle, connection_struct *conn, const 


	result = SMB_VFS_NEXT_CHMOD(handle, conn, path, mode);



	syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",

	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|chmod|%s|%o\n", current_user.uid,

		       handle->conn->client_address, path, mode);

	} else {

		syslog(audit_syslog_priority(handle),

		       "chmod %s mode 0x%x %s%s\n",

		       path, mode,

		       (result < 0) ? "failed: " : "",

		       (result < 0) ? strerror(errno) : "");
@@ -266,6 +344,7 @@ static int audit_chmod(vfs_handle_struct *handle, connection_struct *conn, const 
			  path, mode,

			  (result < 0) ? "failed: " : "",

			  (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -276,7 +355,14 @@ static int audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn, c 
	

	result = SMB_VFS_NEXT_CHMOD_ACL(handle, conn, path, mode);



	syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n",

	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|chmod_acl|%s|%o\n", current_user.uid,

		       handle->conn->client_address, path, mode);

	} else {

		syslog(audit_syslog_priority(handle),

		       "chmod_acl %s mode 0x%x %s%s\n",

		       path, mode,

		       (result < 0) ? "failed: " : "",

		       (result < 0) ? strerror(errno) : "");
@@ -284,6 +370,7 @@ static int audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn, c 
			  path, mode,

			  (result < 0) ? "failed: " : "",

			  (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -294,7 +381,14 @@ static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mo 
	

	result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);



	syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n",

	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|fchmod|%s|%o\n", current_user.uid,

		       handle->conn->client_address, fsp->fsp_name, mode);

	} else {

		syslog(audit_syslog_priority(handle),

		       "fchmod %s mode 0x%x %s%s\n",

		       fsp->fsp_name, mode,

		       (result < 0) ? "failed: " : "",

		       (result < 0) ? strerror(errno) : "");
@@ -302,6 +396,7 @@ static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mo 
			  fsp->fsp_name,  mode,

			  (result < 0) ? "failed: " : "",

			  (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -312,7 +407,14 @@ static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd 
	

	result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);



	syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n",

	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|fchmod_acl|%s|%o\n", current_user.uid,

		       handle->conn->client_address, fsp->fsp_name, mode);

	} else {

		syslog(audit_syslog_priority(handle),

		       "fchmod_acl %s mode 0x%x %s%s\n",

		       fsp->fsp_name, mode,

		       (result < 0) ? "failed: " : "",

		       (result < 0) ? strerror(errno) : "");
@@ -320,6 +422,7 @@ static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd 
			  fsp->fsp_name,  mode,

			  (result < 0) ? "failed: " : "",

			  (result < 0) ? strerror(errno) : ""));

	}



	return result;

}