Commit 9e7dcbdb authored by Volker Lendecke's avatar Volker Lendecke Committed by Gerald (Jerry) Carter
Browse files

r404: Revert the change 378 to vfs_extd_audit.c, the parseable auditing 

Implement vfs_full_audit.c that can log every vfs.h operation. So if you
change vfs.h, from now on you also have to change full_audit :-)

Volker
(This used to be commit 9cb9c5f7c97fe8f76735a77b321c9500d28b55b2)
parent fcc2e1e0

source3/Makefile.in

+6 −0
Original line number Diff line number Diff line
@@ -313,6 +313,7 @@ NOTIFY_OBJ = smbd/notify.o smbd/notify_hash.o smbd/notify_kernel.o 


VFS_AUDIT_OBJ = modules/vfs_audit.o

VFS_EXTD_AUDIT_OBJ = modules/vfs_extd_audit.o

VFS_FULL_AUDIT_OBJ = modules/vfs_full_audit.o

VFS_FAKE_PERMS_OBJ = modules/vfs_fake_perms.o

VFS_RECYCLE_OBJ = modules/vfs_recycle.o

VFS_NETATALK_OBJ = modules/vfs_netatalk.o
@@ -1145,6 +1146,11 @@ bin/extd_audit.@SHLIBEXT@: $(VFS_EXTD_AUDIT_OBJ:.o=.@PICSUFFIX@) 
	@$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_EXTD_AUDIT_OBJ:.o=.@PICSUFFIX@) \

		@SONAMEFLAG@`basename $@`



bin/full_audit.@SHLIBEXT@: $(VFS_FULL_AUDIT_OBJ:.o=.@PICSUFFIX@)

	@echo "Building plugin $@"

	@$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_FULL_AUDIT_OBJ:.o=.@PICSUFFIX@) \

		@SONAMEFLAG@`basename $@`



bin/recycle.@SHLIBEXT@: $(VFS_RECYCLE_OBJ:.o=.@PICSUFFIX@)

	@echo "Building plugin $@"

	@$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_RECYCLE_OBJ:.o=.@PICSUFFIX@) \

source3/configure.in

+2 −1
Original line number Diff line number Diff line
@@ -360,7 +360,7 @@ dnl These have to be built static: 
default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin"



dnl These are preferably build shared, and static if dlopen() is not available

default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy charset_CP850 charset_CP437"

default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy charset_CP850 charset_CP437"



if test "x$developer" = xyes; then

   default_static_modules="$default_static_modules rpc_echo"
@@ -4329,6 +4329,7 @@ SMB_SUBSYSTEM(AUTH,auth/auth.o) 
SMB_MODULE(vfs_recycle, \$(VFS_RECYCLE_OBJ), "bin/recycle.$SHLIBEXT", VFS)

SMB_MODULE(vfs_audit, \$(VFS_AUDIT_OBJ), "bin/audit.$SHLIBEXT", VFS)

SMB_MODULE(vfs_extd_audit, \$(VFS_EXTD_AUDIT_OBJ), "bin/extd_audit.$SHLIBEXT", VFS)

SMB_MODULE(vfs_full_audit, \$(VFS_FULL_AUDIT_OBJ), "bin/full_audit.$SHLIBEXT", VFS)

SMB_MODULE(vfs_netatalk, \$(VFS_NETATALK_OBJ), "bin/netatalk.$SHLIBEXT", VFS)

SMB_MODULE(vfs_fake_perms, \$(VFS_FAKE_PERMS_OBJ), "bin/fake_perms.$SHLIBEXT", VFS)

SMB_MODULE(vfs_default_quota, \$(VFS_DEFAULT_QUOTA_OBJ), "bin/default_quota.$SHLIBEXT", VFS)

source3/include/vfs.h

+3 −0
Original line number Diff line number Diff line
@@ -41,6 +41,9 @@ 
 * This next constant specifies the version number of the VFS interface

 * this smbd will load. Increment this if *ANY* changes are made to the

 * vfs_ops below. JRA.

 *

 * If you change anything here, please also update modules/vfs_full_audit.c.

 * VL.

 */



/* Changed to version 2 for CIFS UNIX extensions (mknod and link added). JRA. */

source3/modules/vfs_extd_audit.c

+95 −198
Original line number Diff line number Diff line
@@ -25,8 +25,6 @@ 


#include "includes.h"



extern struct current_user current_user;



static int vfs_extd_audit_debug_level = DBGC_VFS;



#undef DBGC_CLASS
@@ -108,17 +106,10 @@ static int audit_connect(vfs_handle_struct *handle, connection_struct *conn, con 


	openlog("smbd_audit", LOG_PID, audit_syslog_facility(handle));



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|connect|%s\n", current_user.uid,

		       handle->conn->client_address, svc);

	} else {

		syslog(audit_syslog_priority(handle),

		       "connect to service %s by user %s\n",  svc, user);

	syslog(audit_syslog_priority(handle), "connect to service %s by user %s\n", 

	       svc, user);

	DEBUG(10, ("Connected to service %s as user %s\n",

	       svc, user));

	}



	result = SMB_VFS_NEXT_CONNECT(handle, conn, svc, user);
@@ -127,17 +118,8 @@ static int audit_connect(vfs_handle_struct *handle, connection_struct *conn, con 


static void audit_disconnect(vfs_handle_struct *handle, connection_struct *conn)

{

	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|disconnect|%s\n", current_user.uid,

		       handle->conn->client_address,

		       lp_servicename(SNUM(conn)));

	} else {

	syslog(audit_syslog_priority(handle), "disconnected\n");

	DEBUG(10, ("Disconnected from VFS module extd_audit\n"));

	}



	SMB_VFS_NEXT_DISCONNECT(handle, conn);



	return;
@@ -149,12 +131,6 @@ static DIR *audit_opendir(vfs_handle_struct *handle, connection_struct *conn, co 


	result = SMB_VFS_NEXT_OPENDIR(handle, conn, fname);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|opendir|%s\n", current_user.uid,

		       handle->conn->client_address, fname);

	} else {

	syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",

	       fname,

	       (result == NULL) ? "failed: " : "",
@@ -163,7 +139,6 @@ static DIR *audit_opendir(vfs_handle_struct *handle, connection_struct *conn, co 
	       fname,

	       (result == NULL) ? "failed: " : "",

	       (result == NULL) ? strerror(errno) : ""));

	}



	return result;

}
@@ -174,12 +149,6 @@ static int audit_mkdir(vfs_handle_struct *handle, connection_struct *conn, const 
	

	result = SMB_VFS_NEXT_MKDIR(handle, conn, path, mode);

	

	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|mkdir|%s\n", current_user.uid,

		       handle->conn->client_address, path);

	} else {

	syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n", 

	       path,

	       (result < 0) ? "failed: " : "",
@@ -188,7 +157,6 @@ static int audit_mkdir(vfs_handle_struct *handle, connection_struct *conn, const 
	       path,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -199,12 +167,6 @@ static int audit_rmdir(vfs_handle_struct *handle, connection_struct *conn, const 
	

	result = SMB_VFS_NEXT_RMDIR(handle, conn, path);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|rmdir|%s\n", current_user.uid,

		       handle->conn->client_address, path);

	} else {

	syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n", 

	       path, 

	       (result < 0) ? "failed: " : "",
@@ -213,7 +175,6 @@ static int audit_rmdir(vfs_handle_struct *handle, connection_struct *conn, const 
               path,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -224,26 +185,15 @@ static int audit_open(vfs_handle_struct *handle, connection_struct *conn, const 
	

	result = SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|open|%s|%s\n", current_user.uid,

		       handle->conn->client_address,

		       ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",

		       fname);

	} else {

		syslog(audit_syslog_priority(handle),

		       "open %s (fd %d) %s%s%s\n", 

	syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n", 

	       fname, result,

		       ((flags & O_WRONLY) || (flags & O_RDWR))

		       ? "for writing " : "", 

	       ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "", 

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : "");

	DEBUG(2, ("vfs_extd_audit: open %s %s %s\n",

	       fname,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -254,12 +204,6 @@ static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd) 
	

	result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|close|%s\n", current_user.uid,

		       handle->conn->client_address, fsp->fsp_name);

	} else {

	syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",

	       fd,

	       (result < 0) ? "failed: " : "",
@@ -268,7 +212,6 @@ static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd) 
	       fd,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -279,12 +222,6 @@ static int audit_rename(vfs_handle_struct *handle, connection_struct *conn, cons 
	

	result = SMB_VFS_NEXT_RENAME(handle, conn, old, new);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|rename|%s|%s\n", current_user.uid,

		       handle->conn->client_address, old, new);

	} else {

	syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",

	       old, new,

	       (result < 0) ? "failed: " : "",
@@ -293,7 +230,6 @@ static int audit_rename(vfs_handle_struct *handle, connection_struct *conn, cons 
	       old, new,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : ""));

	}



	return result;    

}
@@ -304,12 +240,6 @@ static int audit_unlink(vfs_handle_struct *handle, connection_struct *conn, cons 
	

	result = SMB_VFS_NEXT_UNLINK(handle, conn, path);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|unlink|%s\n", current_user.uid,

		       handle->conn->client_address, path);

	} else {

	syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",

	       path,

	       (result < 0) ? "failed: " : "",
@@ -318,7 +248,6 @@ static int audit_unlink(vfs_handle_struct *handle, connection_struct *conn, cons 
	       path,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -329,14 +258,7 @@ static int audit_chmod(vfs_handle_struct *handle, connection_struct *conn, const 


	result = SMB_VFS_NEXT_CHMOD(handle, conn, path, mode);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|chmod|%s|%o\n", current_user.uid,

		       handle->conn->client_address, path, mode);

	} else {

		syslog(audit_syslog_priority(handle),

		       "chmod %s mode 0x%x %s%s\n",

	syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",

	       path, mode,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : "");
@@ -344,7 +266,6 @@ static int audit_chmod(vfs_handle_struct *handle, connection_struct *conn, const 
	       path, mode,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -355,14 +276,7 @@ static int audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn, c 
	

	result = SMB_VFS_NEXT_CHMOD_ACL(handle, conn, path, mode);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|chmod_acl|%s|%o\n", current_user.uid,

		       handle->conn->client_address, path, mode);

	} else {

		syslog(audit_syslog_priority(handle),

		       "chmod_acl %s mode 0x%x %s%s\n",

	syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n",

	       path, mode,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : "");
@@ -370,7 +284,6 @@ static int audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn, c 
	        path, mode,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -381,14 +294,7 @@ static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mo 
	

	result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|fchmod|%s|%o\n", current_user.uid,

		       handle->conn->client_address, fsp->fsp_name, mode);

	} else {

		syslog(audit_syslog_priority(handle),

		       "fchmod %s mode 0x%x %s%s\n",

	syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n",

	       fsp->fsp_name, mode,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : "");
@@ -396,7 +302,6 @@ static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mo 
	       fsp->fsp_name,  mode,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : ""));

	}



	return result;

}
@@ -407,14 +312,7 @@ static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd 
	

	result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);



	if (lp_parm_bool(SNUM(handle->conn), "extd_audit", "parseable",

			 False)) {

		syslog(audit_syslog_priority(handle),

		       "%d|%s|fchmod_acl|%s|%o\n", current_user.uid,

		       handle->conn->client_address, fsp->fsp_name, mode);

	} else {

		syslog(audit_syslog_priority(handle),

		       "fchmod_acl %s mode 0x%x %s%s\n",

	syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n",

	       fsp->fsp_name, mode,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : "");
@@ -422,7 +320,6 @@ static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd 
	       fsp->fsp_name,  mode,

	       (result < 0) ? "failed: " : "",

	       (result < 0) ? strerror(errno) : ""));

	}



	return result;

}

source3/modules/vfs_full_audit.c

0 → 100644
+1758 −0

File added.

Preview size limit exceeded, changes collapsed.