From b4072089dc315166d64e5b55c5b1be32d9ad4437 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Mon, 16 Sep 2019 16:22:37 +0200 Subject: [PATCH] vfs/full_audit: always log full filenames MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13565 Signed-off-by: Björn Baumbach Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Sep 17 17:55:55 UTC 2019 on sn-devel-184 (cherry picked from commit e0a3cc469f2f63a663496e932426a289a831dd44) --- source3/modules/vfs_full_audit.c | 177 ++++++++++++++++++++++--------- 1 file changed, 127 insertions(+), 50 deletions(-) diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index f6e11516970..8d7e168ae41 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -31,15 +31,17 @@ * path = /tmp * vfs objects = full_audit * full_audit:prefix = %u|%I - * full_audit:success = open opendir + * full_audit:success = open opendir create_file * full_audit:failure = all * * vfs op can be "all" which means log all operations. * vfs op can be "none" which means no logging. * * This leads to syslog entries of the form: - * smbd_audit: nobody|192.168.234.1|opendir|ok|. - * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt + * smbd_audit: nobody|192.168.234.1|opendir|ok|/tmp + * smbd_audit: nobody|192.168.234.1|create_file|fail (No such file or directory)|0x1|file|open|/ts/doesNotExist + * smbd_audit: nobody|192.168.234.1|open|ok|w|/tmp/file.txt + * smbd_audit: nobody|192.168.234.1|create_file|ok|0x3|file|open|/tmp/file.txt * * where "nobody" is the connected username and "192.168.234.1" is the * client's IP address. @@ -793,7 +795,11 @@ static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle, /* Don't have a reasonable notion of failure here */ - do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", smb_fname->base_name); + do_log(SMB_VFS_OP_DISK_FREE, + True, + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -808,8 +814,11 @@ static int smb_full_audit_get_quota(struct vfs_handle_struct *handle, result = SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname, qtype, id, qt); - do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "%s", - smb_fname->base_name); + do_log(SMB_VFS_OP_GET_QUOTA, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -934,8 +943,11 @@ static DIR *smb_full_audit_opendir(vfs_handle_struct *handle, result = SMB_VFS_NEXT_OPENDIR(handle, smb_fname, mask, attr); - do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", - smb_fname->base_name); + do_log(SMB_VFS_OP_OPENDIR, + (result != NULL), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -1002,9 +1014,12 @@ static int smb_full_audit_mkdir(vfs_handle_struct *handle, int result; result = SMB_VFS_NEXT_MKDIR(handle, smb_fname, mode); - - do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", - smb_fname->base_name); + + do_log(SMB_VFS_OP_MKDIR, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -1016,8 +1031,11 @@ static int smb_full_audit_rmdir(vfs_handle_struct *handle, result = SMB_VFS_NEXT_RMDIR(handle, smb_fname); - do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", - smb_fname->base_name); + do_log(SMB_VFS_OP_RMDIR, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -1506,9 +1524,12 @@ static int smb_full_audit_chmod(vfs_handle_struct *handle, result = SMB_VFS_NEXT_CHMOD(handle, smb_fname, mode); - do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", - smb_fname->base_name, - mode); + do_log(SMB_VFS_OP_CHMOD, + (result >= 0), + handle, + "%s|%o", + smb_fname_str_do_log(handle->conn, smb_fname), + mode); return result; } @@ -1576,8 +1597,11 @@ static int smb_full_audit_chdir(vfs_handle_struct *handle, result = SMB_VFS_NEXT_CHDIR(handle, smb_fname); - do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", - smb_fname->base_name); + do_log(SMB_VFS_OP_CHDIR, + (result >= 0), + handle, + "chdir|%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -1727,8 +1751,12 @@ static int smb_full_audit_symlink(vfs_handle_struct *handle, result = SMB_VFS_NEXT_SYMLINK(handle, link_contents, new_smb_fname); - do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle, - "%s|%s", link_contents, new_smb_fname->base_name); + do_log(SMB_VFS_OP_SYMLINK, + (result >= 0), + handle, + "%s|%s", + link_contents, + smb_fname_str_do_log(handle->conn, new_smb_fname)); return result; } @@ -1742,8 +1770,11 @@ static int smb_full_audit_readlink(vfs_handle_struct *handle, result = SMB_VFS_NEXT_READLINK(handle, smb_fname, buf, bufsiz); - do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", - smb_fname->base_name); + do_log(SMB_VFS_OP_READLINK, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -1756,8 +1787,12 @@ static int smb_full_audit_link(vfs_handle_struct *handle, result = SMB_VFS_NEXT_LINK(handle, old_smb_fname, new_smb_fname); - do_log(SMB_VFS_OP_LINK, (result >= 0), handle, - "%s|%s", old_smb_fname->base_name, new_smb_fname->base_name); + do_log(SMB_VFS_OP_LINK, + (result >= 0), + handle, + "%s|%s", + smb_fname_str_do_log(handle->conn, old_smb_fname), + smb_fname_str_do_log(handle->conn, new_smb_fname)); return result; } @@ -1771,8 +1806,11 @@ static int smb_full_audit_mknod(vfs_handle_struct *handle, result = SMB_VFS_NEXT_MKNOD(handle, smb_fname, mode, dev); - do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", - smb_fname->base_name); + do_log(SMB_VFS_OP_MKNOD, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -1785,8 +1823,11 @@ static struct smb_filename *smb_full_audit_realpath(vfs_handle_struct *handle, result_fname = SMB_VFS_NEXT_REALPATH(handle, ctx, smb_fname); - do_log(SMB_VFS_OP_REALPATH, (result_fname != NULL), handle, "%s", - smb_fname->base_name); + do_log(SMB_VFS_OP_REALPATH, + (result_fname != NULL), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result_fname; } @@ -1799,8 +1840,11 @@ static int smb_full_audit_chflags(vfs_handle_struct *handle, result = SMB_VFS_NEXT_CHFLAGS(handle, smb_fname, flags); - do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", - smb_fname->base_name); + do_log(SMB_VFS_OP_CHFLAGS, + (result != 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -1848,8 +1892,11 @@ static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle, result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, smb_fname, mem_ctx, pnum_streams, pstreams); - do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle, - "%s", smb_fname->base_name); + do_log(SMB_VFS_OP_STREAMINFO, + NT_STATUS_IS_OK(result), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -1878,8 +1925,11 @@ static const char *smb_full_audit_connectpath(vfs_handle_struct *handle, result = SMB_VFS_NEXT_CONNECTPATH(handle, smb_fname); - do_log(SMB_VFS_OP_CONNECTPATH, result != NULL, handle, - "%s", smb_fname->base_name); + do_log(SMB_VFS_OP_CONNECTPATH, + result != NULL, + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -2392,8 +2442,11 @@ static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle, result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, smb_fname, type, mem_ctx); - do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle, - "%s", smb_fname->base_name); + do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, + (result != NULL), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -2422,8 +2475,11 @@ static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle, result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, smb_fname, mem_ctx, blob_description, blob); - do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle, - "%s", smb_fname->base_name); + do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -2454,8 +2510,11 @@ static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle, result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, smb_fname, acltype, theacl); - do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle, - "%s", smb_fname->base_name); + do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -2480,8 +2539,11 @@ static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle, result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, smb_fname); - do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle, - "%s", smb_fname->base_name); + do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -2494,8 +2556,12 @@ static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle, result = SMB_VFS_NEXT_GETXATTR(handle, smb_fname, name, value, size); - do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle, - "%s|%s", smb_fname->base_name, name); + do_log(SMB_VFS_OP_GETXATTR, + (result >= 0), + handle, + "%s|%s", + smb_fname_str_do_log(handle->conn, smb_fname), + name); return result; } @@ -2656,8 +2722,11 @@ static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle, result = SMB_VFS_NEXT_LISTXATTR(handle, smb_fname, list, size); - do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", - smb_fname->base_name); + do_log(SMB_VFS_OP_LISTXATTR, + (result >= 0), + handle, + "%s", + smb_fname_str_do_log(handle->conn, smb_fname)); return result; } @@ -2684,8 +2753,12 @@ static int smb_full_audit_removexattr(struct vfs_handle_struct *handle, result = SMB_VFS_NEXT_REMOVEXATTR(handle, smb_fname, name); - do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle, - "%s|%s", smb_fname->base_name, name); + do_log(SMB_VFS_OP_REMOVEXATTR, + (result >= 0), + handle, + "%s|%s", + smb_fname_str_do_log(handle->conn, smb_fname), + name); return result; } @@ -2714,8 +2787,12 @@ static int smb_full_audit_setxattr(struct vfs_handle_struct *handle, result = SMB_VFS_NEXT_SETXATTR(handle, smb_fname, name, value, size, flags); - do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle, - "%s|%s", smb_fname->base_name, name); + do_log(SMB_VFS_OP_SETXATTR, + (result >= 0), + handle, + "%s|%s", + smb_fname_str_do_log(handle->conn, smb_fname), + name); return result; } -- 2.21.0