modules/vfs_extd_audit.c

説明を見る。
00001 /* 
00002  * Auditing VFS module for samba.  Log selected file operations to syslog
00003  * facility.
00004  *
00005  * Copyright (C) Tim Potter, 1999-2000
00006  * Copyright (C) Alexander Bokovoy, 2002
00007  * Copyright (C) John H Terpstra, 2003
00008  * Copyright (C) Stefan (metze) Metzmacher, 2003
00009  *
00010  * This program is free software; you can redistribute it and/or modify
00011  * it under the terms of the GNU General Public License as published by
00012  * the Free Software Foundation; either version 2 of the License, or
00013  * (at your option) any later version.
00014  *  
00015  * This program is distributed in the hope that it will be useful,
00016  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00017  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00018  * GNU General Public License for more details.
00019  *  
00020  * You should have received a copy of the GNU General Public License
00021  * along with this program; if not, write to the Free Software
00022  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00023  */
00024 
00025 
00026 #include "includes.h"
00027 
00028 static int vfs_extd_audit_debug_level = DBGC_VFS;
00029 
00030 #undef DBGC_CLASS
00031 #define DBGC_CLASS vfs_extd_audit_debug_level
00032 
00033 /* Function prototypes */
00034 
00035 static int audit_connect(vfs_handle_struct *handle, const char *svc, const char *user);
00036 static void audit_disconnect(vfs_handle_struct *handle);
00037 static SMB_STRUCT_DIR *audit_opendir(vfs_handle_struct *handle, const char *fname, const char *mask, uint32 attr);
00038 static int audit_mkdir(vfs_handle_struct *handle, const char *path, mode_t mode);
00039 static int audit_rmdir(vfs_handle_struct *handle, const char *path);
00040 static int audit_open(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode);
00041 static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
00042 static int audit_rename(vfs_handle_struct *handle, const char *oldname, const char *newname);
00043 static int audit_unlink(vfs_handle_struct *handle, const char *path);
00044 static int audit_chmod(vfs_handle_struct *handle, const char *path, mode_t mode);
00045 static int audit_chmod_acl(vfs_handle_struct *handle, const char *name, mode_t mode);
00046 static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode);
00047 static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode);
00048 
00049 /* VFS operations */
00050 
00051 static vfs_op_tuple audit_op_tuples[] = {
00052     
00053         /* Disk operations */
00054 
00055         {SMB_VFS_OP(audit_connect),     SMB_VFS_OP_CONNECT,     SMB_VFS_LAYER_LOGGER},
00056         {SMB_VFS_OP(audit_disconnect),  SMB_VFS_OP_DISCONNECT,  SMB_VFS_LAYER_LOGGER},
00057 
00058         /* Directory operations */
00059 
00060         {SMB_VFS_OP(audit_opendir),     SMB_VFS_OP_OPENDIR,     SMB_VFS_LAYER_LOGGER},
00061         {SMB_VFS_OP(audit_mkdir),               SMB_VFS_OP_MKDIR,       SMB_VFS_LAYER_LOGGER},
00062         {SMB_VFS_OP(audit_rmdir),               SMB_VFS_OP_RMDIR,       SMB_VFS_LAYER_LOGGER},
00063 
00064         /* File operations */
00065 
00066         {SMB_VFS_OP(audit_open),                SMB_VFS_OP_OPEN,        SMB_VFS_LAYER_LOGGER},
00067         {SMB_VFS_OP(audit_close),               SMB_VFS_OP_CLOSE,       SMB_VFS_LAYER_LOGGER},
00068         {SMB_VFS_OP(audit_rename),              SMB_VFS_OP_RENAME,      SMB_VFS_LAYER_LOGGER},
00069         {SMB_VFS_OP(audit_unlink),              SMB_VFS_OP_UNLINK,      SMB_VFS_LAYER_LOGGER},
00070         {SMB_VFS_OP(audit_chmod),               SMB_VFS_OP_CHMOD,       SMB_VFS_LAYER_LOGGER},
00071         {SMB_VFS_OP(audit_fchmod),              SMB_VFS_OP_FCHMOD,      SMB_VFS_LAYER_LOGGER},
00072         {SMB_VFS_OP(audit_chmod_acl),   SMB_VFS_OP_CHMOD_ACL,   SMB_VFS_LAYER_LOGGER},
00073         {SMB_VFS_OP(audit_fchmod_acl),  SMB_VFS_OP_FCHMOD_ACL,  SMB_VFS_LAYER_LOGGER},
00074         
00075         /* Finish VFS operations definition */
00076         
00077         {SMB_VFS_OP(NULL),                      SMB_VFS_OP_NOOP,        SMB_VFS_LAYER_NOOP}
00078 };
00079 
00080 
00081 static int audit_syslog_facility(vfs_handle_struct *handle)
00082 {
00083         static const struct enum_list enum_log_facilities[] = {
00084                 { LOG_USER, "USER" },
00085                 { LOG_LOCAL0, "LOCAL0" },
00086                 { LOG_LOCAL1, "LOCAL1" },
00087                 { LOG_LOCAL2, "LOCAL2" },
00088                 { LOG_LOCAL3, "LOCAL3" },
00089                 { LOG_LOCAL4, "LOCAL4" },
00090                 { LOG_LOCAL5, "LOCAL5" },
00091                 { LOG_LOCAL6, "LOCAL6" },
00092                 { LOG_LOCAL7, "LOCAL7" }
00093         };
00094 
00095         int facility;
00096 
00097         facility = lp_parm_enum(SNUM(handle->conn), "extd_audit", "facility", enum_log_facilities, LOG_USER);
00098 
00099         return facility;
00100 }
00101 
00102 
00103 static int audit_syslog_priority(vfs_handle_struct *handle)
00104 {
00105         static const struct enum_list enum_log_priorities[] = {
00106                 { LOG_EMERG, "EMERG" },
00107                 { LOG_ALERT, "ALERT" },
00108                 { LOG_CRIT, "CRIT" },
00109                 { LOG_ERR, "ERR" },
00110                 { LOG_WARNING, "WARNING" },
00111                 { LOG_NOTICE, "NOTICE" },
00112                 { LOG_INFO, "INFO" },
00113                 { LOG_DEBUG, "DEBUG" }
00114         };
00115 
00116         int priority;
00117 
00118         priority = lp_parm_enum(SNUM(handle->conn), "extd_audit", "priority", enum_log_priorities, LOG_NOTICE);
00119 
00120         return priority;
00121 }
00122 
00123 /* Implementation of vfs_ops.  Pass everything on to the default
00124    operation but log event first. */
00125 
00126 static int audit_connect(vfs_handle_struct *handle, const char *svc, const char *user)
00127 {
00128         int result;
00129 
00130         openlog("smbd_audit", LOG_PID, audit_syslog_facility(handle));
00131 
00132         syslog(audit_syslog_priority(handle), "connect to service %s by user %s\n", 
00133                svc, user);
00134         DEBUG(10, ("Connected to service %s as user %s\n",
00135                svc, user));
00136 
00137         result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
00138 
00139         return result;
00140 }
00141 
00142 static void audit_disconnect(vfs_handle_struct *handle)
00143 {
00144         syslog(audit_syslog_priority(handle), "disconnected\n");
00145         DEBUG(10, ("Disconnected from VFS module extd_audit\n"));
00146         SMB_VFS_NEXT_DISCONNECT(handle);
00147 
00148         return;
00149 }
00150 
00151 static SMB_STRUCT_DIR *audit_opendir(vfs_handle_struct *handle, const char *fname, const char *mask, uint32 attr)
00152 {
00153         SMB_STRUCT_DIR *result;
00154 
00155         result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
00156 
00157         syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",
00158                fname,
00159                (result == NULL) ? "failed: " : "",
00160                (result == NULL) ? strerror(errno) : "");
00161         DEBUG(1, ("vfs_extd_audit: opendir %s %s %s\n",
00162                fname,
00163                (result == NULL) ? "failed: " : "",
00164                (result == NULL) ? strerror(errno) : ""));
00165 
00166         return result;
00167 }
00168 
00169 static int audit_mkdir(vfs_handle_struct *handle, const char *path, mode_t mode)
00170 {
00171         int result;
00172         
00173         result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
00174         
00175         syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n", 
00176                path,
00177                (result < 0) ? "failed: " : "",
00178                (result < 0) ? strerror(errno) : "");
00179         DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n",
00180                path,
00181                (result < 0) ? "failed: " : "",
00182                (result < 0) ? strerror(errno) : ""));
00183 
00184         return result;
00185 }
00186 
00187 static int audit_rmdir(vfs_handle_struct *handle, const char *path)
00188 {
00189         int result;
00190         
00191         result = SMB_VFS_NEXT_RMDIR(handle, path);
00192 
00193         syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n", 
00194                path, 
00195                (result < 0) ? "failed: " : "",
00196                (result < 0) ? strerror(errno) : "");
00197         DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n",
00198                path,
00199                (result < 0) ? "failed: " : "",
00200                (result < 0) ? strerror(errno) : ""));
00201 
00202         return result;
00203 }
00204 
00205 static int audit_open(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode)
00206 {
00207         int result;
00208         
00209         result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
00210 
00211         syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n", 
00212                fname, result,
00213                ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "", 
00214                (result < 0) ? "failed: " : "",
00215                (result < 0) ? strerror(errno) : "");
00216         DEBUG(2, ("vfs_extd_audit: open %s %s %s\n",
00217                fname,
00218                (result < 0) ? "failed: " : "",
00219                (result < 0) ? strerror(errno) : ""));
00220 
00221         return result;
00222 }
00223 
00224 static int audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
00225 {
00226         int result;
00227         
00228         result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
00229 
00230         syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",
00231                fd,
00232                (result < 0) ? "failed: " : "",
00233                (result < 0) ? strerror(errno) : "");
00234         DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n",
00235                fd,
00236                (result < 0) ? "failed: " : "",
00237                (result < 0) ? strerror(errno) : ""));
00238 
00239         return result;
00240 }
00241 
00242 static int audit_rename(vfs_handle_struct *handle, const char *oldname, const char *newname)
00243 {
00244         int result;
00245         
00246         result = SMB_VFS_NEXT_RENAME(handle, oldname, newname);
00247 
00248         syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",
00249                oldname, newname,
00250                (result < 0) ? "failed: " : "",
00251                (result < 0) ? strerror(errno) : "");
00252         DEBUG(1, ("vfs_extd_audit: rename old: %s newname: %s  %s %s\n",
00253                oldname, newname,
00254                (result < 0) ? "failed: " : "",
00255                (result < 0) ? strerror(errno) : ""));
00256 
00257         return result;    
00258 }
00259 
00260 static int audit_unlink(vfs_handle_struct *handle, const char *path)
00261 {
00262         int result;
00263         
00264         result = SMB_VFS_NEXT_UNLINK(handle, path);
00265 
00266         syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",
00267                path,
00268                (result < 0) ? "failed: " : "",
00269                (result < 0) ? strerror(errno) : "");
00270         DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n",
00271                path,
00272                (result < 0) ? "failed: " : "",
00273                (result < 0) ? strerror(errno) : ""));
00274 
00275         return result;
00276 }
00277 
00278 static int audit_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
00279 {
00280         int result;
00281 
00282         result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
00283 
00284         syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
00285                path, mode,
00286                (result < 0) ? "failed: " : "",
00287                (result < 0) ? strerror(errno) : "");
00288         DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n",
00289                path, mode,
00290                (result < 0) ? "failed: " : "",
00291                (result < 0) ? strerror(errno) : ""));
00292 
00293         return result;
00294 }
00295 
00296 static int audit_chmod_acl(vfs_handle_struct *handle, const char *path, mode_t mode)
00297 {
00298         int result;
00299         
00300         result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
00301 
00302         syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n",
00303                path, mode,
00304                (result < 0) ? "failed: " : "",
00305                (result < 0) ? strerror(errno) : "");
00306         DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n",
00307                 path, mode,
00308                (result < 0) ? "failed: " : "",
00309                (result < 0) ? strerror(errno) : ""));
00310 
00311         return result;
00312 }
00313 
00314 static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode)
00315 {
00316         int result;
00317         
00318         result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
00319 
00320         syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n",
00321                fsp->fsp_name, mode,
00322                (result < 0) ? "failed: " : "",
00323                (result < 0) ? strerror(errno) : "");
00324         DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s",
00325                fsp->fsp_name,  mode,
00326                (result < 0) ? "failed: " : "",
00327                (result < 0) ? strerror(errno) : ""));
00328 
00329         return result;
00330 }
00331 
00332 static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode)
00333 {
00334         int result;
00335         
00336         result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);
00337 
00338         syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n",
00339                fsp->fsp_name, mode,
00340                (result < 0) ? "failed: " : "",
00341                (result < 0) ? strerror(errno) : "");
00342         DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s",
00343                fsp->fsp_name,  mode,
00344                (result < 0) ? "failed: " : "",
00345                (result < 0) ? strerror(errno) : ""));
00346 
00347         return result;
00348 }
00349 
00350 NTSTATUS vfs_extd_audit_init(void);
00351 NTSTATUS vfs_extd_audit_init(void)
00352 {
00353         NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "extd_audit", audit_op_tuples);
00354         
00355         if (!NT_STATUS_IS_OK(ret))
00356                 return ret;
00357 
00358         vfs_extd_audit_debug_level = debug_add_class("extd_audit");
00359         if (vfs_extd_audit_debug_level == -1) {
00360                 vfs_extd_audit_debug_level = DBGC_VFS;
00361                 DEBUG(0, ("vfs_extd_audit: Couldn't register custom debugging class!\n"));
00362         } else {
00363                 DEBUG(10, ("vfs_extd_audit: Debug class number of 'extd_audit': %d\n", vfs_extd_audit_debug_level));
00364         }
00365         
00366         return ret;
00367 }
Sambaに対してSat Aug 29 21:23:07 2009に生成されました。  doxygen 1.4.7