diff -Nacr source.orig/Makefile.in source/Makefile.in *** source.orig/Makefile.in Tue Apr 25 18:06:11 2000 --- source/Makefile.in Tue Jan 9 10:26:27 2001 *************** *** 150,156 **** smbd/message.o smbd/nttrans.o smbd/pipes.o smbd/predict.o \ smbd/$(QUOTAOBJS) smbd/reply.o smbd/trans2.o smbd/uid.o \ smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o smbd/blocking.o \ ! smbd/process.o smbd/oplock.o smbd/service.o smbd/error.o PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/printing.o \ printing/print_cups.o --- 150,156 ---- smbd/message.o smbd/nttrans.o smbd/pipes.o smbd/predict.o \ smbd/$(QUOTAOBJS) smbd/reply.o smbd/trans2.o smbd/uid.o \ smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o smbd/blocking.o \ ! smbd/process.o smbd/oplock.o smbd/service.o smbd/error.o smbd/syslog_audit.o PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/printing.o \ printing/print_cups.o diff -Nacr source.orig/include/includes.h source/include/includes.h *** source.orig/include/includes.h Tue Apr 25 18:06:46 2000 --- source/include/includes.h Tue Jan 9 10:26:27 2001 *************** *** 27,32 **** --- 27,34 ---- #include "local.h" + #include "syslog_audit.h" /* AAB */ + #ifdef AIX #define DEFAULT_PRINTING PRINT_AIX #define PRINTCAP_NAME "/etc/qconfig" diff -Nacr source.orig/include/syslog_audit.h source/include/syslog_audit.h *** source.orig/include/syslog_audit.h Wed Dec 31 18:00:00 1969 --- source/include/syslog_audit.h Tue Jan 9 10:26:27 2001 *************** *** 0 **** --- 1,17 ---- + + + #include + + #define SYSLOGAUDIT_DOMAINLOGON 1<<0 + #define SYSLOGAUDIT_DOMAINLOGOFF 1<<1 + #define SYSLOGAUDIT_SHAREOPEN 1<<2 + #define SYSLOGAUDIT_SHARECLOSE 1<<3 + #define SYSLOGAUDIT_FILEOPEN 1<<4 + #define SYSLOGAUDIT_FILECLOSE 1<<5 + #define SYSLOGAUDIT_FILEDELETE 1<<6 + #define SYSLOGAUDIT_FILEMOVE 1<<7 + #define SYSLOGAUDIT_FILECOPY 1<<8 + #define SYSLOGAUDIT_MKDIR 1<<9 + #define SYSLOGAUDIT_RMDIR 1<<10 + #define SYSLOGAUDIT_PRINT 1<<11 + #define SYSLOGAUDIT_SETATTR 1<<12 diff -Nacr source.orig/param/loadparm.c source/param/loadparm.c *** source.orig/param/loadparm.c Tue Apr 25 18:07:00 2000 --- source/param/loadparm.c Tue Jan 9 10:30:25 2001 *************** *** 249,254 **** --- 249,256 ---- BOOL bKernelOplocks; BOOL bAllowTrustedDomains; BOOL bRestrictAnonymous; + BOOL syslog_auditing; /* AAB */ + char *syslog_audit_format; /* AAB */ BOOL bDebugHiresTimestamp; BOOL bDebugPid; BOOL bDebugUid; *************** *** 362,367 **** --- 364,372 ---- BOOL bFakeDirCreateTimes; BOOL bBlockingLocks; BOOL bInheritPerms; + int syslog_auditFacility; /* AAB */ + int syslog_auditLevel; /* AAB */ + int syslog_auditActions; /* AAB */ char dummy[3]; /* for alignment */ } service; *************** *** 468,473 **** --- 473,481 ---- False, /* bFakeDirCreateTimes */ True, /* bBlockingLocks */ False, /* bInheritPerms */ + LOG_LOCAL0, /* syslog_auditFacility */ + LOG_INFO, /* syslog_auditLevel */ + 0, /* syslog_auditActions */ "" /* dummy */ }; *************** *** 492,497 **** --- 500,506 ---- static BOOL handle_client_code_page(char *pszParmValue,char **ptr); static BOOL handle_source_env(char *pszParmValue,char **ptr); static BOOL handle_netbios_name(char *pszParmValue,char **ptr); + static BOOL handle_syslog_audit_actions(char *pszParmValue, char **ptr); /* AAB */ static void set_default_server_announce_type(void); *************** *** 545,550 **** --- 554,587 ---- static struct enum_list enum_map_to_guest[] = {{NEVER_MAP_TO_GUEST, "Never"}, {MAP_TO_GUEST_ON_BAD_USER, "Bad User"}, {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"}, {-1, NULL}}; + static struct enum_list enum_syslog_audit_facility[] = {{LOG_AUTHPRIV, "LOG_AUTHPRIV"}, {LOG_CRON, "LOG_CRON"}, + {LOG_DAEMON, "LOG_DAEMON"}, {LOG_LOCAL0, "LOG_LOCAL0"}, + {LOG_LOCAL1, "LOG_LOCAL1"}, {LOG_LOCAL2, "LOG_LOCAL2"}, + {LOG_LOCAL3, "LOG_LOCAL3"}, {LOG_LOCAL4, "LOG_LOCAL4"}, + {LOG_LOCAL5, "LOG_LOCAL5"}, {LOG_LOCAL6, "LOG_LOCAL6"}, + {LOG_LOCAL7, "LOG_LOCAL7"}, {LOG_LPR, "LOG_LPR"}, + {LOG_MAIL, "LOG_MAIL"}, {LOG_NEWS, "LOG_NEWS"}, + {LOG_SYSLOG, "LOG_SYSLOG"}, {LOG_USER, "LOG_USER"}, + {LOG_UUCP, "LOG_UUCP"}, {-1, NULL}}; + + static struct enum_list enum_syslog_audit_level[] = {{LOG_EMERG, "LOG_EMERG"}, {LOG_ALERT, "LOG_ALERT"}, + {LOG_CRIT, "LOG_CRIT"}, {LOG_ERR, "LOG_ERR"}, + {LOG_WARNING, "LOG_WARNING"}, {LOG_NOTICE, "LOG_NOTICE"}, + {LOG_INFO, "LOG_INFO"}, {LOG_DEBUG, "LOG_DEBUG"}}; + + static struct enum_list enum_syslog_audit_actions[] = {{SYSLOGAUDIT_DOMAINLOGON, "DOMAINLOGON"}, + {SYSLOGAUDIT_DOMAINLOGOFF, "DOMAINLOGOFF"}, + {SYSLOGAUDIT_SHAREOPEN, "SHAREOPEN"}, + {SYSLOGAUDIT_SHARECLOSE, "SHARECLOSE"}, + {SYSLOGAUDIT_FILEOPEN, "FILEOPEN"}, + {SYSLOGAUDIT_FILECLOSE, "FILECLOSE"}, + {SYSLOGAUDIT_FILEDELETE, "FILEDELETE"}, + {SYSLOGAUDIT_FILEMOVE, "FILEMOVE"}, + {SYSLOGAUDIT_MKDIR, "MKDIR"}, + {SYSLOGAUDIT_RMDIR, "RMDIR"}, + {SYSLOGAUDIT_SETATTR, "SETATTR"}, + {-1, NULL}}; + #ifdef WITH_SSL static struct enum_list enum_ssl_version[] = {{SMB_SSL_V2, "ssl2"}, {SMB_SSL_V3, "ssl3"}, {SMB_SSL_V23, "ssl2or3"}, {SMB_SSL_TLS1, "tls1"}, {-1, NULL}}; *************** *** 867,872 **** --- 904,915 ---- {"fake directory create times", P_BOOL,P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_SHARE|FLAG_GLOBAL}, {"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, 0}, + {"Auditing Options", P_SEP, P_SEPARATOR}, /* AAB */ + {"syslog auditing", P_BOOL, P_GLOBAL, &Globals.syslog_auditing, NULL, NULL, 0}, + {"syslog audit format", P_STRING, P_GLOBAL, &Globals.syslog_audit_format, NULL, NULL, 0}, + {"syslog audit facility", P_ENUM, P_LOCAL, &sDefault.syslog_auditFacility, NULL, enum_syslog_audit_facility, 0}, + {"syslog audit level", P_ENUM, P_LOCAL, &sDefault.syslog_auditLevel, NULL, enum_syslog_audit_level, 0}, + {"syslog audit actions", P_INTEGER, P_LOCAL, &sDefault.syslog_auditActions, handle_syslog_audit_actions, NULL, 0}, {NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0} }; *************** *** 1044,1049 **** --- 1087,1095 ---- Globals.bDNSproxy = True; + Globals.syslog_auditing = False; + string_set(&Globals.syslog_audit_format, "$server $share $user $group $client($clientaddr) $action"); + /* * smbd will check at runtime to see if this value * will really be used or not. *************** *** 1424,1429 **** --- 1470,1481 ---- FN_LOCAL_CHAR(lp_magicchar,magic_char) + FN_GLOBAL_INTEGER(lp_syslog_auditing,&Globals.syslog_auditing); /* AAB */ + FN_GLOBAL_STRING(lp_syslog_audit_format,&Globals.syslog_audit_format); /* AAB */ + FN_LOCAL_INTEGER(lp_syslog_audit_facility, syslog_auditFacility); /* AAB */ + FN_LOCAL_INTEGER(lp_syslog_audit_level, syslog_auditLevel); /* AAB */ + FN_LOCAL_INTEGER(lp_syslog_audit_actions, syslog_auditActions); /* AAB */ + /* local prototypes */ *************** *** 1930,1935 **** --- 1982,2009 ---- DEBUG(4,("handle_netbios_name: set global_myname to: %s\n", global_myname)); return(True); + } + + + /*************************************************************************** + handle the syslog audit actions strings + ***************************************************************************/ + static BOOL handle_syslog_audit_actions(char *pszParmValue, char **ptr) + { + fstring tok; + int actions, i; + + actions = 0; + /* more than enough (45) for the size of the syslog audit actions */ + while (next_token(&pszParmValue, tok, NULL, 45)) { + for (i=0 ; enum_syslog_audit_actions[i].name ; i++) + if (strequal(enum_syslog_audit_actions[i].name, tok)) + actions |= enum_syslog_audit_actions[i].value; + } + + (int *) *ptr = actions; + return(True); + } /*************************************************************************** diff -Nacr source.orig/rpc_server/srv_netlog.c source/rpc_server/srv_netlog.c *** source.orig/rpc_server/srv_netlog.c Wed Oct 13 00:26:55 1999 --- source/rpc_server/srv_netlog.c Tue Jan 9 10:26:27 2001 *************** *** 625,630 **** --- 625,678 ---- return 0xC0000000 | NT_STATUS_WRONG_PASSWORD; } + + /************************************************************************* + record_logon_attempt AAB + *************************************************************************/ + static void record_logon_attempt(uint32 status, char *samlogon_user) + { + fstring extra; + + switch (status) { + case 0: /* successfully got past all the validation stuff */ + slprintf(extra, sizeof(extra), "successful logon for %s", samlogon_user); + syslog_audit_logon(extra); + break; + case (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT): + slprintf(extra, sizeof(extra), "%s logon from unknown workstation", samlogon_user); + syslog_audit_logon_fail(extra); + break; + case (0xC0000000 | NT_STATUS_ACCESS_DENIED): + slprintf(extra, sizeof(extra), "access denied for %s", samlogon_user); + syslog_audit_logon_fail(extra); + break; + case (0xC0000000 | NT_STATUS_WRONG_PASSWORD): + slprintf(extra, sizeof(extra), "wrong password for %s", samlogon_user); + syslog_audit_logon_fail(extra); + break; + case (0xC0000000 | NT_STATUS_NO_SUCH_USER): + slprintf(extra, sizeof(extra), "no such user %s", samlogon_user); + syslog_audit_logon_fail(extra); + break; + case (0xC0000000 | NT_STATUS_ACCOUNT_DISABLED): + slprintf(extra, sizeof(extra), "account disabled for %s", samlogon_user); + syslog_audit_logon_fail(extra); + break; + case (0xC0000000 | NT_STATUS_INVALID_INFO_CLASS): + syslog_audit_logon_fail("unsupported logon class"); + break; + case (0xC0000000 | NT_STATUS_INVALID_HANDLE): + /* ignore this. is this useful syslog audit information? */ + break; + default: + slprintf(extra, sizeof(extra), "status error code 0x%x", status); + syslog_audit_logon_fail(extra); + break; + } + + } + + /************************************************************************* api_net_sam_logon: *************************************************************************/ *************** *** 717,729 **** --- 765,783 ---- /* Validate password - if required. */ if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ)) { + fstring extra; + switch (q_l.sam_id.logon_level) { case INTERACTIVE_LOGON_TYPE: /* interactive login. */ + slprintf(extra, sizeof(fstring), "interactive logon attempt for %s", samlogon_user); /* AAB */ + syslog_audit_logon(extra); status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser); break; case NET_LOGON_TYPE: /* network login. lm challenge and 24 byte responses */ + slprintf(extra, sizeof(fstring), "network logon attempt for %s", samlogon_user); /* AAB */ + syslog_audit_logon(extra); status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass); break; } *************** *** 732,738 **** --- 786,794 ---- /* lkclXXXX this is the point at which, if the login was successful, that the SAM Local Security Authority should record that the user is logged in to the domain. + So I'll add that -- AAB */ + record_logon_attempt(status, samlogon_user); /* return the profile plus other bits :-) */ diff -Nacr source.orig/smbd/close.c source/smbd/close.c *** source.orig/smbd/close.c Tue Apr 25 18:07:09 2000 --- source/smbd/close.c Tue Jan 9 10:26:27 2001 *************** *** 158,163 **** --- 158,165 ---- conn->user,fsp->fsp_name, conn->num_files_open, err ? strerror(err) : "")); + syslog_audit_file_close(conn, fsp->fsp_name); + if (fsp->fsp_name) { string_free(&fsp->fsp_name); } diff -Nacr source.orig/smbd/open.c source/smbd/open.c *** source.orig/smbd/open.c Tue Apr 25 18:07:11 2000 --- source/smbd/open.c Tue Jan 9 10:26:27 2001 *************** *** 346,351 **** --- 346,353 ---- pstrcpy(fname,fname1); + syslog_audit_file_open(conn, (char *) fname); /* AAB */ + /* check permissions */ /* diff -Nacr source.orig/smbd/reply.c source/smbd/reply.c *** source.orig/smbd/reply.c Tue Apr 25 20:06:22 2000 --- source/smbd/reply.c Tue Jan 9 10:26:27 2001 *************** *** 1717,1722 **** --- 1717,1735 ---- file_close_user(vuid); } + { + char *unamestr; + unamestr = uidtoname(vuser->uid); + if (strncmp(unamestr, lp_guestaccount(-1), strlen(unamestr))) { + /* only log non-guest logoffs, otherwise the log fills up with guest + * accesses from machine accounts + */ + fstring extra; + slprintf(extra, sizeof(extra), "user %s(%d)", uidtoname(vuser->uid), vuser->uid); + syslog_audit_logoff(extra); + } + } + invalidate_vuid(vuid); set_message(outbuf,2,0,True); *************** *** 1948,1953 **** --- 1961,1967 ---- count++; if (!count) exists = dos_file_exist(directory,NULL); + syslog_audit_file_delete(conn, (char *) directory, ""); /* AAB */ } else { void *dirptr = NULL; char *dname; *************** *** 1978,1983 **** --- 1992,1998 ---- slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname); if (!can_delete(fname,conn,dirtype)) continue; if (!dos_unlink(fname)) count++; + syslog_audit_file_delete(conn, (char *) fname); /* AAB */ DEBUG(3,("reply_unlink : doing unlink on %s\n",fname)); } CloseDir(dirptr); *************** *** 3203,3208 **** --- 3218,3224 ---- outsize = set_message(outbuf,0,0,True); + syslog_audit_mkdir(conn, directory); DEBUG( 3, ( "mkdir %s ret=%d\n", directory, ret ) ); return(outsize); *************** *** 3390,3395 **** --- 3406,3412 ---- outsize = set_message(outbuf,0,0,True); + syslog_audit_rmdir(conn, directory); DEBUG( 3, ( "rmdir %s\n", directory ) ); return(outsize); *************** *** 3697,3702 **** --- 3714,3720 ---- pstrcpy(newname,smb_buf(inbuf) + 3 + strlen(name)); DEBUG(3,("reply_mv : %s -> %s\n",name,newname)); + syslog_audit_filemove(conn, name, newname); outsize = rename_internals(conn, inbuf, outbuf, name, newname, False); if(outsize == 0) *************** *** 3787,3792 **** --- 3805,3812 ---- * close of fsp1. */ *err_ret = close_file(fsp2,False); + + syslog_audit_filecopy(conn, src, dest1); return(ret == (SMB_OFF_T)st.st_size); } diff -Nacr source.orig/smbd/server.c source/smbd/server.c *** source.orig/smbd/server.c Tue Apr 25 18:07:12 2000 --- source/smbd/server.c Tue Jan 9 10:26:27 2001 *************** *** 750,755 **** --- 750,757 ---- if( !open_oplock_ipc() ) exit(1); + syslog_audit_start(); /* AAB */ + smbd_process(); close_sockets(); diff -Nacr source.orig/smbd/service.c source/smbd/service.c *** source.orig/smbd/service.c Tue Apr 25 18:07:12 2000 --- source/smbd/service.c Tue Jan 9 10:26:27 2001 *************** *** 496,501 **** --- 496,504 ---- *ecode = ERRbadpw; return NULL; } + + if (!(IS_IPC(conn))) + syslog_audit_share_open(conn); /* AAB */ if (dos_ChDir(conn->connectpath) != 0) { DEBUG(0,("Can't change directory to %s (%s)\n", *************** *** 581,586 **** --- 584,592 ---- DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n", remote_machine,conn->client_address, lp_servicename(SNUM(conn)))); + + if (!(IS_IPC(conn))) + syslog_audit_share_close(conn); /* AAB */ yield_connection(conn, lp_servicename(SNUM(conn)), diff -Nacr source.orig/smbd/syslog_audit.c source/smbd/syslog_audit.c *** source.orig/smbd/syslog_audit.c Wed Dec 31 18:00:00 1969 --- source/smbd/syslog_audit.c Tue Jan 9 10:26:27 2001 *************** *** 0 **** --- 1,182 ---- + /* + Samba syslog auditing + Copyright (C) Andy A Bakun 1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + /* + This file does the work of the syslog auditing functions + */ + + #include "includes.h" + + extern int DEBUGLEVEL; + extern int Client; + extern fstring local_machine, remote_machine; + + char *lp_syslog_audit_format(); + + void syslog_audit_start() + { + if (lp_syslog_auditing()) + openlog("samba", LOG_PID | LOG_NDELAY, lp_syslog_audit_facility(-1)); + } + + + void syslog_audit_domessage(char *action, int syslogpri, connection_struct *conn, char *extra) + { + pstring s; + char *format; + + if (!lp_syslog_auditing()) return; + + format = lp_syslog_audit_format(); + StrnCpy(s, format, sizeof(pstring)); + + string_sub(s, "\\t", "\t", 1023); + + string_sub(s, "$action", action, 1023); + string_sub(s, "$server", local_machine, 1023); + + if (conn) { + fstring l; + + string_sub(s, "$share", lp_servicename(SNUM(conn)), 1023); + + slprintf(l, sizeof(fstring), "%s(%d)", uidtoname(conn->uid), conn->uid); + string_sub(s, "$user", l, 1023); + + slprintf(l, sizeof(fstring), "%s(%d)", gidtoname(conn->gid), conn->gid); + string_sub(s, "$group", l, 1023); + } else { + string_sub(s, "$share", "-", 1023); + string_sub(s, "$user", "-", 1023); + string_sub(s, "$group", "-", 1023); + } + + string_sub(s, "$clientaddr", client_addr(Client), 1023); + string_sub(s, "$client", remote_machine, 1023); + + if (!syslogpri) + syslogpri = lp_syslog_audit_facility(SNUM(conn)) | lp_syslog_audit_level(SNUM(conn)); + + syslog(syslogpri, "%s %s\n", s, extra); + + } + + + void syslog_audit_logon(char *extra) + { + syslog_audit_domessage("LOGON", lp_syslog_audit_facility(-1) | lp_syslog_audit_level(-1), NULL, extra); + } + + + void syslog_audit_logoff(char *extra) + { + syslog_audit_domessage("LOGOFF", lp_syslog_audit_facility(-1) | lp_syslog_audit_level(-1), NULL, extra); + } + + + void syslog_audit_logon_fail(char *extra) + { + syslog_audit_domessage("LOGONFAIL", lp_syslog_audit_facility(-1) | lp_syslog_audit_level(-1), NULL, extra); + } + + + void syslog_audit_share_open(connection_struct *conn) + { + if (lp_syslog_audit_actions(SNUM(conn)) & SYSLOGAUDIT_SHAREOPEN) + syslog_audit_domessage("SHAREOPEN", 0, conn, ""); + } + + + void syslog_audit_share_close(connection_struct *conn) + { + if (lp_syslog_audit_actions(SNUM(conn)) & SYSLOGAUDIT_SHARECLOSE) + syslog_audit_domessage("SHARECLOSE", 0, conn, ""); + } + + + void syslog_audit_file_open(connection_struct *conn, char *filename) + { + if (lp_syslog_audit_actions(SNUM(conn)) & SYSLOGAUDIT_FILEOPEN) { + pstring extra; + slprintf(extra, sizeof(pstring), "file=\"%s\"", filename); + syslog_audit_domessage("FILEOPEN", 0, conn, extra); + } + } + + + void syslog_audit_file_close(connection_struct *conn, char *filename) + { + if (lp_syslog_audit_actions(SNUM(conn)) & SYSLOGAUDIT_FILECLOSE) { + pstring extra; + slprintf(extra, sizeof(pstring), "file=\"%s\"", filename); + syslog_audit_domessage("FILECLOSE", 0, conn, extra); + } + } + + + void syslog_audit_file_delete(connection_struct *conn, char *filename) + { + if (lp_syslog_audit_actions(SNUM(conn)) & SYSLOGAUDIT_FILEDELETE) { + pstring extra; + slprintf(extra, sizeof(pstring), "file=\"%s\"", filename); + syslog_audit_domessage("FILEDELETE", 0, conn, extra); + } + } + + + void syslog_audit_filemove(connection_struct *conn, char *src, char *dest) + { + if (lp_syslog_audit_actions(SNUM(conn)) & SYSLOGAUDIT_FILEMOVE) { + pstring extra; + slprintf(extra, sizeof(pstring), "source=\"%s\" dest=\"%s\"", src, dest); + syslog_audit_domessage("FILEMOVE", 0, conn, extra); + } + } + + + void syslog_audit_filecopy(connection_struct *conn, char *src, char *dest) + { + if (lp_syslog_audit_actions(SNUM(conn)) & SYSLOGAUDIT_FILECOPY) { + pstring extra; + slprintf(extra, sizeof(pstring), "source=\"%s\" dest=\"%s\"", src, dest); + syslog_audit_domessage("FILECOPY", 0, conn, extra); + } + } + + + void syslog_audit_mkdir(connection_struct *conn, char *dirname) + { + if (lp_syslog_audit_actions(SNUM(conn)) & SYSLOGAUDIT_FILEDELETE) { + pstring extra; + slprintf(extra, sizeof(pstring), "dir=\"%s\"", dirname); + syslog_audit_domessage("MKDIR", 0, conn, extra); + } + } + + + void syslog_audit_rmdir(connection_struct *conn, char *dirname) + { + if (lp_syslog_audit_actions(SNUM(conn)) & SYSLOGAUDIT_FILEDELETE) { + pstring extra; + slprintf(extra, sizeof(pstring), "dir=\"%s\"", dirname); + syslog_audit_domessage("FILEDELETE", 0, conn, extra); + } + } + + /* void syslog_audit_file_read(connection_struct *conn); */ + /* void syslog_audit_file_write(connection_struct *conn); */ + /* void syslog_audit_file_perm(connection_struct *conn); */