Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.2.x/source/utils/net_rpc_audit.c

Visit:

Last change on this file was 133, checked in by Paul Smedley, 17 years ago
Update trunk to 3.2.0pre3
File size: 11.5 KB

Line
1	/*
2	Samba Unix/Linux SMB client library
3	Distributed SMB/CIFS Server Management Utility
4	Copyright (C) 2006,2008 Guenther Deschner
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 3 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19	#include "includes.h"
20	#include "utils/net.h"
21
22	/********************************************************************
23	********************************************************************/
24
25	static int net_help_audit(int argc, const char **argv)
26	{
27	d_printf("net rpc audit list View configured Auditing policies\n");
28	d_printf("net rpc audit enable Enable Auditing\n");
29	d_printf("net rpc audit disable Disable Auditing\n");
30	d_printf("net rpc audit get <category> View configured Auditing policy setting\n");
31	d_printf("net rpc audit set <category> <policy> Set Auditing policies\n\n");
32	d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
33	d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
34
35	return -1;
36	}
37
38	/********************************************************************
39	********************************************************************/
40
41	static void print_auditing_category(const char policy, const char value)
42	{
43	fstring padding;
44	int pad_len, col_len = 30;
45
46	if (policy == NULL) {
47	policy = "Unknown";
48	}
49	if (value == NULL) {
50	value = "Invalid";
51	}
52
53	/* calculate padding space for d_printf to look nicer */
54	pad_len = col_len - strlen(policy);
55	padding[pad_len] = 0;
56	do padding[--pad_len] = ' '; while (pad_len > 0);
57
58	d_printf("\t%s%s%s\n", policy, padding, value);
59	}
60
61	/********************************************************************
62	********************************************************************/
63
64	static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
65	const char *domain_name,
66	struct cli_state *cli,
67	struct rpc_pipe_client *pipe_hnd,
68	TALLOC_CTX *mem_ctx,
69	int argc,
70	const char **argv)
71	{
72	POLICY_HND pol;
73	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
74	union lsa_PolicyInformation *info = NULL;
75	int i;
76	uint32_t audit_category;
77
78	if (argc < 1 \|\| argc > 2) {
79	d_printf("insufficient arguments\n");
80	net_help_audit(argc, argv);
81	return NT_STATUS_INVALID_PARAMETER;
82	}
83
84	if (!get_audit_category_from_param(argv[0], &audit_category)) {
85	d_printf("invalid auditing category: %s\n", argv[0]);
86	return NT_STATUS_INVALID_PARAMETER;
87	}
88
89	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
90	SEC_RIGHTS_MAXIMUM_ALLOWED,
91	&pol);
92
93	if (!NT_STATUS_IS_OK(result)) {
94	goto done;
95	}
96
97	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
98	&pol,
99	LSA_POLICY_INFO_AUDIT_EVENTS,
100	&info);
101
102	if (!NT_STATUS_IS_OK(result)) {
103	goto done;
104	}
105
106	for (i=0; i < info->audit_events.count; i++) {
107
108	const char val = NULL, policy = NULL;
109
110	if (i != audit_category) {
111	continue;
112	}
113
114	val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
115	policy = audit_description_str(i);
116	print_auditing_category(policy, val);
117	}
118
119	done:
120	if (!NT_STATUS_IS_OK(result)) {
121	d_printf("failed to get auditing policy: %s\n",
122	nt_errstr(result));
123	}
124
125	return result;
126	}
127
128	/********************************************************************
129	********************************************************************/
130
131	static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
132	const char *domain_name,
133	struct cli_state *cli,
134	struct rpc_pipe_client *pipe_hnd,
135	TALLOC_CTX *mem_ctx,
136	int argc,
137	const char **argv)
138	{
139	POLICY_HND pol;
140	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
141	union lsa_PolicyInformation *info = NULL;
142	uint32_t audit_policy, audit_category;
143
144	if (argc < 2 \|\| argc > 3) {
145	d_printf("insufficient arguments\n");
146	net_help_audit(argc, argv);
147	return NT_STATUS_INVALID_PARAMETER;
148	}
149
150	if (!get_audit_category_from_param(argv[0], &audit_category)) {
151	d_printf("invalid auditing category: %s\n", argv[0]);
152	return NT_STATUS_INVALID_PARAMETER;
153	}
154
155	audit_policy = LSA_AUDIT_POLICY_CLEAR;
156
157	if (strequal(argv[1], "Success")) {
158	audit_policy \|= LSA_AUDIT_POLICY_SUCCESS;
159	} else if (strequal(argv[1], "Failure")) {
160	audit_policy \|= LSA_AUDIT_POLICY_FAILURE;
161	} else if (strequal(argv[1], "All")) {
162	audit_policy \|= LSA_AUDIT_POLICY_ALL;
163	} else if (strequal(argv[1], "None")) {
164	audit_policy = LSA_AUDIT_POLICY_CLEAR;
165	} else {
166	d_printf("invalid auditing policy: %s\n", argv[1]);
167	return NT_STATUS_INVALID_PARAMETER;
168	}
169
170	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
171	SEC_RIGHTS_MAXIMUM_ALLOWED,
172	&pol);
173
174	if (!NT_STATUS_IS_OK(result)) {
175	goto done;
176	}
177
178	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
179	&pol,
180	LSA_POLICY_INFO_AUDIT_EVENTS,
181	&info);
182
183	if (!NT_STATUS_IS_OK(result)) {
184	goto done;
185	}
186
187	info->audit_events.settings[audit_category] = audit_policy;
188
189	result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
190	&pol,
191	LSA_POLICY_INFO_AUDIT_EVENTS,
192	info);
193
194	if (!NT_STATUS_IS_OK(result)) {
195	goto done;
196	}
197
198	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
199	&pol,
200	LSA_POLICY_INFO_AUDIT_EVENTS,
201	&info);
202	{
203	const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
204	const char *policy = audit_description_str(audit_category);
205	print_auditing_category(policy, val);
206	}
207
208	done:
209	if (!NT_STATUS_IS_OK(result)) {
210	d_printf("failed to set audit policy: %s\n", nt_errstr(result));
211	}
212
213	return result;
214	}
215
216	/********************************************************************
217	********************************************************************/
218
219	static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
220	TALLOC_CTX *mem_ctx,
221	int argc,
222	const char **argv,
223	bool enable)
224	{
225	POLICY_HND pol;
226	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
227	union lsa_PolicyInformation *info = NULL;
228
229	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
230	SEC_RIGHTS_MAXIMUM_ALLOWED,
231	&pol);
232
233	if (!NT_STATUS_IS_OK(result)) {
234	goto done;
235	}
236
237	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
238	&pol,
239	LSA_POLICY_INFO_AUDIT_EVENTS,
240	&info);
241	if (!NT_STATUS_IS_OK(result)) {
242	goto done;
243	}
244
245	info->audit_events.auditing_mode = enable;
246
247	result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
248	&pol,
249	LSA_POLICY_INFO_AUDIT_EVENTS,
250	info);
251
252	if (!NT_STATUS_IS_OK(result)) {
253	goto done;
254	}
255
256	done:
257	if (!NT_STATUS_IS_OK(result)) {
258	d_printf("failed to %s audit policy: %s\n",
259	enable ? "enable":"disable", nt_errstr(result));
260	}
261
262	return result;
263	}
264
265	/********************************************************************
266	********************************************************************/
267
268	static NTSTATUS rpc_audit_disable_internal(const DOM_SID *domain_sid,
269	const char *domain_name,
270	struct cli_state *cli,
271	struct rpc_pipe_client *pipe_hnd,
272	TALLOC_CTX *mem_ctx,
273	int argc,
274	const char **argv)
275	{
276	return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
277	false);
278	}
279
280	/********************************************************************
281	********************************************************************/
282
283	static NTSTATUS rpc_audit_enable_internal(const DOM_SID *domain_sid,
284	const char *domain_name,
285	struct cli_state *cli,
286	struct rpc_pipe_client *pipe_hnd,
287	TALLOC_CTX *mem_ctx,
288	int argc,
289	const char **argv)
290	{
291	return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
292	true);
293	}
294
295	/********************************************************************
296	********************************************************************/
297
298	static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
299	const char *domain_name,
300	struct cli_state *cli,
301	struct rpc_pipe_client *pipe_hnd,
302	TALLOC_CTX *mem_ctx,
303	int argc,
304	const char **argv)
305	{
306	POLICY_HND pol;
307	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
308	union lsa_PolicyInformation *info = NULL;
309	int i;
310
311	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
312	SEC_RIGHTS_MAXIMUM_ALLOWED,
313	&pol);
314
315	if (!NT_STATUS_IS_OK(result)) {
316	goto done;
317	}
318
319	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
320	&pol,
321	LSA_POLICY_INFO_AUDIT_EVENTS,
322	&info);
323	if (!NT_STATUS_IS_OK(result)) {
324	goto done;
325	}
326
327	printf("Auditing:\t\t");
328	switch (info->audit_events.auditing_mode) {
329	case true:
330	printf("Enabled");
331	break;
332	case false:
333	printf("Disabled");
334	break;
335	default:
336	printf("unknown (%d)", info->audit_events.auditing_mode);
337	break;
338	}
339	printf("\n");
340
341	printf("Auditing categories:\t%d\n", info->audit_events.count);
342	printf("Auditing settings:\n");
343
344	for (i=0; i < info->audit_events.count; i++) {
345	const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
346	const char *policy = audit_description_str(i);
347	print_auditing_category(policy, val);
348	}
349
350	done:
351	if (!NT_STATUS_IS_OK(result)) {
352	d_printf("failed to list auditing policies: %s\n",
353	nt_errstr(result));
354	}
355
356	return result;
357	}
358
359	/********************************************************************
360	********************************************************************/
361
362	static int rpc_audit_get(int argc, const char **argv)
363	{
364	return run_rpc_command(NULL, PI_LSARPC, 0,
365	rpc_audit_get_internal, argc, argv);
366	}
367
368	/********************************************************************
369	********************************************************************/
370
371	static int rpc_audit_set(int argc, const char **argv)
372	{
373	return run_rpc_command(NULL, PI_LSARPC, 0,
374	rpc_audit_set_internal, argc, argv);
375	}
376
377	/********************************************************************
378	********************************************************************/
379
380	static int rpc_audit_enable(int argc, const char **argv)
381	{
382	return run_rpc_command(NULL, PI_LSARPC, 0,
383	rpc_audit_enable_internal, argc, argv);
384	}
385
386	/********************************************************************
387	********************************************************************/
388
389	static int rpc_audit_disable(int argc, const char **argv)
390	{
391	return run_rpc_command(NULL, PI_LSARPC, 0,
392	rpc_audit_disable_internal, argc, argv);
393	}
394
395	/********************************************************************
396	********************************************************************/
397
398	static int rpc_audit_list(int argc, const char **argv)
399	{
400	return run_rpc_command(NULL, PI_LSARPC, 0,
401	rpc_audit_list_internal, argc, argv);
402	}
403
404	/********************************************************************
405	********************************************************************/
406
407	int net_rpc_audit(int argc, const char **argv)
408	{
409	struct functable func[] = {
410	{"get", rpc_audit_get},
411	{"set", rpc_audit_set},
412	{"enable", rpc_audit_enable},
413	{"disable", rpc_audit_disable},
414	{"list", rpc_audit_list},
415	{NULL, NULL}
416	};
417
418	if (argc)
419	return net_run_function(argc, argv, func, net_help_audit);
420
421	return net_help_audit(argc, argv);
422	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: