source: branches/samba-3.3.x/source/lib/audit.c@ 955

Last change on this file since 955 was 206, checked in by Herwig Bauernfeind, 16 years ago

Import Samba 3.3 branch at 3.0.0 level (psmedley's port)

File size: 4.2 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 Auditing helper functions.
4 Copyright (C) Guenther Deschner 2006
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18*/
19
20#include "includes.h"
21
22static const struct audit_category_tab {
23 uint32 category;
24 const char *category_str;
25 const char *param_str;
26 const char *description;
27} audit_category_tab [] = {
28 { LSA_AUDIT_CATEGORY_LOGON,
29 "LSA_AUDIT_CATEGORY_LOGON",
30 "LOGON", "Logon events" },
31 { LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
32 "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS",
33 "PRIVILEGE", "Privilege Use" },
34 { LSA_AUDIT_CATEGORY_SYSTEM,
35 "LSA_AUDIT_CATEGORY_SYSTEM",
36 "SYSTEM", "System Events" },
37 { LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
38 "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES",
39 "POLICY", "Policy Change" },
40 { LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
41 "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING",
42 "PROCESS", "Process Tracking" },
43 { LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
44 "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS",
45 "OBJECT", "Object Access" },
46 { LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
47 "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT",
48 "SAM", "Account Management" },
49 { LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS,
50 "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS",
51 "DIRECTORY", "Directory service access" },
52 { LSA_AUDIT_CATEGORY_ACCOUNT_LOGON,
53 "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON",
54 "ACCOUNT", "Account logon events" },
55 { 0, NULL, NULL }
56};
57
58const char *audit_category_str(uint32 category)
59{
60 int i;
61 for (i=0; audit_category_tab[i].category_str; i++) {
62 if (category == audit_category_tab[i].category) {
63 return audit_category_tab[i].category_str;
64 }
65 }
66 return NULL;
67}
68
69const char *audit_param_str(uint32 category)
70{
71 int i;
72 for (i=0; audit_category_tab[i].param_str; i++) {
73 if (category == audit_category_tab[i].category) {
74 return audit_category_tab[i].param_str;
75 }
76 }
77 return NULL;
78}
79
80const char *audit_description_str(uint32 category)
81{
82 int i;
83 for (i=0; audit_category_tab[i].description; i++) {
84 if (category == audit_category_tab[i].category) {
85 return audit_category_tab[i].description;
86 }
87 }
88 return NULL;
89}
90
91bool get_audit_category_from_param(const char *param, uint32 *audit_category)
92{
93 *audit_category = Undefined;
94
95 if (strequal(param, "SYSTEM")) {
96 *audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
97 } else if (strequal(param, "LOGON")) {
98 *audit_category = LSA_AUDIT_CATEGORY_LOGON;
99 } else if (strequal(param, "OBJECT")) {
100 *audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
101 } else if (strequal(param, "PRIVILEGE")) {
102 *audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
103 } else if (strequal(param, "PROCESS")) {
104 *audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
105 } else if (strequal(param, "POLICY")) {
106 *audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
107 } else if (strequal(param, "SAM")) {
108 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
109 } else if (strequal(param, "DIRECTORY")) {
110 *audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
111 } else if (strequal(param, "ACCOUNT")) {
112 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
113 } else {
114 DEBUG(0,("unknown parameter: %s\n", param));
115 return False;
116 }
117
118 return True;
119}
120
121const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy)
122{
123 const char *ret = NULL;
124
125 if (policy == LSA_AUDIT_POLICY_NONE) {
126 return talloc_strdup(mem_ctx, "None");
127 }
128
129 if (policy & LSA_AUDIT_POLICY_SUCCESS) {
130 ret = talloc_strdup(mem_ctx, "Success");
131 if (ret == NULL) {
132 return NULL;
133 }
134 }
135
136 if (policy & LSA_AUDIT_POLICY_FAILURE) {
137 if (ret) {
138 ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
139 if (ret == NULL) {
140 return NULL;
141 }
142 } else {
143 return talloc_strdup(mem_ctx, "Failure");
144 }
145 }
146
147 return ret;
148}
Note: See TracBrowser for help on using the repository browser.