Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.3.x/source/utils/net_rpc_audit.c

Visit:

Last change on this file was 206, checked in by Herwig Bauernfeind, 16 years ago
Import Samba 3.3 branch at 3.0.0 level (psmedley's port)
File size: 13.1 KB

Line
1	/*
2	Samba Unix/Linux SMB client library
3	Distributed SMB/CIFS Server Management Utility
4	Copyright (C) 2006,2008 Guenther Deschner
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 3 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19	#include "includes.h"
20	#include "utils/net.h"
21
22	/********************************************************************
23	********************************************************************/
24
25	static int net_help_audit(struct net_context c, int argc, const char *argv)
26	{
27	d_printf("net rpc audit list View configured Auditing policies\n");
28	d_printf("net rpc audit enable Enable Auditing\n");
29	d_printf("net rpc audit disable Disable Auditing\n");
30	d_printf("net rpc audit get <category> View configured Auditing policy setting\n");
31	d_printf("net rpc audit set <category> <policy> Set Auditing policies\n\n");
32	d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
33	d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
34
35	return -1;
36	}
37
38	/********************************************************************
39	********************************************************************/
40
41	static void print_auditing_category(const char policy, const char value)
42	{
43	fstring padding;
44	int pad_len, col_len = 30;
45
46	if (policy == NULL) {
47	policy = "Unknown";
48	}
49	if (value == NULL) {
50	value = "Invalid";
51	}
52
53	/* calculate padding space for d_printf to look nicer */
54	pad_len = col_len - strlen(policy);
55	padding[pad_len] = 0;
56	do padding[--pad_len] = ' '; while (pad_len > 0);
57
58	d_printf("\t%s%s%s\n", policy, padding, value);
59	}
60
61	/********************************************************************
62	********************************************************************/
63
64	static NTSTATUS rpc_audit_get_internal(struct net_context *c,
65	const DOM_SID *domain_sid,
66	const char *domain_name,
67	struct cli_state *cli,
68	struct rpc_pipe_client *pipe_hnd,
69	TALLOC_CTX *mem_ctx,
70	int argc,
71	const char **argv)
72	{
73	POLICY_HND pol;
74	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
75	union lsa_PolicyInformation *info = NULL;
76	int i;
77	uint32_t audit_category;
78
79	if (argc < 1 \|\| argc > 2) {
80	d_printf("insufficient arguments\n");
81	net_help_audit(c, argc, argv);
82	return NT_STATUS_INVALID_PARAMETER;
83	}
84
85	if (!get_audit_category_from_param(argv[0], &audit_category)) {
86	d_printf("invalid auditing category: %s\n", argv[0]);
87	return NT_STATUS_INVALID_PARAMETER;
88	}
89
90	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
91	SEC_RIGHTS_MAXIMUM_ALLOWED,
92	&pol);
93
94	if (!NT_STATUS_IS_OK(result)) {
95	goto done;
96	}
97
98	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
99	&pol,
100	LSA_POLICY_INFO_AUDIT_EVENTS,
101	&info);
102
103	if (!NT_STATUS_IS_OK(result)) {
104	goto done;
105	}
106
107	for (i=0; i < info->audit_events.count; i++) {
108
109	const char val = NULL, policy = NULL;
110
111	if (i != audit_category) {
112	continue;
113	}
114
115	val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
116	policy = audit_description_str(i);
117	print_auditing_category(policy, val);
118	}
119
120	done:
121	if (!NT_STATUS_IS_OK(result)) {
122	d_printf("failed to get auditing policy: %s\n",
123	nt_errstr(result));
124	}
125
126	return result;
127	}
128
129	/********************************************************************
130	********************************************************************/
131
132	static NTSTATUS rpc_audit_set_internal(struct net_context *c,
133	const DOM_SID *domain_sid,
134	const char *domain_name,
135	struct cli_state *cli,
136	struct rpc_pipe_client *pipe_hnd,
137	TALLOC_CTX *mem_ctx,
138	int argc,
139	const char **argv)
140	{
141	POLICY_HND pol;
142	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
143	union lsa_PolicyInformation *info = NULL;
144	uint32_t audit_policy, audit_category;
145
146	if (argc < 2 \|\| argc > 3) {
147	d_printf("insufficient arguments\n");
148	net_help_audit(c, argc, argv);
149	return NT_STATUS_INVALID_PARAMETER;
150	}
151
152	if (!get_audit_category_from_param(argv[0], &audit_category)) {
153	d_printf("invalid auditing category: %s\n", argv[0]);
154	return NT_STATUS_INVALID_PARAMETER;
155	}
156
157	audit_policy = LSA_AUDIT_POLICY_CLEAR;
158
159	if (strequal(argv[1], "Success")) {
160	audit_policy \|= LSA_AUDIT_POLICY_SUCCESS;
161	} else if (strequal(argv[1], "Failure")) {
162	audit_policy \|= LSA_AUDIT_POLICY_FAILURE;
163	} else if (strequal(argv[1], "All")) {
164	audit_policy \|= LSA_AUDIT_POLICY_ALL;
165	} else if (strequal(argv[1], "None")) {
166	audit_policy = LSA_AUDIT_POLICY_CLEAR;
167	} else {
168	d_printf("invalid auditing policy: %s\n", argv[1]);
169	return NT_STATUS_INVALID_PARAMETER;
170	}
171
172	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
173	SEC_RIGHTS_MAXIMUM_ALLOWED,
174	&pol);
175
176	if (!NT_STATUS_IS_OK(result)) {
177	goto done;
178	}
179
180	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
181	&pol,
182	LSA_POLICY_INFO_AUDIT_EVENTS,
183	&info);
184
185	if (!NT_STATUS_IS_OK(result)) {
186	goto done;
187	}
188
189	info->audit_events.settings[audit_category] = audit_policy;
190
191	result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
192	&pol,
193	LSA_POLICY_INFO_AUDIT_EVENTS,
194	info);
195
196	if (!NT_STATUS_IS_OK(result)) {
197	goto done;
198	}
199
200	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
201	&pol,
202	LSA_POLICY_INFO_AUDIT_EVENTS,
203	&info);
204	{
205	const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
206	const char *policy = audit_description_str(audit_category);
207	print_auditing_category(policy, val);
208	}
209
210	done:
211	if (!NT_STATUS_IS_OK(result)) {
212	d_printf("failed to set audit policy: %s\n", nt_errstr(result));
213	}
214
215	return result;
216	}
217
218	/********************************************************************
219	********************************************************************/
220
221	static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
222	TALLOC_CTX *mem_ctx,
223	int argc,
224	const char **argv,
225	bool enable)
226	{
227	POLICY_HND pol;
228	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
229	union lsa_PolicyInformation *info = NULL;
230
231	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
232	SEC_RIGHTS_MAXIMUM_ALLOWED,
233	&pol);
234
235	if (!NT_STATUS_IS_OK(result)) {
236	goto done;
237	}
238
239	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
240	&pol,
241	LSA_POLICY_INFO_AUDIT_EVENTS,
242	&info);
243	if (!NT_STATUS_IS_OK(result)) {
244	goto done;
245	}
246
247	info->audit_events.auditing_mode = enable;
248
249	result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
250	&pol,
251	LSA_POLICY_INFO_AUDIT_EVENTS,
252	info);
253
254	if (!NT_STATUS_IS_OK(result)) {
255	goto done;
256	}
257
258	done:
259	if (!NT_STATUS_IS_OK(result)) {
260	d_printf("failed to %s audit policy: %s\n",
261	enable ? "enable":"disable", nt_errstr(result));
262	}
263
264	return result;
265	}
266
267	/********************************************************************
268	********************************************************************/
269
270	static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
271	const DOM_SID *domain_sid,
272	const char *domain_name,
273	struct cli_state *cli,
274	struct rpc_pipe_client *pipe_hnd,
275	TALLOC_CTX *mem_ctx,
276	int argc,
277	const char **argv)
278	{
279	return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
280	false);
281	}
282
283	/********************************************************************
284	********************************************************************/
285
286	static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
287	const DOM_SID *domain_sid,
288	const char *domain_name,
289	struct cli_state *cli,
290	struct rpc_pipe_client *pipe_hnd,
291	TALLOC_CTX *mem_ctx,
292	int argc,
293	const char **argv)
294	{
295	return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
296	true);
297	}
298
299	/********************************************************************
300	********************************************************************/
301
302	static NTSTATUS rpc_audit_list_internal(struct net_context *c,
303	const DOM_SID *domain_sid,
304	const char *domain_name,
305	struct cli_state *cli,
306	struct rpc_pipe_client *pipe_hnd,
307	TALLOC_CTX *mem_ctx,
308	int argc,
309	const char **argv)
310	{
311	POLICY_HND pol;
312	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
313	union lsa_PolicyInformation *info = NULL;
314	int i;
315
316	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
317	SEC_RIGHTS_MAXIMUM_ALLOWED,
318	&pol);
319
320	if (!NT_STATUS_IS_OK(result)) {
321	goto done;
322	}
323
324	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
325	&pol,
326	LSA_POLICY_INFO_AUDIT_EVENTS,
327	&info);
328	if (!NT_STATUS_IS_OK(result)) {
329	goto done;
330	}
331
332	printf("Auditing:\t\t");
333	switch (info->audit_events.auditing_mode) {
334	case true:
335	printf("Enabled");
336	break;
337	case false:
338	printf("Disabled");
339	break;
340	default:
341	printf("unknown (%d)", info->audit_events.auditing_mode);
342	break;
343	}
344	printf("\n");
345
346	printf("Auditing categories:\t%d\n", info->audit_events.count);
347	printf("Auditing settings:\n");
348
349	for (i=0; i < info->audit_events.count; i++) {
350	const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
351	const char *policy = audit_description_str(i);
352	print_auditing_category(policy, val);
353	}
354
355	done:
356	if (!NT_STATUS_IS_OK(result)) {
357	d_printf("failed to list auditing policies: %s\n",
358	nt_errstr(result));
359	}
360
361	return result;
362	}
363
364	/********************************************************************
365	********************************************************************/
366
367	static int rpc_audit_get(struct net_context c, int argc, const char *argv)
368	{
369	if (c->display_usage) {
370	d_printf("Usage:\n"
371	"net rpc audit get\n"
372	" View configured audit setting\n");
373	return 0;
374	}
375
376	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
377	rpc_audit_get_internal, argc, argv);
378	}
379
380	/********************************************************************
381	********************************************************************/
382
383	static int rpc_audit_set(struct net_context c, int argc, const char *argv)
384	{
385	if (c->display_usage) {
386	d_printf("Usage:\n"
387	"net rpc audit set\n"
388	" Set audit policies\n");
389	return 0;
390	}
391
392	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
393	rpc_audit_set_internal, argc, argv);
394	}
395
396	/********************************************************************
397	********************************************************************/
398
399	static int rpc_audit_enable(struct net_context c, int argc, const char *argv)
400	{
401	if (c->display_usage) {
402	d_printf("Usage:\n"
403	"net rpc audit enable\n"
404	" Enable auditing\n");
405	return 0;
406	}
407
408	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
409	rpc_audit_enable_internal, argc, argv);
410	}
411
412	/********************************************************************
413	********************************************************************/
414
415	static int rpc_audit_disable(struct net_context c, int argc, const char *argv)
416	{
417	if (c->display_usage) {
418	d_printf("Usage:\n"
419	"net rpc audit disable\n"
420	" Disable auditing\n");
421	return 0;
422	}
423
424	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
425	rpc_audit_disable_internal, argc, argv);
426	}
427
428	/********************************************************************
429	********************************************************************/
430
431	static int rpc_audit_list(struct net_context c, int argc, const char *argv)
432	{
433	if (c->display_usage) {
434	d_printf("Usage:\n"
435	"net rpc audit list\n"
436	" List auditing settings\n");
437	return 0;
438	}
439
440	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
441	rpc_audit_list_internal, argc, argv);
442	}
443
444	/********************************************************************
445	********************************************************************/
446
447	int net_rpc_audit(struct net_context c, int argc, const char *argv)
448	{
449	struct functable func[] = {
450	{
451	"get",
452	rpc_audit_get,
453	NET_TRANSPORT_RPC,
454	"View configured auditing settings",
455	"net rpc audit get\n"
456	" View configured auditing settings"
457	},
458	{
459	"set",
460	rpc_audit_set,
461	NET_TRANSPORT_RPC,
462	"Set auditing policies",
463	"net rpc audit set\n"
464	" Set auditing policies"
465	},
466	{
467	"enable",
468	rpc_audit_enable,
469	NET_TRANSPORT_RPC,
470	"Enable auditing",
471	"net rpc audit enable\n"
472	" Enable auditing"
473	},
474	{
475	"disable",
476	rpc_audit_disable,
477	NET_TRANSPORT_RPC,
478	"Disable auditing",
479	"net rpc audit disable\n"
480	" Disable auditing"
481	},
482	{
483	"list",
484	rpc_audit_list,
485	NET_TRANSPORT_RPC,
486	"List configured auditing settings",
487	"net rpc audit list\n"
488	" List configured auditing settings"
489	},
490	{NULL, NULL, 0, NULL, NULL}
491	};
492
493	return net_run_function(c, argc, argv, "net rpc audit", func);
494	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: