Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.5.x/source3/utils/net_rpc_audit.c

Visit:

Last change on this file was 414, checked in by Herwig Bauernfeind, 15 years ago
Samba 3.5.0: Initial import
File size: 13.3 KB

Line
1	/*
2	Samba Unix/Linux SMB client library
3	Distributed SMB/CIFS Server Management Utility
4	Copyright (C) 2006,2008 Guenther Deschner
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 3 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19	#include "includes.h"
20	#include "utils/net.h"
21	#include "../librpc/gen_ndr/cli_lsa.h"
22
23	/********************************************************************
24	********************************************************************/
25
26	static int net_help_audit(struct net_context c, int argc, const char *argv)
27	{
28	d_printf(_("net rpc audit list View configured Auditing policies\n"));
29	d_printf(_("net rpc audit enable Enable Auditing\n"));
30	d_printf(_("net rpc audit disable Disable Auditing\n"));
31	d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
32	d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
33	d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
34	d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
35
36	return -1;
37	}
38
39	/********************************************************************
40	********************************************************************/
41
42	static void print_auditing_category(const char policy, const char value)
43	{
44	if (policy == NULL) {
45	policy = N_("Unknown");
46	}
47	if (value == NULL) {
48	value = N_("Invalid");
49	}
50
51	d_printf(_("\t%-30s%s\n"), policy, value);
52	}
53
54	/********************************************************************
55	********************************************************************/
56
57	static NTSTATUS rpc_audit_get_internal(struct net_context *c,
58	const DOM_SID *domain_sid,
59	const char *domain_name,
60	struct cli_state *cli,
61	struct rpc_pipe_client *pipe_hnd,
62	TALLOC_CTX *mem_ctx,
63	int argc,
64	const char **argv)
65	{
66	struct policy_handle pol;
67	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
68	union lsa_PolicyInformation *info = NULL;
69	int i;
70	uint32_t audit_category;
71
72	if (argc < 1 \|\| argc > 2) {
73	d_printf(_("insufficient arguments\n"));
74	net_help_audit(c, argc, argv);
75	return NT_STATUS_INVALID_PARAMETER;
76	}
77
78	if (!get_audit_category_from_param(argv[0], &audit_category)) {
79	d_printf(_("invalid auditing category: %s\n"), argv[0]);
80	return NT_STATUS_INVALID_PARAMETER;
81	}
82
83	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
84	SEC_FLAG_MAXIMUM_ALLOWED,
85	&pol);
86
87	if (!NT_STATUS_IS_OK(result)) {
88	goto done;
89	}
90
91	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
92	&pol,
93	LSA_POLICY_INFO_AUDIT_EVENTS,
94	&info);
95
96	if (!NT_STATUS_IS_OK(result)) {
97	goto done;
98	}
99
100	for (i=0; i < info->audit_events.count; i++) {
101
102	const char val = NULL, policy = NULL;
103
104	if (i != audit_category) {
105	continue;
106	}
107
108	val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
109	policy = audit_description_str(i);
110	print_auditing_category(policy, val);
111	}
112
113	done:
114	if (!NT_STATUS_IS_OK(result)) {
115	d_printf(_("failed to get auditing policy: %s\n"),
116	nt_errstr(result));
117	}
118
119	return result;
120	}
121
122	/********************************************************************
123	********************************************************************/
124
125	static NTSTATUS rpc_audit_set_internal(struct net_context *c,
126	const DOM_SID *domain_sid,
127	const char *domain_name,
128	struct cli_state *cli,
129	struct rpc_pipe_client *pipe_hnd,
130	TALLOC_CTX *mem_ctx,
131	int argc,
132	const char **argv)
133	{
134	struct policy_handle pol;
135	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
136	union lsa_PolicyInformation *info = NULL;
137	uint32_t audit_policy, audit_category;
138
139	if (argc < 2 \|\| argc > 3) {
140	d_printf(_("insufficient arguments\n"));
141	net_help_audit(c, argc, argv);
142	return NT_STATUS_INVALID_PARAMETER;
143	}
144
145	if (!get_audit_category_from_param(argv[0], &audit_category)) {
146	d_printf(_("invalid auditing category: %s\n"), argv[0]);
147	return NT_STATUS_INVALID_PARAMETER;
148	}
149
150	audit_policy = LSA_AUDIT_POLICY_CLEAR;
151
152	if (strequal(argv[1], "Success")) {
153	audit_policy \|= LSA_AUDIT_POLICY_SUCCESS;
154	} else if (strequal(argv[1], "Failure")) {
155	audit_policy \|= LSA_AUDIT_POLICY_FAILURE;
156	} else if (strequal(argv[1], "All")) {
157	audit_policy \|= LSA_AUDIT_POLICY_ALL;
158	} else if (strequal(argv[1], "None")) {
159	audit_policy = LSA_AUDIT_POLICY_CLEAR;
160	} else {
161	d_printf(_("invalid auditing policy: %s\n"), argv[1]);
162	return NT_STATUS_INVALID_PARAMETER;
163	}
164
165	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
166	SEC_FLAG_MAXIMUM_ALLOWED,
167	&pol);
168
169	if (!NT_STATUS_IS_OK(result)) {
170	goto done;
171	}
172
173	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
174	&pol,
175	LSA_POLICY_INFO_AUDIT_EVENTS,
176	&info);
177
178	if (!NT_STATUS_IS_OK(result)) {
179	goto done;
180	}
181
182	info->audit_events.settings[audit_category] = audit_policy;
183
184	result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
185	&pol,
186	LSA_POLICY_INFO_AUDIT_EVENTS,
187	info);
188
189	if (!NT_STATUS_IS_OK(result)) {
190	goto done;
191	}
192
193	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
194	&pol,
195	LSA_POLICY_INFO_AUDIT_EVENTS,
196	&info);
197	{
198	const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
199	const char *policy = audit_description_str(audit_category);
200	print_auditing_category(policy, val);
201	}
202
203	done:
204	if (!NT_STATUS_IS_OK(result)) {
205	d_printf(_("failed to set audit policy: %s\n"),
206	nt_errstr(result));
207	}
208
209	return result;
210	}
211
212	/********************************************************************
213	********************************************************************/
214
215	static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
216	TALLOC_CTX *mem_ctx,
217	int argc,
218	const char **argv,
219	bool enable)
220	{
221	struct policy_handle pol;
222	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
223	union lsa_PolicyInformation *info = NULL;
224
225	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
226	SEC_FLAG_MAXIMUM_ALLOWED,
227	&pol);
228
229	if (!NT_STATUS_IS_OK(result)) {
230	goto done;
231	}
232
233	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
234	&pol,
235	LSA_POLICY_INFO_AUDIT_EVENTS,
236	&info);
237	if (!NT_STATUS_IS_OK(result)) {
238	goto done;
239	}
240
241	info->audit_events.auditing_mode = enable;
242
243	result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
244	&pol,
245	LSA_POLICY_INFO_AUDIT_EVENTS,
246	info);
247
248	if (!NT_STATUS_IS_OK(result)) {
249	goto done;
250	}
251
252	done:
253	if (!NT_STATUS_IS_OK(result)) {
254	d_printf(_("%s: %s\n"),
255	enable ? _("failed to enable audit policy"):
256	_("failed to disable audit policy"),
257	nt_errstr(result));
258	}
259
260	return result;
261	}
262
263	/********************************************************************
264	********************************************************************/
265
266	static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
267	const DOM_SID *domain_sid,
268	const char *domain_name,
269	struct cli_state *cli,
270	struct rpc_pipe_client *pipe_hnd,
271	TALLOC_CTX *mem_ctx,
272	int argc,
273	const char **argv)
274	{
275	return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
276	false);
277	}
278
279	/********************************************************************
280	********************************************************************/
281
282	static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
283	const DOM_SID *domain_sid,
284	const char *domain_name,
285	struct cli_state *cli,
286	struct rpc_pipe_client *pipe_hnd,
287	TALLOC_CTX *mem_ctx,
288	int argc,
289	const char **argv)
290	{
291	return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
292	true);
293	}
294
295	/********************************************************************
296	********************************************************************/
297
298	static NTSTATUS rpc_audit_list_internal(struct net_context *c,
299	const DOM_SID *domain_sid,
300	const char *domain_name,
301	struct cli_state *cli,
302	struct rpc_pipe_client *pipe_hnd,
303	TALLOC_CTX *mem_ctx,
304	int argc,
305	const char **argv)
306	{
307	struct policy_handle pol;
308	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
309	union lsa_PolicyInformation *info = NULL;
310	int i;
311
312	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
313	SEC_FLAG_MAXIMUM_ALLOWED,
314	&pol);
315
316	if (!NT_STATUS_IS_OK(result)) {
317	goto done;
318	}
319
320	result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
321	&pol,
322	LSA_POLICY_INFO_AUDIT_EVENTS,
323	&info);
324	if (!NT_STATUS_IS_OK(result)) {
325	goto done;
326	}
327
328	printf(_("Auditing:\t\t"));
329	switch (info->audit_events.auditing_mode) {
330	case true:
331	printf(_("Enabled"));
332	break;
333	case false:
334	printf(_("Disabled"));
335	break;
336	default:
337	printf(_("unknown (%d)"),
338	info->audit_events.auditing_mode);
339	break;
340	}
341	printf("\n");
342
343	printf(_("Auditing categories:\t%d\n"), info->audit_events.count);
344	printf(_("Auditing settings:\n"));
345
346	for (i=0; i < info->audit_events.count; i++) {
347	const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
348	const char *policy = audit_description_str(i);
349	print_auditing_category(policy, val);
350	}
351
352	done:
353	if (!NT_STATUS_IS_OK(result)) {
354	d_printf(_("failed to list auditing policies: %s\n"),
355	nt_errstr(result));
356	}
357
358	return result;
359	}
360
361	/********************************************************************
362	********************************************************************/
363
364	static int rpc_audit_get(struct net_context c, int argc, const char *argv)
365	{
366	if (c->display_usage) {
367	d_printf( "%s\n"
368	"net rpc audit get\n"
369	" %s\n",
370	_("Usage:"),
371	_("View configured audit setting"));
372	return 0;
373	}
374
375	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
376	rpc_audit_get_internal, argc, argv);
377	}
378
379	/********************************************************************
380	********************************************************************/
381
382	static int rpc_audit_set(struct net_context c, int argc, const char *argv)
383	{
384	if (c->display_usage) {
385	d_printf( "%s\n"
386	"net rpc audit set\n"
387	" %s\n",
388	_("Usage:"),
389	_("Set audit policies"));
390	return 0;
391	}
392
393	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
394	rpc_audit_set_internal, argc, argv);
395	}
396
397	/********************************************************************
398	********************************************************************/
399
400	static int rpc_audit_enable(struct net_context c, int argc, const char *argv)
401	{
402	if (c->display_usage) {
403	d_printf( "%s\n"
404	"net rpc audit enable\n"
405	" %s\n",
406	_("Usage:"),
407	_("Enable auditing"));
408	return 0;
409	}
410
411	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
412	rpc_audit_enable_internal, argc, argv);
413	}
414
415	/********************************************************************
416	********************************************************************/
417
418	static int rpc_audit_disable(struct net_context c, int argc, const char *argv)
419	{
420	if (c->display_usage) {
421	d_printf( "%s\n"
422	"net rpc audit disable\n"
423	" %s\n",
424	_("Usage:"),
425	_("Disable auditing"));
426	return 0;
427	}
428
429	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
430	rpc_audit_disable_internal, argc, argv);
431	}
432
433	/********************************************************************
434	********************************************************************/
435
436	static int rpc_audit_list(struct net_context c, int argc, const char *argv)
437	{
438	if (c->display_usage) {
439	d_printf( "%s\n"
440	"net rpc audit list\n"
441	" %s\n",
442	_("Usage:"),
443	_("List auditing settings"));
444	return 0;
445	}
446
447	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
448	rpc_audit_list_internal, argc, argv);
449	}
450
451	/********************************************************************
452	********************************************************************/
453
454	int net_rpc_audit(struct net_context c, int argc, const char *argv)
455	{
456	struct functable func[] = {
457	{
458	"get",
459	rpc_audit_get,
460	NET_TRANSPORT_RPC,
461	N_("View configured auditing settings"),
462	N_("net rpc audit get\n"
463	" View configured auditing settings")
464	},
465	{
466	"set",
467	rpc_audit_set,
468	NET_TRANSPORT_RPC,
469	N_("Set auditing policies"),
470	N_("net rpc audit set\n"
471	" Set auditing policies")
472	},
473	{
474	"enable",
475	rpc_audit_enable,
476	NET_TRANSPORT_RPC,
477	N_("Enable auditing"),
478	N_("net rpc audit enable\n"
479	" Enable auditing")
480	},
481	{
482	"disable",
483	rpc_audit_disable,
484	NET_TRANSPORT_RPC,
485	N_("Disable auditing"),
486	N_("net rpc audit disable\n"
487	" Disable auditing")
488	},
489	{
490	"list",
491	rpc_audit_list,
492	NET_TRANSPORT_RPC,
493	N_("List configured auditing settings"),
494	N_("net rpc audit list\n"
495	" List configured auditing settings")
496	},
497	{NULL, NULL, 0, NULL, NULL}
498	};
499
500	return net_run_function(c, argc, argv, "net rpc audit", func);
501	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: