source: trunk/server/source3/lib/audit.c@ 972

Last change on this file since 972 was 745, checked in by Silvan Scherrer, 13 years ago

Samba Server: updated trunk to 3.6.0

File size: 4.4 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 Auditing helper functions.
4 Copyright (C) Guenther Deschner 2006
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18*/
19
20#include "includes.h"
21#include "../librpc/gen_ndr/lsa.h"
22
23static const struct audit_category_tab {
24 uint32 category;
25 const char *category_str;
26 const char *param_str;
27 const char *description;
28} audit_category_tab [] = {
29 { LSA_AUDIT_CATEGORY_LOGON,
30 "LSA_AUDIT_CATEGORY_LOGON",
31 "LOGON", "Logon events" },
32 { LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
33 "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS",
34 "PRIVILEGE", "Privilege Use" },
35 { LSA_AUDIT_CATEGORY_SYSTEM,
36 "LSA_AUDIT_CATEGORY_SYSTEM",
37 "SYSTEM", "System Events" },
38 { LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
39 "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES",
40 "POLICY", "Policy Change" },
41 { LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
42 "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING",
43 "PROCESS", "Process Tracking" },
44 { LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
45 "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS",
46 "OBJECT", "Object Access" },
47 { LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
48 "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT",
49 "SAM", "Account Management" },
50 { LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS,
51 "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS",
52 "DIRECTORY", "Directory service access" },
53 { LSA_AUDIT_CATEGORY_ACCOUNT_LOGON,
54 "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON",
55 "ACCOUNT", "Account logon events" },
56 { 0, NULL, NULL }
57};
58
59const char *audit_category_str(uint32 category)
60{
61 int i;
62 for (i=0; audit_category_tab[i].category_str; i++) {
63 if (category == audit_category_tab[i].category) {
64 return audit_category_tab[i].category_str;
65 }
66 }
67 return NULL;
68}
69
70const char *audit_param_str(uint32 category)
71{
72 int i;
73 for (i=0; audit_category_tab[i].param_str; i++) {
74 if (category == audit_category_tab[i].category) {
75 return audit_category_tab[i].param_str;
76 }
77 }
78 return NULL;
79}
80
81const char *audit_description_str(uint32 category)
82{
83 int i;
84 for (i=0; audit_category_tab[i].description; i++) {
85 if (category == audit_category_tab[i].category) {
86 return audit_category_tab[i].description;
87 }
88 }
89 return NULL;
90}
91
92bool get_audit_category_from_param(const char *param, uint32 *audit_category)
93{
94 *audit_category = Undefined;
95
96 if (strequal(param, "SYSTEM")) {
97 *audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
98 } else if (strequal(param, "LOGON")) {
99 *audit_category = LSA_AUDIT_CATEGORY_LOGON;
100 } else if (strequal(param, "OBJECT")) {
101 *audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
102 } else if (strequal(param, "PRIVILEGE")) {
103 *audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
104 } else if (strequal(param, "PROCESS")) {
105 *audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
106 } else if (strequal(param, "POLICY")) {
107 *audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
108 } else if (strequal(param, "SAM")) {
109 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
110 } else if (strequal(param, "DIRECTORY")) {
111 *audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
112 } else if (strequal(param, "ACCOUNT")) {
113 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
114 } else {
115 DEBUG(0,("unknown parameter: %s\n", param));
116 return False;
117 }
118
119 return True;
120}
121
122const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy)
123{
124 const char *ret = NULL;
125
126 if (policy == LSA_AUDIT_POLICY_NONE) {
127 return talloc_strdup(mem_ctx, "None");
128 }
129
130 if (policy & LSA_AUDIT_POLICY_SUCCESS) {
131 ret = talloc_strdup(mem_ctx, "Success");
132 if (ret == NULL) {
133 return NULL;
134 }
135 }
136
137 if (policy & LSA_AUDIT_POLICY_FAILURE) {
138 if (ret) {
139 ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
140 if (ret == NULL) {
141 return NULL;
142 }
143 } else {
144 return talloc_strdup(mem_ctx, "Failure");
145 }
146 }
147
148 return ret;
149}
Note: See TracBrowser for help on using the repository browser.