Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

net_rpc_audit.c

Visit:

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago
Samba Server: updated trunk to 3.6.0
File size: 14.6 KB

Line
1	/*
2	Samba Unix/Linux SMB client library
3	Distributed SMB/CIFS Server Management Utility
4	Copyright (C) 2006,2008 Guenther Deschner
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 3 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19	#include "includes.h"
20	#include "utils/net.h"
21	#include "rpc_client/rpc_client.h"
22	#include "../librpc/gen_ndr/ndr_lsa_c.h"
23	#include "rpc_client/cli_lsarpc.h"
24
25	/********************************************************************
26	********************************************************************/
27
28	static int net_help_audit(struct net_context c, int argc, const char *argv)
29	{
30	d_printf(_("net rpc audit list View configured Auditing policies\n"));
31	d_printf(_("net rpc audit enable Enable Auditing\n"));
32	d_printf(_("net rpc audit disable Disable Auditing\n"));
33	d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
34	d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
35	d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
36	d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
37
38	return -1;
39	}
40
41	/********************************************************************
42	********************************************************************/
43
44	static void print_auditing_category(const char policy, const char value)
45	{
46	if (policy == NULL) {
47	policy = N_("Unknown");
48	}
49	if (value == NULL) {
50	value = N_("Invalid");
51	}
52
53	d_printf(_("\t%-30s%s\n"), policy, value);
54	}
55
56	/********************************************************************
57	********************************************************************/
58
59	static NTSTATUS rpc_audit_get_internal(struct net_context *c,
60	const struct dom_sid *domain_sid,
61	const char *domain_name,
62	struct cli_state *cli,
63	struct rpc_pipe_client *pipe_hnd,
64	TALLOC_CTX *mem_ctx,
65	int argc,
66	const char **argv)
67	{
68	struct policy_handle pol;
69	NTSTATUS status, result;
70	union lsa_PolicyInformation *info = NULL;
71	int i;
72	uint32_t audit_category;
73	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
74
75	if (argc < 1 \|\| argc > 2) {
76	d_printf(_("insufficient arguments\n"));
77	net_help_audit(c, argc, argv);
78	return NT_STATUS_INVALID_PARAMETER;
79	}
80
81	if (!get_audit_category_from_param(argv[0], &audit_category)) {
82	d_printf(_("invalid auditing category: %s\n"), argv[0]);
83	return NT_STATUS_INVALID_PARAMETER;
84	}
85
86	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
87	SEC_FLAG_MAXIMUM_ALLOWED,
88	&pol);
89
90	if (!NT_STATUS_IS_OK(status)) {
91	goto done;
92	}
93
94	status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
95	&pol,
96	LSA_POLICY_INFO_AUDIT_EVENTS,
97	&info,
98	&result);
99	if (!NT_STATUS_IS_OK(status)) {
100	goto done;
101	}
102	if (!NT_STATUS_IS_OK(result)) {
103	status = result;
104	goto done;
105	}
106
107	for (i=0; i < info->audit_events.count; i++) {
108
109	const char val = NULL, policy = NULL;
110
111	if (i != audit_category) {
112	continue;
113	}
114
115	val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
116	policy = audit_description_str(i);
117	print_auditing_category(policy, val);
118	}
119
120	done:
121	if (!NT_STATUS_IS_OK(status)) {
122	d_printf(_("failed to get auditing policy: %s\n"),
123	nt_errstr(status));
124	}
125
126	return status;
127	}
128
129	/********************************************************************
130	********************************************************************/
131
132	static NTSTATUS rpc_audit_set_internal(struct net_context *c,
133	const struct dom_sid *domain_sid,
134	const char *domain_name,
135	struct cli_state *cli,
136	struct rpc_pipe_client *pipe_hnd,
137	TALLOC_CTX *mem_ctx,
138	int argc,
139	const char **argv)
140	{
141	struct policy_handle pol;
142	NTSTATUS status, result;
143	union lsa_PolicyInformation *info = NULL;
144	uint32_t audit_policy, audit_category;
145	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
146
147	if (argc < 2 \|\| argc > 3) {
148	d_printf(_("insufficient arguments\n"));
149	net_help_audit(c, argc, argv);
150	return NT_STATUS_INVALID_PARAMETER;
151	}
152
153	if (!get_audit_category_from_param(argv[0], &audit_category)) {
154	d_printf(_("invalid auditing category: %s\n"), argv[0]);
155	return NT_STATUS_INVALID_PARAMETER;
156	}
157
158	audit_policy = LSA_AUDIT_POLICY_CLEAR;
159
160	if (strequal(argv[1], "Success")) {
161	audit_policy \|= LSA_AUDIT_POLICY_SUCCESS;
162	} else if (strequal(argv[1], "Failure")) {
163	audit_policy \|= LSA_AUDIT_POLICY_FAILURE;
164	} else if (strequal(argv[1], "All")) {
165	audit_policy \|= LSA_AUDIT_POLICY_ALL;
166	} else if (strequal(argv[1], "None")) {
167	audit_policy = LSA_AUDIT_POLICY_CLEAR;
168	} else {
169	d_printf(_("invalid auditing policy: %s\n"), argv[1]);
170	return NT_STATUS_INVALID_PARAMETER;
171	}
172
173	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
174	SEC_FLAG_MAXIMUM_ALLOWED,
175	&pol);
176
177	if (!NT_STATUS_IS_OK(status)) {
178	goto done;
179	}
180
181	status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
182	&pol,
183	LSA_POLICY_INFO_AUDIT_EVENTS,
184	&info,
185	&result);
186	if (!NT_STATUS_IS_OK(status)) {
187	goto done;
188	}
189	if (!NT_STATUS_IS_OK(result)) {
190	status = result;
191	goto done;
192	}
193
194	info->audit_events.settings[audit_category] = audit_policy;
195
196	status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
197	&pol,
198	LSA_POLICY_INFO_AUDIT_EVENTS,
199	info,
200	&result);
201	if (!NT_STATUS_IS_OK(status)) {
202	goto done;
203	}
204	if (!NT_STATUS_IS_OK(result)) {
205	status = result;
206	goto done;
207	}
208
209	status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
210	&pol,
211	LSA_POLICY_INFO_AUDIT_EVENTS,
212	&info,
213	&result);
214	if (!NT_STATUS_IS_OK(status)) {
215	goto done;
216	}
217
218	status = result;
219
220	{
221	const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
222	const char *policy = audit_description_str(audit_category);
223	print_auditing_category(policy, val);
224	}
225
226	done:
227	if (!NT_STATUS_IS_OK(status)) {
228	d_printf(_("failed to set audit policy: %s\n"),
229	nt_errstr(status));
230	}
231
232	return status;
233	}
234
235	/********************************************************************
236	********************************************************************/
237
238	static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
239	TALLOC_CTX *mem_ctx,
240	int argc,
241	const char **argv,
242	bool enable)
243	{
244	struct policy_handle pol;
245	NTSTATUS status, result;
246	union lsa_PolicyInformation *info = NULL;
247	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
248
249	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
250	SEC_FLAG_MAXIMUM_ALLOWED,
251	&pol);
252
253	if (!NT_STATUS_IS_OK(status)) {
254	goto done;
255	}
256
257	status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
258	&pol,
259	LSA_POLICY_INFO_AUDIT_EVENTS,
260	&info,
261	&result);
262	if (!NT_STATUS_IS_OK(status)) {
263	goto done;
264	}
265	if (!NT_STATUS_IS_OK(result)) {
266	status = result;
267	goto done;
268	}
269
270	info->audit_events.auditing_mode = enable;
271
272	status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
273	&pol,
274	LSA_POLICY_INFO_AUDIT_EVENTS,
275	info,
276	&result);
277	if (!NT_STATUS_IS_OK(status)) {
278	goto done;
279	}
280	if (!NT_STATUS_IS_OK(result)) {
281	status = result;
282	goto done;
283	}
284
285	done:
286	if (!NT_STATUS_IS_OK(status)) {
287	d_printf(_("%s: %s\n"),
288	enable ? _("failed to enable audit policy"):
289	_("failed to disable audit policy"),
290	nt_errstr(status));
291	}
292
293	return status;
294	}
295
296	/********************************************************************
297	********************************************************************/
298
299	static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
300	const struct dom_sid *domain_sid,
301	const char *domain_name,
302	struct cli_state *cli,
303	struct rpc_pipe_client *pipe_hnd,
304	TALLOC_CTX *mem_ctx,
305	int argc,
306	const char **argv)
307	{
308	return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
309	false);
310	}
311
312	/********************************************************************
313	********************************************************************/
314
315	static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
316	const struct dom_sid *domain_sid,
317	const char *domain_name,
318	struct cli_state *cli,
319	struct rpc_pipe_client *pipe_hnd,
320	TALLOC_CTX *mem_ctx,
321	int argc,
322	const char **argv)
323	{
324	return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
325	true);
326	}
327
328	/********************************************************************
329	********************************************************************/
330
331	static NTSTATUS rpc_audit_list_internal(struct net_context *c,
332	const struct dom_sid *domain_sid,
333	const char *domain_name,
334	struct cli_state *cli,
335	struct rpc_pipe_client *pipe_hnd,
336	TALLOC_CTX *mem_ctx,
337	int argc,
338	const char **argv)
339	{
340	struct policy_handle pol;
341	NTSTATUS status, result;
342	union lsa_PolicyInformation *info = NULL;
343	int i;
344	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
345
346	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
347	SEC_FLAG_MAXIMUM_ALLOWED,
348	&pol);
349
350	if (!NT_STATUS_IS_OK(status)) {
351	goto done;
352	}
353
354	status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
355	&pol,
356	LSA_POLICY_INFO_AUDIT_EVENTS,
357	&info,
358	&result);
359	if (!NT_STATUS_IS_OK(status)) {
360	goto done;
361	}
362	if (!NT_STATUS_IS_OK(result)) {
363	status = result;
364	goto done;
365	}
366
367	printf(_("Auditing:\t\t"));
368	switch (info->audit_events.auditing_mode) {
369	case true:
370	printf(_("Enabled"));
371	break;
372	case false:
373	printf(_("Disabled"));
374	break;
375	default:
376	printf(_("unknown (%d)"),
377	info->audit_events.auditing_mode);
378	break;
379	}
380	printf("\n");
381
382	printf(_("Auditing categories:\t%d\n"), info->audit_events.count);
383	printf(_("Auditing settings:\n"));
384
385	for (i=0; i < info->audit_events.count; i++) {
386	const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
387	const char *policy = audit_description_str(i);
388	print_auditing_category(policy, val);
389	}
390
391	done:
392	if (!NT_STATUS_IS_OK(status)) {
393	d_printf(_("failed to list auditing policies: %s\n"),
394	nt_errstr(status));
395	}
396
397	return status;
398	}
399
400	/********************************************************************
401	********************************************************************/
402
403	static int rpc_audit_get(struct net_context c, int argc, const char *argv)
404	{
405	if (c->display_usage) {
406	d_printf( "%s\n"
407	"net rpc audit get\n"
408	" %s\n",
409	_("Usage:"),
410	_("View configured audit setting"));
411	return 0;
412	}
413
414	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
415	rpc_audit_get_internal, argc, argv);
416	}
417
418	/********************************************************************
419	********************************************************************/
420
421	static int rpc_audit_set(struct net_context c, int argc, const char *argv)
422	{
423	if (c->display_usage) {
424	d_printf( "%s\n"
425	"net rpc audit set\n"
426	" %s\n",
427	_("Usage:"),
428	_("Set audit policies"));
429	return 0;
430	}
431
432	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
433	rpc_audit_set_internal, argc, argv);
434	}
435
436	/********************************************************************
437	********************************************************************/
438
439	static int rpc_audit_enable(struct net_context c, int argc, const char *argv)
440	{
441	if (c->display_usage) {
442	d_printf( "%s\n"
443	"net rpc audit enable\n"
444	" %s\n",
445	_("Usage:"),
446	_("Enable auditing"));
447	return 0;
448	}
449
450	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
451	rpc_audit_enable_internal, argc, argv);
452	}
453
454	/********************************************************************
455	********************************************************************/
456
457	static int rpc_audit_disable(struct net_context c, int argc, const char *argv)
458	{
459	if (c->display_usage) {
460	d_printf( "%s\n"
461	"net rpc audit disable\n"
462	" %s\n",
463	_("Usage:"),
464	_("Disable auditing"));
465	return 0;
466	}
467
468	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
469	rpc_audit_disable_internal, argc, argv);
470	}
471
472	/********************************************************************
473	********************************************************************/
474
475	static int rpc_audit_list(struct net_context c, int argc, const char *argv)
476	{
477	if (c->display_usage) {
478	d_printf( "%s\n"
479	"net rpc audit list\n"
480	" %s\n",
481	_("Usage:"),
482	_("List auditing settings"));
483	return 0;
484	}
485
486	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
487	rpc_audit_list_internal, argc, argv);
488	}
489
490	/********************************************************************
491	********************************************************************/
492
493	int net_rpc_audit(struct net_context c, int argc, const char *argv)
494	{
495	struct functable func[] = {
496	{
497	"get",
498	rpc_audit_get,
499	NET_TRANSPORT_RPC,
500	N_("View configured auditing settings"),
501	N_("net rpc audit get\n"
502	" View configured auditing settings")
503	},
504	{
505	"set",
506	rpc_audit_set,
507	NET_TRANSPORT_RPC,
508	N_("Set auditing policies"),
509	N_("net rpc audit set\n"
510	" Set auditing policies")
511	},
512	{
513	"enable",
514	rpc_audit_enable,
515	NET_TRANSPORT_RPC,
516	N_("Enable auditing"),
517	N_("net rpc audit enable\n"
518	" Enable auditing")
519	},
520	{
521	"disable",
522	rpc_audit_disable,
523	NET_TRANSPORT_RPC,
524	N_("Disable auditing"),
525	N_("net rpc audit disable\n"
526	" Disable auditing")
527	},
528	{
529	"list",
530	rpc_audit_list,
531	NET_TRANSPORT_RPC,
532	N_("List configured auditing settings"),
533	N_("net rpc audit list\n"
534	" List configured auditing settings")
535	},
536	{NULL, NULL, 0, NULL, NULL}
537	};
538
539	return net_run_function(c, argc, argv, "net rpc audit", func);
540	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/server/source3/utils/net_rpc_audit.c

Download in other formats: