search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
WHATSNEW: Update release notes.
[Samba.git] / source3 / utils / net_rpc_audit.c
blob823fe06f1a21228d3b50762dc4351078505914d4
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #include "includes.h"
20 #include "utils/net.h"
21
22 /********************************************************************
23 ********************************************************************/
24
25 static int net_help_audit(struct net_context *c, int argc, const char **argv)
26 {
27 d_printf("net rpc audit list View configured Auditing policies\n");
28 d_printf("net rpc audit enable Enable Auditing\n");
29 d_printf("net rpc audit disable Disable Auditing\n");
30 d_printf("net rpc audit get <category> View configured Auditing policy setting\n");
31 d_printf("net rpc audit set <category> <policy> Set Auditing policies\n\n");
32 d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
33 d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
34
35 return -1;
36 }
37
38 /********************************************************************
39 ********************************************************************/
40
41 static void print_auditing_category(const char *policy, const char *value)
42 {
43 fstring padding;
44 int pad_len, col_len = 30;
45
46 if (policy == NULL) {
47 policy = "Unknown";
48 }
49 if (value == NULL) {
50 value = "Invalid";
51 }
52
53 /* calculate padding space for d_printf to look nicer */
54 pad_len = col_len - strlen(policy);
55 padding[pad_len] = 0;
56 do padding[--pad_len] = ' '; while (pad_len > 0);
57
58 d_printf("\t%s%s%s\n", policy, padding, value);
59 }
60
61 /********************************************************************
62 ********************************************************************/
63
64 static NTSTATUS rpc_audit_get_internal(struct net_context *c,
65 const DOM_SID *domain_sid,
66 const char *domain_name,
67 struct cli_state *cli,
68 struct rpc_pipe_client *pipe_hnd,
69 TALLOC_CTX *mem_ctx,
70 int argc,
71 const char **argv)
72 {
73 struct policy_handle pol;
74 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
75 union lsa_PolicyInformation *info = NULL;
76 int i;
77 uint32_t audit_category;
78
79 if (argc < 1 || argc > 2) {
80 d_printf("insufficient arguments\n");
81 net_help_audit(c, argc, argv);
82 return NT_STATUS_INVALID_PARAMETER;
83 }
84
85 if (!get_audit_category_from_param(argv[0], &audit_category)) {
86 d_printf("invalid auditing category: %s\n", argv[0]);
87 return NT_STATUS_INVALID_PARAMETER;
88 }
89
90 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
91 SEC_FLAG_MAXIMUM_ALLOWED,
92 &pol);
93
94 if (!NT_STATUS_IS_OK(result)) {
95 goto done;
96 }
97
98 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
99 &pol,
100 LSA_POLICY_INFO_AUDIT_EVENTS,
101 &info);
102
103 if (!NT_STATUS_IS_OK(result)) {
104 goto done;
105 }
106
107 for (i=0; i < info->audit_events.count; i++) {
108
109 const char *val = NULL, *policy = NULL;
110
111 if (i != audit_category) {
112 continue;
113 }
114
115 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
116 policy = audit_description_str(i);
117 print_auditing_category(policy, val);
118 }
119
120 done:
121 if (!NT_STATUS_IS_OK(result)) {
122 d_printf("failed to get auditing policy: %s\n",
123 nt_errstr(result));
124 }
125
126 return result;
127 }
128
129 /********************************************************************
130 ********************************************************************/
131
132 static NTSTATUS rpc_audit_set_internal(struct net_context *c,
133 const DOM_SID *domain_sid,
134 const char *domain_name,
135 struct cli_state *cli,
136 struct rpc_pipe_client *pipe_hnd,
137 TALLOC_CTX *mem_ctx,
138 int argc,
139 const char **argv)
140 {
141 struct policy_handle pol;
142 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
143 union lsa_PolicyInformation *info = NULL;
144 uint32_t audit_policy, audit_category;
145
146 if (argc < 2 || argc > 3) {
147 d_printf("insufficient arguments\n");
148 net_help_audit(c, argc, argv);
149 return NT_STATUS_INVALID_PARAMETER;
150 }
151
152 if (!get_audit_category_from_param(argv[0], &audit_category)) {
153 d_printf("invalid auditing category: %s\n", argv[0]);
154 return NT_STATUS_INVALID_PARAMETER;
155 }
156
157 audit_policy = LSA_AUDIT_POLICY_CLEAR;
158
159 if (strequal(argv[1], "Success")) {
160 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
161 } else if (strequal(argv[1], "Failure")) {
162 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
163 } else if (strequal(argv[1], "All")) {
164 audit_policy |= LSA_AUDIT_POLICY_ALL;
165 } else if (strequal(argv[1], "None")) {
166 audit_policy = LSA_AUDIT_POLICY_CLEAR;
167 } else {
168 d_printf("invalid auditing policy: %s\n", argv[1]);
169 return NT_STATUS_INVALID_PARAMETER;
170 }
171
172 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
173 SEC_FLAG_MAXIMUM_ALLOWED,
174 &pol);
175
176 if (!NT_STATUS_IS_OK(result)) {
177 goto done;
178 }
179
180 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
181 &pol,
182 LSA_POLICY_INFO_AUDIT_EVENTS,
183 &info);
184
185 if (!NT_STATUS_IS_OK(result)) {
186 goto done;
187 }
188
189 info->audit_events.settings[audit_category] = audit_policy;
190
191 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
192 &pol,
193 LSA_POLICY_INFO_AUDIT_EVENTS,
194 info);
195
196 if (!NT_STATUS_IS_OK(result)) {
197 goto done;
198 }
199
200 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
201 &pol,
202 LSA_POLICY_INFO_AUDIT_EVENTS,
203 &info);
204 {
205 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
206 const char *policy = audit_description_str(audit_category);
207 print_auditing_category(policy, val);
208 }
209
210 done:
211 if (!NT_STATUS_IS_OK(result)) {
212 d_printf("failed to set audit policy: %s\n", nt_errstr(result));
213 }
214
215 return result;
216 }
217
218 /********************************************************************
219 ********************************************************************/
220
221 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
222 TALLOC_CTX *mem_ctx,
223 int argc,
224 const char **argv,
225 bool enable)
226 {
227 struct policy_handle pol;
228 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
229 union lsa_PolicyInformation *info = NULL;
230
231 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
232 SEC_FLAG_MAXIMUM_ALLOWED,
233 &pol);
234
235 if (!NT_STATUS_IS_OK(result)) {
236 goto done;
237 }
238
239 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
240 &pol,
241 LSA_POLICY_INFO_AUDIT_EVENTS,
242 &info);
243 if (!NT_STATUS_IS_OK(result)) {
244 goto done;
245 }
246
247 info->audit_events.auditing_mode = enable;
248
249 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
250 &pol,
251 LSA_POLICY_INFO_AUDIT_EVENTS,
252 info);
253
254 if (!NT_STATUS_IS_OK(result)) {
255 goto done;
256 }
257
258 done:
259 if (!NT_STATUS_IS_OK(result)) {
260 d_printf("failed to %s audit policy: %s\n",
261 enable ? "enable":"disable", nt_errstr(result));
262 }
263
264 return result;
265 }
266
267 /********************************************************************
268 ********************************************************************/
269
270 static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
271 const DOM_SID *domain_sid,
272 const char *domain_name,
273 struct cli_state *cli,
274 struct rpc_pipe_client *pipe_hnd,
275 TALLOC_CTX *mem_ctx,
276 int argc,
277 const char **argv)
278 {
279 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
280 false);
281 }
282
283 /********************************************************************
284 ********************************************************************/
285
286 static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
287 const DOM_SID *domain_sid,
288 const char *domain_name,
289 struct cli_state *cli,
290 struct rpc_pipe_client *pipe_hnd,
291 TALLOC_CTX *mem_ctx,
292 int argc,
293 const char **argv)
294 {
295 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
296 true);
297 }
298
299 /********************************************************************
300 ********************************************************************/
301
302 static NTSTATUS rpc_audit_list_internal(struct net_context *c,
303 const DOM_SID *domain_sid,
304 const char *domain_name,
305 struct cli_state *cli,
306 struct rpc_pipe_client *pipe_hnd,
307 TALLOC_CTX *mem_ctx,
308 int argc,
309 const char **argv)
310 {
311 struct policy_handle pol;
312 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
313 union lsa_PolicyInformation *info = NULL;
314 int i;
315
316 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
317 SEC_FLAG_MAXIMUM_ALLOWED,
318 &pol);
319
320 if (!NT_STATUS_IS_OK(result)) {
321 goto done;
322 }
323
324 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
325 &pol,
326 LSA_POLICY_INFO_AUDIT_EVENTS,
327 &info);
328 if (!NT_STATUS_IS_OK(result)) {
329 goto done;
330 }
331
332 printf("Auditing:\t\t");
333 switch (info->audit_events.auditing_mode) {
334 case true:
335 printf("Enabled");
336 break;
337 case false:
338 printf("Disabled");
339 break;
340 default:
341 printf("unknown (%d)", info->audit_events.auditing_mode);
342 break;
343 }
344 printf("\n");
345
346 printf("Auditing categories:\t%d\n", info->audit_events.count);
347 printf("Auditing settings:\n");
348
349 for (i=0; i < info->audit_events.count; i++) {
350 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
351 const char *policy = audit_description_str(i);
352 print_auditing_category(policy, val);
353 }
354
355 done:
356 if (!NT_STATUS_IS_OK(result)) {
357 d_printf("failed to list auditing policies: %s\n",
358 nt_errstr(result));
359 }
360
361 return result;
362 }
363
364 /********************************************************************
365 ********************************************************************/
366
367 static int rpc_audit_get(struct net_context *c, int argc, const char **argv)
368 {
369 if (c->display_usage) {
370 d_printf("Usage:\n"
371 "net rpc audit get\n"
372 " View configured audit setting\n");
373 return 0;
374 }
375
376 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
377 rpc_audit_get_internal, argc, argv);
378 }
379
380 /********************************************************************
381 ********************************************************************/
382
383 static int rpc_audit_set(struct net_context *c, int argc, const char **argv)
384 {
385 if (c->display_usage) {
386 d_printf("Usage:\n"
387 "net rpc audit set\n"
388 " Set audit policies\n");
389 return 0;
390 }
391
392 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
393 rpc_audit_set_internal, argc, argv);
394 }
395
396 /********************************************************************
397 ********************************************************************/
398
399 static int rpc_audit_enable(struct net_context *c, int argc, const char **argv)
400 {
401 if (c->display_usage) {
402 d_printf("Usage:\n"
403 "net rpc audit enable\n"
404 " Enable auditing\n");
405 return 0;
406 }
407
408 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
409 rpc_audit_enable_internal, argc, argv);
410 }
411
412 /********************************************************************
413 ********************************************************************/
414
415 static int rpc_audit_disable(struct net_context *c, int argc, const char **argv)
416 {
417 if (c->display_usage) {
418 d_printf("Usage:\n"
419 "net rpc audit disable\n"
420 " Disable auditing\n");
421 return 0;
422 }
423
424 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
425 rpc_audit_disable_internal, argc, argv);
426 }
427
428 /********************************************************************
429 ********************************************************************/
430
431 static int rpc_audit_list(struct net_context *c, int argc, const char **argv)
432 {
433 if (c->display_usage) {
434 d_printf("Usage:\n"
435 "net rpc audit list\n"
436 " List auditing settings\n");
437 return 0;
438 }
439
440 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
441 rpc_audit_list_internal, argc, argv);
442 }
443
444 /********************************************************************
445 ********************************************************************/
446
447 int net_rpc_audit(struct net_context *c, int argc, const char **argv)
448 {
449 struct functable func[] = {
450 {
451 "get",
452 rpc_audit_get,
453 NET_TRANSPORT_RPC,
454 "View configured auditing settings",
455 "net rpc audit get\n"
456 " View configured auditing settings"
457 },
458 {
459 "set",
460 rpc_audit_set,
461 NET_TRANSPORT_RPC,
462 "Set auditing policies",
463 "net rpc audit set\n"
464 " Set auditing policies"
465 },
466 {
467 "enable",
468 rpc_audit_enable,
469 NET_TRANSPORT_RPC,
470 "Enable auditing",
471 "net rpc audit enable\n"
472 " Enable auditing"
473 },
474 {
475 "disable",
476 rpc_audit_disable,
477 NET_TRANSPORT_RPC,
478 "Disable auditing",
479 "net rpc audit disable\n"
480 " Disable auditing"
481 },
482 {
483 "list",
484 rpc_audit_list,
485 NET_TRANSPORT_RPC,
486 "List configured auditing settings",
487 "net rpc audit list\n"
488 " List configured auditing settings"
489 },
490 {NULL, NULL, 0, NULL, NULL}
491 };
492
493 return net_run_function(c, argc, argv, "net rpc audit", func);
494 }
Samba GIT mirror