search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: Fix bug #9085.
[Samba.git] / source3 / utils / net_rpc_audit.c
blobceea9f69704381cc640511eaeafa15b1b4c758eb
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #include "includes.h"
20 #include "utils/net.h"
21 #include "../librpc/gen_ndr/cli_lsa.h"
22
23 /********************************************************************
24 ********************************************************************/
25
26 static int net_help_audit(struct net_context *c, int argc, const char **argv)
27 {
28 d_printf(_("net rpc audit list View configured Auditing policies\n"));
29 d_printf(_("net rpc audit enable Enable Auditing\n"));
30 d_printf(_("net rpc audit disable Disable Auditing\n"));
31 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
32 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
33 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
34 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
35
36 return -1;
37 }
38
39 /********************************************************************
40 ********************************************************************/
41
42 static void print_auditing_category(const char *policy, const char *value)
43 {
44 if (policy == NULL) {
45 policy = N_("Unknown");
46 }
47 if (value == NULL) {
48 value = N_("Invalid");
49 }
50
51 d_printf(_("\t%-30s%s\n"), policy, value);
52 }
53
54 /********************************************************************
55 ********************************************************************/
56
57 static NTSTATUS rpc_audit_get_internal(struct net_context *c,
58 const DOM_SID *domain_sid,
59 const char *domain_name,
60 struct cli_state *cli,
61 struct rpc_pipe_client *pipe_hnd,
62 TALLOC_CTX *mem_ctx,
63 int argc,
64 const char **argv)
65 {
66 struct policy_handle pol;
67 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
68 union lsa_PolicyInformation *info = NULL;
69 int i;
70 uint32_t audit_category;
71
72 if (argc < 1 || argc > 2) {
73 d_printf(_("insufficient arguments\n"));
74 net_help_audit(c, argc, argv);
75 return NT_STATUS_INVALID_PARAMETER;
76 }
77
78 if (!get_audit_category_from_param(argv[0], &audit_category)) {
79 d_printf(_("invalid auditing category: %s\n"), argv[0]);
80 return NT_STATUS_INVALID_PARAMETER;
81 }
82
83 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
84 SEC_FLAG_MAXIMUM_ALLOWED,
85 &pol);
86
87 if (!NT_STATUS_IS_OK(result)) {
88 goto done;
89 }
90
91 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
92 &pol,
93 LSA_POLICY_INFO_AUDIT_EVENTS,
94 &info);
95
96 if (!NT_STATUS_IS_OK(result)) {
97 goto done;
98 }
99
100 for (i=0; i < info->audit_events.count; i++) {
101
102 const char *val = NULL, *policy = NULL;
103
104 if (i != audit_category) {
105 continue;
106 }
107
108 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
109 policy = audit_description_str(i);
110 print_auditing_category(policy, val);
111 }
112
113 done:
114 if (!NT_STATUS_IS_OK(result)) {
115 d_printf(_("failed to get auditing policy: %s\n"),
116 nt_errstr(result));
117 }
118
119 return result;
120 }
121
122 /********************************************************************
123 ********************************************************************/
124
125 static NTSTATUS rpc_audit_set_internal(struct net_context *c,
126 const DOM_SID *domain_sid,
127 const char *domain_name,
128 struct cli_state *cli,
129 struct rpc_pipe_client *pipe_hnd,
130 TALLOC_CTX *mem_ctx,
131 int argc,
132 const char **argv)
133 {
134 struct policy_handle pol;
135 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
136 union lsa_PolicyInformation *info = NULL;
137 uint32_t audit_policy, audit_category;
138
139 if (argc < 2 || argc > 3) {
140 d_printf(_("insufficient arguments\n"));
141 net_help_audit(c, argc, argv);
142 return NT_STATUS_INVALID_PARAMETER;
143 }
144
145 if (!get_audit_category_from_param(argv[0], &audit_category)) {
146 d_printf(_("invalid auditing category: %s\n"), argv[0]);
147 return NT_STATUS_INVALID_PARAMETER;
148 }
149
150 audit_policy = LSA_AUDIT_POLICY_CLEAR;
151
152 if (strequal(argv[1], "Success")) {
153 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
154 } else if (strequal(argv[1], "Failure")) {
155 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
156 } else if (strequal(argv[1], "All")) {
157 audit_policy |= LSA_AUDIT_POLICY_ALL;
158 } else if (strequal(argv[1], "None")) {
159 audit_policy = LSA_AUDIT_POLICY_CLEAR;
160 } else {
161 d_printf(_("invalid auditing policy: %s\n"), argv[1]);
162 return NT_STATUS_INVALID_PARAMETER;
163 }
164
165 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
166 SEC_FLAG_MAXIMUM_ALLOWED,
167 &pol);
168
169 if (!NT_STATUS_IS_OK(result)) {
170 goto done;
171 }
172
173 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
174 &pol,
175 LSA_POLICY_INFO_AUDIT_EVENTS,
176 &info);
177
178 if (!NT_STATUS_IS_OK(result)) {
179 goto done;
180 }
181
182 info->audit_events.settings[audit_category] = audit_policy;
183
184 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
185 &pol,
186 LSA_POLICY_INFO_AUDIT_EVENTS,
187 info);
188
189 if (!NT_STATUS_IS_OK(result)) {
190 goto done;
191 }
192
193 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
194 &pol,
195 LSA_POLICY_INFO_AUDIT_EVENTS,
196 &info);
197 {
198 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
199 const char *policy = audit_description_str(audit_category);
200 print_auditing_category(policy, val);
201 }
202
203 done:
204 if (!NT_STATUS_IS_OK(result)) {
205 d_printf(_("failed to set audit policy: %s\n"),
206 nt_errstr(result));
207 }
208
209 return result;
210 }
211
212 /********************************************************************
213 ********************************************************************/
214
215 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
216 TALLOC_CTX *mem_ctx,
217 int argc,
218 const char **argv,
219 bool enable)
220 {
221 struct policy_handle pol;
222 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
223 union lsa_PolicyInformation *info = NULL;
224
225 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
226 SEC_FLAG_MAXIMUM_ALLOWED,
227 &pol);
228
229 if (!NT_STATUS_IS_OK(result)) {
230 goto done;
231 }
232
233 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
234 &pol,
235 LSA_POLICY_INFO_AUDIT_EVENTS,
236 &info);
237 if (!NT_STATUS_IS_OK(result)) {
238 goto done;
239 }
240
241 info->audit_events.auditing_mode = enable;
242
243 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
244 &pol,
245 LSA_POLICY_INFO_AUDIT_EVENTS,
246 info);
247
248 if (!NT_STATUS_IS_OK(result)) {
249 goto done;
250 }
251
252 done:
253 if (!NT_STATUS_IS_OK(result)) {
254 d_printf(_("%s: %s\n"),
255 enable ? _("failed to enable audit policy"):
256 _("failed to disable audit policy"),
257 nt_errstr(result));
258 }
259
260 return result;
261 }
262
263 /********************************************************************
264 ********************************************************************/
265
266 static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
267 const DOM_SID *domain_sid,
268 const char *domain_name,
269 struct cli_state *cli,
270 struct rpc_pipe_client *pipe_hnd,
271 TALLOC_CTX *mem_ctx,
272 int argc,
273 const char **argv)
274 {
275 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
276 false);
277 }
278
279 /********************************************************************
280 ********************************************************************/
281
282 static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
283 const DOM_SID *domain_sid,
284 const char *domain_name,
285 struct cli_state *cli,
286 struct rpc_pipe_client *pipe_hnd,
287 TALLOC_CTX *mem_ctx,
288 int argc,
289 const char **argv)
290 {
291 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
292 true);
293 }
294
295 /********************************************************************
296 ********************************************************************/
297
298 static NTSTATUS rpc_audit_list_internal(struct net_context *c,
299 const DOM_SID *domain_sid,
300 const char *domain_name,
301 struct cli_state *cli,
302 struct rpc_pipe_client *pipe_hnd,
303 TALLOC_CTX *mem_ctx,
304 int argc,
305 const char **argv)
306 {
307 struct policy_handle pol;
308 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
309 union lsa_PolicyInformation *info = NULL;
310 int i;
311
312 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
313 SEC_FLAG_MAXIMUM_ALLOWED,
314 &pol);
315
316 if (!NT_STATUS_IS_OK(result)) {
317 goto done;
318 }
319
320 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
321 &pol,
322 LSA_POLICY_INFO_AUDIT_EVENTS,
323 &info);
324 if (!NT_STATUS_IS_OK(result)) {
325 goto done;
326 }
327
328 printf(_("Auditing:\t\t"));
329 switch (info->audit_events.auditing_mode) {
330 case true:
331 printf(_("Enabled"));
332 break;
333 case false:
334 printf(_("Disabled"));
335 break;
336 default:
337 printf(_("unknown (%d)"),
338 info->audit_events.auditing_mode);
339 break;
340 }
341 printf("\n");
342
343 printf(_("Auditing categories:\t%d\n"), info->audit_events.count);
344 printf(_("Auditing settings:\n"));
345
346 for (i=0; i < info->audit_events.count; i++) {
347 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
348 const char *policy = audit_description_str(i);
349 print_auditing_category(policy, val);
350 }
351
352 done:
353 if (!NT_STATUS_IS_OK(result)) {
354 d_printf(_("failed to list auditing policies: %s\n"),
355 nt_errstr(result));
356 }
357
358 return result;
359 }
360
361 /********************************************************************
362 ********************************************************************/
363
364 static int rpc_audit_get(struct net_context *c, int argc, const char **argv)
365 {
366 if (c->display_usage) {
367 d_printf( "%s\n"
368 "net rpc audit get\n"
369 " %s\n",
370 _("Usage:"),
371 _("View configured audit setting"));
372 return 0;
373 }
374
375 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
376 rpc_audit_get_internal, argc, argv);
377 }
378
379 /********************************************************************
380 ********************************************************************/
381
382 static int rpc_audit_set(struct net_context *c, int argc, const char **argv)
383 {
384 if (c->display_usage) {
385 d_printf( "%s\n"
386 "net rpc audit set\n"
387 " %s\n",
388 _("Usage:"),
389 _("Set audit policies"));
390 return 0;
391 }
392
393 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
394 rpc_audit_set_internal, argc, argv);
395 }
396
397 /********************************************************************
398 ********************************************************************/
399
400 static int rpc_audit_enable(struct net_context *c, int argc, const char **argv)
401 {
402 if (c->display_usage) {
403 d_printf( "%s\n"
404 "net rpc audit enable\n"
405 " %s\n",
406 _("Usage:"),
407 _("Enable auditing"));
408 return 0;
409 }
410
411 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
412 rpc_audit_enable_internal, argc, argv);
413 }
414
415 /********************************************************************
416 ********************************************************************/
417
418 static int rpc_audit_disable(struct net_context *c, int argc, const char **argv)
419 {
420 if (c->display_usage) {
421 d_printf( "%s\n"
422 "net rpc audit disable\n"
423 " %s\n",
424 _("Usage:"),
425 _("Disable auditing"));
426 return 0;
427 }
428
429 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
430 rpc_audit_disable_internal, argc, argv);
431 }
432
433 /********************************************************************
434 ********************************************************************/
435
436 static int rpc_audit_list(struct net_context *c, int argc, const char **argv)
437 {
438 if (c->display_usage) {
439 d_printf( "%s\n"
440 "net rpc audit list\n"
441 " %s\n",
442 _("Usage:"),
443 _("List auditing settings"));
444 return 0;
445 }
446
447 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
448 rpc_audit_list_internal, argc, argv);
449 }
450
451 /********************************************************************
452 ********************************************************************/
453
454 int net_rpc_audit(struct net_context *c, int argc, const char **argv)
455 {
456 struct functable func[] = {
457 {
458 "get",
459 rpc_audit_get,
460 NET_TRANSPORT_RPC,
461 N_("View configured auditing settings"),
462 N_("net rpc audit get\n"
463 " View configured auditing settings")
464 },
465 {
466 "set",
467 rpc_audit_set,
468 NET_TRANSPORT_RPC,
469 N_("Set auditing policies"),
470 N_("net rpc audit set\n"
471 " Set auditing policies")
472 },
473 {
474 "enable",
475 rpc_audit_enable,
476 NET_TRANSPORT_RPC,
477 N_("Enable auditing"),
478 N_("net rpc audit enable\n"
479 " Enable auditing")
480 },
481 {
482 "disable",
483 rpc_audit_disable,
484 NET_TRANSPORT_RPC,
485 N_("Disable auditing"),
486 N_("net rpc audit disable\n"
487 " Disable auditing")
488 },
489 {
490 "list",
491 rpc_audit_list,
492 NET_TRANSPORT_RPC,
493 N_("List configured auditing settings"),
494 N_("net rpc audit list\n"
495 " List configured auditing settings")
496 },
497 {NULL, NULL, 0, NULL, NULL}
498 };
499
500 return net_run_function(c, argc, argv, "net rpc audit", func);
501 }
Samba GIT mirror