2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
20 #include "utils/net.h"
22 /********************************************************************
23 ********************************************************************/
25 static int net_help_audit(struct net_context
*c
, int argc
, const char **argv
)
27 d_printf(_("net rpc audit list View configured Auditing policies\n"));
28 d_printf(_("net rpc audit enable Enable Auditing\n"));
29 d_printf(_("net rpc audit disable Disable Auditing\n"));
30 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
31 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
32 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
33 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
38 /********************************************************************
39 ********************************************************************/
41 static void print_auditing_category(const char *policy
, const char *value
)
44 int pad_len
, col_len
= 30;
47 policy
= N_("Unknown");
50 value
= N_("Invalid");
53 /* calculate padding space for d_printf to look nicer */
54 pad_len
= col_len
- strlen(policy
);
56 do padding
[--pad_len
] = ' '; while (pad_len
> 0);
58 d_printf(_("\t%s%s%s\n"), policy
, padding
, value
);
61 /********************************************************************
62 ********************************************************************/
64 static NTSTATUS
rpc_audit_get_internal(struct net_context
*c
,
65 const DOM_SID
*domain_sid
,
66 const char *domain_name
,
67 struct cli_state
*cli
,
68 struct rpc_pipe_client
*pipe_hnd
,
73 struct policy_handle pol
;
74 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
75 union lsa_PolicyInformation
*info
= NULL
;
77 uint32_t audit_category
;
79 if (argc
< 1 || argc
> 2) {
80 d_printf(_("insufficient arguments\n"));
81 net_help_audit(c
, argc
, argv
);
82 return NT_STATUS_INVALID_PARAMETER
;
85 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
86 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
87 return NT_STATUS_INVALID_PARAMETER
;
90 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
91 SEC_FLAG_MAXIMUM_ALLOWED
,
94 if (!NT_STATUS_IS_OK(result
)) {
98 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
100 LSA_POLICY_INFO_AUDIT_EVENTS
,
103 if (!NT_STATUS_IS_OK(result
)) {
107 for (i
=0; i
< info
->audit_events
.count
; i
++) {
109 const char *val
= NULL
, *policy
= NULL
;
111 if (i
!= audit_category
) {
115 val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
116 policy
= audit_description_str(i
);
117 print_auditing_category(policy
, val
);
121 if (!NT_STATUS_IS_OK(result
)) {
122 d_printf(_("failed to get auditing policy: %s\n"),
129 /********************************************************************
130 ********************************************************************/
132 static NTSTATUS
rpc_audit_set_internal(struct net_context
*c
,
133 const DOM_SID
*domain_sid
,
134 const char *domain_name
,
135 struct cli_state
*cli
,
136 struct rpc_pipe_client
*pipe_hnd
,
141 struct policy_handle pol
;
142 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
143 union lsa_PolicyInformation
*info
= NULL
;
144 uint32_t audit_policy
, audit_category
;
146 if (argc
< 2 || argc
> 3) {
147 d_printf(_("insufficient arguments\n"));
148 net_help_audit(c
, argc
, argv
);
149 return NT_STATUS_INVALID_PARAMETER
;
152 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
153 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
154 return NT_STATUS_INVALID_PARAMETER
;
157 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
159 if (strequal(argv
[1], "Success")) {
160 audit_policy
|= LSA_AUDIT_POLICY_SUCCESS
;
161 } else if (strequal(argv
[1], "Failure")) {
162 audit_policy
|= LSA_AUDIT_POLICY_FAILURE
;
163 } else if (strequal(argv
[1], "All")) {
164 audit_policy
|= LSA_AUDIT_POLICY_ALL
;
165 } else if (strequal(argv
[1], "None")) {
166 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
168 d_printf(_("invalid auditing policy: %s\n"), argv
[1]);
169 return NT_STATUS_INVALID_PARAMETER
;
172 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
173 SEC_FLAG_MAXIMUM_ALLOWED
,
176 if (!NT_STATUS_IS_OK(result
)) {
180 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
182 LSA_POLICY_INFO_AUDIT_EVENTS
,
185 if (!NT_STATUS_IS_OK(result
)) {
189 info
->audit_events
.settings
[audit_category
] = audit_policy
;
191 result
= rpccli_lsa_SetInfoPolicy(pipe_hnd
, mem_ctx
,
193 LSA_POLICY_INFO_AUDIT_EVENTS
,
196 if (!NT_STATUS_IS_OK(result
)) {
200 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
202 LSA_POLICY_INFO_AUDIT_EVENTS
,
205 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[audit_category
]);
206 const char *policy
= audit_description_str(audit_category
);
207 print_auditing_category(policy
, val
);
211 if (!NT_STATUS_IS_OK(result
)) {
212 d_printf(_("failed to set audit policy: %s\n"),
219 /********************************************************************
220 ********************************************************************/
222 static NTSTATUS
rpc_audit_enable_internal_ext(struct rpc_pipe_client
*pipe_hnd
,
228 struct policy_handle pol
;
229 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
230 union lsa_PolicyInformation
*info
= NULL
;
232 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
233 SEC_FLAG_MAXIMUM_ALLOWED
,
236 if (!NT_STATUS_IS_OK(result
)) {
240 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
242 LSA_POLICY_INFO_AUDIT_EVENTS
,
244 if (!NT_STATUS_IS_OK(result
)) {
248 info
->audit_events
.auditing_mode
= enable
;
250 result
= rpccli_lsa_SetInfoPolicy(pipe_hnd
, mem_ctx
,
252 LSA_POLICY_INFO_AUDIT_EVENTS
,
255 if (!NT_STATUS_IS_OK(result
)) {
260 if (!NT_STATUS_IS_OK(result
)) {
261 d_printf(_("%s: %s\n"),
262 enable
? _("failed to enable audit policy"):
263 _("failed to disable audit policy"),
270 /********************************************************************
271 ********************************************************************/
273 static NTSTATUS
rpc_audit_disable_internal(struct net_context
*c
,
274 const DOM_SID
*domain_sid
,
275 const char *domain_name
,
276 struct cli_state
*cli
,
277 struct rpc_pipe_client
*pipe_hnd
,
282 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
286 /********************************************************************
287 ********************************************************************/
289 static NTSTATUS
rpc_audit_enable_internal(struct net_context
*c
,
290 const DOM_SID
*domain_sid
,
291 const char *domain_name
,
292 struct cli_state
*cli
,
293 struct rpc_pipe_client
*pipe_hnd
,
298 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
302 /********************************************************************
303 ********************************************************************/
305 static NTSTATUS
rpc_audit_list_internal(struct net_context
*c
,
306 const DOM_SID
*domain_sid
,
307 const char *domain_name
,
308 struct cli_state
*cli
,
309 struct rpc_pipe_client
*pipe_hnd
,
314 struct policy_handle pol
;
315 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
316 union lsa_PolicyInformation
*info
= NULL
;
319 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
320 SEC_FLAG_MAXIMUM_ALLOWED
,
323 if (!NT_STATUS_IS_OK(result
)) {
327 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
329 LSA_POLICY_INFO_AUDIT_EVENTS
,
331 if (!NT_STATUS_IS_OK(result
)) {
335 printf(_("Auditing:\t\t"));
336 switch (info
->audit_events
.auditing_mode
) {
338 printf(_("Enabled"));
341 printf(_("Disabled"));
344 printf(_("unknown (%d)"),
345 info
->audit_events
.auditing_mode
);
350 printf(_("Auditing categories:\t%d\n"), info
->audit_events
.count
);
351 printf(_("Auditing settings:\n"));
353 for (i
=0; i
< info
->audit_events
.count
; i
++) {
354 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
355 const char *policy
= audit_description_str(i
);
356 print_auditing_category(policy
, val
);
360 if (!NT_STATUS_IS_OK(result
)) {
361 d_printf(_("failed to list auditing policies: %s\n"),
368 /********************************************************************
369 ********************************************************************/
371 static int rpc_audit_get(struct net_context
*c
, int argc
, const char **argv
)
373 if (c
->display_usage
) {
374 d_printf(_("Usage:\n"
375 "net rpc audit get\n"
376 " View configured audit setting\n"));
380 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
381 rpc_audit_get_internal
, argc
, argv
);
384 /********************************************************************
385 ********************************************************************/
387 static int rpc_audit_set(struct net_context
*c
, int argc
, const char **argv
)
389 if (c
->display_usage
) {
390 d_printf(_("Usage:\n"
391 "net rpc audit set\n"
392 " Set audit policies\n"));
396 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
397 rpc_audit_set_internal
, argc
, argv
);
400 /********************************************************************
401 ********************************************************************/
403 static int rpc_audit_enable(struct net_context
*c
, int argc
, const char **argv
)
405 if (c
->display_usage
) {
406 d_printf(_("Usage:\n"
407 "net rpc audit enable\n"
408 " Enable auditing\n"));
412 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
413 rpc_audit_enable_internal
, argc
, argv
);
416 /********************************************************************
417 ********************************************************************/
419 static int rpc_audit_disable(struct net_context
*c
, int argc
, const char **argv
)
421 if (c
->display_usage
) {
422 d_printf(_("Usage:\n"
423 "net rpc audit disable\n"
424 " Disable auditing\n"));
428 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
429 rpc_audit_disable_internal
, argc
, argv
);
432 /********************************************************************
433 ********************************************************************/
435 static int rpc_audit_list(struct net_context
*c
, int argc
, const char **argv
)
437 if (c
->display_usage
) {
438 d_printf(_("Usage:\n"
439 "net rpc audit list\n"
440 " List auditing settings\n"));
444 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
445 rpc_audit_list_internal
, argc
, argv
);
448 /********************************************************************
449 ********************************************************************/
451 int net_rpc_audit(struct net_context
*c
, int argc
, const char **argv
)
453 struct functable func
[] = {
458 N_("View configured auditing settings"),
459 N_("net rpc audit get\n"
460 " View configured auditing settings")
466 N_("Set auditing policies"),
467 N_("net rpc audit set\n"
468 " Set auditing policies")
474 N_("Enable auditing"),
475 N_("net rpc audit enable\n"
482 N_("Disable auditing"),
483 N_("net rpc audit disable\n"
490 N_("List configured auditing settings"),
491 N_("net rpc audit list\n"
492 " List configured auditing settings")
494 {NULL
, NULL
, 0, NULL
, NULL
}
497 return net_run_function(c
, argc
, argv
, "net rpc audit", func
);