source3/lib/audit.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Auditing helper functions.
   4    Copyright (C) Guenther Deschner 2006
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "includes.h"
  21 #include "../librpc/gen_ndr/lsa.h"
  22
  23 static const struct audit_category_tab {
  24         uint32 category;
  25         const char *category_str;
  26         const char *param_str;
  27         const char *description;
  28 } audit_category_tab [] = {
  29         { LSA_AUDIT_CATEGORY_LOGON,
  30          "LSA_AUDIT_CATEGORY_LOGON",
  31          "LOGON", "Logon events" },
  32         { LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
  33          "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS",
  34          "PRIVILEGE", "Privilege Use" },
  35         { LSA_AUDIT_CATEGORY_SYSTEM,
  36          "LSA_AUDIT_CATEGORY_SYSTEM",
  37          "SYSTEM", "System Events" },
  38         { LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
  39          "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES",
  40          "POLICY", "Policy Change" },
  41         { LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
  42          "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING",
  43          "PROCESS", "Process Tracking" },
  44         { LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
  45          "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS",
  46          "OBJECT", "Object Access" },
  47         { LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
  48          "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT",
  49          "SAM", "Account Management" },
  50         { LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS,
  51          "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS",
  52          "DIRECTORY", "Directory service access" },
  53         { LSA_AUDIT_CATEGORY_ACCOUNT_LOGON,
  54          "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON",
  55          "ACCOUNT", "Account logon events" },
  56         { 0, NULL, NULL }
  57 };
  58
  59 const char *audit_category_str(uint32 category)
  60 {
  61         int i;
  62         for (i=0; audit_category_tab[i].category_str; i++) {
  63                 if (category == audit_category_tab[i].category) {
  64                         return audit_category_tab[i].category_str;
  65                 }
  66         }
  67         return NULL;
  68 }
  69
  70 const char *audit_param_str(uint32 category)
  71 {
  72         int i;
  73         for (i=0; audit_category_tab[i].param_str; i++) {
  74                 if (category == audit_category_tab[i].category) {
  75                         return audit_category_tab[i].param_str;
  76                 }
  77         }
  78         return NULL;
  79 }
  80
  81 const char *audit_description_str(uint32 category)
  82 {
  83         int i;
  84         for (i=0; audit_category_tab[i].description; i++) {
  85                 if (category == audit_category_tab[i].category) {
  86                         return audit_category_tab[i].description;
  87                 }
  88         }
  89         return NULL;
  90 }
  91
  92 bool get_audit_category_from_param(const char *param, uint32 *audit_category)
  93 {
  94         *audit_category = Undefined;
  95
  96         if (strequal(param, "SYSTEM")) {
  97                 *audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
  98         } else if (strequal(param, "LOGON")) {
  99                 *audit_category = LSA_AUDIT_CATEGORY_LOGON;
 100         } else if (strequal(param, "OBJECT")) {
 101                 *audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
 102         } else if (strequal(param, "PRIVILEGE")) {
 103                 *audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
 104         } else if (strequal(param, "PROCESS")) {
 105                 *audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
 106         } else if (strequal(param, "POLICY")) {
 107                 *audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
 108         } else if (strequal(param, "SAM")) {
 109                 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
 110         } else if (strequal(param, "DIRECTORY")) {
 111                 *audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
 112         } else if (strequal(param, "ACCOUNT")) {
 113                 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
 114         } else {
 115                 DEBUG(0,("unknown parameter: %s\n", param));
 116                 return False;
 117         }
 118
 119         return True;
 120 }
 121
 122 const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy)
 123 {
 124         const char *ret = NULL;
 125
 126         if (policy == LSA_AUDIT_POLICY_NONE) {
 127                 return talloc_strdup(mem_ctx, "None");
 128         }
 129
 130         if (policy & LSA_AUDIT_POLICY_SUCCESS) {
 131                 ret = talloc_strdup(mem_ctx, "Success");
 132                 if (ret == NULL) {
 133                         return NULL;
 134                 }
 135         }
 136
 137         if (policy & LSA_AUDIT_POLICY_FAILURE) {
 138                 if (ret) {
 139                         ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
 140                         if (ret == NULL) {
 141                                 return NULL;
 142                         }
 143                 } else {
 144                         return talloc_strdup(mem_ctx, "Failure");
 145                 }
 146         }
 147
 148         return ret;
 149 }