search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lib/util: usec_time_diff takes arguments the other way round than TvalDiff did
[Samba.git] / source3 / utils / net_rpc_audit.c
blob68b0d93c6c52469fa5411861382690fb1c51e7eb
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #include "includes.h"
20 #include "utils/net.h"
21 #include "../librpc/gen_ndr/cli_lsa.h"
22 #include "rpc_client/cli_lsarpc.h"
23
24 /********************************************************************
25 ********************************************************************/
26
27 static int net_help_audit(struct net_context *c, int argc, const char **argv)
28 {
29 d_printf(_("net rpc audit list View configured Auditing policies\n"));
30 d_printf(_("net rpc audit enable Enable Auditing\n"));
31 d_printf(_("net rpc audit disable Disable Auditing\n"));
32 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
33 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
34 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
35 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
36
37 return -1;
38 }
39
40 /********************************************************************
41 ********************************************************************/
42
43 static void print_auditing_category(const char *policy, const char *value)
44 {
45 if (policy == NULL) {
46 policy = N_("Unknown");
47 }
48 if (value == NULL) {
49 value = N_("Invalid");
50 }
51
52 d_printf(_("\t%-30s%s\n"), policy, value);
53 }
54
55 /********************************************************************
56 ********************************************************************/
57
58 static NTSTATUS rpc_audit_get_internal(struct net_context *c,
59 const struct dom_sid *domain_sid,
60 const char *domain_name,
61 struct cli_state *cli,
62 struct rpc_pipe_client *pipe_hnd,
63 TALLOC_CTX *mem_ctx,
64 int argc,
65 const char **argv)
66 {
67 struct policy_handle pol;
68 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
69 union lsa_PolicyInformation *info = NULL;
70 int i;
71 uint32_t audit_category;
72
73 if (argc < 1 || argc > 2) {
74 d_printf(_("insufficient arguments\n"));
75 net_help_audit(c, argc, argv);
76 return NT_STATUS_INVALID_PARAMETER;
77 }
78
79 if (!get_audit_category_from_param(argv[0], &audit_category)) {
80 d_printf(_("invalid auditing category: %s\n"), argv[0]);
81 return NT_STATUS_INVALID_PARAMETER;
82 }
83
84 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
85 SEC_FLAG_MAXIMUM_ALLOWED,
86 &pol);
87
88 if (!NT_STATUS_IS_OK(result)) {
89 goto done;
90 }
91
92 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
93 &pol,
94 LSA_POLICY_INFO_AUDIT_EVENTS,
95 &info);
96
97 if (!NT_STATUS_IS_OK(result)) {
98 goto done;
99 }
100
101 for (i=0; i < info->audit_events.count; i++) {
102
103 const char *val = NULL, *policy = NULL;
104
105 if (i != audit_category) {
106 continue;
107 }
108
109 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
110 policy = audit_description_str(i);
111 print_auditing_category(policy, val);
112 }
113
114 done:
115 if (!NT_STATUS_IS_OK(result)) {
116 d_printf(_("failed to get auditing policy: %s\n"),
117 nt_errstr(result));
118 }
119
120 return result;
121 }
122
123 /********************************************************************
124 ********************************************************************/
125
126 static NTSTATUS rpc_audit_set_internal(struct net_context *c,
127 const struct dom_sid *domain_sid,
128 const char *domain_name,
129 struct cli_state *cli,
130 struct rpc_pipe_client *pipe_hnd,
131 TALLOC_CTX *mem_ctx,
132 int argc,
133 const char **argv)
134 {
135 struct policy_handle pol;
136 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
137 union lsa_PolicyInformation *info = NULL;
138 uint32_t audit_policy, audit_category;
139
140 if (argc < 2 || argc > 3) {
141 d_printf(_("insufficient arguments\n"));
142 net_help_audit(c, argc, argv);
143 return NT_STATUS_INVALID_PARAMETER;
144 }
145
146 if (!get_audit_category_from_param(argv[0], &audit_category)) {
147 d_printf(_("invalid auditing category: %s\n"), argv[0]);
148 return NT_STATUS_INVALID_PARAMETER;
149 }
150
151 audit_policy = LSA_AUDIT_POLICY_CLEAR;
152
153 if (strequal(argv[1], "Success")) {
154 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
155 } else if (strequal(argv[1], "Failure")) {
156 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
157 } else if (strequal(argv[1], "All")) {
158 audit_policy |= LSA_AUDIT_POLICY_ALL;
159 } else if (strequal(argv[1], "None")) {
160 audit_policy = LSA_AUDIT_POLICY_CLEAR;
161 } else {
162 d_printf(_("invalid auditing policy: %s\n"), argv[1]);
163 return NT_STATUS_INVALID_PARAMETER;
164 }
165
166 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
167 SEC_FLAG_MAXIMUM_ALLOWED,
168 &pol);
169
170 if (!NT_STATUS_IS_OK(result)) {
171 goto done;
172 }
173
174 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
175 &pol,
176 LSA_POLICY_INFO_AUDIT_EVENTS,
177 &info);
178
179 if (!NT_STATUS_IS_OK(result)) {
180 goto done;
181 }
182
183 info->audit_events.settings[audit_category] = audit_policy;
184
185 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
186 &pol,
187 LSA_POLICY_INFO_AUDIT_EVENTS,
188 info);
189
190 if (!NT_STATUS_IS_OK(result)) {
191 goto done;
192 }
193
194 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
195 &pol,
196 LSA_POLICY_INFO_AUDIT_EVENTS,
197 &info);
198 {
199 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
200 const char *policy = audit_description_str(audit_category);
201 print_auditing_category(policy, val);
202 }
203
204 done:
205 if (!NT_STATUS_IS_OK(result)) {
206 d_printf(_("failed to set audit policy: %s\n"),
207 nt_errstr(result));
208 }
209
210 return result;
211 }
212
213 /********************************************************************
214 ********************************************************************/
215
216 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
217 TALLOC_CTX *mem_ctx,
218 int argc,
219 const char **argv,
220 bool enable)
221 {
222 struct policy_handle pol;
223 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
224 union lsa_PolicyInformation *info = NULL;
225
226 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
227 SEC_FLAG_MAXIMUM_ALLOWED,
228 &pol);
229
230 if (!NT_STATUS_IS_OK(result)) {
231 goto done;
232 }
233
234 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
235 &pol,
236 LSA_POLICY_INFO_AUDIT_EVENTS,
237 &info);
238 if (!NT_STATUS_IS_OK(result)) {
239 goto done;
240 }
241
242 info->audit_events.auditing_mode = enable;
243
244 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
245 &pol,
246 LSA_POLICY_INFO_AUDIT_EVENTS,
247 info);
248
249 if (!NT_STATUS_IS_OK(result)) {
250 goto done;
251 }
252
253 done:
254 if (!NT_STATUS_IS_OK(result)) {
255 d_printf(_("%s: %s\n"),
256 enable ? _("failed to enable audit policy"):
257 _("failed to disable audit policy"),
258 nt_errstr(result));
259 }
260
261 return result;
262 }
263
264 /********************************************************************
265 ********************************************************************/
266
267 static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
268 const struct dom_sid *domain_sid,
269 const char *domain_name,
270 struct cli_state *cli,
271 struct rpc_pipe_client *pipe_hnd,
272 TALLOC_CTX *mem_ctx,
273 int argc,
274 const char **argv)
275 {
276 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
277 false);
278 }
279
280 /********************************************************************
281 ********************************************************************/
282
283 static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
284 const struct dom_sid *domain_sid,
285 const char *domain_name,
286 struct cli_state *cli,
287 struct rpc_pipe_client *pipe_hnd,
288 TALLOC_CTX *mem_ctx,
289 int argc,
290 const char **argv)
291 {
292 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
293 true);
294 }
295
296 /********************************************************************
297 ********************************************************************/
298
299 static NTSTATUS rpc_audit_list_internal(struct net_context *c,
300 const struct dom_sid *domain_sid,
301 const char *domain_name,
302 struct cli_state *cli,
303 struct rpc_pipe_client *pipe_hnd,
304 TALLOC_CTX *mem_ctx,
305 int argc,
306 const char **argv)
307 {
308 struct policy_handle pol;
309 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
310 union lsa_PolicyInformation *info = NULL;
311 int i;
312
313 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
314 SEC_FLAG_MAXIMUM_ALLOWED,
315 &pol);
316
317 if (!NT_STATUS_IS_OK(result)) {
318 goto done;
319 }
320
321 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
322 &pol,
323 LSA_POLICY_INFO_AUDIT_EVENTS,
324 &info);
325 if (!NT_STATUS_IS_OK(result)) {
326 goto done;
327 }
328
329 printf(_("Auditing:\t\t"));
330 switch (info->audit_events.auditing_mode) {
331 case true:
332 printf(_("Enabled"));
333 break;
334 case false:
335 printf(_("Disabled"));
336 break;
337 default:
338 printf(_("unknown (%d)"),
339 info->audit_events.auditing_mode);
340 break;
341 }
342 printf("\n");
343
344 printf(_("Auditing categories:\t%d\n"), info->audit_events.count);
345 printf(_("Auditing settings:\n"));
346
347 for (i=0; i < info->audit_events.count; i++) {
348 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
349 const char *policy = audit_description_str(i);
350 print_auditing_category(policy, val);
351 }
352
353 done:
354 if (!NT_STATUS_IS_OK(result)) {
355 d_printf(_("failed to list auditing policies: %s\n"),
356 nt_errstr(result));
357 }
358
359 return result;
360 }
361
362 /********************************************************************
363 ********************************************************************/
364
365 static int rpc_audit_get(struct net_context *c, int argc, const char **argv)
366 {
367 if (c->display_usage) {
368 d_printf( "%s\n"
369 "net rpc audit get\n"
370 " %s\n",
371 _("Usage:"),
372 _("View configured audit setting"));
373 return 0;
374 }
375
376 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
377 rpc_audit_get_internal, argc, argv);
378 }
379
380 /********************************************************************
381 ********************************************************************/
382
383 static int rpc_audit_set(struct net_context *c, int argc, const char **argv)
384 {
385 if (c->display_usage) {
386 d_printf( "%s\n"
387 "net rpc audit set\n"
388 " %s\n",
389 _("Usage:"),
390 _("Set audit policies"));
391 return 0;
392 }
393
394 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
395 rpc_audit_set_internal, argc, argv);
396 }
397
398 /********************************************************************
399 ********************************************************************/
400
401 static int rpc_audit_enable(struct net_context *c, int argc, const char **argv)
402 {
403 if (c->display_usage) {
404 d_printf( "%s\n"
405 "net rpc audit enable\n"
406 " %s\n",
407 _("Usage:"),
408 _("Enable auditing"));
409 return 0;
410 }
411
412 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
413 rpc_audit_enable_internal, argc, argv);
414 }
415
416 /********************************************************************
417 ********************************************************************/
418
419 static int rpc_audit_disable(struct net_context *c, int argc, const char **argv)
420 {
421 if (c->display_usage) {
422 d_printf( "%s\n"
423 "net rpc audit disable\n"
424 " %s\n",
425 _("Usage:"),
426 _("Disable auditing"));
427 return 0;
428 }
429
430 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
431 rpc_audit_disable_internal, argc, argv);
432 }
433
434 /********************************************************************
435 ********************************************************************/
436
437 static int rpc_audit_list(struct net_context *c, int argc, const char **argv)
438 {
439 if (c->display_usage) {
440 d_printf( "%s\n"
441 "net rpc audit list\n"
442 " %s\n",
443 _("Usage:"),
444 _("List auditing settings"));
445 return 0;
446 }
447
448 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
449 rpc_audit_list_internal, argc, argv);
450 }
451
452 /********************************************************************
453 ********************************************************************/
454
455 int net_rpc_audit(struct net_context *c, int argc, const char **argv)
456 {
457 struct functable func[] = {
458 {
459 "get",
460 rpc_audit_get,
461 NET_TRANSPORT_RPC,
462 N_("View configured auditing settings"),
463 N_("net rpc audit get\n"
464 " View configured auditing settings")
465 },
466 {
467 "set",
468 rpc_audit_set,
469 NET_TRANSPORT_RPC,
470 N_("Set auditing policies"),
471 N_("net rpc audit set\n"
472 " Set auditing policies")
473 },
474 {
475 "enable",
476 rpc_audit_enable,
477 NET_TRANSPORT_RPC,
478 N_("Enable auditing"),
479 N_("net rpc audit enable\n"
480 " Enable auditing")
481 },
482 {
483 "disable",
484 rpc_audit_disable,
485 NET_TRANSPORT_RPC,
486 N_("Disable auditing"),
487 N_("net rpc audit disable\n"
488 " Disable auditing")
489 },
490 {
491 "list",
492 rpc_audit_list,
493 NET_TRANSPORT_RPC,
494 N_("List configured auditing settings"),
495 N_("net rpc audit list\n"
496 " List configured auditing settings")
497 },
498 {NULL, NULL, 0, NULL, NULL}
499 };
500
501 return net_run_function(c, argc, argv, "net rpc audit", func);
502 }
Samba GIT mirror