2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
20 #include "utils/net.h"
21 #include "../librpc/gen_ndr/ndr_lsa_c.h"
22 #include "rpc_client/cli_lsarpc.h"
24 /********************************************************************
25 ********************************************************************/
27 static int net_help_audit(struct net_context
*c
, int argc
, const char **argv
)
29 d_printf(_("net rpc audit list View configured Auditing policies\n"));
30 d_printf(_("net rpc audit enable Enable Auditing\n"));
31 d_printf(_("net rpc audit disable Disable Auditing\n"));
32 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
33 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
34 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
35 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
40 /********************************************************************
41 ********************************************************************/
43 static void print_auditing_category(const char *policy
, const char *value
)
46 policy
= N_("Unknown");
49 value
= N_("Invalid");
52 d_printf(_("\t%-30s%s\n"), policy
, value
);
55 /********************************************************************
56 ********************************************************************/
58 static NTSTATUS
rpc_audit_get_internal(struct net_context
*c
,
59 const struct dom_sid
*domain_sid
,
60 const char *domain_name
,
61 struct cli_state
*cli
,
62 struct rpc_pipe_client
*pipe_hnd
,
67 struct policy_handle pol
;
68 NTSTATUS status
, result
;
69 union lsa_PolicyInformation
*info
= NULL
;
71 uint32_t audit_category
;
72 struct dcerpc_binding_handle
*b
= pipe_hnd
->binding_handle
;
74 if (argc
< 1 || argc
> 2) {
75 d_printf(_("insufficient arguments\n"));
76 net_help_audit(c
, argc
, argv
);
77 return NT_STATUS_INVALID_PARAMETER
;
80 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
81 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
82 return NT_STATUS_INVALID_PARAMETER
;
85 status
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
86 SEC_FLAG_MAXIMUM_ALLOWED
,
89 if (!NT_STATUS_IS_OK(status
)) {
93 status
= dcerpc_lsa_QueryInfoPolicy(b
, mem_ctx
,
95 LSA_POLICY_INFO_AUDIT_EVENTS
,
98 if (!NT_STATUS_IS_OK(status
)) {
101 if (!NT_STATUS_IS_OK(result
)) {
106 for (i
=0; i
< info
->audit_events
.count
; i
++) {
108 const char *val
= NULL
, *policy
= NULL
;
110 if (i
!= audit_category
) {
114 val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
115 policy
= audit_description_str(i
);
116 print_auditing_category(policy
, val
);
120 if (!NT_STATUS_IS_OK(status
)) {
121 d_printf(_("failed to get auditing policy: %s\n"),
128 /********************************************************************
129 ********************************************************************/
131 static NTSTATUS
rpc_audit_set_internal(struct net_context
*c
,
132 const struct dom_sid
*domain_sid
,
133 const char *domain_name
,
134 struct cli_state
*cli
,
135 struct rpc_pipe_client
*pipe_hnd
,
140 struct policy_handle pol
;
141 NTSTATUS status
, result
;
142 union lsa_PolicyInformation
*info
= NULL
;
143 uint32_t audit_policy
, audit_category
;
144 struct dcerpc_binding_handle
*b
= pipe_hnd
->binding_handle
;
146 if (argc
< 2 || argc
> 3) {
147 d_printf(_("insufficient arguments\n"));
148 net_help_audit(c
, argc
, argv
);
149 return NT_STATUS_INVALID_PARAMETER
;
152 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
153 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
154 return NT_STATUS_INVALID_PARAMETER
;
157 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
159 if (strequal(argv
[1], "Success")) {
160 audit_policy
|= LSA_AUDIT_POLICY_SUCCESS
;
161 } else if (strequal(argv
[1], "Failure")) {
162 audit_policy
|= LSA_AUDIT_POLICY_FAILURE
;
163 } else if (strequal(argv
[1], "All")) {
164 audit_policy
|= LSA_AUDIT_POLICY_ALL
;
165 } else if (strequal(argv
[1], "None")) {
166 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
168 d_printf(_("invalid auditing policy: %s\n"), argv
[1]);
169 return NT_STATUS_INVALID_PARAMETER
;
172 status
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
173 SEC_FLAG_MAXIMUM_ALLOWED
,
176 if (!NT_STATUS_IS_OK(status
)) {
180 status
= dcerpc_lsa_QueryInfoPolicy(b
, mem_ctx
,
182 LSA_POLICY_INFO_AUDIT_EVENTS
,
185 if (!NT_STATUS_IS_OK(status
)) {
188 if (!NT_STATUS_IS_OK(result
)) {
193 info
->audit_events
.settings
[audit_category
] = audit_policy
;
195 status
= dcerpc_lsa_SetInfoPolicy(b
, mem_ctx
,
197 LSA_POLICY_INFO_AUDIT_EVENTS
,
200 if (!NT_STATUS_IS_OK(status
)) {
203 if (!NT_STATUS_IS_OK(result
)) {
208 status
= dcerpc_lsa_QueryInfoPolicy(b
, mem_ctx
,
210 LSA_POLICY_INFO_AUDIT_EVENTS
,
213 if (!NT_STATUS_IS_OK(status
)) {
220 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[audit_category
]);
221 const char *policy
= audit_description_str(audit_category
);
222 print_auditing_category(policy
, val
);
226 if (!NT_STATUS_IS_OK(status
)) {
227 d_printf(_("failed to set audit policy: %s\n"),
234 /********************************************************************
235 ********************************************************************/
237 static NTSTATUS
rpc_audit_enable_internal_ext(struct rpc_pipe_client
*pipe_hnd
,
243 struct policy_handle pol
;
244 NTSTATUS status
, result
;
245 union lsa_PolicyInformation
*info
= NULL
;
246 struct dcerpc_binding_handle
*b
= pipe_hnd
->binding_handle
;
248 status
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
249 SEC_FLAG_MAXIMUM_ALLOWED
,
252 if (!NT_STATUS_IS_OK(status
)) {
256 status
= dcerpc_lsa_QueryInfoPolicy(b
, mem_ctx
,
258 LSA_POLICY_INFO_AUDIT_EVENTS
,
261 if (!NT_STATUS_IS_OK(status
)) {
264 if (!NT_STATUS_IS_OK(result
)) {
269 info
->audit_events
.auditing_mode
= enable
;
271 status
= dcerpc_lsa_SetInfoPolicy(b
, mem_ctx
,
273 LSA_POLICY_INFO_AUDIT_EVENTS
,
276 if (!NT_STATUS_IS_OK(status
)) {
279 if (!NT_STATUS_IS_OK(result
)) {
285 if (!NT_STATUS_IS_OK(status
)) {
286 d_printf(_("%s: %s\n"),
287 enable
? _("failed to enable audit policy"):
288 _("failed to disable audit policy"),
295 /********************************************************************
296 ********************************************************************/
298 static NTSTATUS
rpc_audit_disable_internal(struct net_context
*c
,
299 const struct dom_sid
*domain_sid
,
300 const char *domain_name
,
301 struct cli_state
*cli
,
302 struct rpc_pipe_client
*pipe_hnd
,
307 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
311 /********************************************************************
312 ********************************************************************/
314 static NTSTATUS
rpc_audit_enable_internal(struct net_context
*c
,
315 const struct dom_sid
*domain_sid
,
316 const char *domain_name
,
317 struct cli_state
*cli
,
318 struct rpc_pipe_client
*pipe_hnd
,
323 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
327 /********************************************************************
328 ********************************************************************/
330 static NTSTATUS
rpc_audit_list_internal(struct net_context
*c
,
331 const struct dom_sid
*domain_sid
,
332 const char *domain_name
,
333 struct cli_state
*cli
,
334 struct rpc_pipe_client
*pipe_hnd
,
339 struct policy_handle pol
;
340 NTSTATUS status
, result
;
341 union lsa_PolicyInformation
*info
= NULL
;
343 struct dcerpc_binding_handle
*b
= pipe_hnd
->binding_handle
;
345 status
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
346 SEC_FLAG_MAXIMUM_ALLOWED
,
349 if (!NT_STATUS_IS_OK(status
)) {
353 status
= dcerpc_lsa_QueryInfoPolicy(b
, mem_ctx
,
355 LSA_POLICY_INFO_AUDIT_EVENTS
,
358 if (!NT_STATUS_IS_OK(status
)) {
361 if (!NT_STATUS_IS_OK(result
)) {
366 printf(_("Auditing:\t\t"));
367 switch (info
->audit_events
.auditing_mode
) {
369 printf(_("Enabled"));
372 printf(_("Disabled"));
375 printf(_("unknown (%d)"),
376 info
->audit_events
.auditing_mode
);
381 printf(_("Auditing categories:\t%d\n"), info
->audit_events
.count
);
382 printf(_("Auditing settings:\n"));
384 for (i
=0; i
< info
->audit_events
.count
; i
++) {
385 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
386 const char *policy
= audit_description_str(i
);
387 print_auditing_category(policy
, val
);
391 if (!NT_STATUS_IS_OK(status
)) {
392 d_printf(_("failed to list auditing policies: %s\n"),
399 /********************************************************************
400 ********************************************************************/
402 static int rpc_audit_get(struct net_context
*c
, int argc
, const char **argv
)
404 if (c
->display_usage
) {
406 "net rpc audit get\n"
409 _("View configured audit setting"));
413 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
414 rpc_audit_get_internal
, argc
, argv
);
417 /********************************************************************
418 ********************************************************************/
420 static int rpc_audit_set(struct net_context
*c
, int argc
, const char **argv
)
422 if (c
->display_usage
) {
424 "net rpc audit set\n"
427 _("Set audit policies"));
431 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
432 rpc_audit_set_internal
, argc
, argv
);
435 /********************************************************************
436 ********************************************************************/
438 static int rpc_audit_enable(struct net_context
*c
, int argc
, const char **argv
)
440 if (c
->display_usage
) {
442 "net rpc audit enable\n"
445 _("Enable auditing"));
449 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
450 rpc_audit_enable_internal
, argc
, argv
);
453 /********************************************************************
454 ********************************************************************/
456 static int rpc_audit_disable(struct net_context
*c
, int argc
, const char **argv
)
458 if (c
->display_usage
) {
460 "net rpc audit disable\n"
463 _("Disable auditing"));
467 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
468 rpc_audit_disable_internal
, argc
, argv
);
471 /********************************************************************
472 ********************************************************************/
474 static int rpc_audit_list(struct net_context
*c
, int argc
, const char **argv
)
476 if (c
->display_usage
) {
478 "net rpc audit list\n"
481 _("List auditing settings"));
485 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
486 rpc_audit_list_internal
, argc
, argv
);
489 /********************************************************************
490 ********************************************************************/
492 int net_rpc_audit(struct net_context
*c
, int argc
, const char **argv
)
494 struct functable func
[] = {
499 N_("View configured auditing settings"),
500 N_("net rpc audit get\n"
501 " View configured auditing settings")
507 N_("Set auditing policies"),
508 N_("net rpc audit set\n"
509 " Set auditing policies")
515 N_("Enable auditing"),
516 N_("net rpc audit enable\n"
523 N_("Disable auditing"),
524 N_("net rpc audit disable\n"
531 N_("List configured auditing settings"),
532 N_("net rpc audit list\n"
533 " List configured auditing settings")
535 {NULL
, NULL
, 0, NULL
, NULL
}
538 return net_run_function(c
, argc
, argv
, "net rpc audit", func
);