2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
20 #include "utils/net.h"
21 #include "rpc_client/rpc_client.h"
22 #include "../librpc/gen_ndr/ndr_lsa_c.h"
23 #include "rpc_client/cli_lsarpc.h"
25 /********************************************************************
26 ********************************************************************/
28 static int net_help_audit(struct net_context
*c
, int argc
, const char **argv
)
30 d_printf(_("net rpc audit list View configured Auditing policies\n"));
31 d_printf(_("net rpc audit enable Enable Auditing\n"));
32 d_printf(_("net rpc audit disable Disable Auditing\n"));
33 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
34 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
35 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
36 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
41 /********************************************************************
42 ********************************************************************/
44 static void print_auditing_category(const char *policy
, const char *value
)
47 policy
= N_("Unknown");
50 value
= N_("Invalid");
53 d_printf(_("\t%-30s%s\n"), policy
, value
);
56 /********************************************************************
57 ********************************************************************/
59 static NTSTATUS
rpc_audit_get_internal(struct net_context
*c
,
60 const struct dom_sid
*domain_sid
,
61 const char *domain_name
,
62 struct cli_state
*cli
,
63 struct rpc_pipe_client
*pipe_hnd
,
68 struct policy_handle pol
;
69 NTSTATUS status
, result
;
70 union lsa_PolicyInformation
*info
= NULL
;
72 uint32_t audit_category
;
73 struct dcerpc_binding_handle
*b
= pipe_hnd
->binding_handle
;
75 if (argc
< 1 || argc
> 2) {
76 d_printf(_("insufficient arguments\n"));
77 net_help_audit(c
, argc
, argv
);
78 return NT_STATUS_INVALID_PARAMETER
;
81 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
82 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
83 return NT_STATUS_INVALID_PARAMETER
;
86 status
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
87 SEC_FLAG_MAXIMUM_ALLOWED
,
90 if (!NT_STATUS_IS_OK(status
)) {
94 status
= dcerpc_lsa_QueryInfoPolicy(b
, mem_ctx
,
96 LSA_POLICY_INFO_AUDIT_EVENTS
,
99 if (!NT_STATUS_IS_OK(status
)) {
102 if (!NT_STATUS_IS_OK(result
)) {
107 for (i
=0; i
< info
->audit_events
.count
; i
++) {
109 const char *val
= NULL
, *policy
= NULL
;
111 if (i
!= audit_category
) {
115 val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
116 policy
= audit_description_str(i
);
117 print_auditing_category(policy
, val
);
121 if (!NT_STATUS_IS_OK(status
)) {
122 d_printf(_("failed to get auditing policy: %s\n"),
129 /********************************************************************
130 ********************************************************************/
132 static NTSTATUS
rpc_audit_set_internal(struct net_context
*c
,
133 const struct dom_sid
*domain_sid
,
134 const char *domain_name
,
135 struct cli_state
*cli
,
136 struct rpc_pipe_client
*pipe_hnd
,
141 struct policy_handle pol
;
142 NTSTATUS status
, result
;
143 union lsa_PolicyInformation
*info
= NULL
;
144 uint32_t audit_policy
, audit_category
;
145 struct dcerpc_binding_handle
*b
= pipe_hnd
->binding_handle
;
147 if (argc
< 2 || argc
> 3) {
148 d_printf(_("insufficient arguments\n"));
149 net_help_audit(c
, argc
, argv
);
150 return NT_STATUS_INVALID_PARAMETER
;
153 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
154 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
155 return NT_STATUS_INVALID_PARAMETER
;
158 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
160 if (strequal(argv
[1], "Success")) {
161 audit_policy
|= LSA_AUDIT_POLICY_SUCCESS
;
162 } else if (strequal(argv
[1], "Failure")) {
163 audit_policy
|= LSA_AUDIT_POLICY_FAILURE
;
164 } else if (strequal(argv
[1], "All")) {
165 audit_policy
|= LSA_AUDIT_POLICY_ALL
;
166 } else if (strequal(argv
[1], "None")) {
167 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
169 d_printf(_("invalid auditing policy: %s\n"), argv
[1]);
170 return NT_STATUS_INVALID_PARAMETER
;
173 status
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
174 SEC_FLAG_MAXIMUM_ALLOWED
,
177 if (!NT_STATUS_IS_OK(status
)) {
181 status
= dcerpc_lsa_QueryInfoPolicy(b
, mem_ctx
,
183 LSA_POLICY_INFO_AUDIT_EVENTS
,
186 if (!NT_STATUS_IS_OK(status
)) {
189 if (!NT_STATUS_IS_OK(result
)) {
194 info
->audit_events
.settings
[audit_category
] = audit_policy
;
196 status
= dcerpc_lsa_SetInfoPolicy(b
, mem_ctx
,
198 LSA_POLICY_INFO_AUDIT_EVENTS
,
201 if (!NT_STATUS_IS_OK(status
)) {
204 if (!NT_STATUS_IS_OK(result
)) {
209 status
= dcerpc_lsa_QueryInfoPolicy(b
, mem_ctx
,
211 LSA_POLICY_INFO_AUDIT_EVENTS
,
214 if (!NT_STATUS_IS_OK(status
)) {
221 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[audit_category
]);
222 const char *policy
= audit_description_str(audit_category
);
223 print_auditing_category(policy
, val
);
227 if (!NT_STATUS_IS_OK(status
)) {
228 d_printf(_("failed to set audit policy: %s\n"),
235 /********************************************************************
236 ********************************************************************/
238 static NTSTATUS
rpc_audit_enable_internal_ext(struct rpc_pipe_client
*pipe_hnd
,
244 struct policy_handle pol
;
245 NTSTATUS status
, result
;
246 union lsa_PolicyInformation
*info
= NULL
;
247 struct dcerpc_binding_handle
*b
= pipe_hnd
->binding_handle
;
249 status
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
250 SEC_FLAG_MAXIMUM_ALLOWED
,
253 if (!NT_STATUS_IS_OK(status
)) {
257 status
= dcerpc_lsa_QueryInfoPolicy(b
, mem_ctx
,
259 LSA_POLICY_INFO_AUDIT_EVENTS
,
262 if (!NT_STATUS_IS_OK(status
)) {
265 if (!NT_STATUS_IS_OK(result
)) {
270 info
->audit_events
.auditing_mode
= enable
;
272 status
= dcerpc_lsa_SetInfoPolicy(b
, mem_ctx
,
274 LSA_POLICY_INFO_AUDIT_EVENTS
,
277 if (!NT_STATUS_IS_OK(status
)) {
280 if (!NT_STATUS_IS_OK(result
)) {
286 if (!NT_STATUS_IS_OK(status
)) {
287 d_printf(_("%s: %s\n"),
288 enable
? _("failed to enable audit policy"):
289 _("failed to disable audit policy"),
296 /********************************************************************
297 ********************************************************************/
299 static NTSTATUS
rpc_audit_disable_internal(struct net_context
*c
,
300 const struct dom_sid
*domain_sid
,
301 const char *domain_name
,
302 struct cli_state
*cli
,
303 struct rpc_pipe_client
*pipe_hnd
,
308 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
312 /********************************************************************
313 ********************************************************************/
315 static NTSTATUS
rpc_audit_enable_internal(struct net_context
*c
,
316 const struct dom_sid
*domain_sid
,
317 const char *domain_name
,
318 struct cli_state
*cli
,
319 struct rpc_pipe_client
*pipe_hnd
,
324 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
328 /********************************************************************
329 ********************************************************************/
331 static NTSTATUS
rpc_audit_list_internal(struct net_context
*c
,
332 const struct dom_sid
*domain_sid
,
333 const char *domain_name
,
334 struct cli_state
*cli
,
335 struct rpc_pipe_client
*pipe_hnd
,
340 struct policy_handle pol
;
341 NTSTATUS status
, result
;
342 union lsa_PolicyInformation
*info
= NULL
;
344 struct dcerpc_binding_handle
*b
= pipe_hnd
->binding_handle
;
346 status
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
347 SEC_FLAG_MAXIMUM_ALLOWED
,
350 if (!NT_STATUS_IS_OK(status
)) {
354 status
= dcerpc_lsa_QueryInfoPolicy(b
, mem_ctx
,
356 LSA_POLICY_INFO_AUDIT_EVENTS
,
359 if (!NT_STATUS_IS_OK(status
)) {
362 if (!NT_STATUS_IS_OK(result
)) {
367 printf(_("Auditing:\t\t"));
368 switch (info
->audit_events
.auditing_mode
) {
370 printf(_("Enabled"));
373 printf(_("Disabled"));
376 printf(_("unknown (%d)"),
377 info
->audit_events
.auditing_mode
);
382 printf(_("Auditing categories:\t%d\n"), info
->audit_events
.count
);
383 printf(_("Auditing settings:\n"));
385 for (i
=0; i
< info
->audit_events
.count
; i
++) {
386 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
387 const char *policy
= audit_description_str(i
);
388 print_auditing_category(policy
, val
);
392 if (!NT_STATUS_IS_OK(status
)) {
393 d_printf(_("failed to list auditing policies: %s\n"),
400 /********************************************************************
401 ********************************************************************/
403 static int rpc_audit_get(struct net_context
*c
, int argc
, const char **argv
)
405 if (c
->display_usage
) {
407 "net rpc audit get\n"
410 _("View configured audit setting"));
414 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
415 rpc_audit_get_internal
, argc
, argv
);
418 /********************************************************************
419 ********************************************************************/
421 static int rpc_audit_set(struct net_context
*c
, int argc
, const char **argv
)
423 if (c
->display_usage
) {
425 "net rpc audit set\n"
428 _("Set audit policies"));
432 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
433 rpc_audit_set_internal
, argc
, argv
);
436 /********************************************************************
437 ********************************************************************/
439 static int rpc_audit_enable(struct net_context
*c
, int argc
, const char **argv
)
441 if (c
->display_usage
) {
443 "net rpc audit enable\n"
446 _("Enable auditing"));
450 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
451 rpc_audit_enable_internal
, argc
, argv
);
454 /********************************************************************
455 ********************************************************************/
457 static int rpc_audit_disable(struct net_context
*c
, int argc
, const char **argv
)
459 if (c
->display_usage
) {
461 "net rpc audit disable\n"
464 _("Disable auditing"));
468 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
469 rpc_audit_disable_internal
, argc
, argv
);
472 /********************************************************************
473 ********************************************************************/
475 static int rpc_audit_list(struct net_context
*c
, int argc
, const char **argv
)
477 if (c
->display_usage
) {
479 "net rpc audit list\n"
482 _("List auditing settings"));
486 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
487 rpc_audit_list_internal
, argc
, argv
);
490 /********************************************************************
491 ********************************************************************/
493 int net_rpc_audit(struct net_context
*c
, int argc
, const char **argv
)
495 struct functable func
[] = {
500 N_("View configured auditing settings"),
501 N_("net rpc audit get\n"
502 " View configured auditing settings")
508 N_("Set auditing policies"),
509 N_("net rpc audit set\n"
510 " Set auditing policies")
516 N_("Enable auditing"),
517 N_("net rpc audit enable\n"
524 N_("Disable auditing"),
525 N_("net rpc audit disable\n"
532 N_("List configured auditing settings"),
533 N_("net rpc audit list\n"
534 " List configured auditing settings")
536 {NULL
, NULL
, 0, NULL
, NULL
}
539 return net_run_function(c
, argc
, argv
, "net rpc audit", func
);