subunit: report [X/Y at Zs] instead of [X/Y in Zs]
[Samba.git] / source3 / utils / net_rpc_audit.c
blob336f6a857dfe1140d6357325f61be3e84137fba6
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
19 #include "includes.h"
20 #include "utils/net.h"
21 #include "rpc_client/rpc_client.h"
22 #include "../librpc/gen_ndr/ndr_lsa_c.h"
23 #include "rpc_client/cli_lsarpc.h"
25 /********************************************************************
26 ********************************************************************/
28 static int net_help_audit(struct net_context *c, int argc, const char **argv)
30 d_printf(_("net rpc audit list View configured Auditing policies\n"));
31 d_printf(_("net rpc audit enable Enable Auditing\n"));
32 d_printf(_("net rpc audit disable Disable Auditing\n"));
33 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
34 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
35 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
36 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
38 return -1;
41 /********************************************************************
42 ********************************************************************/
44 static void print_auditing_category(const char *policy, const char *value)
46 if (policy == NULL) {
47 policy = N_("Unknown");
49 if (value == NULL) {
50 value = N_("Invalid");
53 d_printf(_("\t%-30s%s\n"), policy, value);
56 /********************************************************************
57 ********************************************************************/
59 static NTSTATUS rpc_audit_get_internal(struct net_context *c,
60 const struct dom_sid *domain_sid,
61 const char *domain_name,
62 struct cli_state *cli,
63 struct rpc_pipe_client *pipe_hnd,
64 TALLOC_CTX *mem_ctx,
65 int argc,
66 const char **argv)
68 struct policy_handle pol;
69 NTSTATUS status, result;
70 union lsa_PolicyInformation *info = NULL;
71 int i;
72 uint32_t audit_category;
73 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
75 if (argc < 1 || argc > 2) {
76 d_printf(_("insufficient arguments\n"));
77 net_help_audit(c, argc, argv);
78 return NT_STATUS_INVALID_PARAMETER;
81 if (!get_audit_category_from_param(argv[0], &audit_category)) {
82 d_printf(_("invalid auditing category: %s\n"), argv[0]);
83 return NT_STATUS_INVALID_PARAMETER;
86 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
87 SEC_FLAG_MAXIMUM_ALLOWED,
88 &pol);
90 if (!NT_STATUS_IS_OK(status)) {
91 goto done;
94 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
95 &pol,
96 LSA_POLICY_INFO_AUDIT_EVENTS,
97 &info,
98 &result);
99 if (!NT_STATUS_IS_OK(status)) {
100 goto done;
102 if (!NT_STATUS_IS_OK(result)) {
103 status = result;
104 goto done;
107 for (i=0; i < info->audit_events.count; i++) {
109 const char *val = NULL, *policy = NULL;
111 if (i != audit_category) {
112 continue;
115 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
116 policy = audit_description_str(i);
117 print_auditing_category(policy, val);
120 done:
121 if (!NT_STATUS_IS_OK(status)) {
122 d_printf(_("failed to get auditing policy: %s\n"),
123 nt_errstr(status));
126 return status;
129 /********************************************************************
130 ********************************************************************/
132 static NTSTATUS rpc_audit_set_internal(struct net_context *c,
133 const struct dom_sid *domain_sid,
134 const char *domain_name,
135 struct cli_state *cli,
136 struct rpc_pipe_client *pipe_hnd,
137 TALLOC_CTX *mem_ctx,
138 int argc,
139 const char **argv)
141 struct policy_handle pol;
142 NTSTATUS status, result;
143 union lsa_PolicyInformation *info = NULL;
144 uint32_t audit_policy, audit_category;
145 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
147 if (argc < 2 || argc > 3) {
148 d_printf(_("insufficient arguments\n"));
149 net_help_audit(c, argc, argv);
150 return NT_STATUS_INVALID_PARAMETER;
153 if (!get_audit_category_from_param(argv[0], &audit_category)) {
154 d_printf(_("invalid auditing category: %s\n"), argv[0]);
155 return NT_STATUS_INVALID_PARAMETER;
158 audit_policy = LSA_AUDIT_POLICY_CLEAR;
160 if (strequal(argv[1], "Success")) {
161 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
162 } else if (strequal(argv[1], "Failure")) {
163 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
164 } else if (strequal(argv[1], "All")) {
165 audit_policy |= LSA_AUDIT_POLICY_ALL;
166 } else if (strequal(argv[1], "None")) {
167 audit_policy = LSA_AUDIT_POLICY_CLEAR;
168 } else {
169 d_printf(_("invalid auditing policy: %s\n"), argv[1]);
170 return NT_STATUS_INVALID_PARAMETER;
173 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
174 SEC_FLAG_MAXIMUM_ALLOWED,
175 &pol);
177 if (!NT_STATUS_IS_OK(status)) {
178 goto done;
181 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
182 &pol,
183 LSA_POLICY_INFO_AUDIT_EVENTS,
184 &info,
185 &result);
186 if (!NT_STATUS_IS_OK(status)) {
187 goto done;
189 if (!NT_STATUS_IS_OK(result)) {
190 status = result;
191 goto done;
194 info->audit_events.settings[audit_category] = audit_policy;
196 status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
197 &pol,
198 LSA_POLICY_INFO_AUDIT_EVENTS,
199 info,
200 &result);
201 if (!NT_STATUS_IS_OK(status)) {
202 goto done;
204 if (!NT_STATUS_IS_OK(result)) {
205 status = result;
206 goto done;
209 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
210 &pol,
211 LSA_POLICY_INFO_AUDIT_EVENTS,
212 &info,
213 &result);
214 if (!NT_STATUS_IS_OK(status)) {
215 goto done;
218 status = result;
221 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
222 const char *policy = audit_description_str(audit_category);
223 print_auditing_category(policy, val);
226 done:
227 if (!NT_STATUS_IS_OK(status)) {
228 d_printf(_("failed to set audit policy: %s\n"),
229 nt_errstr(status));
232 return status;
235 /********************************************************************
236 ********************************************************************/
238 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
239 TALLOC_CTX *mem_ctx,
240 int argc,
241 const char **argv,
242 bool enable)
244 struct policy_handle pol;
245 NTSTATUS status, result;
246 union lsa_PolicyInformation *info = NULL;
247 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
249 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
250 SEC_FLAG_MAXIMUM_ALLOWED,
251 &pol);
253 if (!NT_STATUS_IS_OK(status)) {
254 goto done;
257 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
258 &pol,
259 LSA_POLICY_INFO_AUDIT_EVENTS,
260 &info,
261 &result);
262 if (!NT_STATUS_IS_OK(status)) {
263 goto done;
265 if (!NT_STATUS_IS_OK(result)) {
266 status = result;
267 goto done;
270 info->audit_events.auditing_mode = enable;
272 status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
273 &pol,
274 LSA_POLICY_INFO_AUDIT_EVENTS,
275 info,
276 &result);
277 if (!NT_STATUS_IS_OK(status)) {
278 goto done;
280 if (!NT_STATUS_IS_OK(result)) {
281 status = result;
282 goto done;
285 done:
286 if (!NT_STATUS_IS_OK(status)) {
287 d_printf(_("%s: %s\n"),
288 enable ? _("failed to enable audit policy"):
289 _("failed to disable audit policy"),
290 nt_errstr(status));
293 return status;
296 /********************************************************************
297 ********************************************************************/
299 static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
300 const struct dom_sid *domain_sid,
301 const char *domain_name,
302 struct cli_state *cli,
303 struct rpc_pipe_client *pipe_hnd,
304 TALLOC_CTX *mem_ctx,
305 int argc,
306 const char **argv)
308 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
309 false);
312 /********************************************************************
313 ********************************************************************/
315 static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
316 const struct dom_sid *domain_sid,
317 const char *domain_name,
318 struct cli_state *cli,
319 struct rpc_pipe_client *pipe_hnd,
320 TALLOC_CTX *mem_ctx,
321 int argc,
322 const char **argv)
324 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
325 true);
328 /********************************************************************
329 ********************************************************************/
331 static NTSTATUS rpc_audit_list_internal(struct net_context *c,
332 const struct dom_sid *domain_sid,
333 const char *domain_name,
334 struct cli_state *cli,
335 struct rpc_pipe_client *pipe_hnd,
336 TALLOC_CTX *mem_ctx,
337 int argc,
338 const char **argv)
340 struct policy_handle pol;
341 NTSTATUS status, result;
342 union lsa_PolicyInformation *info = NULL;
343 int i;
344 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
346 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
347 SEC_FLAG_MAXIMUM_ALLOWED,
348 &pol);
350 if (!NT_STATUS_IS_OK(status)) {
351 goto done;
354 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
355 &pol,
356 LSA_POLICY_INFO_AUDIT_EVENTS,
357 &info,
358 &result);
359 if (!NT_STATUS_IS_OK(status)) {
360 goto done;
362 if (!NT_STATUS_IS_OK(result)) {
363 status = result;
364 goto done;
367 printf(_("Auditing:\t\t"));
368 switch (info->audit_events.auditing_mode) {
369 case true:
370 printf(_("Enabled"));
371 break;
372 case false:
373 printf(_("Disabled"));
374 break;
375 default:
376 printf(_("unknown (%d)"),
377 info->audit_events.auditing_mode);
378 break;
380 printf("\n");
382 printf(_("Auditing categories:\t%d\n"), info->audit_events.count);
383 printf(_("Auditing settings:\n"));
385 for (i=0; i < info->audit_events.count; i++) {
386 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
387 const char *policy = audit_description_str(i);
388 print_auditing_category(policy, val);
391 done:
392 if (!NT_STATUS_IS_OK(status)) {
393 d_printf(_("failed to list auditing policies: %s\n"),
394 nt_errstr(status));
397 return status;
400 /********************************************************************
401 ********************************************************************/
403 static int rpc_audit_get(struct net_context *c, int argc, const char **argv)
405 if (c->display_usage) {
406 d_printf( "%s\n"
407 "net rpc audit get\n"
408 " %s\n",
409 _("Usage:"),
410 _("View configured audit setting"));
411 return 0;
414 return run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
415 rpc_audit_get_internal, argc, argv);
418 /********************************************************************
419 ********************************************************************/
421 static int rpc_audit_set(struct net_context *c, int argc, const char **argv)
423 if (c->display_usage) {
424 d_printf( "%s\n"
425 "net rpc audit set\n"
426 " %s\n",
427 _("Usage:"),
428 _("Set audit policies"));
429 return 0;
432 return run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
433 rpc_audit_set_internal, argc, argv);
436 /********************************************************************
437 ********************************************************************/
439 static int rpc_audit_enable(struct net_context *c, int argc, const char **argv)
441 if (c->display_usage) {
442 d_printf( "%s\n"
443 "net rpc audit enable\n"
444 " %s\n",
445 _("Usage:"),
446 _("Enable auditing"));
447 return 0;
450 return run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
451 rpc_audit_enable_internal, argc, argv);
454 /********************************************************************
455 ********************************************************************/
457 static int rpc_audit_disable(struct net_context *c, int argc, const char **argv)
459 if (c->display_usage) {
460 d_printf( "%s\n"
461 "net rpc audit disable\n"
462 " %s\n",
463 _("Usage:"),
464 _("Disable auditing"));
465 return 0;
468 return run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
469 rpc_audit_disable_internal, argc, argv);
472 /********************************************************************
473 ********************************************************************/
475 static int rpc_audit_list(struct net_context *c, int argc, const char **argv)
477 if (c->display_usage) {
478 d_printf( "%s\n"
479 "net rpc audit list\n"
480 " %s\n",
481 _("Usage:"),
482 _("List auditing settings"));
483 return 0;
486 return run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
487 rpc_audit_list_internal, argc, argv);
490 /********************************************************************
491 ********************************************************************/
493 int net_rpc_audit(struct net_context *c, int argc, const char **argv)
495 struct functable func[] = {
497 "get",
498 rpc_audit_get,
499 NET_TRANSPORT_RPC,
500 N_("View configured auditing settings"),
501 N_("net rpc audit get\n"
502 " View configured auditing settings")
505 "set",
506 rpc_audit_set,
507 NET_TRANSPORT_RPC,
508 N_("Set auditing policies"),
509 N_("net rpc audit set\n"
510 " Set auditing policies")
513 "enable",
514 rpc_audit_enable,
515 NET_TRANSPORT_RPC,
516 N_("Enable auditing"),
517 N_("net rpc audit enable\n"
518 " Enable auditing")
521 "disable",
522 rpc_audit_disable,
523 NET_TRANSPORT_RPC,
524 N_("Disable auditing"),
525 N_("net rpc audit disable\n"
526 " Disable auditing")
529 "list",
530 rpc_audit_list,
531 NET_TRANSPORT_RPC,
532 N_("List configured auditing settings"),
533 N_("net rpc audit list\n"
534 " List configured auditing settings")
536 {NULL, NULL, 0, NULL, NULL}
539 return net_run_function(c, argc, argv, "net rpc audit", func);