2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
20 #include "utils/net.h"
21 #include "../librpc/gen_ndr/cli_lsa.h"
22 #include "rpc_client/cli_lsarpc.h"
24 /********************************************************************
25 ********************************************************************/
27 static int net_help_audit(struct net_context
*c
, int argc
, const char **argv
)
29 d_printf(_("net rpc audit list View configured Auditing policies\n"));
30 d_printf(_("net rpc audit enable Enable Auditing\n"));
31 d_printf(_("net rpc audit disable Disable Auditing\n"));
32 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
33 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
34 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
35 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
40 /********************************************************************
41 ********************************************************************/
43 static void print_auditing_category(const char *policy
, const char *value
)
46 policy
= N_("Unknown");
49 value
= N_("Invalid");
52 d_printf(_("\t%-30s%s\n"), policy
, value
);
55 /********************************************************************
56 ********************************************************************/
58 static NTSTATUS
rpc_audit_get_internal(struct net_context
*c
,
59 const struct dom_sid
*domain_sid
,
60 const char *domain_name
,
61 struct cli_state
*cli
,
62 struct rpc_pipe_client
*pipe_hnd
,
67 struct policy_handle pol
;
68 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
69 union lsa_PolicyInformation
*info
= NULL
;
71 uint32_t audit_category
;
73 if (argc
< 1 || argc
> 2) {
74 d_printf(_("insufficient arguments\n"));
75 net_help_audit(c
, argc
, argv
);
76 return NT_STATUS_INVALID_PARAMETER
;
79 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
80 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
81 return NT_STATUS_INVALID_PARAMETER
;
84 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
85 SEC_FLAG_MAXIMUM_ALLOWED
,
88 if (!NT_STATUS_IS_OK(result
)) {
92 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
94 LSA_POLICY_INFO_AUDIT_EVENTS
,
97 if (!NT_STATUS_IS_OK(result
)) {
101 for (i
=0; i
< info
->audit_events
.count
; i
++) {
103 const char *val
= NULL
, *policy
= NULL
;
105 if (i
!= audit_category
) {
109 val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
110 policy
= audit_description_str(i
);
111 print_auditing_category(policy
, val
);
115 if (!NT_STATUS_IS_OK(result
)) {
116 d_printf(_("failed to get auditing policy: %s\n"),
123 /********************************************************************
124 ********************************************************************/
126 static NTSTATUS
rpc_audit_set_internal(struct net_context
*c
,
127 const struct dom_sid
*domain_sid
,
128 const char *domain_name
,
129 struct cli_state
*cli
,
130 struct rpc_pipe_client
*pipe_hnd
,
135 struct policy_handle pol
;
136 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
137 union lsa_PolicyInformation
*info
= NULL
;
138 uint32_t audit_policy
, audit_category
;
140 if (argc
< 2 || argc
> 3) {
141 d_printf(_("insufficient arguments\n"));
142 net_help_audit(c
, argc
, argv
);
143 return NT_STATUS_INVALID_PARAMETER
;
146 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
147 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
148 return NT_STATUS_INVALID_PARAMETER
;
151 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
153 if (strequal(argv
[1], "Success")) {
154 audit_policy
|= LSA_AUDIT_POLICY_SUCCESS
;
155 } else if (strequal(argv
[1], "Failure")) {
156 audit_policy
|= LSA_AUDIT_POLICY_FAILURE
;
157 } else if (strequal(argv
[1], "All")) {
158 audit_policy
|= LSA_AUDIT_POLICY_ALL
;
159 } else if (strequal(argv
[1], "None")) {
160 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
162 d_printf(_("invalid auditing policy: %s\n"), argv
[1]);
163 return NT_STATUS_INVALID_PARAMETER
;
166 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
167 SEC_FLAG_MAXIMUM_ALLOWED
,
170 if (!NT_STATUS_IS_OK(result
)) {
174 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
176 LSA_POLICY_INFO_AUDIT_EVENTS
,
179 if (!NT_STATUS_IS_OK(result
)) {
183 info
->audit_events
.settings
[audit_category
] = audit_policy
;
185 result
= rpccli_lsa_SetInfoPolicy(pipe_hnd
, mem_ctx
,
187 LSA_POLICY_INFO_AUDIT_EVENTS
,
190 if (!NT_STATUS_IS_OK(result
)) {
194 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
196 LSA_POLICY_INFO_AUDIT_EVENTS
,
199 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[audit_category
]);
200 const char *policy
= audit_description_str(audit_category
);
201 print_auditing_category(policy
, val
);
205 if (!NT_STATUS_IS_OK(result
)) {
206 d_printf(_("failed to set audit policy: %s\n"),
213 /********************************************************************
214 ********************************************************************/
216 static NTSTATUS
rpc_audit_enable_internal_ext(struct rpc_pipe_client
*pipe_hnd
,
222 struct policy_handle pol
;
223 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
224 union lsa_PolicyInformation
*info
= NULL
;
226 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
227 SEC_FLAG_MAXIMUM_ALLOWED
,
230 if (!NT_STATUS_IS_OK(result
)) {
234 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
236 LSA_POLICY_INFO_AUDIT_EVENTS
,
238 if (!NT_STATUS_IS_OK(result
)) {
242 info
->audit_events
.auditing_mode
= enable
;
244 result
= rpccli_lsa_SetInfoPolicy(pipe_hnd
, mem_ctx
,
246 LSA_POLICY_INFO_AUDIT_EVENTS
,
249 if (!NT_STATUS_IS_OK(result
)) {
254 if (!NT_STATUS_IS_OK(result
)) {
255 d_printf(_("%s: %s\n"),
256 enable
? _("failed to enable audit policy"):
257 _("failed to disable audit policy"),
264 /********************************************************************
265 ********************************************************************/
267 static NTSTATUS
rpc_audit_disable_internal(struct net_context
*c
,
268 const struct dom_sid
*domain_sid
,
269 const char *domain_name
,
270 struct cli_state
*cli
,
271 struct rpc_pipe_client
*pipe_hnd
,
276 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
280 /********************************************************************
281 ********************************************************************/
283 static NTSTATUS
rpc_audit_enable_internal(struct net_context
*c
,
284 const struct dom_sid
*domain_sid
,
285 const char *domain_name
,
286 struct cli_state
*cli
,
287 struct rpc_pipe_client
*pipe_hnd
,
292 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
296 /********************************************************************
297 ********************************************************************/
299 static NTSTATUS
rpc_audit_list_internal(struct net_context
*c
,
300 const struct dom_sid
*domain_sid
,
301 const char *domain_name
,
302 struct cli_state
*cli
,
303 struct rpc_pipe_client
*pipe_hnd
,
308 struct policy_handle pol
;
309 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
310 union lsa_PolicyInformation
*info
= NULL
;
313 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
314 SEC_FLAG_MAXIMUM_ALLOWED
,
317 if (!NT_STATUS_IS_OK(result
)) {
321 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
323 LSA_POLICY_INFO_AUDIT_EVENTS
,
325 if (!NT_STATUS_IS_OK(result
)) {
329 printf(_("Auditing:\t\t"));
330 switch (info
->audit_events
.auditing_mode
) {
332 printf(_("Enabled"));
335 printf(_("Disabled"));
338 printf(_("unknown (%d)"),
339 info
->audit_events
.auditing_mode
);
344 printf(_("Auditing categories:\t%d\n"), info
->audit_events
.count
);
345 printf(_("Auditing settings:\n"));
347 for (i
=0; i
< info
->audit_events
.count
; i
++) {
348 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
349 const char *policy
= audit_description_str(i
);
350 print_auditing_category(policy
, val
);
354 if (!NT_STATUS_IS_OK(result
)) {
355 d_printf(_("failed to list auditing policies: %s\n"),
362 /********************************************************************
363 ********************************************************************/
365 static int rpc_audit_get(struct net_context
*c
, int argc
, const char **argv
)
367 if (c
->display_usage
) {
369 "net rpc audit get\n"
372 _("View configured audit setting"));
376 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
377 rpc_audit_get_internal
, argc
, argv
);
380 /********************************************************************
381 ********************************************************************/
383 static int rpc_audit_set(struct net_context
*c
, int argc
, const char **argv
)
385 if (c
->display_usage
) {
387 "net rpc audit set\n"
390 _("Set audit policies"));
394 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
395 rpc_audit_set_internal
, argc
, argv
);
398 /********************************************************************
399 ********************************************************************/
401 static int rpc_audit_enable(struct net_context
*c
, int argc
, const char **argv
)
403 if (c
->display_usage
) {
405 "net rpc audit enable\n"
408 _("Enable auditing"));
412 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
413 rpc_audit_enable_internal
, argc
, argv
);
416 /********************************************************************
417 ********************************************************************/
419 static int rpc_audit_disable(struct net_context
*c
, int argc
, const char **argv
)
421 if (c
->display_usage
) {
423 "net rpc audit disable\n"
426 _("Disable auditing"));
430 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
431 rpc_audit_disable_internal
, argc
, argv
);
434 /********************************************************************
435 ********************************************************************/
437 static int rpc_audit_list(struct net_context
*c
, int argc
, const char **argv
)
439 if (c
->display_usage
) {
441 "net rpc audit list\n"
444 _("List auditing settings"));
448 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
449 rpc_audit_list_internal
, argc
, argv
);
452 /********************************************************************
453 ********************************************************************/
455 int net_rpc_audit(struct net_context
*c
, int argc
, const char **argv
)
457 struct functable func
[] = {
462 N_("View configured auditing settings"),
463 N_("net rpc audit get\n"
464 " View configured auditing settings")
470 N_("Set auditing policies"),
471 N_("net rpc audit set\n"
472 " Set auditing policies")
478 N_("Enable auditing"),
479 N_("net rpc audit enable\n"
486 N_("Disable auditing"),
487 N_("net rpc audit disable\n"
494 N_("List configured auditing settings"),
495 N_("net rpc audit list\n"
496 " List configured auditing settings")
498 {NULL
, NULL
, 0, NULL
, NULL
}
501 return net_run_function(c
, argc
, argv
, "net rpc audit", func
);