search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
net_idmap: use wbcSet[U|G]idMapping() and wbcSet[U|G]idHwm() functions
[Samba.git] / source / utils / net_rpc_audit.c
bloba846395bb8a17a131a2d93867dc34c917cb7b0bd
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #include "includes.h"
20 #include "utils/net.h"
21
22 /********************************************************************
23 ********************************************************************/
24
25 static int net_help_audit(int argc, const char **argv)
26 {
27 d_printf("net rpc audit list View configured Auditing policies\n");
28 d_printf("net rpc audit enable Enable Auditing\n");
29 d_printf("net rpc audit disable Disable Auditing\n");
30 d_printf("net rpc audit get <category> View configured Auditing policy setting\n");
31 d_printf("net rpc audit set <category> <policy> Set Auditing policies\n\n");
32 d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
33 d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
34
35 return -1;
36 }
37
38 /********************************************************************
39 ********************************************************************/
40
41 static void print_auditing_category(const char *policy, const char *value)
42 {
43 fstring padding;
44 int pad_len, col_len = 30;
45
46 if (policy == NULL) {
47 policy = "Unknown";
48 }
49 if (value == NULL) {
50 value = "Invalid";
51 }
52
53 /* calculate padding space for d_printf to look nicer */
54 pad_len = col_len - strlen(policy);
55 padding[pad_len] = 0;
56 do padding[--pad_len] = ' '; while (pad_len > 0);
57
58 d_printf("\t%s%s%s\n", policy, padding, value);
59 }
60
61 /********************************************************************
62 ********************************************************************/
63
64 static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
65 const char *domain_name,
66 struct cli_state *cli,
67 struct rpc_pipe_client *pipe_hnd,
68 TALLOC_CTX *mem_ctx,
69 int argc,
70 const char **argv)
71 {
72 POLICY_HND pol;
73 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
74 union lsa_PolicyInformation *info = NULL;
75 int i;
76 uint32_t audit_category;
77
78 if (argc < 1 || argc > 2) {
79 d_printf("insufficient arguments\n");
80 net_help_audit(argc, argv);
81 return NT_STATUS_INVALID_PARAMETER;
82 }
83
84 if (!get_audit_category_from_param(argv[0], &audit_category)) {
85 d_printf("invalid auditing category: %s\n", argv[0]);
86 return NT_STATUS_INVALID_PARAMETER;
87 }
88
89 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
90 SEC_RIGHTS_MAXIMUM_ALLOWED,
91 &pol);
92
93 if (!NT_STATUS_IS_OK(result)) {
94 goto done;
95 }
96
97 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
98 &pol,
99 LSA_POLICY_INFO_AUDIT_EVENTS,
100 &info);
101
102 if (!NT_STATUS_IS_OK(result)) {
103 goto done;
104 }
105
106 for (i=0; i < info->audit_events.count; i++) {
107
108 const char *val = NULL, *policy = NULL;
109
110 if (i != audit_category) {
111 continue;
112 }
113
114 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
115 policy = audit_description_str(i);
116 print_auditing_category(policy, val);
117 }
118
119 done:
120 if (!NT_STATUS_IS_OK(result)) {
121 d_printf("failed to get auditing policy: %s\n",
122 nt_errstr(result));
123 }
124
125 return result;
126 }
127
128 /********************************************************************
129 ********************************************************************/
130
131 static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
132 const char *domain_name,
133 struct cli_state *cli,
134 struct rpc_pipe_client *pipe_hnd,
135 TALLOC_CTX *mem_ctx,
136 int argc,
137 const char **argv)
138 {
139 POLICY_HND pol;
140 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
141 union lsa_PolicyInformation *info = NULL;
142 uint32_t audit_policy, audit_category;
143
144 if (argc < 2 || argc > 3) {
145 d_printf("insufficient arguments\n");
146 net_help_audit(argc, argv);
147 return NT_STATUS_INVALID_PARAMETER;
148 }
149
150 if (!get_audit_category_from_param(argv[0], &audit_category)) {
151 d_printf("invalid auditing category: %s\n", argv[0]);
152 return NT_STATUS_INVALID_PARAMETER;
153 }
154
155 audit_policy = LSA_AUDIT_POLICY_CLEAR;
156
157 if (strequal(argv[1], "Success")) {
158 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
159 } else if (strequal(argv[1], "Failure")) {
160 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
161 } else if (strequal(argv[1], "All")) {
162 audit_policy |= LSA_AUDIT_POLICY_ALL;
163 } else if (strequal(argv[1], "None")) {
164 audit_policy = LSA_AUDIT_POLICY_CLEAR;
165 } else {
166 d_printf("invalid auditing policy: %s\n", argv[1]);
167 return NT_STATUS_INVALID_PARAMETER;
168 }
169
170 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
171 SEC_RIGHTS_MAXIMUM_ALLOWED,
172 &pol);
173
174 if (!NT_STATUS_IS_OK(result)) {
175 goto done;
176 }
177
178 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
179 &pol,
180 LSA_POLICY_INFO_AUDIT_EVENTS,
181 &info);
182
183 if (!NT_STATUS_IS_OK(result)) {
184 goto done;
185 }
186
187 info->audit_events.settings[audit_category] = audit_policy;
188
189 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
190 &pol,
191 LSA_POLICY_INFO_AUDIT_EVENTS,
192 info);
193
194 if (!NT_STATUS_IS_OK(result)) {
195 goto done;
196 }
197
198 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
199 &pol,
200 LSA_POLICY_INFO_AUDIT_EVENTS,
201 &info);
202 {
203 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
204 const char *policy = audit_description_str(audit_category);
205 print_auditing_category(policy, val);
206 }
207
208 done:
209 if (!NT_STATUS_IS_OK(result)) {
210 d_printf("failed to set audit policy: %s\n", nt_errstr(result));
211 }
212
213 return result;
214 }
215
216 /********************************************************************
217 ********************************************************************/
218
219 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
220 TALLOC_CTX *mem_ctx,
221 int argc,
222 const char **argv,
223 bool enable)
224 {
225 POLICY_HND pol;
226 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
227 union lsa_PolicyInformation *info = NULL;
228
229 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
230 SEC_RIGHTS_MAXIMUM_ALLOWED,
231 &pol);
232
233 if (!NT_STATUS_IS_OK(result)) {
234 goto done;
235 }
236
237 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
238 &pol,
239 LSA_POLICY_INFO_AUDIT_EVENTS,
240 &info);
241 if (!NT_STATUS_IS_OK(result)) {
242 goto done;
243 }
244
245 info->audit_events.auditing_mode = enable;
246
247 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
248 &pol,
249 LSA_POLICY_INFO_AUDIT_EVENTS,
250 info);
251
252 if (!NT_STATUS_IS_OK(result)) {
253 goto done;
254 }
255
256 done:
257 if (!NT_STATUS_IS_OK(result)) {
258 d_printf("failed to %s audit policy: %s\n",
259 enable ? "enable":"disable", nt_errstr(result));
260 }
261
262 return result;
263 }
264
265 /********************************************************************
266 ********************************************************************/
267
268 static NTSTATUS rpc_audit_disable_internal(const DOM_SID *domain_sid,
269 const char *domain_name,
270 struct cli_state *cli,
271 struct rpc_pipe_client *pipe_hnd,
272 TALLOC_CTX *mem_ctx,
273 int argc,
274 const char **argv)
275 {
276 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
277 false);
278 }
279
280 /********************************************************************
281 ********************************************************************/
282
283 static NTSTATUS rpc_audit_enable_internal(const DOM_SID *domain_sid,
284 const char *domain_name,
285 struct cli_state *cli,
286 struct rpc_pipe_client *pipe_hnd,
287 TALLOC_CTX *mem_ctx,
288 int argc,
289 const char **argv)
290 {
291 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
292 true);
293 }
294
295 /********************************************************************
296 ********************************************************************/
297
298 static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
299 const char *domain_name,
300 struct cli_state *cli,
301 struct rpc_pipe_client *pipe_hnd,
302 TALLOC_CTX *mem_ctx,
303 int argc,
304 const char **argv)
305 {
306 POLICY_HND pol;
307 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
308 union lsa_PolicyInformation *info = NULL;
309 int i;
310
311 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
312 SEC_RIGHTS_MAXIMUM_ALLOWED,
313 &pol);
314
315 if (!NT_STATUS_IS_OK(result)) {
316 goto done;
317 }
318
319 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
320 &pol,
321 LSA_POLICY_INFO_AUDIT_EVENTS,
322 &info);
323 if (!NT_STATUS_IS_OK(result)) {
324 goto done;
325 }
326
327 printf("Auditing:\t\t");
328 switch (info->audit_events.auditing_mode) {
329 case true:
330 printf("Enabled");
331 break;
332 case false:
333 printf("Disabled");
334 break;
335 default:
336 printf("unknown (%d)", info->audit_events.auditing_mode);
337 break;
338 }
339 printf("\n");
340
341 printf("Auditing categories:\t%d\n", info->audit_events.count);
342 printf("Auditing settings:\n");
343
344 for (i=0; i < info->audit_events.count; i++) {
345 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
346 const char *policy = audit_description_str(i);
347 print_auditing_category(policy, val);
348 }
349
350 done:
351 if (!NT_STATUS_IS_OK(result)) {
352 d_printf("failed to list auditing policies: %s\n",
353 nt_errstr(result));
354 }
355
356 return result;
357 }
358
359 /********************************************************************
360 ********************************************************************/
361
362 static int rpc_audit_get(int argc, const char **argv)
363 {
364 return run_rpc_command(NULL, PI_LSARPC, 0,
365 rpc_audit_get_internal, argc, argv);
366 }
367
368 /********************************************************************
369 ********************************************************************/
370
371 static int rpc_audit_set(int argc, const char **argv)
372 {
373 return run_rpc_command(NULL, PI_LSARPC, 0,
374 rpc_audit_set_internal, argc, argv);
375 }
376
377 /********************************************************************
378 ********************************************************************/
379
380 static int rpc_audit_enable(int argc, const char **argv)
381 {
382 return run_rpc_command(NULL, PI_LSARPC, 0,
383 rpc_audit_enable_internal, argc, argv);
384 }
385
386 /********************************************************************
387 ********************************************************************/
388
389 static int rpc_audit_disable(int argc, const char **argv)
390 {
391 return run_rpc_command(NULL, PI_LSARPC, 0,
392 rpc_audit_disable_internal, argc, argv);
393 }
394
395 /********************************************************************
396 ********************************************************************/
397
398 static int rpc_audit_list(int argc, const char **argv)
399 {
400 return run_rpc_command(NULL, PI_LSARPC, 0,
401 rpc_audit_list_internal, argc, argv);
402 }
403
404 /********************************************************************
405 ********************************************************************/
406
407 int net_rpc_audit(int argc, const char **argv)
408 {
409 struct functable func[] = {
410 {"get", rpc_audit_get},
411 {"set", rpc_audit_set},
412 {"enable", rpc_audit_enable},
413 {"disable", rpc_audit_disable},
414 {"list", rpc_audit_list},
415 {NULL, NULL}
416 };
417
418 if (argc)
419 return net_run_function(argc, argv, func, net_help_audit);
420
421 return net_help_audit(argc, argv);
422 }
Samba GIT mirror