2 Unix SMB/CIFS implementation.
3 Auditing helper functions.
4 Copyright (C) Guenther Deschner 2006
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "../librpc/gen_ndr/lsa.h"
23 static const struct audit_category_tab
{
25 const char *category_str
;
26 const char *param_str
;
27 const char *description
;
28 } audit_category_tab
[] = {
29 { LSA_AUDIT_CATEGORY_LOGON
,
30 "LSA_AUDIT_CATEGORY_LOGON",
31 "LOGON", "Logon events" },
32 { LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS
,
33 "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS",
34 "PRIVILEGE", "Privilege Use" },
35 { LSA_AUDIT_CATEGORY_SYSTEM
,
36 "LSA_AUDIT_CATEGORY_SYSTEM",
37 "SYSTEM", "System Events" },
38 { LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES
,
39 "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES",
40 "POLICY", "Policy Change" },
41 { LSA_AUDIT_CATEGORY_PROCCESS_TRACKING
,
42 "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING",
43 "PROCESS", "Process Tracking" },
44 { LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS
,
45 "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS",
46 "OBJECT", "Object Access" },
47 { LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT
,
48 "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT",
49 "SAM", "Account Management" },
50 { LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS
,
51 "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS",
52 "DIRECTORY", "Directory service access" },
53 { LSA_AUDIT_CATEGORY_ACCOUNT_LOGON
,
54 "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON",
55 "ACCOUNT", "Account logon events" },
59 const char *audit_category_str(uint32_t category
)
62 for (i
=0; audit_category_tab
[i
].category_str
; i
++) {
63 if (category
== audit_category_tab
[i
].category
) {
64 return audit_category_tab
[i
].category_str
;
70 const char *audit_param_str(uint32_t category
)
73 for (i
=0; audit_category_tab
[i
].param_str
; i
++) {
74 if (category
== audit_category_tab
[i
].category
) {
75 return audit_category_tab
[i
].param_str
;
81 const char *audit_description_str(uint32_t category
)
84 for (i
=0; audit_category_tab
[i
].description
; i
++) {
85 if (category
== audit_category_tab
[i
].category
) {
86 return audit_category_tab
[i
].description
;
92 bool get_audit_category_from_param(const char *param
, uint32_t *audit_category
)
94 *audit_category
= Undefined
;
96 if (strequal(param
, "SYSTEM")) {
97 *audit_category
= LSA_AUDIT_CATEGORY_SYSTEM
;
98 } else if (strequal(param
, "LOGON")) {
99 *audit_category
= LSA_AUDIT_CATEGORY_LOGON
;
100 } else if (strequal(param
, "OBJECT")) {
101 *audit_category
= LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS
;
102 } else if (strequal(param
, "PRIVILEGE")) {
103 *audit_category
= LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS
;
104 } else if (strequal(param
, "PROCESS")) {
105 *audit_category
= LSA_AUDIT_CATEGORY_PROCCESS_TRACKING
;
106 } else if (strequal(param
, "POLICY")) {
107 *audit_category
= LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES
;
108 } else if (strequal(param
, "SAM")) {
109 *audit_category
= LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT
;
110 } else if (strequal(param
, "DIRECTORY")) {
111 *audit_category
= LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS
;
112 } else if (strequal(param
, "ACCOUNT")) {
113 *audit_category
= LSA_AUDIT_CATEGORY_ACCOUNT_LOGON
;
115 DEBUG(0,("unknown parameter: %s\n", param
));
122 const char *audit_policy_str(TALLOC_CTX
*mem_ctx
, uint32_t policy
)
124 const char *ret
= NULL
;
126 if (policy
== LSA_AUDIT_POLICY_NONE
) {
127 return talloc_strdup(mem_ctx
, "None");
130 if (policy
& LSA_AUDIT_POLICY_SUCCESS
) {
131 ret
= talloc_strdup(mem_ctx
, "Success");
137 if (policy
& LSA_AUDIT_POLICY_FAILURE
) {
139 ret
= talloc_asprintf(mem_ctx
, "%s, %s", ret
, "Failure");
144 return talloc_strdup(mem_ctx
, "Failure");