search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r18799: Prepare query_disp_info to use the next idx from the last result entry
[Samba/bb.git] / source / utils / net_rpc_audit.c
blob981dc93fdd7097d9db65c5a1cc2e4af221216f11
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006 Guenther Deschner
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20 #include "includes.h"
21 #include "utils/net.h"
22
23 /********************************************************************
24 ********************************************************************/
25
26 static int net_help_audit(int argc, const char **argv)
27 {
28 d_printf("net rpc audit list View configured Auditing policies\n");
29 d_printf("net rpc audit enable Enable Auditing\n");
30 d_printf("net rpc audit disable Disable Auditing\n");
31 d_printf("net rpc audit get <category> View configured Auditing policy setting\n");
32 d_printf("net rpc audit set <category> <policy> Set Auditing policies\n\n");
33 d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
34 d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
35
36 return -1;
37 }
38
39 /********************************************************************
40 ********************************************************************/
41
42 static void print_auditing_category(const char *policy, const char *value)
43 {
44 fstring padding;
45 int pad_len, col_len = 30;
46
47 if (policy == NULL) {
48 policy = "Unknown";
49 }
50 if (value == NULL) {
51 value = "Invalid";
52 }
53
54 /* calculate padding space for d_printf to look nicer */
55 pad_len = col_len - strlen(policy);
56 padding[pad_len] = 0;
57 do padding[--pad_len] = ' '; while (pad_len > 0);
58
59 d_printf("\t%s%s%s\n", policy, padding, value);
60 }
61
62
63 /********************************************************************
64 ********************************************************************/
65
66 static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
67 const char *domain_name,
68 struct cli_state *cli,
69 struct rpc_pipe_client *pipe_hnd,
70 TALLOC_CTX *mem_ctx,
71 int argc,
72 const char **argv)
73 {
74 POLICY_HND pol;
75 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
76 LSA_INFO_CTR dom;
77 int i;
78
79 uint32 info_class = 2;
80 uint32 audit_category;
81
82 if (argc < 1 || argc > 2) {
83 d_printf("insufficient arguments\n");
84 net_help_audit(argc, argv);
85 return NT_STATUS_INVALID_PARAMETER;
86 }
87
88 if (!get_audit_category_from_param(argv[0], &audit_category)) {
89 d_printf("invalid auditing category: %s\n", argv[0]);
90 return NT_STATUS_INVALID_PARAMETER;
91 }
92
93 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
94 SEC_RIGHTS_MAXIMUM_ALLOWED,
95 &pol);
96
97 if (!NT_STATUS_IS_OK(result)) {
98 goto done;
99 }
100
101 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
102 info_class,
103 &dom);
104
105 if (!NT_STATUS_IS_OK(result)) {
106 goto done;
107 }
108
109 for (i=0; i < dom.info.id2.count1; i++) {
110
111 const char *val = NULL, *policy = NULL;
112
113 if (i != audit_category) {
114 continue;
115 }
116
117 val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
118 policy = audit_description_str(i);
119 print_auditing_category(policy, val);
120 }
121
122 done:
123 if (!NT_STATUS_IS_OK(result)) {
124 d_printf("failed to get auditing policy: %s\n", nt_errstr(result));
125 }
126
127 return result;
128 }
129
130 /********************************************************************
131 ********************************************************************/
132
133 static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
134 const char *domain_name,
135 struct cli_state *cli,
136 struct rpc_pipe_client *pipe_hnd,
137 TALLOC_CTX *mem_ctx,
138 int argc,
139 const char **argv)
140 {
141 POLICY_HND pol;
142 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
143 LSA_INFO_CTR dom;
144
145 uint32 info_class = 2;
146 uint32 audit_policy, audit_category;
147
148 if (argc < 2 || argc > 3) {
149 d_printf("insufficient arguments\n");
150 net_help_audit(argc, argv);
151 return NT_STATUS_INVALID_PARAMETER;
152 }
153
154 if (!get_audit_category_from_param(argv[0], &audit_category)) {
155 d_printf("invalid auditing category: %s\n", argv[0]);
156 return NT_STATUS_INVALID_PARAMETER;
157 }
158
159 audit_policy = LSA_AUDIT_POLICY_CLEAR;
160
161 if (strequal(argv[1], "Success")) {
162 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
163 } else if (strequal(argv[1], "Failure")) {
164 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
165 } else if (strequal(argv[1], "All")) {
166 audit_policy |= LSA_AUDIT_POLICY_ALL;
167 } else if (strequal(argv[1], "None")) {
168 audit_policy = LSA_AUDIT_POLICY_CLEAR;
169 } else {
170 d_printf("invalid auditing policy: %s\n", argv[1]);
171 return NT_STATUS_INVALID_PARAMETER;
172 }
173
174 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
175 SEC_RIGHTS_MAXIMUM_ALLOWED,
176 &pol);
177
178 if (!NT_STATUS_IS_OK(result)) {
179 goto done;
180 }
181
182 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
183 info_class,
184 &dom);
185
186 if (!NT_STATUS_IS_OK(result)) {
187 goto done;
188 }
189
190 dom.info.id2.auditsettings[audit_category] = audit_policy;
191
192 result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol,
193 info_class,
194 dom);
195 if (!NT_STATUS_IS_OK(result)) {
196 goto done;
197 }
198
199 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
200 info_class,
201 &dom);
202
203 {
204 const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[audit_category]);
205 const char *policy = audit_description_str(audit_category);
206 print_auditing_category(policy, val);
207 }
208
209 done:
210 if (!NT_STATUS_IS_OK(result)) {
211 d_printf("failed to set audit policy: %s\n", nt_errstr(result));
212 }
213
214 return result;
215 }
216
217 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
218 TALLOC_CTX *mem_ctx,
219 int argc,
220 const char **argv,
221 BOOL enable)
222 {
223 POLICY_HND pol;
224 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
225 LSA_INFO_CTR dom;
226
227 uint32 info_class = 2;
228
229 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
230 SEC_RIGHTS_MAXIMUM_ALLOWED,
231 &pol);
232
233 if (!NT_STATUS_IS_OK(result)) {
234 goto done;
235 }
236
237 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
238 info_class,
239 &dom);
240
241 if (!NT_STATUS_IS_OK(result)) {
242 goto done;
243 }
244
245 dom.info.id2.auditing_enabled = enable;
246
247 result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol,
248 info_class,
249 dom);
250
251 if (!NT_STATUS_IS_OK(result)) {
252 goto done;
253 }
254
255 done:
256 if (!NT_STATUS_IS_OK(result)) {
257 d_printf("failed to %s audit policy: %s\n", enable ? "enable":"disable",
258 nt_errstr(result));
259 }
260
261 return result;
262 }
263 /********************************************************************
264 ********************************************************************/
265
266 static NTSTATUS rpc_audit_disable_internal(const DOM_SID *domain_sid,
267 const char *domain_name,
268 struct cli_state *cli,
269 struct rpc_pipe_client *pipe_hnd,
270 TALLOC_CTX *mem_ctx,
271 int argc,
272 const char **argv)
273 {
274 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, False);
275 }
276
277 /********************************************************************
278 ********************************************************************/
279
280 static NTSTATUS rpc_audit_enable_internal(const DOM_SID *domain_sid,
281 const char *domain_name,
282 struct cli_state *cli,
283 struct rpc_pipe_client *pipe_hnd,
284 TALLOC_CTX *mem_ctx,
285 int argc,
286 const char **argv)
287 {
288 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, True);
289 }
290
291 /********************************************************************
292 ********************************************************************/
293
294 static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
295 const char *domain_name,
296 struct cli_state *cli,
297 struct rpc_pipe_client *pipe_hnd,
298 TALLOC_CTX *mem_ctx,
299 int argc,
300 const char **argv)
301 {
302 POLICY_HND pol;
303 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
304 LSA_INFO_CTR dom;
305 int i;
306
307 uint32 info_class = 2;
308
309 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
310 SEC_RIGHTS_MAXIMUM_ALLOWED,
311 &pol);
312
313 if (!NT_STATUS_IS_OK(result)) {
314 goto done;
315 }
316
317 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
318 info_class,
319 &dom);
320
321 if (!NT_STATUS_IS_OK(result)) {
322 goto done;
323 }
324
325 printf("Auditing:\t\t");
326 switch (dom.info.id2.auditing_enabled) {
327 case True:
328 printf("Enabled");
329 break;
330 case False:
331 printf("Disabled");
332 break;
333 default:
334 printf("unknown (%d)", dom.info.id2.auditing_enabled);
335 break;
336 }
337 printf("\n");
338
339 printf("Auditing categories:\t%d\n", dom.info.id2.count1);
340 printf("Auditing settings:\n");
341
342 for (i=0; i < dom.info.id2.count1; i++) {
343 const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
344 const char *policy = audit_description_str(i);
345 print_auditing_category(policy, val);
346 }
347
348 done:
349 if (!NT_STATUS_IS_OK(result)) {
350 d_printf("failed to list auditing policies: %s\n", nt_errstr(result));
351 }
352
353 return result;
354 }
355
356
357
358 /********************************************************************
359 ********************************************************************/
360
361 static int rpc_audit_get(int argc, const char **argv)
362 {
363 return run_rpc_command(NULL, PI_LSARPC, 0,
364 rpc_audit_get_internal, argc, argv);
365 }
366
367 /********************************************************************
368 ********************************************************************/
369
370 static int rpc_audit_set(int argc, const char **argv)
371 {
372 return run_rpc_command(NULL, PI_LSARPC, 0,
373 rpc_audit_set_internal, argc, argv);
374 }
375
376 /********************************************************************
377 ********************************************************************/
378
379 static int rpc_audit_enable(int argc, const char **argv)
380 {
381 return run_rpc_command(NULL, PI_LSARPC, 0,
382 rpc_audit_enable_internal, argc, argv);
383 }
384
385 /********************************************************************
386 ********************************************************************/
387
388 static int rpc_audit_disable(int argc, const char **argv)
389 {
390 return run_rpc_command(NULL, PI_LSARPC, 0,
391 rpc_audit_disable_internal, argc, argv);
392 }
393
394 /********************************************************************
395 ********************************************************************/
396
397 static int rpc_audit_list(int argc, const char **argv)
398 {
399 return run_rpc_command(NULL, PI_LSARPC, 0,
400 rpc_audit_list_internal, argc, argv);
401 }
402
403 /********************************************************************
404 ********************************************************************/
405
406 int net_rpc_audit(int argc, const char **argv)
407 {
408 struct functable func[] = {
409 {"get", rpc_audit_get},
410 {"set", rpc_audit_set},
411 {"enable", rpc_audit_enable},
412 {"disable", rpc_audit_disable},
413 {"list", rpc_audit_list},
414 {NULL, NULL}
415 };
416
417 if (argc)
418 return net_run_function(argc, argv, func, net_help_audit);
419
420 return net_help_audit(argc, argv);
421 }