Fix empty input fields in SWAT; [#5515].
[Samba/bb.git] / source3 / utils / net_rpc_audit.c
blob4ba986464e56f38415887d683f13f5ef196cbd92
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
19 #include "includes.h"
20 #include "utils/net.h"
22 /********************************************************************
23 ********************************************************************/
25 static int net_help_audit(struct net_context *c, int argc, const char **argv)
27 d_printf("net rpc audit list View configured Auditing policies\n");
28 d_printf("net rpc audit enable Enable Auditing\n");
29 d_printf("net rpc audit disable Disable Auditing\n");
30 d_printf("net rpc audit get <category> View configured Auditing policy setting\n");
31 d_printf("net rpc audit set <category> <policy> Set Auditing policies\n\n");
32 d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
33 d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
35 return -1;
38 /********************************************************************
39 ********************************************************************/
41 static void print_auditing_category(const char *policy, const char *value)
43 fstring padding;
44 int pad_len, col_len = 30;
46 if (policy == NULL) {
47 policy = "Unknown";
49 if (value == NULL) {
50 value = "Invalid";
53 /* calculate padding space for d_printf to look nicer */
54 pad_len = col_len - strlen(policy);
55 padding[pad_len] = 0;
56 do padding[--pad_len] = ' '; while (pad_len > 0);
58 d_printf("\t%s%s%s\n", policy, padding, value);
61 /********************************************************************
62 ********************************************************************/
64 static NTSTATUS rpc_audit_get_internal(struct net_context *c,
65 const DOM_SID *domain_sid,
66 const char *domain_name,
67 struct cli_state *cli,
68 struct rpc_pipe_client *pipe_hnd,
69 TALLOC_CTX *mem_ctx,
70 int argc,
71 const char **argv)
73 POLICY_HND pol;
74 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
75 union lsa_PolicyInformation *info = NULL;
76 int i;
77 uint32_t audit_category;
79 if (argc < 1 || argc > 2) {
80 d_printf("insufficient arguments\n");
81 net_help_audit(c, argc, argv);
82 return NT_STATUS_INVALID_PARAMETER;
85 if (!get_audit_category_from_param(argv[0], &audit_category)) {
86 d_printf("invalid auditing category: %s\n", argv[0]);
87 return NT_STATUS_INVALID_PARAMETER;
90 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
91 SEC_RIGHTS_MAXIMUM_ALLOWED,
92 &pol);
94 if (!NT_STATUS_IS_OK(result)) {
95 goto done;
98 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
99 &pol,
100 LSA_POLICY_INFO_AUDIT_EVENTS,
101 &info);
103 if (!NT_STATUS_IS_OK(result)) {
104 goto done;
107 for (i=0; i < info->audit_events.count; i++) {
109 const char *val = NULL, *policy = NULL;
111 if (i != audit_category) {
112 continue;
115 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
116 policy = audit_description_str(i);
117 print_auditing_category(policy, val);
120 done:
121 if (!NT_STATUS_IS_OK(result)) {
122 d_printf("failed to get auditing policy: %s\n",
123 nt_errstr(result));
126 return result;
129 /********************************************************************
130 ********************************************************************/
132 static NTSTATUS rpc_audit_set_internal(struct net_context *c,
133 const DOM_SID *domain_sid,
134 const char *domain_name,
135 struct cli_state *cli,
136 struct rpc_pipe_client *pipe_hnd,
137 TALLOC_CTX *mem_ctx,
138 int argc,
139 const char **argv)
141 POLICY_HND pol;
142 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
143 union lsa_PolicyInformation *info = NULL;
144 uint32_t audit_policy, audit_category;
146 if (argc < 2 || argc > 3) {
147 d_printf("insufficient arguments\n");
148 net_help_audit(c, argc, argv);
149 return NT_STATUS_INVALID_PARAMETER;
152 if (!get_audit_category_from_param(argv[0], &audit_category)) {
153 d_printf("invalid auditing category: %s\n", argv[0]);
154 return NT_STATUS_INVALID_PARAMETER;
157 audit_policy = LSA_AUDIT_POLICY_CLEAR;
159 if (strequal(argv[1], "Success")) {
160 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
161 } else if (strequal(argv[1], "Failure")) {
162 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
163 } else if (strequal(argv[1], "All")) {
164 audit_policy |= LSA_AUDIT_POLICY_ALL;
165 } else if (strequal(argv[1], "None")) {
166 audit_policy = LSA_AUDIT_POLICY_CLEAR;
167 } else {
168 d_printf("invalid auditing policy: %s\n", argv[1]);
169 return NT_STATUS_INVALID_PARAMETER;
172 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
173 SEC_RIGHTS_MAXIMUM_ALLOWED,
174 &pol);
176 if (!NT_STATUS_IS_OK(result)) {
177 goto done;
180 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
181 &pol,
182 LSA_POLICY_INFO_AUDIT_EVENTS,
183 &info);
185 if (!NT_STATUS_IS_OK(result)) {
186 goto done;
189 info->audit_events.settings[audit_category] = audit_policy;
191 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
192 &pol,
193 LSA_POLICY_INFO_AUDIT_EVENTS,
194 info);
196 if (!NT_STATUS_IS_OK(result)) {
197 goto done;
200 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
201 &pol,
202 LSA_POLICY_INFO_AUDIT_EVENTS,
203 &info);
205 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
206 const char *policy = audit_description_str(audit_category);
207 print_auditing_category(policy, val);
210 done:
211 if (!NT_STATUS_IS_OK(result)) {
212 d_printf("failed to set audit policy: %s\n", nt_errstr(result));
215 return result;
218 /********************************************************************
219 ********************************************************************/
221 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
222 TALLOC_CTX *mem_ctx,
223 int argc,
224 const char **argv,
225 bool enable)
227 POLICY_HND pol;
228 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
229 union lsa_PolicyInformation *info = NULL;
231 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
232 SEC_RIGHTS_MAXIMUM_ALLOWED,
233 &pol);
235 if (!NT_STATUS_IS_OK(result)) {
236 goto done;
239 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
240 &pol,
241 LSA_POLICY_INFO_AUDIT_EVENTS,
242 &info);
243 if (!NT_STATUS_IS_OK(result)) {
244 goto done;
247 info->audit_events.auditing_mode = enable;
249 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
250 &pol,
251 LSA_POLICY_INFO_AUDIT_EVENTS,
252 info);
254 if (!NT_STATUS_IS_OK(result)) {
255 goto done;
258 done:
259 if (!NT_STATUS_IS_OK(result)) {
260 d_printf("failed to %s audit policy: %s\n",
261 enable ? "enable":"disable", nt_errstr(result));
264 return result;
267 /********************************************************************
268 ********************************************************************/
270 static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
271 const DOM_SID *domain_sid,
272 const char *domain_name,
273 struct cli_state *cli,
274 struct rpc_pipe_client *pipe_hnd,
275 TALLOC_CTX *mem_ctx,
276 int argc,
277 const char **argv)
279 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
280 false);
283 /********************************************************************
284 ********************************************************************/
286 static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
287 const DOM_SID *domain_sid,
288 const char *domain_name,
289 struct cli_state *cli,
290 struct rpc_pipe_client *pipe_hnd,
291 TALLOC_CTX *mem_ctx,
292 int argc,
293 const char **argv)
295 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
296 true);
299 /********************************************************************
300 ********************************************************************/
302 static NTSTATUS rpc_audit_list_internal(struct net_context *c,
303 const DOM_SID *domain_sid,
304 const char *domain_name,
305 struct cli_state *cli,
306 struct rpc_pipe_client *pipe_hnd,
307 TALLOC_CTX *mem_ctx,
308 int argc,
309 const char **argv)
311 POLICY_HND pol;
312 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
313 union lsa_PolicyInformation *info = NULL;
314 int i;
316 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
317 SEC_RIGHTS_MAXIMUM_ALLOWED,
318 &pol);
320 if (!NT_STATUS_IS_OK(result)) {
321 goto done;
324 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
325 &pol,
326 LSA_POLICY_INFO_AUDIT_EVENTS,
327 &info);
328 if (!NT_STATUS_IS_OK(result)) {
329 goto done;
332 printf("Auditing:\t\t");
333 switch (info->audit_events.auditing_mode) {
334 case true:
335 printf("Enabled");
336 break;
337 case false:
338 printf("Disabled");
339 break;
340 default:
341 printf("unknown (%d)", info->audit_events.auditing_mode);
342 break;
344 printf("\n");
346 printf("Auditing categories:\t%d\n", info->audit_events.count);
347 printf("Auditing settings:\n");
349 for (i=0; i < info->audit_events.count; i++) {
350 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
351 const char *policy = audit_description_str(i);
352 print_auditing_category(policy, val);
355 done:
356 if (!NT_STATUS_IS_OK(result)) {
357 d_printf("failed to list auditing policies: %s\n",
358 nt_errstr(result));
361 return result;
364 /********************************************************************
365 ********************************************************************/
367 static int rpc_audit_get(struct net_context *c, int argc, const char **argv)
369 return run_rpc_command(c, NULL, PI_LSARPC, 0,
370 rpc_audit_get_internal, argc, argv);
373 /********************************************************************
374 ********************************************************************/
376 static int rpc_audit_set(struct net_context *c, int argc, const char **argv)
378 return run_rpc_command(c, NULL, PI_LSARPC, 0,
379 rpc_audit_set_internal, argc, argv);
382 /********************************************************************
383 ********************************************************************/
385 static int rpc_audit_enable(struct net_context *c, int argc, const char **argv)
387 return run_rpc_command(c, NULL, PI_LSARPC, 0,
388 rpc_audit_enable_internal, argc, argv);
391 /********************************************************************
392 ********************************************************************/
394 static int rpc_audit_disable(struct net_context *c, int argc, const char **argv)
396 return run_rpc_command(c, NULL, PI_LSARPC, 0,
397 rpc_audit_disable_internal, argc, argv);
400 /********************************************************************
401 ********************************************************************/
403 static int rpc_audit_list(struct net_context *c, int argc, const char **argv)
405 return run_rpc_command(c, NULL, PI_LSARPC, 0,
406 rpc_audit_list_internal, argc, argv);
409 /********************************************************************
410 ********************************************************************/
412 int net_rpc_audit(struct net_context *c, int argc, const char **argv)
414 struct functable func[] = {
415 {"get", rpc_audit_get},
416 {"set", rpc_audit_set},
417 {"enable", rpc_audit_enable},
418 {"disable", rpc_audit_disable},
419 {"list", rpc_audit_list},
420 {NULL, NULL}
423 if (argc)
424 return net_run_function(c, argc, argv, func, net_help_audit);
426 return net_help_audit(c, argc, argv);