2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
20 #include "utils/net.h"
21 #include "../librpc/gen_ndr/cli_lsa.h"
23 /********************************************************************
24 ********************************************************************/
26 static int net_help_audit(struct net_context
*c
, int argc
, const char **argv
)
28 d_printf(_("net rpc audit list View configured Auditing policies\n"));
29 d_printf(_("net rpc audit enable Enable Auditing\n"));
30 d_printf(_("net rpc audit disable Disable Auditing\n"));
31 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
32 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
33 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
34 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
39 /********************************************************************
40 ********************************************************************/
42 static void print_auditing_category(const char *policy
, const char *value
)
45 policy
= N_("Unknown");
48 value
= N_("Invalid");
51 d_printf(_("\t%-30s%s\n"), policy
, value
);
54 /********************************************************************
55 ********************************************************************/
57 static NTSTATUS
rpc_audit_get_internal(struct net_context
*c
,
58 const DOM_SID
*domain_sid
,
59 const char *domain_name
,
60 struct cli_state
*cli
,
61 struct rpc_pipe_client
*pipe_hnd
,
66 struct policy_handle pol
;
67 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
68 union lsa_PolicyInformation
*info
= NULL
;
70 uint32_t audit_category
;
72 if (argc
< 1 || argc
> 2) {
73 d_printf(_("insufficient arguments\n"));
74 net_help_audit(c
, argc
, argv
);
75 return NT_STATUS_INVALID_PARAMETER
;
78 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
79 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
80 return NT_STATUS_INVALID_PARAMETER
;
83 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
84 SEC_FLAG_MAXIMUM_ALLOWED
,
87 if (!NT_STATUS_IS_OK(result
)) {
91 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
93 LSA_POLICY_INFO_AUDIT_EVENTS
,
96 if (!NT_STATUS_IS_OK(result
)) {
100 for (i
=0; i
< info
->audit_events
.count
; i
++) {
102 const char *val
= NULL
, *policy
= NULL
;
104 if (i
!= audit_category
) {
108 val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
109 policy
= audit_description_str(i
);
110 print_auditing_category(policy
, val
);
114 if (!NT_STATUS_IS_OK(result
)) {
115 d_printf(_("failed to get auditing policy: %s\n"),
122 /********************************************************************
123 ********************************************************************/
125 static NTSTATUS
rpc_audit_set_internal(struct net_context
*c
,
126 const DOM_SID
*domain_sid
,
127 const char *domain_name
,
128 struct cli_state
*cli
,
129 struct rpc_pipe_client
*pipe_hnd
,
134 struct policy_handle pol
;
135 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
136 union lsa_PolicyInformation
*info
= NULL
;
137 uint32_t audit_policy
, audit_category
;
139 if (argc
< 2 || argc
> 3) {
140 d_printf(_("insufficient arguments\n"));
141 net_help_audit(c
, argc
, argv
);
142 return NT_STATUS_INVALID_PARAMETER
;
145 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
146 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
147 return NT_STATUS_INVALID_PARAMETER
;
150 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
152 if (strequal(argv
[1], "Success")) {
153 audit_policy
|= LSA_AUDIT_POLICY_SUCCESS
;
154 } else if (strequal(argv
[1], "Failure")) {
155 audit_policy
|= LSA_AUDIT_POLICY_FAILURE
;
156 } else if (strequal(argv
[1], "All")) {
157 audit_policy
|= LSA_AUDIT_POLICY_ALL
;
158 } else if (strequal(argv
[1], "None")) {
159 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
161 d_printf(_("invalid auditing policy: %s\n"), argv
[1]);
162 return NT_STATUS_INVALID_PARAMETER
;
165 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
166 SEC_FLAG_MAXIMUM_ALLOWED
,
169 if (!NT_STATUS_IS_OK(result
)) {
173 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
175 LSA_POLICY_INFO_AUDIT_EVENTS
,
178 if (!NT_STATUS_IS_OK(result
)) {
182 info
->audit_events
.settings
[audit_category
] = audit_policy
;
184 result
= rpccli_lsa_SetInfoPolicy(pipe_hnd
, mem_ctx
,
186 LSA_POLICY_INFO_AUDIT_EVENTS
,
189 if (!NT_STATUS_IS_OK(result
)) {
193 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
195 LSA_POLICY_INFO_AUDIT_EVENTS
,
198 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[audit_category
]);
199 const char *policy
= audit_description_str(audit_category
);
200 print_auditing_category(policy
, val
);
204 if (!NT_STATUS_IS_OK(result
)) {
205 d_printf(_("failed to set audit policy: %s\n"),
212 /********************************************************************
213 ********************************************************************/
215 static NTSTATUS
rpc_audit_enable_internal_ext(struct rpc_pipe_client
*pipe_hnd
,
221 struct policy_handle pol
;
222 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
223 union lsa_PolicyInformation
*info
= NULL
;
225 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
226 SEC_FLAG_MAXIMUM_ALLOWED
,
229 if (!NT_STATUS_IS_OK(result
)) {
233 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
235 LSA_POLICY_INFO_AUDIT_EVENTS
,
237 if (!NT_STATUS_IS_OK(result
)) {
241 info
->audit_events
.auditing_mode
= enable
;
243 result
= rpccli_lsa_SetInfoPolicy(pipe_hnd
, mem_ctx
,
245 LSA_POLICY_INFO_AUDIT_EVENTS
,
248 if (!NT_STATUS_IS_OK(result
)) {
253 if (!NT_STATUS_IS_OK(result
)) {
254 d_printf(_("%s: %s\n"),
255 enable
? _("failed to enable audit policy"):
256 _("failed to disable audit policy"),
263 /********************************************************************
264 ********************************************************************/
266 static NTSTATUS
rpc_audit_disable_internal(struct net_context
*c
,
267 const DOM_SID
*domain_sid
,
268 const char *domain_name
,
269 struct cli_state
*cli
,
270 struct rpc_pipe_client
*pipe_hnd
,
275 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
279 /********************************************************************
280 ********************************************************************/
282 static NTSTATUS
rpc_audit_enable_internal(struct net_context
*c
,
283 const DOM_SID
*domain_sid
,
284 const char *domain_name
,
285 struct cli_state
*cli
,
286 struct rpc_pipe_client
*pipe_hnd
,
291 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
295 /********************************************************************
296 ********************************************************************/
298 static NTSTATUS
rpc_audit_list_internal(struct net_context
*c
,
299 const DOM_SID
*domain_sid
,
300 const char *domain_name
,
301 struct cli_state
*cli
,
302 struct rpc_pipe_client
*pipe_hnd
,
307 struct policy_handle pol
;
308 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
309 union lsa_PolicyInformation
*info
= NULL
;
312 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
313 SEC_FLAG_MAXIMUM_ALLOWED
,
316 if (!NT_STATUS_IS_OK(result
)) {
320 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
322 LSA_POLICY_INFO_AUDIT_EVENTS
,
324 if (!NT_STATUS_IS_OK(result
)) {
328 printf(_("Auditing:\t\t"));
329 switch (info
->audit_events
.auditing_mode
) {
331 printf(_("Enabled"));
334 printf(_("Disabled"));
337 printf(_("unknown (%d)"),
338 info
->audit_events
.auditing_mode
);
343 printf(_("Auditing categories:\t%d\n"), info
->audit_events
.count
);
344 printf(_("Auditing settings:\n"));
346 for (i
=0; i
< info
->audit_events
.count
; i
++) {
347 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
348 const char *policy
= audit_description_str(i
);
349 print_auditing_category(policy
, val
);
353 if (!NT_STATUS_IS_OK(result
)) {
354 d_printf(_("failed to list auditing policies: %s\n"),
361 /********************************************************************
362 ********************************************************************/
364 static int rpc_audit_get(struct net_context
*c
, int argc
, const char **argv
)
366 if (c
->display_usage
) {
367 d_printf(_("Usage:\n"
368 "net rpc audit get\n"
369 " View configured audit setting\n"));
373 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
374 rpc_audit_get_internal
, argc
, argv
);
377 /********************************************************************
378 ********************************************************************/
380 static int rpc_audit_set(struct net_context
*c
, int argc
, const char **argv
)
382 if (c
->display_usage
) {
383 d_printf(_("Usage:\n"
384 "net rpc audit set\n"
385 " Set audit policies\n"));
389 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
390 rpc_audit_set_internal
, argc
, argv
);
393 /********************************************************************
394 ********************************************************************/
396 static int rpc_audit_enable(struct net_context
*c
, int argc
, const char **argv
)
398 if (c
->display_usage
) {
399 d_printf(_("Usage:\n"
400 "net rpc audit enable\n"
401 " Enable auditing\n"));
405 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
406 rpc_audit_enable_internal
, argc
, argv
);
409 /********************************************************************
410 ********************************************************************/
412 static int rpc_audit_disable(struct net_context
*c
, int argc
, const char **argv
)
414 if (c
->display_usage
) {
415 d_printf(_("Usage:\n"
416 "net rpc audit disable\n"
417 " Disable auditing\n"));
421 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
422 rpc_audit_disable_internal
, argc
, argv
);
425 /********************************************************************
426 ********************************************************************/
428 static int rpc_audit_list(struct net_context
*c
, int argc
, const char **argv
)
430 if (c
->display_usage
) {
431 d_printf(_("Usage:\n"
432 "net rpc audit list\n"
433 " List auditing settings\n"));
437 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
438 rpc_audit_list_internal
, argc
, argv
);
441 /********************************************************************
442 ********************************************************************/
444 int net_rpc_audit(struct net_context
*c
, int argc
, const char **argv
)
446 struct functable func
[] = {
451 N_("View configured auditing settings"),
452 N_("net rpc audit get\n"
453 " View configured auditing settings")
459 N_("Set auditing policies"),
460 N_("net rpc audit set\n"
461 " Set auditing policies")
467 N_("Enable auditing"),
468 N_("net rpc audit enable\n"
475 N_("Disable auditing"),
476 N_("net rpc audit disable\n"
483 N_("List configured auditing settings"),
484 N_("net rpc audit list\n"
485 " List configured auditing settings")
487 {NULL
, NULL
, 0, NULL
, NULL
}
490 return net_run_function(c
, argc
, argv
, "net rpc audit", func
);