2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
20 #include "utils/net.h"
22 /********************************************************************
23 ********************************************************************/
25 static int net_help_audit(struct net_context
*c
, int argc
, const char **argv
)
27 d_printf(_("net rpc audit list View configured Auditing policies\n"));
28 d_printf(_("net rpc audit enable Enable Auditing\n"));
29 d_printf(_("net rpc audit disable Disable Auditing\n"));
30 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
31 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
32 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
33 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
38 /********************************************************************
39 ********************************************************************/
41 static void print_auditing_category(const char *policy
, const char *value
)
44 policy
= N_("Unknown");
47 value
= N_("Invalid");
50 d_printf(_("\t%-30s%s\n"), policy
, value
);
53 /********************************************************************
54 ********************************************************************/
56 static NTSTATUS
rpc_audit_get_internal(struct net_context
*c
,
57 const DOM_SID
*domain_sid
,
58 const char *domain_name
,
59 struct cli_state
*cli
,
60 struct rpc_pipe_client
*pipe_hnd
,
65 struct policy_handle pol
;
66 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
67 union lsa_PolicyInformation
*info
= NULL
;
69 uint32_t audit_category
;
71 if (argc
< 1 || argc
> 2) {
72 d_printf(_("insufficient arguments\n"));
73 net_help_audit(c
, argc
, argv
);
74 return NT_STATUS_INVALID_PARAMETER
;
77 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
78 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
79 return NT_STATUS_INVALID_PARAMETER
;
82 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
83 SEC_FLAG_MAXIMUM_ALLOWED
,
86 if (!NT_STATUS_IS_OK(result
)) {
90 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
92 LSA_POLICY_INFO_AUDIT_EVENTS
,
95 if (!NT_STATUS_IS_OK(result
)) {
99 for (i
=0; i
< info
->audit_events
.count
; i
++) {
101 const char *val
= NULL
, *policy
= NULL
;
103 if (i
!= audit_category
) {
107 val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
108 policy
= audit_description_str(i
);
109 print_auditing_category(policy
, val
);
113 if (!NT_STATUS_IS_OK(result
)) {
114 d_printf(_("failed to get auditing policy: %s\n"),
121 /********************************************************************
122 ********************************************************************/
124 static NTSTATUS
rpc_audit_set_internal(struct net_context
*c
,
125 const DOM_SID
*domain_sid
,
126 const char *domain_name
,
127 struct cli_state
*cli
,
128 struct rpc_pipe_client
*pipe_hnd
,
133 struct policy_handle pol
;
134 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
135 union lsa_PolicyInformation
*info
= NULL
;
136 uint32_t audit_policy
, audit_category
;
138 if (argc
< 2 || argc
> 3) {
139 d_printf(_("insufficient arguments\n"));
140 net_help_audit(c
, argc
, argv
);
141 return NT_STATUS_INVALID_PARAMETER
;
144 if (!get_audit_category_from_param(argv
[0], &audit_category
)) {
145 d_printf(_("invalid auditing category: %s\n"), argv
[0]);
146 return NT_STATUS_INVALID_PARAMETER
;
149 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
151 if (strequal(argv
[1], "Success")) {
152 audit_policy
|= LSA_AUDIT_POLICY_SUCCESS
;
153 } else if (strequal(argv
[1], "Failure")) {
154 audit_policy
|= LSA_AUDIT_POLICY_FAILURE
;
155 } else if (strequal(argv
[1], "All")) {
156 audit_policy
|= LSA_AUDIT_POLICY_ALL
;
157 } else if (strequal(argv
[1], "None")) {
158 audit_policy
= LSA_AUDIT_POLICY_CLEAR
;
160 d_printf(_("invalid auditing policy: %s\n"), argv
[1]);
161 return NT_STATUS_INVALID_PARAMETER
;
164 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
165 SEC_FLAG_MAXIMUM_ALLOWED
,
168 if (!NT_STATUS_IS_OK(result
)) {
172 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
174 LSA_POLICY_INFO_AUDIT_EVENTS
,
177 if (!NT_STATUS_IS_OK(result
)) {
181 info
->audit_events
.settings
[audit_category
] = audit_policy
;
183 result
= rpccli_lsa_SetInfoPolicy(pipe_hnd
, mem_ctx
,
185 LSA_POLICY_INFO_AUDIT_EVENTS
,
188 if (!NT_STATUS_IS_OK(result
)) {
192 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
194 LSA_POLICY_INFO_AUDIT_EVENTS
,
197 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[audit_category
]);
198 const char *policy
= audit_description_str(audit_category
);
199 print_auditing_category(policy
, val
);
203 if (!NT_STATUS_IS_OK(result
)) {
204 d_printf(_("failed to set audit policy: %s\n"),
211 /********************************************************************
212 ********************************************************************/
214 static NTSTATUS
rpc_audit_enable_internal_ext(struct rpc_pipe_client
*pipe_hnd
,
220 struct policy_handle pol
;
221 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
222 union lsa_PolicyInformation
*info
= NULL
;
224 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
225 SEC_FLAG_MAXIMUM_ALLOWED
,
228 if (!NT_STATUS_IS_OK(result
)) {
232 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
234 LSA_POLICY_INFO_AUDIT_EVENTS
,
236 if (!NT_STATUS_IS_OK(result
)) {
240 info
->audit_events
.auditing_mode
= enable
;
242 result
= rpccli_lsa_SetInfoPolicy(pipe_hnd
, mem_ctx
,
244 LSA_POLICY_INFO_AUDIT_EVENTS
,
247 if (!NT_STATUS_IS_OK(result
)) {
252 if (!NT_STATUS_IS_OK(result
)) {
253 d_printf(_("%s: %s\n"),
254 enable
? _("failed to enable audit policy"):
255 _("failed to disable audit policy"),
262 /********************************************************************
263 ********************************************************************/
265 static NTSTATUS
rpc_audit_disable_internal(struct net_context
*c
,
266 const DOM_SID
*domain_sid
,
267 const char *domain_name
,
268 struct cli_state
*cli
,
269 struct rpc_pipe_client
*pipe_hnd
,
274 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
278 /********************************************************************
279 ********************************************************************/
281 static NTSTATUS
rpc_audit_enable_internal(struct net_context
*c
,
282 const DOM_SID
*domain_sid
,
283 const char *domain_name
,
284 struct cli_state
*cli
,
285 struct rpc_pipe_client
*pipe_hnd
,
290 return rpc_audit_enable_internal_ext(pipe_hnd
, mem_ctx
, argc
, argv
,
294 /********************************************************************
295 ********************************************************************/
297 static NTSTATUS
rpc_audit_list_internal(struct net_context
*c
,
298 const DOM_SID
*domain_sid
,
299 const char *domain_name
,
300 struct cli_state
*cli
,
301 struct rpc_pipe_client
*pipe_hnd
,
306 struct policy_handle pol
;
307 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
308 union lsa_PolicyInformation
*info
= NULL
;
311 result
= rpccli_lsa_open_policy(pipe_hnd
, mem_ctx
, true,
312 SEC_FLAG_MAXIMUM_ALLOWED
,
315 if (!NT_STATUS_IS_OK(result
)) {
319 result
= rpccli_lsa_QueryInfoPolicy(pipe_hnd
, mem_ctx
,
321 LSA_POLICY_INFO_AUDIT_EVENTS
,
323 if (!NT_STATUS_IS_OK(result
)) {
327 printf(_("Auditing:\t\t"));
328 switch (info
->audit_events
.auditing_mode
) {
330 printf(_("Enabled"));
333 printf(_("Disabled"));
336 printf(_("unknown (%d)"),
337 info
->audit_events
.auditing_mode
);
342 printf(_("Auditing categories:\t%d\n"), info
->audit_events
.count
);
343 printf(_("Auditing settings:\n"));
345 for (i
=0; i
< info
->audit_events
.count
; i
++) {
346 const char *val
= audit_policy_str(mem_ctx
, info
->audit_events
.settings
[i
]);
347 const char *policy
= audit_description_str(i
);
348 print_auditing_category(policy
, val
);
352 if (!NT_STATUS_IS_OK(result
)) {
353 d_printf(_("failed to list auditing policies: %s\n"),
360 /********************************************************************
361 ********************************************************************/
363 static int rpc_audit_get(struct net_context
*c
, int argc
, const char **argv
)
365 if (c
->display_usage
) {
366 d_printf(_("Usage:\n"
367 "net rpc audit get\n"
368 " View configured audit setting\n"));
372 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
373 rpc_audit_get_internal
, argc
, argv
);
376 /********************************************************************
377 ********************************************************************/
379 static int rpc_audit_set(struct net_context
*c
, int argc
, const char **argv
)
381 if (c
->display_usage
) {
382 d_printf(_("Usage:\n"
383 "net rpc audit set\n"
384 " Set audit policies\n"));
388 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
389 rpc_audit_set_internal
, argc
, argv
);
392 /********************************************************************
393 ********************************************************************/
395 static int rpc_audit_enable(struct net_context
*c
, int argc
, const char **argv
)
397 if (c
->display_usage
) {
398 d_printf(_("Usage:\n"
399 "net rpc audit enable\n"
400 " Enable auditing\n"));
404 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
405 rpc_audit_enable_internal
, argc
, argv
);
408 /********************************************************************
409 ********************************************************************/
411 static int rpc_audit_disable(struct net_context
*c
, int argc
, const char **argv
)
413 if (c
->display_usage
) {
414 d_printf(_("Usage:\n"
415 "net rpc audit disable\n"
416 " Disable auditing\n"));
420 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
421 rpc_audit_disable_internal
, argc
, argv
);
424 /********************************************************************
425 ********************************************************************/
427 static int rpc_audit_list(struct net_context
*c
, int argc
, const char **argv
)
429 if (c
->display_usage
) {
430 d_printf(_("Usage:\n"
431 "net rpc audit list\n"
432 " List auditing settings\n"));
436 return run_rpc_command(c
, NULL
, &ndr_table_lsarpc
.syntax_id
, 0,
437 rpc_audit_list_internal
, argc
, argv
);
440 /********************************************************************
441 ********************************************************************/
443 int net_rpc_audit(struct net_context
*c
, int argc
, const char **argv
)
445 struct functable func
[] = {
450 N_("View configured auditing settings"),
451 N_("net rpc audit get\n"
452 " View configured auditing settings")
458 N_("Set auditing policies"),
459 N_("net rpc audit set\n"
460 " Set auditing policies")
466 N_("Enable auditing"),
467 N_("net rpc audit enable\n"
474 N_("Disable auditing"),
475 N_("net rpc audit disable\n"
482 N_("List configured auditing settings"),
483 N_("net rpc audit list\n"
484 " List configured auditing settings")
486 {NULL
, NULL
, 0, NULL
, NULL
}
489 return net_run_function(c
, argc
, argv
, "net rpc audit", func
);