search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:ldb Allow ldb_msg_canonicalize to handle empty elements
[Samba/ekacnet.git] / source3 / utils / net_rpc_audit.c
blobbc3ed3dba24add0e48495f8440906ab31b584f9e
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #include "includes.h"
20 #include "utils/net.h"
21
22 /********************************************************************
23 ********************************************************************/
24
25 static int net_help_audit(struct net_context *c, int argc, const char **argv)
26 {
27 d_printf(_("net rpc audit list View configured Auditing policies\n"));
28 d_printf(_("net rpc audit enable Enable Auditing\n"));
29 d_printf(_("net rpc audit disable Disable Auditing\n"));
30 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
31 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
32 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
33 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
34
35 return -1;
36 }
37
38 /********************************************************************
39 ********************************************************************/
40
41 static void print_auditing_category(const char *policy, const char *value)
42 {
43 if (policy == NULL) {
44 policy = N_("Unknown");
45 }
46 if (value == NULL) {
47 value = N_("Invalid");
48 }
49
50 d_printf(_("\t%-30s%s\n"), policy, value);
51 }
52
53 /********************************************************************
54 ********************************************************************/
55
56 static NTSTATUS rpc_audit_get_internal(struct net_context *c,
57 const DOM_SID *domain_sid,
58 const char *domain_name,
59 struct cli_state *cli,
60 struct rpc_pipe_client *pipe_hnd,
61 TALLOC_CTX *mem_ctx,
62 int argc,
63 const char **argv)
64 {
65 struct policy_handle pol;
66 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
67 union lsa_PolicyInformation *info = NULL;
68 int i;
69 uint32_t audit_category;
70
71 if (argc < 1 || argc > 2) {
72 d_printf(_("insufficient arguments\n"));
73 net_help_audit(c, argc, argv);
74 return NT_STATUS_INVALID_PARAMETER;
75 }
76
77 if (!get_audit_category_from_param(argv[0], &audit_category)) {
78 d_printf(_("invalid auditing category: %s\n"), argv[0]);
79 return NT_STATUS_INVALID_PARAMETER;
80 }
81
82 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
83 SEC_FLAG_MAXIMUM_ALLOWED,
84 &pol);
85
86 if (!NT_STATUS_IS_OK(result)) {
87 goto done;
88 }
89
90 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
91 &pol,
92 LSA_POLICY_INFO_AUDIT_EVENTS,
93 &info);
94
95 if (!NT_STATUS_IS_OK(result)) {
96 goto done;
97 }
98
99 for (i=0; i < info->audit_events.count; i++) {
100
101 const char *val = NULL, *policy = NULL;
102
103 if (i != audit_category) {
104 continue;
105 }
106
107 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
108 policy = audit_description_str(i);
109 print_auditing_category(policy, val);
110 }
111
112 done:
113 if (!NT_STATUS_IS_OK(result)) {
114 d_printf(_("failed to get auditing policy: %s\n"),
115 nt_errstr(result));
116 }
117
118 return result;
119 }
120
121 /********************************************************************
122 ********************************************************************/
123
124 static NTSTATUS rpc_audit_set_internal(struct net_context *c,
125 const DOM_SID *domain_sid,
126 const char *domain_name,
127 struct cli_state *cli,
128 struct rpc_pipe_client *pipe_hnd,
129 TALLOC_CTX *mem_ctx,
130 int argc,
131 const char **argv)
132 {
133 struct policy_handle pol;
134 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
135 union lsa_PolicyInformation *info = NULL;
136 uint32_t audit_policy, audit_category;
137
138 if (argc < 2 || argc > 3) {
139 d_printf(_("insufficient arguments\n"));
140 net_help_audit(c, argc, argv);
141 return NT_STATUS_INVALID_PARAMETER;
142 }
143
144 if (!get_audit_category_from_param(argv[0], &audit_category)) {
145 d_printf(_("invalid auditing category: %s\n"), argv[0]);
146 return NT_STATUS_INVALID_PARAMETER;
147 }
148
149 audit_policy = LSA_AUDIT_POLICY_CLEAR;
150
151 if (strequal(argv[1], "Success")) {
152 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
153 } else if (strequal(argv[1], "Failure")) {
154 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
155 } else if (strequal(argv[1], "All")) {
156 audit_policy |= LSA_AUDIT_POLICY_ALL;
157 } else if (strequal(argv[1], "None")) {
158 audit_policy = LSA_AUDIT_POLICY_CLEAR;
159 } else {
160 d_printf(_("invalid auditing policy: %s\n"), argv[1]);
161 return NT_STATUS_INVALID_PARAMETER;
162 }
163
164 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
165 SEC_FLAG_MAXIMUM_ALLOWED,
166 &pol);
167
168 if (!NT_STATUS_IS_OK(result)) {
169 goto done;
170 }
171
172 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
173 &pol,
174 LSA_POLICY_INFO_AUDIT_EVENTS,
175 &info);
176
177 if (!NT_STATUS_IS_OK(result)) {
178 goto done;
179 }
180
181 info->audit_events.settings[audit_category] = audit_policy;
182
183 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
184 &pol,
185 LSA_POLICY_INFO_AUDIT_EVENTS,
186 info);
187
188 if (!NT_STATUS_IS_OK(result)) {
189 goto done;
190 }
191
192 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
193 &pol,
194 LSA_POLICY_INFO_AUDIT_EVENTS,
195 &info);
196 {
197 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
198 const char *policy = audit_description_str(audit_category);
199 print_auditing_category(policy, val);
200 }
201
202 done:
203 if (!NT_STATUS_IS_OK(result)) {
204 d_printf(_("failed to set audit policy: %s\n"),
205 nt_errstr(result));
206 }
207
208 return result;
209 }
210
211 /********************************************************************
212 ********************************************************************/
213
214 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
215 TALLOC_CTX *mem_ctx,
216 int argc,
217 const char **argv,
218 bool enable)
219 {
220 struct policy_handle pol;
221 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
222 union lsa_PolicyInformation *info = NULL;
223
224 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
225 SEC_FLAG_MAXIMUM_ALLOWED,
226 &pol);
227
228 if (!NT_STATUS_IS_OK(result)) {
229 goto done;
230 }
231
232 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
233 &pol,
234 LSA_POLICY_INFO_AUDIT_EVENTS,
235 &info);
236 if (!NT_STATUS_IS_OK(result)) {
237 goto done;
238 }
239
240 info->audit_events.auditing_mode = enable;
241
242 result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
243 &pol,
244 LSA_POLICY_INFO_AUDIT_EVENTS,
245 info);
246
247 if (!NT_STATUS_IS_OK(result)) {
248 goto done;
249 }
250
251 done:
252 if (!NT_STATUS_IS_OK(result)) {
253 d_printf(_("%s: %s\n"),
254 enable ? _("failed to enable audit policy"):
255 _("failed to disable audit policy"),
256 nt_errstr(result));
257 }
258
259 return result;
260 }
261
262 /********************************************************************
263 ********************************************************************/
264
265 static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
266 const DOM_SID *domain_sid,
267 const char *domain_name,
268 struct cli_state *cli,
269 struct rpc_pipe_client *pipe_hnd,
270 TALLOC_CTX *mem_ctx,
271 int argc,
272 const char **argv)
273 {
274 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
275 false);
276 }
277
278 /********************************************************************
279 ********************************************************************/
280
281 static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
282 const DOM_SID *domain_sid,
283 const char *domain_name,
284 struct cli_state *cli,
285 struct rpc_pipe_client *pipe_hnd,
286 TALLOC_CTX *mem_ctx,
287 int argc,
288 const char **argv)
289 {
290 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
291 true);
292 }
293
294 /********************************************************************
295 ********************************************************************/
296
297 static NTSTATUS rpc_audit_list_internal(struct net_context *c,
298 const DOM_SID *domain_sid,
299 const char *domain_name,
300 struct cli_state *cli,
301 struct rpc_pipe_client *pipe_hnd,
302 TALLOC_CTX *mem_ctx,
303 int argc,
304 const char **argv)
305 {
306 struct policy_handle pol;
307 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
308 union lsa_PolicyInformation *info = NULL;
309 int i;
310
311 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
312 SEC_FLAG_MAXIMUM_ALLOWED,
313 &pol);
314
315 if (!NT_STATUS_IS_OK(result)) {
316 goto done;
317 }
318
319 result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
320 &pol,
321 LSA_POLICY_INFO_AUDIT_EVENTS,
322 &info);
323 if (!NT_STATUS_IS_OK(result)) {
324 goto done;
325 }
326
327 printf(_("Auditing:\t\t"));
328 switch (info->audit_events.auditing_mode) {
329 case true:
330 printf(_("Enabled"));
331 break;
332 case false:
333 printf(_("Disabled"));
334 break;
335 default:
336 printf(_("unknown (%d)"),
337 info->audit_events.auditing_mode);
338 break;
339 }
340 printf("\n");
341
342 printf(_("Auditing categories:\t%d\n"), info->audit_events.count);
343 printf(_("Auditing settings:\n"));
344
345 for (i=0; i < info->audit_events.count; i++) {
346 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
347 const char *policy = audit_description_str(i);
348 print_auditing_category(policy, val);
349 }
350
351 done:
352 if (!NT_STATUS_IS_OK(result)) {
353 d_printf(_("failed to list auditing policies: %s\n"),
354 nt_errstr(result));
355 }
356
357 return result;
358 }
359
360 /********************************************************************
361 ********************************************************************/
362
363 static int rpc_audit_get(struct net_context *c, int argc, const char **argv)
364 {
365 if (c->display_usage) {
366 d_printf(_("Usage:\n"
367 "net rpc audit get\n"
368 " View configured audit setting\n"));
369 return 0;
370 }
371
372 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
373 rpc_audit_get_internal, argc, argv);
374 }
375
376 /********************************************************************
377 ********************************************************************/
378
379 static int rpc_audit_set(struct net_context *c, int argc, const char **argv)
380 {
381 if (c->display_usage) {
382 d_printf(_("Usage:\n"
383 "net rpc audit set\n"
384 " Set audit policies\n"));
385 return 0;
386 }
387
388 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
389 rpc_audit_set_internal, argc, argv);
390 }
391
392 /********************************************************************
393 ********************************************************************/
394
395 static int rpc_audit_enable(struct net_context *c, int argc, const char **argv)
396 {
397 if (c->display_usage) {
398 d_printf(_("Usage:\n"
399 "net rpc audit enable\n"
400 " Enable auditing\n"));
401 return 0;
402 }
403
404 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
405 rpc_audit_enable_internal, argc, argv);
406 }
407
408 /********************************************************************
409 ********************************************************************/
410
411 static int rpc_audit_disable(struct net_context *c, int argc, const char **argv)
412 {
413 if (c->display_usage) {
414 d_printf(_("Usage:\n"
415 "net rpc audit disable\n"
416 " Disable auditing\n"));
417 return 0;
418 }
419
420 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
421 rpc_audit_disable_internal, argc, argv);
422 }
423
424 /********************************************************************
425 ********************************************************************/
426
427 static int rpc_audit_list(struct net_context *c, int argc, const char **argv)
428 {
429 if (c->display_usage) {
430 d_printf(_("Usage:\n"
431 "net rpc audit list\n"
432 " List auditing settings\n"));
433 return 0;
434 }
435
436 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
437 rpc_audit_list_internal, argc, argv);
438 }
439
440 /********************************************************************
441 ********************************************************************/
442
443 int net_rpc_audit(struct net_context *c, int argc, const char **argv)
444 {
445 struct functable func[] = {
446 {
447 "get",
448 rpc_audit_get,
449 NET_TRANSPORT_RPC,
450 N_("View configured auditing settings"),
451 N_("net rpc audit get\n"
452 " View configured auditing settings")
453 },
454 {
455 "set",
456 rpc_audit_set,
457 NET_TRANSPORT_RPC,
458 N_("Set auditing policies"),
459 N_("net rpc audit set\n"
460 " Set auditing policies")
461 },
462 {
463 "enable",
464 rpc_audit_enable,
465 NET_TRANSPORT_RPC,
466 N_("Enable auditing"),
467 N_("net rpc audit enable\n"
468 " Enable auditing")
469 },
470 {
471 "disable",
472 rpc_audit_disable,
473 NET_TRANSPORT_RPC,
474 N_("Disable auditing"),
475 N_("net rpc audit disable\n"
476 " Disable auditing")
477 },
478 {
479 "list",
480 rpc_audit_list,
481 NET_TRANSPORT_RPC,
482 N_("List configured auditing settings"),
483 N_("net rpc audit list\n"
484 " List configured auditing settings")
485 },
486 {NULL, NULL, 0, NULL, NULL}
487 };
488
489 return net_run_function(c, argc, argv, "net rpc audit", func);
490 }