search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
provision: Make dsacl2fsacl() take a security.dom_sid, not str
[Samba/gebeck_regimport.git] / source3 / utils / net_rpc_audit.c
blob336f6a857dfe1140d6357325f61be3e84137fba6
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #include "includes.h"
20 #include "utils/net.h"
21 #include "rpc_client/rpc_client.h"
22 #include "../librpc/gen_ndr/ndr_lsa_c.h"
23 #include "rpc_client/cli_lsarpc.h"
24
25 /********************************************************************
26 ********************************************************************/
27
28 static int net_help_audit(struct net_context *c, int argc, const char **argv)
29 {
30 d_printf(_("net rpc audit list View configured Auditing policies\n"));
31 d_printf(_("net rpc audit enable Enable Auditing\n"));
32 d_printf(_("net rpc audit disable Disable Auditing\n"));
33 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
34 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
35 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
36 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
37
38 return -1;
39 }
40
41 /********************************************************************
42 ********************************************************************/
43
44 static void print_auditing_category(const char *policy, const char *value)
45 {
46 if (policy == NULL) {
47 policy = N_("Unknown");
48 }
49 if (value == NULL) {
50 value = N_("Invalid");
51 }
52
53 d_printf(_("\t%-30s%s\n"), policy, value);
54 }
55
56 /********************************************************************
57 ********************************************************************/
58
59 static NTSTATUS rpc_audit_get_internal(struct net_context *c,
60 const struct dom_sid *domain_sid,
61 const char *domain_name,
62 struct cli_state *cli,
63 struct rpc_pipe_client *pipe_hnd,
64 TALLOC_CTX *mem_ctx,
65 int argc,
66 const char **argv)
67 {
68 struct policy_handle pol;
69 NTSTATUS status, result;
70 union lsa_PolicyInformation *info = NULL;
71 int i;
72 uint32_t audit_category;
73 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
74
75 if (argc < 1 || argc > 2) {
76 d_printf(_("insufficient arguments\n"));
77 net_help_audit(c, argc, argv);
78 return NT_STATUS_INVALID_PARAMETER;
79 }
80
81 if (!get_audit_category_from_param(argv[0], &audit_category)) {
82 d_printf(_("invalid auditing category: %s\n"), argv[0]);
83 return NT_STATUS_INVALID_PARAMETER;
84 }
85
86 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
87 SEC_FLAG_MAXIMUM_ALLOWED,
88 &pol);
89
90 if (!NT_STATUS_IS_OK(status)) {
91 goto done;
92 }
93
94 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
95 &pol,
96 LSA_POLICY_INFO_AUDIT_EVENTS,
97 &info,
98 &result);
99 if (!NT_STATUS_IS_OK(status)) {
100 goto done;
101 }
102 if (!NT_STATUS_IS_OK(result)) {
103 status = result;
104 goto done;
105 }
106
107 for (i=0; i < info->audit_events.count; i++) {
108
109 const char *val = NULL, *policy = NULL;
110
111 if (i != audit_category) {
112 continue;
113 }
114
115 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
116 policy = audit_description_str(i);
117 print_auditing_category(policy, val);
118 }
119
120 done:
121 if (!NT_STATUS_IS_OK(status)) {
122 d_printf(_("failed to get auditing policy: %s\n"),
123 nt_errstr(status));
124 }
125
126 return status;
127 }
128
129 /********************************************************************
130 ********************************************************************/
131
132 static NTSTATUS rpc_audit_set_internal(struct net_context *c,
133 const struct dom_sid *domain_sid,
134 const char *domain_name,
135 struct cli_state *cli,
136 struct rpc_pipe_client *pipe_hnd,
137 TALLOC_CTX *mem_ctx,
138 int argc,
139 const char **argv)
140 {
141 struct policy_handle pol;
142 NTSTATUS status, result;
143 union lsa_PolicyInformation *info = NULL;
144 uint32_t audit_policy, audit_category;
145 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
146
147 if (argc < 2 || argc > 3) {
148 d_printf(_("insufficient arguments\n"));
149 net_help_audit(c, argc, argv);
150 return NT_STATUS_INVALID_PARAMETER;
151 }
152
153 if (!get_audit_category_from_param(argv[0], &audit_category)) {
154 d_printf(_("invalid auditing category: %s\n"), argv[0]);
155 return NT_STATUS_INVALID_PARAMETER;
156 }
157
158 audit_policy = LSA_AUDIT_POLICY_CLEAR;
159
160 if (strequal(argv[1], "Success")) {
161 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
162 } else if (strequal(argv[1], "Failure")) {
163 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
164 } else if (strequal(argv[1], "All")) {
165 audit_policy |= LSA_AUDIT_POLICY_ALL;
166 } else if (strequal(argv[1], "None")) {
167 audit_policy = LSA_AUDIT_POLICY_CLEAR;
168 } else {
169 d_printf(_("invalid auditing policy: %s\n"), argv[1]);
170 return NT_STATUS_INVALID_PARAMETER;
171 }
172
173 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
174 SEC_FLAG_MAXIMUM_ALLOWED,
175 &pol);
176
177 if (!NT_STATUS_IS_OK(status)) {
178 goto done;
179 }
180
181 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
182 &pol,
183 LSA_POLICY_INFO_AUDIT_EVENTS,
184 &info,
185 &result);
186 if (!NT_STATUS_IS_OK(status)) {
187 goto done;
188 }
189 if (!NT_STATUS_IS_OK(result)) {
190 status = result;
191 goto done;
192 }
193
194 info->audit_events.settings[audit_category] = audit_policy;
195
196 status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
197 &pol,
198 LSA_POLICY_INFO_AUDIT_EVENTS,
199 info,
200 &result);
201 if (!NT_STATUS_IS_OK(status)) {
202 goto done;
203 }
204 if (!NT_STATUS_IS_OK(result)) {
205 status = result;
206 goto done;
207 }
208
209 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
210 &pol,
211 LSA_POLICY_INFO_AUDIT_EVENTS,
212 &info,
213 &result);
214 if (!NT_STATUS_IS_OK(status)) {
215 goto done;
216 }
217
218 status = result;
219
220 {
221 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
222 const char *policy = audit_description_str(audit_category);
223 print_auditing_category(policy, val);
224 }
225
226 done:
227 if (!NT_STATUS_IS_OK(status)) {
228 d_printf(_("failed to set audit policy: %s\n"),
229 nt_errstr(status));
230 }
231
232 return status;
233 }
234
235 /********************************************************************
236 ********************************************************************/
237
238 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
239 TALLOC_CTX *mem_ctx,
240 int argc,
241 const char **argv,
242 bool enable)
243 {
244 struct policy_handle pol;
245 NTSTATUS status, result;
246 union lsa_PolicyInformation *info = NULL;
247 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
248
249 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
250 SEC_FLAG_MAXIMUM_ALLOWED,
251 &pol);
252
253 if (!NT_STATUS_IS_OK(status)) {
254 goto done;
255 }
256
257 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
258 &pol,
259 LSA_POLICY_INFO_AUDIT_EVENTS,
260 &info,
261 &result);
262 if (!NT_STATUS_IS_OK(status)) {
263 goto done;
264 }
265 if (!NT_STATUS_IS_OK(result)) {
266 status = result;
267 goto done;
268 }
269
270 info->audit_events.auditing_mode = enable;
271
272 status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
273 &pol,
274 LSA_POLICY_INFO_AUDIT_EVENTS,
275 info,
276 &result);
277 if (!NT_STATUS_IS_OK(status)) {
278 goto done;
279 }
280 if (!NT_STATUS_IS_OK(result)) {
281 status = result;
282 goto done;
283 }
284
285 done:
286 if (!NT_STATUS_IS_OK(status)) {
287 d_printf(_("%s: %s\n"),
288 enable ? _("failed to enable audit policy"):
289 _("failed to disable audit policy"),
290 nt_errstr(status));
291 }
292
293 return status;
294 }
295
296 /********************************************************************
297 ********************************************************************/
298
299 static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
300 const struct dom_sid *domain_sid,
301 const char *domain_name,
302 struct cli_state *cli,
303 struct rpc_pipe_client *pipe_hnd,
304 TALLOC_CTX *mem_ctx,
305 int argc,
306 const char **argv)
307 {
308 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
309 false);
310 }
311
312 /********************************************************************
313 ********************************************************************/
314
315 static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
316 const struct dom_sid *domain_sid,
317 const char *domain_name,
318 struct cli_state *cli,
319 struct rpc_pipe_client *pipe_hnd,
320 TALLOC_CTX *mem_ctx,
321 int argc,
322 const char **argv)
323 {
324 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
325 true);
326 }
327
328 /********************************************************************
329 ********************************************************************/
330
331 static NTSTATUS rpc_audit_list_internal(struct net_context *c,
332 const struct dom_sid *domain_sid,
333 const char *domain_name,
334 struct cli_state *cli,
335 struct rpc_pipe_client *pipe_hnd,
336 TALLOC_CTX *mem_ctx,
337 int argc,
338 const char **argv)
339 {
340 struct policy_handle pol;
341 NTSTATUS status, result;
342 union lsa_PolicyInformation *info = NULL;
343 int i;
344 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
345
346 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
347 SEC_FLAG_MAXIMUM_ALLOWED,
348 &pol);
349
350 if (!NT_STATUS_IS_OK(status)) {
351 goto done;
352 }
353
354 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
355 &pol,
356 LSA_POLICY_INFO_AUDIT_EVENTS,
357 &info,
358 &result);
359 if (!NT_STATUS_IS_OK(status)) {
360 goto done;
361 }
362 if (!NT_STATUS_IS_OK(result)) {
363 status = result;
364 goto done;
365 }
366
367 printf(_("Auditing:\t\t"));
368 switch (info->audit_events.auditing_mode) {
369 case true:
370 printf(_("Enabled"));
371 break;
372 case false:
373 printf(_("Disabled"));
374 break;
375 default:
376 printf(_("unknown (%d)"),
377 info->audit_events.auditing_mode);
378 break;
379 }
380 printf("\n");
381
382 printf(_("Auditing categories:\t%d\n"), info->audit_events.count);
383 printf(_("Auditing settings:\n"));
384
385 for (i=0; i < info->audit_events.count; i++) {
386 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
387 const char *policy = audit_description_str(i);
388 print_auditing_category(policy, val);
389 }
390
391 done:
392 if (!NT_STATUS_IS_OK(status)) {
393 d_printf(_("failed to list auditing policies: %s\n"),
394 nt_errstr(status));
395 }
396
397 return status;
398 }
399
400 /********************************************************************
401 ********************************************************************/
402
403 static int rpc_audit_get(struct net_context *c, int argc, const char **argv)
404 {
405 if (c->display_usage) {
406 d_printf( "%s\n"
407 "net rpc audit get\n"
408 " %s\n",
409 _("Usage:"),
410 _("View configured audit setting"));
411 return 0;
412 }
413
414 return run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
415 rpc_audit_get_internal, argc, argv);
416 }
417
418 /********************************************************************
419 ********************************************************************/
420
421 static int rpc_audit_set(struct net_context *c, int argc, const char **argv)
422 {
423 if (c->display_usage) {
424 d_printf( "%s\n"
425 "net rpc audit set\n"
426 " %s\n",
427 _("Usage:"),
428 _("Set audit policies"));
429 return 0;
430 }
431
432 return run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
433 rpc_audit_set_internal, argc, argv);
434 }
435
436 /********************************************************************
437 ********************************************************************/
438
439 static int rpc_audit_enable(struct net_context *c, int argc, const char **argv)
440 {
441 if (c->display_usage) {
442 d_printf( "%s\n"
443 "net rpc audit enable\n"
444 " %s\n",
445 _("Usage:"),
446 _("Enable auditing"));
447 return 0;
448 }
449
450 return run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
451 rpc_audit_enable_internal, argc, argv);
452 }
453
454 /********************************************************************
455 ********************************************************************/
456
457 static int rpc_audit_disable(struct net_context *c, int argc, const char **argv)
458 {
459 if (c->display_usage) {
460 d_printf( "%s\n"
461 "net rpc audit disable\n"
462 " %s\n",
463 _("Usage:"),
464 _("Disable auditing"));
465 return 0;
466 }
467
468 return run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
469 rpc_audit_disable_internal, argc, argv);
470 }
471
472 /********************************************************************
473 ********************************************************************/
474
475 static int rpc_audit_list(struct net_context *c, int argc, const char **argv)
476 {
477 if (c->display_usage) {
478 d_printf( "%s\n"
479 "net rpc audit list\n"
480 " %s\n",
481 _("Usage:"),
482 _("List auditing settings"));
483 return 0;
484 }
485
486 return run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
487 rpc_audit_list_internal, argc, argv);
488 }
489
490 /********************************************************************
491 ********************************************************************/
492
493 int net_rpc_audit(struct net_context *c, int argc, const char **argv)
494 {
495 struct functable func[] = {
496 {
497 "get",
498 rpc_audit_get,
499 NET_TRANSPORT_RPC,
500 N_("View configured auditing settings"),
501 N_("net rpc audit get\n"
502 " View configured auditing settings")
503 },
504 {
505 "set",
506 rpc_audit_set,
507 NET_TRANSPORT_RPC,
508 N_("Set auditing policies"),
509 N_("net rpc audit set\n"
510 " Set auditing policies")
511 },
512 {
513 "enable",
514 rpc_audit_enable,
515 NET_TRANSPORT_RPC,
516 N_("Enable auditing"),
517 N_("net rpc audit enable\n"
518 " Enable auditing")
519 },
520 {
521 "disable",
522 rpc_audit_disable,
523 NET_TRANSPORT_RPC,
524 N_("Disable auditing"),
525 N_("net rpc audit disable\n"
526 " Disable auditing")
527 },
528 {
529 "list",
530 rpc_audit_list,
531 NET_TRANSPORT_RPC,
532 N_("List configured auditing settings"),
533 N_("net rpc audit list\n"
534 " List configured auditing settings")
535 },
536 {NULL, NULL, 0, NULL, NULL}
537 };
538
539 return net_run_function(c, argc, argv, "net rpc audit", func);
540 }
reg import