search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-rpc_server: Change irritating debug message.
[Samba/vl.git] / source3 / utils / net_rpc_audit.c
blobcd6d1da8c3dd9c0d11f368a892e9e751b1d70416
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006,2008 Guenther Deschner
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #include "includes.h"
20 #include "utils/net.h"
21 #include "../librpc/gen_ndr/ndr_lsa_c.h"
22 #include "rpc_client/cli_lsarpc.h"
23
24 /********************************************************************
25 ********************************************************************/
26
27 static int net_help_audit(struct net_context *c, int argc, const char **argv)
28 {
29 d_printf(_("net rpc audit list View configured Auditing policies\n"));
30 d_printf(_("net rpc audit enable Enable Auditing\n"));
31 d_printf(_("net rpc audit disable Disable Auditing\n"));
32 d_printf(_("net rpc audit get <category> View configured Auditing policy setting\n"));
33 d_printf(_("net rpc audit set <category> <policy> Set Auditing policies\n\n"));
34 d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
35 d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
36
37 return -1;
38 }
39
40 /********************************************************************
41 ********************************************************************/
42
43 static void print_auditing_category(const char *policy, const char *value)
44 {
45 if (policy == NULL) {
46 policy = N_("Unknown");
47 }
48 if (value == NULL) {
49 value = N_("Invalid");
50 }
51
52 d_printf(_("\t%-30s%s\n"), policy, value);
53 }
54
55 /********************************************************************
56 ********************************************************************/
57
58 static NTSTATUS rpc_audit_get_internal(struct net_context *c,
59 const struct dom_sid *domain_sid,
60 const char *domain_name,
61 struct cli_state *cli,
62 struct rpc_pipe_client *pipe_hnd,
63 TALLOC_CTX *mem_ctx,
64 int argc,
65 const char **argv)
66 {
67 struct policy_handle pol;
68 NTSTATUS status, result;
69 union lsa_PolicyInformation *info = NULL;
70 int i;
71 uint32_t audit_category;
72 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
73
74 if (argc < 1 || argc > 2) {
75 d_printf(_("insufficient arguments\n"));
76 net_help_audit(c, argc, argv);
77 return NT_STATUS_INVALID_PARAMETER;
78 }
79
80 if (!get_audit_category_from_param(argv[0], &audit_category)) {
81 d_printf(_("invalid auditing category: %s\n"), argv[0]);
82 return NT_STATUS_INVALID_PARAMETER;
83 }
84
85 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
86 SEC_FLAG_MAXIMUM_ALLOWED,
87 &pol);
88
89 if (!NT_STATUS_IS_OK(status)) {
90 goto done;
91 }
92
93 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
94 &pol,
95 LSA_POLICY_INFO_AUDIT_EVENTS,
96 &info,
97 &result);
98 if (!NT_STATUS_IS_OK(status)) {
99 goto done;
100 }
101 if (!NT_STATUS_IS_OK(result)) {
102 status = result;
103 goto done;
104 }
105
106 for (i=0; i < info->audit_events.count; i++) {
107
108 const char *val = NULL, *policy = NULL;
109
110 if (i != audit_category) {
111 continue;
112 }
113
114 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
115 policy = audit_description_str(i);
116 print_auditing_category(policy, val);
117 }
118
119 done:
120 if (!NT_STATUS_IS_OK(status)) {
121 d_printf(_("failed to get auditing policy: %s\n"),
122 nt_errstr(status));
123 }
124
125 return status;
126 }
127
128 /********************************************************************
129 ********************************************************************/
130
131 static NTSTATUS rpc_audit_set_internal(struct net_context *c,
132 const struct dom_sid *domain_sid,
133 const char *domain_name,
134 struct cli_state *cli,
135 struct rpc_pipe_client *pipe_hnd,
136 TALLOC_CTX *mem_ctx,
137 int argc,
138 const char **argv)
139 {
140 struct policy_handle pol;
141 NTSTATUS status, result;
142 union lsa_PolicyInformation *info = NULL;
143 uint32_t audit_policy, audit_category;
144 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
145
146 if (argc < 2 || argc > 3) {
147 d_printf(_("insufficient arguments\n"));
148 net_help_audit(c, argc, argv);
149 return NT_STATUS_INVALID_PARAMETER;
150 }
151
152 if (!get_audit_category_from_param(argv[0], &audit_category)) {
153 d_printf(_("invalid auditing category: %s\n"), argv[0]);
154 return NT_STATUS_INVALID_PARAMETER;
155 }
156
157 audit_policy = LSA_AUDIT_POLICY_CLEAR;
158
159 if (strequal(argv[1], "Success")) {
160 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
161 } else if (strequal(argv[1], "Failure")) {
162 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
163 } else if (strequal(argv[1], "All")) {
164 audit_policy |= LSA_AUDIT_POLICY_ALL;
165 } else if (strequal(argv[1], "None")) {
166 audit_policy = LSA_AUDIT_POLICY_CLEAR;
167 } else {
168 d_printf(_("invalid auditing policy: %s\n"), argv[1]);
169 return NT_STATUS_INVALID_PARAMETER;
170 }
171
172 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
173 SEC_FLAG_MAXIMUM_ALLOWED,
174 &pol);
175
176 if (!NT_STATUS_IS_OK(status)) {
177 goto done;
178 }
179
180 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
181 &pol,
182 LSA_POLICY_INFO_AUDIT_EVENTS,
183 &info,
184 &result);
185 if (!NT_STATUS_IS_OK(status)) {
186 goto done;
187 }
188 if (!NT_STATUS_IS_OK(result)) {
189 status = result;
190 goto done;
191 }
192
193 info->audit_events.settings[audit_category] = audit_policy;
194
195 status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
196 &pol,
197 LSA_POLICY_INFO_AUDIT_EVENTS,
198 info,
199 &result);
200 if (!NT_STATUS_IS_OK(status)) {
201 goto done;
202 }
203 if (!NT_STATUS_IS_OK(result)) {
204 status = result;
205 goto done;
206 }
207
208 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
209 &pol,
210 LSA_POLICY_INFO_AUDIT_EVENTS,
211 &info,
212 &result);
213 if (!NT_STATUS_IS_OK(status)) {
214 goto done;
215 }
216
217 status = result;
218
219 {
220 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
221 const char *policy = audit_description_str(audit_category);
222 print_auditing_category(policy, val);
223 }
224
225 done:
226 if (!NT_STATUS_IS_OK(status)) {
227 d_printf(_("failed to set audit policy: %s\n"),
228 nt_errstr(status));
229 }
230
231 return status;
232 }
233
234 /********************************************************************
235 ********************************************************************/
236
237 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
238 TALLOC_CTX *mem_ctx,
239 int argc,
240 const char **argv,
241 bool enable)
242 {
243 struct policy_handle pol;
244 NTSTATUS status, result;
245 union lsa_PolicyInformation *info = NULL;
246 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
247
248 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
249 SEC_FLAG_MAXIMUM_ALLOWED,
250 &pol);
251
252 if (!NT_STATUS_IS_OK(status)) {
253 goto done;
254 }
255
256 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
257 &pol,
258 LSA_POLICY_INFO_AUDIT_EVENTS,
259 &info,
260 &result);
261 if (!NT_STATUS_IS_OK(status)) {
262 goto done;
263 }
264 if (!NT_STATUS_IS_OK(result)) {
265 status = result;
266 goto done;
267 }
268
269 info->audit_events.auditing_mode = enable;
270
271 status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
272 &pol,
273 LSA_POLICY_INFO_AUDIT_EVENTS,
274 info,
275 &result);
276 if (!NT_STATUS_IS_OK(status)) {
277 goto done;
278 }
279 if (!NT_STATUS_IS_OK(result)) {
280 status = result;
281 goto done;
282 }
283
284 done:
285 if (!NT_STATUS_IS_OK(status)) {
286 d_printf(_("%s: %s\n"),
287 enable ? _("failed to enable audit policy"):
288 _("failed to disable audit policy"),
289 nt_errstr(status));
290 }
291
292 return status;
293 }
294
295 /********************************************************************
296 ********************************************************************/
297
298 static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
299 const struct dom_sid *domain_sid,
300 const char *domain_name,
301 struct cli_state *cli,
302 struct rpc_pipe_client *pipe_hnd,
303 TALLOC_CTX *mem_ctx,
304 int argc,
305 const char **argv)
306 {
307 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
308 false);
309 }
310
311 /********************************************************************
312 ********************************************************************/
313
314 static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
315 const struct dom_sid *domain_sid,
316 const char *domain_name,
317 struct cli_state *cli,
318 struct rpc_pipe_client *pipe_hnd,
319 TALLOC_CTX *mem_ctx,
320 int argc,
321 const char **argv)
322 {
323 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
324 true);
325 }
326
327 /********************************************************************
328 ********************************************************************/
329
330 static NTSTATUS rpc_audit_list_internal(struct net_context *c,
331 const struct dom_sid *domain_sid,
332 const char *domain_name,
333 struct cli_state *cli,
334 struct rpc_pipe_client *pipe_hnd,
335 TALLOC_CTX *mem_ctx,
336 int argc,
337 const char **argv)
338 {
339 struct policy_handle pol;
340 NTSTATUS status, result;
341 union lsa_PolicyInformation *info = NULL;
342 int i;
343 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
344
345 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
346 SEC_FLAG_MAXIMUM_ALLOWED,
347 &pol);
348
349 if (!NT_STATUS_IS_OK(status)) {
350 goto done;
351 }
352
353 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
354 &pol,
355 LSA_POLICY_INFO_AUDIT_EVENTS,
356 &info,
357 &result);
358 if (!NT_STATUS_IS_OK(status)) {
359 goto done;
360 }
361 if (!NT_STATUS_IS_OK(result)) {
362 status = result;
363 goto done;
364 }
365
366 printf(_("Auditing:\t\t"));
367 switch (info->audit_events.auditing_mode) {
368 case true:
369 printf(_("Enabled"));
370 break;
371 case false:
372 printf(_("Disabled"));
373 break;
374 default:
375 printf(_("unknown (%d)"),
376 info->audit_events.auditing_mode);
377 break;
378 }
379 printf("\n");
380
381 printf(_("Auditing categories:\t%d\n"), info->audit_events.count);
382 printf(_("Auditing settings:\n"));
383
384 for (i=0; i < info->audit_events.count; i++) {
385 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
386 const char *policy = audit_description_str(i);
387 print_auditing_category(policy, val);
388 }
389
390 done:
391 if (!NT_STATUS_IS_OK(status)) {
392 d_printf(_("failed to list auditing policies: %s\n"),
393 nt_errstr(status));
394 }
395
396 return status;
397 }
398
399 /********************************************************************
400 ********************************************************************/
401
402 static int rpc_audit_get(struct net_context *c, int argc, const char **argv)
403 {
404 if (c->display_usage) {
405 d_printf( "%s\n"
406 "net rpc audit get\n"
407 " %s\n",
408 _("Usage:"),
409 _("View configured audit setting"));
410 return 0;
411 }
412
413 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
414 rpc_audit_get_internal, argc, argv);
415 }
416
417 /********************************************************************
418 ********************************************************************/
419
420 static int rpc_audit_set(struct net_context *c, int argc, const char **argv)
421 {
422 if (c->display_usage) {
423 d_printf( "%s\n"
424 "net rpc audit set\n"
425 " %s\n",
426 _("Usage:"),
427 _("Set audit policies"));
428 return 0;
429 }
430
431 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
432 rpc_audit_set_internal, argc, argv);
433 }
434
435 /********************************************************************
436 ********************************************************************/
437
438 static int rpc_audit_enable(struct net_context *c, int argc, const char **argv)
439 {
440 if (c->display_usage) {
441 d_printf( "%s\n"
442 "net rpc audit enable\n"
443 " %s\n",
444 _("Usage:"),
445 _("Enable auditing"));
446 return 0;
447 }
448
449 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
450 rpc_audit_enable_internal, argc, argv);
451 }
452
453 /********************************************************************
454 ********************************************************************/
455
456 static int rpc_audit_disable(struct net_context *c, int argc, const char **argv)
457 {
458 if (c->display_usage) {
459 d_printf( "%s\n"
460 "net rpc audit disable\n"
461 " %s\n",
462 _("Usage:"),
463 _("Disable auditing"));
464 return 0;
465 }
466
467 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
468 rpc_audit_disable_internal, argc, argv);
469 }
470
471 /********************************************************************
472 ********************************************************************/
473
474 static int rpc_audit_list(struct net_context *c, int argc, const char **argv)
475 {
476 if (c->display_usage) {
477 d_printf( "%s\n"
478 "net rpc audit list\n"
479 " %s\n",
480 _("Usage:"),
481 _("List auditing settings"));
482 return 0;
483 }
484
485 return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
486 rpc_audit_list_internal, argc, argv);
487 }
488
489 /********************************************************************
490 ********************************************************************/
491
492 int net_rpc_audit(struct net_context *c, int argc, const char **argv)
493 {
494 struct functable func[] = {
495 {
496 "get",
497 rpc_audit_get,
498 NET_TRANSPORT_RPC,
499 N_("View configured auditing settings"),
500 N_("net rpc audit get\n"
501 " View configured auditing settings")
502 },
503 {
504 "set",
505 rpc_audit_set,
506 NET_TRANSPORT_RPC,
507 N_("Set auditing policies"),
508 N_("net rpc audit set\n"
509 " Set auditing policies")
510 },
511 {
512 "enable",
513 rpc_audit_enable,
514 NET_TRANSPORT_RPC,
515 N_("Enable auditing"),
516 N_("net rpc audit enable\n"
517 " Enable auditing")
518 },
519 {
520 "disable",
521 rpc_audit_disable,
522 NET_TRANSPORT_RPC,
523 N_("Disable auditing"),
524 N_("net rpc audit disable\n"
525 " Disable auditing")
526 },
527 {
528 "list",
529 rpc_audit_list,
530 NET_TRANSPORT_RPC,
531 N_("List configured auditing settings"),
532 N_("net rpc audit list\n"
533 " List configured auditing settings")
534 },
535 {NULL, NULL, 0, NULL, NULL}
536 };
537
538 return net_run_function(c, argc, argv, "net rpc audit", func);
539 }