root/source3/utils/net_rpc_audit.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. net_help_audit
  2. print_auditing_category
  3. rpc_audit_get_internal
  4. rpc_audit_set_internal
  5. rpc_audit_enable_internal_ext
  6. rpc_audit_disable_internal
  7. rpc_audit_enable_internal
  8. rpc_audit_list_internal
  9. rpc_audit_get
  10. rpc_audit_set
  11. rpc_audit_enable
  12. rpc_audit_disable
  13. rpc_audit_list
  14. net_rpc_audit

   1 /*
   2    Samba Unix/Linux SMB client library
   3    Distributed SMB/CIFS Server Management Utility
   4    Copyright (C) 2006,2008 Guenther Deschner
   5 
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10 
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15 
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
  18 
  19 #include "includes.h"
  20 #include "utils/net.h"
  21 
  22 /********************************************************************
  23 ********************************************************************/
  24 
  25 static int net_help_audit(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
  26 {
  27         d_printf("net rpc audit list                       View configured Auditing policies\n");
  28         d_printf("net rpc audit enable                     Enable Auditing\n");
  29         d_printf("net rpc audit disable                    Disable Auditing\n");
  30         d_printf("net rpc audit get <category>             View configured Auditing policy setting\n");
  31         d_printf("net rpc audit set <category> <policy>    Set Auditing policies\n\n");
  32         d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
  33         d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
  34 
  35         return -1;
  36 }
  37 
  38 /********************************************************************
  39 ********************************************************************/
  40 
  41 static void print_auditing_category(const char *policy, const char *value)
     /* [<][>][^][v][top][bottom][index][help] */
  42 {
  43         fstring padding;
  44         int pad_len, col_len = 30;
  45 
  46         if (policy == NULL) {
  47                 policy = "Unknown";
  48         }
  49         if (value == NULL) {
  50                 value = "Invalid";
  51         }
  52 
  53         /* calculate padding space for d_printf to look nicer */
  54         pad_len = col_len - strlen(policy);
  55         padding[pad_len] = 0;
  56         do padding[--pad_len] = ' '; while (pad_len > 0);
  57 
  58         d_printf("\t%s%s%s\n", policy, padding, value);
  59 }
  60 
  61 /********************************************************************
  62 ********************************************************************/
  63 
  64 static NTSTATUS rpc_audit_get_internal(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
  65                                        const DOM_SID *domain_sid,
  66                                        const char *domain_name,
  67                                        struct cli_state *cli,
  68                                        struct rpc_pipe_client *pipe_hnd,
  69                                        TALLOC_CTX *mem_ctx,
  70                                        int argc,
  71                                        const char **argv)
  72 {
  73         struct policy_handle pol;
  74         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
  75         union lsa_PolicyInformation *info = NULL;
  76         int i;
  77         uint32_t audit_category;
  78 
  79         if (argc < 1 || argc > 2) {
  80                 d_printf("insufficient arguments\n");
  81                 net_help_audit(c, argc, argv);
  82                 return NT_STATUS_INVALID_PARAMETER;
  83         }
  84 
  85         if (!get_audit_category_from_param(argv[0], &audit_category)) {
  86                 d_printf("invalid auditing category: %s\n", argv[0]);
  87                 return NT_STATUS_INVALID_PARAMETER;
  88         }
  89 
  90         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
  91                                         SEC_FLAG_MAXIMUM_ALLOWED,
  92                                         &pol);
  93 
  94         if (!NT_STATUS_IS_OK(result)) {
  95                 goto done;
  96         }
  97 
  98         result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
  99                                             &pol,
 100                                             LSA_POLICY_INFO_AUDIT_EVENTS,
 101                                             &info);
 102 
 103         if (!NT_STATUS_IS_OK(result)) {
 104                 goto done;
 105         }
 106 
 107         for (i=0; i < info->audit_events.count; i++) {
 108 
 109                 const char *val = NULL, *policy = NULL;
 110 
 111                 if (i != audit_category) {
 112                         continue;
 113                 }
 114 
 115                 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
 116                 policy = audit_description_str(i);
 117                 print_auditing_category(policy, val);
 118         }
 119 
 120  done:
 121         if (!NT_STATUS_IS_OK(result)) {
 122                 d_printf("failed to get auditing policy: %s\n",
 123                         nt_errstr(result));
 124         }
 125 
 126         return result;
 127 }
 128 
 129 /********************************************************************
 130 ********************************************************************/
 131 
 132 static NTSTATUS rpc_audit_set_internal(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
 133                                        const DOM_SID *domain_sid,
 134                                        const char *domain_name,
 135                                        struct cli_state *cli,
 136                                        struct rpc_pipe_client *pipe_hnd,
 137                                        TALLOC_CTX *mem_ctx,
 138                                        int argc,
 139                                        const char **argv)
 140 {
 141         struct policy_handle pol;
 142         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 143         union lsa_PolicyInformation *info = NULL;
 144         uint32_t audit_policy, audit_category;
 145 
 146         if (argc < 2 || argc > 3) {
 147                 d_printf("insufficient arguments\n");
 148                 net_help_audit(c, argc, argv);
 149                 return NT_STATUS_INVALID_PARAMETER;
 150         }
 151 
 152         if (!get_audit_category_from_param(argv[0], &audit_category)) {
 153                 d_printf("invalid auditing category: %s\n", argv[0]);
 154                 return NT_STATUS_INVALID_PARAMETER;
 155         }
 156 
 157         audit_policy = LSA_AUDIT_POLICY_CLEAR;
 158 
 159         if (strequal(argv[1], "Success")) {
 160                 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
 161         } else if (strequal(argv[1], "Failure")) {
 162                 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
 163         } else if (strequal(argv[1], "All")) {
 164                 audit_policy |= LSA_AUDIT_POLICY_ALL;
 165         } else if (strequal(argv[1], "None")) {
 166                 audit_policy = LSA_AUDIT_POLICY_CLEAR;
 167         } else {
 168                 d_printf("invalid auditing policy: %s\n", argv[1]);
 169                 return NT_STATUS_INVALID_PARAMETER;
 170         }
 171 
 172         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
 173                                         SEC_FLAG_MAXIMUM_ALLOWED,
 174                                         &pol);
 175 
 176         if (!NT_STATUS_IS_OK(result)) {
 177                 goto done;
 178         }
 179 
 180         result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
 181                                             &pol,
 182                                             LSA_POLICY_INFO_AUDIT_EVENTS,
 183                                             &info);
 184 
 185         if (!NT_STATUS_IS_OK(result)) {
 186                 goto done;
 187         }
 188 
 189         info->audit_events.settings[audit_category] = audit_policy;
 190 
 191         result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
 192                                           &pol,
 193                                           LSA_POLICY_INFO_AUDIT_EVENTS,
 194                                           info);
 195 
 196         if (!NT_STATUS_IS_OK(result)) {
 197                 goto done;
 198         }
 199 
 200         result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
 201                                             &pol,
 202                                             LSA_POLICY_INFO_AUDIT_EVENTS,
 203                                             &info);
 204         {
 205                 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
 206                 const char *policy = audit_description_str(audit_category);
 207                 print_auditing_category(policy, val);
 208         }
 209 
 210  done:
 211         if (!NT_STATUS_IS_OK(result)) {
 212                 d_printf("failed to set audit policy: %s\n", nt_errstr(result));
 213         }
 214 
 215         return result;
 216 }
 217 
 218 /********************************************************************
 219 ********************************************************************/
 220 
 221 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
     /* [<][>][^][v][top][bottom][index][help] */
 222                                               TALLOC_CTX *mem_ctx,
 223                                               int argc,
 224                                               const char **argv,
 225                                               bool enable)
 226 {
 227         struct policy_handle pol;
 228         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 229         union lsa_PolicyInformation *info = NULL;
 230 
 231         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
 232                                         SEC_FLAG_MAXIMUM_ALLOWED,
 233                                         &pol);
 234 
 235         if (!NT_STATUS_IS_OK(result)) {
 236                 goto done;
 237         }
 238 
 239         result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
 240                                             &pol,
 241                                             LSA_POLICY_INFO_AUDIT_EVENTS,
 242                                             &info);
 243         if (!NT_STATUS_IS_OK(result)) {
 244                 goto done;
 245         }
 246 
 247         info->audit_events.auditing_mode = enable;
 248 
 249         result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
 250                                           &pol,
 251                                           LSA_POLICY_INFO_AUDIT_EVENTS,
 252                                           info);
 253 
 254         if (!NT_STATUS_IS_OK(result)) {
 255                 goto done;
 256         }
 257 
 258  done:
 259         if (!NT_STATUS_IS_OK(result)) {
 260                 d_printf("failed to %s audit policy: %s\n",
 261                         enable ? "enable":"disable", nt_errstr(result));
 262         }
 263 
 264         return result;
 265 }
 266 
 267 /********************************************************************
 268 ********************************************************************/
 269 
 270 static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
 271                                            const DOM_SID *domain_sid,
 272                                            const char *domain_name,
 273                                            struct cli_state *cli,
 274                                            struct rpc_pipe_client *pipe_hnd,
 275                                            TALLOC_CTX *mem_ctx,
 276                                            int argc,
 277                                            const char **argv)
 278 {
 279         return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
 280                                              false);
 281 }
 282 
 283 /********************************************************************
 284 ********************************************************************/
 285 
 286 static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
 287                                           const DOM_SID *domain_sid,
 288                                           const char *domain_name,
 289                                           struct cli_state *cli,
 290                                           struct rpc_pipe_client *pipe_hnd,
 291                                           TALLOC_CTX *mem_ctx,
 292                                           int argc,
 293                                           const char **argv)
 294 {
 295         return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
 296                                              true);
 297 }
 298 
 299 /********************************************************************
 300 ********************************************************************/
 301 
 302 static NTSTATUS rpc_audit_list_internal(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
 303                                         const DOM_SID *domain_sid,
 304                                         const char *domain_name,
 305                                         struct cli_state *cli,
 306                                         struct rpc_pipe_client *pipe_hnd,
 307                                         TALLOC_CTX *mem_ctx,
 308                                         int argc,
 309                                         const char **argv)
 310 {
 311         struct policy_handle pol;
 312         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 313         union lsa_PolicyInformation *info = NULL;
 314         int i;
 315 
 316         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
 317                                         SEC_FLAG_MAXIMUM_ALLOWED,
 318                                         &pol);
 319 
 320         if (!NT_STATUS_IS_OK(result)) {
 321                 goto done;
 322         }
 323 
 324         result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
 325                                             &pol,
 326                                             LSA_POLICY_INFO_AUDIT_EVENTS,
 327                                             &info);
 328         if (!NT_STATUS_IS_OK(result)) {
 329                 goto done;
 330         }
 331 
 332         printf("Auditing:\t\t");
 333         switch (info->audit_events.auditing_mode) {
 334                 case true:
 335                         printf("Enabled");
 336                         break;
 337                 case false:
 338                         printf("Disabled");
 339                         break;
 340                 default:
 341                         printf("unknown (%d)", info->audit_events.auditing_mode);
 342                         break;
 343         }
 344         printf("\n");
 345 
 346         printf("Auditing categories:\t%d\n", info->audit_events.count);
 347         printf("Auditing settings:\n");
 348 
 349         for (i=0; i < info->audit_events.count; i++) {
 350                 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
 351                 const char *policy = audit_description_str(i);
 352                 print_auditing_category(policy, val);
 353         }
 354 
 355  done:
 356         if (!NT_STATUS_IS_OK(result)) {
 357                 d_printf("failed to list auditing policies: %s\n",
 358                         nt_errstr(result));
 359         }
 360 
 361         return result;
 362 }
 363 
 364 /********************************************************************
 365 ********************************************************************/
 366 
 367 static int rpc_audit_get(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 368 {
 369         if (c->display_usage) {
 370                 d_printf("Usage:\n"
 371                          "net rpc audit get\n"
 372                          "    View configured audit setting\n");
 373                 return 0;
 374         }
 375 
 376         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
 377                 rpc_audit_get_internal, argc, argv);
 378 }
 379 
 380 /********************************************************************
 381 ********************************************************************/
 382 
 383 static int rpc_audit_set(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 384 {
 385         if (c->display_usage) {
 386                 d_printf("Usage:\n"
 387                          "net rpc audit set\n"
 388                          "    Set audit policies\n");
 389                 return 0;
 390         }
 391 
 392         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
 393                 rpc_audit_set_internal, argc, argv);
 394 }
 395 
 396 /********************************************************************
 397 ********************************************************************/
 398 
 399 static int rpc_audit_enable(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 400 {
 401         if (c->display_usage) {
 402                 d_printf("Usage:\n"
 403                          "net rpc audit enable\n"
 404                          "    Enable auditing\n");
 405                 return 0;
 406         }
 407 
 408         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
 409                 rpc_audit_enable_internal, argc, argv);
 410 }
 411 
 412 /********************************************************************
 413 ********************************************************************/
 414 
 415 static int rpc_audit_disable(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 416 {
 417         if (c->display_usage) {
 418                 d_printf("Usage:\n"
 419                          "net rpc audit disable\n"
 420                          "    Disable auditing\n");
 421                 return 0;
 422         }
 423 
 424         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
 425                 rpc_audit_disable_internal, argc, argv);
 426 }
 427 
 428 /********************************************************************
 429 ********************************************************************/
 430 
 431 static int rpc_audit_list(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 432 {
 433         if (c->display_usage) {
 434                 d_printf("Usage:\n"
 435                          "net rpc audit list\n"
 436                          "    List auditing settings\n");
 437                 return 0;
 438         }
 439 
 440         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
 441                 rpc_audit_list_internal, argc, argv);
 442 }
 443 
 444 /********************************************************************
 445 ********************************************************************/
 446 
 447 int net_rpc_audit(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 448 {
 449         struct functable func[] = {
 450                 {
 451                         "get",
 452                         rpc_audit_get,
 453                         NET_TRANSPORT_RPC,
 454                         "View configured auditing settings",
 455                         "net rpc audit get\n"
 456                         "    View configured auditing settings"
 457                 },
 458                 {
 459                         "set",
 460                         rpc_audit_set,
 461                         NET_TRANSPORT_RPC,
 462                         "Set auditing policies",
 463                         "net rpc audit set\n"
 464                         "    Set auditing policies"
 465                 },
 466                 {
 467                         "enable",
 468                         rpc_audit_enable,
 469                         NET_TRANSPORT_RPC,
 470                         "Enable auditing",
 471                         "net rpc audit enable\n"
 472                         "    Enable auditing"
 473                 },
 474                 {
 475                         "disable",
 476                         rpc_audit_disable,
 477                         NET_TRANSPORT_RPC,
 478                         "Disable auditing",
 479                         "net rpc audit disable\n"
 480                         "    Disable auditing"
 481                 },
 482                 {
 483                         "list",
 484                         rpc_audit_list,
 485                         NET_TRANSPORT_RPC,
 486                         "List configured auditing settings",
 487                         "net rpc audit list\n"
 488                         "    List configured auditing settings"
 489                 },
 490                 {NULL, NULL, 0, NULL, NULL}
 491         };
 492 
 493         return net_run_function(c, argc, argv, "net rpc audit", func);
 494 }

/* [<][>][^][v][top][bottom][index][help] */