2008-01-14 20:26:24 +03:00
/*
Samba Unix / Linux SMB client library
Distributed SMB / CIFS Server Management Utility
2008-02-27 21:38:48 +03:00
Copyright ( C ) 2006 , 2008 Guenther Deschner
2006-04-11 19:47:24 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2006-04-11 19:47:24 +04:00
( at your option ) any later version .
2008-01-14 20:26:24 +03:00
2006-04-11 19:47:24 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2008-01-14 20:26:24 +03:00
2006-04-11 19:47:24 +04:00
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>. */
2008-01-14 20:26:24 +03:00
2006-04-11 19:47:24 +04:00
# include "includes.h"
# include "utils/net.h"
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int net_help_audit ( int argc , const char * * argv )
{
d_printf ( " net rpc audit list View configured Auditing policies \n " ) ;
d_printf ( " net rpc audit enable Enable Auditing \n " ) ;
d_printf ( " net rpc audit disable Disable Auditing \n " ) ;
d_printf ( " net rpc audit get <category> View configured Auditing policy setting \n " ) ;
d_printf ( " net rpc audit set <category> <policy> Set Auditing policies \n \n " ) ;
d_printf ( " \t category can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT \n " ) ;
d_printf ( " \t policy can be one of: SUCCESS, FAILURE, ALL or NONE \n \n " ) ;
return - 1 ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void print_auditing_category ( const char * policy , const char * value )
{
fstring padding ;
int pad_len , col_len = 30 ;
2006-06-19 23:07:39 +04:00
if ( policy = = NULL ) {
policy = " Unknown " ;
}
if ( value = = NULL ) {
value = " Invalid " ;
}
2006-04-11 19:47:24 +04:00
/* calculate padding space for d_printf to look nicer */
pad_len = col_len - strlen ( policy ) ;
padding [ pad_len ] = 0 ;
do padding [ - - pad_len ] = ' ' ; while ( pad_len > 0 ) ;
2008-01-14 20:26:24 +03:00
2006-04-11 19:47:24 +04:00
d_printf ( " \t %s%s%s \n " , policy , padding , value ) ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS rpc_audit_get_internal ( const DOM_SID * domain_sid ,
2008-01-14 20:26:24 +03:00
const char * domain_name ,
2006-04-11 19:47:24 +04:00
struct cli_state * cli ,
struct rpc_pipe_client * pipe_hnd ,
2008-01-14 20:26:24 +03:00
TALLOC_CTX * mem_ctx ,
2006-04-11 19:47:24 +04:00
int argc ,
const char * * argv )
{
POLICY_HND pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-02-08 04:37:19 +03:00
union lsa_PolicyInformation * info = NULL ;
2006-04-11 19:47:24 +04:00
int i ;
2008-01-14 20:26:24 +03:00
uint32_t audit_category ;
2006-04-11 19:47:24 +04:00
if ( argc < 1 | | argc > 2 ) {
d_printf ( " insufficient arguments \n " ) ;
net_help_audit ( argc , argv ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
if ( ! get_audit_category_from_param ( argv [ 0 ] , & audit_category ) ) {
d_printf ( " invalid auditing category: %s \n " , argv [ 0 ] ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
2008-01-14 20:26:24 +03:00
result = rpccli_lsa_open_policy ( pipe_hnd , mem_ctx , true ,
2006-04-11 19:47:24 +04:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
2008-01-14 19:17:20 +03:00
result = rpccli_lsa_QueryInfoPolicy ( pipe_hnd , mem_ctx ,
& pol ,
2008-01-14 20:26:24 +03:00
LSA_POLICY_INFO_AUDIT_EVENTS ,
2008-01-14 19:17:20 +03:00
& info ) ;
2006-04-11 19:47:24 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
2008-02-08 04:37:19 +03:00
for ( i = 0 ; i < info - > audit_events . count ; i + + ) {
2006-04-11 19:47:24 +04:00
const char * val = NULL , * policy = NULL ;
if ( i ! = audit_category ) {
continue ;
}
2008-02-08 04:37:19 +03:00
val = audit_policy_str ( mem_ctx , info - > audit_events . settings [ i ] ) ;
2006-04-11 19:47:24 +04:00
policy = audit_description_str ( i ) ;
print_auditing_category ( policy , val ) ;
}
done :
if ( ! NT_STATUS_IS_OK ( result ) ) {
2008-01-14 19:17:20 +03:00
d_printf ( " failed to get auditing policy: %s \n " ,
nt_errstr ( result ) ) ;
2006-04-11 19:47:24 +04:00
}
return result ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS rpc_audit_set_internal ( const DOM_SID * domain_sid ,
2008-01-14 20:26:24 +03:00
const char * domain_name ,
2006-04-11 19:47:24 +04:00
struct cli_state * cli ,
struct rpc_pipe_client * pipe_hnd ,
2008-01-14 20:26:24 +03:00
TALLOC_CTX * mem_ctx ,
2006-04-11 19:47:24 +04:00
int argc ,
const char * * argv )
{
POLICY_HND pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-02-08 04:37:19 +03:00
union lsa_PolicyInformation * info = NULL ;
2008-01-14 20:26:24 +03:00
uint32_t audit_policy , audit_category ;
2006-04-11 19:47:24 +04:00
if ( argc < 2 | | argc > 3 ) {
d_printf ( " insufficient arguments \n " ) ;
net_help_audit ( argc , argv ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
if ( ! get_audit_category_from_param ( argv [ 0 ] , & audit_category ) ) {
d_printf ( " invalid auditing category: %s \n " , argv [ 0 ] ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
audit_policy = LSA_AUDIT_POLICY_CLEAR ;
if ( strequal ( argv [ 1 ] , " Success " ) ) {
audit_policy | = LSA_AUDIT_POLICY_SUCCESS ;
} else if ( strequal ( argv [ 1 ] , " Failure " ) ) {
audit_policy | = LSA_AUDIT_POLICY_FAILURE ;
} else if ( strequal ( argv [ 1 ] , " All " ) ) {
audit_policy | = LSA_AUDIT_POLICY_ALL ;
} else if ( strequal ( argv [ 1 ] , " None " ) ) {
audit_policy = LSA_AUDIT_POLICY_CLEAR ;
} else {
d_printf ( " invalid auditing policy: %s \n " , argv [ 1 ] ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
2008-01-14 20:26:24 +03:00
result = rpccli_lsa_open_policy ( pipe_hnd , mem_ctx , true ,
2006-04-11 19:47:24 +04:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
2008-01-14 19:17:20 +03:00
result = rpccli_lsa_QueryInfoPolicy ( pipe_hnd , mem_ctx ,
& pol ,
2008-01-14 20:26:24 +03:00
LSA_POLICY_INFO_AUDIT_EVENTS ,
2008-01-14 19:17:20 +03:00
& info ) ;
2006-04-11 19:47:24 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
2008-02-08 04:37:19 +03:00
info - > audit_events . settings [ audit_category ] = audit_policy ;
2008-01-14 19:17:20 +03:00
result = rpccli_lsa_SetInfoPolicy ( pipe_hnd , mem_ctx ,
& pol ,
2008-01-14 20:26:24 +03:00
LSA_POLICY_INFO_AUDIT_EVENTS ,
2008-02-08 04:37:19 +03:00
info ) ;
2006-04-11 19:47:24 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
2008-01-14 19:17:20 +03:00
result = rpccli_lsa_QueryInfoPolicy ( pipe_hnd , mem_ctx ,
& pol ,
2008-01-14 20:26:24 +03:00
LSA_POLICY_INFO_AUDIT_EVENTS ,
2008-01-14 19:17:20 +03:00
& info ) ;
2006-04-11 19:47:24 +04:00
{
2008-02-08 04:37:19 +03:00
const char * val = audit_policy_str ( mem_ctx , info - > audit_events . settings [ audit_category ] ) ;
2006-04-11 19:47:24 +04:00
const char * policy = audit_description_str ( audit_category ) ;
print_auditing_category ( policy , val ) ;
}
done :
if ( ! NT_STATUS_IS_OK ( result ) ) {
d_printf ( " failed to set audit policy: %s \n " , nt_errstr ( result ) ) ;
}
2008-01-14 20:26:24 +03:00
2006-04-11 19:47:24 +04:00
return result ;
}
2008-01-14 20:26:24 +03:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS rpc_audit_enable_internal_ext ( struct rpc_pipe_client * pipe_hnd ,
2006-04-11 19:47:24 +04:00
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv ,
2007-10-19 04:40:25 +04:00
bool enable )
2006-04-11 19:47:24 +04:00
{
POLICY_HND pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-02-08 04:37:19 +03:00
union lsa_PolicyInformation * info = NULL ;
2006-04-11 19:47:24 +04:00
2008-01-14 20:26:24 +03:00
result = rpccli_lsa_open_policy ( pipe_hnd , mem_ctx , true ,
2006-04-11 19:47:24 +04:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
2008-01-14 19:17:20 +03:00
result = rpccli_lsa_QueryInfoPolicy ( pipe_hnd , mem_ctx ,
& pol ,
2008-01-14 20:26:24 +03:00
LSA_POLICY_INFO_AUDIT_EVENTS ,
2008-01-14 19:17:20 +03:00
& info ) ;
2006-04-11 19:47:24 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
2008-02-08 04:37:19 +03:00
info - > audit_events . auditing_mode = enable ;
2006-04-11 19:47:24 +04:00
2008-01-14 19:17:20 +03:00
result = rpccli_lsa_SetInfoPolicy ( pipe_hnd , mem_ctx ,
& pol ,
2008-01-14 20:26:24 +03:00
LSA_POLICY_INFO_AUDIT_EVENTS ,
2008-02-08 04:37:19 +03:00
info ) ;
2006-04-11 19:47:24 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
done :
if ( ! NT_STATUS_IS_OK ( result ) ) {
2008-01-14 20:26:24 +03:00
d_printf ( " failed to %s audit policy: %s \n " ,
enable ? " enable " : " disable " , nt_errstr ( result ) ) ;
2006-04-11 19:47:24 +04:00
}
return result ;
}
2008-01-14 20:26:24 +03:00
2006-04-11 19:47:24 +04:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS rpc_audit_disable_internal ( const DOM_SID * domain_sid ,
2008-01-14 20:26:24 +03:00
const char * domain_name ,
2006-04-11 19:47:24 +04:00
struct cli_state * cli ,
struct rpc_pipe_client * pipe_hnd ,
2008-01-14 20:26:24 +03:00
TALLOC_CTX * mem_ctx ,
2006-04-11 19:47:24 +04:00
int argc ,
const char * * argv )
{
2008-01-14 20:26:24 +03:00
return rpc_audit_enable_internal_ext ( pipe_hnd , mem_ctx , argc , argv ,
false ) ;
2006-04-11 19:47:24 +04:00
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS rpc_audit_enable_internal ( const DOM_SID * domain_sid ,
2008-01-14 20:26:24 +03:00
const char * domain_name ,
2006-04-11 19:47:24 +04:00
struct cli_state * cli ,
struct rpc_pipe_client * pipe_hnd ,
2008-01-14 20:26:24 +03:00
TALLOC_CTX * mem_ctx ,
2006-04-11 19:47:24 +04:00
int argc ,
const char * * argv )
{
2008-01-14 20:26:24 +03:00
return rpc_audit_enable_internal_ext ( pipe_hnd , mem_ctx , argc , argv ,
true ) ;
2006-04-11 19:47:24 +04:00
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS rpc_audit_list_internal ( const DOM_SID * domain_sid ,
2008-01-14 20:26:24 +03:00
const char * domain_name ,
2006-04-11 19:47:24 +04:00
struct cli_state * cli ,
struct rpc_pipe_client * pipe_hnd ,
2008-01-14 20:26:24 +03:00
TALLOC_CTX * mem_ctx ,
2006-04-11 19:47:24 +04:00
int argc ,
const char * * argv )
{
POLICY_HND pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-02-08 04:37:19 +03:00
union lsa_PolicyInformation * info = NULL ;
2006-04-11 19:47:24 +04:00
int i ;
2008-01-14 20:26:24 +03:00
result = rpccli_lsa_open_policy ( pipe_hnd , mem_ctx , true ,
2006-04-11 19:47:24 +04:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
2008-01-14 19:17:20 +03:00
result = rpccli_lsa_QueryInfoPolicy ( pipe_hnd , mem_ctx ,
& pol ,
2008-01-14 20:26:24 +03:00
LSA_POLICY_INFO_AUDIT_EVENTS ,
2008-01-14 19:17:20 +03:00
& info ) ;
2006-04-11 19:47:24 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
printf ( " Auditing: \t \t " ) ;
2008-02-08 04:37:19 +03:00
switch ( info - > audit_events . auditing_mode ) {
2008-01-14 20:26:24 +03:00
case true :
2006-04-11 19:47:24 +04:00
printf ( " Enabled " ) ;
break ;
2008-01-14 20:26:24 +03:00
case false :
2006-04-11 19:47:24 +04:00
printf ( " Disabled " ) ;
break ;
default :
2008-02-08 04:37:19 +03:00
printf ( " unknown (%d) " , info - > audit_events . auditing_mode ) ;
2006-04-11 19:47:24 +04:00
break ;
}
printf ( " \n " ) ;
2008-02-08 04:37:19 +03:00
printf ( " Auditing categories: \t %d \n " , info - > audit_events . count ) ;
2006-04-11 19:47:24 +04:00
printf ( " Auditing settings: \n " ) ;
2008-02-08 04:37:19 +03:00
for ( i = 0 ; i < info - > audit_events . count ; i + + ) {
const char * val = audit_policy_str ( mem_ctx , info - > audit_events . settings [ i ] ) ;
2006-04-11 19:47:24 +04:00
const char * policy = audit_description_str ( i ) ;
print_auditing_category ( policy , val ) ;
}
done :
if ( ! NT_STATUS_IS_OK ( result ) ) {
2008-01-14 20:26:24 +03:00
d_printf ( " failed to list auditing policies: %s \n " ,
nt_errstr ( result ) ) ;
2006-04-11 19:47:24 +04:00
}
return result ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int rpc_audit_get ( int argc , const char * * argv )
{
2008-01-14 20:26:24 +03:00
return run_rpc_command ( NULL , PI_LSARPC , 0 ,
2006-04-11 19:47:24 +04:00
rpc_audit_get_internal , argc , argv ) ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int rpc_audit_set ( int argc , const char * * argv )
{
2008-01-14 20:26:24 +03:00
return run_rpc_command ( NULL , PI_LSARPC , 0 ,
2006-04-11 19:47:24 +04:00
rpc_audit_set_internal , argc , argv ) ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int rpc_audit_enable ( int argc , const char * * argv )
{
2008-01-14 20:26:24 +03:00
return run_rpc_command ( NULL , PI_LSARPC , 0 ,
2006-04-11 19:47:24 +04:00
rpc_audit_enable_internal , argc , argv ) ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int rpc_audit_disable ( int argc , const char * * argv )
{
2008-01-14 20:26:24 +03:00
return run_rpc_command ( NULL , PI_LSARPC , 0 ,
2006-04-11 19:47:24 +04:00
rpc_audit_disable_internal , argc , argv ) ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int rpc_audit_list ( int argc , const char * * argv )
{
2008-01-14 20:26:24 +03:00
return run_rpc_command ( NULL , PI_LSARPC , 0 ,
2006-04-11 19:47:24 +04:00
rpc_audit_list_internal , argc , argv ) ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-01-14 20:26:24 +03:00
int net_rpc_audit ( int argc , const char * * argv )
2006-04-11 19:47:24 +04:00
{
struct functable func [ ] = {
{ " get " , rpc_audit_get } ,
{ " set " , rpc_audit_set } ,
{ " enable " , rpc_audit_enable } ,
{ " disable " , rpc_audit_disable } ,
{ " list " , rpc_audit_list } ,
{ NULL , NULL }
} ;
2008-01-14 20:26:24 +03:00
2006-04-11 19:47:24 +04:00
if ( argc )
return net_run_function ( argc , argv , func , net_help_audit ) ;
2008-01-14 20:26:24 +03:00
2006-04-11 19:47:24 +04:00
return net_help_audit ( argc , argv ) ;
}