2006-04-11 19:47:24 +04:00
/*
Unix SMB / CIFS implementation .
Auditing helper functions .
Copyright ( C ) Guenther Deschner 2006
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2006-04-11 19:47:24 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2006-04-11 19:47:24 +04:00
*/
# include "includes.h"
static const struct audit_category_tab {
uint32 category ;
const char * category_str ;
const char * param_str ;
const char * description ;
} audit_category_tab [ ] = {
{ LSA_AUDIT_CATEGORY_LOGON ,
" LSA_AUDIT_CATEGORY_LOGON " ,
" LOGON " , " Logon events " } ,
{ LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS ,
" LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS " ,
" PRIVILEGE " , " Privilege Use " } ,
{ LSA_AUDIT_CATEGORY_SYSTEM ,
" LSA_AUDIT_CATEGORY_SYSTEM " ,
" SYSTEM " , " System Events " } ,
{ LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES ,
" LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES " ,
" POLICY " , " Policy Change " } ,
{ LSA_AUDIT_CATEGORY_PROCCESS_TRACKING ,
" LSA_AUDIT_CATEGORY_PROCCESS_TRACKING " ,
" PROCESS " , " Process Tracking " } ,
{ LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS ,
" LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS " ,
" OBJECT " , " Object Access " } ,
{ LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT ,
" LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT " ,
" SAM " , " Account Management " } ,
{ LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS ,
" LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS " ,
" DIRECTORY " , " Directory service access " } ,
{ LSA_AUDIT_CATEGORY_ACCOUNT_LOGON ,
" LSA_AUDIT_CATEGORY_ACCOUNT_LOGON " ,
" ACCOUNT " , " Account logon events " } ,
{ 0 , NULL , NULL }
} ;
const char * audit_category_str ( uint32 category )
{
int i ;
for ( i = 0 ; audit_category_tab [ i ] . category_str ; i + + ) {
if ( category = = audit_category_tab [ i ] . category ) {
return audit_category_tab [ i ] . category_str ;
}
}
return NULL ;
}
const char * audit_param_str ( uint32 category )
{
int i ;
for ( i = 0 ; audit_category_tab [ i ] . param_str ; i + + ) {
if ( category = = audit_category_tab [ i ] . category ) {
return audit_category_tab [ i ] . param_str ;
}
}
return NULL ;
}
const char * audit_description_str ( uint32 category )
{
int i ;
for ( i = 0 ; audit_category_tab [ i ] . description ; i + + ) {
if ( category = = audit_category_tab [ i ] . category ) {
return audit_category_tab [ i ] . description ;
}
}
return NULL ;
}
2007-10-19 04:40:25 +04:00
bool get_audit_category_from_param ( const char * param , uint32 * audit_category )
2006-04-11 19:47:24 +04:00
{
* audit_category = Undefined ;
if ( strequal ( param , " SYSTEM " ) ) {
* audit_category = LSA_AUDIT_CATEGORY_SYSTEM ;
} else if ( strequal ( param , " LOGON " ) ) {
* audit_category = LSA_AUDIT_CATEGORY_LOGON ;
} else if ( strequal ( param , " OBJECT " ) ) {
* audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS ;
} else if ( strequal ( param , " PRIVILEGE " ) ) {
* audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS ;
} else if ( strequal ( param , " PROCESS " ) ) {
* audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING ;
} else if ( strequal ( param , " POLICY " ) ) {
* audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES ;
} else if ( strequal ( param , " SAM " ) ) {
* audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT ;
} else if ( strequal ( param , " DIRECTORY " ) ) {
* audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS ;
} else if ( strequal ( param , " ACCOUNT " ) ) {
* audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON ;
} else {
DEBUG ( 0 , ( " unknown parameter: %s \n " , param ) ) ;
return False ;
}
return True ;
}
const char * audit_policy_str ( TALLOC_CTX * mem_ctx , uint32 policy )
{
const char * ret = NULL ;
if ( policy = = LSA_AUDIT_POLICY_NONE ) {
return talloc_strdup ( mem_ctx , " None " ) ;
}
if ( policy & LSA_AUDIT_POLICY_SUCCESS ) {
ret = talloc_strdup ( mem_ctx , " Success " ) ;
if ( ret = = NULL ) {
return NULL ;
}
}
if ( policy & LSA_AUDIT_POLICY_FAILURE ) {
if ( ret ) {
ret = talloc_asprintf ( mem_ctx , " %s, %s " , ret , " Failure " ) ;
if ( ret = = NULL ) {
return NULL ;
}
} else {
return talloc_strdup ( mem_ctx , " Failure " ) ;
}
}
return ret ;
}