sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Code
d156483d64
samba-mirror/source3/lib/audit.c

150 lines
4.3 KiB
C
Raw Normal View History

r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 19:47:24 +04:00
/*
Unix SMB/CIFS implementation.
Auditing helper functions.
Copyright (C) Guenther Deschner 2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-07-09 23:25:36 +04:00
the Free Software Foundation; either version 3 of the License, or
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 19:47:24 +04:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-07-10 04:52:41 +04:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 19:47:24 +04:00
*/
#include "includes.h"
s3: include ../librpc/gen_ndr/lsa.h where needed. Guenther
2011-03-25 13:56:10 +03:00
#include "../librpc/gen_ndr/lsa.h"
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 19:47:24 +04:00
static const struct audit_category_tab {
Change all uses of uint32/16/8 in proto.h to uint32_t/16_t/8_t. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-04-25 05:22:21 +03:00
uint32_t category;
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 19:47:24 +04:00
const char *category_str;
const char *param_str;
const char *description;
} audit_category_tab [] = {
{ LSA_AUDIT_CATEGORY_LOGON,
"LSA_AUDIT_CATEGORY_LOGON",
"LOGON", "Logon events" },
{ LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
"LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS",
"PRIVILEGE", "Privilege Use" },
{ LSA_AUDIT_CATEGORY_SYSTEM,
"LSA_AUDIT_CATEGORY_SYSTEM",
"SYSTEM", "System Events" },
{ LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
"LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES",
"POLICY", "Policy Change" },
{ LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
"LSA_AUDIT_CATEGORY_PROCCESS_TRACKING",
"PROCESS", "Process Tracking" },
{ LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
"LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS",
"OBJECT", "Object Access" },
{ LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
"LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT",
"SAM", "Account Management" },
{ LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS,
"LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS",
"DIRECTORY", "Directory service access" },
{ LSA_AUDIT_CATEGORY_ACCOUNT_LOGON,
"LSA_AUDIT_CATEGORY_ACCOUNT_LOGON",
"ACCOUNT", "Account logon events" },
{ 0, NULL, NULL }
};
Change all uses of uint32/16/8 in proto.h to uint32_t/16_t/8_t. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-04-25 05:22:21 +03:00
const char *audit_category_str(uint32_t category)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 19:47:24 +04:00
{
int i;
for (i=0; audit_category_tab[i].category_str; i++) {
if (category == audit_category_tab[i].category) {
return audit_category_tab[i].category_str;
}
}
return NULL;
}
Change all uses of uint32/16/8 in proto.h to uint32_t/16_t/8_t. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-04-25 05:22:21 +03:00
const char *audit_param_str(uint32_t category)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 19:47:24 +04:00
{
int i;
for (i=0; audit_category_tab[i].param_str; i++) {
if (category == audit_category_tab[i].category) {
return audit_category_tab[i].param_str;
}
}
return NULL;
}
Change all uses of uint32/16/8 in proto.h to uint32_t/16_t/8_t. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-04-25 05:22:21 +03:00
const char *audit_description_str(uint32_t category)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 19:47:24 +04:00
{
int i;
for (i=0; audit_category_tab[i].description; i++) {
if (category == audit_category_tab[i].category) {
return audit_category_tab[i].description;
}
}
return NULL;
}
Change all uses of uint32/16/8 in proto.h to uint32_t/16_t/8_t. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-04-25 05:22:21 +03:00
bool get_audit_category_from_param(const char *param, uint32_t *audit_category)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 19:47:24 +04:00
{
*audit_category = Undefined;
if (strequal(param, "SYSTEM")) {
*audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
} else if (strequal(param, "LOGON")) {
*audit_category = LSA_AUDIT_CATEGORY_LOGON;
} else if (strequal(param, "OBJECT")) {
*audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
} else if (strequal(param, "PRIVILEGE")) {
*audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
} else if (strequal(param, "PROCESS")) {
*audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
} else if (strequal(param, "POLICY")) {
*audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
} else if (strequal(param, "SAM")) {
*audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
} else if (strequal(param, "DIRECTORY")) {
*audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
} else if (strequal(param, "ACCOUNT")) {
*audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
} else {
DEBUG(0,("unknown parameter: %s\n", param));
return False;
}
return True;
}
Change all uses of uint32/16/8 in proto.h to uint32_t/16_t/8_t. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-04-25 05:22:21 +03:00
const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32_t policy)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 19:47:24 +04:00
{
const char *ret = NULL;
if (policy == LSA_AUDIT_POLICY_NONE) {
return talloc_strdup(mem_ctx, "None");
}
if (policy & LSA_AUDIT_POLICY_SUCCESS) {
ret = talloc_strdup(mem_ctx, "Success");
if (ret == NULL) {
return NULL;
}
}
if (policy & LSA_AUDIT_POLICY_FAILURE) {
if (ret) {
ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
if (ret == NULL) {
return NULL;
}
} else {
return talloc_strdup(mem_ctx, "Failure");
}
}
return ret;
}
Copy Permalink