mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS
servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther
This commit is contained in:
parent
41b79ee80c
commit
0fed66926f
@ -222,7 +222,7 @@ LIB_OBJ = $(VERSION_OBJ) lib/charcnv.o lib/debug.o lib/fault.o \
|
||||
lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
|
||||
lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \
|
||||
lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o @SOCKWRAP@ \
|
||||
libads/krb5_errs.o lib/system_smbd.o
|
||||
libads/krb5_errs.o lib/system_smbd.o lib/audit.o
|
||||
|
||||
LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o
|
||||
LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ)
|
||||
@ -572,7 +572,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \
|
||||
utils/net_status.o utils/net_rpc_printer.o utils/net_rpc_rights.o \
|
||||
utils/net_rpc_service.o utils/net_rpc_registry.o utils/net_usershare.o \
|
||||
utils/netlookup.o utils/net_sam.o utils/net_rpc_shell.o \
|
||||
utils/net_util.o utils/net_rpc_sh_acct.o
|
||||
utils/net_util.o utils/net_rpc_sh_acct.o utils/net_rpc_audit.o
|
||||
|
||||
NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
|
||||
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
|
||||
|
@ -86,8 +86,54 @@
|
||||
/* XXXX these are here to get a compile! */
|
||||
#define LSA_LOOKUPRIDS 0xFD
|
||||
|
||||
#define LSA_AUDIT_NUM_CATEGORIES_NT4 7
|
||||
#define LSA_AUDIT_NUM_CATEGORIES_WIN2K 9
|
||||
|
||||
#define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4
|
||||
|
||||
#define LSA_AUDIT_POLICY_NONE 0x00
|
||||
#define LSA_AUDIT_POLICY_SUCCESS 0x01
|
||||
#define LSA_AUDIT_POLICY_FAILURE 0x02
|
||||
#define LSA_AUDIT_POLICY_ALL (LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE)
|
||||
#define LSA_AUDIT_POLICY_CLEAR 0x04
|
||||
|
||||
enum lsa_audit_categories {
|
||||
LSA_AUDIT_CATEGORY_SYSTEM = 0,
|
||||
LSA_AUDIT_CATEGORY_LOGON = 1,
|
||||
LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
|
||||
LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
|
||||
LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
|
||||
LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
|
||||
LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
|
||||
LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS, /* only in win2k/2k3 */
|
||||
LSA_AUDIT_CATEGORY_ACCOUNT_LOGON /* only in win2k/2k3 */
|
||||
};
|
||||
|
||||
/* level 1 is auditing settings */
|
||||
typedef struct dom_query_1
|
||||
{
|
||||
uint32 percent_full;
|
||||
uint32 log_size;
|
||||
NTTIME retention_time;
|
||||
uint8 shutdown_in_progress;
|
||||
NTTIME time_to_shutdown;
|
||||
uint32 next_audit_record;
|
||||
uint32 unknown;
|
||||
} DOM_QUERY_1;
|
||||
|
||||
|
||||
/* level 2 is auditing settings */
|
||||
typedef struct dom_query_2
|
||||
{
|
||||
uint32 auditing_enabled;
|
||||
uint32 count1; /* usualy 7, at least on nt4sp4 */
|
||||
uint32 count2; /* the same */
|
||||
uint32 ptr;
|
||||
uint32 *auditsettings;
|
||||
} DOM_QUERY_2;
|
||||
|
||||
/* DOM_QUERY - info class 3 and 5 LSA Query response */
|
||||
typedef struct dom_query_info
|
||||
typedef struct dom_query_info_3
|
||||
{
|
||||
uint16 uni_dom_max_len; /* domain name string length * 2 */
|
||||
uint16 uni_dom_str_len; /* domain name string length * 2 */
|
||||
@ -96,20 +142,10 @@ typedef struct dom_query_info
|
||||
UNISTR2 uni_domain_name; /* domain name (unicode string) */
|
||||
DOM_SID2 dom_sid; /* domain SID */
|
||||
|
||||
} DOM_QUERY;
|
||||
} DOM_QUERY_3;
|
||||
|
||||
/* level 5 is same as level 3. */
|
||||
typedef DOM_QUERY DOM_QUERY_3;
|
||||
typedef DOM_QUERY DOM_QUERY_5;
|
||||
|
||||
/* level 2 is auditing settings */
|
||||
typedef struct dom_query_2
|
||||
{
|
||||
uint32 auditing_enabled;
|
||||
uint32 count1; /* usualy 7, at least on nt4sp4 */
|
||||
uint32 count2; /* the same */
|
||||
uint32 *auditsettings;
|
||||
} DOM_QUERY_2;
|
||||
typedef DOM_QUERY_3 DOM_QUERY_5;
|
||||
|
||||
/* level 6 is server role information */
|
||||
typedef struct dom_query_6
|
||||
@ -117,6 +153,37 @@ typedef struct dom_query_6
|
||||
uint16 server_role; /* 2=backup, 3=primary */
|
||||
} DOM_QUERY_6;
|
||||
|
||||
/* level 10 is audit full set info */
|
||||
typedef struct dom_query_10
|
||||
{
|
||||
uint8 shutdown_on_full;
|
||||
} DOM_QUERY_10;
|
||||
|
||||
/* level 11 is audit full query info */
|
||||
typedef struct dom_query_11
|
||||
{
|
||||
uint16 unknown;
|
||||
uint8 shutdown_on_full;
|
||||
uint8 log_is_full;
|
||||
} DOM_QUERY_11;
|
||||
|
||||
/* level 12 is DNS domain info */
|
||||
typedef struct lsa_dns_dom_info
|
||||
{
|
||||
UNIHDR hdr_nb_dom_name; /* netbios domain name */
|
||||
UNIHDR hdr_dns_dom_name;
|
||||
UNIHDR hdr_forest_name;
|
||||
|
||||
struct uuid dom_guid; /* domain GUID */
|
||||
|
||||
UNISTR2 uni_nb_dom_name;
|
||||
UNISTR2 uni_dns_dom_name;
|
||||
UNISTR2 uni_forest_name;
|
||||
|
||||
uint32 ptr_dom_sid;
|
||||
DOM_SID2 dom_sid; /* domain SID */
|
||||
} DOM_QUERY_12;
|
||||
|
||||
typedef struct seq_qos_info
|
||||
{
|
||||
uint32 len; /* 12 */
|
||||
@ -245,67 +312,56 @@ typedef struct r_lsa_query_sec_obj_info
|
||||
typedef struct lsa_query_info
|
||||
{
|
||||
POLICY_HND pol; /* policy handle */
|
||||
uint16 info_class; /* info class */
|
||||
uint16 info_class; /* info class */
|
||||
|
||||
} LSA_Q_QUERY_INFO;
|
||||
|
||||
/* LSA_INFO_UNION */
|
||||
typedef union lsa_info_union
|
||||
/* LSA_INFO_CTR */
|
||||
typedef struct lsa_info_ctr
|
||||
{
|
||||
DOM_QUERY_2 id2;
|
||||
DOM_QUERY_3 id3;
|
||||
DOM_QUERY_5 id5;
|
||||
DOM_QUERY_6 id6;
|
||||
} LSA_INFO_UNION;
|
||||
uint16 info_class;
|
||||
union {
|
||||
DOM_QUERY_1 id1;
|
||||
DOM_QUERY_2 id2;
|
||||
DOM_QUERY_3 id3;
|
||||
DOM_QUERY_5 id5;
|
||||
DOM_QUERY_6 id6;
|
||||
DOM_QUERY_10 id10;
|
||||
DOM_QUERY_11 id11;
|
||||
DOM_QUERY_12 id12;
|
||||
} info;
|
||||
|
||||
} LSA_INFO_CTR;
|
||||
|
||||
typedef LSA_INFO_CTR LSA_INFO_CTR2;
|
||||
|
||||
/* LSA_Q_SET_INFO - LSA set info policy */
|
||||
typedef struct lsa_set_info
|
||||
{
|
||||
POLICY_HND pol; /* policy handle */
|
||||
uint16 info_class; /* info class */
|
||||
LSA_INFO_CTR ctr;
|
||||
|
||||
} LSA_Q_SET_INFO;
|
||||
|
||||
/* LSA_R_SET_INFO - response to LSA set info policy */
|
||||
typedef struct lsa_r_set_info
|
||||
{
|
||||
NTSTATUS status; /* return code */
|
||||
|
||||
} LSA_R_SET_INFO;
|
||||
|
||||
/* LSA_R_QUERY_INFO - response to LSA query info policy */
|
||||
typedef struct lsa_r_query_info
|
||||
{
|
||||
uint32 undoc_buffer; /* undocumented buffer pointer */
|
||||
uint16 info_class; /* info class (same as info class in request) */
|
||||
|
||||
LSA_INFO_UNION dom;
|
||||
|
||||
uint32 dom_ptr; /* undocumented buffer pointer */
|
||||
LSA_INFO_CTR ctr;
|
||||
NTSTATUS status; /* return code */
|
||||
|
||||
} LSA_R_QUERY_INFO;
|
||||
|
||||
/* LSA_DNS_DOM_INFO - DNS domain info - info class 12*/
|
||||
typedef struct lsa_dns_dom_info
|
||||
{
|
||||
UNIHDR hdr_nb_dom_name; /* netbios domain name */
|
||||
UNIHDR hdr_dns_dom_name;
|
||||
UNIHDR hdr_forest_name;
|
||||
|
||||
struct uuid dom_guid; /* domain GUID */
|
||||
|
||||
UNISTR2 uni_nb_dom_name;
|
||||
UNISTR2 uni_dns_dom_name;
|
||||
UNISTR2 uni_forest_name;
|
||||
|
||||
uint32 ptr_dom_sid;
|
||||
DOM_SID2 dom_sid; /* domain SID */
|
||||
} LSA_DNS_DOM_INFO;
|
||||
|
||||
typedef union lsa_info2_union
|
||||
{
|
||||
LSA_DNS_DOM_INFO dns_dom_info;
|
||||
} LSA_INFO2_UNION;
|
||||
|
||||
/* LSA_Q_QUERY_INFO2 - LSA query info */
|
||||
typedef struct lsa_q_query_info2
|
||||
{
|
||||
POLICY_HND pol; /* policy handle */
|
||||
uint16 info_class; /* info class */
|
||||
} LSA_Q_QUERY_INFO2;
|
||||
|
||||
typedef struct lsa_r_query_info2
|
||||
{
|
||||
uint32 ptr; /* pointer to info struct */
|
||||
uint16 info_class;
|
||||
LSA_INFO2_UNION info; /* so far the only one */
|
||||
NTSTATUS status;
|
||||
} LSA_R_QUERY_INFO2;
|
||||
typedef LSA_Q_QUERY_INFO LSA_Q_QUERY_INFO2;
|
||||
typedef LSA_R_QUERY_INFO LSA_R_QUERY_INFO2;
|
||||
|
||||
/*******************************************************/
|
||||
|
||||
|
149
source/lib/audit.c
Normal file
149
source/lib/audit.c
Normal file
@ -0,0 +1,149 @@
|
||||
/*
|
||||
Unix SMB/CIFS implementation.
|
||||
Auditing helper functions.
|
||||
Copyright (C) Guenther Deschner 2006
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
static const struct audit_category_tab {
|
||||
uint32 category;
|
||||
const char *category_str;
|
||||
const char *param_str;
|
||||
const char *description;
|
||||
} audit_category_tab [] = {
|
||||
{ LSA_AUDIT_CATEGORY_LOGON,
|
||||
"LSA_AUDIT_CATEGORY_LOGON",
|
||||
"LOGON", "Logon events" },
|
||||
{ LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
|
||||
"LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS",
|
||||
"PRIVILEGE", "Privilege Use" },
|
||||
{ LSA_AUDIT_CATEGORY_SYSTEM,
|
||||
"LSA_AUDIT_CATEGORY_SYSTEM",
|
||||
"SYSTEM", "System Events" },
|
||||
{ LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
|
||||
"LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES",
|
||||
"POLICY", "Policy Change" },
|
||||
{ LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
|
||||
"LSA_AUDIT_CATEGORY_PROCCESS_TRACKING",
|
||||
"PROCESS", "Process Tracking" },
|
||||
{ LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
|
||||
"LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS",
|
||||
"OBJECT", "Object Access" },
|
||||
{ LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
|
||||
"LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT",
|
||||
"SAM", "Account Management" },
|
||||
{ LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS,
|
||||
"LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS",
|
||||
"DIRECTORY", "Directory service access" },
|
||||
{ LSA_AUDIT_CATEGORY_ACCOUNT_LOGON,
|
||||
"LSA_AUDIT_CATEGORY_ACCOUNT_LOGON",
|
||||
"ACCOUNT", "Account logon events" },
|
||||
{ 0, NULL, NULL }
|
||||
};
|
||||
|
||||
const char *audit_category_str(uint32 category)
|
||||
{
|
||||
int i;
|
||||
for (i=0; audit_category_tab[i].category_str; i++) {
|
||||
if (category == audit_category_tab[i].category) {
|
||||
return audit_category_tab[i].category_str;
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const char *audit_param_str(uint32 category)
|
||||
{
|
||||
int i;
|
||||
for (i=0; audit_category_tab[i].param_str; i++) {
|
||||
if (category == audit_category_tab[i].category) {
|
||||
return audit_category_tab[i].param_str;
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const char *audit_description_str(uint32 category)
|
||||
{
|
||||
int i;
|
||||
for (i=0; audit_category_tab[i].description; i++) {
|
||||
if (category == audit_category_tab[i].category) {
|
||||
return audit_category_tab[i].description;
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
BOOL get_audit_category_from_param(const char *param, uint32 *audit_category)
|
||||
{
|
||||
*audit_category = Undefined;
|
||||
|
||||
if (strequal(param, "SYSTEM")) {
|
||||
*audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
|
||||
} else if (strequal(param, "LOGON")) {
|
||||
*audit_category = LSA_AUDIT_CATEGORY_LOGON;
|
||||
} else if (strequal(param, "OBJECT")) {
|
||||
*audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
|
||||
} else if (strequal(param, "PRIVILEGE")) {
|
||||
*audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
|
||||
} else if (strequal(param, "PROCESS")) {
|
||||
*audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
|
||||
} else if (strequal(param, "POLICY")) {
|
||||
*audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
|
||||
} else if (strequal(param, "SAM")) {
|
||||
*audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
|
||||
} else if (strequal(param, "DIRECTORY")) {
|
||||
*audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
|
||||
} else if (strequal(param, "ACCOUNT")) {
|
||||
*audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
|
||||
} else {
|
||||
DEBUG(0,("unknown parameter: %s\n", param));
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy)
|
||||
{
|
||||
const char *ret = NULL;
|
||||
|
||||
if (policy == LSA_AUDIT_POLICY_NONE) {
|
||||
return talloc_strdup(mem_ctx, "None");
|
||||
}
|
||||
|
||||
if (policy & LSA_AUDIT_POLICY_SUCCESS) {
|
||||
ret = talloc_strdup(mem_ctx, "Success");
|
||||
if (ret == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (policy & LSA_AUDIT_POLICY_FAILURE) {
|
||||
if (ret) {
|
||||
ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
|
||||
if (ret == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
} else {
|
||||
return talloc_strdup(mem_ctx, "Failure");
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
@ -378,6 +378,76 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
|
||||
return result;
|
||||
}
|
||||
|
||||
NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
||||
POLICY_HND *pol, uint16 info_class,
|
||||
LSA_INFO_CTR *ctr)
|
||||
{
|
||||
prs_struct qbuf, rbuf;
|
||||
LSA_Q_QUERY_INFO q;
|
||||
LSA_R_QUERY_INFO r;
|
||||
NTSTATUS result;
|
||||
|
||||
ZERO_STRUCT(q);
|
||||
ZERO_STRUCT(r);
|
||||
|
||||
init_q_query(&q, pol, info_class);
|
||||
|
||||
CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY,
|
||||
q, r,
|
||||
qbuf, rbuf,
|
||||
lsa_io_q_query,
|
||||
lsa_io_r_query,
|
||||
NT_STATUS_UNSUCCESSFUL);
|
||||
|
||||
result = r.status;
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
done:
|
||||
|
||||
*ctr = r.ctr;
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
||||
POLICY_HND *pol, uint16 info_class,
|
||||
LSA_INFO_CTR2 *ctr)
|
||||
{
|
||||
prs_struct qbuf, rbuf;
|
||||
LSA_Q_QUERY_INFO2 q;
|
||||
LSA_R_QUERY_INFO2 r;
|
||||
NTSTATUS result;
|
||||
|
||||
ZERO_STRUCT(q);
|
||||
ZERO_STRUCT(r);
|
||||
|
||||
init_q_query2(&q, pol, info_class);
|
||||
|
||||
CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2,
|
||||
q, r,
|
||||
qbuf, rbuf,
|
||||
lsa_io_q_query_info2,
|
||||
lsa_io_r_query_info2,
|
||||
NT_STATUS_UNSUCCESSFUL);
|
||||
|
||||
result = r.status;
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
done:
|
||||
|
||||
*ctr = r.ctr;
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/** Query info policy
|
||||
*
|
||||
* @param domain_sid - returned remote server's domain sid */
|
||||
@ -415,42 +485,42 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli,
|
||||
switch (info_class) {
|
||||
|
||||
case 3:
|
||||
if (domain_name && (r.dom.id3.buffer_dom_name != 0)) {
|
||||
if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) {
|
||||
*domain_name = unistr2_tdup(mem_ctx,
|
||||
&r.dom.id3.
|
||||
&r.ctr.info.id3.
|
||||
uni_domain_name);
|
||||
if (!*domain_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
if (domain_sid && (r.dom.id3.buffer_dom_sid != 0)) {
|
||||
if (domain_sid && (r.ctr.info.id3.buffer_dom_sid != 0)) {
|
||||
*domain_sid = TALLOC_P(mem_ctx, DOM_SID);
|
||||
if (!*domain_sid) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid);
|
||||
sid_copy(*domain_sid, &r.ctr.info.id3.dom_sid.sid);
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
case 5:
|
||||
|
||||
if (domain_name && (r.dom.id5.buffer_dom_name != 0)) {
|
||||
if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) {
|
||||
*domain_name = unistr2_tdup(mem_ctx,
|
||||
&r.dom.id5.
|
||||
&r.ctr.info.id5.
|
||||
uni_domain_name);
|
||||
if (!*domain_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
if (domain_sid && (r.dom.id5.buffer_dom_sid != 0)) {
|
||||
if (domain_sid && (r.ctr.info.id5.buffer_dom_sid != 0)) {
|
||||
*domain_sid = TALLOC_P(mem_ctx, DOM_SID);
|
||||
if (!*domain_sid) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid);
|
||||
sid_copy(*domain_sid, &r.ctr.info.id5.dom_sid.sid);
|
||||
}
|
||||
break;
|
||||
|
||||
@ -510,25 +580,25 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli,
|
||||
|
||||
ZERO_STRUCTP(domain_guid);
|
||||
|
||||
if (domain_name && r.info.dns_dom_info.hdr_nb_dom_name.buffer) {
|
||||
if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) {
|
||||
*domain_name = unistr2_tdup(mem_ctx,
|
||||
&r.info.dns_dom_info
|
||||
&r.ctr.info.id12
|
||||
.uni_nb_dom_name);
|
||||
if (!*domain_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
}
|
||||
if (dns_name && r.info.dns_dom_info.hdr_dns_dom_name.buffer) {
|
||||
if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) {
|
||||
*dns_name = unistr2_tdup(mem_ctx,
|
||||
&r.info.dns_dom_info
|
||||
&r.ctr.info.id12
|
||||
.uni_dns_dom_name);
|
||||
if (!*dns_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
}
|
||||
if (forest_name && r.info.dns_dom_info.hdr_forest_name.buffer) {
|
||||
if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) {
|
||||
*forest_name = unistr2_tdup(mem_ctx,
|
||||
&r.info.dns_dom_info
|
||||
&r.ctr.info.id12
|
||||
.uni_forest_name);
|
||||
if (!*forest_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
@ -541,17 +611,17 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
memcpy(*domain_guid,
|
||||
&r.info.dns_dom_info.dom_guid,
|
||||
&r.ctr.info.id12.dom_guid,
|
||||
sizeof(struct uuid));
|
||||
}
|
||||
|
||||
if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) {
|
||||
if (domain_sid && r.ctr.info.id12.ptr_dom_sid != 0) {
|
||||
*domain_sid = TALLOC_P(mem_ctx, DOM_SID);
|
||||
if (!*domain_sid) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
sid_copy(*domain_sid,
|
||||
&r.info.dns_dom_info.dom_sid.sid);
|
||||
&r.ctr.info.id12.dom_sid.sid);
|
||||
}
|
||||
|
||||
done:
|
||||
@ -559,6 +629,41 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli,
|
||||
return result;
|
||||
}
|
||||
|
||||
NTSTATUS rpccli_lsa_set_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
||||
POLICY_HND *pol, uint16 info_class,
|
||||
LSA_INFO_CTR ctr)
|
||||
{
|
||||
prs_struct qbuf, rbuf;
|
||||
LSA_Q_SET_INFO q;
|
||||
LSA_R_SET_INFO r;
|
||||
NTSTATUS result;
|
||||
|
||||
ZERO_STRUCT(q);
|
||||
ZERO_STRUCT(r);
|
||||
|
||||
init_q_set(&q, pol, info_class, ctr);
|
||||
|
||||
CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_SETINFOPOLICY,
|
||||
q, r,
|
||||
qbuf, rbuf,
|
||||
lsa_io_q_set,
|
||||
lsa_io_r_set,
|
||||
NT_STATUS_UNSUCCESSFUL);
|
||||
|
||||
result = r.status;
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Return output parameters */
|
||||
|
||||
done:
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Enumerate list of trusted domains
|
||||
*
|
||||
|
@ -674,15 +674,89 @@ BOOL lsa_io_r_enum_trust_dom(const char *desc, LSA_R_ENUM_TRUST_DOM *out,
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
reads or writes a dom query structure.
|
||||
reads or writes a structure.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL lsa_io_dom_query(const char *desc, DOM_QUERY *d_q, prs_struct *ps, int depth)
|
||||
static BOOL lsa_io_dom_query_1(const char *desc, DOM_QUERY_1 *d_q, prs_struct *ps, int depth)
|
||||
{
|
||||
if (d_q == NULL)
|
||||
return False;
|
||||
|
||||
prs_debug(ps, depth, desc, "lsa_io_dom_query");
|
||||
prs_debug(ps, depth, desc, "lsa_io_dom_query_1");
|
||||
depth++;
|
||||
|
||||
if (!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if (!prs_uint32("percent_full", ps, depth, &d_q->percent_full))
|
||||
return False;
|
||||
if (!prs_uint32("log_size", ps, depth, &d_q->log_size))
|
||||
return False;
|
||||
if (!smb_io_nttime("retention_time", ps, depth, &d_q->retention_time))
|
||||
return False;
|
||||
if (!prs_uint8("shutdown_in_progress", ps, depth, &d_q->shutdown_in_progress))
|
||||
return False;
|
||||
if (!smb_io_nttime("time_to_shutdown", ps, depth, &d_q->time_to_shutdown))
|
||||
return False;
|
||||
if (!prs_uint32("next_audit_record", ps, depth, &d_q->next_audit_record))
|
||||
return False;
|
||||
if (!prs_uint32("unknown", ps, depth, &d_q->unknown))
|
||||
return False;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
reads or writes a structure.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL lsa_io_dom_query_2(const char *desc, DOM_QUERY_2 *d_q, prs_struct *ps, int depth)
|
||||
{
|
||||
if (d_q == NULL)
|
||||
return False;
|
||||
|
||||
prs_debug(ps, depth, desc, "lsa_io_dom_query_2");
|
||||
depth++;
|
||||
|
||||
if (!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if (!prs_uint32("auditing_enabled", ps, depth, &d_q->auditing_enabled))
|
||||
return False;
|
||||
if (!prs_uint32("ptr ", ps, depth, &d_q->ptr))
|
||||
return False;
|
||||
if (!prs_uint32("count1", ps, depth, &d_q->count1))
|
||||
return False;
|
||||
|
||||
if (d_q->ptr) {
|
||||
|
||||
if (!prs_uint32("count2", ps, depth, &d_q->count2))
|
||||
return False;
|
||||
|
||||
if (d_q->count1 != d_q->count2)
|
||||
return False;
|
||||
|
||||
if (UNMARSHALLING(ps)) {
|
||||
d_q->auditsettings = TALLOC_ZERO_ARRAY(ps->mem_ctx, uint32, d_q->count2);
|
||||
}
|
||||
|
||||
if (!prs_uint32s(False, "auditsettings", ps, depth, d_q->auditsettings, d_q->count2))
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
reads or writes a dom query structure.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL lsa_io_dom_query_3(const char *desc, DOM_QUERY_3 *d_q, prs_struct *ps, int depth)
|
||||
{
|
||||
if (d_q == NULL)
|
||||
return False;
|
||||
|
||||
prs_debug(ps, depth, desc, "lsa_io_dom_query_3");
|
||||
depth++;
|
||||
|
||||
if(!prs_align(ps))
|
||||
@ -714,63 +788,13 @@ static BOOL lsa_io_dom_query(const char *desc, DOM_QUERY *d_q, prs_struct *ps, i
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
reads or writes a structure.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL lsa_io_dom_query_2(const char *desc, DOM_QUERY_2 *d_q, prs_struct *ps, int depth)
|
||||
{
|
||||
uint32 ptr = 1;
|
||||
|
||||
if (d_q == NULL)
|
||||
return False;
|
||||
|
||||
prs_debug(ps, depth, desc, "lsa_io_dom_query_2");
|
||||
depth++;
|
||||
|
||||
if (!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if (!prs_uint32("auditing_enabled", ps, depth, &d_q->auditing_enabled))
|
||||
return False;
|
||||
if (!prs_uint32("ptr ", ps, depth, &ptr))
|
||||
return False;
|
||||
if (!prs_uint32("count1", ps, depth, &d_q->count1))
|
||||
return False;
|
||||
if (!prs_uint32("count2", ps, depth, &d_q->count2))
|
||||
return False;
|
||||
|
||||
if (UNMARSHALLING(ps)) {
|
||||
d_q->auditsettings = TALLOC_ZERO_ARRAY(ps->mem_ctx, uint32, d_q->count2);
|
||||
}
|
||||
|
||||
if (d_q->auditsettings == NULL) {
|
||||
DEBUG(1, ("lsa_io_dom_query_2: NULL auditsettings!\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!prs_uint32s(False, "auditsettings", ps, depth, d_q->auditsettings, d_q->count2))
|
||||
return False;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Reads or writes a dom query structure.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL lsa_io_dom_query_3(const char *desc, DOM_QUERY_3 *d_q, prs_struct *ps, int depth)
|
||||
{
|
||||
return lsa_io_dom_query("", d_q, ps, depth);
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Reads or writes a dom query structure.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL lsa_io_dom_query_5(const char *desc, DOM_QUERY_5 *d_q, prs_struct *ps, int depth)
|
||||
{
|
||||
return lsa_io_dom_query("", d_q, ps, depth);
|
||||
return lsa_io_dom_query_3("", d_q, ps, depth);
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
@ -791,46 +815,232 @@ static BOOL lsa_io_dom_query_6(const char *desc, DOM_QUERY_6 *d_q, prs_struct *p
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Reads or writes a dom query structure.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL lsa_io_dom_query_10(const char *desc, DOM_QUERY_10 *d_q, prs_struct *ps, int depth)
|
||||
{
|
||||
if (d_q == NULL)
|
||||
return False;
|
||||
|
||||
prs_debug(ps, depth, desc, "lsa_io_dom_query_10");
|
||||
depth++;
|
||||
|
||||
if (!prs_uint8("shutdown_on_full", ps, depth, &d_q->shutdown_on_full))
|
||||
return False;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Reads or writes a dom query structure.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL lsa_io_dom_query_11(const char *desc, DOM_QUERY_11 *d_q, prs_struct *ps, int depth)
|
||||
{
|
||||
if (d_q == NULL)
|
||||
return False;
|
||||
|
||||
prs_debug(ps, depth, desc, "lsa_io_dom_query_11");
|
||||
depth++;
|
||||
|
||||
if (!prs_uint16("unknown", ps, depth, &d_q->unknown))
|
||||
return False;
|
||||
if (!prs_uint8("shutdown_on_full", ps, depth, &d_q->shutdown_on_full))
|
||||
return False;
|
||||
if (!prs_uint8("log_is_full", ps, depth, &d_q->log_is_full))
|
||||
return False;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Reads or writes an LSA_DNS_DOM_INFO structure.
|
||||
********************************************************************/
|
||||
|
||||
BOOL lsa_io_dom_query_12(const char *desc, DOM_QUERY_12 *info, prs_struct *ps, int depth)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "lsa_io_dom_query_12");
|
||||
depth++;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
if(!smb_io_unihdr("nb_name", &info->hdr_nb_dom_name, ps, depth))
|
||||
return False;
|
||||
if(!smb_io_unihdr("dns_name", &info->hdr_dns_dom_name, ps, depth))
|
||||
return False;
|
||||
if(!smb_io_unihdr("forest", &info->hdr_forest_name, ps, depth))
|
||||
return False;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
if ( !smb_io_uuid("dom_guid", &info->dom_guid, ps, depth) )
|
||||
return False;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
if(!prs_uint32("dom_sid", ps, depth, &info->ptr_dom_sid))
|
||||
return False;
|
||||
|
||||
if(!smb_io_unistr2("nb_name", &info->uni_nb_dom_name,
|
||||
info->hdr_nb_dom_name.buffer, ps, depth))
|
||||
return False;
|
||||
if(!smb_io_unistr2("dns_name", &info->uni_dns_dom_name,
|
||||
info->hdr_dns_dom_name.buffer, ps, depth))
|
||||
return False;
|
||||
if(!smb_io_unistr2("forest", &info->uni_forest_name,
|
||||
info->hdr_forest_name.buffer, ps, depth))
|
||||
return False;
|
||||
|
||||
if(!smb_io_dom_sid2("dom_sid", &info->dom_sid, ps, depth))
|
||||
return False;
|
||||
|
||||
return True;
|
||||
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Inits an LSA_Q_QUERY_INFO structure.
|
||||
********************************************************************/
|
||||
|
||||
void init_q_set(LSA_Q_SET_INFO *in, POLICY_HND *hnd, uint16 info_class, LSA_INFO_CTR ctr)
|
||||
{
|
||||
DEBUG(5,("init_q_set\n"));
|
||||
|
||||
in->info_class = info_class;
|
||||
|
||||
in->pol = *hnd;
|
||||
|
||||
in->ctr = ctr;
|
||||
in->ctr.info_class = info_class;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
reads or writes a structure.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL lsa_io_query_info_ctr2(const char *desc, prs_struct *ps, int depth, LSA_INFO_CTR2 *ctr)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "lsa_io_query_info_ctr2");
|
||||
depth++;
|
||||
|
||||
if(!prs_uint16("info_class", ps, depth, &ctr->info_class))
|
||||
return False;
|
||||
|
||||
switch (ctr->info_class) {
|
||||
case 1:
|
||||
if(!lsa_io_dom_query_1("", &ctr->info.id1, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 2:
|
||||
if(!lsa_io_dom_query_2("", &ctr->info.id2, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 3:
|
||||
if(!lsa_io_dom_query_3("", &ctr->info.id3, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 5:
|
||||
if(!lsa_io_dom_query_5("", &ctr->info.id5, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 6:
|
||||
if(!lsa_io_dom_query_6("", &ctr->info.id6, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 10:
|
||||
if(!lsa_io_dom_query_10("", &ctr->info.id10, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 11:
|
||||
if(!lsa_io_dom_query_11("", &ctr->info.id11, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 12:
|
||||
if(!lsa_io_dom_query_12("", &ctr->info.id12, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
default:
|
||||
DEBUG(0,("invalid info_class: %d\n", ctr->info_class));
|
||||
return False;
|
||||
break;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
/*******************************************************************
|
||||
reads or writes a structure.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL lsa_io_query_info_ctr(const char *desc, prs_struct *ps, int depth, LSA_INFO_CTR *ctr)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "lsa_io_query_info_ctr");
|
||||
depth++;
|
||||
|
||||
if(!prs_uint16("info_class", ps, depth, &ctr->info_class))
|
||||
return False;
|
||||
|
||||
switch (ctr->info_class) {
|
||||
case 1:
|
||||
if(!lsa_io_dom_query_1("", &ctr->info.id1, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 2:
|
||||
if(!lsa_io_dom_query_2("", &ctr->info.id2, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 3:
|
||||
if(!lsa_io_dom_query_3("", &ctr->info.id3, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 5:
|
||||
if(!lsa_io_dom_query_5("", &ctr->info.id5, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 6:
|
||||
if(!lsa_io_dom_query_6("", &ctr->info.id6, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 10:
|
||||
if(!lsa_io_dom_query_10("", &ctr->info.id10, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 11:
|
||||
if(!lsa_io_dom_query_11("", &ctr->info.id11, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
default:
|
||||
DEBUG(0,("invalid info_class: %d\n", ctr->info_class));
|
||||
return False;
|
||||
break;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Reads or writes an LSA_R_QUERY_INFO structure.
|
||||
********************************************************************/
|
||||
|
||||
BOOL lsa_io_r_query(const char *desc, LSA_R_QUERY_INFO *out, prs_struct *ps, int depth)
|
||||
{
|
||||
|
||||
prs_debug(ps, depth, desc, "lsa_io_r_query");
|
||||
depth++;
|
||||
|
||||
if(!prs_uint32("undoc_buffer", ps, depth, &out->undoc_buffer))
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if (out->undoc_buffer != 0) {
|
||||
if(!prs_uint16("info_class", ps, depth, &out->info_class))
|
||||
return False;
|
||||
if(!prs_uint32("dom_ptr", ps, depth, &out->dom_ptr))
|
||||
return False;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
if (out->dom_ptr) {
|
||||
|
||||
switch (out->info_class) {
|
||||
case 2:
|
||||
if(!lsa_io_dom_query_2("", &out->dom.id2, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 3:
|
||||
if(!lsa_io_dom_query_3("", &out->dom.id3, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 5:
|
||||
if(!lsa_io_dom_query_5("", &out->dom.id5, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
case 6:
|
||||
if(!lsa_io_dom_query_6("", &out->dom.id6, ps, depth))
|
||||
return False;
|
||||
break;
|
||||
default:
|
||||
/* PANIC! */
|
||||
break;
|
||||
}
|
||||
if(!lsa_io_query_info_ctr("", ps, depth, &out->ctr))
|
||||
return False;
|
||||
}
|
||||
|
||||
if(!prs_align(ps))
|
||||
@ -842,6 +1052,49 @@ BOOL lsa_io_r_query(const char *desc, LSA_R_QUERY_INFO *out, prs_struct *ps, int
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Reads or writes an LSA_Q_SET_INFO structure.
|
||||
********************************************************************/
|
||||
|
||||
BOOL lsa_io_q_set(const char *desc, LSA_Q_SET_INFO *in, prs_struct *ps,
|
||||
int depth)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "lsa_io_q_set");
|
||||
depth++;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if(!smb_io_pol_hnd("", &in->pol, ps, depth))
|
||||
return False;
|
||||
|
||||
if(!prs_uint16("info_class", ps, depth, &in->info_class))
|
||||
return False;
|
||||
|
||||
if(!lsa_io_query_info_ctr("", ps, depth, &in->ctr))
|
||||
return False;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Reads or writes an LSA_R_SET_INFO structure.
|
||||
********************************************************************/
|
||||
|
||||
BOOL lsa_io_r_set(const char *desc, LSA_R_SET_INFO *out, prs_struct *ps, int depth)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "lsa_io_r_set");
|
||||
depth++;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if(!prs_ntstatus("status", ps, depth, &out->status))
|
||||
return False;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Inits a LSA_SID_ENUM structure.
|
||||
********************************************************************/
|
||||
@ -2851,52 +3104,6 @@ BOOL policy_handle_is_valid(const POLICY_HND *hnd)
|
||||
return ((memcmp(&zero_pol, hnd, sizeof(POLICY_HND)) == 0) ? False : True );
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Reads or writes an LSA_DNS_DOM_INFO structure.
|
||||
********************************************************************/
|
||||
|
||||
BOOL lsa_io_dns_dom_info(const char *desc, LSA_DNS_DOM_INFO *info,
|
||||
prs_struct *ps, int depth)
|
||||
{
|
||||
prs_debug(ps, depth, desc, "lsa_io_dns_dom_info");
|
||||
depth++;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
if(!smb_io_unihdr("nb_name", &info->hdr_nb_dom_name, ps, depth))
|
||||
return False;
|
||||
if(!smb_io_unihdr("dns_name", &info->hdr_dns_dom_name, ps, depth))
|
||||
return False;
|
||||
if(!smb_io_unihdr("forest", &info->hdr_forest_name, ps, depth))
|
||||
return False;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
if ( !smb_io_uuid("dom_guid", &info->dom_guid, ps, depth) )
|
||||
return False;
|
||||
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
if(!prs_uint32("dom_sid", ps, depth, &info->ptr_dom_sid))
|
||||
return False;
|
||||
|
||||
if(!smb_io_unistr2("nb_name", &info->uni_nb_dom_name,
|
||||
info->hdr_nb_dom_name.buffer, ps, depth))
|
||||
return False;
|
||||
if(!smb_io_unistr2("dns_name", &info->uni_dns_dom_name,
|
||||
info->hdr_dns_dom_name.buffer, ps, depth))
|
||||
return False;
|
||||
if(!smb_io_unistr2("forest", &info->uni_forest_name,
|
||||
info->hdr_forest_name.buffer, ps, depth))
|
||||
return False;
|
||||
|
||||
if(!smb_io_dom_sid2("dom_sid", &info->dom_sid, ps, depth))
|
||||
return False;
|
||||
|
||||
return True;
|
||||
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Inits an LSA_Q_QUERY_INFO2 structure.
|
||||
********************************************************************/
|
||||
@ -2944,20 +3151,13 @@ BOOL lsa_io_r_query_info2(const char *desc, LSA_R_QUERY_INFO2 *out,
|
||||
if(!prs_align(ps))
|
||||
return False;
|
||||
|
||||
if(!prs_uint32("ptr", ps, depth, &out->ptr))
|
||||
if(!prs_uint32("dom_ptr", ps, depth, &out->dom_ptr))
|
||||
return False;
|
||||
if(!prs_uint16("info_class", ps, depth, &out->info_class))
|
||||
return False;
|
||||
switch(out->info_class) {
|
||||
case 0x000c:
|
||||
if (!lsa_io_dns_dom_info("info12", &out->info.dns_dom_info,
|
||||
ps, depth))
|
||||
|
||||
if (out->dom_ptr) {
|
||||
|
||||
if(!lsa_io_query_info_ctr2("", ps, depth, &out->ctr))
|
||||
return False;
|
||||
break;
|
||||
default:
|
||||
DEBUG(0,("lsa_io_r_query_info2: unknown info class %d\n",
|
||||
out->info_class));
|
||||
return False;
|
||||
}
|
||||
|
||||
if(!prs_align(ps))
|
||||
|
@ -62,7 +62,7 @@ static void free_lsa_info(void *ptr)
|
||||
Init dom_query
|
||||
***************************************************************************/
|
||||
|
||||
static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_sid)
|
||||
static void init_dom_query_3(DOM_QUERY_3 *d_q, const char *dom_name, DOM_SID *dom_sid)
|
||||
{
|
||||
d_q->buffer_dom_name = (dom_name != NULL) ? 1 : 0; /* domain buffer pointer */
|
||||
d_q->buffer_dom_sid = (dom_sid != NULL) ? 1 : 0; /* domain sid pointer */
|
||||
@ -93,6 +93,15 @@ static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_si
|
||||
init_dom_sid2(&d_q->dom_sid, dom_sid);
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
Init dom_query
|
||||
***************************************************************************/
|
||||
|
||||
static void init_dom_query_5(DOM_QUERY_5 *d_q, const char *dom_name, DOM_SID *dom_sid)
|
||||
{
|
||||
return init_dom_query_3(d_q, dom_name, dom_sid);
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
init_dom_ref - adds a domain if it's not already in, returns the index.
|
||||
***************************************************************************/
|
||||
@ -678,7 +687,7 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u,
|
||||
NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO *r_u)
|
||||
{
|
||||
struct lsa_info *handle;
|
||||
LSA_INFO_UNION *info = &r_u->dom;
|
||||
LSA_INFO_CTR *ctr = &r_u->ctr;
|
||||
DOM_SID domain_sid;
|
||||
const char *name;
|
||||
DOM_SID *sid = NULL;
|
||||
@ -691,19 +700,31 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
|
||||
switch (q_u->info_class) {
|
||||
case 0x02:
|
||||
{
|
||||
unsigned int i;
|
||||
|
||||
uint32 policy_def = LSA_AUDIT_POLICY_ALL;
|
||||
|
||||
/* check if the user have enough rights */
|
||||
if (!(handle->access & POLICY_VIEW_AUDIT_INFORMATION))
|
||||
if (!(handle->access & POLICY_VIEW_AUDIT_INFORMATION)) {
|
||||
DEBUG(10,("_lsa_query_info: insufficient access rights\n"));
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
/* fake info: We audit everything. ;) */
|
||||
info->id2.auditing_enabled = 1;
|
||||
info->id2.count1 = 7;
|
||||
info->id2.count2 = 7;
|
||||
if ((info->id2.auditsettings = TALLOC_ARRAY(p->mem_ctx,uint32, 7)) == NULL)
|
||||
ctr->info.id2.ptr = 1;
|
||||
ctr->info.id2.auditing_enabled = True;
|
||||
ctr->info.id2.count1 = ctr->info.id2.count2 = LSA_AUDIT_NUM_CATEGORIES;
|
||||
|
||||
if ((ctr->info.id2.auditsettings = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, LSA_AUDIT_NUM_CATEGORIES)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
for (i = 0; i < 7; i++)
|
||||
info->id2.auditsettings[i] = 3;
|
||||
|
||||
ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT] = policy_def;
|
||||
ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS] = policy_def;
|
||||
ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_LOGON] = policy_def;
|
||||
ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_PROCCESS_TRACKING] = policy_def;
|
||||
ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES] = policy_def;
|
||||
ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_SYSTEM] = policy_def;
|
||||
ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS] = policy_def;
|
||||
|
||||
break;
|
||||
}
|
||||
case 0x03:
|
||||
@ -733,7 +754,7 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
|
||||
default:
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
init_dom_query(&r_u->dom.id3, name, sid);
|
||||
init_dom_query_3(&r_u->ctr.info.id3, name, sid);
|
||||
break;
|
||||
case 0x05:
|
||||
/* check if the user have enough rights */
|
||||
@ -743,7 +764,7 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
|
||||
/* Request PolicyAccountDomainInformation. */
|
||||
name = get_global_sam_name();
|
||||
sid = get_global_sam_sid();
|
||||
init_dom_query(&r_u->dom.id5, name, sid);
|
||||
init_dom_query_5(&r_u->ctr.info.id5, name, sid);
|
||||
break;
|
||||
case 0x06:
|
||||
/* check if the user have enough rights */
|
||||
@ -756,14 +777,14 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
|
||||
* only a BDC is a backup controller
|
||||
* of the domain, it controls.
|
||||
*/
|
||||
info->id6.server_role = 2;
|
||||
ctr->info.id6.server_role = 2;
|
||||
break;
|
||||
default:
|
||||
/*
|
||||
* any other role is a primary
|
||||
* of the domain, it controls.
|
||||
*/
|
||||
info->id6.server_role = 3;
|
||||
ctr->info.id6.server_role = 3;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
@ -774,8 +795,8 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
|
||||
}
|
||||
|
||||
if (NT_STATUS_IS_OK(r_u->status)) {
|
||||
r_u->undoc_buffer = 0x22000000; /* bizarre */
|
||||
r_u->info_class = q_u->info_class;
|
||||
r_u->dom_ptr = 0x22000000; /* bizarre */
|
||||
ctr->info_class = q_u->info_class;
|
||||
}
|
||||
|
||||
return r_u->status;
|
||||
|
@ -59,8 +59,109 @@ done:
|
||||
return result;
|
||||
}
|
||||
|
||||
static void display_query_info_1(DOM_QUERY_1 d)
|
||||
{
|
||||
d_printf("percent_full:\t%d\n", d.percent_full);
|
||||
d_printf("log_size:\t%d\n", d.log_size);
|
||||
d_printf("retention_time:\t%08x %08x\n", d.retention_time.high, d.retention_time.low);
|
||||
d_printf("shutdown_in_progress:\t%d\n", d.shutdown_in_progress);
|
||||
d_printf("time_to_shutdown:\t%08x %08x\n", d.time_to_shutdown.high, d.time_to_shutdown.low);
|
||||
d_printf("next_audit_record:\t%d\n", d.next_audit_record);
|
||||
d_printf("unknown:\t%d\n", d.unknown);
|
||||
}
|
||||
|
||||
/* Look up domain related information on a remote host */
|
||||
static void display_query_info_2(DOM_QUERY_2 d, TALLOC_CTX *mem_ctx)
|
||||
{
|
||||
int i;
|
||||
d_printf("Auditing enabled:\t%d\n", d.auditing_enabled);
|
||||
d_printf("Auditing categories:\t%d\n", d.count1);
|
||||
d_printf("Auditsettings:\n");
|
||||
for (i=0; i<d.count1; i++) {
|
||||
const char *val = audit_policy_str(mem_ctx, d.auditsettings[i]);
|
||||
const char *policy = audit_description_str(i);
|
||||
d_printf("%s:\t%s\n", policy, val);
|
||||
}
|
||||
}
|
||||
|
||||
static void display_query_info_3(DOM_QUERY_3 d)
|
||||
{
|
||||
fstring name;
|
||||
|
||||
unistr2_to_ascii(name, &d.uni_domain_name, d.uni_dom_max_len);
|
||||
|
||||
d_printf("Domain Name: %s\n", name);
|
||||
d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
|
||||
}
|
||||
|
||||
static void display_query_info_5(DOM_QUERY_5 d)
|
||||
{
|
||||
fstring name;
|
||||
|
||||
unistr2_to_ascii(name, &d.uni_domain_name, d.uni_dom_max_len);
|
||||
|
||||
d_printf("Domain Name: %s\n", name);
|
||||
d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
|
||||
}
|
||||
|
||||
static void display_query_info_10(DOM_QUERY_10 d)
|
||||
{
|
||||
d_printf("Shutdown on full: %d\n", d.shutdown_on_full);
|
||||
}
|
||||
|
||||
static void display_query_info_11(DOM_QUERY_11 d)
|
||||
{
|
||||
d_printf("Shutdown on full: %d\n", d.shutdown_on_full);
|
||||
d_printf("Log is full: %d\n", d.log_is_full);
|
||||
d_printf("Unknown: %d\n", d.unknown);
|
||||
}
|
||||
|
||||
static void display_query_info_12(DOM_QUERY_12 d)
|
||||
{
|
||||
fstring dom_name, dns_dom_name, forest_name;
|
||||
|
||||
unistr2_to_ascii(dom_name, &d.uni_nb_dom_name, d.hdr_nb_dom_name.uni_max_len);
|
||||
unistr2_to_ascii(dns_dom_name, &d.uni_dns_dom_name, d.hdr_dns_dom_name.uni_max_len);
|
||||
unistr2_to_ascii(forest_name, &d.uni_forest_name, d.hdr_forest_name.uni_max_len);
|
||||
|
||||
d_printf("Domain NetBios Name: %s\n", dom_name);
|
||||
d_printf("Domain DNS Name: %s\n", dns_dom_name);
|
||||
d_printf("Domain Forest Name: %s\n", forest_name);
|
||||
d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
|
||||
d_printf("Domain GUID: %s\n", smb_uuid_string_static(d.dom_guid));
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
static void display_lsa_query_info(LSA_INFO_CTR *dom, TALLOC_CTX *mem_ctx)
|
||||
{
|
||||
switch (dom->info_class) {
|
||||
case 1:
|
||||
display_query_info_1(dom->info.id1);
|
||||
break;
|
||||
case 2:
|
||||
display_query_info_2(dom->info.id2, mem_ctx);
|
||||
break;
|
||||
case 3:
|
||||
display_query_info_3(dom->info.id3);
|
||||
break;
|
||||
case 5:
|
||||
display_query_info_5(dom->info.id5);
|
||||
break;
|
||||
case 10:
|
||||
display_query_info_10(dom->info.id10);
|
||||
break;
|
||||
case 11:
|
||||
display_query_info_11(dom->info.id11);
|
||||
break;
|
||||
case 12:
|
||||
display_query_info_12(dom->info.id12);
|
||||
break;
|
||||
default:
|
||||
printf("can't display info level: %d\n", dom->info_class);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
|
||||
TALLOC_CTX *mem_ctx, int argc,
|
||||
@ -68,11 +169,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
|
||||
{
|
||||
POLICY_HND pol;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
DOM_SID *dom_sid = NULL;
|
||||
struct uuid *dom_guid;
|
||||
char *domain_name = NULL;
|
||||
char *dns_name = NULL;
|
||||
char *forest_name = NULL;
|
||||
LSA_INFO_CTR dom;
|
||||
|
||||
uint32 info_class = 3;
|
||||
|
||||
@ -83,56 +180,33 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
|
||||
|
||||
if (argc == 2)
|
||||
info_class = atoi(argv[1]);
|
||||
|
||||
/* Lookup info policy */
|
||||
|
||||
switch (info_class) {
|
||||
case 12:
|
||||
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
|
||||
SEC_RIGHTS_MAXIMUM_ALLOWED,
|
||||
&pol);
|
||||
SEC_RIGHTS_MAXIMUM_ALLOWED,
|
||||
&pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
result = rpccli_lsa_query_info_policy2(cli, mem_ctx, &pol,
|
||||
info_class, &domain_name,
|
||||
&dns_name, &forest_name,
|
||||
&dom_guid, &dom_sid);
|
||||
|
||||
result = rpccli_lsa_query_info_policy2_new(cli, mem_ctx, &pol,
|
||||
info_class, &dom);
|
||||
break;
|
||||
default:
|
||||
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
|
||||
SEC_RIGHTS_MAXIMUM_ALLOWED,
|
||||
&pol);
|
||||
SEC_RIGHTS_MAXIMUM_ALLOWED,
|
||||
&pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
result = rpccli_lsa_query_info_policy(cli, mem_ctx, &pol,
|
||||
info_class, &domain_name,
|
||||
&dom_sid);
|
||||
|
||||
result = rpccli_lsa_query_info_policy_new(cli, mem_ctx, &pol,
|
||||
info_class, &dom);
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
|
||||
if (domain_name) {
|
||||
if (dom_sid == NULL) {
|
||||
printf("got no sid for domain %s\n", domain_name);
|
||||
} else {
|
||||
printf("domain %s has sid %s\n", domain_name,
|
||||
sid_string_static(dom_sid));
|
||||
}
|
||||
} else {
|
||||
printf("could not query info for level %d\n", info_class);
|
||||
}
|
||||
|
||||
if (dns_name)
|
||||
printf("domain dns name is %s\n", dns_name);
|
||||
if (forest_name)
|
||||
printf("forest name is %s\n", forest_name);
|
||||
|
||||
if (info_class == 12) {
|
||||
printf("domain GUID is %s\n",
|
||||
smb_uuid_string_static(*dom_guid));
|
||||
}
|
||||
display_lsa_query_info(&dom, mem_ctx);
|
||||
|
||||
rpccli_lsa_close(cli, mem_ctx, &pol);
|
||||
|
||||
|
@ -6649,6 +6649,7 @@ int net_rpc_help(int argc, const char **argv)
|
||||
int net_rpc(int argc, const char **argv)
|
||||
{
|
||||
struct functable func[] = {
|
||||
{"audit", net_rpc_audit},
|
||||
{"info", net_rpc_info},
|
||||
{"join", net_rpc_join},
|
||||
{"oldjoin", net_rpc_oldjoin},
|
||||
|
414
source/utils/net_rpc_audit.c
Normal file
414
source/utils/net_rpc_audit.c
Normal file
@ -0,0 +1,414 @@
|
||||
/*
|
||||
Samba Unix/Linux SMB client library
|
||||
Distributed SMB/CIFS Server Management Utility
|
||||
Copyright (C) 2006 Guenther Deschner
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
|
||||
|
||||
#include "includes.h"
|
||||
#include "utils/net.h"
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static int net_help_audit(int argc, const char **argv)
|
||||
{
|
||||
d_printf("net rpc audit list View configured Auditing policies\n");
|
||||
d_printf("net rpc audit enable Enable Auditing\n");
|
||||
d_printf("net rpc audit disable Disable Auditing\n");
|
||||
d_printf("net rpc audit get <category> View configured Auditing policy setting\n");
|
||||
d_printf("net rpc audit set <category> <policy> Set Auditing policies\n\n");
|
||||
d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
|
||||
d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static void print_auditing_category(const char *policy, const char *value)
|
||||
{
|
||||
fstring padding;
|
||||
int pad_len, col_len = 30;
|
||||
|
||||
/* calculate padding space for d_printf to look nicer */
|
||||
pad_len = col_len - strlen(policy);
|
||||
padding[pad_len] = 0;
|
||||
do padding[--pad_len] = ' '; while (pad_len > 0);
|
||||
|
||||
d_printf("\t%s%s%s\n", policy, padding, value);
|
||||
}
|
||||
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
|
||||
const char *domain_name,
|
||||
struct cli_state *cli,
|
||||
struct rpc_pipe_client *pipe_hnd,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
int argc,
|
||||
const char **argv)
|
||||
{
|
||||
POLICY_HND pol;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
LSA_INFO_CTR dom;
|
||||
int i;
|
||||
|
||||
uint32 info_class = 2;
|
||||
uint32 audit_category;
|
||||
|
||||
if (argc < 1 || argc > 2) {
|
||||
d_printf("insufficient arguments\n");
|
||||
net_help_audit(argc, argv);
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if (!get_audit_category_from_param(argv[0], &audit_category)) {
|
||||
d_printf("invalid auditing category: %s\n", argv[0]);
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
|
||||
SEC_RIGHTS_MAXIMUM_ALLOWED,
|
||||
&pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
|
||||
info_class,
|
||||
&dom);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
for (i=0; i < dom.info.id2.count1; i++) {
|
||||
|
||||
const char *val = NULL, *policy = NULL;
|
||||
|
||||
if (i != audit_category) {
|
||||
continue;
|
||||
}
|
||||
|
||||
val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
|
||||
policy = audit_description_str(i);
|
||||
print_auditing_category(policy, val);
|
||||
}
|
||||
|
||||
done:
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
d_printf("failed to get auditing policy: %s\n", nt_errstr(result));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
|
||||
const char *domain_name,
|
||||
struct cli_state *cli,
|
||||
struct rpc_pipe_client *pipe_hnd,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
int argc,
|
||||
const char **argv)
|
||||
{
|
||||
POLICY_HND pol;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
LSA_INFO_CTR dom;
|
||||
|
||||
uint32 info_class = 2;
|
||||
uint32 audit_policy, audit_category;
|
||||
|
||||
if (argc < 2 || argc > 3) {
|
||||
d_printf("insufficient arguments\n");
|
||||
net_help_audit(argc, argv);
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if (!get_audit_category_from_param(argv[0], &audit_category)) {
|
||||
d_printf("invalid auditing category: %s\n", argv[0]);
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
audit_policy = LSA_AUDIT_POLICY_CLEAR;
|
||||
|
||||
if (strequal(argv[1], "Success")) {
|
||||
audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
|
||||
} else if (strequal(argv[1], "Failure")) {
|
||||
audit_policy |= LSA_AUDIT_POLICY_FAILURE;
|
||||
} else if (strequal(argv[1], "All")) {
|
||||
audit_policy |= LSA_AUDIT_POLICY_ALL;
|
||||
} else if (strequal(argv[1], "None")) {
|
||||
audit_policy = LSA_AUDIT_POLICY_CLEAR;
|
||||
} else {
|
||||
d_printf("invalid auditing policy: %s\n", argv[1]);
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
|
||||
SEC_RIGHTS_MAXIMUM_ALLOWED,
|
||||
&pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
|
||||
info_class,
|
||||
&dom);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
dom.info.id2.auditsettings[audit_category] = audit_policy;
|
||||
|
||||
result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol,
|
||||
info_class,
|
||||
dom);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
|
||||
info_class,
|
||||
&dom);
|
||||
|
||||
{
|
||||
const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[audit_category]);
|
||||
const char *policy = audit_description_str(audit_category);
|
||||
print_auditing_category(policy, val);
|
||||
}
|
||||
|
||||
done:
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
d_printf("failed to set audit policy: %s\n", nt_errstr(result));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
int argc,
|
||||
const char **argv,
|
||||
BOOL enable)
|
||||
{
|
||||
POLICY_HND pol;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
LSA_INFO_CTR dom;
|
||||
|
||||
uint32 info_class = 2;
|
||||
|
||||
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
|
||||
SEC_RIGHTS_MAXIMUM_ALLOWED,
|
||||
&pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
|
||||
info_class,
|
||||
&dom);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
dom.info.id2.auditing_enabled = enable;
|
||||
|
||||
result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol,
|
||||
info_class,
|
||||
dom);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
done:
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
d_printf("failed to %s audit policy: %s\n", enable ? "enable":"disable",
|
||||
nt_errstr(result));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static NTSTATUS rpc_audit_disable_internal(const DOM_SID *domain_sid,
|
||||
const char *domain_name,
|
||||
struct cli_state *cli,
|
||||
struct rpc_pipe_client *pipe_hnd,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
int argc,
|
||||
const char **argv)
|
||||
{
|
||||
return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, False);
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static NTSTATUS rpc_audit_enable_internal(const DOM_SID *domain_sid,
|
||||
const char *domain_name,
|
||||
struct cli_state *cli,
|
||||
struct rpc_pipe_client *pipe_hnd,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
int argc,
|
||||
const char **argv)
|
||||
{
|
||||
return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, True);
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
|
||||
const char *domain_name,
|
||||
struct cli_state *cli,
|
||||
struct rpc_pipe_client *pipe_hnd,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
int argc,
|
||||
const char **argv)
|
||||
{
|
||||
POLICY_HND pol;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
LSA_INFO_CTR dom;
|
||||
int i;
|
||||
|
||||
uint32 info_class = 2;
|
||||
|
||||
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
|
||||
SEC_RIGHTS_MAXIMUM_ALLOWED,
|
||||
&pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
|
||||
info_class,
|
||||
&dom);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
printf("Auditing:\t\t");
|
||||
switch (dom.info.id2.auditing_enabled) {
|
||||
case True:
|
||||
printf("Enabled");
|
||||
break;
|
||||
case False:
|
||||
printf("Disabled");
|
||||
break;
|
||||
default:
|
||||
printf("unknown (%d)", dom.info.id2.auditing_enabled);
|
||||
break;
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
printf("Auditing categories:\t%d\n", dom.info.id2.count1);
|
||||
printf("Auditing settings:\n");
|
||||
|
||||
for (i=0; i < dom.info.id2.count1; i++) {
|
||||
const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
|
||||
const char *policy = audit_description_str(i);
|
||||
print_auditing_category(policy, val);
|
||||
}
|
||||
|
||||
done:
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
d_printf("failed to list auditing policies: %s\n", nt_errstr(result));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static int rpc_audit_get(int argc, const char **argv)
|
||||
{
|
||||
return run_rpc_command(NULL, PI_LSARPC, 0,
|
||||
rpc_audit_get_internal, argc, argv);
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static int rpc_audit_set(int argc, const char **argv)
|
||||
{
|
||||
return run_rpc_command(NULL, PI_LSARPC, 0,
|
||||
rpc_audit_set_internal, argc, argv);
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static int rpc_audit_enable(int argc, const char **argv)
|
||||
{
|
||||
return run_rpc_command(NULL, PI_LSARPC, 0,
|
||||
rpc_audit_enable_internal, argc, argv);
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static int rpc_audit_disable(int argc, const char **argv)
|
||||
{
|
||||
return run_rpc_command(NULL, PI_LSARPC, 0,
|
||||
rpc_audit_disable_internal, argc, argv);
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
static int rpc_audit_list(int argc, const char **argv)
|
||||
{
|
||||
return run_rpc_command(NULL, PI_LSARPC, 0,
|
||||
rpc_audit_list_internal, argc, argv);
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
********************************************************************/
|
||||
|
||||
int net_rpc_audit(int argc, const char **argv)
|
||||
{
|
||||
struct functable func[] = {
|
||||
{"get", rpc_audit_get},
|
||||
{"set", rpc_audit_set},
|
||||
{"enable", rpc_audit_enable},
|
||||
{"disable", rpc_audit_disable},
|
||||
{"list", rpc_audit_list},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
if (argc)
|
||||
return net_run_function(argc, argv, func, net_help_audit);
|
||||
|
||||
return net_help_audit(argc, argv);
|
||||
}
|
Loading…
Reference in New Issue
Block a user