s3-rpc_client: add and use rpc_client/rpc_client.h.
[samba.git] / source3 / utils / net_rpc_audit.c
1 /*
2    Samba Unix/Linux SMB client library
3    Distributed SMB/CIFS Server Management Utility
4    Copyright (C) 2006,2008 Guenther Deschner
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
18
19 #include "includes.h"
20 #include "utils/net.h"
21 #include "rpc_client/rpc_client.h"
22 #include "../librpc/gen_ndr/ndr_lsa_c.h"
23 #include "rpc_client/cli_lsarpc.h"
24
25 /********************************************************************
26 ********************************************************************/
27
28 static int net_help_audit(struct net_context *c, int argc, const char **argv)
29 {
30         d_printf(_("net rpc audit list                       View configured Auditing policies\n"));
31         d_printf(_("net rpc audit enable                     Enable Auditing\n"));
32         d_printf(_("net rpc audit disable                    Disable Auditing\n"));
33         d_printf(_("net rpc audit get <category>             View configured Auditing policy setting\n"));
34         d_printf(_("net rpc audit set <category> <policy>    Set Auditing policies\n\n"));
35         d_printf(_("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n"));
36         d_printf(_("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n"));
37
38         return -1;
39 }
40
41 /********************************************************************
42 ********************************************************************/
43
44 static void print_auditing_category(const char *policy, const char *value)
45 {
46         if (policy == NULL) {
47                 policy = N_("Unknown");
48         }
49         if (value == NULL) {
50                 value = N_("Invalid");
51         }
52
53         d_printf(_("\t%-30s%s\n"), policy, value);
54 }
55
56 /********************************************************************
57 ********************************************************************/
58
59 static NTSTATUS rpc_audit_get_internal(struct net_context *c,
60                                        const struct dom_sid *domain_sid,
61                                        const char *domain_name,
62                                        struct cli_state *cli,
63                                        struct rpc_pipe_client *pipe_hnd,
64                                        TALLOC_CTX *mem_ctx,
65                                        int argc,
66                                        const char **argv)
67 {
68         struct policy_handle pol;
69         NTSTATUS status, result;
70         union lsa_PolicyInformation *info = NULL;
71         int i;
72         uint32_t audit_category;
73         struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
74
75         if (argc < 1 || argc > 2) {
76                 d_printf(_("insufficient arguments\n"));
77                 net_help_audit(c, argc, argv);
78                 return NT_STATUS_INVALID_PARAMETER;
79         }
80
81         if (!get_audit_category_from_param(argv[0], &audit_category)) {
82                 d_printf(_("invalid auditing category: %s\n"), argv[0]);
83                 return NT_STATUS_INVALID_PARAMETER;
84         }
85
86         status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
87                                         SEC_FLAG_MAXIMUM_ALLOWED,
88                                         &pol);
89
90         if (!NT_STATUS_IS_OK(status)) {
91                 goto done;
92         }
93
94         status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
95                                             &pol,
96                                             LSA_POLICY_INFO_AUDIT_EVENTS,
97                                             &info,
98                                             &result);
99         if (!NT_STATUS_IS_OK(status)) {
100                 goto done;
101         }
102         if (!NT_STATUS_IS_OK(result)) {
103                 status = result;
104                 goto done;
105         }
106
107         for (i=0; i < info->audit_events.count; i++) {
108
109                 const char *val = NULL, *policy = NULL;
110
111                 if (i != audit_category) {
112                         continue;
113                 }
114
115                 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
116                 policy = audit_description_str(i);
117                 print_auditing_category(policy, val);
118         }
119
120  done:
121         if (!NT_STATUS_IS_OK(status)) {
122                 d_printf(_("failed to get auditing policy: %s\n"),
123                         nt_errstr(status));
124         }
125
126         return status;
127 }
128
129 /********************************************************************
130 ********************************************************************/
131
132 static NTSTATUS rpc_audit_set_internal(struct net_context *c,
133                                        const struct dom_sid *domain_sid,
134                                        const char *domain_name,
135                                        struct cli_state *cli,
136                                        struct rpc_pipe_client *pipe_hnd,
137                                        TALLOC_CTX *mem_ctx,
138                                        int argc,
139                                        const char **argv)
140 {
141         struct policy_handle pol;
142         NTSTATUS status, result;
143         union lsa_PolicyInformation *info = NULL;
144         uint32_t audit_policy, audit_category;
145         struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
146
147         if (argc < 2 || argc > 3) {
148                 d_printf(_("insufficient arguments\n"));
149                 net_help_audit(c, argc, argv);
150                 return NT_STATUS_INVALID_PARAMETER;
151         }
152
153         if (!get_audit_category_from_param(argv[0], &audit_category)) {
154                 d_printf(_("invalid auditing category: %s\n"), argv[0]);
155                 return NT_STATUS_INVALID_PARAMETER;
156         }
157
158         audit_policy = LSA_AUDIT_POLICY_CLEAR;
159
160         if (strequal(argv[1], "Success")) {
161                 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
162         } else if (strequal(argv[1], "Failure")) {
163                 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
164         } else if (strequal(argv[1], "All")) {
165                 audit_policy |= LSA_AUDIT_POLICY_ALL;
166         } else if (strequal(argv[1], "None")) {
167                 audit_policy = LSA_AUDIT_POLICY_CLEAR;
168         } else {
169                 d_printf(_("invalid auditing policy: %s\n"), argv[1]);
170                 return NT_STATUS_INVALID_PARAMETER;
171         }
172
173         status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
174                                         SEC_FLAG_MAXIMUM_ALLOWED,
175                                         &pol);
176
177         if (!NT_STATUS_IS_OK(status)) {
178                 goto done;
179         }
180
181         status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
182                                             &pol,
183                                             LSA_POLICY_INFO_AUDIT_EVENTS,
184                                             &info,
185                                             &result);
186         if (!NT_STATUS_IS_OK(status)) {
187                 goto done;
188         }
189         if (!NT_STATUS_IS_OK(result)) {
190                 status = result;
191                 goto done;
192         }
193
194         info->audit_events.settings[audit_category] = audit_policy;
195
196         status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
197                                           &pol,
198                                           LSA_POLICY_INFO_AUDIT_EVENTS,
199                                           info,
200                                           &result);
201         if (!NT_STATUS_IS_OK(status)) {
202                 goto done;
203         }
204         if (!NT_STATUS_IS_OK(result)) {
205                 status = result;
206                 goto done;
207         }
208
209         status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
210                                             &pol,
211                                             LSA_POLICY_INFO_AUDIT_EVENTS,
212                                             &info,
213                                             &result);
214         if (!NT_STATUS_IS_OK(status)) {
215                 goto done;
216         }
217
218         status = result;
219
220         {
221                 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
222                 const char *policy = audit_description_str(audit_category);
223                 print_auditing_category(policy, val);
224         }
225
226  done:
227         if (!NT_STATUS_IS_OK(status)) {
228                 d_printf(_("failed to set audit policy: %s\n"),
229                          nt_errstr(status));
230         }
231
232         return status;
233 }
234
235 /********************************************************************
236 ********************************************************************/
237
238 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
239                                               TALLOC_CTX *mem_ctx,
240                                               int argc,
241                                               const char **argv,
242                                               bool enable)
243 {
244         struct policy_handle pol;
245         NTSTATUS status, result;
246         union lsa_PolicyInformation *info = NULL;
247         struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
248
249         status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
250                                         SEC_FLAG_MAXIMUM_ALLOWED,
251                                         &pol);
252
253         if (!NT_STATUS_IS_OK(status)) {
254                 goto done;
255         }
256
257         status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
258                                             &pol,
259                                             LSA_POLICY_INFO_AUDIT_EVENTS,
260                                             &info,
261                                             &result);
262         if (!NT_STATUS_IS_OK(status)) {
263                 goto done;
264         }
265         if (!NT_STATUS_IS_OK(result)) {
266                 status = result;
267                 goto done;
268         }
269
270         info->audit_events.auditing_mode = enable;
271
272         status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
273                                           &pol,
274                                           LSA_POLICY_INFO_AUDIT_EVENTS,
275                                           info,
276                                           &result);
277         if (!NT_STATUS_IS_OK(status)) {
278                 goto done;
279         }
280         if (!NT_STATUS_IS_OK(result)) {
281                 status = result;
282                 goto done;
283         }
284
285  done:
286         if (!NT_STATUS_IS_OK(status)) {
287                 d_printf(_("%s: %s\n"),
288                         enable ? _("failed to enable audit policy"):
289                                  _("failed to disable audit policy"),
290                         nt_errstr(status));
291         }
292
293         return status;
294 }
295
296 /********************************************************************
297 ********************************************************************/
298
299 static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
300                                            const struct dom_sid *domain_sid,
301                                            const char *domain_name,
302                                            struct cli_state *cli,
303                                            struct rpc_pipe_client *pipe_hnd,
304                                            TALLOC_CTX *mem_ctx,
305                                            int argc,
306                                            const char **argv)
307 {
308         return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
309                                              false);
310 }
311
312 /********************************************************************
313 ********************************************************************/
314
315 static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
316                                           const struct dom_sid *domain_sid,
317                                           const char *domain_name,
318                                           struct cli_state *cli,
319                                           struct rpc_pipe_client *pipe_hnd,
320                                           TALLOC_CTX *mem_ctx,
321                                           int argc,
322                                           const char **argv)
323 {
324         return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
325                                              true);
326 }
327
328 /********************************************************************
329 ********************************************************************/
330
331 static NTSTATUS rpc_audit_list_internal(struct net_context *c,
332                                         const struct dom_sid *domain_sid,
333                                         const char *domain_name,
334                                         struct cli_state *cli,
335                                         struct rpc_pipe_client *pipe_hnd,
336                                         TALLOC_CTX *mem_ctx,
337                                         int argc,
338                                         const char **argv)
339 {
340         struct policy_handle pol;
341         NTSTATUS status, result;
342         union lsa_PolicyInformation *info = NULL;
343         int i;
344         struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
345
346         status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
347                                         SEC_FLAG_MAXIMUM_ALLOWED,
348                                         &pol);
349
350         if (!NT_STATUS_IS_OK(status)) {
351                 goto done;
352         }
353
354         status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
355                                             &pol,
356                                             LSA_POLICY_INFO_AUDIT_EVENTS,
357                                             &info,
358                                             &result);
359         if (!NT_STATUS_IS_OK(status)) {
360                 goto done;
361         }
362         if (!NT_STATUS_IS_OK(result)) {
363                 status = result;
364                 goto done;
365         }
366
367         printf(_("Auditing:\t\t"));
368         switch (info->audit_events.auditing_mode) {
369                 case true:
370                         printf(_("Enabled"));
371                         break;
372                 case false:
373                         printf(_("Disabled"));
374                         break;
375                 default:
376                         printf(_("unknown (%d)"),
377                                info->audit_events.auditing_mode);
378                         break;
379         }
380         printf("\n");
381
382         printf(_("Auditing categories:\t%d\n"), info->audit_events.count);
383         printf(_("Auditing settings:\n"));
384
385         for (i=0; i < info->audit_events.count; i++) {
386                 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
387                 const char *policy = audit_description_str(i);
388                 print_auditing_category(policy, val);
389         }
390
391  done:
392         if (!NT_STATUS_IS_OK(status)) {
393                 d_printf(_("failed to list auditing policies: %s\n"),
394                         nt_errstr(status));
395         }
396
397         return status;
398 }
399
400 /********************************************************************
401 ********************************************************************/
402
403 static int rpc_audit_get(struct net_context *c, int argc, const char **argv)
404 {
405         if (c->display_usage) {
406                 d_printf(  "%s\n"
407                            "net rpc audit get\n"
408                            "    %s\n",
409                          _("Usage:"),
410                          _("View configured audit setting"));
411                 return 0;
412         }
413
414         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
415                 rpc_audit_get_internal, argc, argv);
416 }
417
418 /********************************************************************
419 ********************************************************************/
420
421 static int rpc_audit_set(struct net_context *c, int argc, const char **argv)
422 {
423         if (c->display_usage) {
424                 d_printf(  "%s\n"
425                            "net rpc audit set\n"
426                            "    %s\n",
427                          _("Usage:"),
428                          _("Set audit policies"));
429                 return 0;
430         }
431
432         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
433                 rpc_audit_set_internal, argc, argv);
434 }
435
436 /********************************************************************
437 ********************************************************************/
438
439 static int rpc_audit_enable(struct net_context *c, int argc, const char **argv)
440 {
441         if (c->display_usage) {
442                 d_printf(  "%s\n"
443                            "net rpc audit enable\n"
444                            "    %s\n",
445                          _("Usage:"),
446                          _("Enable auditing"));
447                 return 0;
448         }
449
450         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
451                 rpc_audit_enable_internal, argc, argv);
452 }
453
454 /********************************************************************
455 ********************************************************************/
456
457 static int rpc_audit_disable(struct net_context *c, int argc, const char **argv)
458 {
459         if (c->display_usage) {
460                 d_printf(  "%s\n"
461                            "net rpc audit disable\n"
462                            "    %s\n",
463                          _("Usage:"),
464                          _("Disable auditing"));
465                 return 0;
466         }
467
468         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
469                 rpc_audit_disable_internal, argc, argv);
470 }
471
472 /********************************************************************
473 ********************************************************************/
474
475 static int rpc_audit_list(struct net_context *c, int argc, const char **argv)
476 {
477         if (c->display_usage) {
478                 d_printf( "%s\n"
479                            "net rpc audit list\n"
480                            "    %s\n",
481                          _("Usage:"),
482                          _("List auditing settings"));
483                 return 0;
484         }
485
486         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
487                 rpc_audit_list_internal, argc, argv);
488 }
489
490 /********************************************************************
491 ********************************************************************/
492
493 int net_rpc_audit(struct net_context *c, int argc, const char **argv)
494 {
495         struct functable func[] = {
496                 {
497                         "get",
498                         rpc_audit_get,
499                         NET_TRANSPORT_RPC,
500                         N_("View configured auditing settings"),
501                         N_("net rpc audit get\n"
502                            "    View configured auditing settings")
503                 },
504                 {
505                         "set",
506                         rpc_audit_set,
507                         NET_TRANSPORT_RPC,
508                         N_("Set auditing policies"),
509                         N_("net rpc audit set\n"
510                            "    Set auditing policies")
511                 },
512                 {
513                         "enable",
514                         rpc_audit_enable,
515                         NET_TRANSPORT_RPC,
516                         N_("Enable auditing"),
517                         N_("net rpc audit enable\n"
518                            "    Enable auditing")
519                 },
520                 {
521                         "disable",
522                         rpc_audit_disable,
523                         NET_TRANSPORT_RPC,
524                         N_("Disable auditing"),
525                         N_("net rpc audit disable\n"
526                            "    Disable auditing")
527                 },
528                 {
529                         "list",
530                         rpc_audit_list,
531                         NET_TRANSPORT_RPC,
532                         N_("List configured auditing settings"),
533                         N_("net rpc audit list\n"
534                            "    List configured auditing settings")
535                 },
536                 {NULL, NULL, 0, NULL, NULL}
537         };
538
539         return net_run_function(c, argc, argv, "net rpc audit", func);
540 }