Add my copyright.
[samba.git] / source3 / utils / net_rpc_audit.c
1 /*
2    Samba Unix/Linux SMB client library
3    Distributed SMB/CIFS Server Management Utility
4    Copyright (C) 2006,2008 Guenther Deschner
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
18
19 #include "includes.h"
20 #include "utils/net.h"
21
22 /********************************************************************
23 ********************************************************************/
24
25 static int net_help_audit(int argc, const char **argv)
26 {
27         d_printf("net rpc audit list                       View configured Auditing policies\n");
28         d_printf("net rpc audit enable                     Enable Auditing\n");
29         d_printf("net rpc audit disable                    Disable Auditing\n");
30         d_printf("net rpc audit get <category>             View configured Auditing policy setting\n");
31         d_printf("net rpc audit set <category> <policy>    Set Auditing policies\n\n");
32         d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
33         d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
34
35         return -1;
36 }
37
38 /********************************************************************
39 ********************************************************************/
40
41 static void print_auditing_category(const char *policy, const char *value)
42 {
43         fstring padding;
44         int pad_len, col_len = 30;
45
46         if (policy == NULL) {
47                 policy = "Unknown";
48         }
49         if (value == NULL) {
50                 value = "Invalid";
51         }
52
53         /* calculate padding space for d_printf to look nicer */
54         pad_len = col_len - strlen(policy);
55         padding[pad_len] = 0;
56         do padding[--pad_len] = ' '; while (pad_len > 0);
57
58         d_printf("\t%s%s%s\n", policy, padding, value);
59 }
60
61 /********************************************************************
62 ********************************************************************/
63
64 static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
65                                        const char *domain_name,
66                                        struct cli_state *cli,
67                                        struct rpc_pipe_client *pipe_hnd,
68                                        TALLOC_CTX *mem_ctx,
69                                        int argc,
70                                        const char **argv)
71 {
72         POLICY_HND pol;
73         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
74         union lsa_PolicyInformation *info = NULL;
75         int i;
76         uint32_t audit_category;
77
78         if (argc < 1 || argc > 2) {
79                 d_printf("insufficient arguments\n");
80                 net_help_audit(argc, argv);
81                 return NT_STATUS_INVALID_PARAMETER;
82         }
83
84         if (!get_audit_category_from_param(argv[0], &audit_category)) {
85                 d_printf("invalid auditing category: %s\n", argv[0]);
86                 return NT_STATUS_INVALID_PARAMETER;
87         }
88
89         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
90                                         SEC_RIGHTS_MAXIMUM_ALLOWED,
91                                         &pol);
92
93         if (!NT_STATUS_IS_OK(result)) {
94                 goto done;
95         }
96
97         result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
98                                             &pol,
99                                             LSA_POLICY_INFO_AUDIT_EVENTS,
100                                             &info);
101
102         if (!NT_STATUS_IS_OK(result)) {
103                 goto done;
104         }
105
106         for (i=0; i < info->audit_events.count; i++) {
107
108                 const char *val = NULL, *policy = NULL;
109
110                 if (i != audit_category) {
111                         continue;
112                 }
113
114                 val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
115                 policy = audit_description_str(i);
116                 print_auditing_category(policy, val);
117         }
118
119  done:
120         if (!NT_STATUS_IS_OK(result)) {
121                 d_printf("failed to get auditing policy: %s\n",
122                         nt_errstr(result));
123         }
124
125         return result;
126 }
127
128 /********************************************************************
129 ********************************************************************/
130
131 static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
132                                        const char *domain_name,
133                                        struct cli_state *cli,
134                                        struct rpc_pipe_client *pipe_hnd,
135                                        TALLOC_CTX *mem_ctx,
136                                        int argc,
137                                        const char **argv)
138 {
139         POLICY_HND pol;
140         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
141         union lsa_PolicyInformation *info = NULL;
142         uint32_t audit_policy, audit_category;
143
144         if (argc < 2 || argc > 3) {
145                 d_printf("insufficient arguments\n");
146                 net_help_audit(argc, argv);
147                 return NT_STATUS_INVALID_PARAMETER;
148         }
149
150         if (!get_audit_category_from_param(argv[0], &audit_category)) {
151                 d_printf("invalid auditing category: %s\n", argv[0]);
152                 return NT_STATUS_INVALID_PARAMETER;
153         }
154
155         audit_policy = LSA_AUDIT_POLICY_CLEAR;
156
157         if (strequal(argv[1], "Success")) {
158                 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
159         } else if (strequal(argv[1], "Failure")) {
160                 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
161         } else if (strequal(argv[1], "All")) {
162                 audit_policy |= LSA_AUDIT_POLICY_ALL;
163         } else if (strequal(argv[1], "None")) {
164                 audit_policy = LSA_AUDIT_POLICY_CLEAR;
165         } else {
166                 d_printf("invalid auditing policy: %s\n", argv[1]);
167                 return NT_STATUS_INVALID_PARAMETER;
168         }
169
170         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
171                                         SEC_RIGHTS_MAXIMUM_ALLOWED,
172                                         &pol);
173
174         if (!NT_STATUS_IS_OK(result)) {
175                 goto done;
176         }
177
178         result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
179                                             &pol,
180                                             LSA_POLICY_INFO_AUDIT_EVENTS,
181                                             &info);
182
183         if (!NT_STATUS_IS_OK(result)) {
184                 goto done;
185         }
186
187         info->audit_events.settings[audit_category] = audit_policy;
188
189         result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
190                                           &pol,
191                                           LSA_POLICY_INFO_AUDIT_EVENTS,
192                                           info);
193
194         if (!NT_STATUS_IS_OK(result)) {
195                 goto done;
196         }
197
198         result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
199                                             &pol,
200                                             LSA_POLICY_INFO_AUDIT_EVENTS,
201                                             &info);
202         {
203                 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
204                 const char *policy = audit_description_str(audit_category);
205                 print_auditing_category(policy, val);
206         }
207
208  done:
209         if (!NT_STATUS_IS_OK(result)) {
210                 d_printf("failed to set audit policy: %s\n", nt_errstr(result));
211         }
212
213         return result;
214 }
215
216 /********************************************************************
217 ********************************************************************/
218
219 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
220                                               TALLOC_CTX *mem_ctx,
221                                               int argc,
222                                               const char **argv,
223                                               bool enable)
224 {
225         POLICY_HND pol;
226         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
227         union lsa_PolicyInformation *info = NULL;
228
229         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
230                                         SEC_RIGHTS_MAXIMUM_ALLOWED,
231                                         &pol);
232
233         if (!NT_STATUS_IS_OK(result)) {
234                 goto done;
235         }
236
237         result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
238                                             &pol,
239                                             LSA_POLICY_INFO_AUDIT_EVENTS,
240                                             &info);
241         if (!NT_STATUS_IS_OK(result)) {
242                 goto done;
243         }
244
245         info->audit_events.auditing_mode = enable;
246
247         result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
248                                           &pol,
249                                           LSA_POLICY_INFO_AUDIT_EVENTS,
250                                           info);
251
252         if (!NT_STATUS_IS_OK(result)) {
253                 goto done;
254         }
255
256  done:
257         if (!NT_STATUS_IS_OK(result)) {
258                 d_printf("failed to %s audit policy: %s\n",
259                         enable ? "enable":"disable", nt_errstr(result));
260         }
261
262         return result;
263 }
264
265 /********************************************************************
266 ********************************************************************/
267
268 static NTSTATUS rpc_audit_disable_internal(const DOM_SID *domain_sid,
269                                            const char *domain_name,
270                                            struct cli_state *cli,
271                                            struct rpc_pipe_client *pipe_hnd,
272                                            TALLOC_CTX *mem_ctx,
273                                            int argc,
274                                            const char **argv)
275 {
276         return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
277                                              false);
278 }
279
280 /********************************************************************
281 ********************************************************************/
282
283 static NTSTATUS rpc_audit_enable_internal(const DOM_SID *domain_sid,
284                                           const char *domain_name,
285                                           struct cli_state *cli,
286                                           struct rpc_pipe_client *pipe_hnd,
287                                           TALLOC_CTX *mem_ctx,
288                                           int argc,
289                                           const char **argv)
290 {
291         return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv,
292                                              true);
293 }
294
295 /********************************************************************
296 ********************************************************************/
297
298 static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
299                                         const char *domain_name,
300                                         struct cli_state *cli,
301                                         struct rpc_pipe_client *pipe_hnd,
302                                         TALLOC_CTX *mem_ctx,
303                                         int argc,
304                                         const char **argv)
305 {
306         POLICY_HND pol;
307         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
308         union lsa_PolicyInformation *info = NULL;
309         int i;
310
311         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
312                                         SEC_RIGHTS_MAXIMUM_ALLOWED,
313                                         &pol);
314
315         if (!NT_STATUS_IS_OK(result)) {
316                 goto done;
317         }
318
319         result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
320                                             &pol,
321                                             LSA_POLICY_INFO_AUDIT_EVENTS,
322                                             &info);
323         if (!NT_STATUS_IS_OK(result)) {
324                 goto done;
325         }
326
327         printf("Auditing:\t\t");
328         switch (info->audit_events.auditing_mode) {
329                 case true:
330                         printf("Enabled");
331                         break;
332                 case false:
333                         printf("Disabled");
334                         break;
335                 default:
336                         printf("unknown (%d)", info->audit_events.auditing_mode);
337                         break;
338         }
339         printf("\n");
340
341         printf("Auditing categories:\t%d\n", info->audit_events.count);
342         printf("Auditing settings:\n");
343
344         for (i=0; i < info->audit_events.count; i++) {
345                 const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
346                 const char *policy = audit_description_str(i);
347                 print_auditing_category(policy, val);
348         }
349
350  done:
351         if (!NT_STATUS_IS_OK(result)) {
352                 d_printf("failed to list auditing policies: %s\n",
353                         nt_errstr(result));
354         }
355
356         return result;
357 }
358
359 /********************************************************************
360 ********************************************************************/
361
362 static int rpc_audit_get(int argc, const char **argv)
363 {
364         return run_rpc_command(NULL, PI_LSARPC, 0,
365                 rpc_audit_get_internal, argc, argv);
366 }
367
368 /********************************************************************
369 ********************************************************************/
370
371 static int rpc_audit_set(int argc, const char **argv)
372 {
373         return run_rpc_command(NULL, PI_LSARPC, 0,
374                 rpc_audit_set_internal, argc, argv);
375 }
376
377 /********************************************************************
378 ********************************************************************/
379
380 static int rpc_audit_enable(int argc, const char **argv)
381 {
382         return run_rpc_command(NULL, PI_LSARPC, 0,
383                 rpc_audit_enable_internal, argc, argv);
384 }
385
386 /********************************************************************
387 ********************************************************************/
388
389 static int rpc_audit_disable(int argc, const char **argv)
390 {
391         return run_rpc_command(NULL, PI_LSARPC, 0,
392                 rpc_audit_disable_internal, argc, argv);
393 }
394
395 /********************************************************************
396 ********************************************************************/
397
398 static int rpc_audit_list(int argc, const char **argv)
399 {
400         return run_rpc_command(NULL, PI_LSARPC, 0,
401                 rpc_audit_list_internal, argc, argv);
402 }
403
404 /********************************************************************
405 ********************************************************************/
406
407 int net_rpc_audit(int argc, const char **argv)
408 {
409         struct functable func[] = {
410                 {"get", rpc_audit_get},
411                 {"set", rpc_audit_set},
412                 {"enable", rpc_audit_enable},
413                 {"disable", rpc_audit_disable},
414                 {"list", rpc_audit_list},
415                 {NULL, NULL}
416         };
417
418         if (argc)
419                 return net_run_function(argc, argv, func, net_help_audit);
420
421         return net_help_audit(argc, argv);
422 }