2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2006 Guenther Deschner
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
20 #include "utils/net.h"
22 /********************************************************************
23 ********************************************************************/
25 static int net_help_audit(int argc, const char **argv)
27 d_printf("net rpc audit list View configured Auditing policies\n");
28 d_printf("net rpc audit enable Enable Auditing\n");
29 d_printf("net rpc audit disable Disable Auditing\n");
30 d_printf("net rpc audit get <category> View configured Auditing policy setting\n");
31 d_printf("net rpc audit set <category> <policy> Set Auditing policies\n\n");
32 d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
33 d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
38 /********************************************************************
39 ********************************************************************/
41 static void print_auditing_category(const char *policy, const char *value)
44 int pad_len, col_len = 30;
53 /* calculate padding space for d_printf to look nicer */
54 pad_len = col_len - strlen(policy);
56 do padding[--pad_len] = ' '; while (pad_len > 0);
58 d_printf("\t%s%s%s\n", policy, padding, value);
62 /********************************************************************
63 ********************************************************************/
65 static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
66 const char *domain_name,
67 struct cli_state *cli,
68 struct rpc_pipe_client *pipe_hnd,
74 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
78 uint32 info_class = 2;
79 uint32 audit_category;
81 if (argc < 1 || argc > 2) {
82 d_printf("insufficient arguments\n");
83 net_help_audit(argc, argv);
84 return NT_STATUS_INVALID_PARAMETER;
87 if (!get_audit_category_from_param(argv[0], &audit_category)) {
88 d_printf("invalid auditing category: %s\n", argv[0]);
89 return NT_STATUS_INVALID_PARAMETER;
92 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
93 SEC_RIGHTS_MAXIMUM_ALLOWED,
96 if (!NT_STATUS_IS_OK(result)) {
100 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
104 if (!NT_STATUS_IS_OK(result)) {
108 for (i=0; i < dom.info.id2.count1; i++) {
110 const char *val = NULL, *policy = NULL;
112 if (i != audit_category) {
116 val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
117 policy = audit_description_str(i);
118 print_auditing_category(policy, val);
122 if (!NT_STATUS_IS_OK(result)) {
123 d_printf("failed to get auditing policy: %s\n", nt_errstr(result));
129 /********************************************************************
130 ********************************************************************/
132 static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
133 const char *domain_name,
134 struct cli_state *cli,
135 struct rpc_pipe_client *pipe_hnd,
141 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
144 uint32 info_class = 2;
145 uint32 audit_policy, audit_category;
147 if (argc < 2 || argc > 3) {
148 d_printf("insufficient arguments\n");
149 net_help_audit(argc, argv);
150 return NT_STATUS_INVALID_PARAMETER;
153 if (!get_audit_category_from_param(argv[0], &audit_category)) {
154 d_printf("invalid auditing category: %s\n", argv[0]);
155 return NT_STATUS_INVALID_PARAMETER;
158 audit_policy = LSA_AUDIT_POLICY_CLEAR;
160 if (strequal(argv[1], "Success")) {
161 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
162 } else if (strequal(argv[1], "Failure")) {
163 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
164 } else if (strequal(argv[1], "All")) {
165 audit_policy |= LSA_AUDIT_POLICY_ALL;
166 } else if (strequal(argv[1], "None")) {
167 audit_policy = LSA_AUDIT_POLICY_CLEAR;
169 d_printf("invalid auditing policy: %s\n", argv[1]);
170 return NT_STATUS_INVALID_PARAMETER;
173 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
174 SEC_RIGHTS_MAXIMUM_ALLOWED,
177 if (!NT_STATUS_IS_OK(result)) {
181 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
185 if (!NT_STATUS_IS_OK(result)) {
189 dom.info.id2.auditsettings[audit_category] = audit_policy;
191 result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol,
194 if (!NT_STATUS_IS_OK(result)) {
198 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
203 const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[audit_category]);
204 const char *policy = audit_description_str(audit_category);
205 print_auditing_category(policy, val);
209 if (!NT_STATUS_IS_OK(result)) {
210 d_printf("failed to set audit policy: %s\n", nt_errstr(result));
216 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
223 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
226 uint32 info_class = 2;
228 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
229 SEC_RIGHTS_MAXIMUM_ALLOWED,
232 if (!NT_STATUS_IS_OK(result)) {
236 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
240 if (!NT_STATUS_IS_OK(result)) {
244 dom.info.id2.auditing_enabled = enable;
246 result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol,
250 if (!NT_STATUS_IS_OK(result)) {
255 if (!NT_STATUS_IS_OK(result)) {
256 d_printf("failed to %s audit policy: %s\n", enable ? "enable":"disable",
262 /********************************************************************
263 ********************************************************************/
265 static NTSTATUS rpc_audit_disable_internal(const DOM_SID *domain_sid,
266 const char *domain_name,
267 struct cli_state *cli,
268 struct rpc_pipe_client *pipe_hnd,
273 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, False);
276 /********************************************************************
277 ********************************************************************/
279 static NTSTATUS rpc_audit_enable_internal(const DOM_SID *domain_sid,
280 const char *domain_name,
281 struct cli_state *cli,
282 struct rpc_pipe_client *pipe_hnd,
287 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, True);
290 /********************************************************************
291 ********************************************************************/
293 static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
294 const char *domain_name,
295 struct cli_state *cli,
296 struct rpc_pipe_client *pipe_hnd,
302 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
306 uint32 info_class = 2;
308 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
309 SEC_RIGHTS_MAXIMUM_ALLOWED,
312 if (!NT_STATUS_IS_OK(result)) {
316 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
320 if (!NT_STATUS_IS_OK(result)) {
324 printf("Auditing:\t\t");
325 switch (dom.info.id2.auditing_enabled) {
333 printf("unknown (%d)", dom.info.id2.auditing_enabled);
338 printf("Auditing categories:\t%d\n", dom.info.id2.count1);
339 printf("Auditing settings:\n");
341 for (i=0; i < dom.info.id2.count1; i++) {
342 const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
343 const char *policy = audit_description_str(i);
344 print_auditing_category(policy, val);
348 if (!NT_STATUS_IS_OK(result)) {
349 d_printf("failed to list auditing policies: %s\n", nt_errstr(result));
357 /********************************************************************
358 ********************************************************************/
360 static int rpc_audit_get(int argc, const char **argv)
362 return run_rpc_command(NULL, PI_LSARPC, 0,
363 rpc_audit_get_internal, argc, argv);
366 /********************************************************************
367 ********************************************************************/
369 static int rpc_audit_set(int argc, const char **argv)
371 return run_rpc_command(NULL, PI_LSARPC, 0,
372 rpc_audit_set_internal, argc, argv);
375 /********************************************************************
376 ********************************************************************/
378 static int rpc_audit_enable(int argc, const char **argv)
380 return run_rpc_command(NULL, PI_LSARPC, 0,
381 rpc_audit_enable_internal, argc, argv);
384 /********************************************************************
385 ********************************************************************/
387 static int rpc_audit_disable(int argc, const char **argv)
389 return run_rpc_command(NULL, PI_LSARPC, 0,
390 rpc_audit_disable_internal, argc, argv);
393 /********************************************************************
394 ********************************************************************/
396 static int rpc_audit_list(int argc, const char **argv)
398 return run_rpc_command(NULL, PI_LSARPC, 0,
399 rpc_audit_list_internal, argc, argv);
402 /********************************************************************
403 ********************************************************************/
405 int net_rpc_audit(int argc, const char **argv)
407 struct functable func[] = {
408 {"get", rpc_audit_get},
409 {"set", rpc_audit_set},
410 {"enable", rpc_audit_enable},
411 {"disable", rpc_audit_disable},
412 {"list", rpc_audit_list},
417 return net_run_function(argc, argv, func, net_help_audit);
419 return net_help_audit(argc, argv);