source3/lib/audit.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Auditing helper functions.
   4    Copyright (C) Guenther Deschner 2006
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "includes.h"
  21
  22 static const struct audit_category_tab {
  23         uint32 category;
  24         const char *category_str;
  25         const char *param_str;
  26         const char *description;
  27 } audit_category_tab [] = {
  28         { LSA_AUDIT_CATEGORY_LOGON,
  29          "LSA_AUDIT_CATEGORY_LOGON",
  30          "LOGON", "Logon events" },
  31         { LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
  32          "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS",
  33          "PRIVILEGE", "Privilege Use" },
  34         { LSA_AUDIT_CATEGORY_SYSTEM,
  35          "LSA_AUDIT_CATEGORY_SYSTEM",
  36          "SYSTEM", "System Events" },
  37         { LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
  38          "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES",
  39          "POLICY", "Policy Change" },
  40         { LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
  41          "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING",
  42          "PROCESS", "Process Tracking" },
  43         { LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
  44          "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS",
  45          "OBJECT", "Object Access" },
  46         { LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
  47          "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT",
  48          "SAM", "Account Management" },
  49         { LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS,
  50          "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS",
  51          "DIRECTORY", "Directory service access" },
  52         { LSA_AUDIT_CATEGORY_ACCOUNT_LOGON,
  53          "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON",
  54          "ACCOUNT", "Account logon events" },
  55         { 0, NULL, NULL }
  56 };
  57
  58 const char *audit_category_str(uint32 category)
  59 {
  60         int i;
  61         for (i=0; audit_category_tab[i].category_str; i++) {
  62                 if (category == audit_category_tab[i].category) {
  63                         return audit_category_tab[i].category_str;
  64                 }
  65         }
  66         return NULL;
  67 }
  68
  69 const char *audit_param_str(uint32 category)
  70 {
  71         int i;
  72         for (i=0; audit_category_tab[i].param_str; i++) {
  73                 if (category == audit_category_tab[i].category) {
  74                         return audit_category_tab[i].param_str;
  75                 }
  76         }
  77         return NULL;
  78 }
  79
  80 const char *audit_description_str(uint32 category)
  81 {
  82         int i;
  83         for (i=0; audit_category_tab[i].description; i++) {
  84                 if (category == audit_category_tab[i].category) {
  85                         return audit_category_tab[i].description;
  86                 }
  87         }
  88         return NULL;
  89 }
  90
  91 bool get_audit_category_from_param(const char *param, uint32 *audit_category)
  92 {
  93         *audit_category = Undefined;
  94
  95         if (strequal(param, "SYSTEM")) {
  96                 *audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
  97         } else if (strequal(param, "LOGON")) {
  98                 *audit_category = LSA_AUDIT_CATEGORY_LOGON;
  99         } else if (strequal(param, "OBJECT")) {
 100                 *audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
 101         } else if (strequal(param, "PRIVILEGE")) {
 102                 *audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
 103         } else if (strequal(param, "PROCESS")) {
 104                 *audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
 105         } else if (strequal(param, "POLICY")) {
 106                 *audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
 107         } else if (strequal(param, "SAM")) {
 108                 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
 109         } else if (strequal(param, "DIRECTORY")) {
 110                 *audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
 111         } else if (strequal(param, "ACCOUNT")) {
 112                 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
 113         } else {
 114                 DEBUG(0,("unknown parameter: %s\n", param));
 115                 return False;
 116         }
 117
 118         return True;
 119 }
 120
 121 const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy)
 122 {
 123         const char *ret = NULL;
 124
 125         if (policy == LSA_AUDIT_POLICY_NONE) {
 126                 return talloc_strdup(mem_ctx, "None");
 127         }
 128
 129         if (policy & LSA_AUDIT_POLICY_SUCCESS) {
 130                 ret = talloc_strdup(mem_ctx, "Success");
 131                 if (ret == NULL) {
 132                         return NULL;
 133                 }
 134         }
 135
 136         if (policy & LSA_AUDIT_POLICY_FAILURE) {
 137                 if (ret) {
 138                         ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
 139                         if (ret == NULL) {
 140                                 return NULL;
 141                         }
 142                 } else {
 143                         return talloc_strdup(mem_ctx, "Failure");
 144                 }
 145         }
 146
 147         return ret;
 148 }