s3: in sys_popen(), validate input before opening the pipe.
[kai/samba.git] / source3 / lib / audit.c
1 /*
2    Unix SMB/CIFS implementation.
3    Auditing helper functions.
4    Copyright (C) Guenther Deschner 2006
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "../librpc/gen_ndr/lsa.h"
22
23 static const struct audit_category_tab {
24         uint32 category;
25         const char *category_str;
26         const char *param_str;
27         const char *description;
28 } audit_category_tab [] = {
29         { LSA_AUDIT_CATEGORY_LOGON, 
30          "LSA_AUDIT_CATEGORY_LOGON", 
31          "LOGON", "Logon events" },
32         { LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS, 
33          "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS", 
34          "PRIVILEGE", "Privilege Use" },
35         { LSA_AUDIT_CATEGORY_SYSTEM, 
36          "LSA_AUDIT_CATEGORY_SYSTEM", 
37          "SYSTEM", "System Events" },
38         { LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES, 
39          "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES", 
40          "POLICY", "Policy Change" },
41         { LSA_AUDIT_CATEGORY_PROCCESS_TRACKING, 
42          "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING", 
43          "PROCESS", "Process Tracking" },
44         { LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS, 
45          "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS", 
46          "OBJECT", "Object Access" },
47         { LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT, 
48          "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT", 
49          "SAM", "Account Management" },
50         { LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS, 
51          "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS", 
52          "DIRECTORY", "Directory service access" },
53         { LSA_AUDIT_CATEGORY_ACCOUNT_LOGON, 
54          "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON", 
55          "ACCOUNT", "Account logon events" },
56         { 0, NULL, NULL }
57 };
58
59 const char *audit_category_str(uint32 category)
60 {
61         int i;
62         for (i=0; audit_category_tab[i].category_str; i++) {
63                 if (category == audit_category_tab[i].category) {
64                         return audit_category_tab[i].category_str;
65                 }
66         }
67         return NULL;
68 }
69
70 const char *audit_param_str(uint32 category)
71 {
72         int i;
73         for (i=0; audit_category_tab[i].param_str; i++) {
74                 if (category == audit_category_tab[i].category) {
75                         return audit_category_tab[i].param_str;
76                 }
77         }
78         return NULL;
79 }
80
81 const char *audit_description_str(uint32 category)
82 {
83         int i;
84         for (i=0; audit_category_tab[i].description; i++) {
85                 if (category == audit_category_tab[i].category) {
86                         return audit_category_tab[i].description;
87                 }
88         }
89         return NULL;
90 }
91
92 bool get_audit_category_from_param(const char *param, uint32 *audit_category)
93 {
94         *audit_category = Undefined;
95
96         if (strequal(param, "SYSTEM")) {
97                 *audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
98         } else if (strequal(param, "LOGON")) {
99                 *audit_category = LSA_AUDIT_CATEGORY_LOGON;
100         } else if (strequal(param, "OBJECT")) {
101                 *audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
102         } else if (strequal(param, "PRIVILEGE")) {
103                 *audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
104         } else if (strequal(param, "PROCESS")) {
105                 *audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
106         } else if (strequal(param, "POLICY")) {
107                 *audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
108         } else if (strequal(param, "SAM")) {
109                 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
110         } else if (strequal(param, "DIRECTORY")) {
111                 *audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
112         } else if (strequal(param, "ACCOUNT")) {
113                 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
114         } else {
115                 DEBUG(0,("unknown parameter: %s\n", param));
116                 return False;
117         }
118
119         return True;
120 }
121
122 const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy)
123 {
124         const char *ret = NULL;
125
126         if (policy == LSA_AUDIT_POLICY_NONE) {
127                 return talloc_strdup(mem_ctx, "None");
128         }
129
130         if (policy & LSA_AUDIT_POLICY_SUCCESS) {
131                 ret = talloc_strdup(mem_ctx, "Success");
132                 if (ret == NULL) {
133                         return NULL;
134                 }
135         }
136
137         if (policy & LSA_AUDIT_POLICY_FAILURE) {
138                 if (ret) {
139                         ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
140                         if (ret == NULL) {
141                                 return NULL;
142                         }
143                 } else {
144                         return talloc_strdup(mem_ctx, "Failure");
145                 }
146         }
147
148         return ret;
149 }