00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020 #include "includes.h"
00021 #include "utils/net.h"
00022
00023
00024
00025
00026 static int net_help_audit(int argc, const char **argv)
00027 {
00028 d_printf("net rpc audit list View configured Auditing policies\n");
00029 d_printf("net rpc audit enable Enable Auditing\n");
00030 d_printf("net rpc audit disable Disable Auditing\n");
00031 d_printf("net rpc audit get <category> View configured Auditing policy setting\n");
00032 d_printf("net rpc audit set <category> <policy> Set Auditing policies\n\n");
00033 d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
00034 d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
00035
00036 return -1;
00037 }
00038
00039
00040
00041
00042 static void print_auditing_category(const char *policy, const char *value)
00043 {
00044 fstring padding;
00045 int pad_len, col_len = 30;
00046
00047 if (policy == NULL) {
00048 policy = "Unknown";
00049 }
00050 if (value == NULL) {
00051 value = "Invalid";
00052 }
00053
00054
00055 pad_len = col_len - strlen(policy);
00056 padding[pad_len] = 0;
00057 do padding[--pad_len] = ' '; while (pad_len > 0);
00058
00059 d_printf("\t%s%s%s\n", policy, padding, value);
00060 }
00061
00062
00063
00064
00065
00066 static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
00067 const char *domain_name,
00068 struct cli_state *cli,
00069 struct rpc_pipe_client *pipe_hnd,
00070 TALLOC_CTX *mem_ctx,
00071 int argc,
00072 const char **argv)
00073 {
00074 POLICY_HND pol;
00075 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00076 LSA_INFO_CTR dom;
00077 int i;
00078
00079 uint32 info_class = 2;
00080 uint32 audit_category;
00081
00082 if (argc < 1 || argc > 2) {
00083 d_printf("insufficient arguments\n");
00084 net_help_audit(argc, argv);
00085 return NT_STATUS_INVALID_PARAMETER;
00086 }
00087
00088 if (!get_audit_category_from_param(argv[0], &audit_category)) {
00089 d_printf("invalid auditing category: %s\n", argv[0]);
00090 return NT_STATUS_INVALID_PARAMETER;
00091 }
00092
00093 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
00094 SEC_RIGHTS_MAXIMUM_ALLOWED,
00095 &pol);
00096
00097 if (!NT_STATUS_IS_OK(result)) {
00098 goto done;
00099 }
00100
00101 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
00102 info_class,
00103 &dom);
00104
00105 if (!NT_STATUS_IS_OK(result)) {
00106 goto done;
00107 }
00108
00109 for (i=0; i < dom.info.id2.count1; i++) {
00110
00111 const char *val = NULL, *policy = NULL;
00112
00113 if (i != audit_category) {
00114 continue;
00115 }
00116
00117 val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
00118 policy = audit_description_str(i);
00119 print_auditing_category(policy, val);
00120 }
00121
00122 done:
00123 if (!NT_STATUS_IS_OK(result)) {
00124 d_printf("failed to get auditing policy: %s\n", nt_errstr(result));
00125 }
00126
00127 return result;
00128 }
00129
00130
00131
00132
00133 static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
00134 const char *domain_name,
00135 struct cli_state *cli,
00136 struct rpc_pipe_client *pipe_hnd,
00137 TALLOC_CTX *mem_ctx,
00138 int argc,
00139 const char **argv)
00140 {
00141 POLICY_HND pol;
00142 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00143 LSA_INFO_CTR dom;
00144
00145 uint32 info_class = 2;
00146 uint32 audit_policy, audit_category;
00147
00148 if (argc < 2 || argc > 3) {
00149 d_printf("insufficient arguments\n");
00150 net_help_audit(argc, argv);
00151 return NT_STATUS_INVALID_PARAMETER;
00152 }
00153
00154 if (!get_audit_category_from_param(argv[0], &audit_category)) {
00155 d_printf("invalid auditing category: %s\n", argv[0]);
00156 return NT_STATUS_INVALID_PARAMETER;
00157 }
00158
00159 audit_policy = LSA_AUDIT_POLICY_CLEAR;
00160
00161 if (strequal(argv[1], "Success")) {
00162 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
00163 } else if (strequal(argv[1], "Failure")) {
00164 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
00165 } else if (strequal(argv[1], "All")) {
00166 audit_policy |= LSA_AUDIT_POLICY_ALL;
00167 } else if (strequal(argv[1], "None")) {
00168 audit_policy = LSA_AUDIT_POLICY_CLEAR;
00169 } else {
00170 d_printf("invalid auditing policy: %s\n", argv[1]);
00171 return NT_STATUS_INVALID_PARAMETER;
00172 }
00173
00174 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
00175 SEC_RIGHTS_MAXIMUM_ALLOWED,
00176 &pol);
00177
00178 if (!NT_STATUS_IS_OK(result)) {
00179 goto done;
00180 }
00181
00182 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
00183 info_class,
00184 &dom);
00185
00186 if (!NT_STATUS_IS_OK(result)) {
00187 goto done;
00188 }
00189
00190 dom.info.id2.auditsettings[audit_category] = audit_policy;
00191
00192 result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol,
00193 info_class,
00194 dom);
00195 if (!NT_STATUS_IS_OK(result)) {
00196 goto done;
00197 }
00198
00199 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
00200 info_class,
00201 &dom);
00202
00203 {
00204 const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[audit_category]);
00205 const char *policy = audit_description_str(audit_category);
00206 print_auditing_category(policy, val);
00207 }
00208
00209 done:
00210 if (!NT_STATUS_IS_OK(result)) {
00211 d_printf("failed to set audit policy: %s\n", nt_errstr(result));
00212 }
00213
00214 return result;
00215 }
00216
00217 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
00218 TALLOC_CTX *mem_ctx,
00219 int argc,
00220 const char **argv,
00221 BOOL enable)
00222 {
00223 POLICY_HND pol;
00224 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00225 LSA_INFO_CTR dom;
00226
00227 uint32 info_class = 2;
00228
00229 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
00230 SEC_RIGHTS_MAXIMUM_ALLOWED,
00231 &pol);
00232
00233 if (!NT_STATUS_IS_OK(result)) {
00234 goto done;
00235 }
00236
00237 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
00238 info_class,
00239 &dom);
00240
00241 if (!NT_STATUS_IS_OK(result)) {
00242 goto done;
00243 }
00244
00245 dom.info.id2.auditing_enabled = enable;
00246
00247 result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol,
00248 info_class,
00249 dom);
00250
00251 if (!NT_STATUS_IS_OK(result)) {
00252 goto done;
00253 }
00254
00255 done:
00256 if (!NT_STATUS_IS_OK(result)) {
00257 d_printf("failed to %s audit policy: %s\n", enable ? "enable":"disable",
00258 nt_errstr(result));
00259 }
00260
00261 return result;
00262 }
00263
00264
00265
00266 static NTSTATUS rpc_audit_disable_internal(const DOM_SID *domain_sid,
00267 const char *domain_name,
00268 struct cli_state *cli,
00269 struct rpc_pipe_client *pipe_hnd,
00270 TALLOC_CTX *mem_ctx,
00271 int argc,
00272 const char **argv)
00273 {
00274 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, False);
00275 }
00276
00277
00278
00279
00280 static NTSTATUS rpc_audit_enable_internal(const DOM_SID *domain_sid,
00281 const char *domain_name,
00282 struct cli_state *cli,
00283 struct rpc_pipe_client *pipe_hnd,
00284 TALLOC_CTX *mem_ctx,
00285 int argc,
00286 const char **argv)
00287 {
00288 return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, True);
00289 }
00290
00291
00292
00293
00294 static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
00295 const char *domain_name,
00296 struct cli_state *cli,
00297 struct rpc_pipe_client *pipe_hnd,
00298 TALLOC_CTX *mem_ctx,
00299 int argc,
00300 const char **argv)
00301 {
00302 POLICY_HND pol;
00303 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00304 LSA_INFO_CTR dom;
00305 int i;
00306
00307 uint32 info_class = 2;
00308
00309 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
00310 SEC_RIGHTS_MAXIMUM_ALLOWED,
00311 &pol);
00312
00313 if (!NT_STATUS_IS_OK(result)) {
00314 goto done;
00315 }
00316
00317 result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol,
00318 info_class,
00319 &dom);
00320
00321 if (!NT_STATUS_IS_OK(result)) {
00322 goto done;
00323 }
00324
00325 printf("Auditing:\t\t");
00326 switch (dom.info.id2.auditing_enabled) {
00327 case True:
00328 printf("Enabled");
00329 break;
00330 case False:
00331 printf("Disabled");
00332 break;
00333 default:
00334 printf("unknown (%d)", dom.info.id2.auditing_enabled);
00335 break;
00336 }
00337 printf("\n");
00338
00339 printf("Auditing categories:\t%d\n", dom.info.id2.count1);
00340 printf("Auditing settings:\n");
00341
00342 for (i=0; i < dom.info.id2.count1; i++) {
00343 const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
00344 const char *policy = audit_description_str(i);
00345 print_auditing_category(policy, val);
00346 }
00347
00348 done:
00349 if (!NT_STATUS_IS_OK(result)) {
00350 d_printf("failed to list auditing policies: %s\n", nt_errstr(result));
00351 }
00352
00353 return result;
00354 }
00355
00356
00357
00358
00359
00360
00361 static int rpc_audit_get(int argc, const char **argv)
00362 {
00363 return run_rpc_command(NULL, PI_LSARPC, 0,
00364 rpc_audit_get_internal, argc, argv);
00365 }
00366
00367
00368
00369
00370 static int rpc_audit_set(int argc, const char **argv)
00371 {
00372 return run_rpc_command(NULL, PI_LSARPC, 0,
00373 rpc_audit_set_internal, argc, argv);
00374 }
00375
00376
00377
00378
00379 static int rpc_audit_enable(int argc, const char **argv)
00380 {
00381 return run_rpc_command(NULL, PI_LSARPC, 0,
00382 rpc_audit_enable_internal, argc, argv);
00383 }
00384
00385
00386
00387
00388 static int rpc_audit_disable(int argc, const char **argv)
00389 {
00390 return run_rpc_command(NULL, PI_LSARPC, 0,
00391 rpc_audit_disable_internal, argc, argv);
00392 }
00393
00394
00395
00396
00397 static int rpc_audit_list(int argc, const char **argv)
00398 {
00399 return run_rpc_command(NULL, PI_LSARPC, 0,
00400 rpc_audit_list_internal, argc, argv);
00401 }
00402
00403
00404
00405
00406 int net_rpc_audit(int argc, const char **argv)
00407 {
00408 struct functable func[] = {
00409 {"get", rpc_audit_get},
00410 {"set", rpc_audit_set},
00411 {"enable", rpc_audit_enable},
00412 {"disable", rpc_audit_disable},
00413 {"list", rpc_audit_list},
00414 {NULL, NULL}
00415 };
00416
00417 if (argc)
00418 return net_run_function(argc, argv, func, net_help_audit);
00419
00420 return net_help_audit(argc, argv);
00421 }