Samba: utils/net_rpc_audit.c ソースファイル

00001 /* 
00002    Samba Unix/Linux SMB client library 
00003    Distributed SMB/CIFS Server Management Utility 
00004    Copyright (C) 2006 Guenther Deschner
00005 
00006    This program is free software; you can redistribute it and/or modify
00007    it under the terms of the GNU General Public License as published by
00008    the Free Software Foundation; either version 2 of the License, or
00009    (at your option) any later version.
00010    
00011    This program is distributed in the hope that it will be useful,
00012    but WITHOUT ANY WARRANTY; without even the implied warranty of
00013    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014    GNU General Public License for more details.
00015    
00016    You should have received a copy of the GNU General Public License
00017    along with this program; if not, write to the Free Software
00018    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
00019  
00020 #include "includes.h"
00021 #include "utils/net.h"
00022 
00023 /********************************************************************
00024 ********************************************************************/
00025 
00026 static int net_help_audit(int argc, const char **argv)
00027 {
00028         d_printf("net rpc audit list                       View configured Auditing policies\n");
00029         d_printf("net rpc audit enable                     Enable Auditing\n");
00030         d_printf("net rpc audit disable                    Disable Auditing\n");
00031         d_printf("net rpc audit get <category>             View configured Auditing policy setting\n");
00032         d_printf("net rpc audit set <category> <policy>    Set Auditing policies\n\n");
00033         d_printf("\tcategory can be one of: SYSTEM, LOGON, OBJECT, PRIVILEGE, PROCESS, POLICY, SAM, DIRECTORY or ACCOUNT\n");
00034         d_printf("\tpolicy can be one of: SUCCESS, FAILURE, ALL or NONE\n\n");
00035 
00036         return -1;
00037 }
00038 
00039 /********************************************************************
00040 ********************************************************************/
00041 
00042 static void print_auditing_category(const char *policy, const char *value)
00043 {
00044         fstring padding;
00045         int pad_len, col_len = 30;
00046 
00047         if (policy == NULL) {
00048                 policy = "Unknown";
00049         }
00050         if (value == NULL) {
00051                 value = "Invalid";
00052         }
00053 
00054         /* calculate padding space for d_printf to look nicer */
00055         pad_len = col_len - strlen(policy);
00056         padding[pad_len] = 0;
00057         do padding[--pad_len] = ' '; while (pad_len > 0);
00058                         
00059         d_printf("\t%s%s%s\n", policy, padding, value);
00060 }
00061 
00062 
00063 /********************************************************************
00064 ********************************************************************/
00065 
00066 static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
00067                                        const char *domain_name, 
00068                                        struct cli_state *cli,
00069                                        struct rpc_pipe_client *pipe_hnd,
00070                                        TALLOC_CTX *mem_ctx, 
00071                                        int argc,
00072                                        const char **argv)
00073 {
00074         POLICY_HND pol;
00075         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00076         LSA_INFO_CTR dom; 
00077         int i;
00078 
00079         uint32 info_class = 2;
00080         uint32 audit_category;
00081 
00082         if (argc < 1 || argc > 2) {
00083                 d_printf("insufficient arguments\n");
00084                 net_help_audit(argc, argv);
00085                 return NT_STATUS_INVALID_PARAMETER;
00086         }
00087 
00088         if (!get_audit_category_from_param(argv[0], &audit_category)) {
00089                 d_printf("invalid auditing category: %s\n", argv[0]);
00090                 return NT_STATUS_INVALID_PARAMETER;
00091         }
00092 
00093         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, 
00094                                         SEC_RIGHTS_MAXIMUM_ALLOWED,
00095                                         &pol);
00096 
00097         if (!NT_STATUS_IS_OK(result)) {
00098                 goto done;
00099         }
00100 
00101         result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol, 
00102                                                   info_class,
00103                                                   &dom);
00104 
00105         if (!NT_STATUS_IS_OK(result)) {
00106                 goto done;
00107         }
00108 
00109         for (i=0; i < dom.info.id2.count1; i++) {
00110 
00111                 const char *val = NULL, *policy = NULL;
00112 
00113                 if (i != audit_category) {
00114                         continue;
00115                 }
00116 
00117                 val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
00118                 policy = audit_description_str(i);
00119                 print_auditing_category(policy, val);
00120         }
00121 
00122  done:
00123         if (!NT_STATUS_IS_OK(result)) {
00124                 d_printf("failed to get auditing policy: %s\n", nt_errstr(result));
00125         }
00126 
00127         return result;
00128 }
00129 
00130 /********************************************************************
00131 ********************************************************************/
00132 
00133 static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
00134                                        const char *domain_name, 
00135                                        struct cli_state *cli,
00136                                        struct rpc_pipe_client *pipe_hnd,
00137                                        TALLOC_CTX *mem_ctx, 
00138                                        int argc,
00139                                        const char **argv)
00140 {
00141         POLICY_HND pol;
00142         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00143         LSA_INFO_CTR dom; 
00144 
00145         uint32 info_class = 2;
00146         uint32 audit_policy, audit_category;
00147 
00148         if (argc < 2 || argc > 3) {
00149                 d_printf("insufficient arguments\n");
00150                 net_help_audit(argc, argv);
00151                 return NT_STATUS_INVALID_PARAMETER;
00152         }
00153 
00154         if (!get_audit_category_from_param(argv[0], &audit_category)) {
00155                 d_printf("invalid auditing category: %s\n", argv[0]);
00156                 return NT_STATUS_INVALID_PARAMETER;
00157         }
00158 
00159         audit_policy = LSA_AUDIT_POLICY_CLEAR;
00160 
00161         if (strequal(argv[1], "Success")) {
00162                 audit_policy |= LSA_AUDIT_POLICY_SUCCESS;
00163         } else if (strequal(argv[1], "Failure")) {
00164                 audit_policy |= LSA_AUDIT_POLICY_FAILURE;
00165         } else if (strequal(argv[1], "All")) {
00166                 audit_policy |= LSA_AUDIT_POLICY_ALL;
00167         } else if (strequal(argv[1], "None")) {
00168                 audit_policy = LSA_AUDIT_POLICY_CLEAR;
00169         } else {
00170                 d_printf("invalid auditing policy: %s\n", argv[1]);
00171                 return NT_STATUS_INVALID_PARAMETER;
00172         }
00173 
00174         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, 
00175                                         SEC_RIGHTS_MAXIMUM_ALLOWED,
00176                                         &pol);
00177 
00178         if (!NT_STATUS_IS_OK(result)) {
00179                 goto done;
00180         }
00181 
00182         result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol, 
00183                                                   info_class,
00184                                                   &dom);
00185 
00186         if (!NT_STATUS_IS_OK(result)) {
00187                 goto done;
00188         }
00189 
00190         dom.info.id2.auditsettings[audit_category] = audit_policy;
00191 
00192         result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol, 
00193                                             info_class,
00194                                             dom);
00195         if (!NT_STATUS_IS_OK(result)) {
00196                 goto done;
00197         }
00198 
00199         result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol, 
00200                                                   info_class,
00201                                                   &dom);
00202 
00203         {
00204                 const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[audit_category]);
00205                 const char *policy = audit_description_str(audit_category);
00206                 print_auditing_category(policy, val);
00207         }
00208 
00209  done:
00210         if (!NT_STATUS_IS_OK(result)) {
00211                 d_printf("failed to set audit policy: %s\n", nt_errstr(result));
00212         }
00213  
00214         return result;
00215 }
00216 
00217 static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd, 
00218                                               TALLOC_CTX *mem_ctx,
00219                                               int argc,
00220                                               const char **argv,
00221                                               BOOL enable)
00222 {
00223         POLICY_HND pol;
00224         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00225         LSA_INFO_CTR dom;
00226 
00227         uint32 info_class = 2;
00228 
00229         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, 
00230                                         SEC_RIGHTS_MAXIMUM_ALLOWED,
00231                                         &pol);
00232 
00233         if (!NT_STATUS_IS_OK(result)) {
00234                 goto done;
00235         }
00236 
00237         result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol, 
00238                                                   info_class,
00239                                                   &dom);
00240 
00241         if (!NT_STATUS_IS_OK(result)) {
00242                 goto done;
00243         }
00244 
00245         dom.info.id2.auditing_enabled = enable;
00246 
00247         result = rpccli_lsa_set_info_policy(pipe_hnd, mem_ctx, &pol, 
00248                                             info_class,
00249                                             dom);
00250 
00251         if (!NT_STATUS_IS_OK(result)) {
00252                 goto done;
00253         }
00254 
00255  done:
00256         if (!NT_STATUS_IS_OK(result)) {
00257                 d_printf("failed to %s audit policy: %s\n", enable ? "enable":"disable", 
00258                         nt_errstr(result));
00259         }
00260 
00261         return result;
00262 }
00263 /********************************************************************
00264 ********************************************************************/
00265 
00266 static NTSTATUS rpc_audit_disable_internal(const DOM_SID *domain_sid,
00267                                            const char *domain_name, 
00268                                            struct cli_state *cli,
00269                                            struct rpc_pipe_client *pipe_hnd,
00270                                            TALLOC_CTX *mem_ctx, 
00271                                            int argc,
00272                                            const char **argv)
00273 {
00274         return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, False);
00275 }
00276 
00277 /********************************************************************
00278 ********************************************************************/
00279 
00280 static NTSTATUS rpc_audit_enable_internal(const DOM_SID *domain_sid,
00281                                           const char *domain_name, 
00282                                           struct cli_state *cli,
00283                                           struct rpc_pipe_client *pipe_hnd,
00284                                           TALLOC_CTX *mem_ctx, 
00285                                           int argc,
00286                                           const char **argv)
00287 {
00288         return rpc_audit_enable_internal_ext(pipe_hnd, mem_ctx, argc, argv, True);
00289 }
00290 
00291 /********************************************************************
00292 ********************************************************************/
00293 
00294 static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
00295                                         const char *domain_name, 
00296                                         struct cli_state *cli,
00297                                         struct rpc_pipe_client *pipe_hnd,
00298                                         TALLOC_CTX *mem_ctx, 
00299                                         int argc,
00300                                         const char **argv)
00301 {
00302         POLICY_HND pol;
00303         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00304         LSA_INFO_CTR dom;
00305         int i;
00306 
00307         uint32 info_class = 2;
00308 
00309         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, 
00310                                         SEC_RIGHTS_MAXIMUM_ALLOWED,
00311                                         &pol);
00312 
00313         if (!NT_STATUS_IS_OK(result)) {
00314                 goto done;
00315         }
00316 
00317         result = rpccli_lsa_query_info_policy_new(pipe_hnd, mem_ctx, &pol, 
00318                                                   info_class,
00319                                                   &dom);
00320 
00321         if (!NT_STATUS_IS_OK(result)) {
00322                 goto done;
00323         }
00324 
00325         printf("Auditing:\t\t");
00326         switch (dom.info.id2.auditing_enabled) {
00327                 case True:
00328                         printf("Enabled");
00329                         break;
00330                 case False:
00331                         printf("Disabled");
00332                         break;
00333                 default:
00334                         printf("unknown (%d)", dom.info.id2.auditing_enabled);
00335                         break;
00336         }
00337         printf("\n");
00338 
00339         printf("Auditing categories:\t%d\n", dom.info.id2.count1);
00340         printf("Auditing settings:\n");
00341 
00342         for (i=0; i < dom.info.id2.count1; i++) {
00343                 const char *val = audit_policy_str(mem_ctx, dom.info.id2.auditsettings[i]);
00344                 const char *policy = audit_description_str(i);
00345                 print_auditing_category(policy, val);
00346         }
00347 
00348  done:
00349         if (!NT_STATUS_IS_OK(result)) {
00350                 d_printf("failed to list auditing policies: %s\n", nt_errstr(result));
00351         }
00352 
00353         return result;
00354 }
00355 
00356 
00357 
00358 /********************************************************************
00359 ********************************************************************/
00360 
00361 static int rpc_audit_get(int argc, const char **argv)
00362 {
00363         return run_rpc_command(NULL, PI_LSARPC, 0, 
00364                 rpc_audit_get_internal, argc, argv);
00365 }
00366 
00367 /********************************************************************
00368 ********************************************************************/
00369 
00370 static int rpc_audit_set(int argc, const char **argv)
00371 {
00372         return run_rpc_command(NULL, PI_LSARPC, 0, 
00373                 rpc_audit_set_internal, argc, argv);
00374 }
00375 
00376 /********************************************************************
00377 ********************************************************************/
00378 
00379 static int rpc_audit_enable(int argc, const char **argv)
00380 {
00381         return run_rpc_command(NULL, PI_LSARPC, 0, 
00382                 rpc_audit_enable_internal, argc, argv);
00383 }
00384 
00385 /********************************************************************
00386 ********************************************************************/
00387 
00388 static int rpc_audit_disable(int argc, const char **argv)
00389 {
00390         return run_rpc_command(NULL, PI_LSARPC, 0, 
00391                 rpc_audit_disable_internal, argc, argv);
00392 }
00393 
00394 /********************************************************************
00395 ********************************************************************/
00396 
00397 static int rpc_audit_list(int argc, const char **argv)
00398 {
00399         return run_rpc_command(NULL, PI_LSARPC, 0, 
00400                 rpc_audit_list_internal, argc, argv);
00401 }
00402 
00403 /********************************************************************
00404 ********************************************************************/
00405 
00406 int net_rpc_audit(int argc, const char **argv) 
00407 {
00408         struct functable func[] = {
00409                 {"get", rpc_audit_get},
00410                 {"set", rpc_audit_set},
00411                 {"enable", rpc_audit_enable},
00412                 {"disable", rpc_audit_disable},
00413                 {"list", rpc_audit_list},
00414                 {NULL, NULL}
00415         };
00416         
00417         if (argc)
00418                 return net_run_function(argc, argv, func, net_help_audit);
00419                 
00420         return net_help_audit(argc, argv);
00421 }