static void display_query_info_2(struct lsa_AuditEventsInfo *r) { int i; d_printf("Auditing enabled:\t%d\n", r->auditing_mode); d_printf("Auditing categories:\t%d\n", r->count); d_printf("Auditsettings:\n"); for (i=0; i<r->count; i++) { const char *val = audit_policy_str(talloc_tos(), r->settings[i]); const char *policy = audit_description_str(i); d_printf("%s:\t%s\n", policy, val); } }
static NTSTATUS rpc_audit_get_internal(struct net_context *c, const struct dom_sid *domain_sid, const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS status, result; union lsa_PolicyInformation *info = NULL; int i; uint32_t audit_category; struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; if (argc < 1 || argc > 2) { d_printf(_("insufficient arguments\n")); net_help_audit(c, argc, argv); return NT_STATUS_INVALID_PARAMETER; } if (!get_audit_category_from_param(argv[0], &audit_category)) { d_printf(_("invalid auditing category: %s\n"), argv[0]); return NT_STATUS_INVALID_PARAMETER; } status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(status)) { goto done; } status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, &pol, LSA_POLICY_INFO_AUDIT_EVENTS, &info, &result); if (!NT_STATUS_IS_OK(status)) { goto done; } if (!NT_STATUS_IS_OK(result)) { status = result; goto done; } for (i=0; i < info->audit_events.count; i++) { const char *val = NULL, *policy = NULL; if (i != audit_category) { continue; } val = audit_policy_str(mem_ctx, info->audit_events.settings[i]); policy = audit_description_str(i); print_auditing_category(policy, val); } done: if (!NT_STATUS_IS_OK(status)) { d_printf(_("failed to get auditing policy: %s\n"), nt_errstr(status)); } return status; }
static NTSTATUS rpc_audit_list_internal(struct net_context *c, const struct dom_sid *domain_sid, const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS status, result; union lsa_PolicyInformation *info = NULL; int i; struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(status)) { goto done; } status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, &pol, LSA_POLICY_INFO_AUDIT_EVENTS, &info, &result); if (!NT_STATUS_IS_OK(status)) { goto done; } if (!NT_STATUS_IS_OK(result)) { status = result; goto done; } printf(_("Auditing:\t\t")); switch (info->audit_events.auditing_mode) { case true: printf(_("Enabled")); break; case false: printf(_("Disabled")); break; default: printf(_("unknown (%d)"), info->audit_events.auditing_mode); break; } printf("\n"); printf(_("Auditing categories:\t%d\n"), info->audit_events.count); printf(_("Auditing settings:\n")); for (i=0; i < info->audit_events.count; i++) { const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]); const char *policy = audit_description_str(i); print_auditing_category(policy, val); } done: if (!NT_STATUS_IS_OK(status)) { d_printf(_("failed to list auditing policies: %s\n"), nt_errstr(status)); } return status; }
static NTSTATUS rpc_audit_set_internal(struct net_context *c, const struct dom_sid *domain_sid, const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS status, result; union lsa_PolicyInformation *info = NULL; uint32_t audit_policy, audit_category; struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; if (argc < 2 || argc > 3) { d_printf(_("insufficient arguments\n")); net_help_audit(c, argc, argv); return NT_STATUS_INVALID_PARAMETER; } if (!get_audit_category_from_param(argv[0], &audit_category)) { d_printf(_("invalid auditing category: %s\n"), argv[0]); return NT_STATUS_INVALID_PARAMETER; } audit_policy = LSA_AUDIT_POLICY_CLEAR; if (strequal(argv[1], "Success")) { audit_policy |= LSA_AUDIT_POLICY_SUCCESS; } else if (strequal(argv[1], "Failure")) { audit_policy |= LSA_AUDIT_POLICY_FAILURE; } else if (strequal(argv[1], "All")) { audit_policy |= LSA_AUDIT_POLICY_ALL; } else if (strequal(argv[1], "None")) { audit_policy = LSA_AUDIT_POLICY_CLEAR; } else { d_printf(_("invalid auditing policy: %s\n"), argv[1]); return NT_STATUS_INVALID_PARAMETER; } status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(status)) { goto done; } status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, &pol, LSA_POLICY_INFO_AUDIT_EVENTS, &info, &result); if (!NT_STATUS_IS_OK(status)) { goto done; } if (!NT_STATUS_IS_OK(result)) { status = result; goto done; } info->audit_events.settings[audit_category] = audit_policy; status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx, &pol, LSA_POLICY_INFO_AUDIT_EVENTS, info, &result); if (!NT_STATUS_IS_OK(status)) { goto done; } if (!NT_STATUS_IS_OK(result)) { status = result; goto done; } status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, &pol, LSA_POLICY_INFO_AUDIT_EVENTS, &info, &result); if (!NT_STATUS_IS_OK(status)) { goto done; } status = result; { const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]); const char *policy = audit_description_str(audit_category); print_auditing_category(policy, val); } done: if (!NT_STATUS_IS_OK(status)) { d_printf(_("failed to set audit policy: %s\n"), nt_errstr(status)); } return status; }