From 655b04e4f8585a952afe226e602995ebbc7d1600 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 11 Apr 2006 15:47:24 +0000
Subject: r15041: Adding rpc client calls to manipulate auditing policies on
 remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query
 infolevels were taken from samb4 IDL, the lsa policy flags and categories are
 partly documented on msdn. I need to cleanup the double
 lsa_query_info_policy{2}{_new} calls next.

Guenther
(This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
---
 source3/lib/audit.c | 149 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 149 insertions(+)
 create mode 100644 source3/lib/audit.c

(limited to 'source3/lib')

diff --git a/source3/lib/audit.c b/source3/lib/audit.c
new file mode 100644
index 0000000000..86bd30bdff
--- /dev/null
+++ b/source3/lib/audit.c
@@ -0,0 +1,149 @@
+/*
+   Unix SMB/CIFS implementation.
+   Auditing helper functions.
+   Copyright (C) Guenther Deschner 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static const struct audit_category_tab {
+	uint32 category;
+	const char *category_str;
+	const char *param_str;
+	const char *description;
+} audit_category_tab [] = {
+	{ LSA_AUDIT_CATEGORY_LOGON, 
+	 "LSA_AUDIT_CATEGORY_LOGON", 
+	 "LOGON", "Logon events" },
+	{ LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS, 
+	 "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS", 
+	 "PRIVILEGE", "Privilege Use" },
+	{ LSA_AUDIT_CATEGORY_SYSTEM, 
+	 "LSA_AUDIT_CATEGORY_SYSTEM", 
+	 "SYSTEM", "System Events" },
+	{ LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES, 
+	 "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES", 
+	 "POLICY", "Policy Change" },
+	{ LSA_AUDIT_CATEGORY_PROCCESS_TRACKING, 
+	 "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING", 
+	 "PROCESS", "Process Tracking" },
+	{ LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS, 
+	 "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS", 
+	 "OBJECT", "Object Access" },
+	{ LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT, 
+	 "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT", 
+	 "SAM", "Account Management" },
+	{ LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS, 
+	 "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS", 
+	 "DIRECTORY", "Directory service access" },
+	{ LSA_AUDIT_CATEGORY_ACCOUNT_LOGON, 
+	 "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON", 
+	 "ACCOUNT", "Account logon events" },
+	{ 0, NULL, NULL }
+};
+
+const char *audit_category_str(uint32 category)
+{
+	int i;
+	for (i=0; audit_category_tab[i].category_str; i++) {
+		if (category == audit_category_tab[i].category) {
+			return audit_category_tab[i].category_str;
+		}
+	}
+	return NULL;
+}
+
+const char *audit_param_str(uint32 category)
+{
+	int i;
+	for (i=0; audit_category_tab[i].param_str; i++) {
+		if (category == audit_category_tab[i].category) {
+			return audit_category_tab[i].param_str;
+		}
+	}
+	return NULL;
+}
+
+const char *audit_description_str(uint32 category)
+{
+	int i;
+	for (i=0; audit_category_tab[i].description; i++) {
+		if (category == audit_category_tab[i].category) {
+			return audit_category_tab[i].description;
+		}
+	}
+	return NULL;
+}
+
+BOOL get_audit_category_from_param(const char *param, uint32 *audit_category)
+{
+	*audit_category = Undefined;
+
+	if (strequal(param, "SYSTEM")) {
+		*audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
+	} else if (strequal(param, "LOGON")) {
+		*audit_category = LSA_AUDIT_CATEGORY_LOGON;
+	} else if (strequal(param, "OBJECT")) {
+		*audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
+	} else if (strequal(param, "PRIVILEGE")) {
+		*audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
+	} else if (strequal(param, "PROCESS")) {
+		*audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
+	} else if (strequal(param, "POLICY")) {
+		*audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
+	} else if (strequal(param, "SAM")) {
+		*audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
+	} else if (strequal(param, "DIRECTORY")) {
+		*audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
+	} else if (strequal(param, "ACCOUNT")) {
+		*audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
+	} else {
+		DEBUG(0,("unknown parameter: %s\n", param));
+		return False;
+	}
+
+	return True;
+}
+
+const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy)
+{
+	const char *ret = NULL;
+
+	if (policy == LSA_AUDIT_POLICY_NONE) {
+		return talloc_strdup(mem_ctx, "None");
+	}
+
+	if (policy & LSA_AUDIT_POLICY_SUCCESS) {
+		ret = talloc_strdup(mem_ctx, "Success");
+		if (ret == NULL) {
+			return NULL;
+		}
+	}
+
+	if (policy & LSA_AUDIT_POLICY_FAILURE) {
+		if (ret) {
+			ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
+			if (ret == NULL) {
+				return NULL;
+			}
+		} else {
+			return talloc_strdup(mem_ctx, "Failure");
+		}
+	}
+
+	return ret;
+}
-- 
cgit