/src/samba/source3/lib/audit.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | Unix SMB/CIFS implementation. |
3 | | Auditing helper functions. |
4 | | Copyright (C) Guenther Deschner 2006 |
5 | | |
6 | | This program is free software; you can redistribute it and/or modify |
7 | | it under the terms of the GNU General Public License as published by |
8 | | the Free Software Foundation; either version 3 of the License, or |
9 | | (at your option) any later version. |
10 | | |
11 | | This program is distributed in the hope that it will be useful, |
12 | | but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | GNU General Public License for more details. |
15 | | |
16 | | You should have received a copy of the GNU General Public License |
17 | | along with this program. If not, see <http://www.gnu.org/licenses/>. |
18 | | */ |
19 | | |
20 | | #include "includes.h" |
21 | | #include "../librpc/gen_ndr/lsa.h" |
22 | | |
23 | | static const struct audit_category_tab { |
24 | | uint32_t category; |
25 | | const char *category_str; |
26 | | const char *param_str; |
27 | | const char *description; |
28 | | } audit_category_tab [] = { |
29 | | { LSA_AUDIT_CATEGORY_LOGON, |
30 | | "LSA_AUDIT_CATEGORY_LOGON", |
31 | | "LOGON", "Logon events" }, |
32 | | { LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS, |
33 | | "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS", |
34 | | "PRIVILEGE", "Privilege Use" }, |
35 | | { LSA_AUDIT_CATEGORY_SYSTEM, |
36 | | "LSA_AUDIT_CATEGORY_SYSTEM", |
37 | | "SYSTEM", "System Events" }, |
38 | | { LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES, |
39 | | "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES", |
40 | | "POLICY", "Policy Change" }, |
41 | | { LSA_AUDIT_CATEGORY_PROCCESS_TRACKING, |
42 | | "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING", |
43 | | "PROCESS", "Process Tracking" }, |
44 | | { LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS, |
45 | | "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS", |
46 | | "OBJECT", "Object Access" }, |
47 | | { LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT, |
48 | | "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT", |
49 | | "SAM", "Account Management" }, |
50 | | { LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS, |
51 | | "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS", |
52 | | "DIRECTORY", "Directory service access" }, |
53 | | { LSA_AUDIT_CATEGORY_ACCOUNT_LOGON, |
54 | | "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON", |
55 | | "ACCOUNT", "Account logon events" }, |
56 | | { .category = 0 } |
57 | | }; |
58 | | |
59 | | const char *audit_category_str(uint32_t category) |
60 | 0 | { |
61 | 0 | int i; |
62 | 0 | for (i=0; audit_category_tab[i].category_str; i++) { |
63 | 0 | if (category == audit_category_tab[i].category) { |
64 | 0 | return audit_category_tab[i].category_str; |
65 | 0 | } |
66 | 0 | } |
67 | 0 | return NULL; |
68 | 0 | } |
69 | | |
70 | | const char *audit_param_str(uint32_t category) |
71 | 0 | { |
72 | 0 | int i; |
73 | 0 | for (i=0; audit_category_tab[i].param_str; i++) { |
74 | 0 | if (category == audit_category_tab[i].category) { |
75 | 0 | return audit_category_tab[i].param_str; |
76 | 0 | } |
77 | 0 | } |
78 | 0 | return NULL; |
79 | 0 | } |
80 | | |
81 | | const char *audit_description_str(uint32_t category) |
82 | 0 | { |
83 | 0 | int i; |
84 | 0 | for (i=0; audit_category_tab[i].description; i++) { |
85 | 0 | if (category == audit_category_tab[i].category) { |
86 | 0 | return audit_category_tab[i].description; |
87 | 0 | } |
88 | 0 | } |
89 | 0 | return NULL; |
90 | 0 | } |
91 | | |
92 | | bool get_audit_category_from_param(const char *param, uint32_t *audit_category) |
93 | 0 | { |
94 | 0 | *audit_category = Undefined; |
95 | |
|
96 | 0 | if (strequal(param, "SYSTEM")) { |
97 | 0 | *audit_category = LSA_AUDIT_CATEGORY_SYSTEM; |
98 | 0 | } else if (strequal(param, "LOGON")) { |
99 | 0 | *audit_category = LSA_AUDIT_CATEGORY_LOGON; |
100 | 0 | } else if (strequal(param, "OBJECT")) { |
101 | 0 | *audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS; |
102 | 0 | } else if (strequal(param, "PRIVILEGE")) { |
103 | 0 | *audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS; |
104 | 0 | } else if (strequal(param, "PROCESS")) { |
105 | 0 | *audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING; |
106 | 0 | } else if (strequal(param, "POLICY")) { |
107 | 0 | *audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES; |
108 | 0 | } else if (strequal(param, "SAM")) { |
109 | 0 | *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT; |
110 | 0 | } else if (strequal(param, "DIRECTORY")) { |
111 | 0 | *audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS; |
112 | 0 | } else if (strequal(param, "ACCOUNT")) { |
113 | 0 | *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON; |
114 | 0 | } else { |
115 | 0 | DEBUG(0,("unknown parameter: %s\n", param)); |
116 | 0 | return False; |
117 | 0 | } |
118 | | |
119 | 0 | return True; |
120 | 0 | } |
121 | | |
122 | | const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32_t policy) |
123 | 0 | { |
124 | 0 | const char *ret = NULL; |
125 | |
|
126 | 0 | if (policy == LSA_AUDIT_POLICY_NONE) { |
127 | 0 | return talloc_strdup(mem_ctx, "None"); |
128 | 0 | } |
129 | | |
130 | 0 | if (policy & LSA_AUDIT_POLICY_SUCCESS) { |
131 | 0 | ret = talloc_strdup(mem_ctx, "Success"); |
132 | 0 | if (ret == NULL) { |
133 | 0 | return NULL; |
134 | 0 | } |
135 | 0 | } |
136 | | |
137 | 0 | if (policy & LSA_AUDIT_POLICY_FAILURE) { |
138 | 0 | if (ret) { |
139 | 0 | ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure"); |
140 | 0 | if (ret == NULL) { |
141 | 0 | return NULL; |
142 | 0 | } |
143 | 0 | } else { |
144 | 0 | return talloc_strdup(mem_ctx, "Failure"); |
145 | 0 | } |
146 | 0 | } |
147 | | |
148 | 0 | return ret; |
149 | 0 | } |