Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Auditing helper functions.
4 : Copyright (C) Guenther Deschner 2006
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "../librpc/gen_ndr/lsa.h"
22 :
23 : static const struct audit_category_tab {
24 : uint32_t category;
25 : const char *category_str;
26 : const char *param_str;
27 : const char *description;
28 : } audit_category_tab [] = {
29 : { LSA_AUDIT_CATEGORY_LOGON,
30 : "LSA_AUDIT_CATEGORY_LOGON",
31 : "LOGON", "Logon events" },
32 : { LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
33 : "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS",
34 : "PRIVILEGE", "Privilege Use" },
35 : { LSA_AUDIT_CATEGORY_SYSTEM,
36 : "LSA_AUDIT_CATEGORY_SYSTEM",
37 : "SYSTEM", "System Events" },
38 : { LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
39 : "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES",
40 : "POLICY", "Policy Change" },
41 : { LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
42 : "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING",
43 : "PROCESS", "Process Tracking" },
44 : { LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
45 : "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS",
46 : "OBJECT", "Object Access" },
47 : { LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
48 : "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT",
49 : "SAM", "Account Management" },
50 : { LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS,
51 : "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS",
52 : "DIRECTORY", "Directory service access" },
53 : { LSA_AUDIT_CATEGORY_ACCOUNT_LOGON,
54 : "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON",
55 : "ACCOUNT", "Account logon events" },
56 : { .category = 0 }
57 : };
58 :
59 0 : const char *audit_category_str(uint32_t category)
60 : {
61 0 : int i;
62 0 : for (i=0; audit_category_tab[i].category_str; i++) {
63 0 : if (category == audit_category_tab[i].category) {
64 0 : return audit_category_tab[i].category_str;
65 : }
66 : }
67 0 : return NULL;
68 : }
69 :
70 0 : const char *audit_param_str(uint32_t category)
71 : {
72 0 : int i;
73 0 : for (i=0; audit_category_tab[i].param_str; i++) {
74 0 : if (category == audit_category_tab[i].category) {
75 0 : return audit_category_tab[i].param_str;
76 : }
77 : }
78 0 : return NULL;
79 : }
80 :
81 0 : const char *audit_description_str(uint32_t category)
82 : {
83 0 : int i;
84 0 : for (i=0; audit_category_tab[i].description; i++) {
85 0 : if (category == audit_category_tab[i].category) {
86 0 : return audit_category_tab[i].description;
87 : }
88 : }
89 0 : return NULL;
90 : }
91 :
92 0 : bool get_audit_category_from_param(const char *param, uint32_t *audit_category)
93 : {
94 0 : *audit_category = Undefined;
95 :
96 0 : if (strequal(param, "SYSTEM")) {
97 0 : *audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
98 0 : } else if (strequal(param, "LOGON")) {
99 0 : *audit_category = LSA_AUDIT_CATEGORY_LOGON;
100 0 : } else if (strequal(param, "OBJECT")) {
101 0 : *audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
102 0 : } else if (strequal(param, "PRIVILEGE")) {
103 0 : *audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
104 0 : } else if (strequal(param, "PROCESS")) {
105 0 : *audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
106 0 : } else if (strequal(param, "POLICY")) {
107 0 : *audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
108 0 : } else if (strequal(param, "SAM")) {
109 0 : *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
110 0 : } else if (strequal(param, "DIRECTORY")) {
111 0 : *audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
112 0 : } else if (strequal(param, "ACCOUNT")) {
113 0 : *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
114 : } else {
115 0 : DEBUG(0,("unknown parameter: %s\n", param));
116 0 : return False;
117 : }
118 :
119 0 : return True;
120 : }
121 :
122 0 : const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32_t policy)
123 : {
124 0 : const char *ret = NULL;
125 :
126 0 : if (policy == LSA_AUDIT_POLICY_NONE) {
127 0 : return talloc_strdup(mem_ctx, "None");
128 : }
129 :
130 0 : if (policy & LSA_AUDIT_POLICY_SUCCESS) {
131 0 : ret = talloc_strdup(mem_ctx, "Success");
132 0 : if (ret == NULL) {
133 0 : return NULL;
134 : }
135 : }
136 :
137 0 : if (policy & LSA_AUDIT_POLICY_FAILURE) {
138 0 : if (ret) {
139 0 : ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
140 0 : if (ret == NULL) {
141 0 : return NULL;
142 : }
143 : } else {
144 0 : return talloc_strdup(mem_ctx, "Failure");
145 : }
146 : }
147 :
148 0 : return ret;
149 : }
|
