1/* 2 Unix SMB/CIFS implementation. 3 Auditing helper functions. 4 Copyright (C) Guenther Deschner 2006 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 2 of the License, or 9 (at your option) any later version. 10 11 This program is distributed in the hope that it will be useful, 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 GNU General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with this program; if not, write to the Free Software 18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19*/ 20 21#include "includes.h" 22 23static const struct audit_category_tab { 24 uint32 category; 25 const char *category_str; 26 const char *param_str; 27 const char *description; 28} audit_category_tab [] = { 29 { LSA_AUDIT_CATEGORY_LOGON, 30 "LSA_AUDIT_CATEGORY_LOGON", 31 "LOGON", "Logon events" }, 32 { LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS, 33 "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS", 34 "PRIVILEGE", "Privilege Use" }, 35 { LSA_AUDIT_CATEGORY_SYSTEM, 36 "LSA_AUDIT_CATEGORY_SYSTEM", 37 "SYSTEM", "System Events" }, 38 { LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES, 39 "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES", 40 "POLICY", "Policy Change" }, 41 { LSA_AUDIT_CATEGORY_PROCCESS_TRACKING, 42 "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING", 43 "PROCESS", "Process Tracking" }, 44 { LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS, 45 "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS", 46 "OBJECT", "Object Access" }, 47 { LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT, 48 "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT", 49 "SAM", "Account Management" }, 50 { LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS, 51 "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS", 52 "DIRECTORY", "Directory service access" }, 53 { LSA_AUDIT_CATEGORY_ACCOUNT_LOGON, 54 "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON", 55 "ACCOUNT", "Account logon events" }, 56 { 0, NULL, NULL } 57}; 58 59const char *audit_category_str(uint32 category) 60{ 61 int i; 62 for (i=0; audit_category_tab[i].category_str; i++) { 63 if (category == audit_category_tab[i].category) { 64 return audit_category_tab[i].category_str; 65 } 66 } 67 return NULL; 68} 69 70const char *audit_param_str(uint32 category) 71{ 72 int i; 73 for (i=0; audit_category_tab[i].param_str; i++) { 74 if (category == audit_category_tab[i].category) { 75 return audit_category_tab[i].param_str; 76 } 77 } 78 return NULL; 79} 80 81const char *audit_description_str(uint32 category) 82{ 83 int i; 84 for (i=0; audit_category_tab[i].description; i++) { 85 if (category == audit_category_tab[i].category) { 86 return audit_category_tab[i].description; 87 } 88 } 89 return NULL; 90} 91 92BOOL get_audit_category_from_param(const char *param, uint32 *audit_category) 93{ 94 *audit_category = Undefined; 95 96 if (strequal(param, "SYSTEM")) { 97 *audit_category = LSA_AUDIT_CATEGORY_SYSTEM; 98 } else if (strequal(param, "LOGON")) { 99 *audit_category = LSA_AUDIT_CATEGORY_LOGON; 100 } else if (strequal(param, "OBJECT")) { 101 *audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS; 102 } else if (strequal(param, "PRIVILEGE")) { 103 *audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS; 104 } else if (strequal(param, "PROCESS")) { 105 *audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING; 106 } else if (strequal(param, "POLICY")) { 107 *audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES; 108 } else if (strequal(param, "SAM")) { 109 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT; 110 } else if (strequal(param, "DIRECTORY")) { 111 *audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS; 112 } else if (strequal(param, "ACCOUNT")) { 113 *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON; 114 } else { 115 DEBUG(0,("unknown parameter: %s\n", param)); 116 return False; 117 } 118 119 return True; 120} 121 122const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy) 123{ 124 const char *ret = NULL; 125 126 if (policy == LSA_AUDIT_POLICY_NONE) { 127 return talloc_strdup(mem_ctx, "None"); 128 } 129 130 if (policy & LSA_AUDIT_POLICY_SUCCESS) { 131 ret = talloc_strdup(mem_ctx, "Success"); 132 if (ret == NULL) { 133 return NULL; 134 } 135 } 136 137 if (policy & LSA_AUDIT_POLICY_FAILURE) { 138 if (ret) { 139 ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure"); 140 if (ret == NULL) { 141 return NULL; 142 } 143 } else { 144 return talloc_strdup(mem_ctx, "Failure"); 145 } 146 } 147 148 return ret; 149} 150