19
19
#include "includes.h"
20
20
#include "utils/net.h"
21
#include "../librpc/gen_ndr/cli_lsa.h"
21
#include "rpc_client/rpc_client.h"
22
#include "../librpc/gen_ndr/ndr_lsa_c.h"
23
#include "rpc_client/cli_lsarpc.h"
23
25
/********************************************************************
24
26
********************************************************************/
55
57
********************************************************************/
57
59
static NTSTATUS rpc_audit_get_internal(struct net_context *c,
58
const DOM_SID *domain_sid,
60
const struct dom_sid *domain_sid,
59
61
const char *domain_name,
60
62
struct cli_state *cli,
61
63
struct rpc_pipe_client *pipe_hnd,
66
68
struct policy_handle pol;
67
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
69
NTSTATUS status, result;
68
70
union lsa_PolicyInformation *info = NULL;
70
72
uint32_t audit_category;
73
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
72
75
if (argc < 1 || argc > 2) {
73
76
d_printf(_("insufficient arguments\n"));
80
83
return NT_STATUS_INVALID_PARAMETER;
83
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
86
status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
84
87
SEC_FLAG_MAXIMUM_ALLOWED,
87
if (!NT_STATUS_IS_OK(result)) {
90
if (!NT_STATUS_IS_OK(status)) {
91
result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
94
status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
93
96
LSA_POLICY_INFO_AUDIT_EVENTS,
99
if (!NT_STATUS_IS_OK(status)) {
96
102
if (!NT_STATUS_IS_OK(result)) {
114
if (!NT_STATUS_IS_OK(result)) {
121
if (!NT_STATUS_IS_OK(status)) {
115
122
d_printf(_("failed to get auditing policy: %s\n"),
122
129
/********************************************************************
123
130
********************************************************************/
125
132
static NTSTATUS rpc_audit_set_internal(struct net_context *c,
126
const DOM_SID *domain_sid,
133
const struct dom_sid *domain_sid,
127
134
const char *domain_name,
128
135
struct cli_state *cli,
129
136
struct rpc_pipe_client *pipe_hnd,
132
139
const char **argv)
134
141
struct policy_handle pol;
135
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
142
NTSTATUS status, result;
136
143
union lsa_PolicyInformation *info = NULL;
137
144
uint32_t audit_policy, audit_category;
145
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
139
147
if (argc < 2 || argc > 3) {
140
148
d_printf(_("insufficient arguments\n"));
162
170
return NT_STATUS_INVALID_PARAMETER;
165
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
173
status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
166
174
SEC_FLAG_MAXIMUM_ALLOWED,
169
if (!NT_STATUS_IS_OK(result)) {
177
if (!NT_STATUS_IS_OK(status)) {
173
result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
181
status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
175
183
LSA_POLICY_INFO_AUDIT_EVENTS,
186
if (!NT_STATUS_IS_OK(status)) {
178
189
if (!NT_STATUS_IS_OK(result)) {
182
194
info->audit_events.settings[audit_category] = audit_policy;
184
result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
196
status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
186
198
LSA_POLICY_INFO_AUDIT_EVENTS,
201
if (!NT_STATUS_IS_OK(status)) {
189
204
if (!NT_STATUS_IS_OK(result)) {
193
result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
209
status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
195
211
LSA_POLICY_INFO_AUDIT_EVENTS,
214
if (!NT_STATUS_IS_OK(status)) {
198
221
const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
199
222
const char *policy = audit_description_str(audit_category);
221
244
struct policy_handle pol;
222
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
245
NTSTATUS status, result;
223
246
union lsa_PolicyInformation *info = NULL;
247
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
225
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
249
status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
226
250
SEC_FLAG_MAXIMUM_ALLOWED,
229
if (!NT_STATUS_IS_OK(result)) {
253
if (!NT_STATUS_IS_OK(status)) {
233
result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
257
status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
235
259
LSA_POLICY_INFO_AUDIT_EVENTS,
262
if (!NT_STATUS_IS_OK(status)) {
237
265
if (!NT_STATUS_IS_OK(result)) {
241
270
info->audit_events.auditing_mode = enable;
243
result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
272
status = dcerpc_lsa_SetInfoPolicy(b, mem_ctx,
245
274
LSA_POLICY_INFO_AUDIT_EVENTS,
277
if (!NT_STATUS_IS_OK(status)) {
248
280
if (!NT_STATUS_IS_OK(result)) {
253
if (!NT_STATUS_IS_OK(result)) {
286
if (!NT_STATUS_IS_OK(status)) {
254
287
d_printf(_("%s: %s\n"),
255
288
enable ? _("failed to enable audit policy"):
256
289
_("failed to disable audit policy"),
263
296
/********************************************************************
264
297
********************************************************************/
266
299
static NTSTATUS rpc_audit_disable_internal(struct net_context *c,
267
const DOM_SID *domain_sid,
300
const struct dom_sid *domain_sid,
268
301
const char *domain_name,
269
302
struct cli_state *cli,
270
303
struct rpc_pipe_client *pipe_hnd,
280
313
********************************************************************/
282
315
static NTSTATUS rpc_audit_enable_internal(struct net_context *c,
283
const DOM_SID *domain_sid,
316
const struct dom_sid *domain_sid,
284
317
const char *domain_name,
285
318
struct cli_state *cli,
286
319
struct rpc_pipe_client *pipe_hnd,
296
329
********************************************************************/
298
331
static NTSTATUS rpc_audit_list_internal(struct net_context *c,
299
const DOM_SID *domain_sid,
332
const struct dom_sid *domain_sid,
300
333
const char *domain_name,
301
334
struct cli_state *cli,
302
335
struct rpc_pipe_client *pipe_hnd,
305
338
const char **argv)
307
340
struct policy_handle pol;
308
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
341
NTSTATUS status, result;
309
342
union lsa_PolicyInformation *info = NULL;
344
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
312
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
346
status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
313
347
SEC_FLAG_MAXIMUM_ALLOWED,
316
if (!NT_STATUS_IS_OK(result)) {
350
if (!NT_STATUS_IS_OK(status)) {
320
result = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
354
status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
322
356
LSA_POLICY_INFO_AUDIT_EVENTS,
359
if (!NT_STATUS_IS_OK(status)) {
324
362
if (!NT_STATUS_IS_OK(result)) {