2
Unix SMB/CIFS implementation.
3
Auditing helper functions.
4
Copyright (C) Guenther Deschner 2006
6
This program is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; either version 2 of the License, or
9
(at your option) any later version.
11
This program is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
GNU General Public License for more details.
16
You should have received a copy of the GNU General Public License
17
along with this program; if not, write to the Free Software
18
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23
static const struct audit_category_tab {
25
const char *category_str;
26
const char *param_str;
27
const char *description;
28
} audit_category_tab [] = {
29
{ LSA_AUDIT_CATEGORY_LOGON,
30
"LSA_AUDIT_CATEGORY_LOGON",
31
"LOGON", "Logon events" },
32
{ LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
33
"LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS",
34
"PRIVILEGE", "Privilege Use" },
35
{ LSA_AUDIT_CATEGORY_SYSTEM,
36
"LSA_AUDIT_CATEGORY_SYSTEM",
37
"SYSTEM", "System Events" },
38
{ LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
39
"LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES",
40
"POLICY", "Policy Change" },
41
{ LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
42
"LSA_AUDIT_CATEGORY_PROCCESS_TRACKING",
43
"PROCESS", "Process Tracking" },
44
{ LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
45
"LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS",
46
"OBJECT", "Object Access" },
47
{ LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
48
"LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT",
49
"SAM", "Account Management" },
50
{ LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS,
51
"LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS",
52
"DIRECTORY", "Directory service access" },
53
{ LSA_AUDIT_CATEGORY_ACCOUNT_LOGON,
54
"LSA_AUDIT_CATEGORY_ACCOUNT_LOGON",
55
"ACCOUNT", "Account logon events" },
59
const char *audit_category_str(uint32 category)
62
for (i=0; audit_category_tab[i].category_str; i++) {
63
if (category == audit_category_tab[i].category) {
64
return audit_category_tab[i].category_str;
70
const char *audit_param_str(uint32 category)
73
for (i=0; audit_category_tab[i].param_str; i++) {
74
if (category == audit_category_tab[i].category) {
75
return audit_category_tab[i].param_str;
81
const char *audit_description_str(uint32 category)
84
for (i=0; audit_category_tab[i].description; i++) {
85
if (category == audit_category_tab[i].category) {
86
return audit_category_tab[i].description;
92
BOOL get_audit_category_from_param(const char *param, uint32 *audit_category)
94
*audit_category = Undefined;
96
if (strequal(param, "SYSTEM")) {
97
*audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
98
} else if (strequal(param, "LOGON")) {
99
*audit_category = LSA_AUDIT_CATEGORY_LOGON;
100
} else if (strequal(param, "OBJECT")) {
101
*audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
102
} else if (strequal(param, "PRIVILEGE")) {
103
*audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
104
} else if (strequal(param, "PROCESS")) {
105
*audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
106
} else if (strequal(param, "POLICY")) {
107
*audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
108
} else if (strequal(param, "SAM")) {
109
*audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
110
} else if (strequal(param, "DIRECTORY")) {
111
*audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
112
} else if (strequal(param, "ACCOUNT")) {
113
*audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
115
DEBUG(0,("unknown parameter: %s\n", param));
122
const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy)
124
const char *ret = NULL;
126
if (policy == LSA_AUDIT_POLICY_NONE) {
127
return talloc_strdup(mem_ctx, "None");
130
if (policy & LSA_AUDIT_POLICY_SUCCESS) {
131
ret = talloc_strdup(mem_ctx, "Success");
137
if (policy & LSA_AUDIT_POLICY_FAILURE) {
139
ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
144
return talloc_strdup(mem_ctx, "Failure");