sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

auth log: Add windows event codes

Browse Source 
Add a new "eventId" element to the Authorisation JSON log messages.
This contains a Windows Event Code Id either:
	4624	Successful logon
	4625	Unsuccessful logon

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Gary Lockyer
2018-12-13 10:20:28 +13:00
committed by Andrew Bartlett
parent cb23a0345f
commit b7baf96bd7
7 changed files with 161 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
auth/auth_log.c
View File

@ -57,6 +57,7 @@
#include "lib/util/server_id_db.h" #include "lib/util/server_id_db.h"
#include "lib/param/param.h" #include "lib/param/param.h"
#include "librpc/ndr/libndr.h" #include "librpc/ndr/libndr.h"
#include "librpc/gen_ndr/windows_event_ids.h"
#include "lib/audit_logging/audit_logging.h" #include "lib/audit_logging/audit_logging.h"
/* /*
@ -119,6 +120,7 @@ static void log_authentication_event_json(
const char *account_name, const char *account_name,
const char *unix_username, const char *unix_username,
struct dom_sid *sid, struct dom_sid *sid,
enum event_id_type event_id,
int debug_level) int debug_level)
{ {
struct json_object wrapper = json_empty_object; struct json_object wrapper = json_empty_object;
@ -134,6 +136,12 @@ static void log_authentication_event_json(
if (rc != 0) { if (rc != 0) {
goto failure; goto failure;
} }
rc = json_add_int(&authentication,
"eventId",
event_id);
if (rc != 0) {
goto failure;
}
rc = json_add_string(&authentication, "status", nt_errstr(status)); rc = json_add_string(&authentication, "status", nt_errstr(status));
if (rc != 0) { if (rc != 0) {
goto failure; goto failure;
@ -454,6 +462,7 @@ static void log_authentication_event_json(
const char *account_name, const char *account_name,
const char *unix_username, const char *unix_username,
struct dom_sid *sid, struct dom_sid *sid,
enum event_id_type event_id,
int debug_level) int debug_level)
{ {
log_no_json(msg_ctx, lp_ctx); log_no_json(msg_ctx, lp_ctx);
@ -631,9 +640,11 @@ void log_authentication_event(
{ {
/* set the log level */ /* set the log level */
int debug_level = AUTH_FAILURE_LEVEL; int debug_level = AUTH_FAILURE_LEVEL;
enum event_id_type event_id = EVT_ID_UNSUCCESSFUL_LOGON;
if (NT_STATUS_IS_OK(status)) { if (NT_STATUS_IS_OK(status)) {
debug_level = AUTH_SUCCESS_LEVEL; debug_level = AUTH_SUCCESS_LEVEL;
event_id = EVT_ID_SUCCESSFUL_LOGON;
if (dom_sid_equal(sid, &global_sid_Anonymous)) { if (dom_sid_equal(sid, &global_sid_Anonymous)) {
debug_level = AUTH_ANONYMOUS_LEVEL; debug_level = AUTH_ANONYMOUS_LEVEL;
} }
@ -659,6 +670,7 @@ void log_authentication_event(
account_name, account_name,
unix_username, unix_username,
sid, sid,
event_id,
debug_level); debug_level);
} }
} }

121
python/samba/tests/auth_log.py
View File

@ -28,6 +28,10 @@ from samba.credentials import DONT_USE_KERBEROS, MUST_USE_KERBEROS
from samba import NTSTATUSError from samba import NTSTATUSError
from subprocess import call from subprocess import call
from ldb import LdbError from ldb import LdbError
from samba.dcerpc.windows_event_ids import (
EVT_ID_SUCCESSFUL_LOGON,
EVT_ID_UNSUCCESSFUL_LOGON
)
import re import re
@ -92,6 +96,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg = messages[0] msg = messages[0]
self.assertEquals("Authentication", msg["type"]) self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"]) self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
self._assert_ncacn_np_serviceDescription(binding, self._assert_ncacn_np_serviceDescription(binding,
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[1], self.assertEquals(authTypes[1],
@ -121,6 +127,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals(authTypes[3], self.assertEquals(authTypes[3],
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
def rpc_ncacn_np_krb5_check( def rpc_ncacn_np_krb5_check(
self, self,
@ -145,6 +153,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[1], self.assertEquals(authTypes[1],
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
# Check the second message it should be an Authentication # Check the second message it should be an Authentication
# This this the TCP Authentication in response to the message too big # This this the TCP Authentication in response to the message too big
@ -156,6 +166,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[2], self.assertEquals(authTypes[2],
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
# Check the third message it should be an Authorization # Check the third message it should be an Authorization
msg = messages[2] msg = messages[2]
@ -303,6 +315,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[2], self.assertEquals(authTypes[2],
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
def rpc_ncacn_ip_tcp_krb5_check(self, messages, authTypes, service, def rpc_ncacn_ip_tcp_krb5_check(self, messages, authTypes, service,
binding, protection): binding, protection):
@ -329,6 +343,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[2], self.assertEquals(authTypes[2],
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
# Check the third message it should be an Authentication # Check the third message it should be an Authentication
msg = messages[2] msg = messages[2]
@ -338,6 +354,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[2], self.assertEquals(authTypes[2],
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
def test_rpc_ncacn_ip_tcp_ntlm_dns_sign(self): def test_rpc_ncacn_ip_tcp_ntlm_dns_sign(self):
creds = self.insta_creds(template=self.get_credentials(), creds = self.insta_creds(template=self.get_credentials(),
@ -441,6 +459,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("ENC-TS Pre-authentication", self.assertEquals("ENC-TS Pre-authentication",
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertTrue(msg["Authentication"]["duration"] > 0) self.assertTrue(msg["Authentication"]["duration"] > 0)
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
# Check the second message it should be an Authentication # Check the second message it should be an Authentication
msg = messages[1] msg = messages[1]
@ -451,6 +471,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("ENC-TS Pre-authentication", self.assertEquals("ENC-TS Pre-authentication",
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertTrue(msg["Authentication"]["duration"] > 0) self.assertTrue(msg["Authentication"]["duration"] > 0)
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
def test_ldap_ntlm(self): def test_ldap_ntlm(self):
@ -476,6 +498,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals("NTLMSSP", msg["Authentication"]["authDescription"]) self.assertEquals("NTLMSSP", msg["Authentication"]["authDescription"])
self.assertTrue(msg["Authentication"]["duration"] > 0) self.assertTrue(msg["Authentication"]["duration"] > 0)
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
def test_ldap_simple_bind(self): def test_ldap_simple_bind(self):
def isLastExpectedMessage(msg): def isLastExpectedMessage(msg):
@ -505,6 +529,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals("simple bind", self.assertEquals("simple bind",
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
def test_ldap_simple_bind_bad_password(self): def test_ldap_simple_bind_bad_password(self):
def isLastExpectedMessage(msg): def isLastExpectedMessage(msg):
@ -512,7 +538,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"] == "LDAP" and msg["Authentication"]["serviceDescription"] == "LDAP" and
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD") and "NT_STATUS_WRONG_PASSWORD") and
msg["Authentication"]["authDescription"] == "simple bind") (msg["Authentication"]["authDescription"] ==
"simple bind") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials()) creds = self.insta_creds(template=self.get_credentials())
creds.set_password("badPassword") creds.set_password("badPassword")
@ -539,7 +568,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"] == "LDAP" and msg["Authentication"]["serviceDescription"] == "LDAP" and
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and "NT_STATUS_NO_SUCH_USER") and
msg["Authentication"]["authDescription"] == "simple bind") (msg["Authentication"]["authDescription"] ==
"simple bind") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials()) creds = self.insta_creds(template=self.get_credentials())
creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "badUser")) creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "badUser"))
@ -564,7 +596,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"] == "LDAP" and msg["Authentication"]["serviceDescription"] == "LDAP" and
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and "NT_STATUS_NO_SUCH_USER") and
msg["Authentication"]["authDescription"] == "simple bind") (msg["Authentication"]["authDescription"] ==
"simple bind") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials()) creds = self.insta_creds(template=self.get_credentials())
creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "abdcef")) creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "abdcef"))
@ -656,6 +691,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals("ENC-TS Pre-authentication", self.assertEquals("ENC-TS Pre-authentication",
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
# Check the second message it should be an Authentication # Check the second message it should be an Authentication
msg = messages[1] msg = messages[1]
@ -665,6 +702,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals("ENC-TS Pre-authentication", self.assertEquals("ENC-TS Pre-authentication",
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
def test_smb_bad_password(self): def test_smb_bad_password(self):
def isLastExpectedMessage(msg): def isLastExpectedMessage(msg):
@ -702,7 +741,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and "NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["authDescription"] == (msg["Authentication"]["authDescription"] ==
"ENC-TS Pre-authentication")) "ENC-TS Pre-authentication") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials()) creds = self.insta_creds(template=self.get_credentials())
creds.set_username("badUser") creds.set_username("badUser")
@ -752,6 +793,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals("No-Password", self.assertEquals("No-Password",
msg["Authentication"]["passwordType"]) msg["Authentication"]["passwordType"])
self.assertEquals(EVT_ID_UNSUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
# Check the second message it should be an Authentication # Check the second message it should be an Authentication
msg = messages[1] msg = messages[1]
@ -766,6 +809,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["passwordType"]) msg["Authentication"]["passwordType"])
self.assertEquals("ANONYMOUS LOGON", self.assertEquals("ANONYMOUS LOGON",
msg["Authentication"]["becameAccount"]) msg["Authentication"]["becameAccount"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
def test_smb2_anonymous(self): def test_smb2_anonymous(self):
def isLastExpectedMessage(msg): def isLastExpectedMessage(msg):
@ -797,6 +842,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals("No-Password", self.assertEquals("No-Password",
msg["Authentication"]["passwordType"]) msg["Authentication"]["passwordType"])
self.assertEquals(EVT_ID_UNSUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
# Check the second message it should be an Authentication # Check the second message it should be an Authentication
msg = messages[1] msg = messages[1]
@ -811,6 +858,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["passwordType"]) msg["Authentication"]["passwordType"])
self.assertEquals("ANONYMOUS LOGON", self.assertEquals("ANONYMOUS LOGON",
msg["Authentication"]["becameAccount"]) msg["Authentication"]["becameAccount"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
def test_smb_no_krb_spnego(self): def test_smb_no_krb_spnego(self):
def isLastExpectedMessage(msg): def isLastExpectedMessage(msg):
@ -840,6 +889,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals("NTLMv2", self.assertEquals("NTLMv2",
msg["Authentication"]["passwordType"]) msg["Authentication"]["passwordType"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
def test_smb_no_krb_spnego_bad_password(self): def test_smb_no_krb_spnego_bad_password(self):
def isLastExpectedMessage(msg): def isLastExpectedMessage(msg):
@ -848,7 +899,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["authDescription"] == "NTLMSSP" and msg["Authentication"]["authDescription"] == "NTLMSSP" and
msg["Authentication"]["passwordType"] == "NTLMv2" and msg["Authentication"]["passwordType"] == "NTLMv2" and
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD")) "NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials(), creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS) kerberos_state=DONT_USE_KERBEROS)
@ -876,7 +929,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["authDescription"] == "NTLMSSP" and msg["Authentication"]["authDescription"] == "NTLMSSP" and
msg["Authentication"]["passwordType"] == "NTLMv2" and msg["Authentication"]["passwordType"] == "NTLMv2" and
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER")) "NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials(), creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS) kerberos_state=DONT_USE_KERBEROS)
@ -927,6 +982,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals("NTLMv1", self.assertEquals("NTLMv1",
msg["Authentication"]["passwordType"]) msg["Authentication"]["passwordType"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
def test_smb_no_krb_no_spnego_no_ntlmv2_bad_password(self): def test_smb_no_krb_no_spnego_no_ntlmv2_bad_password(self):
def isLastExpectedMessage(msg): def isLastExpectedMessage(msg):
@ -935,7 +992,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["authDescription"] == "bare-NTLM" and msg["Authentication"]["authDescription"] == "bare-NTLM" and
msg["Authentication"]["passwordType"] == "NTLMv1" and msg["Authentication"]["passwordType"] == "NTLMv1" and
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD")) "NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials(), creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS) kerberos_state=DONT_USE_KERBEROS)
@ -965,7 +1024,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["authDescription"] == "bare-NTLM" and msg["Authentication"]["authDescription"] == "bare-NTLM" and
msg["Authentication"]["passwordType"] == "NTLMv1" and msg["Authentication"]["passwordType"] == "NTLMv1" and
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER")) "NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials(), creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS) kerberos_state=DONT_USE_KERBEROS)
@ -1000,7 +1061,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
"interactive") and "interactive") and
msg["Authentication"]["status"] == "NT_STATUS_OK" and msg["Authentication"]["status"] == "NT_STATUS_OK" and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_SUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = os.environ["USERNAME"] user = os.environ["USERNAME"]
@ -1029,7 +1092,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD") and "NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = os.environ["USERNAME"] user = os.environ["USERNAME"]
@ -1058,7 +1123,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and "NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = "badUser" user = "badUser"
@ -1085,7 +1152,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["authDescription"] == "network" and msg["Authentication"]["authDescription"] == "network" and
msg["Authentication"]["status"] == "NT_STATUS_OK" and msg["Authentication"]["status"] == "NT_STATUS_OK" and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_SUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = os.environ["USERNAME"] user = os.environ["USERNAME"]
@ -1113,7 +1182,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD") and "NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = os.environ["USERNAME"] user = os.environ["USERNAME"]
@ -1141,7 +1212,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and "NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = "badUser" user = "badUser"
@ -1169,7 +1242,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] == "NT_STATUS_OK") and (msg["Authentication"]["status"] == "NT_STATUS_OK") and
(msg["Authentication"]["passwordType"] == "MSCHAPv2") and (msg["Authentication"]["passwordType"] == "MSCHAPv2") and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_SUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = os.environ["USERNAME"] user = os.environ["USERNAME"]
@ -1199,7 +1274,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
"NT_STATUS_WRONG_PASSWORD") and "NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["passwordType"] == "MSCHAPv2") and (msg["Authentication"]["passwordType"] == "MSCHAPv2") and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = os.environ["USERNAME"] user = os.environ["USERNAME"]
@ -1229,7 +1306,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
"NT_STATUS_NO_SUCH_USER") and "NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["passwordType"] == "MSCHAPv2") and (msg["Authentication"]["passwordType"] == "MSCHAPv2") and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = "badUser" user = "badUser"
@ -1257,7 +1336,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["authDescription"] == "network") and (msg["Authentication"]["authDescription"] == "network") and
(msg["Authentication"]["status"] == "NT_STATUS_OK") and (msg["Authentication"]["status"] == "NT_STATUS_OK") and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_SUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = os.environ["USERNAME"] user = os.environ["USERNAME"]
@ -1295,7 +1376,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["authDescription"] == "network") and (msg["Authentication"]["authDescription"] == "network") and
(msg["Authentication"]["status"] == "NT_STATUS_OK") and (msg["Authentication"]["status"] == "NT_STATUS_OK") and
(msg["Authentication"]["workstation"] == (msg["Authentication"]["workstation"] ==
r"\\%s" % workstation)) r"\\%s" % workstation) and
(msg["Authentication"]["eventId"] ==
EVT_ID_SUCCESSFUL_LOGON))
server = os.environ["SERVER"] server = os.environ["SERVER"]
user = os.environ["USERNAME"] user = os.environ["USERNAME"]

3
python/samba/tests/auth_log_ncalrpc.py
View File

@ -23,6 +23,7 @@ from samba.credentials import DONT_USE_KERBEROS
from samba.dcerpc.dcerpc import AS_SYSTEM_MAGIC_PATH_TOKEN from samba.dcerpc.dcerpc import AS_SYSTEM_MAGIC_PATH_TOKEN
from samba.dcerpc import samr from samba.dcerpc import samr
import samba.tests.auth_log_base import samba.tests.auth_log_base
from samba.dcerpc.windows_event_ids import EVT_ID_SUCCESSFUL_LOGON
class AuthLogTestsNcalrpc(samba.tests.auth_log_base.AuthLogTestBase): class AuthLogTestsNcalrpc(samba.tests.auth_log_base.AuthLogTestBase):
@ -75,6 +76,8 @@ class AuthLogTestsNcalrpc(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"]) msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[2], self.assertEquals(authTypes[2],
msg["Authentication"]["authDescription"]) msg["Authentication"]["authDescription"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
def test_ncalrpc_ntlm_dns_sign(self): def test_ncalrpc_ntlm_dns_sign(self):

3
python/samba/tests/auth_log_netlogon.py
View File

@ -36,6 +36,7 @@ from samba.tests import delete_force
from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD
from samba.dcerpc.misc import SEC_CHAN_WKSTA from samba.dcerpc.misc import SEC_CHAN_WKSTA
from samba.compat import text_type from samba.compat import text_type
from samba.dcerpc.windows_event_ids import EVT_ID_SUCCESSFUL_LOGON
class AuthLogTestsNetLogon(samba.tests.auth_log_base.AuthLogTestBase): class AuthLogTestsNetLogon(samba.tests.auth_log_base.AuthLogTestBase):
@ -126,6 +127,8 @@ class AuthLogTestsNetLogon(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["status"]) msg["Authentication"]["status"])
self.assertEquals("HMAC-SHA256", self.assertEquals("HMAC-SHA256",
msg["Authentication"]["passwordType"]) msg["Authentication"]["passwordType"])
self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
msg["Authentication"]["eventId"])
def test_netlogon(self): def test_netlogon(self):
self._test_netlogon("SEAL", self.netlogon_check) self._test_netlogon("SEAL", self.netlogon_check)

19
python/samba/tests/auth_log_netlogon_bad_creds.py
View File

@ -38,6 +38,7 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD
from samba.dcerpc.misc import SEC_CHAN_WKSTA from samba.dcerpc.misc import SEC_CHAN_WKSTA
from samba.dcerpc.netlogon import NETLOGON_NEG_STRONG_KEYS from samba.dcerpc.netlogon import NETLOGON_NEG_STRONG_KEYS
from samba.compat import get_string from samba.compat import get_string
from samba.dcerpc.windows_event_ids import EVT_ID_UNSUCCESSFUL_LOGON
class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase): class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
@ -74,7 +75,7 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
super(AuthLogTestsNetLogonBadCreds, self).tearDown() super(AuthLogTestsNetLogonBadCreds, self).tearDown()
delete_force(self.ldb, self.dn) delete_force(self.ldb, self.dn)
def _test_netlogon(self, name, pwd, status, checkFunction): def _test_netlogon(self, name, pwd, status, checkFunction, event_id):
def isLastExpectedMessage(msg): def isLastExpectedMessage(msg):
return ( return (
@ -82,7 +83,8 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"] == "NETLOGON" and msg["Authentication"]["serviceDescription"] == "NETLOGON" and
msg["Authentication"]["authDescription"] == msg["Authentication"]["authDescription"] ==
"ServerAuthenticate" and "ServerAuthenticate" and
msg["Authentication"]["status"] == status) msg["Authentication"]["status"] == status and
msg["Authentication"]["eventId"] == event_id)
machine_creds = Credentials() machine_creds = Credentials()
machine_creds.guess(self.get_loadparm()) machine_creds.guess(self.get_loadparm())
@ -121,13 +123,15 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
self._test_netlogon("bad_name", self._test_netlogon("bad_name",
self.machinepass, self.machinepass,
"NT_STATUS_NO_TRUST_SAM_ACCOUNT", "NT_STATUS_NO_TRUST_SAM_ACCOUNT",
self.netlogon_check) self.netlogon_check,
EVT_ID_UNSUCCESSFUL_LOGON)
def test_netlogon_bad_password(self): def test_netlogon_bad_password(self):
self._test_netlogon(self.netbios_name, self._test_netlogon(self.netbios_name,
"badpass", "badpass",
"NT_STATUS_ACCESS_DENIED", "NT_STATUS_ACCESS_DENIED",
self.netlogon_check) self.netlogon_check,
EVT_ID_UNSUCCESSFUL_LOGON)
def test_netlogon_password_DES(self): def test_netlogon_password_DES(self):
"""Logon failure that exercises the "DES" passwordType path. """Logon failure that exercises the "DES" passwordType path.
@ -138,7 +142,8 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"] == "NETLOGON" and msg["Authentication"]["serviceDescription"] == "NETLOGON" and
msg["Authentication"]["authDescription"] == msg["Authentication"]["authDescription"] ==
"ServerAuthenticate" and "ServerAuthenticate" and
msg["Authentication"]["passwordType"] == "DES") msg["Authentication"]["passwordType"] == "DES" and
msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON)
c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm()) c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm())
creds = netlogon.netr_Credential() creds = netlogon.netr_Credential()
@ -163,7 +168,9 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"] == "NETLOGON" and msg["Authentication"]["serviceDescription"] == "NETLOGON" and
msg["Authentication"]["authDescription"] == msg["Authentication"]["authDescription"] ==
"ServerAuthenticate" and "ServerAuthenticate" and
msg["Authentication"]["passwordType"] == "HMAC-MD5") msg["Authentication"]["passwordType"] == "HMAC-MD5" and
msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON)
c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm()) c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm())
creds = netlogon.netr_Credential() creds = netlogon.netr_Credential()
c.netr_ServerReqChallenge(self.server, self.netbios_name, creds) c.netr_ServerReqChallenge(self.server, self.netbios_name, creds)

32
python/samba/tests/auth_log_pass_change.py
View File

@ -30,6 +30,10 @@ import samba
from subprocess import call from subprocess import call
from ldb import LdbError from ldb import LdbError
from samba.tests.password_test import PasswordCommon from samba.tests.password_test import PasswordCommon
from samba.dcerpc.windows_event_ids import (
EVT_ID_SUCCESSFUL_LOGON,
EVT_ID_UNSUCCESSFUL_LOGON
)
USER_NAME = "authlogtestuser" USER_NAME = "authlogtestuser"
USER_PASS = samba.generate_random_password(32, 32) USER_PASS = samba.generate_random_password(32, 32)
@ -81,7 +85,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["serviceDescription"] == (msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and "SAMR Password Change") and
(msg["Authentication"]["authDescription"] == (msg["Authentication"]["authDescription"] ==
"samr_ChangePasswordUser3")) "samr_ChangePasswordUser3") and
(msg["Authentication"]["eventId"] ==
EVT_ID_SUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials()) creds = self.insta_creds(template=self.get_credentials())
@ -107,7 +113,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["serviceDescription"] == (msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and "SAMR Password Change") and
(msg["Authentication"]["authDescription"] == (msg["Authentication"]["authDescription"] ==
"samr_ChangePasswordUser3")) "samr_ChangePasswordUser3") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials()) creds = self.insta_creds(template=self.get_credentials())
@ -138,7 +146,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["serviceDescription"] == (msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and "SAMR Password Change") and
(msg["Authentication"]["authDescription"] == (msg["Authentication"]["authDescription"] ==
"samr_ChangePasswordUser3")) "samr_ChangePasswordUser3") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials()) creds = self.insta_creds(template=self.get_credentials())
@ -169,7 +179,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["serviceDescription"] == (msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and "SAMR Password Change") and
(msg["Authentication"]["authDescription"] == (msg["Authentication"]["authDescription"] ==
"samr_ChangePasswordUser3")) "samr_ChangePasswordUser3") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
creds = self.insta_creds(template=self.get_credentials()) creds = self.insta_creds(template=self.get_credentials())
@ -204,7 +216,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] == (msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD") and "NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["authDescription"] == (msg["Authentication"]["authDescription"] ==
"OemChangePasswordUser2")) "OemChangePasswordUser2") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
username = os.environ["USERNAME"] username = os.environ["USERNAME"]
server = os.environ["SERVER"] server = os.environ["SERVER"]
@ -227,7 +241,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["serviceDescription"] == (msg["Authentication"]["serviceDescription"] ==
"LDAP Password Change") and "LDAP Password Change") and
(msg["Authentication"]["authDescription"] == (msg["Authentication"]["authDescription"] ==
"LDAP Modify")) "LDAP Modify") and
(msg["Authentication"]["eventId"] ==
EVT_ID_SUCCESSFUL_LOGON))
new_password = samba.generate_random_password(32, 32) new_password = samba.generate_random_password(32, 32)
self.ldb.modify_ldif( self.ldb.modify_ldif(
@ -282,7 +298,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["serviceDescription"] == (msg["Authentication"]["serviceDescription"] ==
"LDAP Password Change") and "LDAP Password Change") and
(msg["Authentication"]["authDescription"] == (msg["Authentication"]["authDescription"] ==
"LDAP Modify")) "LDAP Modify") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON))
new_password = samba.generate_random_password(32, 32) new_password = samba.generate_random_password(32, 32)
try: try:

4
python/samba/tests/auth_log_samlogon.py
View File

@ -36,6 +36,7 @@ from samba.tests import delete_force
from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD
from samba.dcerpc.misc import SEC_CHAN_WKSTA from samba.dcerpc.misc import SEC_CHAN_WKSTA
from samba.compat import text_type from samba.compat import text_type
from samba.dcerpc.windows_event_ids import EVT_ID_SUCCESSFUL_LOGON
class AuthLogTestsSamLogon(samba.tests.auth_log_base.AuthLogTestBase): class AuthLogTestsSamLogon(samba.tests.auth_log_base.AuthLogTestBase):
@ -70,7 +71,8 @@ class AuthLogTestsSamLogon(samba.tests.auth_log_base.AuthLogTestBase):
msg["type"] == "Authentication" and msg["type"] == "Authentication" and
msg["Authentication"]["serviceDescription"] == "SamLogon" and msg["Authentication"]["serviceDescription"] == "SamLogon" and
msg["Authentication"]["authDescription"] == "network" and msg["Authentication"]["authDescription"] == "network" and
msg["Authentication"]["passwordType"] == "NTLMv2") msg["Authentication"]["passwordType"] == "NTLMv2" and
msg["Authentication"]["eventId"] == EVT_ID_SUCCESSFUL_LOGON)
if binding: if binding:
binding = "[schannel,%s]" % binding binding = "[schannel,%s]" % binding