sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-06 16:23:49 +03:00
Code Activity

dsdb audit_log: Add windows event codes to password changes

Browse Source 
Add a new "eventId" element to the PasswordChange JSON log messages.
This contains a Windows Event Code Id either:
	4723	Password changed
	4724	Password reset

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Gary Lockyer
2018-12-14 11:09:20 +13:00
committed by Andrew Bartlett
parent 105cdd6c1c
commit e97acc714d
4 changed files with 74 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/samba/tests/audit_log_pass_change.py
View File

@@ -28,6 +28,11 @@ from samba.tests.audit_log_base import AuditLogTestBase
from samba.tests import delete_force
from samba.net import Net
from ldb import ERR_INSUFFICIENT_ACCESS_RIGHTS
from samba.dcerpc.windows_event_ids import (
EVT_ID_PASSWORD_CHANGE,
EVT_ID_PASSWORD_RESET
)
USER_NAME = "auditlogtestuser"
USER_PASS = samba.generate_random_password(32, 32)
@@ -119,6 +124,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
len(messages),
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
self.assertEquals(EVT_ID_PASSWORD_CHANGE, audit["eventId"])
self.assertEquals("Change", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -147,6 +153,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
self.assertEquals(EVT_ID_PASSWORD_RESET, audit["eventId"])
self.assertEquals("Reset", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -187,6 +194,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
self.assertEquals(EVT_ID_PASSWORD_RESET, audit["eventId"])
self.assertEquals("Reset", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -223,6 +231,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
self.assertEquals(EVT_ID_PASSWORD_RESET, audit["eventId"])
self.assertEquals("Reset", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -256,6 +265,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
self.assertEquals(EVT_ID_PASSWORD_CHANGE, audit["eventId"])
self.assertEquals("Change", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -286,6 +296,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
self.assertEquals(EVT_ID_PASSWORD_RESET, audit["eventId"])
self.assertEquals("Reset", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -312,6 +323,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
# The first message should be the reset from the Setup code.
#
audit = messages[0]["passwordChange"]
self.assertEquals(EVT_ID_PASSWORD_RESET, audit["eventId"])
self.assertEquals("Reset", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],