[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Dec 14 13:33:03 UTC 2018
The branch, master has been updated
via 31957c7fe9d audit_logging: auth_json_audit required auth_json
via b776ba8042a lib/audit_logging: Use talloc_stackframe() in audit_log_json()
via edab1318f91 audit_logging: Remove debug log header and JSON Authentication: prefix
from f183fd32831 Change order of flags in Makefile so that crackcheck builds under Ubuntu
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 31957c7fe9d0f67bef08177e982043a23b172c7d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 14 16:05:33 2018 +1300
audit_logging: auth_json_audit required auth_json
To log JSON the human-readable logs must also have been enabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13715
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Dec 14 14:32:25 CET 2018 on sn-devel-144
commit b776ba8042ac94b1fdda2d4073283a5609c8239c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 14 15:40:20 2018 +1300
lib/audit_logging: Use talloc_stackframe() in audit_log_json()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit edab1318f9138c0d87de7cc7cfa5da8e29c906f8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Dec 13 13:53:08 2018 +1300
audit_logging: Remove debug log header and JSON Authentication: prefix
Feedback from real-world users is that they really want raw JSON
strings in the log.
We can not easily remove the leading " " but the other strings above
and before the JSON are really annoying to strip back off
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13714
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
auth/auth_log.c | 17 ++++++----------
lib/audit_logging/audit_logging.c | 29 ++++++++++++++++------------
lib/audit_logging/audit_logging.h | 3 +--
source4/dsdb/samdb/ldb_modules/audit_log.c | 5 -----
source4/dsdb/samdb/ldb_modules/group_audit.c | 2 --
5 files changed, 24 insertions(+), 32 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/auth_log.c b/auth/auth_log.c
index 2d4e33f53bf..531709febce 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -78,11 +78,10 @@ static const char* get_password_type(const struct auth_usersupplied_info *ui);
static void log_json(struct imessaging_context *msg_ctx,
struct loadparm_context *lp_ctx,
struct json_object *object,
- const char *type,
int debug_class,
int debug_level)
{
- audit_log_json(type, object, debug_class, debug_level);
+ audit_log_json(object, debug_class, debug_level);
if (msg_ctx && lp_ctx && lpcfg_auth_event_notification(lp_ctx)) {
audit_message_send(msg_ctx,
AUTH_EVENT_NAME,
@@ -102,9 +101,8 @@ static void log_json(struct imessaging_context *msg_ctx,
* To process the resulting log lines from the commend line use jq to
* parse the json.
*
- * grep "JSON Authentication" log file |
- * sed 's;^[^{]*;;' |
- * jq -rc '"\(.timestamp)\t\(.Authentication.status)\t
+ * grep "^ {" log file |
+ * jq -rc '"\(.timestamp)\t\(.Authentication.status)\t
* \(.Authentication.clientDomain)\t
* \(.Authentication.clientAccount)
* \t\(.Authentication.workstation)
@@ -272,8 +270,7 @@ static void log_authentication_event_json(
log_json(msg_ctx,
lp_ctx,
&wrapper,
- AUTH_JSON_TYPE,
- DBGC_AUTH_AUDIT,
+ DBGC_AUTH_AUDIT_JSON,
debug_level);
json_free(&wrapper);
return;
@@ -300,8 +297,7 @@ failure:
* To process the resulting log lines from the commend line use jq to
* parse the json.
*
- * grep "JSON Authentication" log_file |\
- * sed "s;^[^{]*;;" |\
+ * grep "^ {" log_file |\
* jq -rc '"\(.timestamp)\t
* \(.Authorization.domain)\t
* \(.Authorization.account)\t
@@ -409,8 +405,7 @@ static void log_successful_authz_event_json(
log_json(msg_ctx,
lp_ctx,
&wrapper,
- AUTHZ_JSON_TYPE,
- DBGC_AUTH_AUDIT,
+ DBGC_AUTH_AUDIT_JSON,
debug_level);
json_free(&wrapper);
return;
diff --git a/lib/audit_logging/audit_logging.c b/lib/audit_logging/audit_logging.c
index acccb9f7ab9..42b93137c07 100644
--- a/lib/audit_logging/audit_logging.c
+++ b/lib/audit_logging/audit_logging.c
@@ -105,17 +105,15 @@ const struct json_object json_empty_object = {.valid = false, .root = NULL};
*
* Write the json object to the audit logs as a formatted string
*
- * @param prefix Text to be printed at the start of the log line
* @param message The content of the log line.
* @param debub_class The debug class to log the message with.
* @param debug_level The debug level to log the message with.
*/
-void audit_log_json(const char* prefix,
- struct json_object* message,
+void audit_log_json(struct json_object* message,
int debug_class,
int debug_level)
{
- TALLOC_CTX *ctx = NULL;
+ TALLOC_CTX *frame = NULL;
char *s = NULL;
if (json_is_invalid(message)) {
@@ -123,17 +121,24 @@ void audit_log_json(const char* prefix,
return;
}
- ctx = talloc_new(NULL);
- s = json_to_string(ctx, message);
+ frame = talloc_stackframe();
+ s = json_to_string(frame, message);
if (s == NULL) {
- DBG_ERR("json_to_string for (%s) returned NULL, "
- "JSON audit message could not written\n",
- prefix);
- TALLOC_FREE(ctx);
+ DBG_ERR("json_to_string returned NULL, "
+ "JSON audit message could not written\n");
+ TALLOC_FREE(frame);
return;
}
- DEBUGC(debug_class, debug_level, ("JSON %s: %s\n", prefix, s));
- TALLOC_FREE(ctx);
+ /*
+ * This is very strange, but we call this routine to get a log
+ * output without the header. JSON logs all have timestamps
+ * so this only makes parsing harder.
+ *
+ * We push out the raw JSON blob without a prefix, consumers
+ * can find such lines by the leading {
+ */
+ DEBUGADDC(debug_class, debug_level, ("%s\n", s));
+ TALLOC_FREE(frame);
}
/*
diff --git a/lib/audit_logging/audit_logging.h b/lib/audit_logging/audit_logging.h
index 5f095c0df9a..86e9134a86a 100644
--- a/lib/audit_logging/audit_logging.h
+++ b/lib/audit_logging/audit_logging.h
@@ -43,8 +43,7 @@ extern const struct json_object json_empty_object;
#define JSON_ERROR -1
-void audit_log_json(const char *prefix,
- struct json_object *message,
+void audit_log_json(struct json_object *message,
int debug_class,
int debug_level);
void audit_message_send(struct imessaging_context *msg_ctx,
diff --git a/source4/dsdb/samdb/ldb_modules/audit_log.c b/source4/dsdb/samdb/ldb_modules/audit_log.c
index 44726b65a3b..86a02f2c406 100644
--- a/source4/dsdb/samdb/ldb_modules/audit_log.c
+++ b/source4/dsdb/samdb/ldb_modules/audit_log.c
@@ -1135,7 +1135,6 @@ static void log_standard_operation(
struct json_object json;
json = operation_json(module, request, reply);
audit_log_json(
- OPERATION_JSON_TYPE,
&json,
DBGC_DSDB_AUDIT_JSON,
OPERATION_LOG_LVL);
@@ -1156,7 +1155,6 @@ static void log_standard_operation(
struct json_object json;
json = password_change_json(module, request, reply);
audit_log_json(
- PASSWORD_JSON_TYPE,
&json,
DBGC_DSDB_PWD_AUDIT_JSON,
PASSWORD_LOG_LVL);
@@ -1215,7 +1213,6 @@ static void log_replicated_operation(
struct json_object json;
json = replicated_update_json(module, request, reply);
audit_log_json(
- REPLICATION_JSON_TYPE,
&json,
DBGC_DSDB_AUDIT_JSON,
REPLICATION_LOG_LVL);
@@ -1303,7 +1300,6 @@ static void log_transaction(
&audit_private->transaction_guid,
duration);
audit_log_json(
- TRANSACTION_JSON_TYPE,
&json,
DBGC_DSDB_TXN_AUDIT_JSON,
log_level);
@@ -1374,7 +1370,6 @@ static void log_commit_failure(
reason,
&audit_private->transaction_guid);
audit_log_json(
- TRANSACTION_JSON_TYPE,
&json,
DBGC_DSDB_TXN_AUDIT_JSON,
log_level);
diff --git a/source4/dsdb/samdb/ldb_modules/group_audit.c b/source4/dsdb/samdb/ldb_modules/group_audit.c
index 47b69435195..7e6e16de137 100644
--- a/source4/dsdb/samdb/ldb_modules/group_audit.c
+++ b/source4/dsdb/samdb/ldb_modules/group_audit.c
@@ -504,7 +504,6 @@ static void log_primary_group_change(
group,
status);
audit_log_json(
- AUDIT_JSON_TYPE,
&json,
DBGC_DSDB_GROUP_AUDIT_JSON,
GROUP_LOG_LVL);
@@ -577,7 +576,6 @@ static void log_membership_change(
group,
status);
audit_log_json(
- AUDIT_JSON_TYPE,
&json,
DBGC_DSDB_GROUP_AUDIT_JSON,
GROUP_LOG_LVL);
--
Samba Shared Repository
More information about the samba-cvs
mailing list