[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Dec 14 21:05:05 UTC 2018
The branch, master has been updated
via 8cdfc7bbbde travis-ci: Remove hooks for Travis CI (typically used with GitHub)
via e97acc714d9 dsdb audit_log: Add windows event codes to password changes
via 105cdd6c1cb auth log: Increment Authentication version
via ac51f1551da auth log: Add windows logon type codes
via b7baf96bd72 auth log: Add windows event codes
via cb23a0345f1 idl: Add Windows event code ids
from edfb6cb8223 PY3: change shebang to python3 in misc dirs
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8cdfc7bbbde1e3a4a79827bf33cfce49440de0be
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Dec 13 21:02:24 2018 +1300
travis-ci: Remove hooks for Travis CI (typically used with GitHub)
These will get out of date pretty quickly, so better to remove them now
that GitLab CI is the documented and supported solution.
This was our first public CI system, used because it is cost-free
to Open Source projects and integrated with GitHub.
It has served it's purpose now.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Dec 14 22:04:20 CET 2018 on sn-devel-144
commit e97acc714d9052b56b947cc3a54510d3d3eb36fe
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Fri Dec 14 11:09:20 2018 +1300
dsdb audit_log: Add windows event codes to password changes
Add a new "eventId" element to the PasswordChange JSON log messages.
This contains a Windows Event Code Id either:
4723 Password changed
4724 Password reset
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 105cdd6c1cbc5e5889669e29a3c9fcbebdce55f9
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu Dec 13 14:48:46 2018 +1300
auth log: Increment Authentication version
Update the minor version of the Authorisation to reflect the addition of
the "eventId" and "logonType" elements.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ac51f1551dafd90d7c71393f9a8ec2f87da72c18
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu Dec 13 14:46:31 2018 +1300
auth log: Add windows logon type codes
Add a new "logonType" element to the Authorisation JSON log messages.
This contains a Windows Logon Type, the supported logon types are:
2 Interactive
3 Network
8 NetworkCleartext
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b7baf96bd7248b1d34416e3ae86f4613c5ed0934
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu Dec 13 10:20:28 2018 +1300
auth log: Add windows event codes
Add a new "eventId" element to the Authorisation JSON log messages.
This contains a Windows Event Code Id either:
4624 Successful logon
4625 Unsuccessful logon
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cb23a0345f1ef4297f6643c25ebe955b9aaee54c
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu Dec 13 10:17:44 2018 +1300
idl: Add Windows event code ids
Add idl definitions for Windows Event Code Ids, and Logon Types. This
intial commit adds:
Event Ids
4264 Successful logon
4625 Unsuccessful logon
Logon Types
2 Interactive
3 Network
4 Batch
5 Service
7 Unlock
8 NetworkCleartext
9 NewCredentials
10 RemoteInteractive
11 CachedInteractive
The intention is to add Windows Event Codes to the JSON log messages, to
provide a common event identifier in mixed Windows and Samba networks.
And to assist security personnel with a windows background.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.travis.yml | 50 ------
auth/auth_log.c | 43 ++++-
librpc/idl/windows_event_ids.idl | 29 +++
librpc/idl/wscript_build | 5 +
python/samba/tests/audit_log_pass_change.py | 12 ++
python/samba/tests/auth_log.py | 200 +++++++++++++++++++--
python/samba/tests/auth_log_ncalrpc.py | 8 +
python/samba/tests/auth_log_netlogon.py | 8 +
python/samba/tests/auth_log_netlogon_bad_creds.py | 27 ++-
python/samba/tests/auth_log_pass_change.py | 47 ++++-
python/samba/tests/auth_log_samlogon.py | 9 +-
source4/dsdb/samdb/ldb_modules/audit_log.c | 50 +++++-
.../dsdb/samdb/ldb_modules/tests/test_audit_log.c | 12 +-
source4/librpc/wscript_build | 6 +
14 files changed, 419 insertions(+), 87 deletions(-)
delete mode 100644 .travis.yml
create mode 100644 librpc/idl/windows_event_ids.idl
Changeset truncated at 500 lines:
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 3fcd7410f15..00000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-language: c
-dist: trusty
-
-sudo: true
-
-cache: ccache
-
-# Everything except samba and ctdb (long tests)
-env:
- - TASK=samba-xc
- - TASK=samba-ctdb
- - TASK=samba-libs
- - TASK=samba-libs-py3
- - TASK=samba-static
- - TASK=samba-o3
- - TASK=samba-none-env
- - TASK=samba-none-env-py3
- - TASK=samba-nopython
- - TASK=samba-systemkrb5
- - TASK=samba-nt4
- - TASK=samba-nt4-py3
- - TASK=samba-fileserver
- - TASK=samba-ad-dc
- - TASK=samba-ad-dc-py3
- - TASK=samba-ad-dc-2
- - TASK=samba-ad-dc-2-py3
- - TASK=ldb
- - TASK=tdb
- - TASK=talloc
- - TASK=replace
- - TASK=tevent
- - TASK=pidl
-
-# Fail everything after the first job fails
-matrix:
- fast_finish: true
-
-before_install:
- - sudo apt-get update -qq
- - sudo apt-get install --assume-yes acl attr autoconf bind9utils bison build-essential ccache curl debhelper dnsutils docbook-xml docbook-xsl emacs24-nox flex gdb git htop jed krb5-user libacl1-dev libaio-dev libarchive-dev libattr1-dev libblkid-dev libbsd-dev libcap-dev libcups2-dev libgnutls-dev libgpgme11-dev libjansson-dev libjson-perl libldap2-dev liblmdb-dev/trusty-backports libncurses5-dev libpam0g-dev libparse-yapp-perl libpopt-dev libreadline-dev linux-tools-generic lmdb-utils/trusty-backports nettle-dev perl perl-modules pkg-config psmisc python3-crypto python3-dev python3-dnspython python3-gpgme python3-markdown python3-matplotlib python-all-dev python-crypto python-dbg python-dev python-dnspython python-gpgme python-markdown python-novaclient python-pexpect rng-tools screen tshark xsltproc zlib1g-dev
- - sudo apt-get install --assume-yes binutils-gold
- - sudo update-alternatives --install "/usr/bin/ld" "ld" "/usr/bin/ld.gold" 20
- - sudo update-alternatives --install "/usr/bin/ld" "ld" "/usr/bin/ld.bfd" 10
- - sudo update-alternatives --set ld /usr/bin/ld.gold
-
-script:
- - if [ $TASK = "pidl" ]; then
- git fetch --unshallow;
- fi
- - ./script/autobuild.py --tail --testbase=/tmp $TASK
diff --git a/auth/auth_log.c b/auth/auth_log.c
index 531709febce..8f1ae61a99e 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -41,7 +41,7 @@
* increment the major version.
*/
#define AUTH_MAJOR 1
-#define AUTH_MINOR 0
+#define AUTH_MINOR 1
#define AUTHZ_MAJOR 1
#define AUTHZ_MINOR 1
@@ -57,6 +57,7 @@
#include "lib/util/server_id_db.h"
#include "lib/param/param.h"
#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/windows_event_ids.h"
#include "lib/audit_logging/audit_logging.h"
/*
@@ -90,6 +91,31 @@ static void log_json(struct imessaging_context *msg_ctx,
}
}
+/*
+ * Determine the Windows logon type for the current authorisation attempt.
+ *
+ * Currently Samba only supports
+ *
+ * 2 Interactive A user logged on to this computer.
+ * 3 Network A user or computer logged on to this computer from
+ * the network.
+ * 8 NetworkCleartext A user logged on to this computer from the network.
+ * The user's password was passed to the authentication
+ * package in its unhashed form.
+ *
+ */
+static enum event_logon_type get_logon_type(
+ const struct auth_usersupplied_info *ui)
+{
+ if ((ui->logon_parameters & MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED)
+ || (ui->password_state == AUTH_PASSWORD_PLAIN)) {
+ return EVT_LOGON_NETWORK_CLEAR_TEXT;
+ } else if (ui->flags & USER_INFO_INTERACTIVE_LOGON) {
+ return EVT_LOGON_INTERACTIVE;
+ }
+ return EVT_LOGON_NETWORK;
+}
+
/*
* Write a machine parsable json formatted authentication log entry.
*
@@ -119,6 +145,7 @@ static void log_authentication_event_json(
const char *account_name,
const char *unix_username,
struct dom_sid *sid,
+ enum event_id_type event_id,
int debug_level)
{
struct json_object wrapper = json_empty_object;
@@ -134,6 +161,16 @@ static void log_authentication_event_json(
if (rc != 0) {
goto failure;
}
+ rc = json_add_int(&authentication,
+ "eventId",
+ event_id);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_int(&authentication, "logonType", get_logon_type(ui));
+ if (rc != 0) {
+ goto failure;
+ }
rc = json_add_string(&authentication, "status", nt_errstr(status));
if (rc != 0) {
goto failure;
@@ -454,6 +491,7 @@ static void log_authentication_event_json(
const char *account_name,
const char *unix_username,
struct dom_sid *sid,
+ enum event_id_type event_id,
int debug_level)
{
log_no_json(msg_ctx, lp_ctx);
@@ -631,9 +669,11 @@ void log_authentication_event(
{
/* set the log level */
int debug_level = AUTH_FAILURE_LEVEL;
+ enum event_id_type event_id = EVT_ID_UNSUCCESSFUL_LOGON;
if (NT_STATUS_IS_OK(status)) {
debug_level = AUTH_SUCCESS_LEVEL;
+ event_id = EVT_ID_SUCCESSFUL_LOGON;
if (dom_sid_equal(sid, &global_sid_Anonymous)) {
debug_level = AUTH_ANONYMOUS_LEVEL;
}
@@ -659,6 +699,7 @@ void log_authentication_event(
account_name,
unix_username,
sid,
+ event_id,
debug_level);
}
}
diff --git a/librpc/idl/windows_event_ids.idl b/librpc/idl/windows_event_ids.idl
new file mode 100644
index 00000000000..c711db1b30f
--- /dev/null
+++ b/librpc/idl/windows_event_ids.idl
@@ -0,0 +1,29 @@
+/*
+ IDL constants for windows event codes.
+*/
+
+[
+ pointer_default(unique)
+]
+interface windows_events
+{
+
+ typedef [v1_enum,public] enum {
+ EVT_ID_SUCCESSFUL_LOGON = 4624,
+ EVT_ID_UNSUCCESSFUL_LOGON = 4625,
+ EVT_ID_PASSWORD_CHANGE = 4723,
+ EVT_ID_PASSWORD_RESET = 4724
+ } event_id_type;
+
+ typedef [v1_enum,public] enum {
+ EVT_LOGON_INTERACTIVE = 2,
+ EVT_LOGON_NETWORK = 3,
+ EVT_LOGON_BATCH = 4,
+ EVT_LOGON_SERVICE = 5,
+ EVT_LOGON_UNLOCK = 7,
+ EVT_LOGON_NETWORK_CLEAR_TEXT = 8,
+ EVT_LOGON_NEW_CREDENTIALS = 9,
+ EVT_LOGON_REMOTE_INTERACTIVE = 10,
+ EVT_LOGON_CACHED_INTERACTIVE = 11
+ } event_logon_type;
+}
diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 2e012d6a868..aa058e87133 100644
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -56,3 +56,8 @@ bld.SAMBA_PIDL_LIST('PIDL',
'winbind.idl',
options='--header --ndr-parser --samba3-ndr-server --client --python',
output_dir='../gen_ndr')
+
+bld.SAMBA_PIDL_LIST('PIDL',
+ source='windows_event_ids.idl',
+ options='--header --python --ndr-parser --client',
+ output_dir='../gen_ndr')
diff --git a/python/samba/tests/audit_log_pass_change.py b/python/samba/tests/audit_log_pass_change.py
index dc554acd68a..8ece235f558 100644
--- a/python/samba/tests/audit_log_pass_change.py
+++ b/python/samba/tests/audit_log_pass_change.py
@@ -28,6 +28,11 @@ from samba.tests.audit_log_base import AuditLogTestBase
from samba.tests import delete_force
from samba.net import Net
from ldb import ERR_INSUFFICIENT_ACCESS_RIGHTS
+from samba.dcerpc.windows_event_ids import (
+ EVT_ID_PASSWORD_CHANGE,
+ EVT_ID_PASSWORD_RESET
+)
+
USER_NAME = "auditlogtestuser"
USER_PASS = samba.generate_random_password(32, 32)
@@ -119,6 +124,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
len(messages),
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
+ self.assertEquals(EVT_ID_PASSWORD_CHANGE, audit["eventId"])
self.assertEquals("Change", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -147,6 +153,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
+ self.assertEquals(EVT_ID_PASSWORD_RESET, audit["eventId"])
self.assertEquals("Reset", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -187,6 +194,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
+ self.assertEquals(EVT_ID_PASSWORD_RESET, audit["eventId"])
self.assertEquals("Reset", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -223,6 +231,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
+ self.assertEquals(EVT_ID_PASSWORD_RESET, audit["eventId"])
self.assertEquals("Reset", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -256,6 +265,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
+ self.assertEquals(EVT_ID_PASSWORD_CHANGE, audit["eventId"])
self.assertEquals("Change", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -286,6 +296,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
"Did not receive the expected number of messages")
audit = messages[0]["passwordChange"]
+ self.assertEquals(EVT_ID_PASSWORD_RESET, audit["eventId"])
self.assertEquals("Reset", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
@@ -312,6 +323,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
# The first message should be the reset from the Setup code.
#
audit = messages[0]["passwordChange"]
+ self.assertEquals(EVT_ID_PASSWORD_RESET, audit["eventId"])
self.assertEquals("Reset", audit["action"])
self.assertEquals(dn, audit["dn"])
self.assertRegexpMatches(audit["remoteAddress"],
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
index 2b280bcc3c1..14da516f200 100644
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -28,6 +28,13 @@ from samba.credentials import DONT_USE_KERBEROS, MUST_USE_KERBEROS
from samba import NTSTATUSError
from subprocess import call
from ldb import LdbError
+from samba.dcerpc.windows_event_ids import (
+ EVT_ID_SUCCESSFUL_LOGON,
+ EVT_ID_UNSUCCESSFUL_LOGON,
+ EVT_LOGON_NETWORK,
+ EVT_LOGON_INTERACTIVE,
+ EVT_LOGON_NETWORK_CLEAR_TEXT
+)
import re
@@ -92,6 +99,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg = messages[0]
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
self._assert_ncacn_np_serviceDescription(binding,
msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[1],
@@ -121,6 +132,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals(authTypes[3],
msg["Authentication"]["authDescription"])
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
def rpc_ncacn_np_krb5_check(
self,
@@ -145,6 +160,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[1],
msg["Authentication"]["authDescription"])
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
# Check the second message it should be an Authentication
# This this the TCP Authentication in response to the message too big
@@ -156,6 +175,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[2],
msg["Authentication"]["authDescription"])
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
# Check the third message it should be an Authorization
msg = messages[2]
@@ -303,6 +326,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[2],
msg["Authentication"]["authDescription"])
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
def rpc_ncacn_ip_tcp_krb5_check(self, messages, authTypes, service,
binding, protection):
@@ -329,6 +356,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[2],
msg["Authentication"]["authDescription"])
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
# Check the third message it should be an Authentication
msg = messages[2]
@@ -338,6 +369,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[2],
msg["Authentication"]["authDescription"])
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
def test_rpc_ncacn_ip_tcp_ntlm_dns_sign(self):
creds = self.insta_creds(template=self.get_credentials(),
@@ -441,6 +476,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("ENC-TS Pre-authentication",
msg["Authentication"]["authDescription"])
self.assertTrue(msg["Authentication"]["duration"] > 0)
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
# Check the second message it should be an Authentication
msg = messages[1]
@@ -451,6 +490,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEquals("ENC-TS Pre-authentication",
msg["Authentication"]["authDescription"])
self.assertTrue(msg["Authentication"]["duration"] > 0)
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
def test_ldap_ntlm(self):
@@ -476,6 +519,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"])
self.assertEquals("NTLMSSP", msg["Authentication"]["authDescription"])
self.assertTrue(msg["Authentication"]["duration"] > 0)
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
def test_ldap_simple_bind(self):
def isLastExpectedMessage(msg):
@@ -505,6 +552,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"])
self.assertEquals("simple bind",
msg["Authentication"]["authDescription"])
+ self.assertEquals(
+ EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+ self.assertEquals(
+ EVT_LOGON_NETWORK_CLEAR_TEXT, msg["Authentication"]["logonType"])
def test_ldap_simple_bind_bad_password(self):
def isLastExpectedMessage(msg):
@@ -512,7 +563,12 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"] == "LDAP" and
(msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD") and
- msg["Authentication"]["authDescription"] == "simple bind")
+ (msg["Authentication"]["authDescription"] ==
+ "simple bind") and
+ (msg["Authentication"]["eventId"] ==
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK_CLEAR_TEXT))
creds = self.insta_creds(template=self.get_credentials())
creds.set_password("badPassword")
@@ -539,7 +595,12 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"] == "LDAP" and
(msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and
- msg["Authentication"]["authDescription"] == "simple bind")
+ (msg["Authentication"]["authDescription"] ==
+ "simple bind") and
+ (msg["Authentication"]["eventId"] ==
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK_CLEAR_TEXT))
creds = self.insta_creds(template=self.get_credentials())
creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "badUser"))
@@ -564,7 +625,12 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"] == "LDAP" and
(msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and
- msg["Authentication"]["authDescription"] == "simple bind")
+ (msg["Authentication"]["authDescription"] ==
+ "simple bind") and
+ (msg["Authentication"]["eventId"] ==
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK_CLEAR_TEXT))
creds = self.insta_creds(template=self.get_credentials())
creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "abdcef"))
@@ -656,6 +722,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"])
self.assertEquals("ENC-TS Pre-authentication",
msg["Authentication"]["authDescription"])
+ self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
+ msg["Authentication"]["eventId"])
+ self.assertEquals(EVT_LOGON_NETWORK,
+ msg["Authentication"]["logonType"])
# Check the second message it should be an Authentication
msg = messages[1]
@@ -665,6 +735,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["serviceDescription"])
self.assertEquals("ENC-TS Pre-authentication",
msg["Authentication"]["authDescription"])
+ self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
+ msg["Authentication"]["eventId"])
+ self.assertEquals(EVT_LOGON_NETWORK,
+ msg["Authentication"]["logonType"])
def test_smb_bad_password(self):
def isLastExpectedMessage(msg):
@@ -702,7 +776,11 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["authDescription"] ==
- "ENC-TS Pre-authentication"))
+ "ENC-TS Pre-authentication") and
+ (msg["Authentication"]["eventId"] ==
+ EVT_ID_UNSUCCESSFUL_LOGON) and
+ (msg["Authentication"]["logonType"] ==
+ EVT_LOGON_NETWORK))
creds = self.insta_creds(template=self.get_credentials())
creds.set_username("badUser")
@@ -752,6 +830,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg["Authentication"]["authDescription"])
--
Samba Shared Repository
More information about the samba-cvs
mailing list