[PATCH] Audit logging of DSDB operations, password changes and group membership changes.

Andrew Bartlett abartlet at samba.org
Wed May 30 23:49:36 UTC 2018 

On Thu, 2018-05-31 at 11:24 +1200, Gary Lockyer via samba-technical
wrote:
> Patches to log,
>       * Details all DSDB add, modify and delete operations. Logs
> 
>         attributes, values, session details, transaction id.
> 
>       * Transaction roll backs.
> 
>       * Prepare commit and commit failures.
> 
>       * Summary details of replicated updates.
>       * Group membership changes
>       * User primary group changes.
> 
> Review and push appreciated.

Thanks Gary.  Looking forward to sorting out the json return stuff with
you and Jeremy, but in the meantime:
 - please change audit_log_hr() to audit_log_human_text() 
 - please change connect_as_system() to
dcesrv_samdb_connect_as_system() and explain better in the comment
about it and header how it works (eg the commit text). 
 - explain the same on the backupkey and lsa side
 - test deleting an LSA secret via OpenSecret
 - add a #define (in a new commit) for the sessionInfo and
networkSessionInfo so we don't get typos in these constants. 
 - Use namespace prefixes in audit_util.c (remember we have a global C
scope, eg use dsdb_audit_util_)
 - Remove #ifdef HAVE_JANSSON from the tests (instead do not produce
the binary at all, which is more likely to be noticed). 

Finally, while I know you are on the run from the 80-column police,
this is just ugly:

+const char *get_modification_action(
+	unsigned int flags)

Otherwise, this looks pretty good!

Thanks!

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180531/6b001368/signature.sig>

More information about the samba-technical mailing list