[PATCH] Audit logging of DSDB operations, password changes and group membership changes.
Andrew Bartlett
abartlet at samba.org
Wed May 30 23:49:36 UTC 2018
On Thu, 2018-05-31 at 11:24 +1200, Gary Lockyer via samba-technical
wrote:
> Patches to log,
> * Details all DSDB add, modify and delete operations. Logs
>
> attributes, values, session details, transaction id.
>
> * Transaction roll backs.
>
> * Prepare commit and commit failures.
>
> * Summary details of replicated updates.
> * Group membership changes
> * User primary group changes.
>
> Review and push appreciated.
Thanks Gary. Looking forward to sorting out the json return stuff with
you and Jeremy, but in the meantime:
- please change audit_log_hr() to audit_log_human_text()
- please change connect_as_system() to
dcesrv_samdb_connect_as_system() and explain better in the comment
about it and header how it works (eg the commit text).
- explain the same on the backupkey and lsa side
- test deleting an LSA secret via OpenSecret
- add a #define (in a new commit) for the sessionInfo and
networkSessionInfo so we don't get typos in these constants.
- Use namespace prefixes in audit_util.c (remember we have a global C
scope, eg use dsdb_audit_util_)
- Remove #ifdef HAVE_JANSSON from the tests (instead do not produce
the binary at all, which is more likely to be noticed).
Finally, while I know you are on the run from the 80-column police,
this is just ugly:
+const char *get_modification_action(
+ unsigned int flags)
Otherwise, this looks pretty good!
Thanks!
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180531/6b001368/signature.sig>
More information about the samba-technical
mailing list