tests:audit_log_pass_change add tests for auth info logging

Add tests for the logging of changes to altSecurityIdentities, dnsHostName,
servicePrincipalName and msDS-AdditionalDnsHostNames

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/python/samba/tests/audit_log_pass_change.py b/python/samba/tests/audit_log_pass_change.py
index e9a97cfce2a34e7eb5f30845874f937996af8b90..0384e3c5e09ae29a3ae6337578dd51326688ac03 100644 (file)
--- a/python/samba/tests/audit_log_pass_change.py
+++ b/python/samba/tests/audit_log_pass_change.py
@@ -43,6 +43,9 @@ USER_PASS = samba.generate_random_password(32, 32)
 SECOND_USER_NAME = "auditlogtestuser02"
 SECOND_USER_PASS = samba.generate_random_password(32, 32)
 
+MACHINE_NAME = "auditlogtestmachineuser"
+MACHINE_PASS = samba.generate_random_password(32, 32)
+
 
 class AuditLogPassChangeTests(AuditLogTestBase):
 
@@ -95,6 +98,17 @@ class AuditLogPassChangeTests(AuditLogTestBase):
             "userPassword": USER_PASS
         })
 
+        # (Re)adds the test user MACHINE_NAME with password MACHINE_PASS
+        delete_force(
+            self.ldb,
+            "cn=" + MACHINE_NAME + ",cn=users," + self.base_dn)
+        self.ldb.add({
+            "dn": "cn=" + MACHINE_NAME + ",cn=users," + self.base_dn,
+            "objectclass": "computer",
+            "sAMAccountName": MACHINE_NAME,
+            "userPassword": MACHINE_PASS
+        })
+
     #
     # Discard the messages from the setup code
     #
@@ -465,7 +479,57 @@ class AuditLogPassChangeTests(AuditLogTestBase):
             self.assertEqual(0, len(messages))
 
 
-    def _test_ldap_authentication_information(self, attribute, values):
+    def test_ldap_altSecurityIdentities(self):
+        """Test logging of altSecurityIdentities changes.
+        """
+        values = [
+            "X509:<SKI>123456789123",
+            "X509:<S>SubjectName<I>IssuerName",
+            "X509:<I>IssuerName<SR>123456789123"
+        ]
+        self._test_ldap_authentication_information(
+            "altSecurityIdentities", values)
+
+
+    def test_ldap_service_principal_name(self):
+        """Test logging of servicePrincipalName changes.
+        """
+        values = [
+            "HOST/principal1",
+            "HOST/principal2",
+            "HOST/Principla3"
+        ]
+        self._test_ldap_authentication_information(
+            "servicePrincipalName", values)
+
+
+    def test_ldap_dns_host_name(self):
+        """Test logging of dNSHostName changes.
+        """
+        values = [
+            "host1.test.samba.org",
+            "host2.test.samba.org",
+            "host3.test.samba.org"
+        ]
+        self._test_ldap_authentication_information(
+            "dNSHostName", values, user=MACHINE_NAME)
+
+    def test_ldap_msDS_AdditionalDnsHostName(self):
+        """Test logging of msDS-AdditionalDnsHostName changes.
+        """
+        values = [
+            "host1.test.samba.org",
+            "host2.test.samba.org",
+            "host3.test.samba.org"
+        ]
+        self._test_ldap_authentication_information(
+            "msDS-AdditionalDnsHostName", values, user=MACHINE_NAME)
+
+    def _test_ldap_authentication_information(
+            self,
+            attribute,
+            values,
+            user=USER_NAME ):
         """Test logging of authentication information changes.
         """
         #
@@ -473,7 +537,7 @@ class AuditLogPassChangeTests(AuditLogTestBase):
         # we use sub-tests in this test.
         #
 
-        dn = f"cn={USER_NAME},cn=users,{self.base_dn}"
+        dn = f"cn={user},cn=users,{self.base_dn}"
         self.discardSetupMessages(dn)
 
         session_id = self.get_session()

diff --git a/selftest/knownfail b/selftest/knownfail
index ab2d79d7114edb6ee29eafd4ef5e4ce84921471b..d187dd9b787b516e52bb8286dab42f0a59a4827c 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -338,3 +338,8 @@
 
 # We currently don't send referrals for LDAP modify of non-replicated attrs
 ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.*
+
+^samba.tests.audit_log_pass_change.samba.tests.audit_log_pass_change.AuditLogPassChangeTests.test_ldap_altSecurityIdentities
+^samba.tests.audit_log_pass_change.samba.tests.audit_log_pass_change.AuditLogPassChangeTests.test_ldap_service_principal_name
+^samba.tests.audit_log_pass_change.samba.tests.audit_log_pass_change.AuditLogPassChangeTests.test_ldap_msDS_AdditionalDnsHostName
+^samba.tests.audit_log_pass_change.samba.tests.audit_log_pass_change.AuditLogPassChangeTests.test_ldap_dns_host_name