From: Gary Lockyer Date: Sun, 5 Oct 2025 23:46:44 +0000 (+1300) Subject: tests:audit_log_pass_change add tests for auth info logging X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00e12c2e2def5fd180b210301d9d45df7fe565f5;p=thirdparty%2Fsamba.git tests:audit_log_pass_change add tests for auth info logging Add tests for the logging of changes to altSecurityIdentities, dnsHostName, servicePrincipalName and msDS-AdditionalDnsHostNames Signed-off-by: Gary Lockyer Reviewed-by: Douglas Bagnall --- diff --git a/python/samba/tests/audit_log_pass_change.py b/python/samba/tests/audit_log_pass_change.py index e9a97cfce2a..0384e3c5e09 100644 --- a/python/samba/tests/audit_log_pass_change.py +++ b/python/samba/tests/audit_log_pass_change.py @@ -43,6 +43,9 @@ USER_PASS = samba.generate_random_password(32, 32) SECOND_USER_NAME = "auditlogtestuser02" SECOND_USER_PASS = samba.generate_random_password(32, 32) +MACHINE_NAME = "auditlogtestmachineuser" +MACHINE_PASS = samba.generate_random_password(32, 32) + class AuditLogPassChangeTests(AuditLogTestBase): @@ -95,6 +98,17 @@ class AuditLogPassChangeTests(AuditLogTestBase): "userPassword": USER_PASS }) + # (Re)adds the test user MACHINE_NAME with password MACHINE_PASS + delete_force( + self.ldb, + "cn=" + MACHINE_NAME + ",cn=users," + self.base_dn) + self.ldb.add({ + "dn": "cn=" + MACHINE_NAME + ",cn=users," + self.base_dn, + "objectclass": "computer", + "sAMAccountName": MACHINE_NAME, + "userPassword": MACHINE_PASS + }) + # # Discard the messages from the setup code # @@ -465,7 +479,57 @@ class AuditLogPassChangeTests(AuditLogTestBase): self.assertEqual(0, len(messages)) - def _test_ldap_authentication_information(self, attribute, values): + def test_ldap_altSecurityIdentities(self): + """Test logging of altSecurityIdentities changes. + """ + values = [ + "X509:123456789123", + "X509:SubjectNameIssuerName", + "X509:IssuerName123456789123" + ] + self._test_ldap_authentication_information( + "altSecurityIdentities", values) + + + def test_ldap_service_principal_name(self): + """Test logging of servicePrincipalName changes. + """ + values = [ + "HOST/principal1", + "HOST/principal2", + "HOST/Principla3" + ] + self._test_ldap_authentication_information( + "servicePrincipalName", values) + + + def test_ldap_dns_host_name(self): + """Test logging of dNSHostName changes. + """ + values = [ + "host1.test.samba.org", + "host2.test.samba.org", + "host3.test.samba.org" + ] + self._test_ldap_authentication_information( + "dNSHostName", values, user=MACHINE_NAME) + + def test_ldap_msDS_AdditionalDnsHostName(self): + """Test logging of msDS-AdditionalDnsHostName changes. + """ + values = [ + "host1.test.samba.org", + "host2.test.samba.org", + "host3.test.samba.org" + ] + self._test_ldap_authentication_information( + "msDS-AdditionalDnsHostName", values, user=MACHINE_NAME) + + def _test_ldap_authentication_information( + self, + attribute, + values, + user=USER_NAME ): """Test logging of authentication information changes. """ # @@ -473,7 +537,7 @@ class AuditLogPassChangeTests(AuditLogTestBase): # we use sub-tests in this test. # - dn = f"cn={USER_NAME},cn=users,{self.base_dn}" + dn = f"cn={user},cn=users,{self.base_dn}" self.discardSetupMessages(dn) session_id = self.get_session() diff --git a/selftest/knownfail b/selftest/knownfail index ab2d79d7114..d187dd9b787 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -338,3 +338,8 @@ # We currently don't send referrals for LDAP modify of non-replicated attrs ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.* + +^samba.tests.audit_log_pass_change.samba.tests.audit_log_pass_change.AuditLogPassChangeTests.test_ldap_altSecurityIdentities +^samba.tests.audit_log_pass_change.samba.tests.audit_log_pass_change.AuditLogPassChangeTests.test_ldap_service_principal_name +^samba.tests.audit_log_pass_change.samba.tests.audit_log_pass_change.AuditLogPassChangeTests.test_ldap_msDS_AdditionalDnsHostName +^samba.tests.audit_log_pass_change.samba.tests.audit_log_pass_change.AuditLogPassChangeTests.test_ldap_dns_host_name