From: Gary Lockyer Date: Mon, 6 Oct 2025 01:28:19 +0000 (+1300) Subject: s4:dsdb:audit_log change action for auth info X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd2d596446c560f820d6deb3cca56ffc4e64bd10;p=thirdparty%2Fsamba.git s4:dsdb:audit_log change action for auth info Change the action logged for authentication information changes from "Public key change" to "Auth info change". To reflect that it's not just changes to public keys that get logged. This doesn't require a JSON log format version change, because the version was recently bumped in c9e752ab18f43758d704951f7f31e39dafa6fdb4 and there hasn't been a Samba release in the meantime. Signed-off-by: Gary Lockyer Reviewed-by: Douglas Bagnall --- diff --git a/python/samba/tests/audit_log_pass_change.py b/python/samba/tests/audit_log_pass_change.py index 0384e3c5e09..203e3a0f941 100644 --- a/python/samba/tests/audit_log_pass_change.py +++ b/python/samba/tests/audit_log_pass_change.py @@ -433,7 +433,7 @@ class AuditLogPassChangeTests(AuditLogTestBase): self.discardMessages() audit = messages[0]["passwordChange"] self.assertEqual(EVT_ID_DIRECTORY_OBJECT_CHANGE, audit["eventId"]) - self.assertEqual("Public key change", audit["action"]) + self.assertEqual("Auth info change", audit["action"]) self.assertEqual(dn, audit["dn"]) self.assertIn(self.remoteAddress, audit["remoteAddress"]) self.assertEqual(session_id, audit["sessionId"]) @@ -451,7 +451,7 @@ class AuditLogPassChangeTests(AuditLogTestBase): self.discardMessages() audit = messages[0]["passwordChange"] self.assertEqual(EVT_ID_DIRECTORY_OBJECT_CHANGE, audit["eventId"]) - self.assertEqual("Public key change", audit["action"]) + self.assertEqual("Auth info change", audit["action"]) self.assertEqual(dn, audit["dn"]) self.assertIn(self.remoteAddress, audit["remoteAddress"]) self.assertEqual(session_id, audit["sessionId"]) @@ -556,7 +556,7 @@ class AuditLogPassChangeTests(AuditLogTestBase): self.assertEqual(1, len(messages)) audit = messages[0]["passwordChange"] self.assertEqual(EVT_ID_DIRECTORY_OBJECT_CHANGE, audit["eventId"]) - self.assertEqual("Public key change", audit["action"]) + self.assertEqual("Auth info change", audit["action"]) self.assertEqual(dn, audit["dn"]) self.assertIn(self.remoteAddress, audit["remoteAddress"]) self.assertEqual(session_id, audit["sessionId"]) @@ -575,7 +575,7 @@ class AuditLogPassChangeTests(AuditLogTestBase): self.assertEqual(1, len(messages)) audit = messages[0]["passwordChange"] self.assertEqual(EVT_ID_DIRECTORY_OBJECT_CHANGE, audit["eventId"]) - self.assertEqual("Public key change", audit["action"]) + self.assertEqual("Auth info change", audit["action"]) self.assertEqual(dn, audit["dn"]) self.assertIn(self.remoteAddress, audit["remoteAddress"]) self.assertTrue(self.is_guid(audit["sessionId"])) @@ -595,7 +595,7 @@ class AuditLogPassChangeTests(AuditLogTestBase): self.assertEqual(1, len(messages)) audit = messages[0]["passwordChange"] self.assertEqual(EVT_ID_DIRECTORY_OBJECT_CHANGE, audit["eventId"]) - self.assertEqual("Public key change", audit["action"]) + self.assertEqual("Auth info change", audit["action"]) self.assertEqual(dn, audit["dn"]) self.assertIn(self.remoteAddress, audit["remoteAddress"]) self.assertEqual(session_id, audit["sessionId"]) @@ -615,7 +615,7 @@ class AuditLogPassChangeTests(AuditLogTestBase): self.assertEqual(1, len(messages)) audit = messages[0]["passwordChange"] self.assertEqual(EVT_ID_DIRECTORY_OBJECT_CHANGE, audit["eventId"]) - self.assertEqual("Public key change", audit["action"]) + self.assertEqual("Auth info change", audit["action"]) self.assertEqual(dn, audit["dn"]) self.assertIn(self.remoteAddress, audit["remoteAddress"]) self.assertEqual(session_id, audit["sessionId"]) @@ -643,7 +643,7 @@ class AuditLogPassChangeTests(AuditLogTestBase): del audit self.assertEqual(EVT_ID_DIRECTORY_OBJECT_CHANGE, kcl_audit["eventId"]) self.assertEqual(EVT_ID_PASSWORD_RESET, pwd_audit["eventId"]) - self.assertEqual("Public key change", kcl_audit["action"]) + self.assertEqual("Auth info change", kcl_audit["action"]) self.assertEqual("Reset", pwd_audit["action"]) # if we delete the action and eventId, the rest of # structures should be the same (sessionId, transactionId, @@ -669,7 +669,7 @@ class AuditLogPassChangeTests(AuditLogTestBase): self.assertEqual(1, len(messages)) audit = messages[0]["passwordChange"] self.assertEqual(EVT_ID_DIRECTORY_OBJECT_CHANGE, audit["eventId"]) - self.assertEqual("Public key change", audit["action"]) + self.assertEqual("Auth info change", audit["action"]) self.assertEqual(dn, audit["dn"]) self.assertIn(self.remoteAddress, audit["remoteAddress"]) self.assertEqual(session_id, audit["sessionId"]) @@ -692,7 +692,7 @@ class AuditLogPassChangeTests(AuditLogTestBase): self.assertEqual(1, len(messages)) audit = messages[0]["passwordChange"] self.assertEqual(EVT_ID_DIRECTORY_OBJECT_CHANGE, audit["eventId"]) - self.assertEqual("Public key change", audit["action"]) + self.assertEqual("Auth info change", audit["action"]) self.assertEqual(dn, audit["dn"]) self.assertIn(self.remoteAddress, audit["remoteAddress"]) self.assertEqual(session_id, audit["sessionId"]) diff --git a/source4/dsdb/samdb/ldb_modules/audit_log.c b/source4/dsdb/samdb/ldb_modules/audit_log.c index bf00a9597e9..92570e2f4ec 100644 --- a/source4/dsdb/samdb/ldb_modules/audit_log.c +++ b/source4/dsdb/samdb/ldb_modules/audit_log.c @@ -523,7 +523,7 @@ static struct json_object password_change_json( struct ldb_module *module, const struct ldb_request *request, const struct ldb_reply *reply, - bool public_key_changed) + bool auth_info_changed) { struct ldb_context *ldb = NULL; const struct dom_sid *sid = NULL; @@ -545,8 +545,8 @@ static struct json_object password_change_json( sid = dsdb_audit_get_user_sid(module); dn = dsdb_audit_get_primary_dn(request); unique_session_token = dsdb_audit_get_unique_session_token(module); - if (public_key_changed) { - action = "Public key change"; + if (auth_info_changed) { + action = "Auth info change"; event_id = EVT_ID_DIRECTORY_OBJECT_CHANGE; } else { action = get_password_action(request, reply); @@ -818,7 +818,7 @@ static char *password_change_human_readable( struct ldb_module *module, const struct ldb_request *request, const struct ldb_reply *reply, - bool is_public_key_change) + bool auth_info_change) { struct ldb_context *ldb = NULL; const char *remote_host = NULL; @@ -837,8 +837,8 @@ static char *password_change_human_readable( sid = dsdb_audit_get_user_sid(module); timestamp = audit_get_timestamp(ctx); - if (is_public_key_change) { - action = "Public key change"; + if (auth_info_change) { + action = "Auth info change"; } else { action = get_password_action(request, reply); } diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_audit_log.c b/source4/dsdb/samdb/ldb_modules/tests/test_audit_log.c index c34a6059a80..aa14022f115 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/test_audit_log.c +++ b/source4/dsdb/samdb/ldb_modules/tests/test_audit_log.c @@ -1174,7 +1174,7 @@ static void test_kcl_change_json(void **state) v = json_object_get(audit, "action"); assert_non_null(v); assert_true(json_is_string(v)); - assert_string_equal("Public key change", json_string_value(v)); + assert_string_equal("Auth info change", json_string_value(v)); json_free(&json); TALLOC_FREE(ctx);