auth log: Add windows logon type codes

author Gary Lockyer <gary@catalyst.net.nz>

Thu, 13 Dec 2018 01:46:31 +0000 (14:46 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 14 Dec 2018 17:57:52 +0000 (18:57 +0100)
author Gary Lockyer <gary@catalyst.net.nz>
Thu, 13 Dec 2018 01:46:31 +0000 (14:46 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 14 Dec 2018 17:57:52 +0000 (18:57 +0100)
diff --git a/auth/auth_log.c b/auth/auth_log.c

index 0f32268ffab64cd3dec30971deeef5e30455bc42..6eebbfc706f602d10af6fd51bd9c117907eea0d4 100644 (file)
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -91,6 +91,31 @@ static void log_json(struct imessaging_context *msg_ctx,
         }
  }
  
+/*
+ * Determine the Windows logon type for the current authorisation attempt.
+ *
+ * Currently Samba only supports
+ *
+ * 2 Interactive      A user logged on to this computer.
+ * 3 Network          A user or computer logged on to this computer from
+ *                    the network.
+ * 8 NetworkCleartext A user logged on to this computer from the network.
+ *                    The user's password was passed to the authentication
+ *                    package in its unhashed form.
+ *
+ */
+static enum event_logon_type get_logon_type(
+       const struct auth_usersupplied_info *ui)
+{
+       if ((ui->logon_parameters & MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED)
+          || (ui->password_state == AUTH_PASSWORD_PLAIN)) {
+               return EVT_LOGON_NETWORK_CLEAR_TEXT;
+       } else if (ui->flags & USER_INFO_INTERACTIVE_LOGON) {
+               return EVT_LOGON_INTERACTIVE;
+       }
+       return EVT_LOGON_NETWORK;
+}
+
  /*
   * Write a machine parsable json formatted authentication log entry.
   *
@@ -142,6 +167,10 @@ static void log_authentication_event_json(
         if (rc != 0) {
                 goto failure;
         }
+       rc = json_add_int(&authentication, "logonType", get_logon_type(ui));
+       if (rc != 0) {
+               goto failure;
+       }
         rc = json_add_string(&authentication, "status", nt_errstr(status));
         if (rc != 0) {
                 goto failure;
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py

index 08c8b64bcd5befc22aef2b2e470cf7d3bd82461c..14da516f200fdfefa03e7df52cfcd084bb9d6ab5 100644 (file)
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -30,7 +30,10 @@ from subprocess import call
  from ldb import LdbError
  from samba.dcerpc.windows_event_ids import (
      EVT_ID_SUCCESSFUL_LOGON,
-    EVT_ID_UNSUCCESSFUL_LOGON
+    EVT_ID_UNSUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK,
+    EVT_LOGON_INTERACTIVE,
+    EVT_LOGON_NETWORK_CLEAR_TEXT
  )
  import re
  
@@ -98,6 +101,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
          self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
          self.assertEquals(
              EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
          self._assert_ncacn_np_serviceDescription(binding,
                                                   msg["Authentication"]["serviceDescription"])
          self.assertEquals(authTypes[1],
@@ -129,6 +134,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                                msg["Authentication"]["authDescription"])
              self.assertEquals(
                  EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+            self.assertEquals(
+                EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
      def rpc_ncacn_np_krb5_check(
              self,
@@ -155,6 +162,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["authDescription"])
          self.assertEquals(
              EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
          # Check the second message it should be an Authentication
          # This this the TCP Authentication in response to the message too big
@@ -168,6 +177,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["authDescription"])
          self.assertEquals(
              EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
          # Check the third message it should be an Authorization
          msg = messages[2]
@@ -317,6 +328,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["authDescription"])
          self.assertEquals(
              EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
      def rpc_ncacn_ip_tcp_krb5_check(self, messages, authTypes, service,
                                      binding, protection):
@@ -345,6 +358,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["authDescription"])
          self.assertEquals(
              EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
          # Check the third message it should be an Authentication
          msg = messages[2]
@@ -356,6 +371,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["authDescription"])
          self.assertEquals(
              EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
      def test_rpc_ncacn_ip_tcp_ntlm_dns_sign(self):
          creds = self.insta_creds(template=self.get_credentials(),
@@ -461,6 +478,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
          self.assertTrue(msg["Authentication"]["duration"] > 0)
          self.assertEquals(
              EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
          # Check the second message it should be an Authentication
          msg = messages[1]
@@ -473,6 +492,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
          self.assertTrue(msg["Authentication"]["duration"] > 0)
          self.assertEquals(
              EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
      def test_ldap_ntlm(self):
  
@@ -500,6 +521,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
          self.assertTrue(msg["Authentication"]["duration"] > 0)
          self.assertEquals(
              EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
  
      def test_ldap_simple_bind(self):
          def isLastExpectedMessage(msg):
@@ -531,6 +554,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["authDescription"])
          self.assertEquals(
              EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK_CLEAR_TEXT, msg["Authentication"]["logonType"])
  
      def test_ldap_simple_bind_bad_password(self):
          def isLastExpectedMessage(msg):
@@ -541,7 +566,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "simple bind") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK_CLEAR_TEXT))
  
          creds = self.insta_creds(template=self.get_credentials())
          creds.set_password("badPassword")
@@ -571,7 +598,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "simple bind") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK_CLEAR_TEXT))
  
          creds = self.insta_creds(template=self.get_credentials())
          creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "badUser"))
@@ -599,7 +628,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "simple bind") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK_CLEAR_TEXT))
  
          creds = self.insta_creds(template=self.get_credentials())
          creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "abdcef"))
@@ -693,6 +724,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["authDescription"])
          self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
  
          # Check the second message it should be an Authentication
          msg = messages[1]
@@ -704,6 +737,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["authDescription"])
          self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
  
      def test_smb_bad_password(self):
          def isLastExpectedMessage(msg):
@@ -743,7 +778,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "ENC-TS Pre-authentication") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          creds = self.insta_creds(template=self.get_credentials())
          creds.set_username("badUser")
@@ -795,6 +832,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["passwordType"])
          self.assertEquals(EVT_ID_UNSUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
  
          # Check the second message it should be an Authentication
          msg = messages[1]
@@ -811,6 +850,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["becameAccount"])
          self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
  
      def test_smb2_anonymous(self):
          def isLastExpectedMessage(msg):
@@ -844,6 +885,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["passwordType"])
          self.assertEquals(EVT_ID_UNSUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
  
          # Check the second message it should be an Authentication
          msg = messages[1]
@@ -860,6 +903,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["becameAccount"])
          self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
  
      def test_smb_no_krb_spnego(self):
          def isLastExpectedMessage(msg):
@@ -891,6 +936,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["passwordType"])
          self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
  
      def test_smb_no_krb_spnego_bad_password(self):
          def isLastExpectedMessage(msg):
@@ -901,7 +948,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["status"] ==
                          "NT_STATUS_WRONG_PASSWORD") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          creds = self.insta_creds(template=self.get_credentials(),
                                   kerberos_state=DONT_USE_KERBEROS)
@@ -931,7 +980,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["status"] ==
                          "NT_STATUS_NO_SUCH_USER") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          creds = self.insta_creds(template=self.get_credentials(),
                                   kerberos_state=DONT_USE_KERBEROS)
@@ -984,6 +1035,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["passwordType"])
          self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
  
      def test_smb_no_krb_no_spnego_no_ntlmv2_bad_password(self):
          def isLastExpectedMessage(msg):
@@ -994,7 +1047,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["status"] ==
                          "NT_STATUS_WRONG_PASSWORD") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          creds = self.insta_creds(template=self.get_credentials(),
                                   kerberos_state=DONT_USE_KERBEROS)
@@ -1026,7 +1081,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["status"] ==
                          "NT_STATUS_NO_SUCH_USER") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          creds = self.insta_creds(template=self.get_credentials(),
                                   kerberos_state=DONT_USE_KERBEROS)
@@ -1063,7 +1120,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_INTERACTIVE))
  
          server   = os.environ["SERVER"]
          user     = os.environ["USERNAME"]
@@ -1094,7 +1153,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_INTERACTIVE))
  
          server   = os.environ["SERVER"]
          user     = os.environ["USERNAME"]
@@ -1125,7 +1186,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_INTERACTIVE))
  
          server   = os.environ["SERVER"]
          user     = "badUser"
@@ -1154,7 +1217,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          server   = os.environ["SERVER"]
          user     = os.environ["USERNAME"]
@@ -1184,7 +1249,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          server   = os.environ["SERVER"]
          user     = os.environ["USERNAME"]
@@ -1214,7 +1281,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          server   = os.environ["SERVER"]
          user     = "badUser"
@@ -1244,7 +1313,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          server   = os.environ["SERVER"]
          user     = os.environ["USERNAME"]
@@ -1276,7 +1347,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          server   = os.environ["SERVER"]
          user     = os.environ["USERNAME"]
@@ -1308,7 +1381,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          server   = os.environ["SERVER"]
          user     = "badUser"
@@ -1338,7 +1413,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          server   = os.environ["SERVER"]
          user     = os.environ["USERNAME"]
@@ -1378,7 +1455,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["workstation"] ==
                          r"\\%s" % workstation) and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          server   = os.environ["SERVER"]
          user     = os.environ["USERNAME"]
diff --git a/python/samba/tests/auth_log_ncalrpc.py b/python/samba/tests/auth_log_ncalrpc.py

index 7d6e3a1372837fa1b9c31864bd08b3622fab57f6..d5b8735bcdbd415ffed1ff52022b32103dd8fbf9 100644 (file)
--- a/python/samba/tests/auth_log_ncalrpc.py
+++ b/python/samba/tests/auth_log_ncalrpc.py
@@ -23,7 +23,10 @@ from samba.credentials import DONT_USE_KERBEROS
  from samba.dcerpc.dcerpc import AS_SYSTEM_MAGIC_PATH_TOKEN
  from samba.dcerpc import samr
  import samba.tests.auth_log_base
-from samba.dcerpc.windows_event_ids import EVT_ID_SUCCESSFUL_LOGON
+from samba.dcerpc.windows_event_ids import (
+    EVT_ID_SUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK
+)
  
  
  class AuthLogTestsNcalrpc(samba.tests.auth_log_base.AuthLogTestBase):
@@ -78,6 +81,8 @@ class AuthLogTestsNcalrpc(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["authDescription"])
          self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
  
      def test_ncalrpc_ntlm_dns_sign(self):
  
diff --git a/python/samba/tests/auth_log_netlogon.py b/python/samba/tests/auth_log_netlogon.py

index 23c9442b73a53000f08351e51c55af6294c48b04..a52bd28191b0f8bbeba3a7597641fa89b2f15fc0 100644 (file)
--- a/python/samba/tests/auth_log_netlogon.py
+++ b/python/samba/tests/auth_log_netlogon.py
@@ -36,7 +36,10 @@ from samba.tests import delete_force
  from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD
  from samba.dcerpc.misc import SEC_CHAN_WKSTA
  from samba.compat import text_type
-from samba.dcerpc.windows_event_ids import EVT_ID_SUCCESSFUL_LOGON
+from samba.dcerpc.windows_event_ids import (
+    EVT_ID_SUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK
+)
  
  
  class AuthLogTestsNetLogon(samba.tests.auth_log_base.AuthLogTestBase):
@@ -129,6 +132,8 @@ class AuthLogTestsNetLogon(samba.tests.auth_log_base.AuthLogTestBase):
                            msg["Authentication"]["passwordType"])
          self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                            msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
  
      def test_netlogon(self):
          self._test_netlogon("SEAL", self.netlogon_check)
diff --git a/python/samba/tests/auth_log_netlogon_bad_creds.py b/python/samba/tests/auth_log_netlogon_bad_creds.py

index 73e3555fbafa6fc3d0190a202c2b5f94e4aad793..01cb8cd6af09de212e47955588332f893525faa7 100644 (file)
--- a/python/samba/tests/auth_log_netlogon_bad_creds.py
+++ b/python/samba/tests/auth_log_netlogon_bad_creds.py
@@ -38,7 +38,10 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD
  from samba.dcerpc.misc import SEC_CHAN_WKSTA
  from samba.dcerpc.netlogon import NETLOGON_NEG_STRONG_KEYS
  from samba.compat import get_string
-from samba.dcerpc.windows_event_ids import EVT_ID_UNSUCCESSFUL_LOGON
+from samba.dcerpc.windows_event_ids import (
+    EVT_ID_UNSUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK
+)
  
  
  class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
@@ -84,7 +87,8 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
                  msg["Authentication"]["authDescription"] ==
                  "ServerAuthenticate" and
                  msg["Authentication"]["status"] == status and
-                msg["Authentication"]["eventId"] == event_id)
+                msg["Authentication"]["eventId"] == event_id and
+                msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)
  
          machine_creds = Credentials()
          machine_creds.guess(self.get_loadparm())
@@ -143,7 +147,9 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
                  msg["Authentication"]["authDescription"] ==
                  "ServerAuthenticate" and
                  msg["Authentication"]["passwordType"] == "DES" and
-                msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON)
+                msg["Authentication"]["eventId"] ==
+                    EVT_ID_UNSUCCESSFUL_LOGON and
+                msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)
  
          c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm())
          creds = netlogon.netr_Credential()
@@ -169,7 +175,9 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
                  msg["Authentication"]["authDescription"] ==
                  "ServerAuthenticate" and
                  msg["Authentication"]["passwordType"] == "HMAC-MD5" and
-                msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON)
+                (msg["Authentication"]["eventId"] ==
+                    EVT_ID_UNSUCCESSFUL_LOGON) and
+                msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)
  
          c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm())
          creds = netlogon.netr_Credential()
diff --git a/python/samba/tests/auth_log_pass_change.py b/python/samba/tests/auth_log_pass_change.py

index f99d9d86f39737bed858ebb8ba884c5d2836d98e..f0a0ee68d174625c8b29d6d1644641e9a361142f 100644 (file)
--- a/python/samba/tests/auth_log_pass_change.py
+++ b/python/samba/tests/auth_log_pass_change.py
@@ -32,7 +32,8 @@ from ldb import LdbError
  from samba.tests.password_test import PasswordCommon
  from samba.dcerpc.windows_event_ids import (
      EVT_ID_SUCCESSFUL_LOGON,
-    EVT_ID_UNSUCCESSFUL_LOGON
+    EVT_ID_UNSUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK
  )
  
  USER_NAME = "authlogtestuser"
@@ -87,7 +88,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "samr_ChangePasswordUser3") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          creds = self.insta_creds(template=self.get_credentials())
  
@@ -115,7 +118,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "samr_ChangePasswordUser3") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          creds = self.insta_creds(template=self.get_credentials())
  
@@ -148,7 +153,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "samr_ChangePasswordUser3") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          creds = self.insta_creds(template=self.get_credentials())
  
@@ -181,7 +188,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "samr_ChangePasswordUser3") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          creds = self.insta_creds(template=self.get_credentials())
  
@@ -218,7 +227,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "OemChangePasswordUser2") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          username = os.environ["USERNAME"]
          server = os.environ["SERVER"]
@@ -243,7 +254,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "LDAP Modify") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          new_password = samba.generate_random_password(32, 32)
          self.ldb.modify_ldif(
@@ -300,7 +313,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                      (msg["Authentication"]["authDescription"] ==
                          "LDAP Modify") and
                      (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
  
          new_password = samba.generate_random_password(32, 32)
          try:
diff --git a/python/samba/tests/auth_log_samlogon.py b/python/samba/tests/auth_log_samlogon.py

index 8abdc8dac0b29c23e35241454e8c415901b95698..35f121e5bf095fe12ce6cd43277681787e6e53d6 100644 (file)
--- a/python/samba/tests/auth_log_samlogon.py
+++ b/python/samba/tests/auth_log_samlogon.py
@@ -36,7 +36,10 @@ from samba.tests import delete_force
  from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD
  from samba.dcerpc.misc import SEC_CHAN_WKSTA
  from samba.compat import text_type
-from samba.dcerpc.windows_event_ids import EVT_ID_SUCCESSFUL_LOGON
+from samba.dcerpc.windows_event_ids import (
+    EVT_ID_SUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK
+)
  
  
  class AuthLogTestsSamLogon(samba.tests.auth_log_base.AuthLogTestBase):
@@ -72,7 +75,9 @@ class AuthLogTestsSamLogon(samba.tests.auth_log_base.AuthLogTestBase):
                  msg["Authentication"]["serviceDescription"]  == "SamLogon" and
                  msg["Authentication"]["authDescription"]     == "network" and
                  msg["Authentication"]["passwordType"]        == "NTLMv2" and
-                msg["Authentication"]["eventId"] == EVT_ID_SUCCESSFUL_LOGON)
+                (msg["Authentication"]["eventId"] ==
+                    EVT_ID_SUCCESSFUL_LOGON) and
+                (msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK))
  
          if binding:
              binding = "[schannel,%s]" % binding
author	Gary Lockyer <gary@catalyst.net.nz>
	Thu, 13 Dec 2018 01:46:31 +0000 (14:46 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 14 Dec 2018 17:57:52 +0000 (18:57 +0100)
auth/auth_log.c		patch \| blob \| history
python/samba/tests/auth_log.py		patch \| blob \| history
python/samba/tests/auth_log_ncalrpc.py		patch \| blob \| history
python/samba/tests/auth_log_netlogon.py		patch \| blob \| history
python/samba/tests/auth_log_netlogon_bad_creds.py		patch \| blob \| history
python/samba/tests/auth_log_pass_change.py		patch \| blob \| history
python/samba/tests/auth_log_samlogon.py		patch \| blob \| history