auth log: Add windows logon type codes
authorGary Lockyer <gary@catalyst.net.nz>
Thu, 13 Dec 2018 01:46:31 +0000 (14:46 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Fri, 14 Dec 2018 17:57:52 +0000 (18:57 +0100)
Add a new "logonType" element to the Authorisation JSON log messages.
This contains a Windows Logon Type, the supported logon types are:
2 Interactive
3 Network
8 NetworkCleartext

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth/auth_log.c
python/samba/tests/auth_log.py
python/samba/tests/auth_log_ncalrpc.py
python/samba/tests/auth_log_netlogon.py
python/samba/tests/auth_log_netlogon_bad_creds.py
python/samba/tests/auth_log_pass_change.py
python/samba/tests/auth_log_samlogon.py

index 0f32268..6eebbfc 100644 (file)
@@ -91,6 +91,31 @@ static void log_json(struct imessaging_context *msg_ctx,
        }
 }
 
+/*
+ * Determine the Windows logon type for the current authorisation attempt.
+ *
+ * Currently Samba only supports
+ *
+ * 2 Interactive      A user logged on to this computer.
+ * 3 Network          A user or computer logged on to this computer from
+ *                    the network.
+ * 8 NetworkCleartext A user logged on to this computer from the network.
+ *                    The user's password was passed to the authentication
+ *                    package in its unhashed form.
+ *
+ */
+static enum event_logon_type get_logon_type(
+       const struct auth_usersupplied_info *ui)
+{
+       if ((ui->logon_parameters & MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED)
+          || (ui->password_state == AUTH_PASSWORD_PLAIN)) {
+               return EVT_LOGON_NETWORK_CLEAR_TEXT;
+       } else if (ui->flags & USER_INFO_INTERACTIVE_LOGON) {
+               return EVT_LOGON_INTERACTIVE;
+       }
+       return EVT_LOGON_NETWORK;
+}
+
 /*
  * Write a machine parsable json formatted authentication log entry.
  *
@@ -142,6 +167,10 @@ static void log_authentication_event_json(
        if (rc != 0) {
                goto failure;
        }
+       rc = json_add_int(&authentication, "logonType", get_logon_type(ui));
+       if (rc != 0) {
+               goto failure;
+       }
        rc = json_add_string(&authentication, "status", nt_errstr(status));
        if (rc != 0) {
                goto failure;
index 08c8b64..14da516 100644 (file)
@@ -30,7 +30,10 @@ from subprocess import call
 from ldb import LdbError
 from samba.dcerpc.windows_event_ids import (
     EVT_ID_SUCCESSFUL_LOGON,
-    EVT_ID_UNSUCCESSFUL_LOGON
+    EVT_ID_UNSUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK,
+    EVT_LOGON_INTERACTIVE,
+    EVT_LOGON_NETWORK_CLEAR_TEXT
 )
 import re
 
@@ -98,6 +101,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
         self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
         self.assertEquals(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
         self._assert_ncacn_np_serviceDescription(binding,
                                                  msg["Authentication"]["serviceDescription"])
         self.assertEquals(authTypes[1],
@@ -129,6 +134,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                               msg["Authentication"]["authDescription"])
             self.assertEquals(
                 EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+            self.assertEquals(
+                EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
     def rpc_ncacn_np_krb5_check(
             self,
@@ -155,6 +162,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["authDescription"])
         self.assertEquals(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
         # Check the second message it should be an Authentication
         # This this the TCP Authentication in response to the message too big
@@ -168,6 +177,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["authDescription"])
         self.assertEquals(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
         # Check the third message it should be an Authorization
         msg = messages[2]
@@ -317,6 +328,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["authDescription"])
         self.assertEquals(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
     def rpc_ncacn_ip_tcp_krb5_check(self, messages, authTypes, service,
                                     binding, protection):
@@ -345,6 +358,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["authDescription"])
         self.assertEquals(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
         # Check the third message it should be an Authentication
         msg = messages[2]
@@ -356,6 +371,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["authDescription"])
         self.assertEquals(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
     def test_rpc_ncacn_ip_tcp_ntlm_dns_sign(self):
         creds = self.insta_creds(template=self.get_credentials(),
@@ -461,6 +478,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
         self.assertTrue(msg["Authentication"]["duration"] > 0)
         self.assertEquals(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
         # Check the second message it should be an Authentication
         msg = messages[1]
@@ -473,6 +492,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
         self.assertTrue(msg["Authentication"]["duration"] > 0)
         self.assertEquals(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
     def test_ldap_ntlm(self):
 
@@ -500,6 +521,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
         self.assertTrue(msg["Authentication"]["duration"] > 0)
         self.assertEquals(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK, msg["Authentication"]["logonType"])
 
     def test_ldap_simple_bind(self):
         def isLastExpectedMessage(msg):
@@ -531,6 +554,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["authDescription"])
         self.assertEquals(
             EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
+        self.assertEquals(
+            EVT_LOGON_NETWORK_CLEAR_TEXT, msg["Authentication"]["logonType"])
 
     def test_ldap_simple_bind_bad_password(self):
         def isLastExpectedMessage(msg):
@@ -541,7 +566,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "simple bind") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK_CLEAR_TEXT))
 
         creds = self.insta_creds(template=self.get_credentials())
         creds.set_password("badPassword")
@@ -571,7 +598,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "simple bind") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK_CLEAR_TEXT))
 
         creds = self.insta_creds(template=self.get_credentials())
         creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "badUser"))
@@ -599,7 +628,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "simple bind") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK_CLEAR_TEXT))
 
         creds = self.insta_creds(template=self.get_credentials())
         creds.set_bind_dn("%s\\%s" % (creds.get_domain(), "abdcef"))
@@ -693,6 +724,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["authDescription"])
         self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
 
         # Check the second message it should be an Authentication
         msg = messages[1]
@@ -704,6 +737,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["authDescription"])
         self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
 
     def test_smb_bad_password(self):
         def isLastExpectedMessage(msg):
@@ -743,7 +778,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "ENC-TS Pre-authentication") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         creds = self.insta_creds(template=self.get_credentials())
         creds.set_username("badUser")
@@ -795,6 +832,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["passwordType"])
         self.assertEquals(EVT_ID_UNSUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
 
         # Check the second message it should be an Authentication
         msg = messages[1]
@@ -811,6 +850,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["becameAccount"])
         self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
 
     def test_smb2_anonymous(self):
         def isLastExpectedMessage(msg):
@@ -844,6 +885,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["passwordType"])
         self.assertEquals(EVT_ID_UNSUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
 
         # Check the second message it should be an Authentication
         msg = messages[1]
@@ -860,6 +903,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["becameAccount"])
         self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
 
     def test_smb_no_krb_spnego(self):
         def isLastExpectedMessage(msg):
@@ -891,6 +936,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["passwordType"])
         self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
 
     def test_smb_no_krb_spnego_bad_password(self):
         def isLastExpectedMessage(msg):
@@ -901,7 +948,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["status"] ==
                         "NT_STATUS_WRONG_PASSWORD") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         creds = self.insta_creds(template=self.get_credentials(),
                                  kerberos_state=DONT_USE_KERBEROS)
@@ -931,7 +980,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["status"] ==
                         "NT_STATUS_NO_SUCH_USER") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         creds = self.insta_creds(template=self.get_credentials(),
                                  kerberos_state=DONT_USE_KERBEROS)
@@ -984,6 +1035,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["passwordType"])
         self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
 
     def test_smb_no_krb_no_spnego_no_ntlmv2_bad_password(self):
         def isLastExpectedMessage(msg):
@@ -994,7 +1047,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["status"] ==
                         "NT_STATUS_WRONG_PASSWORD") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         creds = self.insta_creds(template=self.get_credentials(),
                                  kerberos_state=DONT_USE_KERBEROS)
@@ -1026,7 +1081,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["status"] ==
                         "NT_STATUS_NO_SUCH_USER") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         creds = self.insta_creds(template=self.get_credentials(),
                                  kerberos_state=DONT_USE_KERBEROS)
@@ -1063,7 +1120,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_INTERACTIVE))
 
         server   = os.environ["SERVER"]
         user     = os.environ["USERNAME"]
@@ -1094,7 +1153,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_INTERACTIVE))
 
         server   = os.environ["SERVER"]
         user     = os.environ["USERNAME"]
@@ -1125,7 +1186,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_INTERACTIVE))
 
         server   = os.environ["SERVER"]
         user     = "badUser"
@@ -1154,7 +1217,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         server   = os.environ["SERVER"]
         user     = os.environ["USERNAME"]
@@ -1184,7 +1249,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         server   = os.environ["SERVER"]
         user     = os.environ["USERNAME"]
@@ -1214,7 +1281,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         server   = os.environ["SERVER"]
         user     = "badUser"
@@ -1244,7 +1313,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         server   = os.environ["SERVER"]
         user     = os.environ["USERNAME"]
@@ -1276,7 +1347,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         server   = os.environ["SERVER"]
         user     = os.environ["USERNAME"]
@@ -1308,7 +1381,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         server   = os.environ["SERVER"]
         user     = "badUser"
@@ -1338,7 +1413,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         server   = os.environ["SERVER"]
         user     = os.environ["USERNAME"]
@@ -1378,7 +1455,9 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["workstation"] ==
                         r"\\%s" % workstation) and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         server   = os.environ["SERVER"]
         user     = os.environ["USERNAME"]
index 7d6e3a1..d5b8735 100644 (file)
@@ -23,7 +23,10 @@ from samba.credentials import DONT_USE_KERBEROS
 from samba.dcerpc.dcerpc import AS_SYSTEM_MAGIC_PATH_TOKEN
 from samba.dcerpc import samr
 import samba.tests.auth_log_base
-from samba.dcerpc.windows_event_ids import EVT_ID_SUCCESSFUL_LOGON
+from samba.dcerpc.windows_event_ids import (
+    EVT_ID_SUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK
+)
 
 
 class AuthLogTestsNcalrpc(samba.tests.auth_log_base.AuthLogTestBase):
@@ -78,6 +81,8 @@ class AuthLogTestsNcalrpc(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["authDescription"])
         self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
 
     def test_ncalrpc_ntlm_dns_sign(self):
 
index 23c9442..a52bd28 100644 (file)
@@ -36,7 +36,10 @@ from samba.tests import delete_force
 from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD
 from samba.dcerpc.misc import SEC_CHAN_WKSTA
 from samba.compat import text_type
-from samba.dcerpc.windows_event_ids import EVT_ID_SUCCESSFUL_LOGON
+from samba.dcerpc.windows_event_ids import (
+    EVT_ID_SUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK
+)
 
 
 class AuthLogTestsNetLogon(samba.tests.auth_log_base.AuthLogTestBase):
@@ -129,6 +132,8 @@ class AuthLogTestsNetLogon(samba.tests.auth_log_base.AuthLogTestBase):
                           msg["Authentication"]["passwordType"])
         self.assertEquals(EVT_ID_SUCCESSFUL_LOGON,
                           msg["Authentication"]["eventId"])
+        self.assertEquals(EVT_LOGON_NETWORK,
+                          msg["Authentication"]["logonType"])
 
     def test_netlogon(self):
         self._test_netlogon("SEAL", self.netlogon_check)
index 73e3555..01cb8cd 100644 (file)
@@ -38,7 +38,10 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD
 from samba.dcerpc.misc import SEC_CHAN_WKSTA
 from samba.dcerpc.netlogon import NETLOGON_NEG_STRONG_KEYS
 from samba.compat import get_string
-from samba.dcerpc.windows_event_ids import EVT_ID_UNSUCCESSFUL_LOGON
+from samba.dcerpc.windows_event_ids import (
+    EVT_ID_UNSUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK
+)
 
 
 class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
@@ -84,7 +87,8 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
                 msg["Authentication"]["authDescription"] ==
                 "ServerAuthenticate" and
                 msg["Authentication"]["status"] == status and
-                msg["Authentication"]["eventId"] == event_id)
+                msg["Authentication"]["eventId"] == event_id and
+                msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)
 
         machine_creds = Credentials()
         machine_creds.guess(self.get_loadparm())
@@ -143,7 +147,9 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
                 msg["Authentication"]["authDescription"] ==
                 "ServerAuthenticate" and
                 msg["Authentication"]["passwordType"] == "DES" and
-                msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON)
+                msg["Authentication"]["eventId"] ==
+                    EVT_ID_UNSUCCESSFUL_LOGON and
+                msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)
 
         c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm())
         creds = netlogon.netr_Credential()
@@ -169,7 +175,9 @@ class AuthLogTestsNetLogonBadCreds(samba.tests.auth_log_base.AuthLogTestBase):
                 msg["Authentication"]["authDescription"] ==
                 "ServerAuthenticate" and
                 msg["Authentication"]["passwordType"] == "HMAC-MD5" and
-                msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON)
+                (msg["Authentication"]["eventId"] ==
+                    EVT_ID_UNSUCCESSFUL_LOGON) and
+                msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)
 
         c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm())
         creds = netlogon.netr_Credential()
index f99d9d8..f0a0ee6 100644 (file)
@@ -32,7 +32,8 @@ from ldb import LdbError
 from samba.tests.password_test import PasswordCommon
 from samba.dcerpc.windows_event_ids import (
     EVT_ID_SUCCESSFUL_LOGON,
-    EVT_ID_UNSUCCESSFUL_LOGON
+    EVT_ID_UNSUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK
 )
 
 USER_NAME = "authlogtestuser"
@@ -87,7 +88,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "samr_ChangePasswordUser3") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         creds = self.insta_creds(template=self.get_credentials())
 
@@ -115,7 +118,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "samr_ChangePasswordUser3") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         creds = self.insta_creds(template=self.get_credentials())
 
@@ -148,7 +153,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "samr_ChangePasswordUser3") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         creds = self.insta_creds(template=self.get_credentials())
 
@@ -181,7 +188,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "samr_ChangePasswordUser3") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         creds = self.insta_creds(template=self.get_credentials())
 
@@ -218,7 +227,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "OemChangePasswordUser2") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         username = os.environ["USERNAME"]
         server = os.environ["SERVER"]
@@ -243,7 +254,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "LDAP Modify") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_SUCCESSFUL_LOGON))
+                        EVT_ID_SUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         new_password = samba.generate_random_password(32, 32)
         self.ldb.modify_ldif(
@@ -300,7 +313,9 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
                     (msg["Authentication"]["authDescription"] ==
                         "LDAP Modify") and
                     (msg["Authentication"]["eventId"] ==
-                        EVT_ID_UNSUCCESSFUL_LOGON))
+                        EVT_ID_UNSUCCESSFUL_LOGON) and
+                    (msg["Authentication"]["logonType"] ==
+                        EVT_LOGON_NETWORK))
 
         new_password = samba.generate_random_password(32, 32)
         try:
index 8abdc8d..35f121e 100644 (file)
@@ -36,7 +36,10 @@ from samba.tests import delete_force
 from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD
 from samba.dcerpc.misc import SEC_CHAN_WKSTA
 from samba.compat import text_type
-from samba.dcerpc.windows_event_ids import EVT_ID_SUCCESSFUL_LOGON
+from samba.dcerpc.windows_event_ids import (
+    EVT_ID_SUCCESSFUL_LOGON,
+    EVT_LOGON_NETWORK
+)
 
 
 class AuthLogTestsSamLogon(samba.tests.auth_log_base.AuthLogTestBase):
@@ -72,7 +75,9 @@ class AuthLogTestsSamLogon(samba.tests.auth_log_base.AuthLogTestBase):
                 msg["Authentication"]["serviceDescription"]  == "SamLogon" and
                 msg["Authentication"]["authDescription"]     == "network" and
                 msg["Authentication"]["passwordType"]        == "NTLMv2" and
-                msg["Authentication"]["eventId"] == EVT_ID_SUCCESSFUL_LOGON)
+                (msg["Authentication"]["eventId"] ==
+                    EVT_ID_SUCCESSFUL_LOGON) and
+                (msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK))
 
         if binding:
             binding = "[schannel,%s]" % binding