2 Unit tests for the dsdb audit logging code code in audit_log.c
4 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2018
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 int ldb_audit_log_module_init(const char *version);
27 #include "../audit_log.c"
29 #include "lib/ldb/include/ldb_private.h"
33 * Test helper to check ISO 8601 timestamps for validity
35 static void check_timestamp(time_t before, const char* timestamp)
48 * Convert the ISO 8601 timestamp into a time_t
49 * Note for convenience we ignore the value of the microsecond
50 * part of the time stamp.
54 "%4d-%2d-%2dT%2d:%2d:%2d.%6d%1c%4d",
64 assert_int_equal(9, rc);
65 tm.tm_year = tm.tm_year - 1900;
66 tm.tm_mon = tm.tm_mon - 1;
71 * The timestamp should be before <= actual <= after
73 assert_true(difftime(actual, before) >= 0);
74 assert_true(difftime(after, actual) >= 0);
77 static void test_has_password_changed(void **state)
79 struct ldb_context *ldb = NULL;
80 struct ldb_message *msg = NULL;
82 TALLOC_CTX *ctx = talloc_new(NULL);
84 ldb = ldb_init(ctx, NULL);
89 msg = ldb_msg_new(ldb);
90 assert_false(has_password_changed(msg));
94 * No password attributes
96 msg = ldb_msg_new(ldb);
97 ldb_msg_add_string(msg, "attr01", "value01");
98 assert_false(has_password_changed(msg));
102 * No password attributes >1 entries
104 msg = ldb_msg_new(ldb);
105 ldb_msg_add_string(msg, "attr01", "value01");
106 ldb_msg_add_string(msg, "attr02", "value03");
107 ldb_msg_add_string(msg, "attr03", "value03");
108 assert_false(has_password_changed(msg));
114 msg = ldb_msg_new(ldb);
115 ldb_msg_add_string(msg, "userPassword", "value01");
116 assert_true(has_password_changed(msg));
120 * clearTextPassword set
122 msg = ldb_msg_new(ldb);
123 ldb_msg_add_string(msg, "clearTextPassword", "value01");
124 assert_true(has_password_changed(msg));
130 msg = ldb_msg_new(ldb);
131 ldb_msg_add_string(msg, "unicodePwd", "value01");
132 assert_true(has_password_changed(msg));
138 msg = ldb_msg_new(ldb);
139 ldb_msg_add_string(msg, "dBCSPwd", "value01");
140 assert_true(has_password_changed(msg));
146 msg = ldb_msg_new(ldb);
147 ldb_msg_add_string(msg, "userPassword", "value01");
148 ldb_msg_add_string(msg, "clearTextPassword", "value02");
149 ldb_msg_add_string(msg, "unicodePwd", "value03");
150 ldb_msg_add_string(msg, "dBCSPwd", "value04");
151 assert_true(has_password_changed(msg));
155 * first attribute is a password attribute
157 msg = ldb_msg_new(ldb);
158 ldb_msg_add_string(msg, "userPassword", "value01");
159 ldb_msg_add_string(msg, "attr02", "value02");
160 ldb_msg_add_string(msg, "attr03", "value03");
161 ldb_msg_add_string(msg, "attr04", "value04");
162 assert_true(has_password_changed(msg));
166 * last attribute is a password attribute
168 msg = ldb_msg_new(ldb);
169 ldb_msg_add_string(msg, "attr01", "value01");
170 ldb_msg_add_string(msg, "attr02", "value02");
171 ldb_msg_add_string(msg, "attr03", "value03");
172 ldb_msg_add_string(msg, "clearTextPassword", "value04");
173 assert_true(has_password_changed(msg));
177 * middle attribute is a password attribute
179 msg = ldb_msg_new(ldb);
180 ldb_msg_add_string(msg, "attr01", "value01");
181 ldb_msg_add_string(msg, "attr02", "value02");
182 ldb_msg_add_string(msg, "unicodePwd", "pwd");
183 ldb_msg_add_string(msg, "attr03", "value03");
184 ldb_msg_add_string(msg, "attr04", "value04");
185 assert_true(has_password_changed(msg));
191 static void test_get_password_action(void **state)
193 struct ldb_context *ldb = NULL;
194 struct ldb_request *req = NULL;
195 struct ldb_reply *reply = NULL;
196 struct dsdb_control_password_acl_validation *pav = NULL;
199 TALLOC_CTX *ctx = talloc_new(NULL);
200 ldb = ldb_init(ctx, NULL);
203 * Add request, will always be a reset
205 ldb_build_add_req(&req, ldb, ctx, NULL, NULL, NULL, NULL, NULL);
206 reply = talloc_zero(ctx, struct ldb_reply);
207 assert_string_equal("Reset", get_password_action(req, reply));
212 * No password control acl, expect "Reset"
214 ldb_build_mod_req(&req, ldb, ctx, NULL, NULL, NULL, NULL, NULL);
215 reply = talloc_zero(ctx, struct ldb_reply);
216 assert_string_equal("Reset", get_password_action(req, reply));
221 * dsdb_control_password_acl_validation reset = false, expect "Change"
223 ret = ldb_build_mod_req(&req, ldb, ctx, NULL, NULL, NULL, NULL, NULL);
224 assert_int_equal(ret, LDB_SUCCESS);
225 reply = talloc_zero(ctx, struct ldb_reply);
226 pav = talloc_zero(req, struct dsdb_control_password_acl_validation);
228 ldb_reply_add_control(
230 DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID,
233 assert_string_equal("Change", get_password_action(req, reply));
238 * dsdb_control_password_acl_validation reset = true, expect "Reset"
240 ldb_build_mod_req(&req, ldb, ctx, NULL, NULL, NULL, NULL, NULL);
241 reply = talloc_zero(ctx, struct ldb_reply);
242 pav = talloc_zero(req, struct dsdb_control_password_acl_validation);
243 pav->pwd_reset = true;
245 ldb_reply_add_control(
247 DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID,
250 assert_string_equal("Reset", get_password_action(req, reply));
258 * Test helper to validate a version object.
260 static void check_version(struct json_t *version, int major, int minor)
262 struct json_t *v = NULL;
264 assert_true(json_is_object(version));
265 assert_int_equal(2, json_object_size(version));
267 v = json_object_get(version, "major");
269 assert_int_equal(major, json_integer_value(v));
271 v = json_object_get(version, "minor");
273 assert_int_equal(minor, json_integer_value(v));
277 * minimal unit test of operation_json, that ensures that all the expected
278 * attributes and objects are in the json object.
280 static void test_operation_json_empty(void **state)
282 struct ldb_context *ldb = NULL;
283 struct ldb_module *module = NULL;
284 struct ldb_request *req = NULL;
285 struct ldb_reply *reply = NULL;
286 struct audit_context *ac = NULL;
288 struct json_object json;
289 json_t *audit = NULL;
295 TALLOC_CTX *ctx = talloc_new(NULL);
297 ldb = ldb_init(ctx, NULL);
298 ac = talloc_zero(ctx, struct audit_context);
300 module = talloc_zero(ctx, struct ldb_module);
302 ldb_module_set_private(module, ac);
304 req = talloc_zero(ctx, struct ldb_request);
305 reply = talloc_zero(ctx, struct ldb_reply);
306 reply->error = LDB_SUCCESS;
309 json = operation_json(module, req, reply);
310 assert_int_equal(3, json_object_size(json.root));
313 v = json_object_get(json.root, "type");
315 assert_string_equal("dsdbChange", json_string_value(v));
317 v = json_object_get(json.root, "timestamp");
319 assert_true(json_is_string(v));
320 check_timestamp(before, json_string_value(v));
322 audit = json_object_get(json.root, "dsdbChange");
323 assert_non_null(audit);
324 assert_true(json_is_object(audit));
325 assert_int_equal(10, json_object_size(audit));
327 o = json_object_get(audit, "version");
329 check_version(o, OPERATION_MAJOR, OPERATION_MINOR);
331 v = json_object_get(audit, "statusCode");
333 assert_true(json_is_integer(v));
334 assert_int_equal(LDB_SUCCESS, json_integer_value(v));
336 v = json_object_get(audit, "status");
338 assert_true(json_is_string(v));
339 assert_string_equal("Success", json_string_value(v));
341 v = json_object_get(audit, "operation");
343 assert_true(json_is_string(v));
345 * Search operation constant is zero
347 assert_string_equal("Search", json_string_value(v));
349 v = json_object_get(audit, "remoteAddress");
351 assert_true(json_is_null(v));
353 v = json_object_get(audit, "userSid");
355 assert_true(json_is_null(v));
357 v = json_object_get(audit, "performedAsSystem");
359 assert_true(json_is_boolean(v));
360 assert_true(json_is_false(v));
363 v = json_object_get(audit, "dn");
365 assert_true(json_is_null(v));
367 v = json_object_get(audit, "transactionId");
369 assert_true(json_is_string(v));
371 "00000000-0000-0000-0000-000000000000",
372 json_string_value(v));
374 v = json_object_get(audit, "sessionId");
376 assert_true(json_is_null(v));
384 * unit test of operation_json, that ensures that all the expected
385 * attributes and objects are in the json object.
387 static void test_operation_json(void **state)
389 struct ldb_context *ldb = NULL;
390 struct ldb_module *module = NULL;
391 struct ldb_request *req = NULL;
392 struct ldb_reply *reply = NULL;
393 struct audit_context *ac = NULL;
395 struct tsocket_address *ts = NULL;
397 struct auth_session_info *sess = NULL;
398 struct security_token *token = NULL;
400 const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
401 const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
402 struct GUID session_id;
404 struct GUID transaction_id;
405 const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
407 struct ldb_dn *dn = NULL;
408 const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
410 struct ldb_message *msg = NULL;
412 struct json_object json;
413 json_t *audit = NULL;
426 TALLOC_CTX *ctx = talloc_new(NULL);
428 ldb = ldb_init(ctx, NULL);
430 ac = talloc_zero(ctx, struct audit_context);
431 GUID_from_string(TRANSACTION, &transaction_id);
432 ac->transaction_guid = transaction_id;
434 module = talloc_zero(ctx, struct ldb_module);
436 ldb_module_set_private(module, ac);
438 tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
439 ldb_set_opaque(ldb, "remoteAddress", ts);
441 sess = talloc_zero(ctx, struct auth_session_info);
442 token = talloc_zero(ctx, struct security_token);
443 string_to_sid(&sid, SID);
446 sess->security_token = token;
447 GUID_from_string(SESSION, &session_id);
448 sess->unique_session_token = session_id;
449 ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
451 msg = talloc_zero(ctx, struct ldb_message);
452 dn = ldb_dn_new(ctx, ldb, DN);
454 ldb_msg_add_string(msg, "attribute", "the-value");
456 req = talloc_zero(ctx, struct ldb_request);
457 req->operation = LDB_ADD;
458 req->op.add.message = msg;
460 reply = talloc_zero(ctx, struct ldb_reply);
461 reply->error = LDB_ERR_OPERATIONS_ERROR;
464 json = operation_json(module, req, reply);
465 assert_int_equal(3, json_object_size(json.root));
467 v = json_object_get(json.root, "type");
469 assert_string_equal("dsdbChange", json_string_value(v));
471 v = json_object_get(json.root, "timestamp");
473 assert_true(json_is_string(v));
474 check_timestamp(before, json_string_value(v));
476 audit = json_object_get(json.root, "dsdbChange");
477 assert_non_null(audit);
478 assert_true(json_is_object(audit));
479 assert_int_equal(11, json_object_size(audit));
481 o = json_object_get(audit, "version");
483 check_version(o, OPERATION_MAJOR, OPERATION_MINOR);
485 v = json_object_get(audit, "statusCode");
487 assert_true(json_is_integer(v));
488 assert_int_equal(LDB_ERR_OPERATIONS_ERROR, json_integer_value(v));
490 v = json_object_get(audit, "status");
492 assert_true(json_is_string(v));
493 assert_string_equal("Operations error", json_string_value(v));
495 v = json_object_get(audit, "operation");
497 assert_true(json_is_string(v));
498 assert_string_equal("Add", json_string_value(v));
500 v = json_object_get(audit, "remoteAddress");
502 assert_true(json_is_string(v));
503 assert_string_equal("ipv4:127.0.0.1:0", json_string_value(v));
505 v = json_object_get(audit, "userSid");
507 assert_true(json_is_string(v));
508 assert_string_equal(SID, json_string_value(v));
510 v = json_object_get(audit, "performedAsSystem");
512 assert_true(json_is_boolean(v));
513 assert_true(json_is_false(v));
515 v = json_object_get(audit, "dn");
517 assert_true(json_is_string(v));
518 assert_string_equal(DN, json_string_value(v));
520 v = json_object_get(audit, "transactionId");
522 assert_true(json_is_string(v));
523 assert_string_equal(TRANSACTION, json_string_value(v));
525 v = json_object_get(audit, "sessionId");
527 assert_true(json_is_string(v));
528 assert_string_equal(SESSION, json_string_value(v));
530 o = json_object_get(audit, "attributes");
532 assert_true(json_is_object(o));
533 assert_int_equal(1, json_object_size(o));
535 a = json_object_get(o, "attribute");
537 assert_true(json_is_object(a));
539 b = json_object_get(a, "actions");
541 assert_true(json_is_array(b));
542 assert_int_equal(1, json_array_size(b));
544 c = json_array_get(b, 0);
546 assert_true(json_is_object(c));
548 d = json_object_get(c, "action");
550 assert_true(json_is_string(d));
551 assert_string_equal("add", json_string_value(d));
553 e = json_object_get(c, "values");
555 assert_true(json_is_array(e));
556 assert_int_equal(1, json_array_size(e));
558 f = json_array_get(e, 0);
560 assert_true(json_is_object(f));
561 assert_int_equal(1, json_object_size(f));
563 g = json_object_get(f, "value");
565 assert_true(json_is_string(g));
566 assert_string_equal("the-value", json_string_value(g));
574 * unit test of operation_json, that ensures that all the expected
575 * attributes and objects are in the json object.
576 * In this case for an operation performed as the system user.
578 static void test_as_system_operation_json(void **state)
580 struct ldb_context *ldb = NULL;
581 struct ldb_module *module = NULL;
582 struct ldb_request *req = NULL;
583 struct ldb_reply *reply = NULL;
584 struct audit_context *ac = NULL;
586 struct tsocket_address *ts = NULL;
588 struct auth_session_info *sess = NULL;
589 struct auth_session_info *sys_sess = NULL;
590 struct security_token *token = NULL;
591 struct security_token *sys_token = NULL;
593 const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
594 const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
595 const char * const SYS_SESSION = "7130cb06-2062-6a1b-409e-3514c26b1998";
596 struct GUID session_id;
597 struct GUID sys_session_id;
599 struct GUID transaction_id;
600 const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
602 struct ldb_dn *dn = NULL;
603 const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
605 struct ldb_message *msg = NULL;
607 struct json_object json;
608 json_t *audit = NULL;
621 TALLOC_CTX *ctx = talloc_new(NULL);
623 ldb = ldb_init(ctx, NULL);
625 ac = talloc_zero(ctx, struct audit_context);
626 GUID_from_string(TRANSACTION, &transaction_id);
627 ac->transaction_guid = transaction_id;
629 module = talloc_zero(ctx, struct ldb_module);
631 ldb_module_set_private(module, ac);
633 tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
634 ldb_set_opaque(ldb, "remoteAddress", ts);
636 sess = talloc_zero(ctx, struct auth_session_info);
637 token = talloc_zero(ctx, struct security_token);
638 string_to_sid(&sid, SID);
641 sess->security_token = token;
642 GUID_from_string(SESSION, &session_id);
643 sess->unique_session_token = session_id;
644 ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, sess);
646 sys_sess = talloc_zero(ctx, struct auth_session_info);
647 sys_token = talloc_zero(ctx, struct security_token);
648 sys_token->num_sids = 1;
649 sys_token->sids = discard_const(&global_sid_System);
650 sys_sess->security_token = sys_token;
651 GUID_from_string(SYS_SESSION, &sys_session_id);
652 sess->unique_session_token = sys_session_id;
653 ldb_set_opaque(ldb, DSDB_SESSION_INFO, sys_sess);
655 msg = talloc_zero(ctx, struct ldb_message);
656 dn = ldb_dn_new(ctx, ldb, DN);
658 ldb_msg_add_string(msg, "attribute", "the-value");
660 req = talloc_zero(ctx, struct ldb_request);
661 req->operation = LDB_ADD;
662 req->op.add.message = msg;
664 reply = talloc_zero(ctx, struct ldb_reply);
665 reply->error = LDB_ERR_OPERATIONS_ERROR;
668 json = operation_json(module, req, reply);
669 assert_int_equal(3, json_object_size(json.root));
671 v = json_object_get(json.root, "type");
673 assert_string_equal("dsdbChange", json_string_value(v));
675 v = json_object_get(json.root, "timestamp");
677 assert_true(json_is_string(v));
678 check_timestamp(before, json_string_value(v));
680 audit = json_object_get(json.root, "dsdbChange");
681 assert_non_null(audit);
682 assert_true(json_is_object(audit));
683 assert_int_equal(11, json_object_size(audit));
685 o = json_object_get(audit, "version");
687 check_version(o, OPERATION_MAJOR, OPERATION_MINOR);
689 v = json_object_get(audit, "statusCode");
691 assert_true(json_is_integer(v));
692 assert_int_equal(LDB_ERR_OPERATIONS_ERROR, json_integer_value(v));
694 v = json_object_get(audit, "status");
696 assert_true(json_is_string(v));
697 assert_string_equal("Operations error", json_string_value(v));
699 v = json_object_get(audit, "operation");
701 assert_true(json_is_string(v));
702 assert_string_equal("Add", json_string_value(v));
704 v = json_object_get(audit, "remoteAddress");
706 assert_true(json_is_string(v));
707 assert_string_equal("ipv4:127.0.0.1:0", json_string_value(v));
709 v = json_object_get(audit, "userSid");
711 assert_true(json_is_string(v));
712 assert_string_equal(SID, json_string_value(v));
714 v = json_object_get(audit, "performedAsSystem");
716 assert_true(json_is_boolean(v));
717 assert_true(json_is_true(v));
719 v = json_object_get(audit, "dn");
721 assert_true(json_is_string(v));
722 assert_string_equal(DN, json_string_value(v));
724 v = json_object_get(audit, "transactionId");
726 assert_true(json_is_string(v));
727 assert_string_equal(TRANSACTION, json_string_value(v));
729 v = json_object_get(audit, "sessionId");
731 assert_true(json_is_string(v));
732 assert_string_equal(SYS_SESSION, json_string_value(v));
734 o = json_object_get(audit, "attributes");
736 assert_true(json_is_object(o));
737 assert_int_equal(1, json_object_size(o));
739 a = json_object_get(o, "attribute");
741 assert_true(json_is_object(a));
743 b = json_object_get(a, "actions");
745 assert_true(json_is_array(b));
746 assert_int_equal(1, json_array_size(b));
748 c = json_array_get(b, 0);
750 assert_true(json_is_object(c));
752 d = json_object_get(c, "action");
754 assert_true(json_is_string(d));
755 assert_string_equal("add", json_string_value(d));
757 e = json_object_get(c, "values");
759 assert_true(json_is_array(e));
760 assert_int_equal(1, json_array_size(e));
762 f = json_array_get(e, 0);
764 assert_true(json_is_object(f));
765 assert_int_equal(1, json_object_size(f));
767 g = json_object_get(f, "value");
769 assert_true(json_is_string(g));
770 assert_string_equal("the-value", json_string_value(g));
778 * minimal unit test of password_change_json, that ensures that all the expected
779 * attributes and objects are in the json object.
781 static void test_password_change_json_empty(void **state)
783 struct ldb_context *ldb = NULL;
784 struct ldb_module *module = NULL;
785 struct ldb_request *req = NULL;
786 struct ldb_reply *reply = NULL;
787 struct audit_context *ac = NULL;
789 struct json_object json;
790 json_t *audit = NULL;
796 TALLOC_CTX *ctx = talloc_new(NULL);
798 ldb = ldb_init(ctx, NULL);
799 ac = talloc_zero(ctx, struct audit_context);
801 module = talloc_zero(ctx, struct ldb_module);
803 ldb_module_set_private(module, ac);
805 req = talloc_zero(ctx, struct ldb_request);
806 reply = talloc_zero(ctx, struct ldb_reply);
807 reply->error = LDB_SUCCESS;
810 json = password_change_json(module, req, reply);
811 assert_int_equal(3, json_object_size(json.root));
814 v = json_object_get(json.root, "type");
816 assert_string_equal("passwordChange", json_string_value(v));
818 v = json_object_get(json.root, "timestamp");
820 assert_true(json_is_string(v));
821 check_timestamp(before, json_string_value(v));
823 audit = json_object_get(json.root, "passwordChange");
824 assert_non_null(audit);
825 assert_true(json_is_object(audit));
826 assert_int_equal(9, json_object_size(audit));
828 o = json_object_get(audit, "version");
831 v = json_object_get(audit, "statusCode");
834 v = json_object_get(audit, "status");
837 v = json_object_get(audit, "remoteAddress");
840 v = json_object_get(audit, "userSid");
843 v = json_object_get(audit, "dn");
846 v = json_object_get(audit, "transactionId");
849 v = json_object_get(audit, "sessionId");
852 v = json_object_get(audit, "action");
861 * minimal unit test of password_change_json, that ensures that all the expected
862 * attributes and objects are in the json object.
864 static void test_password_change_json(void **state)
866 struct ldb_context *ldb = NULL;
867 struct ldb_module *module = NULL;
868 struct ldb_request *req = NULL;
869 struct ldb_reply *reply = NULL;
870 struct audit_context *ac = NULL;
872 struct tsocket_address *ts = NULL;
874 struct auth_session_info *sess = NULL;
875 struct security_token *token = NULL;
877 const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
878 const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
879 struct GUID session_id;
881 struct GUID transaction_id;
882 const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
884 struct ldb_dn *dn = NULL;
885 const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
887 struct ldb_message *msg = NULL;
889 struct json_object json;
890 json_t *audit = NULL;
895 TALLOC_CTX *ctx = talloc_new(NULL);
897 ldb = ldb_init(ctx, NULL);
899 ac = talloc_zero(ctx, struct audit_context);
900 GUID_from_string(TRANSACTION, &transaction_id);
901 ac->transaction_guid = transaction_id;
903 module = talloc_zero(ctx, struct ldb_module);
905 ldb_module_set_private(module, ac);
907 tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
908 ldb_set_opaque(ldb, "remoteAddress", ts);
910 sess = talloc_zero(ctx, struct auth_session_info);
911 token = talloc_zero(ctx, struct security_token);
912 string_to_sid(&sid, SID);
915 sess->security_token = token;
916 GUID_from_string(SESSION, &session_id);
917 sess->unique_session_token = session_id;
918 ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
920 msg = talloc_zero(ctx, struct ldb_message);
921 dn = ldb_dn_new(ctx, ldb, DN);
923 ldb_msg_add_string(msg, "planTextPassword", "super-secret");
925 req = talloc_zero(ctx, struct ldb_request);
926 req->operation = LDB_ADD;
927 req->op.add.message = msg;
928 reply = talloc_zero(ctx, struct ldb_reply);
929 reply->error = LDB_SUCCESS;
932 json = password_change_json(module, req, reply);
933 assert_int_equal(3, json_object_size(json.root));
936 v = json_object_get(json.root, "type");
938 assert_string_equal("passwordChange", json_string_value(v));
940 v = json_object_get(json.root, "timestamp");
942 assert_true(json_is_string(v));
943 check_timestamp(before, json_string_value(v));
945 audit = json_object_get(json.root, "passwordChange");
946 assert_non_null(audit);
947 assert_true(json_is_object(audit));
948 assert_int_equal(9, json_object_size(audit));
950 o = json_object_get(audit, "version");
952 check_version(o, PASSWORD_MAJOR,PASSWORD_MINOR);
954 v = json_object_get(audit, "statusCode");
956 assert_true(json_is_integer(v));
957 assert_int_equal(LDB_SUCCESS, json_integer_value(v));
959 v = json_object_get(audit, "status");
961 assert_true(json_is_string(v));
962 assert_string_equal("Success", json_string_value(v));
964 v = json_object_get(audit, "remoteAddress");
966 assert_true(json_is_string(v));
967 assert_string_equal("ipv4:127.0.0.1:0", json_string_value(v));
969 v = json_object_get(audit, "userSid");
971 assert_true(json_is_string(v));
972 assert_string_equal(SID, json_string_value(v));
974 v = json_object_get(audit, "dn");
976 assert_true(json_is_string(v));
977 assert_string_equal(DN, json_string_value(v));
979 v = json_object_get(audit, "transactionId");
981 assert_true(json_is_string(v));
982 assert_string_equal(TRANSACTION, json_string_value(v));
984 v = json_object_get(audit, "sessionId");
986 assert_true(json_is_string(v));
987 assert_string_equal(SESSION, json_string_value(v));
989 v = json_object_get(audit, "action");
991 assert_true(json_is_string(v));
992 assert_string_equal("Reset", json_string_value(v));
1001 * minimal unit test of transaction_json, that ensures that all the expected
1002 * attributes and objects are in the json object.
1004 static void test_transaction_json(void **state)
1008 const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
1010 struct json_object json;
1011 json_t *audit = NULL;
1016 GUID_from_string(GUID, &guid);
1018 before = time(NULL);
1019 json = transaction_json("delete", &guid);
1021 assert_int_equal(3, json_object_size(json.root));
1024 v = json_object_get(json.root, "type");
1026 assert_string_equal("dsdbTransaction", json_string_value(v));
1028 v = json_object_get(json.root, "timestamp");
1030 assert_true(json_is_string(v));
1031 check_timestamp(before, json_string_value(v));
1033 audit = json_object_get(json.root, "dsdbTransaction");
1034 assert_non_null(audit);
1035 assert_true(json_is_object(audit));
1036 assert_int_equal(3, json_object_size(audit));
1038 o = json_object_get(audit, "version");
1040 check_version(o, TRANSACTION_MAJOR, TRANSACTION_MINOR);
1042 v = json_object_get(audit, "transactionId");
1044 assert_true(json_is_string(v));
1045 assert_string_equal(GUID, json_string_value(v));
1047 v = json_object_get(audit, "action");
1049 assert_true(json_is_string(v));
1050 assert_string_equal("delete", json_string_value(v));
1057 * minimal unit test of commit_failure_json, that ensures that all the
1058 * expected attributes and objects are in the json object.
1060 static void test_commit_failure_json(void **state)
1064 const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
1066 struct json_object json;
1067 json_t *audit = NULL;
1072 GUID_from_string(GUID, &guid);
1074 before = time(NULL);
1075 json = commit_failure_json(
1077 LDB_ERR_OPERATIONS_ERROR,
1081 assert_int_equal(3, json_object_size(json.root));
1084 v = json_object_get(json.root, "type");
1086 assert_string_equal("dsdbTransaction", json_string_value(v));
1088 v = json_object_get(json.root, "timestamp");
1090 assert_true(json_is_string(v));
1091 check_timestamp(before, json_string_value(v));
1093 audit = json_object_get(json.root, "dsdbTransaction");
1094 assert_non_null(audit);
1095 assert_true(json_is_object(audit));
1096 assert_int_equal(6, json_object_size(audit));
1098 o = json_object_get(audit, "version");
1100 check_version(o, TRANSACTION_MAJOR, TRANSACTION_MINOR);
1102 v = json_object_get(audit, "transactionId");
1104 assert_true(json_is_string(v));
1105 assert_string_equal(GUID, json_string_value(v));
1107 v = json_object_get(audit, "action");
1109 assert_true(json_is_string(v));
1110 assert_string_equal("prepare", json_string_value(v));
1112 v = json_object_get(audit, "statusCode");
1114 assert_true(json_is_integer(v));
1115 assert_int_equal(LDB_ERR_OPERATIONS_ERROR, json_integer_value(v));
1117 v = json_object_get(audit, "status");
1119 assert_true(json_is_string(v));
1120 assert_string_equal("Operations error", json_string_value(v));
1121 v = json_object_get(audit, "status");
1124 v = json_object_get(audit, "reason");
1126 assert_true(json_is_string(v));
1127 assert_string_equal("because", json_string_value(v));
1134 * minimal unit test of replicated_update_json, that ensures that all the
1135 * expected attributes and objects are in the json object.
1137 static void test_replicated_update_json_empty(void **state)
1139 struct ldb_context *ldb = NULL;
1140 struct ldb_module *module = NULL;
1141 struct ldb_request *req = NULL;
1142 struct ldb_reply *reply = NULL;
1143 struct audit_context *ac = NULL;
1144 struct dsdb_extended_replicated_objects *ro = NULL;
1145 struct repsFromTo1 *source_dsa = NULL;
1147 struct json_object json;
1148 json_t *audit = NULL;
1154 TALLOC_CTX *ctx = talloc_new(NULL);
1156 ldb = ldb_init(ctx, NULL);
1157 ac = talloc_zero(ctx, struct audit_context);
1159 module = talloc_zero(ctx, struct ldb_module);
1161 ldb_module_set_private(module, ac);
1163 source_dsa = talloc_zero(ctx, struct repsFromTo1);
1164 ro = talloc_zero(ctx, struct dsdb_extended_replicated_objects);
1165 ro->source_dsa = source_dsa;
1166 req = talloc_zero(ctx, struct ldb_request);
1167 req->op.extended.data = ro;
1168 req->operation = LDB_EXTENDED;
1169 reply = talloc_zero(ctx, struct ldb_reply);
1170 reply->error = LDB_SUCCESS;
1172 before = time(NULL);
1173 json = replicated_update_json(module, req, reply);
1174 assert_int_equal(3, json_object_size(json.root));
1177 v = json_object_get(json.root, "type");
1179 assert_string_equal("replicatedUpdate", json_string_value(v));
1181 v = json_object_get(json.root, "timestamp");
1183 assert_true(json_is_string(v));
1184 check_timestamp(before, json_string_value(v));
1186 audit = json_object_get(json.root, "replicatedUpdate");
1187 assert_non_null(audit);
1188 assert_true(json_is_object(audit));
1189 assert_int_equal(11, json_object_size(audit));
1191 o = json_object_get(audit, "version");
1193 check_version(o, REPLICATION_MAJOR, REPLICATION_MINOR);
1195 v = json_object_get(audit, "statusCode");
1197 assert_true(json_is_integer(v));
1198 assert_int_equal(LDB_SUCCESS, json_integer_value(v));
1200 v = json_object_get(audit, "status");
1202 assert_true(json_is_string(v));
1203 assert_string_equal("Success", json_string_value(v));
1205 v = json_object_get(audit, "transactionId");
1207 assert_true(json_is_string(v));
1208 assert_string_equal(
1209 "00000000-0000-0000-0000-000000000000",
1210 json_string_value(v));
1212 v = json_object_get(audit, "objectCount");
1214 assert_true(json_is_integer(v));
1215 assert_int_equal(0, json_integer_value(v));
1217 v = json_object_get(audit, "linkCount");
1219 assert_true(json_is_integer(v));
1220 assert_int_equal(0, json_integer_value(v));
1222 v = json_object_get(audit, "partitionDN");
1224 assert_true(json_is_null(v));
1226 v = json_object_get(audit, "error");
1228 assert_true(json_is_string(v));
1229 assert_string_equal(
1230 "The operation completed successfully.",
1231 json_string_value(v));
1233 v = json_object_get(audit, "errorCode");
1235 assert_true(json_is_integer(v));
1236 assert_int_equal(0, json_integer_value(v));
1238 v = json_object_get(audit, "sourceDsa");
1240 assert_true(json_is_string(v));
1241 assert_string_equal(
1242 "00000000-0000-0000-0000-000000000000",
1243 json_string_value(v));
1245 v = json_object_get(audit, "invocationId");
1247 assert_true(json_is_string(v));
1248 assert_string_equal(
1249 "00000000-0000-0000-0000-000000000000",
1250 json_string_value(v));
1258 * unit test of replicated_update_json, that ensures that all the expected
1259 * attributes and objects are in the json object.
1261 static void test_replicated_update_json(void **state)
1263 struct ldb_context *ldb = NULL;
1264 struct ldb_module *module = NULL;
1265 struct ldb_request *req = NULL;
1266 struct ldb_reply *reply = NULL;
1267 struct audit_context *ac = NULL;
1268 struct dsdb_extended_replicated_objects *ro = NULL;
1269 struct repsFromTo1 *source_dsa = NULL;
1271 struct GUID transaction_id;
1272 const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
1274 struct ldb_dn *dn = NULL;
1275 const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
1277 struct GUID source_dsa_obj_guid;
1278 const char *const SOURCE_DSA = "7130cb06-2062-6a1b-409e-3514c26b1793";
1280 struct GUID invocation_id;
1281 const char *const INVOCATION_ID =
1282 "7130cb06-2062-6a1b-409e-3514c26b1893";
1283 struct json_object json;
1284 json_t *audit = NULL;
1290 TALLOC_CTX *ctx = talloc_new(NULL);
1292 ldb = ldb_init(ctx, NULL);
1294 ac = talloc_zero(ctx, struct audit_context);
1295 GUID_from_string(TRANSACTION, &transaction_id);
1296 ac->transaction_guid = transaction_id;
1298 module = talloc_zero(ctx, struct ldb_module);
1300 ldb_module_set_private(module, ac);
1302 dn = ldb_dn_new(ctx, ldb, DN);
1303 GUID_from_string(SOURCE_DSA, &source_dsa_obj_guid);
1304 GUID_from_string(INVOCATION_ID, &invocation_id);
1305 source_dsa = talloc_zero(ctx, struct repsFromTo1);
1306 source_dsa->source_dsa_obj_guid = source_dsa_obj_guid;
1307 source_dsa->source_dsa_invocation_id = invocation_id;
1309 ro = talloc_zero(ctx, struct dsdb_extended_replicated_objects);
1310 ro->source_dsa = source_dsa;
1311 ro->num_objects = 808;
1312 ro->linked_attributes_count = 2910;
1313 ro->partition_dn = dn;
1314 ro->error = WERR_NOT_SUPPORTED;
1317 req = talloc_zero(ctx, struct ldb_request);
1318 req->op.extended.data = ro;
1319 req->operation = LDB_EXTENDED;
1321 reply = talloc_zero(ctx, struct ldb_reply);
1322 reply->error = LDB_ERR_NO_SUCH_OBJECT;
1324 before = time(NULL);
1325 json = replicated_update_json(module, req, reply);
1326 assert_int_equal(3, json_object_size(json.root));
1329 v = json_object_get(json.root, "type");
1331 assert_string_equal("replicatedUpdate", json_string_value(v));
1333 v = json_object_get(json.root, "timestamp");
1335 assert_true(json_is_string(v));
1336 check_timestamp(before, json_string_value(v));
1338 audit = json_object_get(json.root, "replicatedUpdate");
1339 assert_non_null(audit);
1340 assert_true(json_is_object(audit));
1341 assert_int_equal(11, json_object_size(audit));
1343 o = json_object_get(audit, "version");
1345 check_version(o, REPLICATION_MAJOR, REPLICATION_MINOR);
1347 v = json_object_get(audit, "statusCode");
1349 assert_true(json_is_integer(v));
1350 assert_int_equal(LDB_ERR_NO_SUCH_OBJECT, json_integer_value(v));
1352 v = json_object_get(audit, "status");
1354 assert_true(json_is_string(v));
1355 assert_string_equal("No such object", json_string_value(v));
1357 v = json_object_get(audit, "transactionId");
1359 assert_true(json_is_string(v));
1360 assert_string_equal(TRANSACTION, json_string_value(v));
1362 v = json_object_get(audit, "objectCount");
1364 assert_true(json_is_integer(v));
1365 assert_int_equal(808, json_integer_value(v));
1367 v = json_object_get(audit, "linkCount");
1369 assert_true(json_is_integer(v));
1370 assert_int_equal(2910, json_integer_value(v));
1372 v = json_object_get(audit, "partitionDN");
1374 assert_true(json_is_string(v));
1375 assert_string_equal(DN, json_string_value(v));
1377 v = json_object_get(audit, "error");
1379 assert_true(json_is_string(v));
1380 assert_string_equal(
1381 "The request is not supported.",
1382 json_string_value(v));
1384 v = json_object_get(audit, "errorCode");
1386 assert_true(json_is_integer(v));
1387 assert_int_equal(W_ERROR_V(WERR_NOT_SUPPORTED), json_integer_value(v));
1389 v = json_object_get(audit, "sourceDsa");
1391 assert_true(json_is_string(v));
1392 assert_string_equal(SOURCE_DSA, json_string_value(v));
1394 v = json_object_get(audit, "invocationId");
1396 assert_true(json_is_string(v));
1397 assert_string_equal(INVOCATION_ID, json_string_value(v));
1405 * minimal unit test of operation_human_readable, that ensures that all the
1406 * expected attributes and objects are in the json object.
1408 static void test_operation_hr_empty(void **state)
1410 struct ldb_context *ldb = NULL;
1411 struct ldb_module *module = NULL;
1412 struct ldb_request *req = NULL;
1413 struct ldb_reply *reply = NULL;
1414 struct audit_context *ac = NULL;
1417 const char *rs = NULL;
1422 TALLOC_CTX *ctx = talloc_new(NULL);
1424 ldb = ldb_init(ctx, NULL);
1425 ac = talloc_zero(ctx, struct audit_context);
1427 module = talloc_zero(ctx, struct ldb_module);
1429 ldb_module_set_private(module, ac);
1431 req = talloc_zero(ctx, struct ldb_request);
1432 reply = talloc_zero(ctx, struct ldb_reply);
1433 reply->error = LDB_SUCCESS;
1435 line = operation_human_readable(ctx, module, req, reply);
1436 assert_non_null(line);
1439 * We ignore the timestamp to make this test a little easier
1442 rs = "\\[Search] at \\["
1444 "\\] status \\[Success\\] remote host \\[Unknown\\]"
1445 " SID \\[(NULL SID)\\] DN \\[(null)\\]";
1447 ret = regcomp(®ex, rs, 0);
1448 assert_int_equal(0, ret);
1450 ret = regexec(®ex, line, 0, NULL, 0);
1451 assert_int_equal(0, ret);
1459 * unit test of operation_json, that ensures that all the expected
1460 * attributes and objects are in the json object.
1462 static void test_operation_hr(void **state)
1464 struct ldb_context *ldb = NULL;
1465 struct ldb_module *module = NULL;
1466 struct ldb_request *req = NULL;
1467 struct ldb_reply *reply = NULL;
1468 struct audit_context *ac = NULL;
1470 struct tsocket_address *ts = NULL;
1472 struct auth_session_info *sess = NULL;
1473 struct security_token *token = NULL;
1475 const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
1476 const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
1477 struct GUID session_id;
1479 struct GUID transaction_id;
1480 const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
1482 struct ldb_dn *dn = NULL;
1483 const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
1485 struct ldb_message *msg = NULL;
1488 const char *rs = NULL;
1494 TALLOC_CTX *ctx = talloc_new(NULL);
1496 ldb = ldb_init(ctx, NULL);
1498 ac = talloc_zero(ctx, struct audit_context);
1499 GUID_from_string(TRANSACTION, &transaction_id);
1500 ac->transaction_guid = transaction_id;
1502 module = talloc_zero(ctx, struct ldb_module);
1504 ldb_module_set_private(module, ac);
1506 tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
1507 ldb_set_opaque(ldb, "remoteAddress", ts);
1509 sess = talloc_zero(ctx, struct auth_session_info);
1510 token = talloc_zero(ctx, struct security_token);
1511 string_to_sid(&sid, SID);
1512 token->num_sids = 1;
1514 sess->security_token = token;
1515 GUID_from_string(SESSION, &session_id);
1516 sess->unique_session_token = session_id;
1517 ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
1519 msg = talloc_zero(ctx, struct ldb_message);
1520 dn = ldb_dn_new(ctx, ldb, DN);
1522 ldb_msg_add_string(msg, "attribute", "the-value");
1524 req = talloc_zero(ctx, struct ldb_request);
1525 req->operation = LDB_ADD;
1526 req->op.add.message = msg;
1527 reply = talloc_zero(ctx, struct ldb_reply);
1528 reply->error = LDB_SUCCESS;
1530 line = operation_human_readable(ctx, module, req, reply);
1531 assert_non_null(line);
1534 * We ignore the timestamp to make this test a little easier
1537 rs = "\\[Add\\] at \\["
1539 "\\] status \\[Success\\] "
1540 "remote host \\[ipv4:127.0.0.1:0\\] "
1541 "SID \\[S-1-5-21-2470180966-3899876309-2637894779\\] "
1542 "DN \\[dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG\\] "
1543 "attributes \\[attribute \\[the-value\\]\\]";
1545 ret = regcomp(®ex, rs, 0);
1546 assert_int_equal(0, ret);
1548 ret = regexec(®ex, line, 0, NULL, 0);
1549 assert_int_equal(0, ret);
1556 * unit test of operation_json, that ensures that all the expected
1557 * attributes and objects are in the json object.
1558 * In this case the operation is being performed in a system session.
1560 static void test_as_system_operation_hr(void **state)
1562 struct ldb_context *ldb = NULL;
1563 struct ldb_module *module = NULL;
1564 struct ldb_request *req = NULL;
1565 struct ldb_reply *reply = NULL;
1566 struct audit_context *ac = NULL;
1568 struct tsocket_address *ts = NULL;
1570 struct auth_session_info *sess = NULL;
1571 struct auth_session_info *sys_sess = NULL;
1572 struct security_token *token = NULL;
1573 struct security_token *sys_token = NULL;
1575 const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
1576 const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
1577 const char * const SYS_SESSION = "7130cb06-2062-6a1b-409e-3514c26b1999";
1578 struct GUID session_id;
1579 struct GUID sys_session_id;
1581 struct GUID transaction_id;
1582 const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
1584 struct ldb_dn *dn = NULL;
1585 const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
1587 struct ldb_message *msg = NULL;
1590 const char *rs = NULL;
1596 TALLOC_CTX *ctx = talloc_new(NULL);
1598 ldb = ldb_init(ctx, NULL);
1600 ac = talloc_zero(ctx, struct audit_context);
1601 GUID_from_string(TRANSACTION, &transaction_id);
1602 ac->transaction_guid = transaction_id;
1604 module = talloc_zero(ctx, struct ldb_module);
1606 ldb_module_set_private(module, ac);
1608 tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
1609 ldb_set_opaque(ldb, "remoteAddress", ts);
1611 sess = talloc_zero(ctx, struct auth_session_info);
1612 token = talloc_zero(ctx, struct security_token);
1613 string_to_sid(&sid, SID);
1614 token->num_sids = 1;
1616 sess->security_token = token;
1617 GUID_from_string(SESSION, &session_id);
1618 sess->unique_session_token = session_id;
1619 ldb_set_opaque(ldb, DSDB_NETWORK_SESSION_INFO, sess);
1621 sys_sess = talloc_zero(ctx, struct auth_session_info);
1622 sys_token = talloc_zero(ctx, struct security_token);
1623 sys_token->num_sids = 1;
1624 sys_token->sids = discard_const(&global_sid_System);
1625 sys_sess->security_token = sys_token;
1626 GUID_from_string(SYS_SESSION, &sys_session_id);
1627 sess->unique_session_token = sys_session_id;
1628 ldb_set_opaque(ldb, DSDB_SESSION_INFO, sys_sess);
1630 msg = talloc_zero(ctx, struct ldb_message);
1631 dn = ldb_dn_new(ctx, ldb, DN);
1633 ldb_msg_add_string(msg, "attribute", "the-value");
1635 req = talloc_zero(ctx, struct ldb_request);
1636 req->operation = LDB_ADD;
1637 req->op.add.message = msg;
1638 reply = talloc_zero(ctx, struct ldb_reply);
1639 reply->error = LDB_SUCCESS;
1641 line = operation_human_readable(ctx, module, req, reply);
1642 assert_non_null(line);
1645 * We ignore the timestamp to make this test a little easier
1648 rs = "\\[Add\\] at \\["
1650 "\\] status \\[Success\\] "
1651 "remote host \\[ipv4:127.0.0.1:0\\] "
1652 "SID \\[S-1-5-21-2470180966-3899876309-2637894779\\] "
1653 "DN \\[dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG\\] "
1654 "attributes \\[attribute \\[the-value\\]\\]";
1656 ret = regcomp(®ex, rs, 0);
1657 assert_int_equal(0, ret);
1659 ret = regexec(®ex, line, 0, NULL, 0);
1660 assert_int_equal(0, ret);
1667 * minimal unit test of password_change_json, that ensures that all the expected
1668 * attributes and objects are in the json object.
1670 static void test_password_change_hr_empty(void **state)
1672 struct ldb_context *ldb = NULL;
1673 struct ldb_module *module = NULL;
1674 struct ldb_request *req = NULL;
1675 struct ldb_reply *reply = NULL;
1676 struct audit_context *ac = NULL;
1679 const char *rs = NULL;
1683 TALLOC_CTX *ctx = talloc_new(NULL);
1685 ldb = ldb_init(ctx, NULL);
1686 ac = talloc_zero(ctx, struct audit_context);
1688 module = talloc_zero(ctx, struct ldb_module);
1690 ldb_module_set_private(module, ac);
1692 req = talloc_zero(ctx, struct ldb_request);
1693 reply = talloc_zero(ctx, struct ldb_reply);
1694 reply->error = LDB_SUCCESS;
1696 line = password_change_human_readable(ctx, module, req, reply);
1697 assert_non_null(line);
1700 * We ignore the timestamp to make this test a little easier
1703 rs = "\\[Reset] at \\["
1705 "\\] status \\[Success\\] remote host \\[Unknown\\]"
1706 " SID \\[(NULL SID)\\] DN \\[(null)\\]";
1708 ret = regcomp(®ex, rs, 0);
1709 assert_int_equal(0, ret);
1711 ret = regexec(®ex, line, 0, NULL, 0);
1712 assert_int_equal(0, ret);
1719 * minimal unit test of password_change_json, that ensures that all the expected
1720 * attributes and objects are in the json object.
1722 static void test_password_change_hr(void **state)
1724 struct ldb_context *ldb = NULL;
1725 struct ldb_module *module = NULL;
1726 struct ldb_request *req = NULL;
1727 struct ldb_reply *reply = NULL;
1728 struct audit_context *ac = NULL;
1730 struct tsocket_address *ts = NULL;
1732 struct auth_session_info *sess = NULL;
1733 struct security_token *token = NULL;
1735 const char *const SID = "S-1-5-21-2470180966-3899876309-2637894779";
1736 const char * const SESSION = "7130cb06-2062-6a1b-409e-3514c26b1773";
1737 struct GUID session_id;
1739 struct GUID transaction_id;
1740 const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
1742 struct ldb_dn *dn = NULL;
1743 const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
1745 struct ldb_message *msg = NULL;
1748 const char *rs = NULL;
1752 TALLOC_CTX *ctx = talloc_new(NULL);
1754 ldb = ldb_init(ctx, NULL);
1756 ac = talloc_zero(ctx, struct audit_context);
1757 GUID_from_string(TRANSACTION, &transaction_id);
1758 ac->transaction_guid = transaction_id;
1760 module = talloc_zero(ctx, struct ldb_module);
1762 ldb_module_set_private(module, ac);
1764 tsocket_address_inet_from_strings(ctx, "ip", "127.0.0.1", 0, &ts);
1765 ldb_set_opaque(ldb, "remoteAddress", ts);
1767 sess = talloc_zero(ctx, struct auth_session_info);
1768 token = talloc_zero(ctx, struct security_token);
1769 string_to_sid(&sid, SID);
1770 token->num_sids = 1;
1772 sess->security_token = token;
1773 GUID_from_string(SESSION, &session_id);
1774 sess->unique_session_token = session_id;
1775 ldb_set_opaque(ldb, DSDB_SESSION_INFO, sess);
1777 msg = talloc_zero(ctx, struct ldb_message);
1778 dn = ldb_dn_new(ctx, ldb, DN);
1780 ldb_msg_add_string(msg, "planTextPassword", "super-secret");
1782 req = talloc_zero(ctx, struct ldb_request);
1783 req->operation = LDB_ADD;
1784 req->op.add.message = msg;
1785 reply = talloc_zero(ctx, struct ldb_reply);
1786 reply->error = LDB_SUCCESS;
1788 line = password_change_human_readable(ctx, module, req, reply);
1789 assert_non_null(line);
1792 * We ignore the timestamp to make this test a little easier
1795 rs = "\\[Reset\\] at \\["
1797 "\\] status \\[Success\\] "
1798 "remote host \\[ipv4:127.0.0.1:0\\] "
1799 "SID \\[S-1-5-21-2470180966-3899876309-2637894779\\] "
1800 "DN \\[dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG\\]";
1802 ret = regcomp(®ex, rs, 0);
1803 assert_int_equal(0, ret);
1805 ret = regexec(®ex, line, 0, NULL, 0);
1806 assert_int_equal(0, ret);
1814 * minimal unit test of transaction_json, that ensures that all the expected
1815 * attributes and objects are in the json object.
1817 static void test_transaction_hr(void **state)
1821 const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
1824 const char *rs = NULL;
1828 TALLOC_CTX *ctx = talloc_new(NULL);
1830 GUID_from_string(GUID, &guid);
1832 line = transaction_human_readable(ctx, "delete");
1833 assert_non_null(line);
1836 * We ignore the timestamp to make this test a little easier
1839 rs = "\\[delete] at \\[[^[]*\\]";
1841 ret = regcomp(®ex, rs, 0);
1842 assert_int_equal(0, ret);
1844 ret = regexec(®ex, line, 0, NULL, 0);
1845 assert_int_equal(0, ret);
1853 * minimal unit test of commit_failure_hr, that ensures
1854 * that all the expected conten is in the log entry.
1856 static void test_commit_failure_hr(void **state)
1860 const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
1863 const char *rs = NULL;
1867 TALLOC_CTX *ctx = talloc_new(NULL);
1869 GUID_from_string(GUID, &guid);
1871 line = commit_failure_human_readable(
1874 LDB_ERR_OPERATIONS_ERROR,
1877 assert_non_null(line);
1880 * We ignore the timestamp to make this test a little easier
1883 rs = "\\[commit\\] at \\[[^[]*\\] status \\[1\\] reason \\[because\\]";
1885 ret = regcomp(®ex, rs, 0);
1886 assert_int_equal(0, ret);
1888 ret = regexec(®ex, line, 0, NULL, 0);
1889 assert_int_equal(0, ret);
1895 static void test_add_transaction_id(void **state)
1897 struct ldb_module *module = NULL;
1898 struct ldb_request *req = NULL;
1899 struct audit_context *ac = NULL;
1901 const char * const GUID = "7130cb06-2062-6a1b-409e-3514c26b1773";
1902 struct ldb_control * control = NULL;
1905 TALLOC_CTX *ctx = talloc_new(NULL);
1907 ac = talloc_zero(ctx, struct audit_context);
1908 GUID_from_string(GUID, &guid);
1909 ac->transaction_guid = guid;
1911 module = talloc_zero(ctx, struct ldb_module);
1912 ldb_module_set_private(module, ac);
1914 req = talloc_zero(ctx, struct ldb_request);
1916 status = add_transaction_id(module, req);
1917 assert_int_equal(LDB_SUCCESS, status);
1919 control = ldb_request_get_control(
1921 DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID);
1922 assert_non_null(control);
1923 assert_memory_equal(
1924 &ac->transaction_guid,
1926 sizeof(struct GUID));
1931 static void test_log_attributes(void **state)
1933 struct ldb_message *msg = NULL;
1937 char lv[MAX_LENGTH+2];
1938 char ex[MAX_LENGTH+80];
1940 TALLOC_CTX *ctx = talloc_new(NULL);
1944 * Test an empty message
1945 * Should get empty attributes representation.
1947 buf = talloc_zero(ctx, char);
1948 msg = talloc_zero(ctx, struct ldb_message);
1950 str = log_attributes(ctx, buf, LDB_ADD, msg);
1951 assert_string_equal("", str);
1957 * Test a message with a single secret attribute
1959 buf = talloc_zero(ctx, char);
1960 msg = talloc_zero(ctx, struct ldb_message);
1961 ldb_msg_add_string(msg, "clearTextPassword", "secret");
1963 str = log_attributes(ctx, buf, LDB_ADD, msg);
1964 assert_string_equal(
1965 "clearTextPassword [REDACTED SECRET ATTRIBUTE]",
1969 * Test as a modify message, should add an action
1970 * action will be unknown as there are no ACL's set
1972 buf = talloc_zero(ctx, char);
1973 str = log_attributes(ctx, buf, LDB_MODIFY, msg);
1974 assert_string_equal(
1975 "unknown: clearTextPassword [REDACTED SECRET ATTRIBUTE]",
1982 * Test a message with a single attribute, single valued attribute
1984 buf = talloc_zero(ctx, char);
1985 msg = talloc_zero(ctx, struct ldb_message);
1986 ldb_msg_add_string(msg, "attribute", "value");
1988 str = log_attributes(ctx, buf, LDB_ADD, msg);
1989 assert_string_equal(
1990 "attribute [value]",
1997 * Test a message with a single attribute, single valued attribute
2000 buf = talloc_zero(ctx, char);
2001 msg = talloc_zero(ctx, struct ldb_message);
2002 ldb_msg_add_string(msg, "attribute", "value");
2004 str = log_attributes(ctx, buf, LDB_MODIFY, msg);
2005 assert_string_equal(
2006 "unknown: attribute [value]",
2013 * Test a message with multiple attributes and a multi-valued attribute
2016 buf = talloc_zero(ctx, char);
2017 msg = talloc_zero(ctx, struct ldb_message);
2018 ldb_msg_add_string(msg, "attribute01", "value01");
2019 ldb_msg_add_string(msg, "attribute02", "value02");
2020 ldb_msg_add_string(msg, "attribute02", "value03");
2022 str = log_attributes(ctx, buf, LDB_MODIFY, msg);
2023 assert_string_equal(
2024 "unknown: attribute01 [value01] "
2025 "unknown: attribute02 [value02] [value03]",
2032 * Test a message with a single attribute, single valued attribute
2033 * with a non printable character. Should be base64 encoded
2035 buf = talloc_zero(ctx, char);
2036 msg = talloc_zero(ctx, struct ldb_message);
2037 ldb_msg_add_string(msg, "attribute", "value\n");
2039 str = log_attributes(ctx, buf, LDB_ADD, msg);
2040 assert_string_equal("attribute {dmFsdWUK}", str);
2046 * Test a message with a single valued attribute
2047 * with more than MAX_LENGTH characters, should be truncated with
2050 buf = talloc_zero(ctx, char);
2051 msg = talloc_zero(ctx, struct ldb_message);
2052 memset(lv, '\0', sizeof(lv));
2053 memset(lv, 'x', MAX_LENGTH+1);
2054 ldb_msg_add_string(msg, "attribute", lv);
2056 str = log_attributes(ctx, buf, LDB_ADD, msg);
2057 snprintf(ex, sizeof(ex), "attribute [%.*s...]", MAX_LENGTH, lv);
2058 assert_string_equal(ex, str);
2067 * minimal unit test of replicated_update_human_readable
2069 static void test_replicated_update_hr_empty(void **state)
2071 struct ldb_context *ldb = NULL;
2072 struct ldb_module *module = NULL;
2073 struct ldb_request *req = NULL;
2074 struct ldb_reply *reply = NULL;
2075 struct audit_context *ac = NULL;
2076 struct dsdb_extended_replicated_objects *ro = NULL;
2077 struct repsFromTo1 *source_dsa = NULL;
2079 const char* line = NULL;
2080 const char *rs = NULL;
2084 TALLOC_CTX *ctx = talloc_new(NULL);
2086 ldb = ldb_init(ctx, NULL);
2087 ac = talloc_zero(ctx, struct audit_context);
2089 module = talloc_zero(ctx, struct ldb_module);
2091 ldb_module_set_private(module, ac);
2093 source_dsa = talloc_zero(ctx, struct repsFromTo1);
2094 ro = talloc_zero(ctx, struct dsdb_extended_replicated_objects);
2095 ro->source_dsa = source_dsa;
2096 req = talloc_zero(ctx, struct ldb_request);
2097 req->op.extended.data = ro;
2098 req->operation = LDB_EXTENDED;
2099 reply = talloc_zero(ctx, struct ldb_reply);
2100 reply->error = LDB_SUCCESS;
2102 line = replicated_update_human_readable(ctx, module, req, reply);
2103 assert_non_null(line);
2105 * We ignore the timestamp to make this test a little easier
2108 rs = "at \\[[^[]*\\] "
2109 "status \\[Success\\] "
2110 "error \\[The operation completed successfully.\\] "
2111 "partition \\[(null)\\] objects \\[0\\] links \\[0\\] "
2112 "object \\[00000000-0000-0000-0000-000000000000\\] "
2113 "invocation \\[00000000-0000-0000-0000-000000000000\\]";
2115 ret = regcomp(®ex, rs, 0);
2116 assert_int_equal(0, ret);
2118 ret = regexec(®ex, line, 0, NULL, 0);
2119 assert_int_equal(0, ret);
2127 * unit test of replicated_update_human_readable
2129 static void test_replicated_update_hr(void **state)
2131 struct ldb_context *ldb = NULL;
2132 struct ldb_module *module = NULL;
2133 struct ldb_request *req = NULL;
2134 struct ldb_reply *reply = NULL;
2135 struct audit_context *ac = NULL;
2136 struct dsdb_extended_replicated_objects *ro = NULL;
2137 struct repsFromTo1 *source_dsa = NULL;
2139 struct GUID transaction_id;
2140 const char *const TRANSACTION = "7130cb06-2062-6a1b-409e-3514c26b1773";
2142 struct ldb_dn *dn = NULL;
2143 const char *const DN = "dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG";
2145 struct GUID source_dsa_obj_guid;
2146 const char *const SOURCE_DSA = "7130cb06-2062-6a1b-409e-3514c26b1793";
2148 struct GUID invocation_id;
2149 const char *const INVOCATION_ID =
2150 "7130cb06-2062-6a1b-409e-3514c26b1893";
2152 const char* line = NULL;
2153 const char *rs = NULL;
2158 TALLOC_CTX *ctx = talloc_new(NULL);
2160 ldb = ldb_init(ctx, NULL);
2162 ac = talloc_zero(ctx, struct audit_context);
2163 GUID_from_string(TRANSACTION, &transaction_id);
2164 ac->transaction_guid = transaction_id;
2166 module = talloc_zero(ctx, struct ldb_module);
2168 ldb_module_set_private(module, ac);
2170 dn = ldb_dn_new(ctx, ldb, DN);
2171 GUID_from_string(SOURCE_DSA, &source_dsa_obj_guid);
2172 GUID_from_string(INVOCATION_ID, &invocation_id);
2173 source_dsa = talloc_zero(ctx, struct repsFromTo1);
2174 source_dsa->source_dsa_obj_guid = source_dsa_obj_guid;
2175 source_dsa->source_dsa_invocation_id = invocation_id;
2177 ro = talloc_zero(ctx, struct dsdb_extended_replicated_objects);
2178 ro->source_dsa = source_dsa;
2179 ro->num_objects = 808;
2180 ro->linked_attributes_count = 2910;
2181 ro->partition_dn = dn;
2182 ro->error = WERR_NOT_SUPPORTED;
2185 req = talloc_zero(ctx, struct ldb_request);
2186 req->op.extended.data = ro;
2187 req->operation = LDB_EXTENDED;
2189 reply = talloc_zero(ctx, struct ldb_reply);
2190 reply->error = LDB_ERR_NO_SUCH_OBJECT;
2192 line = replicated_update_human_readable(ctx, module, req, reply);
2193 assert_non_null(line);
2196 * We ignore the timestamp to make this test a little easier
2199 rs = "at \\[[^[]*\\] "
2200 "status \\[No such object\\] "
2201 "error \\[The request is not supported.\\] "
2202 "partition \\[dn=CN=USER,CN=Users,DC=SAMBA,DC=ORG\\] "
2203 "objects \\[808\\] links \\[2910\\] "
2204 "object \\[7130cb06-2062-6a1b-409e-3514c26b1793\\] "
2205 "invocation \\[7130cb06-2062-6a1b-409e-3514c26b1893\\]";
2207 ret = regcomp(®ex, rs, 0);
2208 assert_int_equal(0, ret);
2210 ret = regexec(®ex, line, 0, NULL, 0);
2211 assert_int_equal(0, ret);
2218 const struct CMUnitTest tests[] = {
2219 cmocka_unit_test(test_has_password_changed),
2220 cmocka_unit_test(test_get_password_action),
2221 cmocka_unit_test(test_operation_json_empty),
2222 cmocka_unit_test(test_operation_json),
2223 cmocka_unit_test(test_as_system_operation_json),
2224 cmocka_unit_test(test_password_change_json_empty),
2225 cmocka_unit_test(test_password_change_json),
2226 cmocka_unit_test(test_transaction_json),
2227 cmocka_unit_test(test_commit_failure_json),
2228 cmocka_unit_test(test_replicated_update_json_empty),
2229 cmocka_unit_test(test_replicated_update_json),
2230 cmocka_unit_test(test_add_transaction_id),
2231 cmocka_unit_test(test_operation_hr_empty),
2232 cmocka_unit_test(test_operation_hr),
2233 cmocka_unit_test(test_as_system_operation_hr),
2234 cmocka_unit_test(test_password_change_hr_empty),
2235 cmocka_unit_test(test_password_change_hr),
2236 cmocka_unit_test(test_transaction_hr),
2237 cmocka_unit_test(test_commit_failure_hr),
2238 cmocka_unit_test(test_log_attributes),
2239 cmocka_unit_test(test_replicated_update_hr_empty),
2240 cmocka_unit_test(test_replicated_update_hr),
2243 cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
2244 return cmocka_run_group_tests(tests, NULL, NULL);