The branch, master has been updated
via f033645 selftest: Use a longer self.account_lockout_duration and
self.lockout_observation_window
via 9ff1fa5 selftest: Use self.account_lockout_duration in
self.update_lockout_settings for password_lockout tests
via 9f38df8 Document that vfs_full_audit defaults are "none" for the
successful and failed operations.
via d63b24d Make "none" the default setting for the successful and
failed operations in the vfs_full_audit, so you don't blow up your server by
just adding this module to the configuration.
via 32e5b18 Make sure that vfs*audit modules recognize and accept all
the syslog facilities.
from dda99e4 ctdb-tests: Switch to using new event daemon
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f03364570fd96eca636a85019107e970065260b8
Author: Andrew Bartlett <[email protected]>
Date: Tue Jul 3 12:28:27 2018 +1200
selftest: Use a longer self.account_lockout_duration and
self.lockout_observation_window
This matches the changes made in the PSO tests and slows down the
whole testsuite but may make it more reliable on slower build hosts.
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
Autobuild-User(master): Andrew Bartlett <[email protected]>
Autobuild-Date(master): Thu Jul 5 12:29:31 CEST 2018 on sn-devel-144
commit 9ff1fa56f68044142b6664fd703ebbb3f53d4725
Author: Andrew Bartlett <[email protected]>
Date: Tue Jul 3 12:27:24 2018 +1200
selftest: Use self.account_lockout_duration in self.update_lockout_settings
for password_lockout tests
This allows the account_lockout_duration and
lockout_observation_window to be updated with longer values to cope
with slower build servers.
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
commit 9f38df8337d694a1ac543629efb004ed52f07047
Author: Timur I. Bakeyev <[email protected]>
Date: Fri Jun 22 12:36:07 2018 +0800
Document that vfs_full_audit defaults are "none" for the successful and
failed operations.
Signed-off-by: Timur I. Bakeyev <[email protected]>
Reviewed-by: Gary Lockyer <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit d63b24d5ae7898d93cc5428b029bff83bd59e5dc
Author: Timur I. Bakeyev <[email protected]>
Date: Fri Jun 22 12:19:42 2018 +0800
Make "none" the default setting for the successful and failed operations in
the vfs_full_audit, so you don't blow up your server by just adding this module
to the configuration.
Signed-off-by: Timur I. Bakeyev <[email protected]>
Reviewed-by: Gary Lockyer <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 32e5b18d49332dff67833a9177032f85a4287717
Author: Timur I. Bakeyev <[email protected]>
Date: Mon Jul 2 01:05:36 2018 +0200
Make sure that vfs*audit modules recognize and accept all the syslog
facilities.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13436
Signed-off-by: Timur I. Bakeyev <[email protected]>
Reviewed-by: Gary Lockyer <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_full_audit.8.xml | 4 +-
source3/modules/vfs_audit.c | 38 +++++++++++++------
source3/modules/vfs_extd_audit.c | 38 +++++++++++++------
source3/modules/vfs_full_audit.c | 43 +++++++++++++++-------
source4/dsdb/tests/python/password_lockout_base.py | 9 +++--
5 files changed, 91 insertions(+), 41 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_full_audit.8.xml
b/docs-xml/manpages/vfs_full_audit.8.xml
index 7da3e3b..7b17e2e 100644
--- a/docs-xml/manpages/vfs_full_audit.8.xml
+++ b/docs-xml/manpages/vfs_full_audit.8.xml
@@ -162,7 +162,7 @@
<para>LIST is a list of VFS operations that should be
recorded if they succeed. Operations are specified using
the names listed above. Operations can be unset by prefixing
- the names with "!". The default is all operations.
+ the names with "!". The default is none operations.
</para>
</listitem>
@@ -174,7 +174,7 @@
<para>LIST is a list of VFS operations that should be
recorded if they failed. Operations are specified using
the names listed above. Operations can be unset by prefixing
- the names with "!". The default is all operations.
+ the names with "!". The default is none operations.
</para>
</listitem>
diff --git a/source3/modules/vfs_audit.c b/source3/modules/vfs_audit.c
index 24bc1e8..95a595b 100644
--- a/source3/modules/vfs_audit.c
+++ b/source3/modules/vfs_audit.c
@@ -33,16 +33,32 @@
static int audit_syslog_facility(vfs_handle_struct *handle)
{
static const struct enum_list enum_log_facilities[] = {
- { LOG_USER, "USER" },
- { LOG_LOCAL0, "LOCAL0" },
- { LOG_LOCAL1, "LOCAL1" },
- { LOG_LOCAL2, "LOCAL2" },
- { LOG_LOCAL3, "LOCAL3" },
- { LOG_LOCAL4, "LOCAL4" },
- { LOG_LOCAL5, "LOCAL5" },
- { LOG_LOCAL6, "LOCAL6" },
- { LOG_LOCAL7, "LOCAL7" },
- { -1, NULL}
+ { LOG_AUTH, "AUTH" },
+ { LOG_CRON, "CRON" },
+ { LOG_DAEMON, "DAEMON" },
+ { LOG_FTP, "FTP" },
+ { LOG_KERN, "KERN" },
+ { LOG_LPR, "LPR" },
+ { LOG_MAIL, "MAIL" },
+ { LOG_NEWS, "NEWS" },
+#ifdef LOG_NTP
+ { LOG_NTP, "NTP" },
+#endif
+#ifdef LOG_SECURITY
+ { LOG_SECURITY, "SECURITY" },
+#endif
+ { LOG_SYSLOG, "SYSLOG" },
+ { LOG_USER, "USER" },
+ { LOG_UUCP, "UUCP" },
+ { LOG_LOCAL0, "LOCAL0" },
+ { LOG_LOCAL1, "LOCAL1" },
+ { LOG_LOCAL2, "LOCAL2" },
+ { LOG_LOCAL3, "LOCAL3" },
+ { LOG_LOCAL4, "LOCAL4" },
+ { LOG_LOCAL5, "LOCAL5" },
+ { LOG_LOCAL6, "LOCAL6" },
+ { LOG_LOCAL7, "LOCAL7" },
+ { -1, NULL }
};
int facility;
@@ -64,7 +80,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
{ LOG_NOTICE, "NOTICE" },
{ LOG_INFO, "INFO" },
{ LOG_DEBUG, "DEBUG" },
- { -1, NULL}
+ { -1, NULL }
};
int priority;
diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c
index 50bd6f8..a76bb78 100644
--- a/source3/modules/vfs_extd_audit.c
+++ b/source3/modules/vfs_extd_audit.c
@@ -36,16 +36,32 @@ static int vfs_extd_audit_debug_level = DBGC_VFS;
static int audit_syslog_facility(vfs_handle_struct *handle)
{
static const struct enum_list enum_log_facilities[] = {
- { LOG_USER, "USER" },
- { LOG_LOCAL0, "LOCAL0" },
- { LOG_LOCAL1, "LOCAL1" },
- { LOG_LOCAL2, "LOCAL2" },
- { LOG_LOCAL3, "LOCAL3" },
- { LOG_LOCAL4, "LOCAL4" },
- { LOG_LOCAL5, "LOCAL5" },
- { LOG_LOCAL6, "LOCAL6" },
- { LOG_LOCAL7, "LOCAL7" },
- { -1, NULL}
+ { LOG_AUTH, "AUTH" },
+ { LOG_CRON, "CRON" },
+ { LOG_DAEMON, "DAEMON" },
+ { LOG_FTP, "FTP" },
+ { LOG_KERN, "KERN" },
+ { LOG_LPR, "LPR" },
+ { LOG_MAIL, "MAIL" },
+ { LOG_NEWS, "NEWS" },
+#ifdef LOG_NTP
+ { LOG_NTP, "NTP" },
+#endif
+#ifdef LOG_SECURITY
+ { LOG_SECURITY, "SECURITY" },
+#endif
+ { LOG_SYSLOG, "SYSLOG" },
+ { LOG_USER, "USER" },
+ { LOG_UUCP, "UUCP" },
+ { LOG_LOCAL0, "LOCAL0" },
+ { LOG_LOCAL1, "LOCAL1" },
+ { LOG_LOCAL2, "LOCAL2" },
+ { LOG_LOCAL3, "LOCAL3" },
+ { LOG_LOCAL4, "LOCAL4" },
+ { LOG_LOCAL5, "LOCAL5" },
+ { LOG_LOCAL6, "LOCAL6" },
+ { LOG_LOCAL7, "LOCAL7" },
+ { -1, NULL }
};
int facility;
@@ -67,7 +83,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
{ LOG_NOTICE, "NOTICE" },
{ LOG_INFO, "INFO" },
{ LOG_DEBUG, "DEBUG" },
- { -1, NULL}
+ { -1, NULL }
};
int priority;
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index d76ec40..7cef6a5 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -350,16 +350,32 @@ static struct {
static int audit_syslog_facility(vfs_handle_struct *handle)
{
static const struct enum_list enum_log_facilities[] = {
- { LOG_USER, "USER" },
- { LOG_LOCAL0, "LOCAL0" },
- { LOG_LOCAL1, "LOCAL1" },
- { LOG_LOCAL2, "LOCAL2" },
- { LOG_LOCAL3, "LOCAL3" },
- { LOG_LOCAL4, "LOCAL4" },
- { LOG_LOCAL5, "LOCAL5" },
- { LOG_LOCAL6, "LOCAL6" },
- { LOG_LOCAL7, "LOCAL7" },
- { -1, NULL}
+ { LOG_AUTH, "AUTH" },
+ { LOG_CRON, "CRON" },
+ { LOG_DAEMON, "DAEMON" },
+ { LOG_FTP, "FTP" },
+ { LOG_KERN, "KERN" },
+ { LOG_LPR, "LPR" },
+ { LOG_MAIL, "MAIL" },
+ { LOG_NEWS, "NEWS" },
+#ifdef LOG_NTP
+ { LOG_NTP, "NTP" },
+#endif
+#ifdef LOG_SECURITY
+ { LOG_SECURITY, "SECURITY" },
+#endif
+ { LOG_SYSLOG, "SYSLOG" },
+ { LOG_USER, "USER" },
+ { LOG_UUCP, "UUCP" },
+ { LOG_LOCAL0, "LOCAL0" },
+ { LOG_LOCAL1, "LOCAL1" },
+ { LOG_LOCAL2, "LOCAL2" },
+ { LOG_LOCAL3, "LOCAL3" },
+ { LOG_LOCAL4, "LOCAL4" },
+ { LOG_LOCAL5, "LOCAL5" },
+ { LOG_LOCAL6, "LOCAL6" },
+ { LOG_LOCAL7, "LOCAL7" },
+ { -1, NULL }
};
int facility;
@@ -380,7 +396,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
{ LOG_NOTICE, "NOTICE" },
{ LOG_INFO, "INFO" },
{ LOG_DEBUG, "DEBUG" },
- { -1, NULL}
+ { -1, NULL }
};
int priority;
@@ -608,6 +624,7 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
const char *svc, const char *user)
{
int result;
+ const char *none[] = { "none" };
struct vfs_full_audit_private_data *pd = NULL;
result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
@@ -647,10 +664,10 @@ static int smb_full_audit_connect(vfs_handle_struct
*handle,
pd->success_ops = init_bitmap(
pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
- "success", NULL));
+ "success", none));
pd->failure_ops = init_bitmap(
pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
- "failure", NULL));
+ "failure", none));
/* Store the private data. */
SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
diff --git a/source4/dsdb/tests/python/password_lockout_base.py
b/source4/dsdb/tests/python/password_lockout_base.py
index 843eaff..4a32068 100644
--- a/source4/dsdb/tests/python/password_lockout_base.py
+++ b/source4/dsdb/tests/python/password_lockout_base.py
@@ -323,10 +323,11 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
""")
self.base_dn = self.ldb.domain_dn()
- self.account_lockout_duration = 2
- self.lockout_observation_window = 2
- self.update_lockout_settings(threshold=3, duration=2,
- observation_window=2)
+ self.account_lockout_duration = 3
+ self.lockout_observation_window = 3
+ self.update_lockout_settings(threshold=3,
+ duration=self.account_lockout_duration,
+
observation_window=self.lockout_observation_window)
# update DC to allow password changes for the duration of this test
self.allow_password_changes()
--
Samba Shared Repository
