Commit 98859334 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

Merge branch '6010-improve-security-audit' into '1.4-dev'

Resolve "Improve security audit"

See merge request fusiondirectory/fd-plugins!647
parents 6d782be9 47ef121c
...@@ -33,7 +33,7 @@ class AuditLogAttribute extends OrderedArrayAttribute ...@@ -33,7 +33,7 @@ class AuditLogAttribute extends OrderedArrayAttribute
protected function getAttributeArrayValue ($key, $event) protected function getAttributeArrayValue ($key, $event)
{ {
try { try {
$author = ['html' => objects::link($event['fdAuditAuthorDN'], 'user')]; $author = ['html' => objects::link($event['fdAuditAuthorDN'], 'user', '', NULL, TRUE, ($event['fdAuditAuthorDN'] != $this->plugin->dn))];
} catch (FusionDirectoryException $e) { } catch (FusionDirectoryException $e) {
$author = $event['fdAuditAuthorDN']; $author = $event['fdAuditAuthorDN'];
} }
...@@ -42,8 +42,35 @@ class AuditLogAttribute extends OrderedArrayAttribute ...@@ -42,8 +42,35 @@ class AuditLogAttribute extends OrderedArrayAttribute
} catch (Exception $e) { } catch (Exception $e) {
$time = $event['fdAuditDateTime']; $time = $event['fdAuditDateTime'];
} }
switch ($event['fdAuditAction']) {
case 'security':
if ($event['fdAuditObjectType'] == 'login') {
$name = _('Sign in');
} elseif ($event['fdAuditObjectType'] == 'logout') {
$name = _('Sign out');
} else {
$name = $event['fdAuditObjectType'];
}
break;
case 'modify':
if (in_array('userPassword', $event['fdAuditAttributes'])) {
$name = _('Password modification');
} else {
$name = sprintf(_('Account modification (%s)'), implode(',', $event['fdAuditAttributes']));
}
break;
case 'create':
case 'remove':
case 'copy':
case 'snapshot':
case 'view':
case 'debug':
default:
$name = $event['fdAuditAction'].' '.$event['fdAuditObjectType'];
break;
}
return [ return [
$event['fdAuditObjectType'], $name,
$author, $author,
$event['fdAuditAuthorIP'] ?? '', $event['fdAuditAuthorIP'] ?? '',
$time, $time,
......
...@@ -60,9 +60,14 @@ class auditSecurity extends simplePlugin ...@@ -60,9 +60,14 @@ class auditSecurity extends simplePlugin
_('Time'), _('Time'),
_('Result'), _('Result'),
]); ]);
}
protected function loadEvents ()
{
$events = objects::ls( $events = objects::ls(
'auditEvent', 'auditEvent',
[ [
'fdAuditAction' => 1,
'fdAuditDateTime' => 1, 'fdAuditDateTime' => 1,
'fdAuditAuthorDN' => 1, 'fdAuditAuthorDN' => 1,
'fdAuditAuthorIP' => 1, 'fdAuditAuthorIP' => 1,
...@@ -72,7 +77,20 @@ class auditSecurity extends simplePlugin ...@@ -72,7 +77,20 @@ class auditSecurity extends simplePlugin
'fdAuditResult' => 1 'fdAuditResult' => 1
], ],
NULL, NULL,
'(&(|(fdAuditAction=security)(fdAuditAttributes=userPassword))(|(fdAuditObject='.$this->getUid().')(fdAuditObject='.$this->dn.')(fdAuditAuthorDN='.$this->dn.')))' '(|'.
'(&'.
'(fdAuditAction=security)'.
'(|'.
'(fdAuditObject='.ldap_escape_f($this->getUid()).')'.
'(fdAuditObject='.ldap_escape_f($this->dn).')'.
'(fdAuditAuthorDN='.ldap_escape_f($this->dn).')'.
')'.
')'.
'(&'.
'(fdAuditAttributes=userPassword)'.
'(fdAuditObject='.ldap_escape_f($this->dn).')'.
')'.
')'
); );
uasort( uasort(
$events, $events,
...@@ -84,6 +102,12 @@ class auditSecurity extends simplePlugin ...@@ -84,6 +102,12 @@ class auditSecurity extends simplePlugin
$this->fdAuditSecurityLog = $events; $this->fdAuditSecurityLog = $events;
} }
public function execute (): string
{
$this->loadEvents();
return parent::execute();
}
protected function getUid (): string protected function getUid (): string
{ {
if (isset($this->parent)) { if (isset($this->parent)) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment