mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:kdc: Ensure that we don’t log PREAUTH_REQUIRED errors
Such errors were not logged in the past, either, but that was accidental — a result of failing too early for an authentication event to be set — rather than the auditing being deliberately designed that way. Now that we have added the KDC_AUTH_EVENT_CLIENT_FOUND event, we want to ensure that PREAUTH_REQUIRED errors continue to go unlogged. NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN! Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
8425ffc8f3
commit
19f867bc54
@ -766,6 +766,11 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
||||
return hdb_samba4_tgs_audit(kdc_db_ctx, entry, r);
|
||||
}
|
||||
|
||||
if (r->error_code == KRB5KDC_ERR_PREAUTH_REQUIRED) {
|
||||
/* Let’s not log PREAUTH_REQUIRED errors. */
|
||||
return 0;
|
||||
}
|
||||
|
||||
edata_status = hdb_samba4_get_ntstatus(r);
|
||||
|
||||
hdb_auth_status_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_AUTH_EVENT);
|
||||
|
Loading…
Reference in New Issue
Block a user