1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4:kdc: Ensure that we don’t log PREAUTH_REQUIRED errors

Such errors were not logged in the past, either, but that was accidental
— a result of failing too early for an authentication event to be set —
rather than the auditing being deliberately designed that way.

Now that we have added the KDC_AUTH_EVENT_CLIENT_FOUND event, we want to
ensure that PREAUTH_REQUIRED errors continue to go unlogged.

NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Joseph Sutton 2023-06-20 11:15:50 +12:00 committed by Stefan Metzmacher
parent 8425ffc8f3
commit 19f867bc54

View File

@ -766,6 +766,11 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
return hdb_samba4_tgs_audit(kdc_db_ctx, entry, r);
}
if (r->error_code == KRB5KDC_ERR_PREAUTH_REQUIRED) {
/* Lets not log PREAUTH_REQUIRED errors. */
return 0;
}
edata_status = hdb_samba4_get_ntstatus(r);
hdb_auth_status_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_AUTH_EVENT);