sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available

Browse Source 
The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.

This will be important for the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 24b580cae2)
This commit is contained in:
Stefan Metzmacher 2022-03-03 11:10:00 +01:00 committed by Jule Anger
parent f4e3909545
commit 7bb17ee513
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
auth/auth_log.c
View File

@ -152,6 +152,12 @@ static void log_authentication_event_json(
char negotiate_flags[11];
char logon_id[19];
int rc = 0;
const char *clientDomain = ui->orig_client.domain_name ?
ui->orig_client.domain_name :
ui->client.domain_name;
const char *clientAccount = ui->orig_client.account_name ?
ui->orig_client.account_name :
ui->client.account_name;
authentication = json_new_object();
if (json_is_invalid(&authentication)) {
@ -203,12 +209,12 @@ static void log_authentication_event_json(
goto failure;
}
rc = json_add_string(
&authentication, "clientDomain", ui->client.domain_name);
&authentication, "clientDomain", clientDomain);
if (rc != 0) {
goto failure;
}
rc = json_add_string(
&authentication, "clientAccount", ui->client.account_name);
&authentication, "clientAccount", clientAccount);
if (rc != 0) {
goto failure;
}
@ -594,6 +600,12 @@ static void log_authentication_event_human_readable(
char *trust_account_name = NULL;
char *logon_line = NULL;
const char *password_type = NULL;
const char *clientDomain = ui->orig_client.domain_name ?
ui->orig_client.domain_name :
ui->client.domain_name;
const char *clientAccount = ui->orig_client.account_name ?
ui->orig_client.account_name :
ui->client.account_name;
frame = talloc_stackframe();
@ -640,8 +652,8 @@ static void log_authentication_event_human_readable(
" %s\n",
ui->service_description,
ui->auth_description,
log_escape(frame, ui->client.domain_name),
log_escape(frame, ui->client.account_name),
log_escape(frame, clientDomain),
log_escape(frame, clientAccount),
ts,
password_type,
nt_errstr(status),

2
auth/common_auth.h
View File

@ -56,7 +56,7 @@ struct auth_usersupplied_info
struct {
const char *account_name;
const char *domain_name;
} client, mapped;
} client, mapped, orig_client;
enum auth_password_state password_state;