mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4-kdc: Adapt to move from HDB auditing to KDC auditing constants
This is to adapt to: commit 6530021f09a5cab631be19a1b5898a0ba6b32f16 Author: Luke Howard <lukeh@padl.com> Date: Thu Jan 13 14:37:29 2022 +1100 kdc: move auth event definitions into KDC header Move KDC auth event macro definitions out of hdb.h and into a new KDC header, kdc-audit.h. NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
parent
9399a15fab
commit
c9b0b4bfc4
@ -46,6 +46,7 @@
|
|||||||
#include "librpc/gen_ndr/ndr_winbind_c.h"
|
#include "librpc/gen_ndr/ndr_winbind_c.h"
|
||||||
#include "lib/messaging/irpc.h"
|
#include "lib/messaging/irpc.h"
|
||||||
#include "hdb.h"
|
#include "hdb.h"
|
||||||
|
#include <kdc-audit.h>
|
||||||
|
|
||||||
static krb5_error_code hdb_samba4_open(krb5_context context, HDB *db, int flags, mode_t mode)
|
static krb5_error_code hdb_samba4_open(krb5_context context, HDB *db, int flags, mode_t mode)
|
||||||
{
|
{
|
||||||
@ -545,7 +546,7 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
|||||||
|
|
||||||
size_t sa_socklen = 0;
|
size_t sa_socklen = 0;
|
||||||
|
|
||||||
hdb_auth_status_obj = heim_audit_getkv((heim_svc_req_desc)r, HDB_REQUEST_KV_AUTH_EVENT);
|
hdb_auth_status_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_AUTH_EVENT);
|
||||||
if (hdb_auth_status_obj == NULL) {
|
if (hdb_auth_status_obj == NULL) {
|
||||||
/* No status code found, so just return. */
|
/* No status code found, so just return. */
|
||||||
return 0;
|
return 0;
|
||||||
@ -558,15 +559,15 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
|||||||
pa_type = heim_string_get_utf8(pa_type_obj);
|
pa_type = heim_string_get_utf8(pa_type_obj);
|
||||||
}
|
}
|
||||||
|
|
||||||
auth_details_obj = heim_audit_getkv((heim_svc_req_desc)r, HDB_REQUEST_KV_PKINIT_CLIENT_CERT);
|
auth_details_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_PKINIT_CLIENT_CERT);
|
||||||
if (auth_details_obj != NULL) {
|
if (auth_details_obj != NULL) {
|
||||||
auth_details = heim_string_get_utf8(auth_details_obj);
|
auth_details = heim_string_get_utf8(auth_details_obj);
|
||||||
} else {
|
} else {
|
||||||
auth_details_obj = heim_audit_getkv((heim_svc_req_desc)r, HDB_REQUEST_KV_GSS_INITIATOR);
|
auth_details_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_GSS_INITIATOR);
|
||||||
if (auth_details_obj != NULL) {
|
if (auth_details_obj != NULL) {
|
||||||
auth_details = heim_string_get_utf8(auth_details_obj);
|
auth_details = heim_string_get_utf8(auth_details_obj);
|
||||||
} else {
|
} else {
|
||||||
heim_object_t etype_obj = heim_audit_getkv((heim_svc_req_desc)r, HDB_REQUEST_KV_PA_ETYPE);
|
heim_object_t etype_obj = heim_audit_getkv((heim_svc_req_desc)r, KDC_REQUEST_KV_PA_ETYPE);
|
||||||
if (etype_obj != NULL) {
|
if (etype_obj != NULL) {
|
||||||
int etype = heim_number_get_int(etype_obj);
|
int etype = heim_number_get_int(etype_obj);
|
||||||
|
|
||||||
@ -610,7 +611,7 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch (hdb_auth_status) {
|
switch (hdb_auth_status) {
|
||||||
case HDB_AUTH_EVENT_CLIENT_AUTHORIZED:
|
case KDC_AUTH_EVENT_CLIENT_AUTHORIZED:
|
||||||
{
|
{
|
||||||
TALLOC_CTX *frame = talloc_stackframe();
|
TALLOC_CTX *frame = talloc_stackframe();
|
||||||
struct samba_kdc_entry *p = talloc_get_type(entry->context,
|
struct samba_kdc_entry *p = talloc_get_type(entry->context,
|
||||||
@ -630,11 +631,11 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
|||||||
talloc_free(frame);
|
talloc_free(frame);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case HDB_AUTH_EVENT_CLIENT_LOCKED_OUT:
|
case KDC_AUTH_EVENT_CLIENT_LOCKED_OUT:
|
||||||
case HDB_AUTH_EVENT_VALIDATED_LONG_TERM_KEY:
|
case KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY:
|
||||||
case HDB_AUTH_EVENT_WRONG_LONG_TERM_KEY:
|
case KDC_AUTH_EVENT_WRONG_LONG_TERM_KEY:
|
||||||
case HDB_AUTH_EVENT_PREAUTH_SUCCEEDED:
|
case KDC_AUTH_EVENT_PREAUTH_SUCCEEDED:
|
||||||
case HDB_AUTH_EVENT_PREAUTH_FAILED:
|
case KDC_AUTH_EVENT_PREAUTH_FAILED:
|
||||||
{
|
{
|
||||||
TALLOC_CTX *frame = talloc_stackframe();
|
TALLOC_CTX *frame = talloc_stackframe();
|
||||||
struct samba_kdc_entry *p = talloc_get_type(entry->context,
|
struct samba_kdc_entry *p = talloc_get_type(entry->context,
|
||||||
@ -673,7 +674,7 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
|||||||
}
|
}
|
||||||
ui.auth_description = auth_description;
|
ui.auth_description = auth_description;
|
||||||
|
|
||||||
if (hdb_auth_status == HDB_AUTH_EVENT_WRONG_LONG_TERM_KEY) {
|
if (hdb_auth_status == KDC_AUTH_EVENT_WRONG_LONG_TERM_KEY) {
|
||||||
authsam_update_bad_pwd_count(kdc_db_ctx->samdb, p->msg, domain_dn);
|
authsam_update_bad_pwd_count(kdc_db_ctx->samdb, p->msg, domain_dn);
|
||||||
status = NT_STATUS_WRONG_PASSWORD;
|
status = NT_STATUS_WRONG_PASSWORD;
|
||||||
/*
|
/*
|
||||||
@ -684,13 +685,13 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
|||||||
if (kdc_db_ctx->rodc) {
|
if (kdc_db_ctx->rodc) {
|
||||||
send_bad_password_netlogon(frame, kdc_db_ctx, &ui);
|
send_bad_password_netlogon(frame, kdc_db_ctx, &ui);
|
||||||
}
|
}
|
||||||
} else if (hdb_auth_status == HDB_AUTH_EVENT_CLIENT_LOCKED_OUT) {
|
} else if (hdb_auth_status == KDC_AUTH_EVENT_CLIENT_LOCKED_OUT) {
|
||||||
status = NT_STATUS_ACCOUNT_LOCKED_OUT;
|
status = NT_STATUS_ACCOUNT_LOCKED_OUT;
|
||||||
} else if (hdb_auth_status == HDB_AUTH_EVENT_VALIDATED_LONG_TERM_KEY) {
|
} else if (hdb_auth_status == KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY) {
|
||||||
status = NT_STATUS_OK;
|
status = NT_STATUS_OK;
|
||||||
} else if (hdb_auth_status == HDB_AUTH_EVENT_PREAUTH_SUCCEEDED) {
|
} else if (hdb_auth_status == KDC_AUTH_EVENT_PREAUTH_SUCCEEDED) {
|
||||||
status = NT_STATUS_OK;
|
status = NT_STATUS_OK;
|
||||||
} else if (hdb_auth_status == HDB_AUTH_EVENT_PREAUTH_FAILED) {
|
} else if (hdb_auth_status == KDC_AUTH_EVENT_PREAUTH_FAILED) {
|
||||||
if (pa_type != NULL && strncmp(pa_type, "PK-INIT", strlen("PK-INIT")) == 0) {
|
if (pa_type != NULL && strncmp(pa_type, "PK-INIT", strlen("PK-INIT")) == 0) {
|
||||||
status = NT_STATUS_PKINIT_FAILURE;
|
status = NT_STATUS_PKINIT_FAILURE;
|
||||||
} else {
|
} else {
|
||||||
@ -711,7 +712,7 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
|||||||
TALLOC_FREE(frame);
|
TALLOC_FREE(frame);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case HDB_AUTH_EVENT_CLIENT_UNKNOWN:
|
case KDC_AUTH_EVENT_CLIENT_UNKNOWN:
|
||||||
{
|
{
|
||||||
struct tsocket_address *remote_host;
|
struct tsocket_address *remote_host;
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -48,7 +48,7 @@ if bld.CONFIG_GET('SAMBA_USES_MITKDC'):
|
|||||||
|
|
||||||
bld.SAMBA_LIBRARY('HDB_SAMBA4',
|
bld.SAMBA_LIBRARY('HDB_SAMBA4',
|
||||||
source='hdb-samba4.c hdb-samba4-plugin.c',
|
source='hdb-samba4.c hdb-samba4-plugin.c',
|
||||||
deps='ldb auth4_sam common_auth samba-credentials hdb db-glue samba-hostconfig com_err sdb_hdb RPC_NDR_WINBIND',
|
deps='ldb auth4_sam common_auth samba-credentials hdb kdc db-glue samba-hostconfig com_err sdb_hdb RPC_NDR_WINBIND',
|
||||||
includes=kdc_include,
|
includes=kdc_include,
|
||||||
private_library=True,
|
private_library=True,
|
||||||
enabled=bld.CONFIG_SET('SAMBA4_USES_HEIMDAL')
|
enabled=bld.CONFIG_SET('SAMBA4_USES_HEIMDAL')
|
||||||
|
Loading…
Reference in New Issue
Block a user