mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
auth: Add functionality to log client and server policy information
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
f9c55b84ef
commit
ca9d27ae99
@ -44,9 +44,9 @@
|
|||||||
* increment the major version.
|
* increment the major version.
|
||||||
*/
|
*/
|
||||||
#define AUTH_MAJOR 1
|
#define AUTH_MAJOR 1
|
||||||
#define AUTH_MINOR 2
|
#define AUTH_MINOR 3
|
||||||
#define AUTHZ_MAJOR 1
|
#define AUTHZ_MAJOR 1
|
||||||
#define AUTHZ_MINOR 1
|
#define AUTHZ_MINOR 2
|
||||||
#define KDC_AUTHZ_MAJOR 1
|
#define KDC_AUTHZ_MAJOR 1
|
||||||
#define KDC_AUTHZ_MINOR 0
|
#define KDC_AUTHZ_MINOR 0
|
||||||
|
|
||||||
@ -149,11 +149,15 @@ static void log_authentication_event_json(
|
|||||||
const char *domain_name,
|
const char *domain_name,
|
||||||
const char *account_name,
|
const char *account_name,
|
||||||
struct dom_sid *sid,
|
struct dom_sid *sid,
|
||||||
|
const struct authn_audit_info *client_audit_info,
|
||||||
|
const struct authn_audit_info *server_audit_info,
|
||||||
enum event_id_type event_id,
|
enum event_id_type event_id,
|
||||||
int debug_level)
|
int debug_level)
|
||||||
{
|
{
|
||||||
struct json_object wrapper = json_empty_object;
|
struct json_object wrapper = json_empty_object;
|
||||||
struct json_object authentication = json_empty_object;
|
struct json_object authentication = json_empty_object;
|
||||||
|
struct json_object client_policy = json_null_object();
|
||||||
|
struct json_object server_policy = json_null_object();
|
||||||
char logon_id[19];
|
char logon_id[19];
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
const char *clientDomain = ui->orig_client.domain_name ?
|
const char *clientDomain = ui->orig_client.domain_name ?
|
||||||
@ -285,6 +289,30 @@ static void log_authentication_event_json(
|
|||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (client_audit_info != NULL) {
|
||||||
|
client_policy = json_from_audit_info(client_audit_info);
|
||||||
|
if (json_is_invalid(&client_policy)) {
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = json_add_object(&authentication, "clientPolicyAccessCheck", &client_policy);
|
||||||
|
if (rc != 0) {
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (server_audit_info != NULL) {
|
||||||
|
server_policy = json_from_audit_info(server_audit_info);
|
||||||
|
if (json_is_invalid(&server_policy)) {
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = json_add_object(&authentication, "serverPolicyAccessCheck", &server_policy);
|
||||||
|
if (rc != 0) {
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
|
||||||
wrapper = json_new_object();
|
wrapper = json_new_object();
|
||||||
if (json_is_invalid(&wrapper)) {
|
if (json_is_invalid(&wrapper)) {
|
||||||
goto failure;
|
goto failure;
|
||||||
@ -327,6 +355,8 @@ static void log_authentication_event_json(
|
|||||||
json_free(&wrapper);
|
json_free(&wrapper);
|
||||||
return;
|
return;
|
||||||
failure:
|
failure:
|
||||||
|
json_free(&server_policy);
|
||||||
|
json_free(&client_policy);
|
||||||
/*
|
/*
|
||||||
* On a failure authentication will not have been added to wrapper so it
|
* On a failure authentication will not have been added to wrapper so it
|
||||||
* needs to be freed to avoid a leak.
|
* needs to be freed to avoid a leak.
|
||||||
@ -365,10 +395,14 @@ static void log_successful_authz_event_json(
|
|||||||
const char *auth_type,
|
const char *auth_type,
|
||||||
const char *transport_protection,
|
const char *transport_protection,
|
||||||
struct auth_session_info *session_info,
|
struct auth_session_info *session_info,
|
||||||
|
const struct authn_audit_info *client_audit_info,
|
||||||
|
const struct authn_audit_info *server_audit_info,
|
||||||
int debug_level)
|
int debug_level)
|
||||||
{
|
{
|
||||||
struct json_object wrapper = json_empty_object;
|
struct json_object wrapper = json_empty_object;
|
||||||
struct json_object authorization = json_empty_object;
|
struct json_object authorization = json_empty_object;
|
||||||
|
struct json_object client_policy = json_null_object();
|
||||||
|
struct json_object server_policy = json_null_object();
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
authorization = json_new_object();
|
authorization = json_new_object();
|
||||||
@ -431,6 +465,30 @@ static void log_successful_authz_event_json(
|
|||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (client_audit_info != NULL) {
|
||||||
|
client_policy = json_from_audit_info(client_audit_info);
|
||||||
|
if (json_is_invalid(&client_policy)) {
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = json_add_object(&authorization, "clientPolicyAccessCheck", &client_policy);
|
||||||
|
if (rc != 0) {
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (server_audit_info != NULL) {
|
||||||
|
server_policy = json_from_audit_info(server_audit_info);
|
||||||
|
if (json_is_invalid(&server_policy)) {
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = json_add_object(&authorization, "serverPolicyAccessCheck", &server_policy);
|
||||||
|
if (rc != 0) {
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
|
||||||
wrapper = json_new_object();
|
wrapper = json_new_object();
|
||||||
if (json_is_invalid(&wrapper)) {
|
if (json_is_invalid(&wrapper)) {
|
||||||
goto failure;
|
goto failure;
|
||||||
@ -456,6 +514,8 @@ static void log_successful_authz_event_json(
|
|||||||
json_free(&wrapper);
|
json_free(&wrapper);
|
||||||
return;
|
return;
|
||||||
failure:
|
failure:
|
||||||
|
json_free(&server_policy);
|
||||||
|
json_free(&client_policy);
|
||||||
/*
|
/*
|
||||||
* On a failure authorization will not have been added to wrapper so it
|
* On a failure authorization will not have been added to wrapper so it
|
||||||
* needs to be freed to avoid a leak.
|
* needs to be freed to avoid a leak.
|
||||||
@ -490,6 +550,7 @@ static void log_authz_event_json(
|
|||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
const struct tsocket_address *remote,
|
const struct tsocket_address *remote,
|
||||||
const struct tsocket_address *local,
|
const struct tsocket_address *local,
|
||||||
|
const struct authn_audit_info *server_audit_info,
|
||||||
const char *service_description,
|
const char *service_description,
|
||||||
const char *auth_type,
|
const char *auth_type,
|
||||||
const char *domain_name,
|
const char *domain_name,
|
||||||
@ -502,6 +563,7 @@ static void log_authz_event_json(
|
|||||||
{
|
{
|
||||||
struct json_object wrapper = json_empty_object;
|
struct json_object wrapper = json_empty_object;
|
||||||
struct json_object authorization = json_empty_object;
|
struct json_object authorization = json_empty_object;
|
||||||
|
struct json_object server_policy = json_null_object();
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
authorization = json_new_object();
|
authorization = json_new_object();
|
||||||
@ -554,6 +616,18 @@ static void log_authz_event_json(
|
|||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (server_audit_info != NULL) {
|
||||||
|
server_policy = json_from_audit_info(server_audit_info);
|
||||||
|
if (json_is_invalid(&server_policy)) {
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = json_add_object(&authorization, "serverPolicyAccessCheck", &server_policy);
|
||||||
|
if (rc != 0) {
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
|
||||||
wrapper = json_new_object();
|
wrapper = json_new_object();
|
||||||
if (json_is_invalid(&wrapper)) {
|
if (json_is_invalid(&wrapper)) {
|
||||||
goto failure;
|
goto failure;
|
||||||
@ -579,6 +653,7 @@ static void log_authz_event_json(
|
|||||||
json_free(&wrapper);
|
json_free(&wrapper);
|
||||||
return;
|
return;
|
||||||
failure:
|
failure:
|
||||||
|
json_free(&server_policy);
|
||||||
/*
|
/*
|
||||||
* On a failure authorization will not have been added to wrapper so it
|
* On a failure authorization will not have been added to wrapper so it
|
||||||
* needs to be freed to avoid a leak.
|
* needs to be freed to avoid a leak.
|
||||||
@ -619,6 +694,8 @@ static void log_authentication_event_json(
|
|||||||
const char *domain_name,
|
const char *domain_name,
|
||||||
const char *account_name,
|
const char *account_name,
|
||||||
struct dom_sid *sid,
|
struct dom_sid *sid,
|
||||||
|
const struct authn_audit_info *client_audit_info,
|
||||||
|
const struct authn_audit_info *server_audit_info,
|
||||||
enum event_id_type event_id,
|
enum event_id_type event_id,
|
||||||
int debug_level)
|
int debug_level)
|
||||||
{
|
{
|
||||||
@ -634,6 +711,8 @@ static void log_successful_authz_event_json(
|
|||||||
const char *auth_type,
|
const char *auth_type,
|
||||||
const char *transport_protection,
|
const char *transport_protection,
|
||||||
struct auth_session_info *session_info,
|
struct auth_session_info *session_info,
|
||||||
|
const struct authn_audit_info *client_audit_info,
|
||||||
|
const struct authn_audit_info *server_audit_info,
|
||||||
int debug_level)
|
int debug_level)
|
||||||
{
|
{
|
||||||
log_no_json(msg_ctx, lp_ctx);
|
log_no_json(msg_ctx, lp_ctx);
|
||||||
@ -644,6 +723,7 @@ static void log_authz_event_json(
|
|||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
const struct tsocket_address *remote,
|
const struct tsocket_address *remote,
|
||||||
const struct tsocket_address *local,
|
const struct tsocket_address *local,
|
||||||
|
const struct authn_audit_info *server_audit_info,
|
||||||
const char *service_description,
|
const char *service_description,
|
||||||
const char *auth_type,
|
const char *auth_type,
|
||||||
const char *domain_name,
|
const char *domain_name,
|
||||||
@ -813,7 +893,9 @@ void log_authentication_event(
|
|||||||
NTSTATUS status,
|
NTSTATUS status,
|
||||||
const char *domain_name,
|
const char *domain_name,
|
||||||
const char *account_name,
|
const char *account_name,
|
||||||
struct dom_sid *sid)
|
struct dom_sid *sid,
|
||||||
|
const struct authn_audit_info *client_audit_info,
|
||||||
|
const struct authn_audit_info *server_audit_info)
|
||||||
{
|
{
|
||||||
/* set the log level */
|
/* set the log level */
|
||||||
int debug_level = AUTH_FAILURE_LEVEL;
|
int debug_level = AUTH_FAILURE_LEVEL;
|
||||||
@ -845,6 +927,8 @@ void log_authentication_event(
|
|||||||
domain_name,
|
domain_name,
|
||||||
account_name,
|
account_name,
|
||||||
sid,
|
sid,
|
||||||
|
client_audit_info,
|
||||||
|
server_audit_info,
|
||||||
event_id,
|
event_id,
|
||||||
debug_level);
|
debug_level);
|
||||||
}
|
}
|
||||||
@ -918,7 +1002,9 @@ void log_successful_authz_event(
|
|||||||
const char *service_description,
|
const char *service_description,
|
||||||
const char *auth_type,
|
const char *auth_type,
|
||||||
const char *transport_protection,
|
const char *transport_protection,
|
||||||
struct auth_session_info *session_info)
|
struct auth_session_info *session_info,
|
||||||
|
const struct authn_audit_info *client_audit_info,
|
||||||
|
const struct authn_audit_info *server_audit_info)
|
||||||
{
|
{
|
||||||
int debug_level = AUTHZ_SUCCESS_LEVEL;
|
int debug_level = AUTHZ_SUCCESS_LEVEL;
|
||||||
|
|
||||||
@ -944,6 +1030,8 @@ void log_successful_authz_event(
|
|||||||
auth_type,
|
auth_type,
|
||||||
transport_protection,
|
transport_protection,
|
||||||
session_info,
|
session_info,
|
||||||
|
client_audit_info,
|
||||||
|
server_audit_info,
|
||||||
debug_level);
|
debug_level);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -959,6 +1047,7 @@ void log_authz_event(
|
|||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
const struct tsocket_address *remote,
|
const struct tsocket_address *remote,
|
||||||
const struct tsocket_address *local,
|
const struct tsocket_address *local,
|
||||||
|
const struct authn_audit_info *server_audit_info,
|
||||||
const char *service_description,
|
const char *service_description,
|
||||||
const char *auth_type,
|
const char *auth_type,
|
||||||
const char *domain_name,
|
const char *domain_name,
|
||||||
@ -980,6 +1069,7 @@ void log_authz_event(
|
|||||||
log_authz_event_json(msg_ctx, lp_ctx,
|
log_authz_event_json(msg_ctx, lp_ctx,
|
||||||
remote,
|
remote,
|
||||||
local,
|
local,
|
||||||
|
server_audit_info,
|
||||||
service_description,
|
service_description,
|
||||||
auth_type,
|
auth_type,
|
||||||
domain_name,
|
domain_name,
|
||||||
|
@ -177,6 +177,7 @@ struct auth4_context {
|
|||||||
* NOTE: msg_ctx and lp_ctx is optional, but when supplied allows streaming the
|
* NOTE: msg_ctx and lp_ctx is optional, but when supplied allows streaming the
|
||||||
* authentication events over the message bus.
|
* authentication events over the message bus.
|
||||||
*/
|
*/
|
||||||
|
struct authn_audit_info;
|
||||||
void log_authentication_event(struct imessaging_context *msg_ctx,
|
void log_authentication_event(struct imessaging_context *msg_ctx,
|
||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
const struct timeval *start_time,
|
const struct timeval *start_time,
|
||||||
@ -184,7 +185,9 @@ void log_authentication_event(struct imessaging_context *msg_ctx,
|
|||||||
NTSTATUS status,
|
NTSTATUS status,
|
||||||
const char *domain_name,
|
const char *domain_name,
|
||||||
const char *account_name,
|
const char *account_name,
|
||||||
struct dom_sid *sid);
|
struct dom_sid *sid,
|
||||||
|
const struct authn_audit_info *client_audit_info,
|
||||||
|
const struct authn_audit_info *server_audit_info);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Log details of a successful authorization to a service.
|
* Log details of a successful authorization to a service.
|
||||||
@ -206,7 +209,9 @@ void log_successful_authz_event(struct imessaging_context *msg_ctx,
|
|||||||
const char *service_description,
|
const char *service_description,
|
||||||
const char *auth_type,
|
const char *auth_type,
|
||||||
const char *transport_protection,
|
const char *transport_protection,
|
||||||
struct auth_session_info *session_info);
|
struct auth_session_info *session_info,
|
||||||
|
const struct authn_audit_info *client_audit_info,
|
||||||
|
const struct authn_audit_info *server_audit_info);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Log details of an authorization to a service.
|
* Log details of an authorization to a service.
|
||||||
@ -219,6 +224,7 @@ void log_authz_event(
|
|||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
const struct tsocket_address *remote,
|
const struct tsocket_address *remote,
|
||||||
const struct tsocket_address *local,
|
const struct tsocket_address *local,
|
||||||
|
const struct authn_audit_info *server_audit_info,
|
||||||
const char *service_description,
|
const char *service_description,
|
||||||
const char *auth_type,
|
const char *auth_type,
|
||||||
const char *domain_name,
|
const char *domain_name,
|
||||||
|
@ -242,7 +242,9 @@ static void log_successful_gensec_authz_event(struct gensec_security *gensec_sec
|
|||||||
service_description,
|
service_description,
|
||||||
final_auth_type,
|
final_auth_type,
|
||||||
transport_protection,
|
transport_protection,
|
||||||
session_info);
|
session_info,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -59,8 +59,8 @@ HRES_SEC_E_INVALID_TOKEN = 0x80090308
|
|||||||
HRES_SEC_E_LOGON_DENIED = 0x8009030C
|
HRES_SEC_E_LOGON_DENIED = 0x8009030C
|
||||||
|
|
||||||
|
|
||||||
AUTHN_VERSION = {'major': 1, 'minor': 2}
|
AUTHN_VERSION = {'major': 1, 'minor': 3}
|
||||||
AUTHZ_VERSION = {'major': 1, 'minor': 1}
|
AUTHZ_VERSION = {'major': 1, 'minor': 2}
|
||||||
KDC_AUTHZ_VERSION = {'major': 1, 'minor': 0}
|
KDC_AUTHZ_VERSION = {'major': 1, 'minor': 0}
|
||||||
|
|
||||||
|
|
||||||
|
@ -319,7 +319,9 @@ NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
|
|||||||
nt_status,
|
nt_status,
|
||||||
server_info->info3->base.logon_domain.string,
|
server_info->info3->base.logon_domain.string,
|
||||||
server_info->info3->base.account_name.string,
|
server_info->info3->base.account_name.string,
|
||||||
&sid);
|
&sid,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
DEBUG(server_info->guest ? 5 : 2,
|
DEBUG(server_info->guest ? 5 : 2,
|
||||||
("check_ntlm_password: %sauthentication for user "
|
("check_ntlm_password: %sauthentication for user "
|
||||||
@ -354,7 +356,9 @@ fail:
|
|||||||
nt_status,
|
nt_status,
|
||||||
NULL,
|
NULL,
|
||||||
NULL,
|
NULL,
|
||||||
NULL);
|
NULL,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
ZERO_STRUCTP(pserver_info);
|
ZERO_STRUCTP(pserver_info);
|
||||||
|
|
||||||
|
@ -549,7 +549,9 @@ NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context,
|
|||||||
user_info->service_description,
|
user_info->service_description,
|
||||||
user_info->auth_description,
|
user_info->auth_description,
|
||||||
AUTHZ_TRANSPORT_PROTECTION_SMB,
|
AUTHZ_TRANSPORT_PROTECTION_SMB,
|
||||||
*session_info);
|
*session_info,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
return nt_status;
|
return nt_status;
|
||||||
}
|
}
|
||||||
|
@ -126,7 +126,9 @@ void dcesrv_log_successful_authz(
|
|||||||
"DCE/RPC",
|
"DCE/RPC",
|
||||||
auth_type,
|
auth_type,
|
||||||
transport_protection,
|
transport_protection,
|
||||||
auth->session_info);
|
auth->session_info,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
auth->auth_audited = true;
|
auth->auth_audited = true;
|
||||||
|
|
||||||
|
@ -2178,7 +2178,9 @@ static void log_authentication(
|
|||||||
result,
|
result,
|
||||||
base_info != NULL ? base_info->logon_domain.string : "",
|
base_info != NULL ? base_info->logon_domain.string : "",
|
||||||
base_info != NULL ? base_info->account_name.string : "",
|
base_info != NULL ? base_info->account_name.string : "",
|
||||||
sid);
|
sid,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
TALLOC_FREE(ui);
|
TALLOC_FREE(ui);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -404,7 +404,9 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
|
|||||||
state->auth_ctx->lp_ctx,
|
state->auth_ctx->lp_ctx,
|
||||||
&state->auth_ctx->start_time,
|
&state->auth_ctx->start_time,
|
||||||
state->user_info, status,
|
state->user_info, status,
|
||||||
NULL, NULL, NULL);
|
NULL, NULL, NULL,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
tevent_req_received(req);
|
tevent_req_received(req);
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
@ -421,7 +423,9 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
|
|||||||
state->user_info, status,
|
state->user_info, status,
|
||||||
state->user_info_dc->info->domain_name,
|
state->user_info_dc->info->domain_name,
|
||||||
state->user_info_dc->info->account_name,
|
state->user_info_dc->info->account_name,
|
||||||
&state->user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid);
|
&state->user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
/* Release our handle to state->user_info_dc. */
|
/* Release our handle to state->user_info_dc. */
|
||||||
*user_info_dc = talloc_reparent(state, mem_ctx, state->user_info_dc);
|
*user_info_dc = talloc_reparent(state, mem_ctx, state->user_info_dc);
|
||||||
|
@ -115,7 +115,9 @@ _PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_c
|
|||||||
log_authentication_event(msg, lp_ctx,
|
log_authentication_event(msg, lp_ctx,
|
||||||
&state->auth_context->start_time,
|
&state->auth_context->start_time,
|
||||||
user_info, status,
|
user_info, status,
|
||||||
NULL, NULL, NULL);
|
NULL, NULL, NULL,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
}
|
}
|
||||||
if (tevent_req_nterror(req, status)) {
|
if (tevent_req_nterror(req, status)) {
|
||||||
return tevent_req_post(req, ev);
|
return tevent_req_post(req, ev);
|
||||||
@ -190,7 +192,9 @@ static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq)
|
|||||||
"LDAP",
|
"LDAP",
|
||||||
"simple bind",
|
"simple bind",
|
||||||
transport_protection,
|
transport_protection,
|
||||||
state->session_info);
|
state->session_info,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
tevent_req_done(req);
|
tevent_req_done(req);
|
||||||
}
|
}
|
||||||
|
@ -3247,7 +3247,9 @@ static int check_password_restrictions_and_log(struct setup_password_fields_io *
|
|||||||
status,
|
status,
|
||||||
domain_name,
|
domain_name,
|
||||||
io->u.sAMAccountName,
|
io->u.sAMAccountName,
|
||||||
io->u.account_sid);
|
io->u.account_sid,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -622,6 +622,7 @@ static krb5_error_code hdb_samba4_tgs_audit(const struct samba_kdc_db_context *k
|
|||||||
kdc_db_ctx->lp_ctx,
|
kdc_db_ctx->lp_ctx,
|
||||||
remote_host,
|
remote_host,
|
||||||
NULL /* local */,
|
NULL /* local */,
|
||||||
|
NULL /* server_audit_info */,
|
||||||
r->sname,
|
r->sname,
|
||||||
"TGS-REQ with Ticket-Granting Ticket",
|
"TGS-REQ with Ticket-Granting Ticket",
|
||||||
domain_name,
|
domain_name,
|
||||||
@ -911,7 +912,9 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
|||||||
status,
|
status,
|
||||||
domain_name,
|
domain_name,
|
||||||
account_name,
|
account_name,
|
||||||
sid);
|
sid,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
if (final_ret == KRB5KRB_ERR_GENERIC && socket_wrapper_enabled()) {
|
if (final_ret == KRB5KRB_ERR_GENERIC && socket_wrapper_enabled()) {
|
||||||
/*
|
/*
|
||||||
* If we're running under make test
|
* If we're running under make test
|
||||||
@ -951,7 +954,9 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
|||||||
&ui,
|
&ui,
|
||||||
NT_STATUS_NO_SUCH_USER,
|
NT_STATUS_NO_SUCH_USER,
|
||||||
NULL, NULL,
|
NULL, NULL,
|
||||||
NULL);
|
NULL,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
TALLOC_FREE(frame);
|
TALLOC_FREE(frame);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -1596,7 +1596,9 @@ NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
|
|||||||
"LDAP",
|
"LDAP",
|
||||||
"no bind",
|
"no bind",
|
||||||
transport_protection,
|
transport_protection,
|
||||||
call->conn->session_info);
|
call->conn->session_info,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
call->conn->authz_logged = true;
|
call->conn->authz_logged = true;
|
||||||
}
|
}
|
||||||
|
@ -667,7 +667,9 @@ void log_successful_dcesrv_authz_event(
|
|||||||
"DCE/RPC",
|
"DCE/RPC",
|
||||||
auth_type,
|
auth_type,
|
||||||
transport_protection,
|
transport_protection,
|
||||||
auth->session_info);
|
auth->session_info,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
auth->auth_audited = true;
|
auth->auth_audited = true;
|
||||||
}
|
}
|
||||||
|
@ -839,7 +839,9 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(
|
|||||||
status,
|
status,
|
||||||
lpcfg_workgroup(dce_call->conn->dce_ctx->lp_ctx),
|
lpcfg_workgroup(dce_call->conn->dce_ctx->lp_ctx),
|
||||||
trust_account_in_db,
|
trust_account_in_db,
|
||||||
sid);
|
sid,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
@ -81,7 +81,9 @@ static void log_password_change_event(struct imessaging_context *msg_ctx,
|
|||||||
status,
|
status,
|
||||||
ui.mapped.domain_name,
|
ui.mapped.domain_name,
|
||||||
ui.mapped.account_name,
|
ui.mapped.account_name,
|
||||||
sid);
|
sid,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
samr_ChangePasswordUser
|
samr_ChangePasswordUser
|
||||||
|
@ -61,7 +61,9 @@ void smbsrv_not_spengo_sesssetup_authz_log(struct smbsrv_request *req,
|
|||||||
"SMB",
|
"SMB",
|
||||||
"bare-NTLM",
|
"bare-NTLM",
|
||||||
AUTHZ_TRANSPORT_PROTECTION_SMB,
|
AUTHZ_TRANSPORT_PROTECTION_SMB,
|
||||||
session_info);
|
session_info,
|
||||||
|
NULL /* client_audit_info */,
|
||||||
|
NULL /* server_audit_info */);
|
||||||
|
|
||||||
talloc_free(frame);
|
talloc_free(frame);
|
||||||
return;
|
return;
|
||||||
|
Loading…
Reference in New Issue
Block a user