diff options
| author | Stefan Metzmacher <metze@samba.org> | 2022-03-03 11:10:00 +0100 |
|---|---|---|
| committer | Jule Anger <janger@samba.org> | 2022-03-16 14:27:12 +0000 |
| commit | 65498505cbfab81471e77fd1eedad4c7374be32d (patch) | |
| tree | b6824fc711b7f853950dc0dc89432917331dd9ff | |
| parent | f4179deb2736ece953c5fa9d29358f3cb4d01d1c (diff) | |
| download | samba-65498505cbfab81471e77fd1eedad4c7374be32d.tar.gz | |
auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.
This will be important for the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 24b580cae23860a0fe6c9d3a285d60564057043d)
| -rw-r--r-- | auth/auth_log.c | 20 | ||||
| -rw-r--r-- | auth/common_auth.h | 2 |
2 files changed, 17 insertions, 5 deletions
diff --git a/auth/auth_log.c b/auth/auth_log.c index 60bc6334591..dc1cea12390 100644 --- a/auth/auth_log.c +++ b/auth/auth_log.c @@ -152,6 +152,12 @@ static void log_authentication_event_json( char negotiate_flags[11]; char logon_id[19]; int rc = 0; + const char *clientDomain = ui->orig_client.domain_name ? + ui->orig_client.domain_name : + ui->client.domain_name; + const char *clientAccount = ui->orig_client.account_name ? + ui->orig_client.account_name : + ui->client.account_name; authentication = json_new_object(); if (json_is_invalid(&authentication)) { @@ -203,12 +209,12 @@ static void log_authentication_event_json( goto failure; } rc = json_add_string( - &authentication, "clientDomain", ui->client.domain_name); + &authentication, "clientDomain", clientDomain); if (rc != 0) { goto failure; } rc = json_add_string( - &authentication, "clientAccount", ui->client.account_name); + &authentication, "clientAccount", clientAccount); if (rc != 0) { goto failure; } @@ -594,6 +600,12 @@ static void log_authentication_event_human_readable( char *trust_account_name = NULL; char *logon_line = NULL; const char *password_type = NULL; + const char *clientDomain = ui->orig_client.domain_name ? + ui->orig_client.domain_name : + ui->client.domain_name; + const char *clientAccount = ui->orig_client.account_name ? + ui->orig_client.account_name : + ui->client.account_name; frame = talloc_stackframe(); @@ -640,8 +652,8 @@ static void log_authentication_event_human_readable( " %s\n", ui->service_description, ui->auth_description, - log_escape(frame, ui->client.domain_name), - log_escape(frame, ui->client.account_name), + log_escape(frame, clientDomain), + log_escape(frame, clientAccount), ts, password_type, nt_errstr(status), diff --git a/auth/common_auth.h b/auth/common_auth.h index 9d51ea69719..d922b66ab4d 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -56,7 +56,7 @@ struct auth_usersupplied_info struct { const char *account_name; const char *domain_name; - } client, mapped; + } client, mapped, orig_client; enum auth_password_state password_state; |