diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-02-21 11:57:57 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:26 +0200 |
commit | ea3f00f2b57c1896bc98c5a8e4538f46193b6c53 (patch) | |
tree | e5386dea7130f2862098e32b7d9d2b6c3dc63566 | |
parent | 5f5756db714de0c1b00d648a48423fde19a564a1 (diff) | |
download | samba-ea3f00f2b57c1896bc98c5a8e4538f46193b6c53.tar.gz |
auth: Add "auth_description" to allow logs to distinguish simple bind (etc)
This will allow the authentication log to indicate clearly how the password was
supplied to the server.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
-rw-r--r-- | auth/common_auth.h | 1 | ||||
-rw-r--r-- | auth/ntlmssp/ntlmssp_server.c | 1 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 6 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_simple.c | 4 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 2 |
5 files changed, 13 insertions, 1 deletions
diff --git a/auth/common_auth.h b/auth/common_auth.h index fafdbaa15cd..d775b750c4b 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -82,6 +82,7 @@ struct auth_usersupplied_info } netlogon_trust_account; const char *service_description; + const char *auth_description; }; struct auth_method_context; diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index df7af9975de..c17e173b073 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -720,6 +720,7 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec user_info->remote_host = gensec_get_remote_address(gensec_security); user_info->service_description = gensec_get_target_service_description(gensec_security); + user_info->auth_description = "NTLMSSP"; user_info->password_state = AUTH_PASSWORD_RESPONSE; user_info->password.response.lanman = ntlmssp_state->lm_resp; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index e75d37fd965..68c0efd5082 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -103,6 +103,8 @@ static NTSTATUS check_guest_password(const struct tsocket_address *remote_addres return NT_STATUS_NO_MEMORY; } + user_info->auth_description = "guest"; + nt_status = auth_check_password_session_info(auth_context, mem_ctx, user_info, session_info); TALLOC_FREE(user_info); @@ -899,6 +901,8 @@ void reply_sesssetup_and_X(struct smb_request *req) sconn->remote_address, "SMB", lm_resp, nt_resp); + user_info->auth_description = "bare-NTLM"; + if (NT_STATUS_IS_OK(nt_status)) { nt_status = auth_check_password_session_info(negprot_auth_context, req, user_info, &session_info); @@ -925,6 +929,8 @@ void reply_sesssetup_and_X(struct smb_request *req) nt_status = NT_STATUS_NO_MEMORY; } + user_info->auth_description = "plaintext"; + if (NT_STATUS_IS_OK(nt_status)) { nt_status = auth_check_password_session_info(plaintext_auth_context, req, user_info, &session_info); diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c index 31dc0e51b18..6ae8b76cd9f 100644 --- a/source4/auth/ntlm/auth_simple.c +++ b/source4/auth/ntlm/auth_simple.c @@ -86,7 +86,9 @@ _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx, user_info->remote_host = remote_address; user_info->local_host = local_address; - user_info->service_description = "ldap simple bind"; + user_info->service_description = "ldap"; + + user_info->auth_description = "simple bind"; user_info->password_state = AUTH_PASSWORD_PLAIN; user_info->password.plaintext = talloc_strdup(user_info, password); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 210f8404d2b..420dcee3a47 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -909,6 +909,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal case NetlogonServiceInformation: case NetlogonInteractiveTransitiveInformation: case NetlogonServiceTransitiveInformation: + user_info->auth_description = "interactive"; user_info->logon_parameters = r->in.logon->password->identity_info.parameter_control; @@ -932,6 +933,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal break; case NetlogonNetworkInformation: case NetlogonNetworkTransitiveInformation: + user_info->auth_description = "network"; nt_status = auth_context_set_challenge( auth_context, |