summaryrefslogtreecommitdiff
path: root/auth/auth_log.c
diff options
context:
space:
mode:
authorGary Lockyer <gary@catalyst.net.nz>2018-12-13 14:46:31 +1300
committerAndrew Bartlett <abartlet@samba.org>2018-12-14 18:57:52 +0100
commitac51f1551dafd90d7c71393f9a8ec2f87da72c18 (patch)
tree9db52022a96fa4c0dbfe350ed2b6f316655384fc /auth/auth_log.c
parentb7baf96bd7248b1d34416e3ae86f4613c5ed0934 (diff)
downloadsamba-ac51f1551dafd90d7c71393f9a8ec2f87da72c18.tar.gz
auth log: Add windows logon type codes
Add a new "logonType" element to the Authorisation JSON log messages. This contains a Windows Logon Type, the supported logon types are: 2 Interactive 3 Network 8 NetworkCleartext Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth/auth_log.c')
-rw-r--r--auth/auth_log.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/auth/auth_log.c b/auth/auth_log.c
index 0f32268ffab..6eebbfc706f 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -92,6 +92,31 @@ static void log_json(struct imessaging_context *msg_ctx,
}
/*
+ * Determine the Windows logon type for the current authorisation attempt.
+ *
+ * Currently Samba only supports
+ *
+ * 2 Interactive A user logged on to this computer.
+ * 3 Network A user or computer logged on to this computer from
+ * the network.
+ * 8 NetworkCleartext A user logged on to this computer from the network.
+ * The user's password was passed to the authentication
+ * package in its unhashed form.
+ *
+ */
+static enum event_logon_type get_logon_type(
+ const struct auth_usersupplied_info *ui)
+{
+ if ((ui->logon_parameters & MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED)
+ || (ui->password_state == AUTH_PASSWORD_PLAIN)) {
+ return EVT_LOGON_NETWORK_CLEAR_TEXT;
+ } else if (ui->flags & USER_INFO_INTERACTIVE_LOGON) {
+ return EVT_LOGON_INTERACTIVE;
+ }
+ return EVT_LOGON_NETWORK;
+}
+
+/*
* Write a machine parsable json formatted authentication log entry.
*
* IF removing or changing the format/meaning of a field please update the
@@ -142,6 +167,10 @@ static void log_authentication_event_json(
if (rc != 0) {
goto failure;
}
+ rc = json_add_int(&authentication, "logonType", get_logon_type(ui));
+ if (rc != 0) {
+ goto failure;
+ }
rc = json_add_string(&authentication, "status", nt_errstr(status));
if (rc != 0) {
goto failure;