diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-03-01 15:06:25 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:27 +0200 |
commit | 46a800fae3b054a2e9c2f26f35630cadf11cfe3e (patch) | |
tree | 111517c880809bd655ed5b17e7ce0545cf38895a /auth/auth_log.c | |
parent | 59ed188ede42a4bc6534f679fa89dd0fb7f8a3ae (diff) | |
download | samba-46a800fae3b054a2e9c2f26f35630cadf11cfe3e.tar.gz |
auth_log: Expand to include the type of password used (eg ntlmv2)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'auth/auth_log.c')
-rw-r--r-- | auth/auth_log.c | 45 |
1 files changed, 42 insertions, 3 deletions
diff --git a/auth/auth_log.c b/auth/auth_log.c index 9bbc172e664..fec77077bc9 100644 --- a/auth/auth_log.c +++ b/auth/auth_log.c @@ -75,6 +75,42 @@ static const char* get_timestamp( TALLOC_CTX *frame ) } /* + * Determine the type of the password supplied for the + * authorisation attempt. + * + */ +static const char* get_password_type(const struct auth_usersupplied_info *ui) +{ + + const char *password_type = NULL; + + if (ui->password_state == AUTH_PASSWORD_RESPONSE && + (ui->logon_parameters & MSV1_0_ALLOW_MSVCHAPV2) && + ui->password.response.nt.length == 24) { + password_type = "MSCHAPv2"; + } else if ((ui->logon_parameters & MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED) + || (ui->password_state == AUTH_PASSWORD_PLAIN)) { + password_type = "Plaintext"; + } else if (ui->password_state == AUTH_PASSWORD_HASH) { + password_type = "Supplied-NT-Hash"; + } else if (ui->password_state == AUTH_PASSWORD_RESPONSE + && ui->password.response.nt.length > 24) { + password_type = "NTLMv2"; + } else if (ui->password_state == AUTH_PASSWORD_RESPONSE + && ui->password.response.nt.length == 24) { + password_type = "NTLMv1"; + } else if (ui->password_state == AUTH_PASSWORD_RESPONSE + && ui->password.response.lanman.length == 24) { + password_type = "LANMan"; + } else if (ui->password_state == AUTH_PASSWORD_RESPONSE + && ui->password.response.nt.length == 0 + && ui->password.response.lanman.length == 0) { + password_type = "No-Password"; + } + return password_type; +} + +/* * Log details of an authentication attempt. * Successful and unsuccessful attempts are logged. * @@ -95,6 +131,7 @@ void log_authentication_event(const struct auth_usersupplied_info *ui, char *trust_computer_name = NULL; char *trust_account_name = NULL; char *logon_line = NULL; + const char *password_type = NULL; /* set the log level */ int level = NT_STATUS_IS_OK(status) ? AUTH_FAILURE_LEVEL : AUTH_SUCCESS_LEVEL; @@ -104,6 +141,7 @@ void log_authentication_event(const struct auth_usersupplied_info *ui, frame = talloc_stackframe(); + password_type = get_password_type( ui); /* Get the current time */ ts = get_timestamp(frame); @@ -140,7 +178,7 @@ void log_authentication_event(const struct auth_usersupplied_info *ui, DEBUGC( DBGC_AUTH_AUDIT, level, ( "Auth: [%s,%s] user [%s]\\[%s]" - " at [%s] status [%s]" + " at [%s] with [%s] status [%s]" " workstation [%s] remote host [%s]" "%s local host [%s]" " %s\n", @@ -149,6 +187,7 @@ void log_authentication_event(const struct auth_usersupplied_info *ui, log_escape(frame, ui->client.domain_name), log_escape(frame, ui->client.account_name), ts, + password_type, nt_errstr( status), log_escape(frame, ui->workstation_name), remote, @@ -178,7 +217,7 @@ void log_successful_authz_event(const struct tsocket_address *remote, { TALLOC_CTX *frame = NULL; - char *ts = NULL; /* formatted current time */ + const char *ts = NULL; /* formatted current time */ char *remote_str = NULL; /* formatted remote host */ char *local_str = NULL; /* formatted local host */ char sid_buf[DOM_SID_STR_BUFLEN]; @@ -191,7 +230,7 @@ void log_successful_authz_event(const struct tsocket_address *remote, frame = talloc_stackframe(); /* Get the current time */ - ts = http_timestring(frame, time(NULL)); + ts = get_timestamp(frame); remote_str = tsocket_address_string(remote, frame); local_str = tsocket_address_string(local, frame); |