diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-03-24 15:18:46 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:28 +0200 |
commit | d0041960363c981224552d4ce7ac3092679ee2c6 (patch) | |
tree | 8c76050e625360ea4955f537e73022944ac01725 /auth/common_auth.h | |
parent | 631f1bcce68062e1c8e653024999b79589a80eaf (diff) | |
download | samba-d0041960363c981224552d4ce7ac3092679ee2c6.tar.gz |
auth: Add hooks for notification of authentication events over the message bus
This will allow tests to be written to confirm the correct events are triggered.
We pass in a messaging context from the callers
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth/common_auth.h')
-rw-r--r-- | auth/common_auth.h | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/auth/common_auth.h b/auth/common_auth.h index f94c5f15a79..db59cbb99f3 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -152,14 +152,38 @@ struct auth4_context { #define AUTHZ_TRANSPORT_PROTECTION_SEAL "SEAL" #define AUTHZ_TRANSPORT_PROTECTION_SIGN "SIGN" -void log_authentication_event(const struct auth_usersupplied_info *ui, +/* + * Log details of an authentication attempt. + * Successful and unsuccessful attempts are logged. + * + * NOTE: msg_ctx and lp_ctx is optional, but when supplied allows streaming the + * authentication events over the message bus. + */ +void log_authentication_event(struct imessaging_context *msg_ctx, + struct loadparm_context *lp_ctx, + const struct auth_usersupplied_info *ui, NTSTATUS status, const char *account_name, const char *domain_name, const char *unix_username, struct dom_sid *sid); -void log_successful_authz_event(const struct tsocket_address *remote, +/* + * Log details of a successful authorization to a service. + * + * Only successful authorizations are logged. For clarity: + * - NTLM bad passwords will be recorded by log_authentication_event + * - Kerberos decrypt failures need to be logged in gensec_gssapi et al + * + * The service may later refuse authorization due to an ACL. + * + * + * NOTE: msg_ctx and lp_ctx is optional, but when supplied allows streaming the + * authorization events over the message bus. + */ +void log_successful_authz_event(struct imessaging_context *msg_ctx, + struct loadparm_context *lp_ctx, + const struct tsocket_address *remote, const struct tsocket_address *local, const char *service_description, const char *auth_type, |