diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-02-21 14:07:54 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:28 +0200 |
commit | f498ba77df2313e78863e5f2706840c43e232a96 (patch) | |
tree | f9946b6f23308cb8288ed363658fbc5207f94aa6 /auth | |
parent | 7cbe1c844ea359b6d5386b3986aa16152e975f3d (diff) | |
download | samba-f498ba77df2313e78863e5f2706840c43e232a96.tar.gz |
heimdal: Pass extra information to hdb_auth_status() to log success and failures
We now pass on the original client name and the client address to allow
consistent audit logging in Samba across multiple protocols.
We use config->db[0] to find the first database to record incorrect
users.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/auth_log.c | 8 | ||||
-rw-r--r-- | auth/common_auth.h | 7 |
2 files changed, 12 insertions, 3 deletions
diff --git a/auth/auth_log.c b/auth/auth_log.c index 63b531ca1a0..cec135e45cf 100644 --- a/auth/auth_log.c +++ b/auth/auth_log.c @@ -637,9 +637,11 @@ static const char* get_password_type(const struct auth_usersupplied_info *ui) const char *password_type = NULL; - if (ui->password_state == AUTH_PASSWORD_RESPONSE && - (ui->logon_parameters & MSV1_0_ALLOW_MSVCHAPV2) && - ui->password.response.nt.length == 24) { + if (ui->password_type != NULL) { + password_type = ui->password_type; + } else if (ui->password_state == AUTH_PASSWORD_RESPONSE && + (ui->logon_parameters & MSV1_0_ALLOW_MSVCHAPV2) && + ui->password.response.nt.length == 24) { password_type = "MSCHAPv2"; } else if ((ui->logon_parameters & MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED) || (ui->password_state == AUTH_PASSWORD_PLAIN)) { diff --git a/auth/common_auth.h b/auth/common_auth.h index db59cbb99f3..507971794f3 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -83,6 +83,13 @@ struct auth_usersupplied_info const char *service_description; const char *auth_description; + + /* + * for logging only, normally worked out from the password but + * for krb5 logging only (krb5 normally doesn't use this) we + * record the enc type here + */ + const char *password_type; }; struct auth_method_context; |