diff options
author | Andreas Schneider <asn@samba.org> | 2018-11-16 18:23:35 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-02-18 13:01:12 +0100 |
commit | 03357bc825605ba88ef5a39b1fa318c834cbbb1b (patch) | |
tree | fe8f295db0482e11268621ec54ffe58f2d26bfd4 /nsswitch | |
parent | 6b4ae52f224ea6700527cd034353fe561cda0485 (diff) | |
download | samba-03357bc825605ba88ef5a39b1fa318c834cbbb1b.tar.gz |
nssswitch: Log user access to kerberos
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Feb 18 13:01:12 CET 2019 on sn-devel-144
Diffstat (limited to 'nsswitch')
-rw-r--r-- | nsswitch/krb5_plugin/winbind_krb5_localauth.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/nsswitch/krb5_plugin/winbind_krb5_localauth.c b/nsswitch/krb5_plugin/winbind_krb5_localauth.c index f87b19abed6..293f5297ca8 100644 --- a/nsswitch/krb5_plugin/winbind_krb5_localauth.c +++ b/nsswitch/krb5_plugin/winbind_krb5_localauth.c @@ -98,14 +98,12 @@ static krb5_error_code winbind_userok(krb5_context context, cmp = strcasecmp(princ_str, lname); if (cmp == 0) { - krb5_free_unparsed_name(context, princ_str); - return 0; + goto out; } wbc_status = wbcCtxGetpwnam(data->wbc_ctx, princ_str, &pwd); - krb5_free_unparsed_name(context, princ_str); switch (wbc_status) { case WBC_ERR_SUCCESS: princ_uid = pwd->pw_uid; @@ -123,7 +121,7 @@ static krb5_error_code winbind_userok(krb5_context context, } wbcFreeMemory(pwd); if (code != 0) { - return code; + goto out; } wbc_status = wbcCtxGetpwnam(data->wbc_ctx, @@ -145,13 +143,26 @@ static krb5_error_code winbind_userok(krb5_context context, } wbcFreeMemory(pwd); if (code != 0) { - return code; + goto out; } if (princ_uid != lname_uid) { code = EPERM; } + com_err("winbind_localauth", + code, + "Access %s: %s (uid=%u) %sequal to %s (uid=%u)", + code == 0 ? "granted" : "denied", + princ_str, + (unsigned int)princ_uid, + code == 0 ? "" : "not ", + lname, + (unsigned int)lname_uid); + +out: + krb5_free_unparsed_name(context, princ_str); + return code; } |