diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-03-01 16:00:03 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:27 +0200 |
commit | 0e508853fcb6cc0e8ca2b6ff48d8b5468b339468 (patch) | |
tree | 90589fa5cd0dd8e8754300f8161abf219fbd9c87 /source3/librpc | |
parent | 46a800fae3b054a2e9c2f26f35630cadf11cfe3e (diff) | |
download | samba-0e508853fcb6cc0e8ca2b6ff48d8b5468b339468.tar.gz |
auth_log: Also log the final type of authentication (ntlmssp,krb5)
Administrators really care about how their users were authenticated, so make
this clear.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'source3/librpc')
-rw-r--r-- | source3/librpc/crypto/gse.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index 273fd02c197..142627c0011 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -1275,6 +1275,21 @@ static size_t gensec_gse_sig_size(struct gensec_security *gensec_security, return gse_ctx->sig_size; } +static const char *gensec_gse_final_auth_type(struct gensec_security *gensec_security) +{ + struct gse_context *gse_ctx = + talloc_get_type_abort(gensec_security->private_data, + struct gse_context); + + /* Only return the string for GSSAPI/Krb5 */ + if (smb_gss_oid_equal(&gse_ctx->gss_mech, + gss_mech_krb5)) { + return GENSEC_FINAL_AUTH_TYPE_KRB5; + } else { + return "gensec_gse: UNKNOWN MECH"; + } +} + static const char *gensec_gse_krb5_oids[] = { GENSEC_OID_KERBEROS5_OLD, GENSEC_OID_KERBEROS5, @@ -1302,6 +1317,7 @@ const struct gensec_security_ops gensec_gse_krb5_security_ops = { .unwrap = gensec_gse_unwrap, .have_feature = gensec_gse_have_feature, .expire_time = gensec_gse_expire_time, + .final_auth_type = gensec_gse_final_auth_type, .enabled = true, .kerberos = true, .priority = GENSEC_GSSAPI |