diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2017-03-06 14:10:17 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:27 +0200 |
| commit | 366f8cf0903e3583fda42696df62a5337f22131f (patch) | |
| tree | 3df24e4d721df9d9ca7c19b5aed6d642899df642 /source3 | |
| parent | f4a4522d1f8c19fdf142e12760160b15de1557ec (diff) | |
| download | samba-366f8cf0903e3583fda42696df62a5337f22131f.tar.gz | |
auth: Log the transport connection for the authorization
We also log if a simple bind was over TLS, as this particular case matters to a lot of folks
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/auth/auth_generic.c | 1 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 6 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 1 | ||||
| -rw-r--r-- | source3/smbd/smb2_sesssetup.c | 1 |
4 files changed, 9 insertions, 0 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index 7a6ec10d8cd..c18b5435ac4 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -447,6 +447,7 @@ NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context, user_info->local_host, user_info->service_description, user_info->auth_description, + AUTHZ_TRANSPORT_PROTECTION_SMB, *session_info); return nt_status; diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index bd56be6b79e..c8b0fdccf42 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -822,6 +822,11 @@ static bool api_pipe_bind_req(struct pipes_struct *p, goto err_exit; } } else { + const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE; + if (p->transport == NCACN_NP) { + transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB; + } + p->auth.auth_type = DCERPC_AUTH_TYPE_NONE; p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; p->auth.auth_context_id = 0; @@ -835,6 +840,7 @@ static bool api_pipe_bind_req(struct pipes_struct *p, p->local_address, table->name, derpc_transport_string_by_transport(p->transport), + transport_protection, p->session_info); } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 0cc49d916f8..2ed5a4c7ed7 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -263,6 +263,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) gensec_want_feature(auth->gensec, GENSEC_FEATURE_SESSION_KEY); gensec_want_feature(auth->gensec, GENSEC_FEATURE_UNIX_TOKEN); + gensec_want_feature(auth->gensec, GENSEC_FEATURE_SMB_TRANSPORT); status = gensec_start_mech_by_oid(auth->gensec, GENSEC_OID_SPNEGO); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 52462882771..53cd7ded2b0 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -864,6 +864,7 @@ auth: gensec_want_feature(state->auth->gensec, GENSEC_FEATURE_SESSION_KEY); gensec_want_feature(state->auth->gensec, GENSEC_FEATURE_UNIX_TOKEN); + gensec_want_feature(state->auth->gensec, GENSEC_FEATURE_SMB_TRANSPORT); status = gensec_start_mech_by_oid(state->auth->gensec, GENSEC_OID_SPNEGO); |