diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2017-03-01 16:49:01 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:27 +0200 |
| commit | 70a115b310a1d158c2596a5b0b810b83be460a6c (patch) | |
| tree | 163a65330f7f4e6f872366d79df23bc188e174a1 /source4/auth | |
| parent | 9ab02f8088613dd0e0fba2e3d750187db9c30f5c (diff) | |
| download | samba-70a115b310a1d158c2596a5b0b810b83be460a6c.tar.gz | |
ldap_server: Log authorization for simple binds
Existing comment is no longer relevant.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/ntlm/auth_simple.c | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c index 6ae8b76cd9f..dc3b5de9e82 100644 --- a/source4/auth/ntlm/auth_simple.c +++ b/source4/auth/ntlm/auth_simple.c @@ -25,10 +25,6 @@ #include "auth/auth.h" #include "dsdb/samdb/samdb.h" -/* - It's allowed to pass NULL as session_info, - when the caller doesn't need a session_info -*/ _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct imessaging_context *msg, @@ -47,6 +43,7 @@ _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx, TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); const char *nt4_domain; const char *nt4_username; + uint32_t flags = 0; if (!tmp_ctx) { return NT_STATUS_NO_MEMORY; @@ -86,7 +83,7 @@ _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx, user_info->remote_host = remote_address; user_info->local_host = local_address; - user_info->service_description = "ldap"; + user_info->service_description = "LDAP"; user_info->auth_description = "simple bind"; @@ -109,23 +106,27 @@ _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx, return nt_status; } - if (session_info) { - uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS; - if (user_info_dc->info->authenticated) { - flags |= AUTH_SESSION_INFO_AUTHENTICATED; - } - nt_status = auth_context->generate_session_info(auth_context, - tmp_ctx, - user_info_dc, - nt4_username, - flags, - session_info); - - if (NT_STATUS_IS_OK(nt_status)) { - talloc_steal(mem_ctx, *session_info); - } + flags = AUTH_SESSION_INFO_DEFAULT_GROUPS; + if (user_info_dc->info->authenticated) { + flags |= AUTH_SESSION_INFO_AUTHENTICATED; + } + nt_status = auth_context->generate_session_info(auth_context, + tmp_ctx, + user_info_dc, + nt4_username, + flags, + session_info); + + if (NT_STATUS_IS_OK(nt_status)) { + talloc_steal(mem_ctx, *session_info); } + log_successful_authz_event(remote_address, + local_address, + "LDAP", + "simple bind", + *session_info); + talloc_free(tmp_ctx); return nt_status; } |