diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-03-01 16:28:06 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:27 +0200 |
commit | 9ab02f8088613dd0e0fba2e3d750187db9c30f5c (patch) | |
tree | 290ad1255033d5e8a97b7720533918921d03cd1d /source4/smb_server | |
parent | d017e2eb2a69b0f759e9ab912a0a5e8aaef5701d (diff) | |
download | samba-9ab02f8088613dd0e0fba2e3d750187db9c30f5c.tar.gz |
s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done)
gensec_session_info() is not called for bare NTLM, so we have to log manually
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'source4/smb_server')
-rw-r--r-- | source4/smb_server/smb/sesssetup.c | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 4dee6d0c026..594efd0c02d 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -39,6 +39,33 @@ struct sesssetup_context { }; /* + * Log the SMB authentication, as by not calling GENSEC we won't log + * it during the gensec_session_info(). + */ +void smbsrv_not_spengo_sesssetup_authz_log(struct smbsrv_request *req, + struct auth_session_info *session_info) +{ + struct tsocket_address *local_address; + struct tsocket_address *remote_address; + TALLOC_CTX *frame = talloc_stackframe(); + + remote_address = socket_get_remote_addr(req->smb_conn->connection->socket, + frame); + local_address = socket_get_local_addr(req->smb_conn->connection->socket, + frame); + + log_successful_authz_event(remote_address, + local_address, + "SMB", + "bare-NTLM", + session_info); + + talloc_free(frame); + return; +} + + +/* setup the OS, Lanman and domain portions of a session setup reply */ static void sesssetup_common_strings(struct smbsrv_request *req, @@ -98,6 +125,8 @@ static void sesssetup_old_send(struct tevent_req *subreq) goto failed; } + smbsrv_not_spengo_sesssetup_authz_log(req, session_info); + /* Ensure this is marked as a 'real' vuid, not one * simply valid for the session setup leg */ status = smbsrv_session_sesssetup_finished(smb_sess, session_info); @@ -240,6 +269,8 @@ static void sesssetup_nt1_send(struct tevent_req *subreq) goto failed; } + smbsrv_not_spengo_sesssetup_authz_log(req, session_info); + /* Ensure this is marked as a 'real' vuid, not one * simply valid for the session setup leg */ status = smbsrv_session_sesssetup_finished(smb_sess, session_info); @@ -339,6 +370,7 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) if (!user_info) goto nomem; user_info->service_description = "SMB"; + user_info->auth_description = "bare-NTLM"; user_info->mapped_state = false; user_info->logon_parameters = 0; |