diff options
Diffstat (limited to 'auth/common_auth.h')
-rw-r--r-- | auth/common_auth.h | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/auth/common_auth.h b/auth/common_auth.h index f94c5f15a79..db59cbb99f3 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -152,14 +152,38 @@ struct auth4_context { #define AUTHZ_TRANSPORT_PROTECTION_SEAL "SEAL" #define AUTHZ_TRANSPORT_PROTECTION_SIGN "SIGN" -void log_authentication_event(const struct auth_usersupplied_info *ui, +/* + * Log details of an authentication attempt. + * Successful and unsuccessful attempts are logged. + * + * NOTE: msg_ctx and lp_ctx is optional, but when supplied allows streaming the + * authentication events over the message bus. + */ +void log_authentication_event(struct imessaging_context *msg_ctx, + struct loadparm_context *lp_ctx, + const struct auth_usersupplied_info *ui, NTSTATUS status, const char *account_name, const char *domain_name, const char *unix_username, struct dom_sid *sid); -void log_successful_authz_event(const struct tsocket_address *remote, +/* + * Log details of a successful authorization to a service. + * + * Only successful authorizations are logged. For clarity: + * - NTLM bad passwords will be recorded by log_authentication_event + * - Kerberos decrypt failures need to be logged in gensec_gssapi et al + * + * The service may later refuse authorization due to an ACL. + * + * + * NOTE: msg_ctx and lp_ctx is optional, but when supplied allows streaming the + * authorization events over the message bus. + */ +void log_successful_authz_event(struct imessaging_context *msg_ctx, + struct loadparm_context *lp_ctx, + const struct tsocket_address *remote, const struct tsocket_address *local, const char *service_description, const char *auth_type, |