summaryrefslogtreecommitdiff
path: root/auth/auth_log.c
Commit message (Collapse)AuthorAgeFilesLines
* auth log: Log the netlogon logon id.Gary Lockyer2019-02-201-1/+10
| | | | | | | | | | Add code to log the logonId in the JSON Authentication messages. The version number for Authentication messages changes from 1.1 to 1.2 to reflect this. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth log: Increment Authentication versionGary Lockyer2018-12-141-1/+1
| | | | | | | | Update the minor version of the Authorisation to reflect the addition of the "eventId" and "logonType" elements. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth log: Add windows logon type codesGary Lockyer2018-12-141-0/+29
| | | | | | | | | | | Add a new "logonType" element to the Authorisation JSON log messages. This contains a Windows Logon Type, the supported logon types are: 2 Interactive 3 Network 8 NetworkCleartext Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth log: Add windows event codesGary Lockyer2018-12-141-0/+12
| | | | | | | | | | Add a new "eventId" element to the Authorisation JSON log messages. This contains a Windows Event Code Id either: 4624 Successful logon 4625 Unsuccessful logon Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* audit_logging: auth_json_audit required auth_jsonAndrew Bartlett2018-12-141-2/+2
| | | | | | | | | | | | To log JSON the human-readable logs must also have been enabled BUG: https://bugzilla.samba.org/show_bug.cgi?id=13715 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Dec 14 14:32:25 CET 2018 on sn-devel-144
* audit_logging: Remove debug log header and JSON Authentication: prefixAndrew Bartlett2018-12-141-9/+4
| | | | | | | | | | | | | Feedback from real-world users is that they really want raw JSON strings in the log. We can not easily remove the leading " " but the other strings above and before the JSON are really annoying to strip back off BUG: https://bugzilla.samba.org/show_bug.cgi?id=13714 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* auth: Use dom_sid_str_bufVolker Lendecke2018-11-021-6/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth: Use dom_sid_str_bufVolker Lendecke2018-11-021-3/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* json: Modify API to use return codesGary Lockyer2018-07-251-84/+223
| | | | | | | | | Modify the auditing JSON API to return a response code, as the consensus was that the existing error handling was aesthetically displeasing. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth: For NTLM and KDC authentication, log the authentication durationAndrew Bartlett2018-06-251-1/+22
| | | | | | | | | | | | | | This is not a general purpose profiling solution, but these JSON logs are already being generated and stored, so this is worth adding. Some administrators are very keen to know how long authentication takes, particularly due to long replication transactions in other processes. This complements a similar patch set to log the transaction duration. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* lib audit_logging: re-factor and add functions.Gary Lockyer2018-06-011-20/+2
| | | | | | | | | Re-factor the common calls to json_dumps DEBUGC and audit_message_send into a separate function. Add functions to retrieve json object and json array elements Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth_log: Rename the json variablesGary Lockyer2018-05-161-16/+16
| | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth_log: tidy up code formattingGary Lockyer2018-05-161-70/+76
| | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth_log: Use common code from audit_loggingGary Lockyer2018-05-161-414/+93
| | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth log: Log the unique session GUIDGary Lockyer2018-05-101-1/+25
| | | | | | | | | Log the unique_session_token GUID on successful Authorizations. This patch adds the "sessionID" attribute to the Authorization object and increments the version to 1.1 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Check "auth event notification" param in log_jsonArvid Requate2018-04-121-2/+11
| | | | | | | | | | | | | | | | | | | | | When Samba is compiled with JSON support it logs an error message at log level 3 by default for every authentication event: get_auth_event_server: Failed to find 'auth_event' registered on the message bus to send JSON authentication events to: NT_STATUS_OBJECT_NAME_NOT_FOUND This patch adjusts the log_json function to consider the smb.conf parameter "auth event notification" before calling auth_message_send. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13381 Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Apr 12 08:12:39 CEST 2018 on sn-devel-144
* source4 netlogon: Add authentication logging for ServerAuthenticate3Gary Lockyer2017-07-241-0/+12
| | | | | | | | | | | Log NETLOGON authentication activity by instrumenting the netr_ServerAuthenticate3 processing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* whitespace: auth_log.c C code conventionsGarming Sam2017-03-291-29/+29
| | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* heimdal: Pass extra information to hdb_auth_status() to log success and failuresAndrew Bartlett2017-03-291-3/+5
| | | | | | | | | | We now pass on the original client name and the client address to allow consistent audit logging in Samba across multiple protocols. We use config->db[0] to find the first database to record incorrect users. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth: Add hooks for notification of authentication events over the message busAndrew Bartlett2017-03-291-9/+50
| | | | | | | | This will allow tests to be written to confirm the correct events are triggered. We pass in a messaging context from the callers Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth_log: Improve commentAndrew Bartlett2017-03-291-1/+1
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth_log: Prepared to allow logging JSON events to a server over the message busAndrew Bartlett2017-03-291-0/+80
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* auth_log: Add JSON logging of Authorisation and AuthenticationsGary Lockyer2017-03-291-47/+550
| | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Pair-Programmed: Andrew Bartlett <abartlet@samba.org>
* auth: Log the transport connection for the authorizationAndrew Bartlett2017-03-291-0/+1
| | | | | | | We also log if a simple bind was over TLS, as this particular case matters to a lot of folks Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth_log: Split up auth/authz logging levels and handle anonymous betterAndrew Bartlett2017-03-291-6/+24
| | | | | | | | | | | | We typically do not want a lot of logging of anonymous access, as this is often simple a preperation for authenticated access, so we make that level 5. Bad passwords remain at level 2, successful password authentication is level 3 and successful authorization (eg kerberos login to SMB) is level 4. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* auth_log: Also log the final type of authentication (ntlmssp,krb5)Andrew Bartlett2017-03-291-1/+3
| | | | | | | | | Administrators really care about how their users were authenticated, so make this clear. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* auth_log: Expand to include the type of password used (eg ntlmv2)Andrew Bartlett2017-03-291-3/+42
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* auth: Add logging of service authorizationAndrew Bartlett2017-03-291-0/+54
| | | | | | | | In ntlm_auth.c and authdata.c, the session info will be incomplete Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* auth: Generate a human readable Authentication log message.Gary Lockyer2017-03-291-0/+161
Add a human readable authentication log line, to allow verification that all required details are being passed. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
View Lorry Controller Status