From ac51f1551dafd90d7c71393f9a8ec2f87da72c18 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Thu, 13 Dec 2018 14:46:31 +1300 Subject: auth log: Add windows logon type codes Add a new "logonType" element to the Authorisation JSON log messages. This contains a Windows Logon Type, the supported logon types are: 2 Interactive 3 Network 8 NetworkCleartext Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett --- auth/auth_log.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'auth/auth_log.c') diff --git a/auth/auth_log.c b/auth/auth_log.c index 0f32268ffab..6eebbfc706f 100644 --- a/auth/auth_log.c +++ b/auth/auth_log.c @@ -91,6 +91,31 @@ static void log_json(struct imessaging_context *msg_ctx, } } +/* + * Determine the Windows logon type for the current authorisation attempt. + * + * Currently Samba only supports + * + * 2 Interactive A user logged on to this computer. + * 3 Network A user or computer logged on to this computer from + * the network. + * 8 NetworkCleartext A user logged on to this computer from the network. + * The user's password was passed to the authentication + * package in its unhashed form. + * + */ +static enum event_logon_type get_logon_type( + const struct auth_usersupplied_info *ui) +{ + if ((ui->logon_parameters & MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED) + || (ui->password_state == AUTH_PASSWORD_PLAIN)) { + return EVT_LOGON_NETWORK_CLEAR_TEXT; + } else if (ui->flags & USER_INFO_INTERACTIVE_LOGON) { + return EVT_LOGON_INTERACTIVE; + } + return EVT_LOGON_NETWORK; +} + /* * Write a machine parsable json formatted authentication log entry. * @@ -142,6 +167,10 @@ static void log_authentication_event_json( if (rc != 0) { goto failure; } + rc = json_add_int(&authentication, "logonType", get_logon_type(ui)); + if (rc != 0) { + goto failure; + } rc = json_add_string(&authentication, "status", nt_errstr(status)); if (rc != 0) { goto failure; -- cgit v1.2.1