krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
krb5_const_principal princ);
-#if KRB5_KDB_API_VERSION == 8
+#if KRB5_KDB_API_VERSION >= 8
krb5_error_code kdb_samba_db_iterate(krb5_context context,
char *match_entry,
int (*func)(krb5_pointer, krb5_db_entry *),
const krb5_db_entry *server,
krb5_const_principal proxy);
+#if KRB5_KDB_API_VERSION >= 9
void kdb_samba_db_audit_as_req(krb5_context kcontext,
krb5_kdc_req *request,
+ const krb5_address *local_addr,
+ const krb5_address *remote_addr,
krb5_db_entry *client,
krb5_db_entry *server,
krb5_timestamp authtime,
krb5_error_code error_code);
+#else
+void kdb_samba_db_audit_as_req(krb5_context kcontext,
+ krb5_kdc_req *request,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_timestamp authtime,
+ krb5_error_code error_code);
+#endif
/* from kdb_samba_change_pwd.c */
return code;
}
-void kdb_samba_db_audit_as_req(krb5_context context,
- krb5_kdc_req *request,
- krb5_db_entry *client,
- krb5_db_entry *server,
- krb5_timestamp authtime,
- krb5_error_code error_code)
-{
- struct mit_samba_context *mit_ctx;
-
- mit_ctx = ks_get_context(context);
- if (mit_ctx == NULL) {
- return;
- }
+static void samba_bad_password_count(krb5_db_entry *client,
+ krb5_error_code error_code)
+{
switch (error_code) {
case 0:
mit_samba_zero_bad_password_count(client);
break;
}
}
+
+#if KRB5_KDB_API_VERSION >= 9
+void kdb_samba_db_audit_as_req(krb5_context context,
+ krb5_kdc_req *request,
+ const krb5_address *local_addr,
+ const krb5_address *remote_addr,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_timestamp authtime,
+ krb5_error_code error_code)
+{
+ samba_bad_password_count(client, error_code);
+
+ /* TODO: perform proper audit logging for addresses */
+}
+#else
+void kdb_samba_db_audit_as_req(krb5_context context,
+ krb5_kdc_req *request,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_timestamp authtime,
+ krb5_error_code error_code)
+{
+ samba_bad_password_count(client, error_code);
+}
+#endif
return KRB5_KDB_DB_INUSE;
}
-#if KRB5_KDB_API_VERSION == 8
+#if KRB5_KDB_API_VERSION >= 8
krb5_error_code kdb_samba_db_iterate(krb5_context context,
char *match_entry,
int (*func)(krb5_pointer, krb5_db_entry *),