auth: Add "auth_description" to allow logs to distinguish simple bind (etc)

This will allow the authentication log to indicate clearly how the password was
supplied to the server.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/auth/common_auth.h b/auth/common_auth.h
index fafdbaa15cd5f8e16f5aec59d9fceb9cf431fa76..d775b750c4b231625c666eee386bee6932159183 100644 (file)
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -82,6 +82,7 @@ struct auth_usersupplied_info
        } netlogon_trust_account;
 
        const char *service_description;
+       const char *auth_description;
 };
 
 struct auth_method_context;

diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index df7af9975dea893abd0a75503870fda01b0c2032..c17e173b0737af0c9405e95c37be24eab752cd9b 100644 (file)
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -720,6 +720,7 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec
        user_info->remote_host = gensec_get_remote_address(gensec_security);
        user_info->service_description
                = gensec_get_target_service_description(gensec_security);
+       user_info->auth_description = "NTLMSSP";
 
        user_info->password_state = AUTH_PASSWORD_RESPONSE;
        user_info->password.response.lanman = ntlmssp_state->lm_resp;

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index e75d37fd965f472ab351a1d4a079b27b9b92d744..68c0efd5082fe3ed61e44573d39cc0e670e89215 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -103,6 +103,8 @@ static NTSTATUS check_guest_password(const struct tsocket_address *remote_addres
                return NT_STATUS_NO_MEMORY;
        }
 
+       user_info->auth_description = "guest";
+
        nt_status = auth_check_password_session_info(auth_context, 
                                                     mem_ctx, user_info, session_info);
        TALLOC_FREE(user_info);
@@ -899,6 +901,8 @@ void reply_sesssetup_and_X(struct smb_request *req)
                                                         sconn->remote_address,
                                                         "SMB",
                                                         lm_resp, nt_resp);
+               user_info->auth_description = "bare-NTLM";
+
                if (NT_STATUS_IS_OK(nt_status)) {
                        nt_status = auth_check_password_session_info(negprot_auth_context, 
                                                                     req, user_info, &session_info);
@@ -925,6 +929,8 @@ void reply_sesssetup_and_X(struct smb_request *req)
                                nt_status = NT_STATUS_NO_MEMORY;
                        }
 
+                       user_info->auth_description = "plaintext";
+
                        if (NT_STATUS_IS_OK(nt_status)) {
                                nt_status = auth_check_password_session_info(plaintext_auth_context, 
                                                                             req, user_info, &session_info);

diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index 31dc0e51b188041bbbea8fa4e330f678db3280f2..6ae8b76cd9fc37ec1f026986a11b3b883d1a8ffd 100644 (file)
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -86,7 +86,9 @@ _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx,
        user_info->remote_host = remote_address;
        user_info->local_host = local_address;
 
-       user_info->service_description = "ldap simple bind";
+       user_info->service_description = "ldap";
+
+       user_info->auth_description = "simple bind";
 
        user_info->password_state = AUTH_PASSWORD_PLAIN;
        user_info->password.plaintext = talloc_strdup(user_info, password);

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 210f8404d2bd4ea1196fda4f3ba8293e91cc0e1a..420dcee3a4783a34a006630ecb91187e3f2843c0 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -909,6 +909,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
        case NetlogonServiceInformation:
        case NetlogonInteractiveTransitiveInformation:
        case NetlogonServiceTransitiveInformation:
+               user_info->auth_description = "interactive";
 
                user_info->logon_parameters
                        = r->in.logon->password->identity_info.parameter_control;
@@ -932,6 +933,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
                break;
        case NetlogonNetworkInformation:
        case NetlogonNetworkTransitiveInformation:
+               user_info->auth_description = "network";
 
                nt_status = auth_context_set_challenge(
                        auth_context,