auth_log: Prepared to allow logging JSON events to a server over the message bus

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/auth/auth_log.c b/auth/auth_log.c
index 9ff2491dee313b4a172a98e396125295f90f12e3..ca08e6bfe24e2848587c1dbd30912278fa2989f3 100644 (file)
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -51,6 +51,11 @@
 #include "lib/util/util_str_escape.h"
 #include "libcli/security/dom_sid.h"
 #include "libcli/security/security_token.h"
+#include "librpc/gen_ndr/server_id.h"
+#include "source4/lib/messaging/messaging.h"
+#include "source4/lib/messaging/irpc.h"
+#include "lib/util/server_id_db.h"
+#include "lib/param/param.h"
 
 /*
  * Get a human readable timestamp.
@@ -116,6 +121,81 @@ struct json_context {
        bool error;
 };
 
+static NTSTATUS get_auth_event_server(struct imessaging_context *msg_ctx,
+                                     struct server_id *auth_event_server)
+{
+       NTSTATUS status;
+       TALLOC_CTX *frame = talloc_stackframe();
+       unsigned num_servers, i;
+       struct server_id *servers;
+
+       status = irpc_servers_byname(msg_ctx, frame,
+                                    AUTH_EVENT_NAME,
+                                    &num_servers, &servers);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               DBG_NOTICE("Failed to find 'auth_event' registered on the "
+                          "message bus to send JSON authentication events to: %s\n",
+                          nt_errstr(status));
+               TALLOC_FREE(frame);
+               return status;
+       }
+
+       /*
+        * Select the first server that is listening, because
+        * we get connection refused as
+        * NT_STATUS_OBJECT_NAME_NOT_FOUND without waiting
+        */
+       for (i = 0; i < num_servers; i++) {
+               status = imessaging_send(msg_ctx, servers[i], MSG_PING,
+                                        &data_blob_null);
+               if (NT_STATUS_IS_OK(status)) {
+                       *auth_event_server = servers[i];
+                       TALLOC_FREE(frame);
+                       return NT_STATUS_OK;
+               }
+       }
+       DBG_NOTICE("Failed to find a running 'auth_event' server "
+                  "registered on the message bus to send JSON "
+                  "authentication events to\n");
+       TALLOC_FREE(frame);
+       return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+}
+
+static void auth_message_send(struct imessaging_context *msg_ctx,
+                             const char *json)
+{
+       struct server_id        auth_event_server;
+       NTSTATUS status;
+       DATA_BLOB json_blob = data_blob_string_const(json);
+       if (msg_ctx == NULL) {
+               return;
+       }
+
+       /* Need to refetch the address each time as the destination server may
+        * have disconnected and reconnected in the interim, in which case
+        * messages may get lost, manifests in the auth_log tests
+        */
+       status = get_auth_event_server(msg_ctx, &auth_event_server);
+       if (!NT_STATUS_IS_OK(status)) {
+               return;
+       }
+
+       status = imessaging_send(msg_ctx, auth_event_server, MSG_AUTH_LOG,
+                                &json_blob);
+
+       /* If the server crashed, try to find it again */
+       if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+               status = get_auth_event_server(msg_ctx, &auth_event_server);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return;
+               }
+               imessaging_send(msg_ctx, auth_event_server, MSG_AUTH_LOG,
+                               &json_blob);
+
+       }
+}
+
 /*
  * Write the json object to the debug lines.
  *

diff --git a/auth/wscript_build b/auth/wscript_build
index e0c694642369e42457b7ca3d571cfad385311760..9e55e1000c77b82a28980cc30e18dc0fef519e63 100644 (file)
--- a/auth/wscript_build
+++ b/auth/wscript_build
@@ -2,9 +2,9 @@
 
 bld.SAMBA_LIBRARY('common_auth',
                   source='auth_sam_reply.c wbc_auth_util.c auth_log.c',
-                  deps='talloc samba-security samba-util util_str_escape LIBTSOCKET jansson MESSAGING_SEND server_id_db',
-                  private_library=True
-                  )
+                  deps='talloc samba-security samba-util util_str_escape LIBTSOCKET jansson MESSAGING_SEND server_id_db ',
+                  private_library=True,
+                  allow_warnings=True)
 
 bld.RECURSE('gensec')
 bld.RECURSE('ntlmssp')