s4-netlogon: Provide logs for machine account success and failures

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 3f70a3eccc4cbf287cbb723044ce2753416b4a98..df0b730757bfb2fc9b0d1bde65909673e23e7590 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -43,6 +43,7 @@
 #include "librpc/gen_ndr/ndr_winbind_c.h"
 #include "lib/socket/netif.h"
 #include "rpc_server/common/sid_helper.h"
+#include "lib/util/util_str_escape.h"
 
 #define DCESRV_INTERFACE_NETLOGON_BIND(call, iface) \
        dcesrv_interface_netlogon_bind(call, iface)
@@ -467,8 +468,34 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
                                                   r->out.return_credentials,
                                                   negotiate_flags);
        }
-       if (creds == NULL) {
-               return NT_STATUS_ACCESS_DENIED;
+
+       {
+               char* local  = NULL;
+               char* remote = NULL;
+               TALLOC_CTX *frame = talloc_stackframe();
+
+               remote = tsocket_address_string(dce_call->conn->remote_address,
+                                               frame);
+               local  = tsocket_address_string(dce_call->conn->local_address,
+                                               frame);
+               if (creds == NULL) {
+                       DEBUG(2, ("Failed to authenticate NETLOGON "
+                                 "account[%s] workstation[%s] "
+                                 "remote[%s] local[%s]\n",
+                                 log_escape(frame, r->in.account_name),
+                                 log_escape(frame, r->in.computer_name),
+                                 remote, local));
+                       TALLOC_FREE(frame);
+                       return NT_STATUS_ACCESS_DENIED;
+               } else {
+                       DEBUG(3, ("Successful authenticate of NETLOGON "
+                                 "account[%s] workstation[%s] "
+                                 "remote[%s] local[%s]\n",
+                                 log_escape(frame, r->in.account_name),
+                                 log_escape(frame, r->in.computer_name),
+                                 remote, local));
+                       TALLOC_FREE(frame);
+               }
        }
 
        creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");

diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index 966e07ee6415129b7095a22d1f6e66fac1f7611b..31a5696e27068e84c54fa9ce7360a849af123445 100644 (file)
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -105,7 +105,8 @@ bld.SAMBA_MODULE('dcerpc_netlogon',
        source='netlogon/dcerpc_netlogon.c',
        subsystem='dcerpc_server',
        init_function='dcerpc_server_netlogon_init',
-       deps='DCERPC_COMMON RPC_NDR_IRPC COMMON_SCHANNEL ndr-standard auth4_sam samba-hostconfig DSDB_MODULE_HELPERS'
+       deps='''DCERPC_COMMON RPC_NDR_IRPC COMMON_SCHANNEL ndr-standard auth4_sam samba-hostconfig DSDB_MODULE_HELPERS
+        util_str_escape'''
        )