From: Joseph Sutton Date: Wed, 14 Jun 2023 22:18:00 +0000 (+1200) Subject: s4:kdc: Add structure containing authentication policy auditing information X-Git-Tag: talloc-2.4.1~370 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1429830699fa457f26643e246b5fd07eab3a32d;p=thirdparty%2Fsamba.git s4:kdc: Add structure containing authentication policy auditing information Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- diff --git a/auth/authn_policy.h b/auth/authn_policy.h index 65690ca2c46..bb1d91ec701 100644 --- a/auth/authn_policy.h +++ b/auth/authn_policy.h @@ -41,4 +41,27 @@ NTSTATUS authn_policy_ntlm_apply_device_restriction(const char *client_account_n const char *device_account_name, const struct authn_ntlm_client_policy *client_policy); +enum authn_audit_event { + AUTHN_AUDIT_EVENT_OK = 0, + AUTHN_AUDIT_EVENT_KERBEROS_DEVICE_RESTRICTION, + AUTHN_AUDIT_EVENT_KERBEROS_SERVER_RESTRICTION, + AUTHN_AUDIT_EVENT_NTLM_DEVICE_RESTRICTION, + AUTHN_AUDIT_EVENT_NTLM_SERVER_RESTRICTION, + AUTHN_AUDIT_EVENT_OTHER_ERROR, +}; + +enum authn_audit_reason { + AUTHN_AUDIT_REASON_NONE = 0, + AUTHN_AUDIT_REASON_DESCRIPTOR_INVALID, + AUTHN_AUDIT_REASON_DESCRIPTOR_NO_OWNER, + AUTHN_AUDIT_REASON_SECURITY_TOKEN_FAILURE, + AUTHN_AUDIT_REASON_ACCESS_DENIED, + AUTHN_AUDIT_REASON_FAST_REQUIRED, +}; + +struct authn_int64_optional { + bool is_present; + int64_t val; +}; + #endif diff --git a/auth/authn_policy_impl.h b/auth/authn_policy_impl.h index 6f151b66c6c..87a13253835 100644 --- a/auth/authn_policy_impl.h +++ b/auth/authn_policy_impl.h @@ -52,4 +52,16 @@ struct authn_server_policy { DATA_BLOB allowed_to_authenticate_to; }; +/* Auditing information. */ + +struct authn_audit_info { + struct authn_policy *policy; + const struct auth_user_info_dc *client_info; + enum authn_audit_event event; + enum authn_audit_reason reason; + NTSTATUS policy_status; + const char *location; + struct authn_int64_optional tgt_lifetime_raw; +}; + #endif