s4:auth: Add audit info parameters to check_password_recv()

These pointers can be set by implementing functions in order for them to
be logged in auth_check_password_recv().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index d39b23eb072fe2e05732f908fc6585a7909961ec..1ea4f11d581bc51278a6c51a3407816332c1cd83 100644 (file)
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -68,6 +68,8 @@ struct auth_operations {
        NTSTATUS (*check_password_recv)(struct tevent_req *subreq,
                                TALLOC_CTX *mem_ctx,
                                struct auth_user_info_dc **interim_info,
+                               const struct authn_audit_info **client_audit_info,
+                               const struct authn_audit_info **server_audit_info,
                                bool *authoritative);
 };
 

diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 570f82156f99bda120182e0af303fae3499969c4..9f5cb92f89f53f03d5334c7cc384d66c7bdae239 100644 (file)
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -158,6 +158,8 @@ struct auth_check_password_state {
        const struct auth_usersupplied_info *user_info;
        struct auth_user_info_dc *user_info_dc;
        struct auth_method_context *method;
+       const struct authn_audit_info *client_audit_info;
+       const struct authn_audit_info *server_audit_info;
        uint8_t authoritative;
 };
 
@@ -335,6 +337,8 @@ static void auth_check_password_done(struct tevent_req *subreq)
 
        status = state->method->ops->check_password_recv(subreq, state,
                                                         &state->user_info_dc,
+                                                        &state->client_audit_info,
+                                                        &state->server_audit_info,
                                                         &authoritative);
        TALLOC_FREE(subreq);
        if (!authoritative ||
@@ -405,8 +409,8 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
                                         &state->auth_ctx->start_time,
                                         state->user_info, status,
                                         NULL, NULL, NULL,
-                                        NULL /* client_audit_info */,
-                                        NULL /* server_audit_info */);
+                                        state->client_audit_info,
+                                        state->server_audit_info);
                tevent_req_received(req);
                return status;
        }
@@ -424,10 +428,14 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
                                 state->user_info_dc->info->domain_name,
                                 state->user_info_dc->info->account_name,
                                 &state->user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid,
-                                NULL /* client_audit_info */,
-                                NULL /* server_audit_info */);
+                                state->client_audit_info,
+                                state->server_audit_info);
 
-       /* Release our handle to state->user_info_dc. */
+       /*
+        * Release our handle to state->user_info_dc.
+        * state->{client,server}_audit_info, if non-NULL, becomes the new
+        * parent.
+       */
        *user_info_dc = talloc_reparent(state, mem_ctx, state->user_info_dc);
        state->user_info_dc = NULL;
 

diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c
index a25aacaa13782514226d4bbdc3db1dd8d6767e95..0f71830259c2c35535e669892cdfa2f1e9bcdda6 100644 (file)
--- a/source4/auth/ntlm/auth_anonymous.c
+++ b/source4/auth/ntlm/auth_anonymous.c
@@ -124,12 +124,17 @@ static NTSTATUS anonymous_check_password_recv(
        struct tevent_req *req,
        TALLOC_CTX *mem_ctx,
        struct auth_user_info_dc **interim_info,
+       const struct authn_audit_info **client_audit_info,
+       const struct authn_audit_info **server_audit_info,
        bool *authoritative)
 {
        struct anonymous_check_password_state *state = tevent_req_data(
                req, struct anonymous_check_password_state);
        NTSTATUS status;
 
+       *client_audit_info = NULL;
+       *server_audit_info = NULL;
+
        if (tevent_req_is_nterror(req, &status)) {
                tevent_req_received(req);
                return status;

diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c
index 4c3ad6733cb1d03e3e6401dbb21d5a790f4015f4..7b9610cc85e8c3f727304af7a67e4b854729b0c3 100644 (file)
--- a/source4/auth/ntlm/auth_developer.c
+++ b/source4/auth/ntlm/auth_developer.c
@@ -182,6 +182,8 @@ static NTSTATUS name_to_ntstatus_check_password_recv(
        struct tevent_req *req,
        TALLOC_CTX *mem_ctx,
        struct auth_user_info_dc **interim_info,
+       const struct authn_audit_info **client_audit_info,
+       const struct authn_audit_info **server_audit_info,
        bool *authoritative)
 {
        struct name_to_ntstatus_check_password_state *state = tevent_req_data(
@@ -189,6 +191,8 @@ static NTSTATUS name_to_ntstatus_check_password_recv(
        NTSTATUS status;
 
        *authoritative = state->authoritative;
+       *client_audit_info = NULL;
+       *server_audit_info = NULL;
 
        if (tevent_req_is_nterror(req, &status)) {
                tevent_req_received(req);

diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index b5ac1bc858c0266f858206e142192db7ab4ec8dd..60b301b104f8674a596b65c5ffabe008c3e0a8a8 100644 (file)
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -1169,6 +1169,8 @@ static NTSTATUS authsam_check_password_recv(
        struct tevent_req *req,
        TALLOC_CTX *mem_ctx,
        struct auth_user_info_dc **interim_info,
+       const struct authn_audit_info **client_audit_info,
+       const struct authn_audit_info **server_audit_info,
        bool *authoritative)
 {
        struct authsam_check_password_state *state = tevent_req_data(
@@ -1177,6 +1179,10 @@ static NTSTATUS authsam_check_password_recv(
 
        *authoritative = state->authoritative;
 
+       *client_audit_info = NULL;
+
+       *server_audit_info = NULL;
+
        if (tevent_req_is_nterror(req, &status)) {
                tevent_req_received(req);
                return status;

diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index 719d877a1703a8b8f055b442dfab2a99049461b6..4049c3ac20936a993b66b652badb98aa572a42e7 100644 (file)
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -281,6 +281,8 @@ static void winbind_check_password_done(struct tevent_req *subreq)
 static NTSTATUS winbind_check_password_recv(struct tevent_req *req,
                                            TALLOC_CTX *mem_ctx,
                                            struct auth_user_info_dc **user_info_dc,
+                                           const struct authn_audit_info **client_audit_info,
+                                           const struct authn_audit_info **server_audit_info,
                                            bool *pauthoritative)
 {
        struct winbind_check_password_state *state =
@@ -289,6 +291,8 @@ static NTSTATUS winbind_check_password_recv(struct tevent_req *req,
        NTSTATUS status = NT_STATUS_OK;
 
        *pauthoritative = state->authoritative;
+       *client_audit_info = NULL;
+       *server_audit_info = NULL;
 
        if (tevent_req_is_nterror(req, &status)) {
                tevent_req_received(req);