[Samba] nitwit's attempt to edit samba source

mourik jan heupink heupink at merit.unu.edu
Thu Nov 26 08:51:42 UTC 2015 

Hi,

Since I really would like some more info (specifically: remote ip 
address) to be logged with failed password attempts, I have tried to 
edit the samba source code. :-)

Anyway, I changed in source4/auth/ntlm/auth.c


> 	if (tevent_req_is_nterror(req, &status)) {
> 		DEBUG(2,("auth_check_password_recv: "
> 			 "%s authentication for user [%s\\%s] "
> 			 "FAILED with error %s\n",
> 			 (state->method ? state->method->ops->name : "NO_METHOD"),
> 			 state->user_info->mapped.domain_name,
> 			 state->user_info->mapped.account_name,
> 			 nt_errstr(status)));
> 		tevent_req_received(req);
> 		return status;
> 	}

to:

> 	if (tevent_req_is_nterror(req, &status)) {
> 		DEBUG(2,("auth_check_password_recv: "
> 			 "%s authentication for user [%s\\%s] on host %s "
> 			 "FAILED with error %s\n",
> 			 (state->method ? state->method->ops->name : "NO_METHOD"),
> 			 state->user_info->mapped.domain_name,
> 			 state->user_info->remote_host,
> 			 state->user_info->mapped.account_name,
> 			 nt_errstr(status)));
> 		tevent_req_received(req);
> 		return status;
> 	}

No idea if that could work or not.... Anyway: my code actually compiled, 
installed, and I provisioned a test domain/dc.

I was amazed. :-)

Anyway, trying a faulty password generates the following error now:

>   ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator
> [2015/11/26 09:30:46.863556,  3] ../libcli/auth/ntlm_check.c:587(ntlm_password_check)
>   ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user administrator
> [2015/11/26 09:30:46.864067,  2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv)
>   auth_check_password_recv: sam_ignoredomain authentication for user [SAMDOM\�j�]�] on host administrator FAILED with error NT_STATUS_WRONG_PASSWORD
> [2015/11/26 09:30:46.864149,  2] ../auth/gensec/spnego.c:693(gensec_spnego_server_negTokenTarg)
>   SPNEGO login failed: NT_STATUS_WRONG_PASSWORD

I noticed that I mixed up the order of variables (on host 
"administrator" is obviously the username instead of the host) but 
that's easy to correct of course.

My question is: state->user_info->remote_host seems to become "�j�]�". 
(I guess some binary value)

So this is where my first 'programming attempt' ends. :-(

Anyone with tip how to add a remote-ip (coming from ip) to failed 
passwords attemp log lines?

MJ

More information about the samba mailing list