[Samba] nitwit's attempt to edit samba source
mourik jan heupink
heupink at merit.unu.edu
Thu Nov 26 08:51:42 UTC 2015
Hi,
Since I really would like some more info (specifically: remote ip
address) to be logged with failed password attempts, I have tried to
edit the samba source code. :-)
Anyway, I changed in source4/auth/ntlm/auth.c
> if (tevent_req_is_nterror(req, &status)) {
> DEBUG(2,("auth_check_password_recv: "
> "%s authentication for user [%s\\%s] "
> "FAILED with error %s\n",
> (state->method ? state->method->ops->name : "NO_METHOD"),
> state->user_info->mapped.domain_name,
> state->user_info->mapped.account_name,
> nt_errstr(status)));
> tevent_req_received(req);
> return status;
> }
to:
> if (tevent_req_is_nterror(req, &status)) {
> DEBUG(2,("auth_check_password_recv: "
> "%s authentication for user [%s\\%s] on host %s "
> "FAILED with error %s\n",
> (state->method ? state->method->ops->name : "NO_METHOD"),
> state->user_info->mapped.domain_name,
> state->user_info->remote_host,
> state->user_info->mapped.account_name,
> nt_errstr(status)));
> tevent_req_received(req);
> return status;
> }
No idea if that could work or not.... Anyway: my code actually compiled,
installed, and I provisioned a test domain/dc.
I was amazed. :-)
Anyway, trying a faulty password generates the following error now:
> ntlm_password_check: Lanman passwords NOT PERMITTED for user administrator
> [2015/11/26 09:30:46.863556, 3] ../libcli/auth/ntlm_check.c:587(ntlm_password_check)
> ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user administrator
> [2015/11/26 09:30:46.864067, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv)
> auth_check_password_recv: sam_ignoredomain authentication for user [SAMDOM\�j�]�] on host administrator FAILED with error NT_STATUS_WRONG_PASSWORD
> [2015/11/26 09:30:46.864149, 2] ../auth/gensec/spnego.c:693(gensec_spnego_server_negTokenTarg)
> SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
I noticed that I mixed up the order of variables (on host
"administrator" is obviously the username instead of the host) but
that's easy to correct of course.
My question is: state->user_info->remote_host seems to become "�j�]�".
(I guess some binary value)
So this is where my first 'programming attempt' ends. :-(
Anyone with tip how to add a remote-ip (coming from ip) to failed
passwords attemp log lines?
MJ
More information about the samba
mailing list