[PATCH] Add detailed authentication logging for NTLM authentication.

[Jeremy Allison]

On Tue, Feb 28, 2017 at 04:26:34PM +1300, Gary Lockyer wrote:
> 
> Produce detailed authentication logs for NTLM authentication, of both
> successful and unsuccessful attempts.  Patch includes changes to ensure
> that all the required fields are passed through to the logging routines.
> 
> Subsequent patches will log authorization, kerberos authentication, and
> produce machine parsable json log entries.

> From 47a82ac312f4b6059f3a7ef02cd2f426a6e51d07 Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Mon, 20 Feb 2017 12:01:37 +1300
> Subject: [PATCH 02/18] s4-smbd: Remember the original client and server IPs
>  from the SMB connection
> 
> We need to know in the RPC server the original address the client came from
> so that we can log this with the authentication audit information
> 
> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
> Pair-Programmed: Gary Lockyer <gary at catalyst.net.nz>
> ---
>  source4/smbd/service_named_pipe.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/source4/smbd/service_named_pipe.c b/source4/smbd/service_named_pipe.c
> index b75a9fa..6cd71ff 100644
> --- a/source4/smbd/service_named_pipe.c
> +++ b/source4/smbd/service_named_pipe.c
> @@ -119,6 +119,9 @@ static void named_pipe_accept_done(struct tevent_req *subreq)
>  		goto out;
>  	}
>  
> +	conn->local_address = talloc_steal(conn, server);
> +	conn->remote_address = talloc_steal(conn, client);

	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

	Can you use talloc_move() here instead please ?

talloc_steal leaves both pointers active and pointing to
the same thing, which *can* (but not always of course :-)
cause problems later. It's probably OK in this instance,
but I'm trying to raise our game here :-).

Cheers,

	Jeremy.