[PATCH] Updated Add detailed authentication logging for NTLM authentication.
Stefan Metzmacher
metze at samba.org
Thu Mar 2 11:43:48 UTC 2017
Am 02.03.2017 um 04:57 schrieb Andrew Bartlett:
> On Thu, 2017-03-02 at 16:48 +1300, Gary Lockyer wrote:
>> Produce detailed authentication logs for NTLM authentication, of both
>> successful and unsuccessful attempts. Patch includes changes to
>> ensure
>> that all the required fields are passed through to the logging
>> routines.
>>
>> Updated to:
>> log successful authorizations
>> log password type for authentications
>> replace talloc_steal with talloc_move in
>> source4/smbd/service_named_pipe.c
>> separate the auth logging into it's own file
>>
>>
>> Subsequent patches will log kerberos authentication and
>> produce machine parsable json log entries.
>
> Thanks Gary. We also need to remember password changes! (The always
> forgotten attack vector :-)
I haven't looked very closely, but is some places I had the impression
that a later patch fixes a problem in a former patch.
In order to understand the flow better, it would be useful to have this
sorted out and every single commit complies and is supposed to
work without crashing with NULL pointer deferences.
Typically it's better to pass new unused arguments from the top,
before they get used at the bottom.
I guess you also need to be prepared that a dcerpc bind negotiates no
presentation context, it's possible to use a dummy uuid and just
do the authentication.
We may also want to distinguish between the different LogonSamLogon
levels (interactive vs. network at least).
I'm also wondering why the log functions gets the user supplied info
but not the full auth_session_info.
The output format should also be flexible, we can't guarantee that
we'll generate the exact output forever.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170302/9c60d9b4/signature.sig>
More information about the samba-technical
mailing list