+ break;
+ }
+ case HDB_AUTH_INVALID_SIGNATURE:
+ break;
+ case HDB_AUTH_CORRECT_PASSWORD:
+ case HDB_AUTH_WRONG_PASSWORD:
+ {
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct samba_kdc_entry *p = talloc_get_type(entry->ctx,
+ struct samba_kdc_entry);
+ struct dom_sid *sid
+ = samdb_result_dom_sid(frame, p->msg, "objectSid");
+ const char *account_name
+ = ldb_msg_find_attr_as_string(p->msg, "sAMAccountName", NULL);
+ const char *domain_name = lpcfg_sam_name(p->kdc_db_ctx->lp_ctx);
+ struct tsocket_address *remote_host;
+ NTSTATUS status;
+ int ret;
+
+ if (hdb_auth_status == HDB_AUTH_WRONG_PASSWORD) {
+ authsam_update_bad_pwd_count(kdc_db_ctx->samdb, p->msg, domain_dn);
+ status = NT_STATUS_WRONG_PASSWORD;
+ } else {
+ status = NT_STATUS_OK;
+ }
+
+ ret = tsocket_address_bsd_from_sockaddr(frame, from_addr,
+ sa_socklen,
+ &remote_host);
+ if (ret != 0) {
+ ui.remote_host = NULL;
+ } else {
+ ui.remote_host = remote_host;
+ }
+
+ ui.mapped.account_name = account_name;
+ ui.mapped.domain_name = domain_name;
+
+ log_authentication_event(kdc_db_ctx->msg_ctx,
+ kdc_db_ctx->lp_ctx,
+ &ui,
+ status,
+ domain_name,
+ account_name,
+ NULL,
+ sid);
+ TALLOC_FREE(frame);
+ break;
+ }
+ case HDB_AUTH_CLIENT_UNKNOWN:
+ {
+ struct tsocket_address *remote_host;
+ int ret;
+ TALLOC_CTX *frame = talloc_stackframe();
+ ret = tsocket_address_bsd_from_sockaddr(frame, from_addr,
+ sa_socklen,
+ &remote_host);
+ if (ret != 0) {
+ ui.remote_host = NULL;
+ } else {
+ ui.remote_host = remote_host;
+ }
+
+ log_authentication_event(kdc_db_ctx->msg_ctx,
+ kdc_db_ctx->lp_ctx,
+ &ui,
+ NT_STATUS_NO_SUCH_USER,
+ NULL, NULL,
+ NULL, NULL);
+ TALLOC_FREE(frame);
+ break;
+ }