svn rev #21741: trunk/src/kdc/
raeburn@MIT.EDU
raeburn at MIT.EDU
Tue Jan 13 16:54:47 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21741
Commit By: raeburn
Log Message:
/tmp/3
Changed Files:
U trunk/src/kdc/do_as_req.c
U trunk/src/kdc/kdc_util.c
U trunk/src/kdc/kdc_util.h
Modified: trunk/src/kdc/do_as_req.c
===================================================================
--- trunk/src/kdc/do_as_req.c 2009-01-13 19:43:18 UTC (rev 21740)
+++ trunk/src/kdc/do_as_req.c 2009-01-13 21:54:45 UTC (rev 21741)
@@ -2,7 +2,7 @@
* kdc/do_as_req.c
*
* Portions Copyright (C) 2007 Apple Inc.
- * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007,2008,2009 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -99,7 +99,7 @@
krb5_error_code errcode;
int c_nprincs = 0, s_nprincs = 0;
krb5_boolean more;
- krb5_timestamp kdc_time, authtime;
+ krb5_timestamp kdc_time, authtime = 0;
krb5_keyblock session_key;
const char *status;
krb5_key_data *server_key, *client_key;
@@ -550,9 +550,6 @@
memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
free(reply.enc_part.ciphertext.data);
- log_as_req(from, request, &reply, cname, sname, authtime, 0, 0, 0);
- did_log = 1;
-
#ifdef KRBCONF_KDC_MODIFIES_KDB
/*
* If we get this far, we successfully did the AS_REQ.
@@ -562,6 +559,10 @@
#endif /* KRBCONF_KDC_MODIFIES_KDB */
update_client = 1;
+ log_as_req(from, request, &reply, &client, cname, &server, sname,
+ authtime, 0, 0, 0);
+ did_log = 1;
+
goto egress;
errout:
@@ -569,10 +570,6 @@
/* fall through */
egress:
- if (update_client) {
- audit_as_request(request, &client, &server, authtime, errcode);
- }
-
if (pa_context)
free_padata_context(kdc_context, &pa_context);
@@ -580,7 +577,7 @@
emsg = krb5_get_error_message(kdc_context, errcode);
if (status) {
- log_as_req(from, request, &reply, cname, sname, 0,
+ log_as_req(from, request, &reply, &client, cname, &server, sname, 0,
status, errcode, emsg);
did_log = 1;
}
Modified: trunk/src/kdc/kdc_util.c
===================================================================
--- trunk/src/kdc/kdc_util.c 2009-01-13 19:43:18 UTC (rev 21740)
+++ trunk/src/kdc/kdc_util.c 2009-01-13 21:54:45 UTC (rev 21741)
@@ -1,7 +1,7 @@
/*
* kdc/kdc_util.c
*
- * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007,2008,2009 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -2117,84 +2117,6 @@
}
krb5_error_code
-audit_as_request(krb5_kdc_req *request,
- krb5_db_entry *client,
- krb5_db_entry *server,
- krb5_timestamp authtime,
- krb5_error_code errcode)
-{
- krb5_error_code code;
- kdb_audit_as_req req;
- krb5_data req_data;
- krb5_data rep_data;
-
- memset(&req, 0, sizeof(req));
-
- req.request = request;
- req.client = client;
- req.server = server;
- req.authtime = authtime;
- req.error_code = errcode;
-
- req_data.data = (void *)&req;
- req_data.length = sizeof(req);
-
- rep_data.data = NULL;
- rep_data.length = 0;
-
- code = krb5_db_invoke(kdc_context,
- KRB5_KDB_METHOD_AUDIT_AS,
- &req_data,
- &rep_data);
- if (code == KRB5_KDB_DBTYPE_NOSUP) {
- return 0;
- }
-
- assert(rep_data.length == 0);
-
- return code;
-}
-
-krb5_error_code
-audit_tgs_request(krb5_kdc_req *request,
- krb5_const_principal client,
- krb5_db_entry *server,
- krb5_timestamp authtime,
- krb5_error_code errcode)
-{
- krb5_error_code code;
- kdb_audit_tgs_req req;
- krb5_data req_data;
- krb5_data rep_data;
-
- memset(&req, 0, sizeof(req));
-
- req.request = request;
- req.client = client;
- req.server = server;
- req.authtime = authtime;
- req.error_code = errcode;
-
- req_data.data = (void *)&req;
- req_data.length = sizeof(req);
-
- rep_data.data = NULL;
- rep_data.length = 0;
-
- code = krb5_db_invoke(kdc_context,
- KRB5_KDB_METHOD_AUDIT_TGS,
- &req_data,
- &rep_data);
- if (code == KRB5_KDB_DBTYPE_NOSUP) {
- return 0;
- }
-
- assert(rep_data.length == 0);
-
- return code;
-}
-
-krb5_error_code
validate_transit_path(krb5_context context,
krb5_const_principal client,
krb5_db_entry *server,
@@ -2228,7 +2150,8 @@
void
log_as_req(const krb5_fulladdr *from,
krb5_kdc_req *request, krb5_kdc_rep *reply,
- const char *cname, const char *sname,
+ krb5_db_entry *client, const char *cname,
+ krb5_db_entry *server, const char *sname,
krb5_timestamp authtime,
const char *status, krb5_error_code errcode, const char *emsg)
{
@@ -2268,6 +2191,33 @@
audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0,
cname, sname, errcode);
#endif
+#if 1
+ {
+ kdb_audit_as_req req;
+ krb5_data req_data;
+ krb5_data rep_data;
+
+ memset(&req, 0, sizeof(req));
+
+ req.request = request;
+ req.client = client;
+ req.server = server;
+ req.authtime = authtime;
+ req.error_code = errcode;
+
+ req_data.data = (void *)&req;
+ req_data.length = sizeof(req);
+
+ rep_data.data = NULL;
+ rep_data.length = 0;
+
+ (void) krb5_db_invoke(kdc_context,
+ KRB5_KDB_METHOD_AUDIT_AS,
+ &req_data,
+ &rep_data);
+ assert(rep_data.length == 0);
+ }
+#endif
}
/* Here "status" must be non-null. Error code
Modified: trunk/src/kdc/kdc_util.h
===================================================================
--- trunk/src/kdc/kdc_util.h 2009-01-13 19:43:18 UTC (rev 21740)
+++ trunk/src/kdc/kdc_util.h 2009-01-13 21:54:45 UTC (rev 21741)
@@ -284,7 +284,8 @@
void
log_as_req(const krb5_fulladdr *from,
krb5_kdc_req *request, krb5_kdc_rep *reply,
- const char *cname, const char *sname,
+ krb5_db_entry *client, const char *cname,
+ krb5_db_entry *server, const char *sname,
krb5_timestamp authtime,
const char *status, krb5_error_code errcode, const char *emsg);
void
More information about the cvs-krb5
mailing list