svn rev #21745: trunk/src/kdc/
raeburn@MIT.EDU
raeburn at MIT.EDU
Wed Jan 14 14:50:39 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21745
Commit By: raeburn
Log Message:
Pass s4u name and c_flags to log_tgs_req. If values are supplied, log
an additional message to record the name and s4u mode.
Untested for lack of code to invoke these code paths.
Changed Files:
U trunk/src/kdc/do_tgs_req.c
U trunk/src/kdc/kdc_util.c
U trunk/src/kdc/kdc_util.h
Modified: trunk/src/kdc/do_tgs_req.c
===================================================================
--- trunk/src/kdc/do_tgs_req.c 2009-01-14 00:29:04 UTC (rev 21744)
+++ trunk/src/kdc/do_tgs_req.c 2009-01-14 19:50:34 UTC (rev 21745)
@@ -1,7 +1,7 @@
/*
* kdc/do_tgs_req.c
*
- * Copyright 1990,1991,2001,2007,2008 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2001,2007,2008,2009 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -840,7 +840,7 @@
if (errcode)
emsg = krb5_get_error_message (kdc_context, errcode);
log_tgs_req(from, request, &reply, cname, sname, altcname, authtime,
- status, errcode, emsg);
+ c_flags, s4u_name, status, errcode, emsg);
if (errcode) {
krb5_free_error_message (kdc_context, emsg);
emsg = NULL;
Modified: trunk/src/kdc/kdc_util.c
===================================================================
--- trunk/src/kdc/kdc_util.c 2009-01-14 00:29:04 UTC (rev 21744)
+++ trunk/src/kdc/kdc_util.c 2009-01-14 19:50:34 UTC (rev 21745)
@@ -2147,6 +2147,7 @@
/* "status" is null to indicate success. */
/* Someday, pass local address/port as well. */
+/* Currently no info about name canonicalization is logged. */
void
log_as_req(const krb5_fulladdr *from,
krb5_kdc_req *request, krb5_kdc_rep *reply,
@@ -2221,12 +2222,15 @@
}
/* Here "status" must be non-null. Error code
- KRB5KDC_ERR_SERVER_NOMATCH is handled specially. */
+ KRB5KDC_ERR_SERVER_NOMATCH is handled specially.
+
+ Currently no info about name canonicalization is logged. */
void
log_tgs_req(const krb5_fulladdr *from,
krb5_kdc_req *request, krb5_kdc_rep *reply,
const char *cname, const char *sname, const char *altcname,
krb5_timestamp authtime,
+ unsigned int c_flags, const char *s4u_name,
const char *status, krb5_error_code errcode, const char *emsg)
{
char ktypestr[128];
@@ -2248,7 +2252,7 @@
/* Differences: server-nomatch message logs 2nd ticket's client
name (useful), and doesn't log ktypestr (probably not
important). */
- if (errcode != KRB5KDC_ERR_SERVER_NOMATCH)
+ if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) {
krb5_klog_syslog(LOG_INFO,
"TGS_REQ (%s) %s: %s: authtime %d, %s%s %s for %s%s%s",
ktypestr,
@@ -2259,7 +2263,19 @@
sname ? sname : "<unknown server>",
errcode ? ", " : "",
errcode ? emsg : "");
- else
+ if (s4u_name) {
+ assert(isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) ||
+ isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION));
+ if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION))
+ krb5_klog_syslog(LOG_INFO,
+ "... PROTOCOL-TRANSITION s4u-client=%s",
+ s4u_name);
+ else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
+ krb5_klog_syslog(LOG_INFO,
+ "... CONSTRAINED-DELEGATION s4u-client=%s",
+ s4u_name);
+ }
+ } else
krb5_klog_syslog(LOG_INFO,
"TGS_REQ %s: %s: authtime %d, %s for %s, 2nd tkt client %s",
fromstring, status, authtime,
@@ -2269,6 +2285,7 @@
/* OpenSolaris: audit_krb5kdc_tgs_req(...) or
audit_krb5kdc_tgs_req_2ndtktmm(...) */
+ /* ... krb5_db_invoke ... */
}
void
Modified: trunk/src/kdc/kdc_util.h
===================================================================
--- trunk/src/kdc/kdc_util.h 2009-01-14 00:29:04 UTC (rev 21744)
+++ trunk/src/kdc/kdc_util.h 2009-01-14 19:50:34 UTC (rev 21745)
@@ -293,6 +293,7 @@
krb5_kdc_req *request, krb5_kdc_rep *reply,
const char *cname, const char *sname, const char *altcname,
krb5_timestamp authtime,
+ unsigned int c_flags, const char *s4u_name,
const char *status, krb5_error_code errcode, const char *emsg);
void log_tgs_alt_tgt(krb5_principal p);
More information about the cvs-krb5
mailing list