oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

switch to _kdc_r_log

Browse Source
This commit is contained in:
Love Hornquist Astrand
2011-05-11 23:25:02 -07:00
committed by Love Hörnquist Åstrand
parent 68bd6f63e8
commit 1e048065c1
1 changed files with 48 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
kdc/kerberos5.c
View File

@@ -241,6 +241,17 @@ _kdc_make_anonymous_principalname (PrincipalName *pn)
return 0; return 0;
} }
static void
_kdc_r_log(kdc_request_t r, int level, const char *fmt, ...)
{
va_list ap;
char *s;
va_start(ap, fmt);
s = kdc_log_msg_va(r->context, r->config, level, fmt, ap);
if(s) free(s);
va_end(ap);
}
static void static void
_kdc_set_e_text(kdc_request_t r, const char *e_text) _kdc_set_e_text(kdc_request_t r, const char *e_text)
{ {
@@ -287,15 +298,14 @@ _kdc_log_timestamp(krb5_context context,
static krb5_error_code static krb5_error_code
pa_pkinit_validate(kdc_request_t r, const PA_DATA *pa) pa_pkinit_validate(kdc_request_t r, const PA_DATA *pa)
{ {
pk_client_params *pkp = NULL;
char *client_cert = NULL; char *client_cert = NULL;
krb5_error_code ret; krb5_error_code ret;
pk_client_params *pkp = NULL;
ret = _kdc_pk_rd_padata(r->context, r->config, &r->req, pa, r->client, &pkp); ret = _kdc_pk_rd_padata(r->context, r->config, &r->req, pa, r->client, &pkp);
if (ret || pkp == NULL) { if (ret || pkp == NULL) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
kdc_log(r->context, r->config, 5, _kdc_r_log(r, 5, "Failed to decode PKINIT PA-DATA -- %s",
"Failed to decode PKINIT PA-DATA -- %s",
r->client_name); r->client_name);
goto out; goto out;
} }
@@ -312,8 +322,7 @@ pa_pkinit_validate(kdc_request_t r, const PA_DATA *pa)
goto out; goto out;
} }
kdc_log(r->context, r->config, 0, _kdc_r_log(r, 0, "PKINIT pre-authentication succeeded -- %s using %s",
"PKINIT pre-authentication succeeded -- %s using %s",
r->client_name, client_cert); r->client_name, client_cert);
free(client_cert); free(client_cert);
@@ -414,7 +423,7 @@ pa_enc_chal_validate(kdc_request_t r, const PA_DATA *pa)
&size); &size);
if (ret) { if (ret) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
kdc_log(r->context, r->config, 5, "Failed to decode PA-DATA -- %s", _kdc_r_log(r, 5, "Failed to decode PA-DATA -- %s",
r->client_name); r->client_name);
return ret; return ret;
} }
@@ -464,8 +473,7 @@ pa_enc_chal_validate(kdc_request_t r, const PA_DATA *pa)
if(ret){ if(ret){
krb5_crypto_destroy(r->context, challangecrypto); krb5_crypto_destroy(r->context, challangecrypto);
ret = KRB5KDC_ERR_PREAUTH_FAILED; ret = KRB5KDC_ERR_PREAUTH_FAILED;
kdc_log(r->context, r->config, _kdc_r_log(r, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
5, "Failed to decode PA-ENC-TS_ENC -- %s",
r->client_name); r->client_name);
continue; continue;
} }
@@ -479,8 +487,7 @@ pa_enc_chal_validate(kdc_request_t r, const PA_DATA *pa)
client_time, sizeof(client_time), TRUE); client_time, sizeof(client_time), TRUE);
ret = KRB5KRB_AP_ERR_SKEW; ret = KRB5KRB_AP_ERR_SKEW;
kdc_log(r->context, r->config, 0, _kdc_r_log(r, 0, "Too large time skew, "
"Too large time skew, "
"client time %s is out by %u > %u seconds -- %s", "client time %s is out by %u > %u seconds -- %s",
client_time, client_time,
(unsigned)abs(kdc_time - p.patimestamp), (unsigned)abs(kdc_time - p.patimestamp),
@@ -537,7 +544,7 @@ pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
&len); &len);
if (ret) { if (ret) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
kdc_log(r->context, r->config, 5, "Failed to decode PA-DATA -- %s", _kdc_r_log(r, 5, "Failed to decode PA-DATA -- %s",
r->client_name); r->client_name);
goto out; goto out;
} }
@@ -551,11 +558,11 @@ pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
if(krb5_enctype_to_string(r->context, enc_data.etype, &estr)) if(krb5_enctype_to_string(r->context, enc_data.etype, &estr))
estr = NULL; estr = NULL;
if(estr == NULL) if(estr == NULL)
kdc_log(r->context, r->config, 5, _kdc_r_log(r, 5,
"No client key matching pa-data (%d) -- %s", "No client key matching pa-data (%d) -- %s",
enc_data.etype, r->client_name); enc_data.etype, r->client_name);
else else
kdc_log(r->context, r->config, 5, _kdc_r_log(r, 5,
"No client key matching pa-data (%s) -- %s", "No client key matching pa-data (%s) -- %s",
estr, r->client_name); estr, r->client_name);
free(estr); free(estr);
@@ -567,7 +574,7 @@ pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
ret = krb5_crypto_init(r->context, &pa_key->key, 0, &crypto); ret = krb5_crypto_init(r->context, &pa_key->key, 0, &crypto);
if (ret) { if (ret) {
const char *msg = krb5_get_error_message(r->context, ret); const char *msg = krb5_get_error_message(r->context, ret);
kdc_log(r->context, r->config, 0, "krb5_crypto_init failed: %s", msg); _kdc_r_log(r, 0, "krb5_crypto_init failed: %s", msg);
krb5_free_error_message(r->context, msg); krb5_free_error_message(r->context, msg);
free_EncryptedData(&enc_data); free_EncryptedData(&enc_data);
goto out; goto out;
@@ -592,8 +599,7 @@ pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
pa_key->key.keytype, &str); pa_key->key.keytype, &str);
if (ret2) if (ret2)
str = NULL; str = NULL;
kdc_log(r->context, r->config, 5, _kdc_r_log(r, 5, "Failed to decrypt PA-DATA -- %s "
"Failed to decrypt PA-DATA -- %s "
"(enctype %s) error %s", "(enctype %s) error %s",
r->client_name, str ? str : "unknown enctype", msg); r->client_name, str ? str : "unknown enctype", msg);
krb5_free_error_message(r->context, msg); krb5_free_error_message(r->context, msg);
@@ -620,8 +626,7 @@ pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
krb5_data_free(&ts_data); krb5_data_free(&ts_data);
if(ret){ if(ret){
ret = KRB5KDC_ERR_PREAUTH_FAILED; ret = KRB5KDC_ERR_PREAUTH_FAILED;
kdc_log(r->context, r->config, _kdc_r_log(r, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
5, "Failed to decode PA-ENC-TS_ENC -- %s",
r->client_name); r->client_name);
goto out; goto out;
} }
@@ -632,8 +637,7 @@ pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
client_time, sizeof(client_time), TRUE); client_time, sizeof(client_time), TRUE);
ret = KRB5KRB_AP_ERR_SKEW; ret = KRB5KRB_AP_ERR_SKEW;
kdc_log(r->context, r->config, 0, _kdc_r_log(r, 0, "Too large time skew, "
"Too large time skew, "
"client time %s is out by %u > %u seconds -- %s", "client time %s is out by %u > %u seconds -- %s",
client_time, client_time,
(unsigned)abs(kdc_time - p.patimestamp), (unsigned)abs(kdc_time - p.patimestamp),
@@ -660,8 +664,7 @@ pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
ret = krb5_enctype_to_string(r->context, pa_key->key.keytype, &str); ret = krb5_enctype_to_string(r->context, pa_key->key.keytype, &str);
if (ret) if (ret)
str = NULL; str = NULL;
kdc_log(r->context, r->config, 2, _kdc_r_log(r, 2, "ENC-TS Pre-authentication succeeded -- %s using %s",
"ENC-TS Pre-authentication succeeded -- %s using %s",
r->client_name, str ? str : "unknown enctype"); r->client_name, str ? str : "unknown enctype");
free(str); free(str);