From 299df4981f58f2fd1bb7fffb947a3781d302e7f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 28 Jul 2005 20:29:39 +0000 Subject: [PATCH] (_kdc_as_rep): log what enctypes was using in ENC-TS preauth, both for failure and success. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15829 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kdc/kerberos5.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index f6f029872..69fa64e7b 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -873,6 +873,7 @@ _kdc_as_rep(krb5_context context, size_t len; EncryptedData enc_data; Key *pa_key; + char *str; found_pa = 1; @@ -924,14 +925,23 @@ _kdc_as_rep(krb5_context context, &ts_data); krb5_crypto_destroy(context, crypto); if(ret){ + ret = krb5_enctype_to_string(context, + pa_key->key.keytype, &str); + if (ret) + str = NULL; + kdc_log(context, config, 5, + "Failed to decrypt PA-DATA -- %s " + "(enctype %s) error %d", + client_name, str ? str : "unknown enctype", ret); + free(str); + + if(hdb_next_enctype2key(context, client, enc_data.etype, &pa_key) == 0) goto try_next_key; - free_EncryptedData(&enc_data); e_text = "Failed to decrypt PA-DATA"; - kdc_log(context, config, - 5, "Failed to decrypt PA-DATA -- %s", - client_name); + + free_EncryptedData(&enc_data); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; continue; } @@ -958,9 +968,15 @@ _kdc_as_rep(krb5_context context, goto out; } et.flags.pre_authent = 1; + + ret = krb5_enctype_to_string(context,pa_key->key.keytype, &str); + if (ret) + str = NULL; + kdc_log(context, config, 2, - "ENC-TS Pre-authentication succeeded -- %s", - client_name); + "ENC-TS Pre-authentication succeeded -- %s using %s", + client_name, str ? str : "unknown enctype"); + free(str); break; } #ifdef PKINIT