oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: Log more about KRB-ERROR failures

Browse Source
This commit is contained in:
Nicolas Williams
2021-12-23 21:06:31 -06:00
parent eeba89a1af
commit 833483137b
1 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
kdc/fast.c
View File

@@ -346,6 +346,7 @@ _kdc_fast_mk_error(astgs_request_t r,
* FX-COOKIE can be used outside of FAST, e.g. SRP or GSS. * FX-COOKIE can be used outside of FAST, e.g. SRP or GSS.
*/ */
if (armor_crypto || r->fast.fast_state.len) { if (armor_crypto || r->fast.fast_state.len) {
kdc_log(r->context, r->config, 5, "Adding FAST cookie for KRB-ERROR");
ret = fast_add_cookie(r, error_client, error_method); ret = fast_add_cookie(r, error_client, error_method);
if (ret) { if (ret) {
kdc_log(r->context, r->config, 1, kdc_log(r->context, r->config, 1,
@@ -362,6 +363,8 @@ _kdc_fast_mk_error(astgs_request_t r,
memset(&fxfastrep, 0, sizeof(fxfastrep)); memset(&fxfastrep, 0, sizeof(fxfastrep));
memset(&fastrep, 0, sizeof(fastrep)); memset(&fastrep, 0, sizeof(fastrep));
kdc_log(r->context, r->config, 5, "Making FAST inner KRB-ERROR");
/* first add the KRB-ERROR to the fast errors */ /* first add the KRB-ERROR to the fast errors */
ret = krb5_mk_error(r->context, ret = krb5_mk_error(r->context,
@@ -373,13 +376,18 @@ _kdc_fast_mk_error(astgs_request_t r,
NULL, NULL,
NULL, NULL,
&e_data); &e_data);
if (ret) if (ret) {
kdc_log(r->context, r->config, 1,
"Failed to make inner KRB-ERROR: %d", ret);
return ret; return ret;
}
ret = krb5_padata_add(r->context, error_method, ret = krb5_padata_add(r->context, error_method,
KRB5_PADATA_FX_ERROR, KRB5_PADATA_FX_ERROR,
e_data.data, e_data.length); e_data.data, e_data.length);
if (ret) { if (ret) {
kdc_log(r->context, r->config, 1,
"Failed to make add FAST PADATA to inner KRB-ERROR: %d", ret);
krb5_data_free(&e_data); krb5_data_free(&e_data);
return ret; return ret;
} }
@@ -397,21 +405,31 @@ _kdc_fast_mk_error(astgs_request_t r,
error_method, NULL, NULL, error_method, NULL, NULL,
req_body->nonce, &e_data); req_body->nonce, &e_data);
free_METHOD_DATA(error_method); free_METHOD_DATA(error_method);
if (ret) if (ret) {
kdc_log(r->context, r->config, 1,
"Failed to make outer KRB-ERROR: %d", ret);
return ret; return ret;
}
ret = krb5_padata_add(r->context, error_method, ret = krb5_padata_add(r->context, error_method,
KRB5_PADATA_FX_FAST, KRB5_PADATA_FX_FAST,
e_data.data, e_data.length); e_data.data, e_data.length);
if (ret) if (ret) {
kdc_log(r->context, r->config, 1,
"Failed to make add FAST PADATA to outer KRB-ERROR: %d", ret);
return ret; return ret;
} }
} else
kdc_log(r->context, r->config, 5, "Making non-FAST KRB-ERROR");
if (error_method && error_method->len) { if (error_method && error_method->len) {
ASN1_MALLOC_ENCODE(METHOD_DATA, e_data.data, e_data.length, ASN1_MALLOC_ENCODE(METHOD_DATA, e_data.data, e_data.length,
error_method, &size, ret); error_method, &size, ret);
if (ret) if (ret) {
kdc_log(r->context, r->config, 1,
"Failed to make encode METHOD-DATA: %d", ret);
return ret; return ret;
}
heim_assert(size == e_data.length, "internal asn.1 encoder error"); heim_assert(size == e_data.length, "internal asn.1 encoder error");
} }
@@ -426,6 +444,10 @@ _kdc_fast_mk_error(astgs_request_t r,
error_msg); error_msg);
krb5_data_free(&e_data); krb5_data_free(&e_data);
if (ret)
kdc_log(r->context, r->config, 1,
"Failed to make encode KRB-ERROR: %d", ret);
return ret; return ret;
} }