oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: audit "yes" boolean values as booleans

Browse Source 
Audit boolean values that were logged as "yes" as boolean values; this will
change audit log values to "true" instead, so this patch may be omitted.
This commit is contained in:
Luke Howard
2022-01-01 18:32:52 +11:00
parent e15e711b13
commit a9c6bc2bf2
3 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
kdc/bx509d.c
View File

@@ -1638,8 +1638,7 @@ bnegotiate(struct bx509_request_desc *r)
if (ret == 0) {
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS, "target", "%s",
r->target ? r->target : "<unknown>");
heim_audit_addkv((heim_svc_req_desc)r, 0, "redir", "%s",
r->redir ? "yes" : "no");
heim_audit_addkv_bool((heim_svc_req_desc)r, "redir", !!r->redir);
ret = validate_token(r);
}
/* bnegotiate_get_target() and validate_token() call bad_req() */

2
kdc/kerberos5.c
View File

@@ -2479,7 +2479,7 @@ _kdc_as_rep(astgs_request_t r)
/* check for valid set of addresses */
if (!_kdc_check_addresses(r, b->addresses, r->addr)) {
if (r->config->warn_ticket_addresses) {
_kdc_audit_addkv((kdc_request_t)r, 0, "wrongaddr", "yes");
_kdc_audit_addkv_bool((kdc_request_t)r, "wrongaddr", TRUE);
} else {
_kdc_set_e_text(r, "Request from wrong address");
ret = KRB5KRB_AP_ERR_BADADDR;

6
kdc/krb5tgs.c
View File

@@ -1135,7 +1135,7 @@ next_kvno:
_kdc_audit_addaddrs((kdc_request_t)r, (*ticket)->ticket.caddr, "tixaddrs");
if (r->config->warn_ticket_addresses && ret == KRB5KRB_AP_ERR_BADADDR &&
*ticket != NULL) {
_kdc_audit_addkv((kdc_request_t)r, 0, "wrongaddr", "yes");
_kdc_audit_addkv_bool((kdc_request_t)r, "wrongaddr", TRUE);
ret = 0;
}
if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY && kvno_search_tries > 0) {
@@ -2340,12 +2340,12 @@ server_lookup:
if (!_kdc_check_addresses(priv, tgt->caddr, from_addr)) {
if (config->check_ticket_addresses) {
ret = KRB5KRB_AP_ERR_BADADDR;
_kdc_audit_addkv((kdc_request_t)priv, 0, "wrongaddr", "yes");
_kdc_audit_addkv_bool((kdc_request_t)priv, "wrongaddr", TRUE);
kdc_log(context, config, 4, "Request from wrong address");
_kdc_audit_addreason((kdc_request_t)priv, "Request from wrong address");
goto out;
} else if (config->warn_ticket_addresses) {
_kdc_audit_addkv((kdc_request_t)priv, 0, "wrongaddr", "yes");
_kdc_audit_addkv_bool((kdc_request_t)priv, "wrongaddr", TRUE);
}
}