oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: audit "yes" boolean values as booleans

Browse Source 
Audit boolean values that were logged as "yes" as boolean values; this will
change audit log values to "true" instead, so this patch may be omitted.
This commit is contained in:
Luke Howard
2022-01-01 18:32:52 +11:00
parent e15e711b13
commit a9c6bc2bf2
3 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
kdc/bx509d.c
View File

@@ -1638,8 +1638,7 @@ bnegotiate(struct bx509_request_desc *r)
if (ret == 0) { if (ret == 0) {
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS, "target", "%s", heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS, "target", "%s",
r->target ? r->target : "<unknown>"); r->target ? r->target : "<unknown>");
heim_audit_addkv((heim_svc_req_desc)r, 0, "redir", "%s", heim_audit_addkv_bool((heim_svc_req_desc)r, "redir", !!r->redir);
r->redir ? "yes" : "no");
ret = validate_token(r); ret = validate_token(r);
} }
/* bnegotiate_get_target() and validate_token() call bad_req() */ /* bnegotiate_get_target() and validate_token() call bad_req() */

2
kdc/kerberos5.c
View File

@@ -2479,7 +2479,7 @@ _kdc_as_rep(astgs_request_t r)
/* check for valid set of addresses */ /* check for valid set of addresses */
if (!_kdc_check_addresses(r, b->addresses, r->addr)) { if (!_kdc_check_addresses(r, b->addresses, r->addr)) {
if (r->config->warn_ticket_addresses) { if (r->config->warn_ticket_addresses) {
_kdc_audit_addkv((kdc_request_t)r, 0, "wrongaddr", "yes"); _kdc_audit_addkv_bool((kdc_request_t)r, "wrongaddr", TRUE);
} else { } else {
_kdc_set_e_text(r, "Request from wrong address"); _kdc_set_e_text(r, "Request from wrong address");
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;

6
kdc/krb5tgs.c
View File

@@ -1135,7 +1135,7 @@ next_kvno:
_kdc_audit_addaddrs((kdc_request_t)r, (*ticket)->ticket.caddr, "tixaddrs"); _kdc_audit_addaddrs((kdc_request_t)r, (*ticket)->ticket.caddr, "tixaddrs");
if (r->config->warn_ticket_addresses && ret == KRB5KRB_AP_ERR_BADADDR && if (r->config->warn_ticket_addresses && ret == KRB5KRB_AP_ERR_BADADDR &&
*ticket != NULL) { *ticket != NULL) {
_kdc_audit_addkv((kdc_request_t)r, 0, "wrongaddr", "yes"); _kdc_audit_addkv_bool((kdc_request_t)r, "wrongaddr", TRUE);
ret = 0; ret = 0;
} }
if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY && kvno_search_tries > 0) { if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY && kvno_search_tries > 0) {
@@ -2340,12 +2340,12 @@ server_lookup:
if (!_kdc_check_addresses(priv, tgt->caddr, from_addr)) { if (!_kdc_check_addresses(priv, tgt->caddr, from_addr)) {
if (config->check_ticket_addresses) { if (config->check_ticket_addresses) {
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;
_kdc_audit_addkv((kdc_request_t)priv, 0, "wrongaddr", "yes"); _kdc_audit_addkv_bool((kdc_request_t)priv, "wrongaddr", TRUE);
kdc_log(context, config, 4, "Request from wrong address"); kdc_log(context, config, 4, "Request from wrong address");
_kdc_audit_addreason((kdc_request_t)priv, "Request from wrong address"); _kdc_audit_addreason((kdc_request_t)priv, "Request from wrong address");
goto out; goto out;
} else if (config->warn_ticket_addresses) { } else if (config->warn_ticket_addresses) {
_kdc_audit_addkv((kdc_request_t)priv, 0, "wrongaddr", "yes"); _kdc_audit_addkv_bool((kdc_request_t)priv, "wrongaddr", TRUE);
} }
} }