More complete logging of capths violations

It is much easier (i.e. actually possible) to debug transit path policy
violations when the logs specify the client and server realms, not just
the transit realm.
This commit is contained in:
Viktor Dukhovni
2014-03-15 03:59:18 +00:00
parent c9f65fc942
commit ae2df333cd
3 changed files with 4 additions and 4 deletions

View File

@@ -427,8 +427,8 @@ krb5_check_transited(krb5_context context,
krb5_config_free_strings(tr_realms);
krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT,
N_("no transit allowed "
"through realm %s", ""),
realms[i]);
"through realm %s from %s to %s", ""),
realms[i], client_realm, server_realm);
if(bad_realm)
*bad_realm = i;
return KRB5KRB_AP_ERR_ILL_CR_TKT;

View File

@@ -1705,7 +1705,7 @@ msgstr ""
#: lib/krb5/transited.c:457
#: lib/krb5/transited.c:490
#, c-format
msgid "no transit allowed through realm %s"
msgid "no transit allowed through realm %s from %s to %s"
msgstr ""
#: lib/krb5/v4_glue.c:153

View File

@@ -1675,7 +1675,7 @@ msgstr ""
#: lib/krb5/transited.c:457
#: lib/krb5/transited.c:490
#, c-format
msgid "no transit allowed through realm %s"
msgid "no transit allowed through realm %s from %s to %s"
msgstr ""
#: lib/krb5/v4_glue.c:151