oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

More complete logging of capths violations

Browse Source 
It is much easier (i.e. actually possible) to debug transit path policy
violations when the logs specify the client and server realms, not just
the transit realm.
This commit is contained in:
Viktor Dukhovni
2014-03-15 03:59:18 +00:00
parent c9f65fc942
commit ae2df333cd
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/krb5/transited.c
View File

@@ -427,8 +427,8 @@ krb5_check_transited(krb5_context context,
krb5_config_free_strings(tr_realms);
krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT,
N_("no transit allowed "
"through realm %s", ""),
realms[i]);
"through realm %s from %s to %s", ""),
realms[i], client_realm, server_realm);
if(bad_realm)
*bad_realm = i;
return KRB5KRB_AP_ERR_ILL_CR_TKT;

2
po/heimdal_krb5/heimdal_krb5.pot
View File

@@ -1705,7 +1705,7 @@ msgstr ""
#: lib/krb5/transited.c:457
#: lib/krb5/transited.c:490
#, c-format
msgid "no transit allowed through realm %s"
msgid "no transit allowed through realm %s from %s to %s"
msgstr ""
#: lib/krb5/v4_glue.c:153

2
po/heimdal_krb5/sv_SE.po
View File

@@ -1675,7 +1675,7 @@ msgstr ""
#: lib/krb5/transited.c:457
#: lib/krb5/transited.c:490
#, c-format
msgid "no transit allowed through realm %s"
msgid "no transit allowed through realm %s from %s to %s"
msgstr ""
#: lib/krb5/v4_glue.c:151