diff options
author | Zhanna Tsitkov <tsitkova@mit.edu> | 2013-12-20 19:18:57 -0500 |
---|---|---|
committer | Zhanna Tsitkov <tsitkova@mit.edu> | 2013-12-20 19:23:32 -0500 |
commit | cf035ea27f98f351cc87d3c3b829f3604002f119 (patch) | |
tree | f8c5781ec08fe894c2378dd56e1d2cd0067030e6 /src/kdc/kdc_util.c | |
parent | 28633f186a943721b6948875ca85a4a34bc87da4 (diff) | |
download | krb5-cf035ea27f98f351cc87d3c3b829f3604002f119.tar.gz krb5-cf035ea27f98f351cc87d3c3b829f3604002f119.tar.xz krb5-cf035ea27f98f351cc87d3c3b829f3604002f119.zip |
Move kdc log routines into a separate file
Their previous location - kdc_util.c - seems to be overloaded with
various helper functions. No code changes.
Diffstat (limited to 'src/kdc/kdc_util.c')
-rw-r--r-- | src/kdc/kdc_util.c | 196 |
1 files changed, 0 insertions, 196 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 5409078a44..93a51d50af 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1604,202 +1604,6 @@ validate_transit_path(krb5_context context, return 0; } - -/* Main logging routines for ticket requests. - - There are a few simple cases -- unparseable requests mainly -- - where messages are logged otherwise, but once a ticket request can - be decoded in some basic way, these routines are used for logging - the details. */ - -/* "status" is null to indicate success. */ -/* Someday, pass local address/port as well. */ -/* Currently no info about name canonicalization is logged. */ -void -log_as_req(krb5_context context, const krb5_fulladdr *from, - krb5_kdc_req *request, krb5_kdc_rep *reply, - krb5_db_entry *client, const char *cname, - krb5_db_entry *server, const char *sname, - krb5_timestamp authtime, - const char *status, krb5_error_code errcode, const char *emsg) -{ - const char *fromstring = 0; - char fromstringbuf[70]; - char ktypestr[128]; - const char *cname2 = cname ? cname : "<unknown client>"; - const char *sname2 = sname ? sname : "<unknown server>"; - - fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype), - from->address->contents, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = "<unknown>"; - ktypes2str(ktypestr, sizeof(ktypestr), - request->nktypes, request->ktype); - - if (status == NULL) { - /* success */ - char rep_etypestr[128]; - rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply); - krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: ISSUE: authtime %d, %s, " - "%s for %s"), - ktypestr, fromstring, authtime, - rep_etypestr, cname2, sname2); - } else { - /* fail */ - krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: %s: %s for %s%s%s"), - ktypestr, fromstring, status, - cname2, sname2, emsg ? ", " : "", emsg ? emsg : ""); - } - krb5_db_audit_as_req(context, request, client, server, authtime, - errcode); -#if 0 - /* Sun (OpenSolaris) version would probably something like this. - The client and server names passed can be null, unlike in the - logging routines used above. Note that a struct in_addr is - used, but the real address could be an IPv6 address. */ - audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0, - cname, sname, errcode); -#endif -} - -/* - * Unparse a principal for logging purposes and limit the string length. - * Ignore errors because the most likely errors are memory exhaustion, and many - * other things will fail in the logging functions in that case. - */ -static void -unparse_and_limit(krb5_context ctx, krb5_principal princ, char **str) -{ - /* Ignore errors */ - krb5_unparse_name(ctx, princ, str); - limit_string(*str); -} - -/* Here "status" must be non-null. Error code - KRB5KDC_ERR_SERVER_NOMATCH is handled specially. - - Currently no info about name canonicalization is logged. */ -void -log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, - krb5_kdc_req *request, krb5_kdc_rep *reply, - krb5_principal cprinc, krb5_principal sprinc, - krb5_principal altcprinc, - krb5_timestamp authtime, - unsigned int c_flags, - const char *status, krb5_error_code errcode, const char *emsg) -{ - char ktypestr[128]; - const char *fromstring = 0; - char fromstringbuf[70]; - char rep_etypestr[128]; - char *cname = NULL, *sname = NULL, *altcname = NULL; - char *logcname = NULL, *logsname = NULL, *logaltcname = NULL; - - fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype), - from->address->contents, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = "<unknown>"; - ktypes2str(ktypestr, sizeof(ktypestr), request->nktypes, request->ktype); - if (!errcode) - rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply); - else - rep_etypestr[0] = 0; - - unparse_and_limit(ctx, cprinc, &cname); - logcname = (cname != NULL) ? cname : "<unknown client>"; - unparse_and_limit(ctx, sprinc, &sname); - logsname = (sname != NULL) ? sname : "<unknown server>"; - unparse_and_limit(ctx, altcprinc, &altcname); - logaltcname = (altcname != NULL) ? altcname : "<unknown>"; - - /* Differences: server-nomatch message logs 2nd ticket's client - name (useful), and doesn't log ktypestr (probably not - important). */ - if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) { - krb5_klog_syslog(LOG_INFO, _("TGS_REQ (%s) %s: %s: authtime %d, %s%s " - "%s for %s%s%s"), - ktypestr, fromstring, status, authtime, rep_etypestr, - !errcode ? "," : "", logcname, logsname, - errcode ? ", " : "", errcode ? emsg : ""); - if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) - krb5_klog_syslog(LOG_INFO, - _("... PROTOCOL-TRANSITION s4u-client=%s"), - logaltcname); - else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) - krb5_klog_syslog(LOG_INFO, - _("... CONSTRAINED-DELEGATION s4u-client=%s"), - logaltcname); - - } else - krb5_klog_syslog(LOG_INFO, _("TGS_REQ %s: %s: authtime %d, %s for %s, " - "2nd tkt client %s"), - fromstring, status, authtime, - logcname, logsname, logaltcname); - - /* OpenSolaris: audit_krb5kdc_tgs_req(...) or - audit_krb5kdc_tgs_req_2ndtktmm(...) */ - - krb5_free_unparsed_name(ctx, cname); - krb5_free_unparsed_name(ctx, sname); - krb5_free_unparsed_name(ctx, altcname); -} - -void -log_tgs_badtrans(krb5_context ctx, krb5_principal cprinc, - krb5_principal sprinc, krb5_data *trcont, - krb5_error_code errcode) -{ - unsigned int tlen; - char *tdots; - const char *emsg = NULL; - char *cname = NULL, *sname = NULL; - char *logcname = NULL, *logsname = NULL; - - unparse_and_limit(ctx, cprinc, &cname); - logcname = (cname != NULL) ? cname : "<unknown client>"; - unparse_and_limit(ctx, sprinc, &sname); - logsname = (sname != NULL) ? sname : "<unknown server>"; - - tlen = trcont->length; - tdots = tlen > 125 ? "..." : ""; - tlen = tlen > 125 ? 125 : tlen; - - if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT) - krb5_klog_syslog(LOG_INFO, _("bad realm transit path from '%s' " - "to '%s' via '%.*s%s'"), - logcname, logsname, tlen, - trcont->data, tdots); - else { - emsg = krb5_get_error_message(ctx, errcode); - krb5_klog_syslog(LOG_ERR, _("unexpected error checking transit " - "from '%s' to '%s' via '%.*s%s': %s"), - logcname, logsname, tlen, - trcont->data, tdots, - emsg); - krb5_free_error_message(ctx, emsg); - emsg = NULL; - } - krb5_free_unparsed_name(ctx, cname); - krb5_free_unparsed_name(ctx, sname); -} - -void -log_tgs_alt_tgt(krb5_context context, krb5_principal p) -{ - char *sname; - if (krb5_unparse_name(context, p, &sname)) { - krb5_klog_syslog(LOG_INFO, - _("TGS_REQ: issuing alternate <un-unparseable> TGT")); - } else { - limit_string(sname); - krb5_klog_syslog(LOG_INFO, _("TGS_REQ: issuing TGT %s"), sname); - free(sname); - } - /* OpenSolaris: audit_krb5kdc_tgs_req_alt_tgt(...) */ -} - krb5_boolean enctype_requires_etype_info_2(krb5_enctype enctype) { |