summaryrefslogtreecommitdiffstats
path: root/src/kdc/kdc_util.c
diff options
context:
space:
mode:
authorZhanna Tsitkov <tsitkova@mit.edu>2013-12-20 19:18:57 -0500
committerZhanna Tsitkov <tsitkova@mit.edu>2013-12-20 19:23:32 -0500
commitcf035ea27f98f351cc87d3c3b829f3604002f119 (patch)
treef8c5781ec08fe894c2378dd56e1d2cd0067030e6 /src/kdc/kdc_util.c
parent28633f186a943721b6948875ca85a4a34bc87da4 (diff)
downloadkrb5-cf035ea27f98f351cc87d3c3b829f3604002f119.tar.gz
krb5-cf035ea27f98f351cc87d3c3b829f3604002f119.tar.xz
krb5-cf035ea27f98f351cc87d3c3b829f3604002f119.zip
Move kdc log routines into a separate file
Their previous location - kdc_util.c - seems to be overloaded with various helper functions. No code changes.
Diffstat (limited to 'src/kdc/kdc_util.c')
-rw-r--r--src/kdc/kdc_util.c196
1 files changed, 0 insertions, 196 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 5409078a44..93a51d50af 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1604,202 +1604,6 @@ validate_transit_path(krb5_context context,
return 0;
}
-
-/* Main logging routines for ticket requests.
-
- There are a few simple cases -- unparseable requests mainly --
- where messages are logged otherwise, but once a ticket request can
- be decoded in some basic way, these routines are used for logging
- the details. */
-
-/* "status" is null to indicate success. */
-/* Someday, pass local address/port as well. */
-/* Currently no info about name canonicalization is logged. */
-void
-log_as_req(krb5_context context, const krb5_fulladdr *from,
- krb5_kdc_req *request, krb5_kdc_rep *reply,
- krb5_db_entry *client, const char *cname,
- krb5_db_entry *server, const char *sname,
- krb5_timestamp authtime,
- const char *status, krb5_error_code errcode, const char *emsg)
-{
- const char *fromstring = 0;
- char fromstringbuf[70];
- char ktypestr[128];
- const char *cname2 = cname ? cname : "<unknown client>";
- const char *sname2 = sname ? sname : "<unknown server>";
-
- fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype),
- from->address->contents,
- fromstringbuf, sizeof(fromstringbuf));
- if (!fromstring)
- fromstring = "<unknown>";
- ktypes2str(ktypestr, sizeof(ktypestr),
- request->nktypes, request->ktype);
-
- if (status == NULL) {
- /* success */
- char rep_etypestr[128];
- rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
- krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: ISSUE: authtime %d, %s, "
- "%s for %s"),
- ktypestr, fromstring, authtime,
- rep_etypestr, cname2, sname2);
- } else {
- /* fail */
- krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: %s: %s for %s%s%s"),
- ktypestr, fromstring, status,
- cname2, sname2, emsg ? ", " : "", emsg ? emsg : "");
- }
- krb5_db_audit_as_req(context, request, client, server, authtime,
- errcode);
-#if 0
- /* Sun (OpenSolaris) version would probably something like this.
- The client and server names passed can be null, unlike in the
- logging routines used above. Note that a struct in_addr is
- used, but the real address could be an IPv6 address. */
- audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0,
- cname, sname, errcode);
-#endif
-}
-
-/*
- * Unparse a principal for logging purposes and limit the string length.
- * Ignore errors because the most likely errors are memory exhaustion, and many
- * other things will fail in the logging functions in that case.
- */
-static void
-unparse_and_limit(krb5_context ctx, krb5_principal princ, char **str)
-{
- /* Ignore errors */
- krb5_unparse_name(ctx, princ, str);
- limit_string(*str);
-}
-
-/* Here "status" must be non-null. Error code
- KRB5KDC_ERR_SERVER_NOMATCH is handled specially.
-
- Currently no info about name canonicalization is logged. */
-void
-log_tgs_req(krb5_context ctx, const krb5_fulladdr *from,
- krb5_kdc_req *request, krb5_kdc_rep *reply,
- krb5_principal cprinc, krb5_principal sprinc,
- krb5_principal altcprinc,
- krb5_timestamp authtime,
- unsigned int c_flags,
- const char *status, krb5_error_code errcode, const char *emsg)
-{
- char ktypestr[128];
- const char *fromstring = 0;
- char fromstringbuf[70];
- char rep_etypestr[128];
- char *cname = NULL, *sname = NULL, *altcname = NULL;
- char *logcname = NULL, *logsname = NULL, *logaltcname = NULL;
-
- fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype),
- from->address->contents,
- fromstringbuf, sizeof(fromstringbuf));
- if (!fromstring)
- fromstring = "<unknown>";
- ktypes2str(ktypestr, sizeof(ktypestr), request->nktypes, request->ktype);
- if (!errcode)
- rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
- else
- rep_etypestr[0] = 0;
-
- unparse_and_limit(ctx, cprinc, &cname);
- logcname = (cname != NULL) ? cname : "<unknown client>";
- unparse_and_limit(ctx, sprinc, &sname);
- logsname = (sname != NULL) ? sname : "<unknown server>";
- unparse_and_limit(ctx, altcprinc, &altcname);
- logaltcname = (altcname != NULL) ? altcname : "<unknown>";
-
- /* Differences: server-nomatch message logs 2nd ticket's client
- name (useful), and doesn't log ktypestr (probably not
- important). */
- if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) {
- krb5_klog_syslog(LOG_INFO, _("TGS_REQ (%s) %s: %s: authtime %d, %s%s "
- "%s for %s%s%s"),
- ktypestr, fromstring, status, authtime, rep_etypestr,
- !errcode ? "," : "", logcname, logsname,
- errcode ? ", " : "", errcode ? emsg : "");
- if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION))
- krb5_klog_syslog(LOG_INFO,
- _("... PROTOCOL-TRANSITION s4u-client=%s"),
- logaltcname);
- else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
- krb5_klog_syslog(LOG_INFO,
- _("... CONSTRAINED-DELEGATION s4u-client=%s"),
- logaltcname);
-
- } else
- krb5_klog_syslog(LOG_INFO, _("TGS_REQ %s: %s: authtime %d, %s for %s, "
- "2nd tkt client %s"),
- fromstring, status, authtime,
- logcname, logsname, logaltcname);
-
- /* OpenSolaris: audit_krb5kdc_tgs_req(...) or
- audit_krb5kdc_tgs_req_2ndtktmm(...) */
-
- krb5_free_unparsed_name(ctx, cname);
- krb5_free_unparsed_name(ctx, sname);
- krb5_free_unparsed_name(ctx, altcname);
-}
-
-void
-log_tgs_badtrans(krb5_context ctx, krb5_principal cprinc,
- krb5_principal sprinc, krb5_data *trcont,
- krb5_error_code errcode)
-{
- unsigned int tlen;
- char *tdots;
- const char *emsg = NULL;
- char *cname = NULL, *sname = NULL;
- char *logcname = NULL, *logsname = NULL;
-
- unparse_and_limit(ctx, cprinc, &cname);
- logcname = (cname != NULL) ? cname : "<unknown client>";
- unparse_and_limit(ctx, sprinc, &sname);
- logsname = (sname != NULL) ? sname : "<unknown server>";
-
- tlen = trcont->length;
- tdots = tlen > 125 ? "..." : "";
- tlen = tlen > 125 ? 125 : tlen;
-
- if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT)
- krb5_klog_syslog(LOG_INFO, _("bad realm transit path from '%s' "
- "to '%s' via '%.*s%s'"),
- logcname, logsname, tlen,
- trcont->data, tdots);
- else {
- emsg = krb5_get_error_message(ctx, errcode);
- krb5_klog_syslog(LOG_ERR, _("unexpected error checking transit "
- "from '%s' to '%s' via '%.*s%s': %s"),
- logcname, logsname, tlen,
- trcont->data, tdots,
- emsg);
- krb5_free_error_message(ctx, emsg);
- emsg = NULL;
- }
- krb5_free_unparsed_name(ctx, cname);
- krb5_free_unparsed_name(ctx, sname);
-}
-
-void
-log_tgs_alt_tgt(krb5_context context, krb5_principal p)
-{
- char *sname;
- if (krb5_unparse_name(context, p, &sname)) {
- krb5_klog_syslog(LOG_INFO,
- _("TGS_REQ: issuing alternate <un-unparseable> TGT"));
- } else {
- limit_string(sname);
- krb5_klog_syslog(LOG_INFO, _("TGS_REQ: issuing TGT %s"), sname);
- free(sname);
- }
- /* OpenSolaris: audit_krb5kdc_tgs_req_alt_tgt(...) */
-}
-
krb5_boolean
enctype_requires_etype_info_2(krb5_enctype enctype)
{
generated by cgit (git 2.34.1) at 2024-09-24 08:53:27 +0000