summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/kdc/do_as_req.c26
-rw-r--r--src/kdc/do_tgs_req.c16
-rw-r--r--src/kdc/kdc_log.c14
3 files changed, 35 insertions, 21 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 95c3e23620..5057067bd5 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -279,7 +279,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
errcode = krb5_encrypt_tkt_part(kdc_context, &state->server_keyblock,
&state->ticket_reply);
if (errcode) {
- state->status = "ENCRYPTING_TICKET";
+ state->status = "ENCRYPT_TICKET";
goto egress;
}
@@ -296,7 +296,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
&state->reply,
state->client_keyblock.enctype);
if (errcode) {
- state->status = "fast response handling";
+ state->status = "MAKE_FAST_RESPONSE";
goto egress;
}
@@ -307,7 +307,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
errcode = kdc_fast_handle_reply_key(state->rstate, &state->client_keyblock,
&as_encrypting_key);
if (errcode) {
- state->status = "generating reply key";
+ state->status = "MAKE_FAST_REPLY_KEY";
goto egress;
}
errcode = return_enc_padata(kdc_context, state->req_pkt, state->request,
@@ -508,7 +508,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
state->au_state = au_state;
if (state->request->msg_type != KRB5_AS_REQ) {
- state->status = "msg_type mismatch";
+ state->status = "VALIDATE_MESSAGE_TYPE";
errcode = KRB5_BADMSGTYPE;
goto errout;
}
@@ -519,13 +519,13 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
if (fetch_asn1_field((unsigned char *) req_pkt->data,
1, 4, &encoded_req_body) != 0) {
errcode = ASN1_BAD_ID;
- state->status = "Finding req_body";
+ state->status = "FETCH_REQ_BODY";
goto errout;
}
errcode = kdc_find_fast(&state->request, &encoded_req_body, NULL, NULL,
state->rstate, &state->inner_body);
if (errcode) {
- state->status = "error decoding FAST";
+ state->status = "FIND_FAST";
goto errout;
}
if (state->inner_body == NULL) {
@@ -533,7 +533,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
errcode = krb5_copy_data(kdc_context, &encoded_req_body,
&state->inner_body);
if (errcode) {
- state->status = "storing req body";
+ state->status = "COPY_REQ_BODY";
goto errout;
}
}
@@ -550,7 +550,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
if ((errcode = krb5_unparse_name(kdc_context,
state->request->client,
&state->cname))) {
- state->status = "UNPARSING_CLIENT";
+ state->status = "UNPARSE_CLIENT";
goto errout;
}
limit_string(state->cname);
@@ -563,7 +563,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
if ((errcode = krb5_unparse_name(kdc_context,
state->request->server,
&state->sname))) {
- state->status = "UNPARSING_SERVER";
+ state->status = "UNPARSE_SERVER";
goto errout;
}
limit_string(state->sname);
@@ -669,7 +669,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
if ((errcode = krb5_c_make_random_key(kdc_context, useenctype,
&state->session_key))) {
- state->status = "RANDOM_KEY_FAILED";
+ state->status = "MAKE_RANDOM_KEY";
goto errout;
}
@@ -753,8 +753,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
state->request->client,
krb5_anonymous_principal())) {
errcode = KRB5KDC_ERR_BADOPTION;
- state->status = "Anonymous requested but anonymous "
- "principal not used.";
+ /* Anonymous requested but anonymous principal not used.*/
+ state->status = "VALIDATE_ANONYMOUS_PRINCIPAL";
goto errout;
}
setflag(state->enc_tkt_reply.flags, TKT_FLG_ANONYMOUS);
@@ -763,7 +763,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
errcode = krb5_copy_principal(kdc_context, krb5_anonymous_principal(),
&state->request->client);
if (errcode) {
- state->status = "Copying anonymous principal";
+ state->status = "COPY_ANONYMOUS_PRINCIPAL";
goto errout;
}
state->enc_tkt_reply.client = state->request->client;
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 6bc4f15c0e..ef1aeed87a 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -209,7 +209,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
/* Reset sprinc because kdc_find_fast() can replace request. */
sprinc = request->server;
if (errcode !=0) {
- status = "kdc_find_fast";
+ status = "FIND_FAST";
goto cleanup;
}
@@ -639,7 +639,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
/* assemble new transited field into allocated storage */
if (header_enc_tkt->transited.tr_type !=
KRB5_DOMAIN_X500_COMPRESS) {
- status = "BAD_TRTYPE";
+ status = "VALIDATE_TRANSIT_TYPE";
errcode = KRB5KDC_ERR_TRTYPE_NOSUPP;
goto cleanup;
}
@@ -651,7 +651,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
header_ticket->server,
enc_tkt_reply.client,
request->server))) {
- status = "ADD_TR_FAIL";
+ status = "ADD_TO_TRANSITED_LIST";
goto cleanup;
}
newtransited = 1;
@@ -722,7 +722,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
if (!isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY))
krb5_free_keyblock_contents(kdc_context, &encrypting_key);
if (errcode) {
- status = "TKT_ENCRYPT";
+ status = "ENCRYPT_TICKET";
goto cleanup;
}
ticket_reply.enc_part.kvno = ticket_kvno;
@@ -739,7 +739,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
&reply,
&reply_encpart);
if (errcode) {
- status = "KDC_RETURN_S4U2SELF_PADATA";
+ status = "MAKE_S4U2SELF_PADATA";
au_state->status = status;
}
kau_s4u2self(kdc_context, errcode ? FALSE : TRUE, au_state);
@@ -779,13 +779,13 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
errcode = kdc_fast_response_handle_padata(state, request, &reply,
subkey ? subkey->enctype : header_ticket->enc_part2->session->enctype);
if (errcode !=0 ) {
- status = "Preparing FAST padata";
+ status = "MAKE_FAST_RESPONSE";
goto cleanup;
}
errcode =kdc_fast_handle_reply_key(state,
subkey?subkey:header_ticket->enc_part2->session, &reply_key);
if (errcode) {
- status = "generating reply key";
+ status = "MAKE_FAST_REPLY_KEY";
goto cleanup;
}
errcode = return_enc_padata(kdc_context, pkt, request,
@@ -1066,7 +1066,7 @@ gen_session_key(kdc_realm_t *kdc_active_realm, krb5_kdc_req *req,
retval = krb5_c_make_random_key(kdc_context, useenctype, skey);
if (retval != 0) {
/* random key failed */
- *status = "RANDOM_KEY_FAILED";
+ *status = "MAKE_RANDOM_KEY";
goto cleanup;
}
cleanup:
diff --git a/src/kdc/kdc_log.c b/src/kdc/kdc_log.c
index b1555b1e95..94a2a1c87c 100644
--- a/src/kdc/kdc_log.c
+++ b/src/kdc/kdc_log.c
@@ -29,6 +29,20 @@
#include <syslog.h>
#include "adm_proto.h"
+/*
+ * A note on KDC-status string format.
+ *
+ * - All letters in the status string should be capitalized;
+ * - the words in the status phrase are separated by underscores;
+ * - abbreviations should be avoided. Some acceptable "standard" acronyms
+ * are AS_REQ, TGS_REP etc.
+ * - since in almost all cases KDC status string is set on error, no need
+ * to state this fact as part of the status string;
+ * - KDC status string should be an imperative phrase.
+ *
+ * Example: "MAKE_RANDOM_KEY"
+ */
+
/* Main logging routines for ticket requests.
There are a few simple cases -- unparseable requests mainly --
generated by cgit (git 2.34.1) at 2024-04-27 00:12:22 +0000