diff options
-rw-r--r-- | src/kdc/do_as_req.c | 26 | ||||
-rw-r--r-- | src/kdc/do_tgs_req.c | 16 | ||||
-rw-r--r-- | src/kdc/kdc_log.c | 14 |
3 files changed, 35 insertions, 21 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 95c3e23620..5057067bd5 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -279,7 +279,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode) errcode = krb5_encrypt_tkt_part(kdc_context, &state->server_keyblock, &state->ticket_reply); if (errcode) { - state->status = "ENCRYPTING_TICKET"; + state->status = "ENCRYPT_TICKET"; goto egress; } @@ -296,7 +296,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode) &state->reply, state->client_keyblock.enctype); if (errcode) { - state->status = "fast response handling"; + state->status = "MAKE_FAST_RESPONSE"; goto egress; } @@ -307,7 +307,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode) errcode = kdc_fast_handle_reply_key(state->rstate, &state->client_keyblock, &as_encrypting_key); if (errcode) { - state->status = "generating reply key"; + state->status = "MAKE_FAST_REPLY_KEY"; goto egress; } errcode = return_enc_padata(kdc_context, state->req_pkt, state->request, @@ -508,7 +508,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, state->au_state = au_state; if (state->request->msg_type != KRB5_AS_REQ) { - state->status = "msg_type mismatch"; + state->status = "VALIDATE_MESSAGE_TYPE"; errcode = KRB5_BADMSGTYPE; goto errout; } @@ -519,13 +519,13 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, if (fetch_asn1_field((unsigned char *) req_pkt->data, 1, 4, &encoded_req_body) != 0) { errcode = ASN1_BAD_ID; - state->status = "Finding req_body"; + state->status = "FETCH_REQ_BODY"; goto errout; } errcode = kdc_find_fast(&state->request, &encoded_req_body, NULL, NULL, state->rstate, &state->inner_body); if (errcode) { - state->status = "error decoding FAST"; + state->status = "FIND_FAST"; goto errout; } if (state->inner_body == NULL) { @@ -533,7 +533,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, errcode = krb5_copy_data(kdc_context, &encoded_req_body, &state->inner_body); if (errcode) { - state->status = "storing req body"; + state->status = "COPY_REQ_BODY"; goto errout; } } @@ -550,7 +550,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, if ((errcode = krb5_unparse_name(kdc_context, state->request->client, &state->cname))) { - state->status = "UNPARSING_CLIENT"; + state->status = "UNPARSE_CLIENT"; goto errout; } limit_string(state->cname); @@ -563,7 +563,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, if ((errcode = krb5_unparse_name(kdc_context, state->request->server, &state->sname))) { - state->status = "UNPARSING_SERVER"; + state->status = "UNPARSE_SERVER"; goto errout; } limit_string(state->sname); @@ -669,7 +669,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, if ((errcode = krb5_c_make_random_key(kdc_context, useenctype, &state->session_key))) { - state->status = "RANDOM_KEY_FAILED"; + state->status = "MAKE_RANDOM_KEY"; goto errout; } @@ -753,8 +753,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, state->request->client, krb5_anonymous_principal())) { errcode = KRB5KDC_ERR_BADOPTION; - state->status = "Anonymous requested but anonymous " - "principal not used."; + /* Anonymous requested but anonymous principal not used.*/ + state->status = "VALIDATE_ANONYMOUS_PRINCIPAL"; goto errout; } setflag(state->enc_tkt_reply.flags, TKT_FLG_ANONYMOUS); @@ -763,7 +763,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, errcode = krb5_copy_principal(kdc_context, krb5_anonymous_principal(), &state->request->client); if (errcode) { - state->status = "Copying anonymous principal"; + state->status = "COPY_ANONYMOUS_PRINCIPAL"; goto errout; } state->enc_tkt_reply.client = state->request->client; diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 6bc4f15c0e..ef1aeed87a 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -209,7 +209,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, /* Reset sprinc because kdc_find_fast() can replace request. */ sprinc = request->server; if (errcode !=0) { - status = "kdc_find_fast"; + status = "FIND_FAST"; goto cleanup; } @@ -639,7 +639,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, /* assemble new transited field into allocated storage */ if (header_enc_tkt->transited.tr_type != KRB5_DOMAIN_X500_COMPRESS) { - status = "BAD_TRTYPE"; + status = "VALIDATE_TRANSIT_TYPE"; errcode = KRB5KDC_ERR_TRTYPE_NOSUPP; goto cleanup; } @@ -651,7 +651,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, header_ticket->server, enc_tkt_reply.client, request->server))) { - status = "ADD_TR_FAIL"; + status = "ADD_TO_TRANSITED_LIST"; goto cleanup; } newtransited = 1; @@ -722,7 +722,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, if (!isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) krb5_free_keyblock_contents(kdc_context, &encrypting_key); if (errcode) { - status = "TKT_ENCRYPT"; + status = "ENCRYPT_TICKET"; goto cleanup; } ticket_reply.enc_part.kvno = ticket_kvno; @@ -739,7 +739,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, &reply, &reply_encpart); if (errcode) { - status = "KDC_RETURN_S4U2SELF_PADATA"; + status = "MAKE_S4U2SELF_PADATA"; au_state->status = status; } kau_s4u2self(kdc_context, errcode ? FALSE : TRUE, au_state); @@ -779,13 +779,13 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, errcode = kdc_fast_response_handle_padata(state, request, &reply, subkey ? subkey->enctype : header_ticket->enc_part2->session->enctype); if (errcode !=0 ) { - status = "Preparing FAST padata"; + status = "MAKE_FAST_RESPONSE"; goto cleanup; } errcode =kdc_fast_handle_reply_key(state, subkey?subkey:header_ticket->enc_part2->session, &reply_key); if (errcode) { - status = "generating reply key"; + status = "MAKE_FAST_REPLY_KEY"; goto cleanup; } errcode = return_enc_padata(kdc_context, pkt, request, @@ -1066,7 +1066,7 @@ gen_session_key(kdc_realm_t *kdc_active_realm, krb5_kdc_req *req, retval = krb5_c_make_random_key(kdc_context, useenctype, skey); if (retval != 0) { /* random key failed */ - *status = "RANDOM_KEY_FAILED"; + *status = "MAKE_RANDOM_KEY"; goto cleanup; } cleanup: diff --git a/src/kdc/kdc_log.c b/src/kdc/kdc_log.c index b1555b1e95..94a2a1c87c 100644 --- a/src/kdc/kdc_log.c +++ b/src/kdc/kdc_log.c @@ -29,6 +29,20 @@ #include <syslog.h> #include "adm_proto.h" +/* + * A note on KDC-status string format. + * + * - All letters in the status string should be capitalized; + * - the words in the status phrase are separated by underscores; + * - abbreviations should be avoided. Some acceptable "standard" acronyms + * are AS_REQ, TGS_REP etc. + * - since in almost all cases KDC status string is set on error, no need + * to state this fact as part of the status string; + * - KDC status string should be an imperative phrase. + * + * Example: "MAKE_RANDOM_KEY" + */ + /* Main logging routines for ticket requests. There are a few simple cases -- unparseable requests mainly -- |