Modifications so that whether something came in on the secondary or

primary port is logged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2377 dc483132-0cff-0310-8789-dd5450dbe970
author: Theodore Tso <tytso@mit.edu> 1992-09-01 14:49:03 +0000
committer: Theodore Tso <tytso@mit.edu> 1992-09-01 14:49:03 +0000
commit: fc06bbb74b8bbefbd58ecc46b0f1b35f87b7f6c9 (patch)
tree: 674bfc3d631c8ad269e029ded35e576d678a0785 /src/kdc
parent: 287bf193b09b4aac0c2e39823e77a69cecda1f26 (diff)
download: krb5-fc06bbb74b8bbefbd58ecc46b0f1b35f87b7f6c9.tar.gz
krb5-fc06bbb74b8bbefbd58ecc46b0f1b35f87b7f6c9.tar.xz
krb5-fc06bbb74b8bbefbd58ecc46b0f1b35f87b7f6c9.zip
3 files changed, 38 insertions, 12 deletions
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index 9ed95c114..037443e3c 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -37,10 +37,11 @@ static char rcsid_dispatch_c[] =
 #include "kdc_util.h"
 
 krb5_error_code
-dispatch(pkt, from, response)
-krb5_data *pkt;
-const krb5_fulladdr *from;
-krb5_data **response;
+dispatch(pkt, from, is_secondary, response)
+    krb5_data *pkt;
+    const krb5_fulladdr *from;
+    int		is_secondary;
+    krb5_data **response;
 {
 
     krb5_error_code retval;
@@ -59,18 +60,18 @@ krb5_data **response;
 
     if (krb5_is_tgs_req(pkt)) {
 	if (!(retval = decode_krb5_tgs_req(pkt, &tgs_req))) {
-	    retval = process_tgs_req(tgs_req, from, response);
+	    retval = process_tgs_req(tgs_req, from, is_secondary, response);
 	    krb5_free_kdc_req(tgs_req);
 	}
     } else if (krb5_is_as_req(pkt)) {
 	if (!(retval = decode_krb5_as_req(pkt, &as_req))) {
-	    retval = process_as_req(as_req, from, response);
+	    retval = process_as_req(as_req, from, is_secondary, response);
 	    krb5_free_kdc_req(as_req);
 	}
     }
 #ifdef KRB4
     else if (pkt->data[0] == 4)		/* old version */
-	retval = process_v4(pkt, from, response);
+	retval = process_v4(pkt, from, is_secondary, response);
 #endif
     else
 	retval = KRB5KRB_AP_ERR_MSG_TYPE;
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index a9c7996fc..57fc8c17f 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -62,9 +62,10 @@ static krb5_error_code prepare_error_as PROTOTYPE((krb5_kdc_req *,
 
 /*ARGSUSED*/
 krb5_error_code
-process_as_req(request, from, response)
+process_as_req(request, from, is_secondary, response)
 register krb5_kdc_req *request;
 const krb5_fulladdr *from;		/* who sent it ? */
+int	is_secondary;
 krb5_data **response;			/* filled in with a response packet */
 {
 
@@ -110,7 +111,12 @@ krb5_data **response;			/* filled in with a response packet */
     if (!fromstring)
 	fromstring = "<unknown>";
 
-    syslog(LOG_INFO, "AS_REQ: host %s, %s for %s", fromstring, cname, sname);
+    if (is_secondary)
+	syslog(LOG_INFO, "AS_REQ; host %s, %s for %s", fromstring, cname,
+	       sname);
+    else
+	syslog(LOG_INFO, "AS_REQ: host %s, %s for %s", fromstring, cname,
+	       sname);
     free(cname);
     free(sname);
 
@@ -142,6 +148,11 @@ krb5_data **response;			/* filled in with a response packet */
 
 #define cleanup() {krb5_db_free_principal(&client, 1); krb5_db_free_principal(&server, 1); }
 
+    if (retval = check_kdb_flags_as(request, client, server)) {
+	cleanup();
+	return(prepare_error_as(request, retval, response));
+    }
+      
     if (retval = krb5_timeofday(&kdc_time)) {
 	cleanup();
 	return(retval);
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index eac018b50..8baef7927 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -62,9 +62,10 @@ static krb5_error_code prepare_error_tgs PROTOTYPE((krb5_kdc_req *,
 						    krb5_data **));
 /*ARGSUSED*/
 krb5_error_code
-process_tgs_req(request, from, response)
+process_tgs_req(request, from, is_secondary, response)
 krb5_kdc_req *request;
 const krb5_fulladdr *from;		/* who sent it ? */
+int	is_secondary;
 krb5_data **response;			/* filled in with a response packet */
 {
 
@@ -135,7 +136,12 @@ krb5_data **response;			/* filled in with a response packet */
 	return(retval);
     }
 
-    syslog(LOG_INFO, "TGS_REQ: host %s, %s for %s", fromstring, cname, sname);
+    if (is_secondary)
+	syslog(LOG_INFO, "TGS_REQ; host %s, %s for %s", fromstring, cname,
+	       sname);
+    else
+	syslog(LOG_INFO, "TGS_REQ: host %s, %s for %s", fromstring, cname,
+	       sname);
     free(cname);
     free(sname);
 
@@ -185,6 +191,15 @@ tgt_again:
 #define tkt_cleanup() {krb5_free_tkt_authent(req_authdat); }
 #define cleanup() { krb5_db_free_principal(&server, 1);}
 
+    if (retval = check_kdb_flags_tgs(request, server)) {
+	cleanup();
+	return(prepare_error_tgs(request,
+				 header_ticket,
+				 retval,
+				 fromstring,
+				 response));
+    }
+
     if (retval = krb5_timeofday(&kdc_time)) {
 	tkt_cleanup();
 	cleanup();
@@ -679,7 +694,6 @@ int *nprincs;
 	return;
 
     /* move to the end */
-    /* SUPPRESS 530 */
     for (pl2 = plist; *pl2; pl2++);
 
     /* the first entry in this array is for krbtgt/local@local, so we
author	Theodore Tso <tytso@mit.edu>	1992-09-01 14:49:03 +0000
committer	Theodore Tso <tytso@mit.edu>	1992-09-01 14:49:03 +0000
commit	fc06bbb74b8bbefbd58ecc46b0f1b35f87b7f6c9 (patch)
tree	674bfc3d631c8ad269e029ded35e576d678a0785 /src/kdc
parent	287bf193b09b4aac0c2e39823e77a69cecda1f26 (diff)
download	krb5-fc06bbb74b8bbefbd58ecc46b0f1b35f87b7f6c9.tar.gz krb5-fc06bbb74b8bbefbd58ecc46b0f1b35f87b7f6c9.tar.xz krb5-fc06bbb74b8bbefbd58ecc46b0f1b35f87b7f6c9.zip