diff options
author | rbasch <probe@tardis.internal.bright-prospects.com> | 2014-06-03 18:44:17 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2014-06-10 23:54:41 -0400 |
commit | f07516a9f65207b1fb2f9f07b1ec7d3caa51c6be (patch) | |
tree | 77b8040d28b8829058ac6760d81b27706c52f085 /src/lib/krb5/krb | |
parent | 41d38531043b99e8daa334f2b6ddf376adf1e878 (diff) | |
download | krb5-f07516a9f65207b1fb2f9f07b1ec7d3caa51c6be.tar.gz krb5-f07516a9f65207b1fb2f9f07b1ec7d3caa51c6be.tar.xz krb5-f07516a9f65207b1fb2f9f07b1ec7d3caa51c6be.zip |
In KDC, log client principal in bad header ticket
Fix KDC logging to include client principal in TGS_REQ logging even
during error conditions such as "Ticket expired". As long as the
TGS_REQ can be decrypted and the client principal is available, it
should be included in the log, regardless of other errors which might
be detected.
krb5_rd_req_decoded and krb5_rd_req_decoded_anyflag (not public
interfaces) now leave the decrypted ticket in req->ticket->enc_part2
on success or failure, if the ticket was successfully decrypted. This
does not affect the behavior of krb5_rd_req.
[ghudson@mit.edu: removed extraneous change, added commit message
summary and description of internal API change, fixed possible memory
leak, removed comment and #if 0 code block of purely historical
interest]
ticket: 7910
Diffstat (limited to 'src/lib/krb5/krb')
-rw-r--r-- | src/lib/krb5/krb/rd_req_dec.c | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index fbfe36eb0..df5ba7a35 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -791,13 +791,6 @@ cleanup: if (permitted_etypes != NULL && permitted_etypes != (*auth_context)->permitted_etypes) free(permitted_etypes); - if (retval) { - /* only free if we're erroring out...otherwise some - applications will need the output. */ - if (req->ticket->enc_part2) - krb5_free_enc_tkt_part(context, req->ticket->enc_part2); - req->ticket->enc_part2 = NULL; - } if (check_valid_flag) krb5_free_keyblock_contents(context, &decrypt_key); |