diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/ChangeLog | 17 | ||||
| -rw-r--r-- | src/kdc/do_as_req.c | 18 | ||||
| -rw-r--r-- | src/kdc/do_tgs_req.c | 27 | ||||
| -rw-r--r-- | src/kdc/kdc_util.c | 66 | ||||
| -rw-r--r-- | src/kdc/kdc_util.h | 6 |
5 files changed, 124 insertions, 10 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index ba26255d6..deaa01523 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,20 @@ +2001-06-19 Tom Yu <tlyu@mit.edu> + + * kdc_util.c (ktypes2str): New function; construct a string + containing a list of enctypes, given a number and list of + enctypes. + (rep_etypes2str): New function; construct a string indicating all + three enctypes associated with a KDC reply. + + * kdc_util.h: Add prototypes for ktypes2str() and + rep_etypes2str(). + + * do_as_req.c (process_as_req): Call ktypes2str() and + rep_etypes2str() as appropriate. + + * do_tgs_req.c (process_tgs_req): Call ktypes2str() and + rep_etypes2str() as appropriate. + 2001-06-18 Ezra Peisach <epeisach@mit.edu> * network.c (setup_network): Cast argument to isspace() to int. diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index d3ce8d147..32263d541 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -78,12 +78,17 @@ krb5_data **response; /* filled in with a response packet */ register int i; krb5_timestamp until, rtime; char *cname = 0, *sname = 0, *fromstring = 0; + char ktypestr[128]; + char rep_etypestr[128]; ticket_reply.enc_part.ciphertext.data = 0; e_data.data = 0; encrypting_key.contents = 0; session_key.contents = 0; + ktypes2str(ktypestr, sizeof(ktypestr), + request->nktypes, request->ktype); + #ifdef HAVE_NETINET_IN_H if (from->address->addrtype == ADDRTYPE_INET) fromstring = (char *) inet_ntoa(*(struct in_addr *)from->address->contents); @@ -409,8 +414,14 @@ krb5_data **response; /* filled in with a response packet */ memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length); free(reply.enc_part.ciphertext.data); - krb5_klog_syslog(LOG_INFO, "AS_REQ %s(%d): ISSUE: authtime %d, %s for %s", - fromstring, portnum, authtime, cname, sname); + rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply); + krb5_klog_syslog(LOG_INFO, + "AS_REQ (%s) %s(%d): ISSUE: authtime %d, " + "%s, %s for %s", + ktypestr, + fromstring, portnum, authtime, + rep_etypestr, + cname, sname); #ifdef KRBCONF_KDC_MODIFIES_KDB /* @@ -423,7 +434,8 @@ krb5_data **response; /* filled in with a response packet */ errout: if (status) - krb5_klog_syslog(LOG_INFO, "AS_REQ %s(%d): %s: %s for %s%s%s", + krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s(%d): %s: %s for %s%s%s", + ktypestr, fromstring, portnum, status, cname ? cname : "<unknown client>", sname ? sname : "<unknown server>", diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index a6c0e5eb2..202284cbd 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -85,6 +85,8 @@ krb5_data **response; /* filled in with a response packet */ register int i; int firstpass = 1; const char *status = 0; + char ktypestr[128]; + char rep_etypestr[128]; session_key.contents = 0; @@ -92,6 +94,8 @@ krb5_data **response; /* filled in with a response packet */ if (retval) return retval; + ktypes2str(ktypestr, sizeof(ktypestr), + request->nktypes, request->ktype); /* * setup_server_realm() sets up the global realm-specific data pointer. */ @@ -614,13 +618,22 @@ tgt_again: free(reply.enc_part.ciphertext.data); cleanup: - if (status) - krb5_klog_syslog(LOG_INFO, "TGS_REQ %s(%d): %s: authtime %d, %s for %s%s%s", - fromstring, portnum, status, authtime, - cname ? cname : "<unknown client>", - sname ? sname : "<unknown server>", - errcode ? ", " : "", - errcode ? error_message(errcode) : ""); + if (status) { + if (!errcode) + rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply); + krb5_klog_syslog(LOG_INFO, + "TGS_REQ (%s) %s(%d): %s: authtime %d, " + "%s%s %s for %s%s%s", + ktypestr, + fromstring, portnum, status, authtime, + !errcode ? rep_etypestr : "", + !errcode ? "," : "", + cname ? cname : "<unknown client>", + sname ? sname : "<unknown server>", + errcode ? ", " : "", + errcode ? error_message(errcode) : ""); + } + if (errcode) { errcode -= ERROR_TABLE_BASE_krb5; if (errcode < 0 || errcode > 128) diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 6d25764ec..f1bf94346 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -31,6 +31,7 @@ #include "kdc_util.h" #include "extern.h" #include <stdio.h> +#include <ctype.h> #include <syslog.h> #include "adm.h" #include "adm_proto.h" @@ -1537,3 +1538,68 @@ void limit_string(char *name) name[i] = '\0'; return; } + +/* + * L10_256 = log10(256**x), rounded up. + */ +#define L10_256(x) ((int)((x) * 2.41 + 0.5)) + +void +ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype) +{ + int i; + char stmp[L10_256(sizeof(krb5_enctype)) + 3]; + + if (nktypes < 0 + || len < sizeof(" etypes {}") + L10_256(sizeof(krb5_enctype))) + return; + + sprintf(s, "%d etypes {", nktypes); + for (i = 0; i < nktypes; i++) { + sprintf(stmp, "%s%d", i ? " " : "", ktype[i]); + if (strlen(s) + strlen(stmp) + 2 > len) + break; + strcat(s, stmp); + } + if (i < nktypes) { + /* + * We broke out of the loop. Try to truncate the list. + */ + for (i = strlen(s); i > 0; i--) { + if (!isdigit((int)s[i]) && len - i > sizeof("...}")) { + s[i] = '\0'; + strcat(s, "..."); + break; + } + } + } + strcat(s, "}"); + return; +} + +void +rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep) +{ + char stmp[sizeof("skey=") + L10_256(sizeof(krb5_enctype)) + 1]; + + if (len < (3 * (L10_256(sizeof(krb5_enctype)) + 3) + + sizeof("etypes {rep= tkt= skey=}"))) + return; + + sprintf(s, "etypes {rep=%ld", (long)rep->enc_part.enctype); + + if (rep->ticket != NULL) { + sprintf(stmp, " tkt=%ld", (long)rep->ticket->enc_part.enctype); + strcat(s, stmp); + } + + if (rep->ticket != NULL + && rep->ticket->enc_part2 != NULL + && rep->ticket->enc_part2->session != NULL) { + sprintf(stmp, " skey=%ld", + (long)rep->ticket->enc_part2->session->enctype); + strcat(s, stmp); + } + strcat(s, "}"); + return; +} diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index a80073b2c..0877d7f70 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -98,6 +98,12 @@ get_salt_from_key (krb5_context, krb5_principal, void limit_string (char *name); +void +ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype); + +void +rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep); + /* do_as_req.c */ krb5_error_code process_as_req (krb5_kdc_req *, const krb5_fulladdr *, |