git.ipfire.org Git - thirdparty/krb5.git/commit

author	rbasch <probe@tardis.internal.bright-prospects.com>
	Tue, 3 Jun 2014 22:44:17 +0000 (18:44 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Wed, 11 Jun 2014 03:54:41 +0000 (23:54 -0400)
commit	f07516a9f65207b1fb2f9f07b1ec7d3caa51c6be
tree	77b8040d28b8829058ac6760d81b27706c52f085	tree
parent	41d38531043b99e8daa334f2b6ddf376adf1e878	commit \| diff

In KDC, log client principal in bad header ticket

Fix KDC logging to include client principal in TGS_REQ logging even
during error conditions such as "Ticket expired". As long as the
TGS_REQ can be decrypted and the client principal is available, it
should be included in the log, regardless of other errors which might
be detected.

krb5_rd_req_decoded and krb5_rd_req_decoded_anyflag (not public
interfaces) now leave the decrypted ticket in req->ticket->enc_part2
on success or failure, if the ticket was successfully decrypted. This
does not affect the behavior of krb5_rd_req.

[ghudson@mit.edu: removed extraneous change, added commit message
summary and description of internal API change, fixed possible memory
leak, removed comment and #if 0 code block of purely historical
interest]

ticket: 7910

src/kdc/kdc_util.c		diff \| blob \| blame \| history
src/lib/krb5/krb/rd_req_dec.c		diff \| blob \| blame \| history