krb5_pa_data ***e_data);
void krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+ const krb5_address *local_addr,
const krb5_address *remote_addr,
krb5_db_entry *client, krb5_db_entry *server,
krb5_timestamp authtime, krb5_error_code error_code);
* AS request.
*/
void (*audit_as_req)(krb5_context kcontext, krb5_kdc_req *request,
+ const krb5_address *local_addr,
const krb5_address *remote_addr,
krb5_db_entry *client, krb5_db_entry *server,
krb5_timestamp authtime, krb5_error_code error_code);
*/
state->active_realm = setup_server_realm(handle, as_req->server);
if (state->active_realm != NULL) {
- process_as_req(as_req, pkt, remote_addr, state->active_realm,
- vctx, finish_dispatch_cache, state);
+ process_as_req(as_req, pkt, local_addr, remote_addr,
+ state->active_realm, vctx,
+ finish_dispatch_cache, state);
return;
} else {
retval = KRB5KDC_ERR_WRONG_REALM;
struct kdc_request_state *rstate;
char *sname, *cname;
void *pa_context;
+ const krb5_fulladdr *local_addr;
const krb5_fulladdr *remote_addr;
krb5_data **auth_indicators;
state->reply.enc_part.ciphertext.length);
free(state->reply.enc_part.ciphertext.data);
- log_as_req(kdc_context, state->remote_addr, state->request, &state->reply,
- state->client, state->cname, state->server,
- state->sname, state->authtime, 0, 0, 0);
+ log_as_req(kdc_context, state->local_addr, state->remote_addr,
+ state->request, &state->reply, state->client, state->cname,
+ state->server, state->sname, state->authtime, 0, 0, 0);
did_log = 1;
egress:
emsg = krb5_get_error_message(kdc_context, errcode);
if (state->status) {
- log_as_req(kdc_context, state->remote_addr, state->request,
- &state->reply, state->client, state->cname, state->server,
- state->sname, state->authtime, state->status, errcode,
- emsg);
+ log_as_req(kdc_context, state->local_addr, state->remote_addr,
+ state->request, &state->reply, state->client,
+ state->cname, state->server, state->sname, state->authtime,
+ state->status, errcode, emsg);
did_log = 1;
}
if (errcode) {
/*ARGSUSED*/
void
process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+ const krb5_fulladdr *local_addr,
const krb5_fulladdr *remote_addr, kdc_realm_t *kdc_active_realm,
verto_ctx *vctx, loop_respond_fn respond, void *arg)
{
state->arg = arg;
state->request = request;
state->req_pkt = req_pkt;
+ state->local_addr = local_addr;
state->remote_addr = remote_addr;
state->active_realm = kdc_active_realm;
/* Someday, pass local address/port as well. */
/* Currently no info about name canonicalization is logged. */
void
-log_as_req(krb5_context context, const krb5_fulladdr *remote_addr,
+log_as_req(krb5_context context,
+ const krb5_fulladdr *local_addr,
+ const krb5_fulladdr *remote_addr,
krb5_kdc_req *request, krb5_kdc_rep *reply,
krb5_db_entry *client, const char *cname,
krb5_db_entry *server, const char *sname,
ktypestr, fromstring, status,
cname2, sname2, emsg ? ", " : "", emsg ? emsg : "");
}
- krb5_db_audit_as_req(context, request, remote_addr->address, client,
- server, authtime, errcode);
+ krb5_db_audit_as_req(context, request,
+ local_addr->address, remote_addr->address,
+ client, server, authtime, errcode);
#if 0
/* Sun (OpenSolaris) version would probably something like this.
The client and server names passed can be null, unlike in the
/* do_as_req.c */
void
process_as_req (krb5_kdc_req *, krb5_data *,
- const krb5_fulladdr *, kdc_realm_t *,
+ const krb5_fulladdr *, const krb5_fulladdr *, kdc_realm_t *,
verto_ctx *, loop_respond_fn, void *);
/* do_tgs_req.c */
krb5_db_entry *server, krb5_enc_tkt_part *tkt);
void
-log_as_req(krb5_context context, const krb5_fulladdr *remote_addr,
+log_as_req(krb5_context context,
+ const krb5_fulladdr *local_addr,
+ const krb5_fulladdr *remote_addr,
krb5_kdc_req *request, krb5_kdc_rep *reply,
krb5_db_entry *client, const char *cname,
krb5_db_entry *server, const char *sname,
void
krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+ const krb5_address *local_addr,
const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code)
status = get_vftabl(kcontext, &v);
if (status || v->audit_as_req == NULL)
return;
- v->audit_as_req(kcontext, request, remote_addr, client, server, authtime,
- error_code);
+ v->audit_as_req(kcontext, request, local_addr, remote_addr,
+ client, server, authtime, error_code);
}
void
WRAP_VOID (krb5_db2_audit_as_req,
(krb5_context kcontext, krb5_kdc_req *request,
+ const krb5_address *local_addr,
const krb5_address *remote_addr,
krb5_db_entry *client, krb5_db_entry *server,
krb5_timestamp authtime, krb5_error_code error_code),
- (kcontext, request, remote_addr, client, server,
+ (kcontext, request, local_addr, remote_addr, client, server,
authtime, error_code));
static krb5_error_code
void
krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+ const krb5_address *local_addr,
const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code)
void
krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+ const krb5_address *local_addr,
const krb5_address *remote_addr,
krb5_db_entry *client, krb5_db_entry *server,
krb5_timestamp authtime,
void
krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+ const krb5_address *local_addr,
const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code)
void
krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+ const krb5_address *local_addr,
const krb5_address *remote_addr, krb5_db_entry *client,
krb5_db_entry *server, krb5_timestamp authtime,
krb5_error_code error_code);
static void
sim_preauth(krb5_timestamp authtime, krb5_boolean ok, krb5_db_entry **entp)
{
- /* Both back ends ignore the request and from parameters for now. */
- krb5_db_audit_as_req(ctx, NULL, NULL, *entp, *entp, authtime,
+ /* Both back ends ignore the request, local_addr, and remote_addr
+ * parameters for now. */
+ krb5_db_audit_as_req(ctx, NULL, NULL, NULL, *entp, *entp, authtime,
ok ? 0 : KRB5KDC_ERR_PREAUTH_FAILED);
krb5_db_free_principal(ctx, *entp);
CHECK(krb5_db_get_principal(ctx, &sample_princ, 0, entp));
projects / thirdparty / krb5.git / commitdiff
