+2001-06-19 Tom Yu <tlyu@mit.edu>
+
+ * kdc_util.c (ktypes2str): New function; construct a string
+ containing a list of enctypes, given a number and list of
+ enctypes.
+ (rep_etypes2str): New function; construct a string indicating all
+ three enctypes associated with a KDC reply.
+
+ * kdc_util.h: Add prototypes for ktypes2str() and
+ rep_etypes2str().
+
+ * do_as_req.c (process_as_req): Call ktypes2str() and
+ rep_etypes2str() as appropriate.
+
+ * do_tgs_req.c (process_tgs_req): Call ktypes2str() and
+ rep_etypes2str() as appropriate.
+
2001-06-18 Ezra Peisach <epeisach@mit.edu>
* network.c (setup_network): Cast argument to isspace() to int.
register int i;
krb5_timestamp until, rtime;
char *cname = 0, *sname = 0, *fromstring = 0;
+ char ktypestr[128];
+ char rep_etypestr[128];
ticket_reply.enc_part.ciphertext.data = 0;
e_data.data = 0;
encrypting_key.contents = 0;
session_key.contents = 0;
+ ktypes2str(ktypestr, sizeof(ktypestr),
+ request->nktypes, request->ktype);
+
#ifdef HAVE_NETINET_IN_H
if (from->address->addrtype == ADDRTYPE_INET)
fromstring = (char *) inet_ntoa(*(struct in_addr *)from->address->contents);
memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
free(reply.enc_part.ciphertext.data);
- krb5_klog_syslog(LOG_INFO, "AS_REQ %s(%d): ISSUE: authtime %d, %s for %s",
- fromstring, portnum, authtime, cname, sname);
+ rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply);
+ krb5_klog_syslog(LOG_INFO,
+ "AS_REQ (%s) %s(%d): ISSUE: authtime %d, "
+ "%s, %s for %s",
+ ktypestr,
+ fromstring, portnum, authtime,
+ rep_etypestr,
+ cname, sname);
#ifdef KRBCONF_KDC_MODIFIES_KDB
/*
errout:
if (status)
- krb5_klog_syslog(LOG_INFO, "AS_REQ %s(%d): %s: %s for %s%s%s",
+ krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s(%d): %s: %s for %s%s%s",
+ ktypestr,
fromstring, portnum, status,
cname ? cname : "<unknown client>",
sname ? sname : "<unknown server>",
register int i;
int firstpass = 1;
const char *status = 0;
+ char ktypestr[128];
+ char rep_etypestr[128];
session_key.contents = 0;
if (retval)
return retval;
+ ktypes2str(ktypestr, sizeof(ktypestr),
+ request->nktypes, request->ktype);
/*
* setup_server_realm() sets up the global realm-specific data pointer.
*/
free(reply.enc_part.ciphertext.data);
cleanup:
- if (status)
- krb5_klog_syslog(LOG_INFO, "TGS_REQ %s(%d): %s: authtime %d, %s for %s%s%s",
- fromstring, portnum, status, authtime,
- cname ? cname : "<unknown client>",
- sname ? sname : "<unknown server>",
- errcode ? ", " : "",
- errcode ? error_message(errcode) : "");
+ if (status) {
+ if (!errcode)
+ rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply);
+ krb5_klog_syslog(LOG_INFO,
+ "TGS_REQ (%s) %s(%d): %s: authtime %d, "
+ "%s%s %s for %s%s%s",
+ ktypestr,
+ fromstring, portnum, status, authtime,
+ !errcode ? rep_etypestr : "",
+ !errcode ? "," : "",
+ cname ? cname : "<unknown client>",
+ sname ? sname : "<unknown server>",
+ errcode ? ", " : "",
+ errcode ? error_message(errcode) : "");
+ }
+
if (errcode) {
errcode -= ERROR_TABLE_BASE_krb5;
if (errcode < 0 || errcode > 128)
#include "kdc_util.h"
#include "extern.h"
#include <stdio.h>
+#include <ctype.h>
#include <syslog.h>
#include "adm.h"
#include "adm_proto.h"
name[i] = '\0';
return;
}
+
+/*
+ * L10_256 = log10(256**x), rounded up.
+ */
+#define L10_256(x) ((int)((x) * 2.41 + 0.5))
+
+void
+ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype)
+{
+ int i;
+ char stmp[L10_256(sizeof(krb5_enctype)) + 3];
+
+ if (nktypes < 0
+ || len < sizeof(" etypes {}") + L10_256(sizeof(krb5_enctype)))
+ return;
+
+ sprintf(s, "%d etypes {", nktypes);
+ for (i = 0; i < nktypes; i++) {
+ sprintf(stmp, "%s%d", i ? " " : "", ktype[i]);
+ if (strlen(s) + strlen(stmp) + 2 > len)
+ break;
+ strcat(s, stmp);
+ }
+ if (i < nktypes) {
+ /*
+ * We broke out of the loop. Try to truncate the list.
+ */
+ for (i = strlen(s); i > 0; i--) {
+ if (!isdigit((int)s[i]) && len - i > sizeof("...}")) {
+ s[i] = '\0';
+ strcat(s, "...");
+ break;
+ }
+ }
+ }
+ strcat(s, "}");
+ return;
+}
+
+void
+rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep)
+{
+ char stmp[sizeof("skey=") + L10_256(sizeof(krb5_enctype)) + 1];
+
+ if (len < (3 * (L10_256(sizeof(krb5_enctype)) + 3)
+ + sizeof("etypes {rep= tkt= skey=}")))
+ return;
+
+ sprintf(s, "etypes {rep=%ld", (long)rep->enc_part.enctype);
+
+ if (rep->ticket != NULL) {
+ sprintf(stmp, " tkt=%ld", (long)rep->ticket->enc_part.enctype);
+ strcat(s, stmp);
+ }
+
+ if (rep->ticket != NULL
+ && rep->ticket->enc_part2 != NULL
+ && rep->ticket->enc_part2->session != NULL) {
+ sprintf(stmp, " skey=%ld",
+ (long)rep->ticket->enc_part2->session->enctype);
+ strcat(s, stmp);
+ }
+ strcat(s, "}");
+ return;
+}
void limit_string (char *name);
+void
+ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype);
+
+void
+rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
+
/* do_as_req.c */
krb5_error_code process_as_req (krb5_kdc_req *,
const krb5_fulladdr *,
projects / thirdparty / krb5.git / commitdiff
