* kdc/do_as_req.c
*
* Portions Copyright (C) 2007 Apple Inc.
- * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007,2008,2009 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
krb5_error_code errcode;
int c_nprincs = 0, s_nprincs = 0;
krb5_boolean more;
- krb5_timestamp kdc_time, authtime;
+ krb5_timestamp kdc_time, authtime = 0;
krb5_keyblock session_key;
const char *status;
krb5_key_data *server_key, *client_key;
memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
free(reply.enc_part.ciphertext.data);
- log_as_req(from, request, &reply, cname, sname, authtime, 0, 0, 0);
- did_log = 1;
-
#ifdef KRBCONF_KDC_MODIFIES_KDB
/*
* If we get this far, we successfully did the AS_REQ.
#endif /* KRBCONF_KDC_MODIFIES_KDB */
update_client = 1;
+ log_as_req(from, request, &reply, &client, cname, &server, sname,
+ authtime, 0, 0, 0);
+ did_log = 1;
+
goto egress;
errout:
/* fall through */
egress:
- if (update_client) {
- audit_as_request(request, &client, &server, authtime, errcode);
- }
-
if (pa_context)
free_padata_context(kdc_context, &pa_context);
emsg = krb5_get_error_message(kdc_context, errcode);
if (status) {
- log_as_req(from, request, &reply, cname, sname, 0,
+ log_as_req(from, request, &reply, &client, cname, &server, sname, 0,
status, errcode, emsg);
did_log = 1;
}
/*
* kdc/kdc_util.c
*
- * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007,2008,2009 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
return code;
}
-krb5_error_code
-audit_as_request(krb5_kdc_req *request,
- krb5_db_entry *client,
- krb5_db_entry *server,
- krb5_timestamp authtime,
- krb5_error_code errcode)
-{
- krb5_error_code code;
- kdb_audit_as_req req;
- krb5_data req_data;
- krb5_data rep_data;
-
- memset(&req, 0, sizeof(req));
-
- req.request = request;
- req.client = client;
- req.server = server;
- req.authtime = authtime;
- req.error_code = errcode;
-
- req_data.data = (void *)&req;
- req_data.length = sizeof(req);
-
- rep_data.data = NULL;
- rep_data.length = 0;
-
- code = krb5_db_invoke(kdc_context,
- KRB5_KDB_METHOD_AUDIT_AS,
- &req_data,
- &rep_data);
- if (code == KRB5_KDB_DBTYPE_NOSUP) {
- return 0;
- }
-
- assert(rep_data.length == 0);
-
- return code;
-}
-
-krb5_error_code
-audit_tgs_request(krb5_kdc_req *request,
- krb5_const_principal client,
- krb5_db_entry *server,
- krb5_timestamp authtime,
- krb5_error_code errcode)
-{
- krb5_error_code code;
- kdb_audit_tgs_req req;
- krb5_data req_data;
- krb5_data rep_data;
-
- memset(&req, 0, sizeof(req));
-
- req.request = request;
- req.client = client;
- req.server = server;
- req.authtime = authtime;
- req.error_code = errcode;
-
- req_data.data = (void *)&req;
- req_data.length = sizeof(req);
-
- rep_data.data = NULL;
- rep_data.length = 0;
-
- code = krb5_db_invoke(kdc_context,
- KRB5_KDB_METHOD_AUDIT_TGS,
- &req_data,
- &rep_data);
- if (code == KRB5_KDB_DBTYPE_NOSUP) {
- return 0;
- }
-
- assert(rep_data.length == 0);
-
- return code;
-}
-
krb5_error_code
validate_transit_path(krb5_context context,
krb5_const_principal client,
void
log_as_req(const krb5_fulladdr *from,
krb5_kdc_req *request, krb5_kdc_rep *reply,
- const char *cname, const char *sname,
+ krb5_db_entry *client, const char *cname,
+ krb5_db_entry *server, const char *sname,
krb5_timestamp authtime,
const char *status, krb5_error_code errcode, const char *emsg)
{
audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0,
cname, sname, errcode);
#endif
+#if 1
+ {
+ kdb_audit_as_req req;
+ krb5_data req_data;
+ krb5_data rep_data;
+
+ memset(&req, 0, sizeof(req));
+
+ req.request = request;
+ req.client = client;
+ req.server = server;
+ req.authtime = authtime;
+ req.error_code = errcode;
+
+ req_data.data = (void *)&req;
+ req_data.length = sizeof(req);
+
+ rep_data.data = NULL;
+ rep_data.length = 0;
+
+ (void) krb5_db_invoke(kdc_context,
+ KRB5_KDB_METHOD_AUDIT_AS,
+ &req_data,
+ &rep_data);
+ assert(rep_data.length == 0);
+ }
+#endif
}
/* Here "status" must be non-null. Error code