From: Tom Yu <tlyu@mit.edu>
Date: Tue, 27 May 2003 21:15:19 +0000 (+0000)
Subject: 	* schpw.c (process_chpw_request): Log chpw requests
X-Git-Tag: krb5-1.4-beta1~917
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ffd671a977aeb822381b5987a2af7142ed49110a;p=krb5.git

	* schpw.c (process_chpw_request): Log chpw requests

ticket: 1519
tags: pullup
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15502 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog
index 8663e87e3..4a2e37d37 100644
--- a/src/kadmin/server/ChangeLog
+++ b/src/kadmin/server/ChangeLog
@@ -1,3 +1,7 @@
+2003-05-27  Tom Yu  <tlyu@mit.edu>
+
+	* schpw.c (process_chpw_request): Log chpw requests.
+
 2003-05-16  Ken Raeburn  <raeburn@mit.edu>
 
 	* schpw.c (process_chpw_request): Return KRB5_KPASSWD_BAD_VERSION
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index ff6e10f63..2a0fe9d87 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -1,7 +1,8 @@
 #define NEED_SOCKETS
 #include "k5-int.h"
 #include <kadm5/admin.h>
-
+#include <syslog.h>
+#include <krb5/adm_proto.h>	/* krb5_klog_syslog */
 #include <stdio.h>
 #include <errno.h>
 
@@ -39,6 +40,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
     krb5_error krberror;
     int numresult;
     char strresult[1024];
+    char *clientstr;
 
     ret = 0;
     rep->length = 0;
@@ -235,6 +237,12 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
 	goto chpwfail;
     }
 
+    ret = krb5_unparse_name(context, ticket->enc_part2->client, &clientstr);
+    if (ret) {
+	numresult = KRB5_KPASSWD_HARDERROR;
+	strcpy(strresult, "Failed unparsing client name for log");
+	goto chpwfail;
+    }
     /* change the password */
 
     ptr = (char *) malloc(clear.length+1);
@@ -251,6 +259,11 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
     free(ptr);
     clear.length = 0;
 
+    krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %s: %s",
+		     inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr),
+		     clientstr, ret ? error_message(ret) : "success");
+    krb5_free_unparsed_name(context, clientstr);
+
     if (ret) {
 	if ((ret != KADM5_PASS_Q_TOOSHORT) && 
 	    (ret != KADM5_PASS_REUSE) && (ret != KADM5_PASS_Q_CLASS) &&