svn commit: lorikeet r400 - in trunk/heimdal/kdc: .
abartlet at samba.org
abartlet at samba.org
Tue Aug 9 00:22:29 GMT 2005
Author: abartlet
Date: 2005-08-09 00:22:28 +0000 (Tue, 09 Aug 2005)
New Revision: 400
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=400
Log:
Only spit out one error message per TGS authenticator failure.
Now to figure out why we are getting them...
Andrew Bartlett
Modified:
trunk/heimdal/kdc/kerberos5.c
Changeset:
Modified: trunk/heimdal/kdc/kerberos5.c
===================================================================
--- trunk/heimdal/kdc/kerberos5.c 2005-08-08 20:26:35 UTC (rev 399)
+++ trunk/heimdal/kdc/kerberos5.c 2005-08-09 00:22:28 UTC (rev 400)
@@ -189,22 +189,26 @@
KerberosTime authtime, KerberosTime *starttime,
KerberosTime endtime, KerberosTime *renew_till)
{
- char atime[100], stime[100], etime[100], rtime[100];
+ char authtime_str[100], starttime_str[100], endtime_str[100], renewtime_str[100];
- krb5_format_time(context, authtime, atime, sizeof(atime), TRUE);
+ krb5_format_time(context, authtime,
+ authtime_str, sizeof(authtime_str), TRUE);
if (starttime)
- krb5_format_time(context, *starttime, stime, sizeof(stime), TRUE);
+ krb5_format_time(context, *starttime,
+ starttime_str, sizeof(starttime_str), TRUE);
else
- strlcpy(stime, "unset", sizeof(stime));
- krb5_format_time(context, endtime, etime, sizeof(etime), TRUE);
+ strlcpy(starttime_str, "unset", sizeof(starttime_str));
+ krb5_format_time(context, endtime,
+ endtime_str, sizeof(endtime_str), TRUE);
if (renew_till)
- krb5_format_time(context, *renew_till, rtime, sizeof(rtime), TRUE);
+ krb5_format_time(context, *renew_till,
+ renewtime_str, sizeof(renewtime_str), TRUE);
else
- strlcpy(rtime, "unset", sizeof(rtime));
+ strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
kdc_log(context, config, 5,
"%s authtime: %s starttime: %s endtype: %s renew till: %s",
- type, atime, stime, etime, rtime);
+ type, authtime_str, starttime_str, endtime_str, renewtime_str);
}
static krb5_error_code
@@ -928,17 +932,18 @@
&ts_data);
krb5_crypto_destroy(context, crypto);
if(ret){
- ret = krb5_enctype_to_string(context,
+ krb5_error_code ret2;
+ ret2 = krb5_enctype_to_string(context,
pa_key->key.keytype, &str);
- if (ret)
+ if (ret2)
str = NULL;
kdc_log(context, config, 5,
"Failed to decrypt PA-DATA -- %s "
- "(enctype %s) error %d",
- client_name, str ? str : "unknown enctype", ret);
+ "(enctype %s) error %s",
+ client_name, str ? str : "unknown enctype",
+ krb5_get_err_text(context, ret));
free(str);
-
if(hdb_next_enctype2key(context, client,
enc_data.etype, &pa_key) == 0)
goto try_next_key;
@@ -1901,7 +1906,7 @@
free(buf);
krb5_crypto_destroy(context, crypto);
if(ret){
- kdc_log(context, config, 0, "Failed to verify checksum: %s",
+ kdc_log(context, config, 0, "Failed to verify authenticator checksum: %s",
krb5_get_err_text(context, ret));
}
out:
@@ -2097,7 +2102,11 @@
ret = tgs_check_authenticator(context, config,
ac, b, &e_text, &tgt->key);
-
+ if(ret){
+ krb5_auth_con_free(context, ac);
+ goto out2;
+ }
+
if (b->enc_authorization_data) {
krb5_keyblock *subkey;
krb5_data ad;
@@ -2158,14 +2167,6 @@
}
}
- krb5_auth_con_free(context, ac);
-
- if(ret){
- kdc_log(context, config, 0, "Failed to verify authenticator: %s",
- krb5_get_err_text(context, ret));
- goto out2;
- }
-
{
PrincipalName *s;
Realm r;
More information about the samba-cvs
mailing list