Lines 14-19
Link Here
|
14 |
#include <arpa/inet.h> /* inet_ntoa */ |
14 |
#include <arpa/inet.h> /* inet_ntoa */ |
15 |
#include <adm_proto.h> /* krb5_klog_syslog */ |
15 |
#include <adm_proto.h> /* krb5_klog_syslog */ |
16 |
#include "misc.h" |
16 |
#include "misc.h" |
|
|
17 |
#include <string.h> |
17 |
|
18 |
|
18 |
#define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s" |
19 |
#define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s" |
19 |
#define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s" |
20 |
#define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s" |
Lines 237-242
Link Here
|
237 |
return 0; |
238 |
return 0; |
238 |
} |
239 |
} |
239 |
|
240 |
|
|
|
241 |
static int |
242 |
log_unauth(char *op, char *target, gss_buffer_t client, gss_buffer_t server, struct svc_req *rqstp) |
243 |
{ |
244 |
size_t tlen, clen, slen; |
245 |
char *tdots, *cdots, *sdots; |
246 |
|
247 |
tlen = strlen(target); |
248 |
trunc_name(&tlen, &tdots); |
249 |
clen = client->length; |
250 |
trunc_name(&clen, &cdots); |
251 |
slen = server->length; |
252 |
trunc_name(&slen, &sdots); |
253 |
|
254 |
return krb5_klog_syslog(LOG_NOTICE, |
255 |
"Unauthorized request: %s, %.*s%s, " |
256 |
"client=%.*s%s, service=%.*s%s, addr=%s", |
257 |
op, tlen, target, tdots, |
258 |
clen, client->value, cdots, |
259 |
slen, server->value, sdots, |
260 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
261 |
} |
262 |
|
263 |
static int |
264 |
log_done(char *op, char *target, char *errmsg, gss_buffer_t client, gss_buffer_t server, struct svc_req *rqstp) |
265 |
{ |
266 |
size_t tlen, clen, slen; |
267 |
char *tdots, *cdots, *sdots; |
268 |
|
269 |
tlen = strlen(target); |
270 |
trunc_name(&tlen, &tdots); |
271 |
clen = client->length; |
272 |
trunc_name(&clen, &cdots); |
273 |
slen = server->length; |
274 |
trunc_name(&slen, &sdots); |
275 |
|
276 |
return krb5_klog_syslog(LOG_NOTICE, |
277 |
"Request: %s, %.*s%s, %s, " |
278 |
"client=%.*s%s, service=%.*s%s, addr=%s", |
279 |
op, tlen, target, tdots, errmsg, |
280 |
clen, client->value, cdots, |
281 |
slen, server->value, sdots, |
282 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
283 |
} |
284 |
|
240 |
generic_ret * |
285 |
generic_ret * |
241 |
create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) |
286 |
create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) |
242 |
{ |
287 |
{ |
Lines 275-283
Link Here
|
275 |
|| kadm5int_acl_impose_restrictions(handle->context, |
320 |
|| kadm5int_acl_impose_restrictions(handle->context, |
276 |
&arg->rec, &arg->mask, rp)) { |
321 |
&arg->rec, &arg->mask, rp)) { |
277 |
ret.code = KADM5_AUTH_ADD; |
322 |
ret.code = KADM5_AUTH_ADD; |
278 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", |
323 |
log_unauth("kadm5_create_principal", prime_arg, |
279 |
prime_arg, client_name.value, service_name.value, |
324 |
&client_name, &service_name, rqstp); |
280 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
281 |
} else { |
325 |
} else { |
282 |
ret.code = kadm5_create_principal((void *)handle, |
326 |
ret.code = kadm5_create_principal((void *)handle, |
283 |
&arg->rec, arg->mask, |
327 |
&arg->rec, arg->mask, |
Lines 287-296
Link Here
|
287 |
else |
331 |
else |
288 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
332 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
289 |
|
333 |
|
290 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", |
334 |
log_done("kadm5_create_principal", prime_arg, errmsg, |
291 |
prime_arg, errmsg, |
335 |
&client_name, &service_name, rqstp); |
292 |
client_name.value, service_name.value, |
|
|
293 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
294 |
|
336 |
|
295 |
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ |
337 |
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ |
296 |
} |
338 |
} |
Lines 341-349
Link Here
|
341 |
|| kadm5int_acl_impose_restrictions(handle->context, |
383 |
|| kadm5int_acl_impose_restrictions(handle->context, |
342 |
&arg->rec, &arg->mask, rp)) { |
384 |
&arg->rec, &arg->mask, rp)) { |
343 |
ret.code = KADM5_AUTH_ADD; |
385 |
ret.code = KADM5_AUTH_ADD; |
344 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", |
386 |
log_unauth("kadm5_create_principal", prime_arg, |
345 |
prime_arg, client_name.value, service_name.value, |
387 |
&client_name, &service_name, rqstp); |
346 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
347 |
} else { |
388 |
} else { |
348 |
ret.code = kadm5_create_principal_3((void *)handle, |
389 |
ret.code = kadm5_create_principal_3((void *)handle, |
349 |
&arg->rec, arg->mask, |
390 |
&arg->rec, arg->mask, |
Lines 355-364
Link Here
|
355 |
else |
396 |
else |
356 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
397 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
357 |
|
398 |
|
358 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", |
399 |
log_done("kadm5_create_principal", prime_arg, errmsg, |
359 |
prime_arg, errmsg, |
400 |
&client_name, &service_name, rqstp); |
360 |
client_name.value, service_name.value, |
|
|
361 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
362 |
|
401 |
|
363 |
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ |
402 |
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ |
364 |
} |
403 |
} |
Lines 406-414
Link Here
|
406 |
|| !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, |
445 |
|| !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, |
407 |
arg->princ, NULL)) { |
446 |
arg->princ, NULL)) { |
408 |
ret.code = KADM5_AUTH_DELETE; |
447 |
ret.code = KADM5_AUTH_DELETE; |
409 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal", |
448 |
log_unauth("kadm5_delete_principal", prime_arg, |
410 |
prime_arg, client_name.value, service_name.value, |
449 |
&client_name, &service_name, rqstp); |
411 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
412 |
} else { |
450 |
} else { |
413 |
ret.code = kadm5_delete_principal((void *)handle, arg->princ); |
451 |
ret.code = kadm5_delete_principal((void *)handle, arg->princ); |
414 |
if( ret.code == 0 ) |
452 |
if( ret.code == 0 ) |
Lines 416-425
Link Here
|
416 |
else |
454 |
else |
417 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
455 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
418 |
|
456 |
|
419 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", |
457 |
log_done("kadm5_delete_principal", prime_arg, errmsg, |
420 |
prime_arg, errmsg, |
458 |
&client_name, &service_name, rqstp); |
421 |
client_name.value, service_name.value, |
|
|
422 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
423 |
|
459 |
|
424 |
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ |
460 |
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ |
425 |
} |
461 |
} |
Lines 469-477
Link Here
|
469 |
|| kadm5int_acl_impose_restrictions(handle->context, |
505 |
|| kadm5int_acl_impose_restrictions(handle->context, |
470 |
&arg->rec, &arg->mask, rp)) { |
506 |
&arg->rec, &arg->mask, rp)) { |
471 |
ret.code = KADM5_AUTH_MODIFY; |
507 |
ret.code = KADM5_AUTH_MODIFY; |
472 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal", |
508 |
log_unauth("kadm5_modify_principal", prime_arg, |
473 |
prime_arg, client_name.value, service_name.value, |
509 |
&client_name, &service_name, rqstp); |
474 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
475 |
} else { |
510 |
} else { |
476 |
ret.code = kadm5_modify_principal((void *)handle, &arg->rec, |
511 |
ret.code = kadm5_modify_principal((void *)handle, &arg->rec, |
477 |
arg->mask); |
512 |
arg->mask); |
Lines 480-489
Link Here
|
480 |
else |
515 |
else |
481 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
516 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
482 |
|
517 |
|
483 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal", |
518 |
log_done("kadm5_modify_principal", prime_arg, errmsg, |
484 |
prime_arg, errmsg, |
519 |
&client_name, &service_name, rqstp); |
485 |
client_name.value, service_name.value, |
|
|
486 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
487 |
|
520 |
|
488 |
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ |
521 |
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ |
489 |
} |
522 |
} |
Lines 546-554
Link Here
|
546 |
} else |
579 |
} else |
547 |
ret.code = KADM5_AUTH_INSUFFICIENT; |
580 |
ret.code = KADM5_AUTH_INSUFFICIENT; |
548 |
if (ret.code != KADM5_OK) { |
581 |
if (ret.code != KADM5_OK) { |
549 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal", |
582 |
log_unauth("kadm5_rename_principal", prime_arg, |
550 |
prime_arg, client_name.value, service_name.value, |
583 |
&client_name, &service_name, rqstp); |
551 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
552 |
} else { |
584 |
} else { |
553 |
ret.code = kadm5_rename_principal((void *)handle, arg->src, |
585 |
ret.code = kadm5_rename_principal((void *)handle, arg->src, |
554 |
arg->dest); |
586 |
arg->dest); |
Lines 557-566
Link Here
|
557 |
else |
589 |
else |
558 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
590 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
559 |
|
591 |
|
560 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal", |
592 |
log_done("kadm5_rename_principal", prime_arg, errmsg, |
561 |
prime_arg, errmsg, |
593 |
&client_name, &service_name, rqstp); |
562 |
client_name.value, service_name.value, |
|
|
563 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
564 |
} |
594 |
} |
565 |
free_server_handle(handle); |
595 |
free_server_handle(handle); |
566 |
free(prime_arg1); |
596 |
free(prime_arg1); |
Lines 614-622
Link Here
|
614 |
arg->princ, |
644 |
arg->princ, |
615 |
NULL))) { |
645 |
NULL))) { |
616 |
ret.code = KADM5_AUTH_GET; |
646 |
ret.code = KADM5_AUTH_GET; |
617 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, |
647 |
log_unauth(funcname, prime_arg, |
618 |
prime_arg, client_name.value, service_name.value, |
648 |
&client_name, &service_name, rqstp); |
619 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
620 |
} else { |
649 |
} else { |
621 |
if (handle->api_version == KADM5_API_VERSION_1) { |
650 |
if (handle->api_version == KADM5_API_VERSION_1) { |
622 |
ret.code = kadm5_get_principal_v1((void *)handle, |
651 |
ret.code = kadm5_get_principal_v1((void *)handle, |
Lines 636-646
Link Here
|
636 |
else |
665 |
else |
637 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
666 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
638 |
|
667 |
|
639 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, |
668 |
log_done(funcname, prime_arg, errmsg, |
640 |
prime_arg, |
669 |
&client_name, &service_name, rqstp); |
641 |
errmsg, |
|
|
642 |
client_name.value, service_name.value, |
643 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
644 |
|
670 |
|
645 |
} |
671 |
} |
646 |
free_server_handle(handle); |
672 |
free_server_handle(handle); |
Lines 688-696
Link Here
|
688 |
NULL, |
714 |
NULL, |
689 |
NULL)) { |
715 |
NULL)) { |
690 |
ret.code = KADM5_AUTH_LIST; |
716 |
ret.code = KADM5_AUTH_LIST; |
691 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals", |
717 |
log_unauth("kadm5_get_principals", prime_arg, |
692 |
prime_arg, client_name.value, service_name.value, |
718 |
&client_name, &service_name, rqstp); |
693 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
694 |
} else { |
719 |
} else { |
695 |
ret.code = kadm5_get_principals((void *)handle, |
720 |
ret.code = kadm5_get_principals((void *)handle, |
696 |
arg->exp, &ret.princs, |
721 |
arg->exp, &ret.princs, |
Lines 700-710
Link Here
|
700 |
else |
725 |
else |
701 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
726 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
702 |
|
727 |
|
703 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals", |
728 |
log_done("kadm5_get_principals", prime_arg, errmsg, |
704 |
prime_arg, |
729 |
&client_name, &service_name, rqstp); |
705 |
errmsg, |
|
|
706 |
client_name.value, service_name.value, |
707 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
708 |
|
730 |
|
709 |
} |
731 |
} |
710 |
free_server_handle(handle); |
732 |
free_server_handle(handle); |
Lines 755-763
Link Here
|
755 |
ret.code = kadm5_chpass_principal((void *)handle, arg->princ, |
777 |
ret.code = kadm5_chpass_principal((void *)handle, arg->princ, |
756 |
arg->pass); |
778 |
arg->pass); |
757 |
} else { |
779 |
} else { |
758 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", |
780 |
log_unauth("kadm5_chpass_principal", prime_arg, |
759 |
prime_arg, client_name.value, service_name.value, |
781 |
&client_name, &service_name, rqstp); |
760 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
761 |
ret.code = KADM5_AUTH_CHANGEPW; |
782 |
ret.code = KADM5_AUTH_CHANGEPW; |
762 |
} |
783 |
} |
763 |
|
784 |
|
Lines 767-776
Link Here
|
767 |
else |
788 |
else |
768 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
789 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
769 |
|
790 |
|
770 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", |
791 |
log_done("kadm5_chpass_principal", prime_arg, errmsg, |
771 |
prime_arg, errmsg, |
792 |
&client_name, &service_name, rqstp); |
772 |
client_name.value, service_name.value, |
|
|
773 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
774 |
} |
793 |
} |
775 |
|
794 |
|
776 |
free_server_handle(handle); |
795 |
free_server_handle(handle); |
Lines 828-836
Link Here
|
828 |
arg->ks_tuple, |
847 |
arg->ks_tuple, |
829 |
arg->pass); |
848 |
arg->pass); |
830 |
} else { |
849 |
} else { |
831 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", |
850 |
log_unauth("kadm5_chpass_principal", prime_arg, |
832 |
prime_arg, client_name.value, service_name.value, |
851 |
&client_name, &service_name, rqstp); |
833 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
834 |
ret.code = KADM5_AUTH_CHANGEPW; |
852 |
ret.code = KADM5_AUTH_CHANGEPW; |
835 |
} |
853 |
} |
836 |
|
854 |
|
Lines 840-849
Link Here
|
840 |
else |
858 |
else |
841 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
859 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
842 |
|
860 |
|
843 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", |
861 |
log_done("kadm5_chpass_principal", prime_arg, errmsg, |
844 |
prime_arg, errmsg, |
862 |
&client_name, &service_name, rqstp); |
845 |
client_name.value, service_name.value, |
|
|
846 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
847 |
} |
863 |
} |
848 |
|
864 |
|
849 |
free_server_handle(handle); |
865 |
free_server_handle(handle); |
Lines 892-900
Link Here
|
892 |
ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, |
908 |
ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, |
893 |
arg->keyblock); |
909 |
arg->keyblock); |
894 |
} else { |
910 |
} else { |
895 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal", |
911 |
log_unauth("kadm5_setv4key_principal", prime_arg, |
896 |
prime_arg, client_name.value, service_name.value, |
912 |
&client_name, &service_name, rqstp); |
897 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
898 |
ret.code = KADM5_AUTH_SETKEY; |
913 |
ret.code = KADM5_AUTH_SETKEY; |
899 |
} |
914 |
} |
900 |
|
915 |
|
Lines 904-913
Link Here
|
904 |
else |
919 |
else |
905 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
920 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
906 |
|
921 |
|
907 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", |
922 |
log_done("kadm5_setv4key_principal", prime_arg, errmsg, |
908 |
prime_arg, errmsg, |
923 |
&client_name, &service_name, rqstp); |
909 |
client_name.value, service_name.value, |
|
|
910 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
911 |
} |
924 |
} |
912 |
|
925 |
|
913 |
free_server_handle(handle); |
926 |
free_server_handle(handle); |
Lines 956-964
Link Here
|
956 |
ret.code = kadm5_setkey_principal((void *)handle, arg->princ, |
969 |
ret.code = kadm5_setkey_principal((void *)handle, arg->princ, |
957 |
arg->keyblocks, arg->n_keys); |
970 |
arg->keyblocks, arg->n_keys); |
958 |
} else { |
971 |
} else { |
959 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", |
972 |
log_unauth("kadm5_setkey_principal", prime_arg, |
960 |
prime_arg, client_name.value, service_name.value, |
973 |
&client_name, &service_name, rqstp); |
961 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
962 |
ret.code = KADM5_AUTH_SETKEY; |
974 |
ret.code = KADM5_AUTH_SETKEY; |
963 |
} |
975 |
} |
964 |
|
976 |
|
Lines 968-977
Link Here
|
968 |
else |
980 |
else |
969 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
981 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
970 |
|
982 |
|
971 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", |
983 |
log_done("kadm5_setkey_principal", prime_arg, errmsg, |
972 |
prime_arg, errmsg, |
984 |
&client_name, &service_name, rqstp); |
973 |
client_name.value, service_name.value, |
|
|
974 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
975 |
} |
985 |
} |
976 |
|
986 |
|
977 |
free_server_handle(handle); |
987 |
free_server_handle(handle); |
Lines 1023-1031
Link Here
|
1023 |
arg->ks_tuple, |
1033 |
arg->ks_tuple, |
1024 |
arg->keyblocks, arg->n_keys); |
1034 |
arg->keyblocks, arg->n_keys); |
1025 |
} else { |
1035 |
} else { |
1026 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", |
1036 |
log_unauth("kadm5_setkey_principal", prime_arg, |
1027 |
prime_arg, client_name.value, service_name.value, |
1037 |
&client_name, &service_name, rqstp); |
1028 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
1029 |
ret.code = KADM5_AUTH_SETKEY; |
1038 |
ret.code = KADM5_AUTH_SETKEY; |
1030 |
} |
1039 |
} |
1031 |
|
1040 |
|
Lines 1035-1044
Link Here
|
1035 |
else |
1044 |
else |
1036 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1045 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1037 |
|
1046 |
|
1038 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", |
1047 |
log_done("kadm5_setkey_principal", prime_arg, errmsg, |
1039 |
prime_arg, errmsg, |
1048 |
&client_name, &service_name, rqstp); |
1040 |
client_name.value, service_name.value, |
|
|
1041 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
1042 |
} |
1049 |
} |
1043 |
|
1050 |
|
1044 |
free_server_handle(handle); |
1051 |
free_server_handle(handle); |
Lines 1097-1105
Link Here
|
1097 |
ret.code = kadm5_randkey_principal((void *)handle, arg->princ, |
1104 |
ret.code = kadm5_randkey_principal((void *)handle, arg->princ, |
1098 |
&k, &nkeys); |
1105 |
&k, &nkeys); |
1099 |
} else { |
1106 |
} else { |
1100 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, |
1107 |
log_unauth(funcname, prime_arg, |
1101 |
prime_arg, client_name.value, service_name.value, |
1108 |
&client_name, &service_name, rqstp); |
1102 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
1103 |
ret.code = KADM5_AUTH_CHANGEPW; |
1109 |
ret.code = KADM5_AUTH_CHANGEPW; |
1104 |
} |
1110 |
} |
1105 |
|
1111 |
|
Lines 1119-1128
Link Here
|
1119 |
else |
1125 |
else |
1120 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1126 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1121 |
|
1127 |
|
1122 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, |
1128 |
log_done(funcname, prime_arg, errmsg, |
1123 |
prime_arg, errmsg, |
1129 |
&client_name, &service_name, rqstp); |
1124 |
client_name.value, service_name.value, |
|
|
1125 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
1126 |
} |
1130 |
} |
1127 |
free_server_handle(handle); |
1131 |
free_server_handle(handle); |
1128 |
free(prime_arg); |
1132 |
free(prime_arg); |
Lines 1185-1193
Link Here
|
1185 |
arg->ks_tuple, |
1189 |
arg->ks_tuple, |
1186 |
&k, &nkeys); |
1190 |
&k, &nkeys); |
1187 |
} else { |
1191 |
} else { |
1188 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, |
1192 |
log_unauth(funcname, prime_arg, |
1189 |
prime_arg, client_name.value, service_name.value, |
1193 |
&client_name, &service_name, rqstp); |
1190 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
1191 |
ret.code = KADM5_AUTH_CHANGEPW; |
1194 |
ret.code = KADM5_AUTH_CHANGEPW; |
1192 |
} |
1195 |
} |
1193 |
|
1196 |
|
Lines 1207-1216
Link Here
|
1207 |
else |
1210 |
else |
1208 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1211 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1209 |
|
1212 |
|
1210 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, |
1213 |
log_done(funcname, prime_arg, errmsg, |
1211 |
prime_arg, errmsg, |
1214 |
&client_name, &service_name, rqstp); |
1212 |
client_name.value, service_name.value, |
|
|
1213 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
1214 |
} |
1215 |
} |
1215 |
free_server_handle(handle); |
1216 |
free_server_handle(handle); |
1216 |
free(prime_arg); |
1217 |
free(prime_arg); |
Lines 1253-1261
Link Here
|
1253 |
rqst2name(rqstp), |
1254 |
rqst2name(rqstp), |
1254 |
ACL_ADD, NULL, NULL)) { |
1255 |
ACL_ADD, NULL, NULL)) { |
1255 |
ret.code = KADM5_AUTH_ADD; |
1256 |
ret.code = KADM5_AUTH_ADD; |
1256 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy", |
1257 |
log_unauth("kadm5_create_policy", prime_arg, |
1257 |
prime_arg, client_name.value, service_name.value, |
1258 |
&client_name, &service_name, rqstp); |
1258 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
1259 |
|
1259 |
|
1260 |
} else { |
1260 |
} else { |
1261 |
ret.code = kadm5_create_policy((void *)handle, &arg->rec, |
1261 |
ret.code = kadm5_create_policy((void *)handle, &arg->rec, |
Lines 1265-1275
Link Here
|
1265 |
else |
1265 |
else |
1266 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1266 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1267 |
|
1267 |
|
1268 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy", |
1268 |
log_done("kadm5_create_policy", |
1269 |
((prime_arg == NULL) ? "(null)" : prime_arg), |
1269 |
((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, |
1270 |
errmsg, |
1270 |
&client_name, &service_name, rqstp); |
1271 |
client_name.value, service_name.value, |
|
|
1272 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
1273 |
} |
1271 |
} |
1274 |
free_server_handle(handle); |
1272 |
free_server_handle(handle); |
1275 |
gss_release_buffer(&minor_stat, &client_name); |
1273 |
gss_release_buffer(&minor_stat, &client_name); |
Lines 1310-1318
Link Here
|
1310 |
if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, |
1308 |
if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, |
1311 |
rqst2name(rqstp), |
1309 |
rqst2name(rqstp), |
1312 |
ACL_DELETE, NULL, NULL)) { |
1310 |
ACL_DELETE, NULL, NULL)) { |
1313 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy", |
1311 |
log_unauth("kadm5_delete_policy", prime_arg, |
1314 |
prime_arg, client_name.value, service_name.value, |
1312 |
&client_name, &service_name, rqstp); |
1315 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
1316 |
ret.code = KADM5_AUTH_DELETE; |
1313 |
ret.code = KADM5_AUTH_DELETE; |
1317 |
} else { |
1314 |
} else { |
1318 |
ret.code = kadm5_delete_policy((void *)handle, arg->name); |
1315 |
ret.code = kadm5_delete_policy((void *)handle, arg->name); |
Lines 1321-1331
Link Here
|
1321 |
else |
1318 |
else |
1322 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1319 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1323 |
|
1320 |
|
1324 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy", |
1321 |
log_done("kadm5_delete_policy", |
1325 |
((prime_arg == NULL) ? "(null)" : prime_arg), |
1322 |
((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, |
1326 |
errmsg, |
1323 |
&client_name, &service_name, rqstp); |
1327 |
client_name.value, service_name.value, |
|
|
1328 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
1329 |
} |
1324 |
} |
1330 |
free_server_handle(handle); |
1325 |
free_server_handle(handle); |
1331 |
gss_release_buffer(&minor_stat, &client_name); |
1326 |
gss_release_buffer(&minor_stat, &client_name); |
Lines 1366-1374
Link Here
|
1366 |
if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, |
1361 |
if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, |
1367 |
rqst2name(rqstp), |
1362 |
rqst2name(rqstp), |
1368 |
ACL_MODIFY, NULL, NULL)) { |
1363 |
ACL_MODIFY, NULL, NULL)) { |
1369 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy", |
1364 |
log_unauth("kadm5_modify_policy", prime_arg, |
1370 |
prime_arg, client_name.value, service_name.value, |
1365 |
&client_name, &service_name, rqstp); |
1371 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
1372 |
ret.code = KADM5_AUTH_MODIFY; |
1366 |
ret.code = KADM5_AUTH_MODIFY; |
1373 |
} else { |
1367 |
} else { |
1374 |
ret.code = kadm5_modify_policy((void *)handle, &arg->rec, |
1368 |
ret.code = kadm5_modify_policy((void *)handle, &arg->rec, |
Lines 1378-1388
Link Here
|
1378 |
else |
1372 |
else |
1379 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1373 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1380 |
|
1374 |
|
1381 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy", |
1375 |
log_done("kadm5_modify_policy", |
1382 |
((prime_arg == NULL) ? "(null)" : prime_arg), |
1376 |
((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, |
1383 |
errmsg, |
1377 |
&client_name, &service_name, rqstp); |
1384 |
client_name.value, service_name.value, |
|
|
1385 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
1386 |
} |
1378 |
} |
1387 |
free_server_handle(handle); |
1379 |
free_server_handle(handle); |
1388 |
gss_release_buffer(&minor_stat, &client_name); |
1380 |
gss_release_buffer(&minor_stat, &client_name); |
Lines 1464-1478
Link Here
|
1464 |
else |
1456 |
else |
1465 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1457 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1466 |
|
1458 |
|
1467 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, |
1459 |
log_done(funcname, |
1468 |
((prime_arg == NULL) ? "(null)" : prime_arg), |
1460 |
((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, |
1469 |
errmsg, |
1461 |
&client_name, &service_name, rqstp); |
1470 |
client_name.value, service_name.value, |
|
|
1471 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
1472 |
} else { |
1462 |
} else { |
1473 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, |
1463 |
log_unauth(funcname, prime_arg, |
1474 |
prime_arg, client_name.value, service_name.value, |
1464 |
&client_name, &service_name, rqstp); |
1475 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
1476 |
} |
1465 |
} |
1477 |
free_server_handle(handle); |
1466 |
free_server_handle(handle); |
1478 |
gss_release_buffer(&minor_stat, &client_name); |
1467 |
gss_release_buffer(&minor_stat, &client_name); |
Lines 1517-1525
Link Here
|
1517 |
rqst2name(rqstp), |
1506 |
rqst2name(rqstp), |
1518 |
ACL_LIST, NULL, NULL)) { |
1507 |
ACL_LIST, NULL, NULL)) { |
1519 |
ret.code = KADM5_AUTH_LIST; |
1508 |
ret.code = KADM5_AUTH_LIST; |
1520 |
krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies", |
1509 |
log_unauth("kadm5_get_policies", prime_arg, |
1521 |
prime_arg, client_name.value, service_name.value, |
1510 |
&client_name, &service_name, rqstp); |
1522 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
|
|
1523 |
} else { |
1511 |
} else { |
1524 |
ret.code = kadm5_get_policies((void *)handle, |
1512 |
ret.code = kadm5_get_policies((void *)handle, |
1525 |
arg->exp, &ret.pols, |
1513 |
arg->exp, &ret.pols, |
Lines 1529-1539
Link Here
|
1529 |
else |
1517 |
else |
1530 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1518 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1531 |
|
1519 |
|
1532 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies", |
1520 |
log_done("kadm5_get_policies", prime_arg, errmsg, |
1533 |
prime_arg, |
1521 |
&client_name, &service_name, rqstp); |
1534 |
errmsg, |
|
|
1535 |
client_name.value, service_name.value, |
1536 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
1537 |
} |
1522 |
} |
1538 |
free_server_handle(handle); |
1523 |
free_server_handle(handle); |
1539 |
gss_release_buffer(&minor_stat, &client_name); |
1524 |
gss_release_buffer(&minor_stat, &client_name); |
Lines 1573-1583
Link Here
|
1573 |
else |
1558 |
else |
1574 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1559 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1575 |
|
1560 |
|
1576 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs", |
1561 |
log_done("kadm5_get_privs", client_name.value, errmsg, |
1577 |
client_name.value, |
1562 |
&client_name, &service_name, rqstp); |
1578 |
errmsg, |
|
|
1579 |
client_name.value, service_name.value, |
1580 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); |
1581 |
|
1563 |
|
1582 |
free_server_handle(handle); |
1564 |
free_server_handle(handle); |
1583 |
gss_release_buffer(&minor_stat, &client_name); |
1565 |
gss_release_buffer(&minor_stat, &client_name); |
Lines 1594-1599
Link Here
|
1594 |
kadm5_server_handle_t handle; |
1576 |
kadm5_server_handle_t handle; |
1595 |
OM_uint32 minor_stat; |
1577 |
OM_uint32 minor_stat; |
1596 |
char *errmsg = 0; |
1578 |
char *errmsg = 0; |
|
|
1579 |
size_t clen, slen; |
1580 |
char *cdots, *sdots; |
1597 |
|
1581 |
|
1598 |
xdr_free(xdr_generic_ret, &ret); |
1582 |
xdr_free(xdr_generic_ret, &ret); |
1599 |
|
1583 |
|
Lines 1611-1623
Link Here
|
1611 |
} |
1595 |
} |
1612 |
|
1596 |
|
1613 |
if (ret.code != 0) |
1597 |
if (ret.code != 0) |
1614 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1598 |
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); |
1615 |
krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d", |
1599 |
else |
|
|
1600 |
errmsg = "success"; |
1601 |
|
1602 |
clen = client_name.length; |
1603 |
trunc_name(&clen, &cdots); |
1604 |
slen = service_name.length; |
1605 |
trunc_name(&slen, &sdots); |
1606 |
krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, " |
1607 |
"client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d", |
1616 |
(ret.api_version == KADM5_API_VERSION_1 ? |
1608 |
(ret.api_version == KADM5_API_VERSION_1 ? |
1617 |
"kadm5_init (V1)" : "kadm5_init"), |
1609 |
"kadm5_init (V1)" : "kadm5_init"), |
1618 |
client_name.value, |
1610 |
clen, client_name.value, cdots, errmsg, |
1619 |
(ret.code == 0) ? "success" : errmsg, |
1611 |
clen, client_name.value, cdots, |
1620 |
client_name.value, service_name.value, |
1612 |
slen, service_name.value, sdots, |
1621 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), |
1613 |
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), |
1622 |
rqstp->rq_cred.oa_flavor); |
1614 |
rqstp->rq_cred.oa_flavor); |
1623 |
gss_release_buffer(&minor_stat, &client_name); |
1615 |
gss_release_buffer(&minor_stat, &client_name); |