Author: abartlet Date: 2005-08-09 00:22:28 +0000 (Tue, 09 Aug 2005) New Revision: 400
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=400 Log: Only spit out one error message per TGS authenticator failure. Now to figure out why we are getting them... Andrew Bartlett Modified: trunk/heimdal/kdc/kerberos5.c Changeset: Modified: trunk/heimdal/kdc/kerberos5.c =================================================================== --- trunk/heimdal/kdc/kerberos5.c 2005-08-08 20:26:35 UTC (rev 399) +++ trunk/heimdal/kdc/kerberos5.c 2005-08-09 00:22:28 UTC (rev 400) @@ -189,22 +189,26 @@ KerberosTime authtime, KerberosTime *starttime, KerberosTime endtime, KerberosTime *renew_till) { - char atime[100], stime[100], etime[100], rtime[100]; + char authtime_str[100], starttime_str[100], endtime_str[100], renewtime_str[100]; - krb5_format_time(context, authtime, atime, sizeof(atime), TRUE); + krb5_format_time(context, authtime, + authtime_str, sizeof(authtime_str), TRUE); if (starttime) - krb5_format_time(context, *starttime, stime, sizeof(stime), TRUE); + krb5_format_time(context, *starttime, + starttime_str, sizeof(starttime_str), TRUE); else - strlcpy(stime, "unset", sizeof(stime)); - krb5_format_time(context, endtime, etime, sizeof(etime), TRUE); + strlcpy(starttime_str, "unset", sizeof(starttime_str)); + krb5_format_time(context, endtime, + endtime_str, sizeof(endtime_str), TRUE); if (renew_till) - krb5_format_time(context, *renew_till, rtime, sizeof(rtime), TRUE); + krb5_format_time(context, *renew_till, + renewtime_str, sizeof(renewtime_str), TRUE); else - strlcpy(rtime, "unset", sizeof(rtime)); + strlcpy(renewtime_str, "unset", sizeof(renewtime_str)); kdc_log(context, config, 5, "%s authtime: %s starttime: %s endtype: %s renew till: %s", - type, atime, stime, etime, rtime); + type, authtime_str, starttime_str, endtime_str, renewtime_str); } static krb5_error_code @@ -928,17 +932,18 @@ &ts_data); krb5_crypto_destroy(context, crypto); if(ret){ - ret = krb5_enctype_to_string(context, + krb5_error_code ret2; + ret2 = krb5_enctype_to_string(context, pa_key->key.keytype, &str); - if (ret) + if (ret2) str = NULL; kdc_log(context, config, 5, "Failed to decrypt PA-DATA -- %s " - "(enctype %s) error %d", - client_name, str ? str : "unknown enctype", ret); + "(enctype %s) error %s", + client_name, str ? str : "unknown enctype", + krb5_get_err_text(context, ret)); free(str); - if(hdb_next_enctype2key(context, client, enc_data.etype, &pa_key) == 0) goto try_next_key; @@ -1901,7 +1906,7 @@ free(buf); krb5_crypto_destroy(context, crypto); if(ret){ - kdc_log(context, config, 0, "Failed to verify checksum: %s", + kdc_log(context, config, 0, "Failed to verify authenticator checksum: %s", krb5_get_err_text(context, ret)); } out: @@ -2097,7 +2102,11 @@ ret = tgs_check_authenticator(context, config, ac, b, &e_text, &tgt->key); - + if(ret){ + krb5_auth_con_free(context, ac); + goto out2; + } + if (b->enc_authorization_data) { krb5_keyblock *subkey; krb5_data ad; @@ -2158,14 +2167,6 @@ } } - krb5_auth_con_free(context, ac); - - if(ret){ - kdc_log(context, config, 0, "Failed to verify authenticator: %s", - krb5_get_err_text(context, ret)); - goto out2; - } - { PrincipalName *s; Realm r;
