kaserver-log-tgtreq-20061206

Separately log TGT requests in addition to logging the authentication so
that one can distinguish in the logs between Kerberos v4 clients and uses
of klog.

diff --git a/src/kauth/kalog.c b/src/kauth/kalog.c
index 4dc61e1..85b6bea 100644 (file)
--- a/src/kauth/kalog.c
+++ b/src/kauth/kalog.c
@@ -115,6 +115,9 @@ kalog_log(char *principal, char *instance, char *sprincipal, char *sinstance,
     case LOG_GETTICKET:
        strcat(keybuf, ":gtck");
        break;
+    case LOG_TGTREQUEST:
+       strcat(keybuf, ":tgtreq");
+       break;
     default:
        break;
     }
@@ -187,6 +190,9 @@ ka_log(char *principal, char *instance, char *sprincipal, char *sinstance,
     case LOG_GETTICKET:
        strcat(logbuf, ":gtck");
        break;
+    case LOG_TGTREQUEST:
+        strcat(logbuf, ":tgtreq");
+        break;
     default:
        break;
     }

diff --git a/src/kauth/kalog.h b/src/kauth/kalog.h
index ffc04f9..0ae6c68 100644 (file)
--- a/src/kauth/kalog.h
+++ b/src/kauth/kalog.h
@@ -27,6 +27,7 @@ typedef struct {
 #define        LOG_SETFIELDS           5
 #define        LOG_UNLOCK              6
 #define        LOG_AUTHFAILED          7
+#define        LOG_TGTREQUEST          8
 
 #ifdef AUTH_DBM_LOG
 #ifdef AFS_LINUX20_ENV

diff --git a/src/kauth/krb_udp.c b/src/kauth/krb_udp.c
index b894c8c..2222b36 100644 (file)
--- a/src/kauth/krb_udp.c
+++ b/src/kauth/krb_udp.c
@@ -399,6 +399,11 @@ UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
     }
     KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
          LOG_AUTHENTICATE);
+
+    if (cipherLen != 0) {
+       KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
+             LOG_TGTREQUEST);
+    }
     osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
     return 0;