/* This version will be incremented when incompatible changes are made to the
* KDB API, and will be kept in sync with the libkdb major version. */
-#define KRB5_KDB_API_VERSION 8
+#define KRB5_KDB_API_VERSION 9
/* Salt types */
#define KRB5_KDB_SALTTYPE_NORMAL 0
krb5_pa_data ***e_data);
void krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_timestamp authtime, krb5_error_code error_code);
+ krb5_address *from, krb5_db_entry *client,
+ krb5_db_entry *server, krb5_timestamp authtime,
+ krb5_error_code error_code);
void krb5_db_refresh_config(krb5_context kcontext);
* This number indicates the date of the last incompatible change to the DAL.
* The maj_ver field of the module's vtable structure must match this version.
*/
-#define KRB5_KDB_DAL_MAJOR_VERSION 6
+#define KRB5_KDB_DAL_MAJOR_VERSION 7
/*
* A krb5_context can hold one database object. Modules should use
* AS request.
*/
void (*audit_as_req)(krb5_context kcontext, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_timestamp authtime, krb5_error_code error_code);
+ krb5_address *from, krb5_db_entry *client,
+ krb5_db_entry *server, krb5_timestamp authtime,
+ krb5_error_code error_code);
/* Note: there is currently no method for auditing TGS requests. */
ktypestr, fromstring, status,
cname2, sname2, emsg ? ", " : "", emsg ? emsg : "");
}
- krb5_db_audit_as_req(context, request, client, server, authtime,
- errcode);
+ krb5_db_audit_as_req(context, request, from->address, client, server,
+ authtime, errcode);
#if 0
/* Sun (OpenSolaris) version would probably something like this.
The client and server names passed can be null, unlike in the
# Keep LIBMAJOR in sync with KRB5_KDB_API_VERSION in include/kdb.h.
LIBBASE=kdb5
-LIBMAJOR=8
+LIBMAJOR=9
LIBMINOR=0
LIBINITFUNC=kdb_init_lock_list
LIBFINIFUNC=kdb_fini_lock_list
out->audit_as_req = in->audit_as_req;
out->refresh_config = in->refresh_config;
out->check_allowed_to_delegate = in->check_allowed_to_delegate;
-
- /* Copy fields for minor version 1 (major version 6). */
- assert(KRB5_KDB_DAL_MAJOR_VERSION == 6);
- out->free_principal_e_data = NULL;
- if (in->min_ver >= 1)
- out->free_principal_e_data = in->free_principal_e_data;
+ out->free_principal_e_data = in->free_principal_e_data;
/* Set defaults for optional fields. */
if (out->fetch_master_key == NULL)
void
krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_timestamp authtime, krb5_error_code error_code)
+ krb5_address *from, krb5_db_entry *client,
+ krb5_db_entry *server, krb5_timestamp authtime,
+ krb5_error_code error_code)
{
krb5_error_code status;
kdb_vftabl *v;
status = get_vftabl(kcontext, &v);
if (status || v->audit_as_req == NULL)
return;
- v->audit_as_req(kcontext, request, client, server, authtime, error_code);
+ v->audit_as_req(kcontext, request, from, client, server, authtime,
+ error_code);
}
void
(kcontext, request, client, server, kdc_time, status, e_data));
WRAP_VOID (krb5_db2_audit_as_req,
- (krb5_context kcontext, krb5_kdc_req *request,
+ (krb5_context kcontext, krb5_kdc_req *request, krb5_address *from,
krb5_db_entry *client, krb5_db_entry *server,
krb5_timestamp authtime, krb5_error_code error_code),
- (kcontext, request, client, server, authtime, error_code));
+ (kcontext, request, from, client, server, authtime, error_code));
static krb5_error_code
hack_init (void)
void
krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_timestamp authtime, krb5_error_code error_code)
+ krb5_address *from, krb5_db_entry *client,
+ krb5_db_entry *server, krb5_timestamp authtime,
+ krb5_error_code error_code)
{
(void) krb5_db2_lockout_audit(kcontext, client, authtime, error_code);
}
void
krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_timestamp authtime, krb5_error_code error_code);
+ krb5_address *from, krb5_db_entry *client,
+ krb5_db_entry *server, krb5_timestamp authtime,
+ krb5_error_code error_code);
#endif /* KRB5_KDB_DB2_H */
void
krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_timestamp authtime, krb5_error_code error_code)
+ krb5_address *from, krb5_db_entry *client,
+ krb5_db_entry *server, krb5_timestamp authtime,
+ krb5_error_code error_code)
{
(void) krb5_ldap_lockout_audit(kcontext, client, authtime, error_code);
}
void
krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
- krb5_db_entry *client, krb5_db_entry *server,
- krb5_timestamp authtime, krb5_error_code error_code);
+ krb5_address *from, krb5_db_entry *client,
+ krb5_db_entry *server, krb5_timestamp authtime,
+ krb5_error_code error_code);
krb5_error_code
krb5_ldap_check_allowed_to_delegate(krb5_context context,
static void
sim_preauth(krb5_timestamp authtime, krb5_boolean ok, krb5_db_entry **entp)
{
- /* Both back ends ignore the request parameter for now. */
- krb5_db_audit_as_req(ctx, NULL, *entp, *entp, authtime,
+ /* Both back ends ignore the request and from parameters for now. */
+ krb5_db_audit_as_req(ctx, NULL, NULL, *entp, *entp, authtime,
ok ? 0 : KRB5KDC_ERR_PREAUTH_FAILED);
krb5_db_free_principal(ctx, *entp);
CHECK(krb5_db_get_principal(ctx, &sample_princ, 0, entp));