#define KDC_REQUEST_KV_AUTH_EVENT "#auth_event" /* heim_number_t */
#define KDC_REQUEST_KV_PA_NAME "pa" /* heim_string_t */
#define KDC_REQUEST_KV_PA_ETYPE "pa-etype" /* heim_number_t */
+#define KDC_REQUEST_KV_PA_SUCCEEDED_KVNO "pa-succeeded-kvno" /* heim_number_t */
+#define KDC_REQUEST_KV_PA_FAILED_KVNO "pa-failed-kvno" /* heim_number_t */
#define KDC_REQUEST_KV_GSS_INITIATOR "gss_initiator" /* heim_string_t */
#define KDC_REQUEST_KV_PKINIT_CLIENT_CERT "pkinit_client_cert" /* heim_string_t */
+#define KDC_REQUEST_KV_PA_HISTORIC_KVNO "pa-historic-kvno" /* heim_number_t */
#endif /* HEIMDAL_KDC_KDC_AUDIT_H */
estr, r->cname);
free(estr);
free_EncryptedData(&enc_data);
+ kdc_audit_setkv_number((kdc_request_t)r,
+ KDC_REQUEST_KV_PA_FAILED_KVNO,
+ kvno);
return ret;
}
if (ret == KRB5KRB_AP_ERR_SKEW) {
* via pa_enc_chal_decrypt_kvno()
*/
+ kdc_audit_setkv_number((kdc_request_t)r,
+ KDC_REQUEST_KV_PA_FAILED_KVNO,
+ kvno);
+
/*
* Check if old and older keys are
* able to decrypt.
NULL, /* KDCchallengekey */
NULL); /* used_key */
if (hret == 0) {
+ kdc_audit_setkv_number((kdc_request_t)r,
+ KDC_REQUEST_KV_PA_HISTORIC_KVNO,
+ hkvno);
break;
}
if (hret == KRB5KDC_ERR_ETYPE_NOSUPP) {
kstr ? kstr : "unknown enctype");
kdc_audit_setkv_number((kdc_request_t)r, KDC_REQUEST_KV_AUTH_EVENT,
KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY);
+ kdc_audit_setkv_number((kdc_request_t)r,
+ KDC_REQUEST_KV_PA_SUCCEEDED_KVNO,
+ kvno);
return 0;
}
estr, r->cname);
free(estr);
free_EncryptedData(&enc_data);
+ kdc_audit_setkv_number((kdc_request_t)r,
+ KDC_REQUEST_KV_PA_FAILED_KVNO,
+ kvno);
goto out;
}
if (ret == KRB5KDC_ERR_PREAUTH_FAILED) {
krb5_error_code hret = ret;
int hi;
+ kdc_audit_setkv_number((kdc_request_t)r,
+ KDC_REQUEST_KV_PA_FAILED_KVNO,
+ kvno);
+
/*
* Check if old and older keys are
* able to decrypt.
NULL); /* pa_key */
if (hret == 0) {
krb5_data_free(&ts_data);
+ kdc_audit_setkv_number((kdc_request_t)r,
+ KDC_REQUEST_KV_PA_HISTORIC_KVNO,
+ hkvno);
break;
}
if (hret == KRB5KDC_ERR_ETYPE_NOSUPP) {
pa_key->key.keytype);
kdc_audit_setkv_number((kdc_request_t)r, KDC_REQUEST_KV_AUTH_EVENT,
KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY);
+ kdc_audit_setkv_number((kdc_request_t)r,
+ KDC_REQUEST_KV_PA_SUCCEEDED_KVNO,
+ kvno);
ret = 0;