mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
r11568: Debuging aids: Let the administrator know when a key/entry expired,
rather than just the fact of the expiry. Andrew Bartlett
This commit is contained in:
parent
22c8c97e6f
commit
31c4ab26d7
@ -661,21 +661,32 @@ _kdc_check_flags(krb5_context context,
|
||||
}
|
||||
|
||||
if (client->valid_start && *client->valid_start > kdc_time) {
|
||||
char starttime_str[100];
|
||||
krb5_format_time(context, *client->valid_start,
|
||||
starttime_str, sizeof(starttime_str), TRUE);
|
||||
kdc_log(context, config, 0,
|
||||
"Client not yet valid -- %s", client_name);
|
||||
"Client not yet valid until %s -- %s",
|
||||
starttime_str,
|
||||
client_name);
|
||||
return KRB5KDC_ERR_CLIENT_NOTYET;
|
||||
}
|
||||
|
||||
if (client->valid_end && *client->valid_end < kdc_time) {
|
||||
char endtime_str[100];
|
||||
krb5_format_time(context, *client->valid_end,
|
||||
endtime_str, sizeof(endtime_str), TRUE);
|
||||
kdc_log(context, config, 0,
|
||||
"Client expired -- %s", client_name);
|
||||
"Client expired at %s -- %s", endtime_str, client_name);
|
||||
return KRB5KDC_ERR_NAME_EXP;
|
||||
}
|
||||
|
||||
if (client->pw_end && *client->pw_end < kdc_time
|
||||
&& !server->flags.change_pw) {
|
||||
char pwend_str[100];
|
||||
krb5_format_time(context, *client->pw_end,
|
||||
pwend_str, sizeof(pwend_str), TRUE);
|
||||
kdc_log(context, config, 0,
|
||||
"Client's key has expired -- %s", client_name);
|
||||
"Client's key has expired at %s -- %s", pwend_str, client_name);
|
||||
return KRB5KDC_ERR_KEY_EXPIRED;
|
||||
}
|
||||
}
|
||||
@ -702,20 +713,31 @@ _kdc_check_flags(krb5_context context,
|
||||
}
|
||||
|
||||
if (server->valid_start && *server->valid_start > kdc_time) {
|
||||
char starttime_str[100];
|
||||
krb5_format_time(context, *server->valid_start,
|
||||
starttime_str, sizeof(starttime_str), TRUE);
|
||||
kdc_log(context, config, 0,
|
||||
"Server not yet valid -- %s", server_name);
|
||||
"Server not yet valid until %s -- %s", server_name);
|
||||
return KRB5KDC_ERR_SERVICE_NOTYET;
|
||||
}
|
||||
|
||||
if (server->valid_end && *server->valid_end < kdc_time) {
|
||||
char endtime_str[100];
|
||||
krb5_format_time(context, *server->valid_end,
|
||||
endtime_str, sizeof(endtime_str), TRUE);
|
||||
kdc_log(context, config, 0,
|
||||
"Server expired -- %s", server_name);
|
||||
"Server expired at %s -- %s",
|
||||
endtime_str, server_name);
|
||||
return KRB5KDC_ERR_SERVICE_EXP;
|
||||
}
|
||||
|
||||
if (server->pw_end && *server->pw_end < kdc_time) {
|
||||
char pwend_str[100];
|
||||
krb5_format_time(context, *server->pw_end,
|
||||
pwend_str, sizeof(pwend_str), TRUE);
|
||||
kdc_log(context, config, 0,
|
||||
"Server's key has expired -- %s", server_name);
|
||||
"Server's key has expired at -- %s",
|
||||
pwend_str, server_name);
|
||||
return KRB5KDC_ERR_KEY_EXPIRED;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user