3 --- kdc/do_tgs_req.c.orig 2005-07-12 22:59:51.000000000 +0200
5 @@ -490,27 +490,38 @@ tgt_again:
8 if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) {
12 errcode = krb5_check_transited_list (kdc_context,
13 &enc_tkt_reply.transited.tr_contents,
14 krb5_princ_realm (kdc_context, header_ticket->enc_part2->client),
15 krb5_princ_realm (kdc_context, request->server));
16 + tlen = enc_tkt_reply.transited.tr_contents.length;
17 + tdots = tlen > 125 ? "..." : "";
18 + tlen = tlen > 125 ? 125 : tlen;
21 setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED);
22 } else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT)
23 krb5_klog_syslog (LOG_INFO,
24 - "bad realm transit path from '%s' to '%s' via '%.*s'",
25 + "bad realm transit path from '%s' to '%s' "
27 cname ? cname : "<unknown client>",
28 sname ? sname : "<unknown server>",
29 - enc_tkt_reply.transited.tr_contents.length,
30 - enc_tkt_reply.transited.tr_contents.data);
33 + enc_tkt_reply.transited.tr_contents.data,
36 krb5_klog_syslog (LOG_ERR,
37 - "unexpected error checking transit from '%s' to '%s' via '%.*s': %s",
38 + "unexpected error checking transit from "
39 + "'%s' to '%s' via '%.*s%s': %s",
40 cname ? cname : "<unknown client>",
41 sname ? sname : "<unknown server>",
42 - enc_tkt_reply.transited.tr_contents.length,
44 enc_tkt_reply.transited.tr_contents.data,
45 - error_message (errcode));
46 + tdots, error_message (errcode));
49 krb5_klog_syslog (LOG_INFO, "not checking transit path");
50 if (reject_bad_transit
51 @@ -538,6 +549,9 @@ tgt_again:
52 if (!krb5_principal_compare(kdc_context, request->server, client2)) {
53 if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp)))
58 krb5_klog_syslog(LOG_INFO,
59 "TGS_REQ %s: 2ND_TKT_MISMATCH: "
60 "authtime %d, %s for %s, 2nd tkt client %s",
61 @@ -800,6 +814,7 @@ find_alternate_tgs(krb5_kdc_req *request
62 krb5_klog_syslog(LOG_INFO,
63 "TGS_REQ: issuing alternate <un-unparseable> TGT");
65 + limit_string(sname);
66 krb5_klog_syslog(LOG_INFO,
67 "TGS_REQ: issuing TGT %s", sname);