return s_keylen;
}
+
static int auth_handler(gss_name_t gss_name, TR_NAME *client,
void *expected_client)
{
TR_NAME *expected_client_trname = (TR_NAME*) expected_client;
- return tr_name_cmp(client, expected_client_trname);
+ int result=tr_name_cmp(client, expected_client_trname);
+ if (result != 0) {
+ tr_notice("Auth denied for incorrect gss-name ('%.*s' requested, expected '%.*s').",
+ client->len, client->buf,
+ expected_client_trname->len, expected_client_trname->buf);
+ }
+ return result;
}
/* command-line option setup */
return conn;
}
+/* returns EACCES if authorization is denied */
static int tids_auth_cb(gss_name_t clientName, gss_buffer_t displayName,
void *data)
{
struct tids_instance *inst = (struct tids_instance *) data;
TR_NAME name ={(char *) displayName->value,
displayName->length};
- return inst->auth_handler(clientName, &name, inst->cookie);
+ int result=0;
+
+ if (0!=inst->auth_handler(clientName, &name, inst->cookie)) {
+ tr_debug("tids_auth_cb: client '%.*s' denied authorization.", name.len, name.buf);
+ result=EACCES; /* denied */
+ }
+
+ return result;
}
+/* returns 0 on authorization success, 1 on failure, or -1 in case of error */
static int tids_auth_connection (struct tids_instance *inst,
int conn, gss_ctx_id_t *gssctx)
{