From 30d164d9f08af7edde9c417650b60d354e02c61c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 8 Nov 2005 01:17:41 +0000
Subject: r11568: Debuging aids: Let the administrator know when a key/entry
 expired, rather than just the fact of the expiry.

Andrew Bartlett
(This used to be commit 31c4ab26d7ab1e550c2ecc7c3ae6c44b87140aa3)
---
 source4/heimdal/kdc/kerberos5.c | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

(limited to 'source4/heimdal/kdc/kerberos5.c')

diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index a1a607329a..3577a14e5f 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -661,21 +661,32 @@ _kdc_check_flags(krb5_context context,
 	}
 	
 	if (client->valid_start && *client->valid_start > kdc_time) {
+	    char starttime_str[100];
+	    krb5_format_time(context, *client->valid_start, 
+			     starttime_str, sizeof(starttime_str), TRUE); 
 	    kdc_log(context, config, 0,
-		    "Client not yet valid -- %s", client_name);
+		    "Client not yet valid until %s -- %s", 
+		    starttime_str, 
+		    client_name);
 	    return KRB5KDC_ERR_CLIENT_NOTYET;
 	}
 	
 	if (client->valid_end && *client->valid_end < kdc_time) {
+	    char endtime_str[100];
+	    krb5_format_time(context, *client->valid_end, 
+			     endtime_str, sizeof(endtime_str), TRUE); 
 	    kdc_log(context, config, 0,
-		    "Client expired -- %s", client_name);
+		    "Client expired at %s -- %s", endtime_str, client_name);
 	    return KRB5KDC_ERR_NAME_EXP;
 	}
 	
 	if (client->pw_end && *client->pw_end < kdc_time
 	    && !server->flags.change_pw) {
+	    char pwend_str[100];
+	    krb5_format_time(context, *client->pw_end, 
+			     pwend_str, sizeof(pwend_str), TRUE); 
 	    kdc_log(context, config, 0,
-		    "Client's key has expired -- %s", client_name);
+		    "Client's key has expired at %s -- %s", pwend_str, client_name);
 	    return KRB5KDC_ERR_KEY_EXPIRED;
 	}
     }
@@ -702,20 +713,31 @@ _kdc_check_flags(krb5_context context,
 	}
 
 	if (server->valid_start && *server->valid_start > kdc_time) {
+	    char starttime_str[100];
+	    krb5_format_time(context, *server->valid_start, 
+			     starttime_str, sizeof(starttime_str), TRUE); 
 	    kdc_log(context, config, 0,
-		    "Server not yet valid -- %s", server_name);
+		    "Server not yet valid until %s -- %s", server_name);
 	    return KRB5KDC_ERR_SERVICE_NOTYET;
 	}
 
 	if (server->valid_end && *server->valid_end < kdc_time) {
+	    char endtime_str[100];
+	    krb5_format_time(context, *server->valid_end, 
+			     endtime_str, sizeof(endtime_str), TRUE); 
 	    kdc_log(context, config, 0,
-		    "Server expired -- %s", server_name);
+		    "Server expired at %s -- %s", 
+		    endtime_str, server_name);
 	    return KRB5KDC_ERR_SERVICE_EXP;
 	}
 
 	if (server->pw_end && *server->pw_end < kdc_time) {
+	    char pwend_str[100];
+	    krb5_format_time(context, *server->pw_end, 
+			     pwend_str, sizeof(pwend_str), TRUE); 
 	    kdc_log(context, config, 0,
-		    "Server's key has expired -- %s", server_name);
+		    "Server's key has expired at -- %s", 
+		    pwend_str, server_name);
 	    return KRB5KDC_ERR_KEY_EXPIRED;
 	}
     }
-- 
cgit