summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2001-10-20 06:50:24 +0000
committerAndrew Tridgell <tridge@samba.org>2001-10-20 06:50:24 +0000
commit93645be91f7fd12dfee75b6f09dda6799f0ac902 (patch)
treed002cc9fe37ce3d5dd2ef207bec2bdab23c97854
parent9884de2d3b00c560daa68930fb31cec23a0c6d44 (diff)
downloadsamba-93645be91f7fd12dfee75b6f09dda6799f0ac902.tar.gz
samba-93645be91f7fd12dfee75b6f09dda6799f0ac902.tar.bz2
samba-93645be91f7fd12dfee75b6f09dda6799f0ac902.zip
better krb5 error handling (thanks andrewb!)
(This used to be commit fd3a3daef3b8f7140e7006d30d23d739ac3aad2f)
-rw-r--r--source3/libsmb/clikrb5.c23
-rw-r--r--source3/smbd/negprot.c2
-rw-r--r--source3/smbd/sesssetup.c7
3 files changed, 23 insertions, 9 deletions
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 51b6e6e8cf..5fef97c571 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -48,15 +48,22 @@ static krb5_error_code krb5_mk_req2(krb5_context context,
/* obtain ticket & session key */
memset((char *)&creds, 0, sizeof(creds));
- if ((retval = krb5_copy_principal(context, server, &creds.server)))
+ if ((retval = krb5_copy_principal(context, server, &creds.server))) {
+ DEBUG(1,("krb5_copy_principal failed (%s)\n",
+ error_message(retval)));
goto cleanup_princ;
+ }
- if ((retval = krb5_cc_get_principal(context, ccache, &creds.client)))
+ if ((retval = krb5_cc_get_principal(context, ccache, &creds.client))) {
+ DEBUG(1,("krb5_cc_get_principal failed (%s)\n",
+ error_message(retval)));
goto cleanup_creds;
+ }
if ((retval = krb5_get_credentials(context, 0,
ccache, &creds, &credsp))) {
- DEBUG(1,("krb5_get_credentials failed (%d)\n", retval));
+ DEBUG(1,("krb5_get_credentials failed (%s)\n",
+ error_message(retval)));
goto cleanup_creds;
}
@@ -64,7 +71,8 @@ static krb5_error_code krb5_mk_req2(krb5_context context,
retval = krb5_mk_req_extended(context, auth_context, ap_req_options,
&in_data, credsp, outbuf);
if (retval) {
- DEBUG(1,("krb5_mk_req_extended failed (%d)\n", retval));
+ DEBUG(1,("krb5_mk_req_extended failed (%s)\n",
+ error_message(retval)));
}
krb5_free_creds(context, credsp);
@@ -92,12 +100,14 @@ DATA_BLOB krb5_get_ticket(char *service, char *realm)
retval = krb5_init_context(&context);
if (retval) {
- DEBUG(1,("krb5_init_context failed\n"));
+ DEBUG(1,("krb5_init_context failed (%s)\n",
+ error_message(retval)));
goto failed;
}
if ((retval = krb5_cc_default(context, &ccdef))) {
- DEBUG(1,("krb5_cc_default failed\n"));
+ DEBUG(1,("krb5_cc_default failed (%s)\n",
+ error_message(retval)));
goto failed;
}
@@ -106,7 +116,6 @@ DATA_BLOB krb5_get_ticket(char *service, char *realm)
0,
service, realm,
ccdef, &packet))) {
- DEBUG(1,("krb5_mk_req2 failed\n"));
goto failed;
}
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 678156b528..2eea6fa281 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -163,7 +163,7 @@ static int negprot_spnego(char *p, uint8 cryptkey[8])
DATA_BLOB blob;
extern pstring global_myname;
uint8 guid[16];
- const char *OIDs[] = {OID_NTLMSSP,
+ const char *OIDs[] = {OID_NTLMSSP,
OID_KERBEROS5_OLD,
NULL};
char *principle;
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 0202a247cd..c8bf2a4f94 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -62,12 +62,14 @@ static int reply_spnego_kerberos(connection_struct *conn,
ret = krb5_init_context(&context);
if (ret) {
+ DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret)));
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
ret = krb5_build_principal(context, &server, strlen(realm),
realm, service, NULL);
if (ret) {
+ DEBUG(1,("krb5_build_principal failed (%s)\n", error_message(ret)));
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -76,12 +78,15 @@ static int reply_spnego_kerberos(connection_struct *conn,
if ((ret = krb5_rd_req(context, &auth_context, &packet,
server, keytab, NULL, &tkt))) {
- DEBUG(3,("krb5_rd_req failed with code %08x\n", ret));
+ DEBUG(3,("krb5_rd_req failed (%s)\n",
+ error_message(ret)));
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
if ((ret = krb5_unparse_name(context, tkt->enc_part2->client,
&client))) {
+ DEBUG(3,("krb5_unparse_name failed (%s)\n",
+ error_message(ret)));
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}