diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-10-20 13:23:27 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-10-21 08:43:00 +0200 |
commit | 2a3bf9eb2fb2c8138162410d75f60c7b57bcf32a (patch) | |
tree | 4de9a3175b68ce55531ed6ff9211cfc1710db404 /source3/libsmb | |
parent | 8df8277b0aad2ede775b73bc372cb446b3b28a25 (diff) | |
download | samba-2a3bf9eb2fb2c8138162410d75f60c7b57bcf32a.tar.gz samba-2a3bf9eb2fb2c8138162410d75f60c7b57bcf32a.tar.bz2 samba-2a3bf9eb2fb2c8138162410d75f60c7b57bcf32a.zip |
s3:libsmb/smb_seal: avoid ads_errstr() dependency and use gssapi_error_string()
metze
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/smb_seal.c | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index 8230a2eb85..d930523f86 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -22,6 +22,7 @@ #include "smb_crypt.h" #include "libsmb/libsmb.h" #include "ntlmssp_wrap.h" +#include "libcli/auth/krb5_wrap.h" /****************************************************************************** @@ -209,14 +210,23 @@ static NTSTATUS common_gss_decrypt_buffer(struct smb_tran_enc_state_gss *gss_sta (gss_qop_t *) NULL); if (ret != GSS_S_COMPLETE) { - ADS_STATUS adss = ADS_ERROR_GSS(ret, minor); - DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap failed. Error %s\n", - ads_errstr(adss) )); - return map_nt_error_from_gss(ret, minor); + NTSTATUS status = NT_STATUS_ACCESS_DENIED; + char *gss_err; + + gss_err = gssapi_error_string(talloc_tos(), + ret, minor, + GSS_C_NULL_OID); + DEBUG(0,("common_gss_decrypt_buffer: gss_unwrap failed. " + "Error [%d/%d] - %s - %s\n", + ret, minor, nt_errstr(status), + gss_err ? gss_err : "<unknown>")); + talloc_free(gss_err); + + return status; } if (out_buf.length > in_buf.length) { - DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap size (%u) too large (%u) !\n", + DEBUG(0,("common_gss_decrypt_buffer: gss_unwrap size (%u) too large (%u) !\n", (unsigned int)out_buf.length, (unsigned int)in_buf.length )); gss_release_buffer(&minor, &out_buf); @@ -266,10 +276,19 @@ static NTSTATUS common_gss_encrypt_buffer(struct smb_tran_enc_state_gss *gss_sta &out_buf); if (ret != GSS_S_COMPLETE) { - ADS_STATUS adss = ADS_ERROR_GSS(ret, minor); - DEBUG(0,("common_gss_encrypt_buffer: gss_wrap failed. Error %s\n", - ads_errstr(adss) )); - return map_nt_error_from_gss(ret, minor); + NTSTATUS status = NT_STATUS_ACCESS_DENIED; + char *gss_err; + + gss_err = gssapi_error_string(talloc_tos(), + ret, minor, + GSS_C_NULL_OID); + DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap failed. " + "Error [%d/%d] - %s - %s\n", + ret, minor, nt_errstr(status), + gss_err ? gss_err : "<unknown>")); + talloc_free(gss_err); + + return status; } if (!flags_got) { |