r1521: Updates to our SMB signing code.

- This causes our client and server code to use the same core code,
  with the same debugs etc.
- In turn, this will allow the 'mandetory/fallback' signing algorithms
  to be shared, and only written once.

Updates to the SPNEGO code
- Don't wrap an empty token to the server, if we are actually already finished.

Andrew Bartlett
(This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)

1 files changed, 3 insertions, 1 deletions

diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c
index 8268eb6051..c7c1a18d24 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/libcli/auth/gensec_krb5.c
@@ -304,6 +304,8 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALL
 		DATA_BLOB unwrapped_in;
 
 		if (!gensec_gssapi_parse_krb5_wrap(out_mem_ctx, &in, &unwrapped_in, tok_id)) {
+			DEBUG(1,("gensec_gssapi_parse_krb5_wrap(mutual authentication) failed to parse\n"));
+			dump_data_pw("Mutual authentication message:\n", in.data, in.length);
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 		/* TODO: check the tok_id */
@@ -316,7 +318,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALL
 		if (ret) {
 			DEBUG(1,("krb5_rd_rep (mutual authentication) failed (%s)\n",
 				 error_message(ret)));
-			dump_data_pw("Mutual authentication message:\n", in.data, in.length);
+			dump_data_pw("Mutual authentication message:\n", inbuf.data, inbuf.length);
 			nt_status = NT_STATUS_ACCESS_DENIED;
 		} else {
 			*out = data_blob(NULL, 0);