[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Thu Feb 25 20:01:13 MST 2010
The branch, master has been updated
via 721bcfa... dns: auto-delete incorrect SRV entries for our hostname
via ab4f170... s4-dns: add automatic dynamic DNS updating script
via c796b6c... s4-provision: fixed port number for gc ldap DNS SRV entry
via c8fd792... s4-param: added 'nsupdate command' option, default to /usr/bin/nsupdate -g
via cb8d1e0... samdb: added get_ntds_GUID() method
via 390f7b5... py-samdb: added server_site_name method
via 1e66ec8... pyglue: added py_samdb_server_site_name()
via 8f763e0... py-samdb: added get_invocation_id() method
via abf5503... pyglue: added py_samdb_ntds_invocation_id()
via af70728... pyglue: don't return 127.0.0.0/8 IPs in interface_ips()
via 781ad03... s4-krb5: propogate errors from a lot more kerberos functions
via ad7223b... dns: install samba_dnsupdate
via cf14fa5... dns: dummy samba_dnsupdate script
from 6491150... s4-dsdb: fixed the fetch of the server site name
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 721bcfa01c28996891893e56a303c42d495c9fcd
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Feb 26 13:58:32 2010 +1100
dns: auto-delete incorrect SRV entries for our hostname
commit ab4f170216c5bdd8b6f46df562d0a21ba8321a4b
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Feb 26 13:30:44 2010 +1100
s4-dns: add automatic dynamic DNS updating script
This script checks a list of DNS names that we should have, and does
dynamic DNS updates using our machine account credentials to add any
missing DNS entries.
This allows us to correctly add all the DNS entries we need when we
join an existing domain as a DC
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit c796b6c52e376447e7f3b1573e157f50fa35c3a9
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Feb 26 13:27:26 2010 +1100
s4-provision: fixed port number for gc ldap DNS SRV entry
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit c8fd7924a14f36c668245285bf144de7781b4007
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Feb 26 13:25:42 2010 +1100
s4-param: added 'nsupdate command' option, default to /usr/bin/nsupdate -g
commit cb8d1e01f0b64f4a01ea101b8a0229f2085b744d
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Feb 26 10:15:43 2010 +1100
samdb: added get_ntds_GUID() method
commit 390f7b535d9625beb9f203fdc2eb2890b69ed404
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 25 18:35:14 2010 +1100
py-samdb: added server_site_name method
commit 1e66ec832e1e4b1c6c71c96259328a64552de57c
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 25 18:35:01 2010 +1100
pyglue: added py_samdb_server_site_name()
commit 8f763e046cf80863fa089724118a4efb4c7e450e
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 25 18:15:47 2010 +1100
py-samdb: added get_invocation_id() method
commit abf55033dfbd84a49c494bd13daee7793921559d
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 25 18:15:19 2010 +1100
pyglue: added py_samdb_ntds_invocation_id()
commit af70728b51d88717c571ebf3d5886006e34db57f
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 25 16:29:47 2010 +1100
pyglue: don't return 127.0.0.0/8 IPs in interface_ips()
We don't generally want loopback addresses in the python code
commit 781ad038c96195031053291414a12225eb818fd9
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 25 16:16:33 2010 +1100
s4-krb5: propogate errors from a lot more kerberos functions
We need to be able to give sensible error messages when a kerberos
calls fails. This propogates the kerberos error up the stack to the
caller.
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit ad7223b9bd31f71b8af2ae83361d7e054a433cc5
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 25 15:13:45 2010 +1100
dns: install samba_dnsupdate
commit cf14fa5a5c59700e6bc1a9d000588b86f677f8f9
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Feb 25 15:12:53 2010 +1100
dns: dummy samba_dnsupdate script
The merge from metze of my dns tree means we now depend on this. This
is a placeholder until Andrew and I have finished the full script.
-----------------------------------------------------------------------
Summary of changes:
source4/auth/credentials/credentials.c | 4 +-
source4/auth/credentials/credentials.h | 11 +-
source4/auth/credentials/credentials_krb5.c | 115 +++++++-----
source4/auth/credentials/credentials_krb5.h | 6 +-
source4/auth/credentials/pycredentials.c | 11 +-
source4/auth/gensec/gensec_gssapi.c | 12 +-
source4/auth/gensec/gensec_krb5.c | 12 +-
source4/auth/kerberos/kerberos.c | 4 +-
source4/auth/kerberos/kerberos.h | 10 +-
source4/auth/kerberos/kerberos_util.c | 62 ++++---
source4/libcli/util/pyerrors.h | 5 +
source4/ntvfs/ipc/vfs_ipc.c | 3 +-
source4/param/loadparm.c | 4 +
source4/script/installmisc.sh | 2 +-
source4/scripting/bin/samba_dnsupdate | 267 +++++++++++++++++++++++++++
source4/scripting/python/pyglue.c | 123 ++++++++++++-
source4/scripting/python/samba/__init__.py | 12 ++
source4/setup/provision.zone | 2 +-
source4/smbd/service_named_pipe.c | 4 +-
19 files changed, 561 insertions(+), 108 deletions(-)
create mode 100755 source4/scripting/bin/samba_dnsupdate
Changeset truncated at 500 lines:
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 959068c..2515c4c 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -661,6 +661,7 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
struct loadparm_context *lp_ctx)
{
char *p;
+ const char *error_string;
if (lp_ctx != NULL) {
cli_credentials_set_conf(cred, lp_ctx);
@@ -692,7 +693,8 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
}
if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
- cli_credentials_set_ccache(cred, event_context_find(cred), lp_ctx, NULL, CRED_GUESS_FILE);
+ cli_credentials_set_ccache(cred, event_context_find(cred), lp_ctx, NULL, CRED_GUESS_FILE,
+ &error_string);
}
}
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index 21a9c61..6c077c9 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -161,12 +161,13 @@ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
int cli_credentials_get_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
- struct ccache_container **ccc);
+ struct ccache_container **ccc,
+ const char **error_string);
int cli_credentials_get_named_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
char *ccache_name,
- struct ccache_container **ccc);
+ struct ccache_container **ccc, const char **error_string);
int cli_credentials_get_keytab(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
@@ -185,7 +186,8 @@ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
- struct gssapi_creds_container **_gcc);
+ struct gssapi_creds_container **_gcc,
+ const char **error_string);
void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
enum credentials_use_kerberos use_kerberos);
bool cli_credentials_set_domain(struct cli_credentials *cred,
@@ -258,7 +260,8 @@ int cli_credentials_set_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *name,
- enum credentials_obtained obtained);
+ enum credentials_obtained obtained,
+ const char **error_string);
bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained);
bool cli_credentials_parse_password_fd(struct cli_credentials *credentials,
int fd, enum credentials_obtained obtained);
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index b722901..e04b7f5 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -65,8 +65,9 @@ _PUBLIC_ NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
}
static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
- struct ccache_container *ccache,
- enum credentials_obtained obtained)
+ struct ccache_container *ccache,
+ enum credentials_obtained obtained,
+ const char **error_string)
{
krb5_principal princ;
@@ -81,20 +82,17 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
ccache->ccache, &princ);
if (ret) {
- char *err_mess = smb_get_krb5_error_message(ccache->smb_krb5_context->krb5_context,
- ret, cred);
- DEBUG(1,("failed to get principal from ccache: %s\n",
- err_mess));
- talloc_free(err_mess);
+ (*error_string) = talloc_asprintf(cred, "failed to get principal from ccache: %s\n",
+ smb_get_krb5_error_message(ccache->smb_krb5_context->krb5_context,
+ ret, cred));
return ret;
}
ret = krb5_unparse_name(ccache->smb_krb5_context->krb5_context, princ, &name);
if (ret) {
- char *err_mess = smb_get_krb5_error_message(ccache->smb_krb5_context->krb5_context, ret, cred);
- DEBUG(1,("failed to unparse principal from ccache: %s\n",
- err_mess));
- talloc_free(err_mess);
+ (*error_string) = talloc_asprintf(cred, "failed to unparse principal from ccache: %s\n",
+ smb_get_krb5_error_message(ccache->smb_krb5_context->krb5_context,
+ ret, cred));
return ret;
}
@@ -127,9 +125,10 @@ static int free_dccache(struct ccache_container *ccc) {
_PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
- struct loadparm_context *lp_ctx,
- const char *name,
- enum credentials_obtained obtained)
+ struct loadparm_context *lp_ctx,
+ const char *name,
+ enum credentials_obtained obtained,
+ const char **error_string)
{
krb5_error_code ret;
krb5_principal princ;
@@ -140,34 +139,39 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
ccc = talloc(cred, struct ccache_container);
if (!ccc) {
+ (*error_string) = error_message(ENOMEM);
return ENOMEM;
}
ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
+ (*error_string) = error_message(ret);
talloc_free(ccc);
return ret;
}
if (!talloc_reference(ccc, ccc->smb_krb5_context)) {
talloc_free(ccc);
+ (*error_string) = error_message(ENOMEM);
return ENOMEM;
}
if (name) {
ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context, name, &ccc->ccache);
if (ret) {
- DEBUG(1,("failed to read krb5 ccache: %s: %s\n",
- name,
- smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context, ret, ccc)));
+ (*error_string) = talloc_asprintf(cred, "failed to read krb5 ccache: %s: %s\n",
+ name,
+ smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context,
+ ret, ccc));
talloc_free(ccc);
return ret;
}
} else {
ret = krb5_cc_default(ccc->smb_krb5_context->krb5_context, &ccc->ccache);
if (ret) {
- DEBUG(3,("failed to read default krb5 ccache: %s\n",
- smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context, ret, ccc)));
+ (*error_string) = talloc_asprintf(cred, "failed to read default krb5 ccache: %s\n",
+ smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context,
+ ret, ccc));
talloc_free(ccc);
return ret;
}
@@ -178,17 +182,19 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
ret = krb5_cc_get_principal(ccc->smb_krb5_context->krb5_context, ccc->ccache, &princ);
if (ret) {
- DEBUG(3,("failed to get principal from default ccache: %s\n",
- smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context, ret, ccc)));
- talloc_free(ccc);
+ (*error_string) = talloc_asprintf(cred, "failed to get principal from default ccache: %s\n",
+ smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context,
+ ret, ccc));
+ talloc_free(ccc);
return ret;
}
krb5_free_principal(ccc->smb_krb5_context->krb5_context, princ);
- ret = cli_credentials_set_from_ccache(cred, ccc, obtained);
+ ret = cli_credentials_set_from_ccache(cred, ccc, obtained, error_string);
if (ret) {
+ (*error_string) = error_message(ret);
return ret;
}
@@ -205,7 +211,8 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
char *ccache_name,
- struct ccache_container **_ccc)
+ struct ccache_container **_ccc,
+ const char **error_string)
{
bool must_free_cc_name = false;
krb5_error_code ret;
@@ -218,10 +225,13 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
+ (*error_string) = talloc_asprintf(cred, "Failed to get krb5_context: %s",
+ error_message(ret));
return ret;
}
if (!talloc_reference(ccc, ccc->smb_krb5_context)) {
talloc_free(ccc);
+ (*error_string) = strerror(ENOMEM);
return ENOMEM;
}
@@ -232,6 +242,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
if (!ccache_name) {
talloc_free(ccc);
+ (*error_string) = strerror(ENOMEM);
return ENOMEM;
}
}
@@ -239,9 +250,10 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context, ccache_name,
&ccc->ccache);
if (ret) {
- DEBUG(1,("failed to generate a new krb5 ccache (%s): %s\n",
- ccache_name,
- smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context, ret, ccc)));
+ (*error_string) = talloc_asprintf(cred, "failed to resolve a krb5 ccache (%s): %s\n",
+ ccache_name,
+ smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context,
+ ret, ccc));
talloc_free(ccache_name);
talloc_free(ccc);
return ret;
@@ -259,14 +271,15 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
*_ccc = ccc;
- return ret;
+ return 0;
}
_PUBLIC_ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
char *ccache_name,
- struct ccache_container **ccc)
+ struct ccache_container **ccc,
+ const char **error_string)
{
krb5_error_code ret;
@@ -280,15 +293,16 @@ _PUBLIC_ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
return 0;
}
if (cli_credentials_is_anonymous(cred)) {
+ (*error_string) = "Cannot get anonymous kerberos credentials";
return EINVAL;
}
- ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, ccache_name, ccc);
+ ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, ccache_name, ccc, error_string);
if (ret) {
return ret;
}
- ret = kinit_to_ccache(cred, cred, (*ccc)->smb_krb5_context, (*ccc)->ccache);
+ ret = kinit_to_ccache(cred, cred, (*ccc)->smb_krb5_context, (*ccc)->ccache, error_string);
if (ret) {
return ret;
}
@@ -296,7 +310,7 @@ _PUBLIC_ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
ret = cli_credentials_set_from_ccache(cred, *ccc,
(MAX(MAX(cred->principal_obtained,
cred->username_obtained),
- cred->password_obtained)));
+ cred->password_obtained)), error_string);
cred->ccache = *ccc;
cred->ccache_obtained = cred->principal_obtained;
@@ -304,15 +318,16 @@ _PUBLIC_ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
return ret;
}
cli_credentials_invalidate_client_gss_creds(cred, cred->ccache_obtained);
- return ret;
+ return 0;
}
_PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
- struct ccache_container **ccc)
+ struct ccache_container **ccc,
+ const char **error_string)
{
- return cli_credentials_get_named_ccache(cred, event_ctx, lp_ctx, NULL, ccc);
+ return cli_credentials_get_named_ccache(cred, event_ctx, lp_ctx, NULL, ccc, error_string);
}
void cli_credentials_invalidate_client_gss_creds(struct cli_credentials *cred,
@@ -368,9 +383,10 @@ static int free_gssapi_creds(struct gssapi_creds_container *gcc)
}
_PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
- struct loadparm_context *lp_ctx,
- struct gssapi_creds_container **_gcc)
+ struct tevent_context *event_ctx,
+ struct loadparm_context *lp_ctx,
+ struct gssapi_creds_container **_gcc,
+ const char **error_string)
{
int ret = 0;
OM_uint32 maj_stat, min_stat;
@@ -386,7 +402,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
}
ret = cli_credentials_get_ccache(cred, event_ctx, lp_ctx,
- &ccache);
+ &ccache, error_string);
if (ret) {
DEBUG(1, ("Failed to get CCACHE for GSSAPI client: %s\n", error_message(ret)));
return ret;
@@ -394,6 +410,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
gcc = talloc(cred, struct gssapi_creds_container);
if (!gcc) {
+ (*error_string) = error_message(ENOMEM);
return ENOMEM;
}
@@ -406,6 +423,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
} else {
ret = EINVAL;
}
+ (*error_string) = error_message(ENOMEM);
return ret;
}
@@ -437,6 +455,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
} else {
ret = EINVAL;
}
+ (*error_string) = error_message(ENOMEM);
return ret;
}
}
@@ -452,6 +471,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
} else {
ret = EINVAL;
}
+ (*error_string) = error_message(ENOMEM);
return ret;
}
@@ -477,7 +497,8 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
- enum credentials_obtained obtained)
+ enum credentials_obtained obtained,
+ const char **error_string)
{
int ret;
OM_uint32 maj_stat, min_stat;
@@ -489,10 +510,11 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
gcc = talloc(cred, struct gssapi_creds_container);
if (!gcc) {
+ (*error_string) = error_message(ENOMEM);
return ENOMEM;
}
- ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, NULL, &ccc);
+ ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, NULL, &ccc, error_string);
if (ret != 0) {
return ret;
}
@@ -505,10 +527,13 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
} else {
ret = EINVAL;
}
+ if (ret) {
+ (*error_string) = error_message(ENOMEM);
+ }
}
if (ret == 0) {
- ret = cli_credentials_set_from_ccache(cred, ccc, obtained);
+ ret = cli_credentials_set_from_ccache(cred, ccc, obtained, error_string);
}
cred->ccache = ccc;
cred->ccache_obtained = obtained;
@@ -672,6 +697,7 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
struct smb_krb5_context *smb_krb5_context;
TALLOC_CTX *mem_ctx;
krb5_principal princ;
+ const char *error_string;
if (cred->server_gss_creds_obtained >= (MAX(cred->keytab_obtained,
MAX(cred->principal_obtained,
@@ -696,11 +722,10 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
return ENOMEM;
}
- ret = principal_from_credentials(mem_ctx, cred, smb_krb5_context, &princ);
+ ret = principal_from_credentials(mem_ctx, cred, smb_krb5_context, &princ, &error_string);
if (ret) {
DEBUG(1,("cli_credentials_get_server_gss_creds: makeing krb5 principal failed (%s)\n",
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- ret, mem_ctx)));
+ error_string));
talloc_free(mem_ctx);
return ret;
}
diff --git a/source4/auth/credentials/credentials_krb5.h b/source4/auth/credentials/credentials_krb5.h
index 5e56752..72a4373 100644
--- a/source4/auth/credentials/credentials_krb5.h
+++ b/source4/auth/credentials/credentials_krb5.h
@@ -36,12 +36,14 @@ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
- enum credentials_obtained obtained);
+ enum credentials_obtained obtained,
+ const char **error_string);
/* Manually prototyped here to avoid needing krb5 headers in most callers */
krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
struct cli_credentials *credentials,
struct smb_krb5_context *smb_krb5_context,
- krb5_principal *princ);
+ krb5_principal *princ,
+ const char **error_string);
#endif /* __CREDENTIALS_KRB5_H__ */
diff --git a/source4/auth/credentials/pycredentials.c b/source4/auth/credentials/pycredentials.c
index 002ecbc..8602be8 100644
--- a/source4/auth/credentials/pycredentials.c
+++ b/source4/auth/credentials/pycredentials.c
@@ -254,6 +254,7 @@ static PyObject *py_creds_get_named_ccache(py_talloc_Object *self, PyObject *arg
struct ccache_container *ccc;
struct tevent_context *event_ctx;
int ret;
+ const char *error_string;
if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
return NULL;
@@ -264,15 +265,17 @@ static PyObject *py_creds_get_named_ccache(py_talloc_Object *self, PyObject *arg
event_ctx = tevent_context_init(NULL);
- ret = cli_credentials_get_named_ccache(PyCredentials_AsCliCredentials(self), event_ctx, lp_ctx, ccache_name, &ccc);
+ ret = cli_credentials_get_named_ccache(PyCredentials_AsCliCredentials(self), event_ctx, lp_ctx,
+ ccache_name, &ccc, &error_string);
if (ret == 0) {
talloc_steal(ccc, event_ctx);
return PyCredentialCacheContainer_from_ccache_container(ccc);
- } else {
- talloc_free(event_ctx);
- return NULL;
}
+ PyErr_SetStringError(error_string);
+
+ talloc_free(event_ctx);
+ return NULL;
}
static PyMethodDef py_creds_methods[] = {
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 2759ab4..a50190f 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -320,6 +320,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
const char *hostname = gensec_get_target_hostname(gensec_security);
const char *principal;
struct gssapi_creds_container *gcc;
+ const char *error_string;
if (!hostname) {
DEBUG(1, ("Could not determine hostname for target computer, cannot use kerberos\n"));
@@ -368,17 +369,17 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
ret = cli_credentials_get_client_gss_creds(creds,
gensec_security->event_ctx,
- gensec_security->settings->lp_ctx, &gcc);
+ gensec_security->settings->lp_ctx, &gcc, &error_string);
switch (ret) {
case 0:
break;
case KRB5KDC_ERR_PREAUTH_FAILED:
return NT_STATUS_LOGON_FAILURE;
case KRB5_KDC_UNREACH:
- DEBUG(3, ("Cannot reach a KDC we require to contact %s\n", principal));
+ DEBUG(3, ("Cannot reach a KDC we require to contact %s : %s\n", principal, error_string));
return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
default:
- DEBUG(1, ("Aquiring initiator credentials failed\n"));
+ DEBUG(1, ("Aquiring initiator credentials failed: %s\n", error_string));
--
Samba Shared Repository
More information about the samba-cvs
mailing list