[SCM] Samba Shared Repository - branch master updated
Christof Schmitt
cs at samba.org
Thu Dec 20 00:32:03 UTC 2018
The branch, master has been updated
via 357fe04bd47 s4: Add kerberos tracing
via 0b0a22ddad0 winbindd: Add kerberos tracing
via 5eefb0885c9 utils: Add kerberos tracing
via bf675938924 passdb: Add kerberos tracing
via 9f33864770e librpc: Add kerberos tracing
via 8887a680310 libnet: Add kerberos tracing
via 3df7789e4b3 libads: Add kerberos tracing
via 2cc561fbbf1 client: Add kerberos tracing
via 5056b962241 lib: Add kerberos tracing
via a800baece74 Add MIT kerberos tracing capability
from 49dc04f9f55 samba-tool: don't print backtrace on simple DNS errors
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 357fe04bd477858bb21cfb5e8a5e0efc556864d6
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Dec 5 11:55:09 2018 +0100
s4: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Thu Dec 20 01:31:17 CET 2018 on sn-devel-144
commit 0b0a22ddad0e5f1542aee6ed65efaedb08471cc5
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Dec 5 11:46:46 2018 +0100
winbindd: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
commit 5eefb0885c935854fd3ddc1fcbab2c456745ee0f
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Dec 5 11:44:24 2018 +0100
utils: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
commit bf67593892402fc469ecb7930795dafe273e60e7
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Dec 5 11:41:47 2018 +0100
passdb: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
commit 9f33864770ee973ab35da07494c1100f628070be
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Dec 5 11:38:44 2018 +0100
librpc: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
commit 8887a68031070e0d6b93f7283b7ab409977206de
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Dec 5 11:35:42 2018 +0100
libnet: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
commit 3df7789e4b34f08b21d7d5d294831c795f0145d4
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Dec 5 11:16:42 2018 +0100
libads: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
commit 2cc561fbbf157ce9bddb702d46f5dba1bf46311b
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Dec 5 11:06:20 2018 +0100
client: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
commit 5056b9622416311535578a481af800afe8c8c729
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Dec 5 11:03:33 2018 +0100
lib: Add kerberos tracing
Add krb5 tracing to samba krb5 wrapper.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
commit a800baece74fc9d3766af8432adf8efad05ed9d6
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Dec 5 10:29:44 2018 +0100
Add MIT kerberos tracing capability
HEIMDAL kerberos offers already tracing via a logging facility
through smb_krb5_init_context().
MIT kerberos offers to register a callback via krb5_set_trace_callback
with which tracing information can be routed to a common logging facility.
This is now integrated into smb_krb5_init_context_basic() offering
the same functionality for both kerberos fragrances.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/krb5_wrap/krb5_samba.c | 57 ++++++++++++++++++++++++++-----
lib/krb5_wrap/krb5_samba.h | 2 ++
source3/client/smbspool.c | 5 ++-
source3/libads/kerberos.c | 17 +++++----
source3/libads/kerberos_keytab.c | 28 +++++++--------
source3/libads/krb5_setpw.c | 12 +++----
source3/libads/sasl.c | 4 ++-
source3/libnet/libnet_keytab.c | 7 ++--
source3/librpc/crypto/gse.c | 8 ++---
source3/passdb/machine_account_secrets.c | 5 +--
source3/utils/net_lookup.c | 7 ++--
source3/winbindd/winbindd_pam.c | 6 ++--
source4/auth/kerberos/krb5_init_context.c | 6 +---
source4/kdc/ktutil.c | 6 ++--
source4/kdc/sdb_to_kdb.c | 4 ++-
15 files changed, 108 insertions(+), 66 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index b2425109d3a..840fbb10695 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -932,9 +932,10 @@ krb5_error_code smb_krb5_renew_ticket(const char *ccache_string,
ZERO_STRUCT(creds);
ZERO_STRUCT(creds_in);
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
goto done;
}
@@ -2880,8 +2881,10 @@ char *smb_krb5_get_realm_from_hostname(TALLOC_CTX *mem_ctx,
krb5_error_code kerr;
krb5_context ctx = NULL;
- initialize_krb5_error_table();
- if (krb5_init_context(&ctx)) {
+ kerr = smb_krb5_init_context_common(&ctx);
+ if (kerr) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(kerr));
return NULL;
}
@@ -3502,11 +3505,10 @@ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx,
ENCTYPE_NULL};
bool ok;
- initialize_krb5_error_table();
- retval = krb5_init_context(&context);
+ retval = smb_krb5_init_context_common(&context);
if (retval != 0) {
- DBG_WARNING("krb5_init_context failed (%s)\n",
- error_message(retval));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(retval));
goto failed;
}
@@ -3571,6 +3573,45 @@ failed:
return retval;
}
+#ifndef SAMBA4_USES_HEIMDAL /* MITKRB5 tracing callback */
+static void smb_krb5_trace_cb(krb5_context ctx,
+ const krb5_trace_info *info,
+ void *data)
+{
+ if (info != NULL) {
+ DBGC_DEBUG(DBGC_KERBEROS, "%s", info->message);
+ }
+}
+#endif
+
+krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context)
+{
+ krb5_error_code ret;
+ krb5_context krb5_ctx;
+
+ initialize_krb5_error_table();
+
+ ret = krb5_init_context(&krb5_ctx);
+ if (ret) {
+ DBG_ERR("Krb5 context initialization failed (%s)\n",
+ error_message(ret));
+ return ret;
+ }
+
+ /* The MIT Kerberos build relies on using the system krb5.conf file.
+ * If you really want to use another file please set KRB5_CONFIG
+ * accordingly. */
+#ifndef SAMBA4_USES_HEIMDAL
+ ret = krb5_set_trace_callback(krb5_ctx, smb_krb5_trace_cb, NULL);
+ if (ret) {
+ DBG_ERR("Failed to set MIT kerberos trace callback! (%s)\n",
+ error_message(ret));
+ }
+#endif
+ *_krb5_context = krb5_ctx;
+ return 0;
+}
+
#else /* HAVE_KRB5 */
/* This saves a few linking headaches */
int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx,
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index ebbcba96c08..b6ee04f60fe 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -143,6 +143,8 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
krb5_const_principal principal,
char **unix_name);
+krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context);
+
krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index 58ce6c56177..4f312a6d294 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -28,6 +28,7 @@
#include "system/kerberos.h"
#include "libsmb/libsmb.h"
#include "lib/param/param.h"
+#include "lib/krb5_wrap/krb5_samba.h"
/*
* Starting with CUPS 1.3, Kerberos support is provided by cupsd including
@@ -516,8 +517,10 @@ static bool kerberos_ccache_is_valid(void) {
krb5_ccache ccache = NULL;
krb5_error_code code;
- code = krb5_init_context(&ctx);
+ code = smb_krb5_init_context_common(&ctx);
if (code != 0) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(code));
return false;
}
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 43b6a1debb4..c8aa9191c7e 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -128,9 +128,12 @@ int kerberos_kinit_password_ext(const char *principal,
ZERO_STRUCT(my_creds);
- initialize_krb5_error_table();
- if ((code = krb5_init_context(&ctx)))
- goto out;
+ code = smb_krb5_init_context_common(&ctx);
+ if (code != 0) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(code));
+ return code;
+ }
if (time_offset != 0) {
krb5_set_real_time(ctx, time(NULL) + time_offset, 0);
@@ -244,10 +247,10 @@ int ads_kdestroy(const char *cc_name)
krb5_context ctx = NULL;
krb5_ccache cc = NULL;
- initialize_krb5_error_table();
- if ((code = krb5_init_context (&ctx))) {
- DEBUG(3, ("ads_kdestroy: kdb5_init_context failed: %s\n",
- error_message(code)));
+ code = smb_krb5_init_context_common(&ctx);
+ if (code != 0) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(code));
return code;
}
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 792dc999e6c..97d5535041c 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -259,11 +259,10 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc, bool update_ads)
TALLOC_CTX *tmpctx = NULL;
int i;
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1, (__location__ ": could not krb5_init_context: %s\n",
- error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return -1;
}
@@ -436,11 +435,10 @@ int ads_keytab_flush(ADS_STRUCT *ads)
krb5_kvno kvno;
ADS_STATUS aderr;
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1, (__location__ ": could not krb5_init_context: %s\n",
- error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ret;
}
@@ -570,11 +568,10 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
memset(princ_s, '\0', sizeof(princ_s));
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1, (__location__ ": could not krb5_init_context: %s\n",
- error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
goto done;
}
@@ -774,11 +771,10 @@ int ads_keytab_list(const char *keytab_name)
ZERO_STRUCT(kt_entry);
ZERO_STRUCT(cursor);
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1, (__location__ ": could not krb5_init_context: %s\n",
- error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ret;
}
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index a4a781963a3..c3c9477c4cf 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -69,10 +69,10 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *principal,
krb5_data result_code_string = { 0 };
krb5_data result_string = { 0 };
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ADS_ERROR_KRB5(ret);
}
@@ -177,10 +177,10 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
krb5_data result_string = { 0 };
smb_krb5_addresses *addr = NULL;
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ADS_ERROR_KRB5(ret);
}
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 7f7b790810c..010a2538206 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -366,8 +366,10 @@ static ADS_STATUS ads_init_gssapi_cred(ADS_STRUCT *ads, gss_cred_id_t *cred)
return ADS_SUCCESS;
}
- kerr = krb5_init_context(&kctx);
+ kerr = smb_krb5_init_context_common(&kctx);
if (kerr) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(kerr));
return ADS_ERROR_KRB5(kerr);
}
diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c
index c76e7b298cf..cdf22c2ceb9 100644
--- a/source3/libnet/libnet_keytab.c
+++ b/source3/libnet/libnet_keytab.c
@@ -74,11 +74,10 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx,
talloc_set_destructor(r, keytab_close);
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1,("keytab_init: could not krb5_init_context: %s\n",
- error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ret;
}
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 2c00ea9bbcb..9a9f4261222 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -206,12 +206,10 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
gse_ctx->gss_want_flags |= add_gss_c_flags;
/* Initialize Kerberos Context */
- initialize_krb5_error_table();
-
- k5ret = krb5_init_context(&gse_ctx->k5ctx);
+ k5ret = smb_krb5_init_context_common(&gse_ctx->k5ctx);
if (k5ret) {
- DEBUG(0, ("Failed to initialize kerberos context! (%s)\n",
- error_message(k5ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(k5ret));
status = NT_STATUS_INTERNAL_ERROR;
goto err_out;
}
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index b816b3aa7f8..dfc21f295a1 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -1083,9 +1083,10 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
goto no_kerberos;
}
- initialize_krb5_error_table();
- krb5_ret = krb5_init_context(&krb5_ctx);
+ krb5_ret = smb_krb5_init_context_common(&krb5_ctx);
if (krb5_ret != 0) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(krb5_ret));
TALLOC_FREE(keys);
return krb5_ret;
}
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
index df047f617e7..fb9c31c4198 100644
--- a/source3/utils/net_lookup.c
+++ b/source3/utils/net_lookup.c
@@ -286,11 +286,10 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv)
int i;
NTSTATUS status;
- initialize_krb5_error_table();
- rc = krb5_init_context(&ctx);
+ rc = smb_krb5_init_context_common(&ctx);
if (rc) {
- DEBUG(1,("krb5_init_context failed (%s)\n",
- error_message(rc)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(rc));
return -1;
}
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 83136e4be79..a82046a0040 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2889,10 +2889,10 @@ static NTSTATUS extract_pac_vrfy_sigs(TALLOC_CTX *mem_ctx, DATA_BLOB pac_blob,
ZERO_STRUCT(entry);
ZERO_STRUCT(cursor);
- k5ret = krb5_init_context(&krbctx);
+ k5ret = smb_krb5_init_context_common(&krbctx);
if (k5ret) {
- DEBUG(1, ("Failed to initialize kerberos context: %s\n",
- error_message(k5ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(k5ret));
status = krb5_to_nt_status(k5ret);
goto out;
}
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 7e75d436922..fff261daa8e 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -478,12 +478,8 @@ smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx,
#endif
krb5_context krb5_ctx;
- initialize_krb5_error_table();
-
- ret = krb5_init_context(&krb5_ctx);
+ ret = smb_krb5_init_context_common(&krb5_ctx);
if (ret) {
- DEBUG(1,("krb5_init_context failed (%s)\n",
- error_message(ret)));
return ret;
}
diff --git a/source4/kdc/ktutil.c b/source4/kdc/ktutil.c
index bc263c5b29b..59aa1cf377f 100644
--- a/source4/kdc/ktutil.c
+++ b/source4/kdc/ktutil.c
@@ -59,10 +59,10 @@ int main (int argc, char **argv)
keytab_name = argv[1];
- initialize_krb5_error_table();
-
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
smb_krb5_err(mem_ctx, context, 1, ret, "krb5_context");
}
diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c
index 74d882738f8..1411b0f5f66 100644
--- a/source4/kdc/sdb_to_kdb.c
+++ b/source4/kdc/sdb_to_kdb.c
@@ -327,8 +327,10 @@ static int samba_kdc_kdb_entry_destructor(struct samba_kdc_entry *p)
entry_ex->e_data = NULL;
}
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ret;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list