[PATCH] Improve password_hash.c error message with invalid krb5.conf

Jeremy Allison jra at samba.org
Tue Apr 10 19:45:17 UTC 2018 

On Tue, Apr 10, 2018 at 09:14:56AM +0300, Alexander Bokovoy via samba-technical wrote:
> On ti, 10 huhti 2018, William Brown via samba-technical wrote:
> > On Tue, 2018-04-10 at 17:23 +1200, Andrew Bartlett wrote:
> > > On Tue, 2018-04-10 at 14:53 +1000, William Brown via samba-technical
> > > wrote:
> > > > This patch resolves the earlier issue I found where the ldb
> > > > operations
> > > > error did not clearly communicate the issue.
> > > > 
> > > > Thank you for your time,
> > > > 
> > > > William Brown
> > > 
> > > Thanks William,
> > > 
> > > Can you add a Signed-off-by per the copyright policy and contributing
> > > page on the wiki?
> > 
> > > 
> > > Also, keep the line lengths under 80 columns and (if any) avoid
> > > trailing whitespace. 
> > > 
> > > I'll look at this more tomorrow, but it looks good so far!
> > 
> > Fixed both comments, see new patch attached,
> > 
> > Thank you!
> > 
> > > 
> > > Andrew Bartlett
> > > 
> 
> > From 96627ec115e00df9a61879cfcd52df4c97071682 Mon Sep 17 00:00:00 2001
> > From: William Brown <william at blackhats.net.au>
> > Date: Tue, 10 Apr 2018 14:51:06 +1000
> > Subject: [PATCH] s4:ldb/password_hash.c: improve krb5 context error message
> > 
> > When heimdal encounters a MIT krb5.conf that it does not understand,
> > it would emit an "ldb operations error". Sadly this does not help
> > or communicate to the administrator the root cause of the issue.
> > 
> > Improve the error message for when krb init fails during password_hash.c
> > 
> > Signed-off-by: William Brown <william at blackhats.net.au>
> > ---
> >  source4/dsdb/samdb/ldb_modules/password_hash.c | 23 ++++++++++++++++++++---
> >  1 file changed, 20 insertions(+), 3 deletions(-)
> > 
> > diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
> > index c872f20eb23..146fb6fa2c3 100644
> > --- a/source4/dsdb/samdb/ldb_modules/password_hash.c
> > +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
> > @@ -3138,10 +3138,27 @@ static int setup_io(struct ph_context *ac,
> >  		info_msg = client_msg;
> >  	}
> >  
> > -	if (smb_krb5_init_context(ac,
> > +	ret = smb_krb5_init_context(ac,
> >  				  (struct loadparm_context *)ldb_get_opaque(ldb, "loadparm"),
> > -				  &io->smb_krb5_context) != 0) {
> > -		return ldb_operr(ldb);
> > +				  &io->smb_krb5_context);
> > +
> > +	if (ret != 0) {
> > +		/*
> > +		 * In the special case of mit krb5.conf vs heimdal, the includedir
> > +		 * statement causes ret == 22 (KRB5_CONFIG_BADFORMAT) to be returned.
> > +		 * We look for this case so that we can give a more instructional
> > +		 * message to the administrator.
> > +		 */
> > +		if (ret == KRB5_CONFIG_BADFORMAT || ret == EINVAL) {
> > +			ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s - "
> > +				"This could be due to an invalid krb5 configuration. "
> > +				"Please check your system's krb5 configuration is correct.",
> > +				error_message(ret));
> > +		} else {
> > +			ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s",
> > +				error_message(ret));
> > +		}
> > +		return LDB_ERR_OPERATIONS_ERROR;
> >  	}
> >  
> >  	io->ac				= ac;
> 
> RB+ by me.

RB+ and pushed !

More information about the samba-technical mailing list