Integrate kerberos tracing - part 2
swen
swen at linux.ibm.com
Wed Dec 5 18:25:58 UTC 2018
Ok, the first trial of integrating the new MIT tracing with the
existing Heimdal logging didn't go too well.
The latest version (attached here) is pretty much what Metze
mentioned as the first option, an integration of
raw krb5_init_context() with the functionality of KRB5_TRACE_SET().
Now named smb_krb5_init_context_common() and used everywhere in the
code (Heimdal and MIT).
An integration on a higher level, e.g. smb_krb5_init_context_basic() or
even smb_krb5_init_context() would have been by far too intrusive to
the existing code with too little benefit.
The current version is running test on Gitlab currently and looks
promising.
https://gitlab.com/samba-team/devel/samba/commits/sswen-common-kerbeors-tracing
Please comment.
Thanks for your support in advance !
Cheers Swen
On Wed, 2018-12-05 at 14:29 +0100, swen via samba-technical wrote:
> Hi Metze,
>
> On Tue, 2018-12-04 at 10:21 +0100, Stefan Metzmacher via samba-
> technical wrote:
> > Hi Swen,
> >
> > We already have something similar in smb_krb5_init_context() for
> > Heimdal. Can you also add the tracing for MIT there?
> >
> > I'm not sure, but I think it might be nicer to then use
> > smb_krb5_init_context() instead of the raw krb5_init_context()
> > so that we can't forget KRB5_TRACE_SET().
> > What does others think about that?
> > If we decide to use krb5_init_context() + KRB5_TRACE_SET() please
> > make sure it also works for Heimdal.
> >
>
> I have checked the existing code and have modified my code to the
> direction you suggested.
>
> Not 100% though.
>
> I did integrate the MIT tracing to a common location
> smb_krb5_init_context_basic() but couldn't move everything
> to krb5_init_context.c .
> That would have required an addtl. dependency of
> libkrb5samba to authkrb5 which in turn depends on krb5samba.
> So circular dependency.
>
> Therefore, I decided to move smb_krb5_init_context_basic() along with
> the callback to krb5_wrapper and that would work.
>
> Please have a look at the attached patch-set and let me know what you
> think.
>
> Cheers Swen
-------------- next part --------------
From 475de05eee73ccbf46945a4d25189fe7922d6ef4 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 5 Dec 2018 10:29:44 +0100
Subject: [PATCH 01/10] Add MIT kerberos tracing capability
HEIMDAL kerberos offers already tracing via a logging facility
through smb_krb5_init_context().
MIT kerberos offers to register a callback via krb5_set_trace_callback
with which tracing information can be routed to a common logging facility.
This is now integrated into smb_krb5_init_context_basic() offering
the same functionality for both kerberos fragrances.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
lib/krb5_wrap/krb5_samba.c | 39 +++++++++++++++++++++++
lib/krb5_wrap/krb5_samba.h | 2 ++
source4/auth/kerberos/krb5_init_context.c | 6 +---
3 files changed, 42 insertions(+), 5 deletions(-)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index b2425109d3a..954eef0fec8 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -3571,6 +3571,45 @@ failed:
return retval;
}
+#ifndef SAMBA4_USES_HEIMDAL /* MITKRB5 tracing callback */
+void smb_krb5_trace_cb(krb5_context ctx,
+ const krb5_trace_info *info,
+ void *data)
+{
+ if (info != NULL) {
+ DBGC_DEBUG(DBGC_KERBEROS, "%s\n", info->message);
+ }
+}
+#endif
+
+krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context)
+{
+ krb5_error_code ret;
+ krb5_context krb5_ctx;
+
+ initialize_krb5_error_table();
+
+ ret = krb5_init_context(&krb5_ctx);
+ if (ret) {
+ DBG_ERR("Krb5 context initialization failed (%s)\n",
+ error_message(ret));
+ return ret;
+ }
+
+ /* The MIT Kerberos build relies on using the system krb5.conf file.
+ * If you really want to use another file please set KRB5_CONFIG
+ * accordingly. */
+#ifndef SAMBA4_USES_HEIMDAL
+ ret = krb5_set_trace_callback(krb5_ctx, smb_krb5_trace_cb, NULL);
+ if (ret) {
+ DBG_ERR("Failed to set MIT kerberos trace callback! (%s)\n",
+ error_message(ret));
+ }
+#endif
+ *_krb5_context = krb5_ctx;
+ return 0;
+}
+
#else /* HAVE_KRB5 */
/* This saves a few linking headaches */
int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx,
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 4d0148fd047..1f676a4a227 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -143,6 +143,8 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
krb5_const_principal principal,
char **unix_name);
+krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context);
+
krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 5e771a87cc5..63f89be0f0a 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -478,12 +478,8 @@ smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx,
#endif
krb5_context krb5_ctx;
- initialize_krb5_error_table();
-
- ret = krb5_init_context(&krb5_ctx);
+ ret = smb_krb5_init_context_common(&krb5_ctx);
if (ret) {
- DEBUG(1,("krb5_init_context failed (%s)\n",
- error_message(ret)));
return ret;
}
--
2.17.2
From 00b95fea6bf4b8044f01fc4f11f94821c2e09e49 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 5 Dec 2018 11:03:33 +0100
Subject: [PATCH 02/10] lib: Add kerberos tracing
Add krb5 tracing to samba krb5 wrapper.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
lib/krb5_wrap/krb5_samba.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 954eef0fec8..7566b5edb17 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -932,9 +932,10 @@ krb5_error_code smb_krb5_renew_ticket(const char *ccache_string,
ZERO_STRUCT(creds);
ZERO_STRUCT(creds_in);
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
goto done;
}
@@ -2880,8 +2881,10 @@ char *smb_krb5_get_realm_from_hostname(TALLOC_CTX *mem_ctx,
krb5_error_code kerr;
krb5_context ctx = NULL;
- initialize_krb5_error_table();
- if (krb5_init_context(&ctx)) {
+ kerr = smb_krb5_init_context_common(&ctx);
+ if (kerr) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(kerr));
return NULL;
}
@@ -3502,11 +3505,10 @@ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx,
ENCTYPE_NULL};
bool ok;
- initialize_krb5_error_table();
- retval = krb5_init_context(&context);
+ retval = smb_krb5_init_context_common(&context);
if (retval != 0) {
- DBG_WARNING("krb5_init_context failed (%s)\n",
- error_message(retval));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(retval));
goto failed;
}
--
2.17.2
From ca11eafa48e799ebd2490470bafdd5e36c313007 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 5 Dec 2018 11:06:20 +0100
Subject: [PATCH 03/10] client: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
source3/client/smbspool.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index 58ce6c56177..4f312a6d294 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -28,6 +28,7 @@
#include "system/kerberos.h"
#include "libsmb/libsmb.h"
#include "lib/param/param.h"
+#include "lib/krb5_wrap/krb5_samba.h"
/*
* Starting with CUPS 1.3, Kerberos support is provided by cupsd including
@@ -516,8 +517,10 @@ static bool kerberos_ccache_is_valid(void) {
krb5_ccache ccache = NULL;
krb5_error_code code;
- code = krb5_init_context(&ctx);
+ code = smb_krb5_init_context_common(&ctx);
if (code != 0) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(code));
return false;
}
--
2.17.2
From df5c1204e9fe6e91f1f51c4628a9fda3ab254adf Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 5 Dec 2018 11:16:42 +0100
Subject: [PATCH 04/10] libads: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
source3/libads/kerberos.c | 17 ++++++++++-------
source3/libads/kerberos_keytab.c | 28 ++++++++++++----------------
source3/libads/krb5_setpw.c | 12 ++++++------
source3/libads/sasl.c | 4 +++-
4 files changed, 31 insertions(+), 30 deletions(-)
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 43b6a1debb4..a06eb6ac4cb 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -128,9 +128,12 @@ int kerberos_kinit_password_ext(const char *principal,
ZERO_STRUCT(my_creds);
- initialize_krb5_error_table();
- if ((code = krb5_init_context(&ctx)))
- goto out;
+ code = smb_krb5_init_context_common(&ctx);
+ if (code) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(code));
+ return code;
+ }
if (time_offset != 0) {
krb5_set_real_time(ctx, time(NULL) + time_offset, 0);
@@ -244,10 +247,10 @@ int ads_kdestroy(const char *cc_name)
krb5_context ctx = NULL;
krb5_ccache cc = NULL;
- initialize_krb5_error_table();
- if ((code = krb5_init_context (&ctx))) {
- DEBUG(3, ("ads_kdestroy: kdb5_init_context failed: %s\n",
- error_message(code)));
+ code = smb_krb5_init_context_common(&ctx);
+ if (code) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(code));
return code;
}
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 792dc999e6c..97d5535041c 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -259,11 +259,10 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc, bool update_ads)
TALLOC_CTX *tmpctx = NULL;
int i;
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1, (__location__ ": could not krb5_init_context: %s\n",
- error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return -1;
}
@@ -436,11 +435,10 @@ int ads_keytab_flush(ADS_STRUCT *ads)
krb5_kvno kvno;
ADS_STATUS aderr;
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1, (__location__ ": could not krb5_init_context: %s\n",
- error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ret;
}
@@ -570,11 +568,10 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
memset(princ_s, '\0', sizeof(princ_s));
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1, (__location__ ": could not krb5_init_context: %s\n",
- error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
goto done;
}
@@ -774,11 +771,10 @@ int ads_keytab_list(const char *keytab_name)
ZERO_STRUCT(kt_entry);
ZERO_STRUCT(cursor);
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1, (__location__ ": could not krb5_init_context: %s\n",
- error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ret;
}
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index a4a781963a3..c3c9477c4cf 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -69,10 +69,10 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *principal,
krb5_data result_code_string = { 0 };
krb5_data result_string = { 0 };
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ADS_ERROR_KRB5(ret);
}
@@ -177,10 +177,10 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
krb5_data result_string = { 0 };
smb_krb5_addresses *addr = NULL;
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ADS_ERROR_KRB5(ret);
}
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 7f7b790810c..010a2538206 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -366,8 +366,10 @@ static ADS_STATUS ads_init_gssapi_cred(ADS_STRUCT *ads, gss_cred_id_t *cred)
return ADS_SUCCESS;
}
- kerr = krb5_init_context(&kctx);
+ kerr = smb_krb5_init_context_common(&kctx);
if (kerr) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(kerr));
return ADS_ERROR_KRB5(kerr);
}
--
2.17.2
From 2c716b3d9e6d8524d7fe549f555ef037c3340de5 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 5 Dec 2018 11:35:42 +0100
Subject: [PATCH 05/10] libnet: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
source3/libnet/libnet_keytab.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c
index c76e7b298cf..cdf22c2ceb9 100644
--- a/source3/libnet/libnet_keytab.c
+++ b/source3/libnet/libnet_keytab.c
@@ -74,11 +74,10 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx,
talloc_set_destructor(r, keytab_close);
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1,("keytab_init: could not krb5_init_context: %s\n",
- error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ret;
}
--
2.17.2
From 0f9ae71173d98bd752944cf3ab15053f773a40fb Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 5 Dec 2018 11:38:44 +0100
Subject: [PATCH 06/10] librpc: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
source3/librpc/crypto/gse.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 2c00ea9bbcb..9a9f4261222 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -206,12 +206,10 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
gse_ctx->gss_want_flags |= add_gss_c_flags;
/* Initialize Kerberos Context */
- initialize_krb5_error_table();
-
- k5ret = krb5_init_context(&gse_ctx->k5ctx);
+ k5ret = smb_krb5_init_context_common(&gse_ctx->k5ctx);
if (k5ret) {
- DEBUG(0, ("Failed to initialize kerberos context! (%s)\n",
- error_message(k5ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(k5ret));
status = NT_STATUS_INTERNAL_ERROR;
goto err_out;
}
--
2.17.2
From acf59b45411940612f33f58baf3a42a0a14add15 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 5 Dec 2018 11:41:47 +0100
Subject: [PATCH 07/10] passdb: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
source3/passdb/machine_account_secrets.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index b816b3aa7f8..4da7c4b5841 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -1083,9 +1083,10 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
goto no_kerberos;
}
- initialize_krb5_error_table();
- krb5_ret = krb5_init_context(&krb5_ctx);
- if (krb5_ret != 0) {
+ krb5_ret = smb_krb5_init_context_common(&krb5_ctx);
+ if (krb5_ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(krb5_ret));
TALLOC_FREE(keys);
return krb5_ret;
}
--
2.17.2
From 68bd62487831fa3b3d1c658cf2ab97c697bbf1c3 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 5 Dec 2018 11:44:24 +0100
Subject: [PATCH 08/10] utils: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
source3/utils/net_lookup.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
index 140f9900795..521341b9baf 100644
--- a/source3/utils/net_lookup.c
+++ b/source3/utils/net_lookup.c
@@ -286,11 +286,10 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv)
int i;
NTSTATUS status;
- initialize_krb5_error_table();
- rc = krb5_init_context(&ctx);
+ rc = smb_krb5_init_context_common(&ctx);
if (rc) {
- DEBUG(1,("krb5_init_context failed (%s)\n",
- error_message(rc)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(rc));
return -1;
}
--
2.17.2
From b88c2564b9ec607cca4cb5a210f73fbbcd2983ad Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 5 Dec 2018 11:46:46 +0100
Subject: [PATCH 09/10] winbindd: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
source3/winbindd/winbindd_pam.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index b7eb17556a4..40921ce78ef 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2889,10 +2889,10 @@ static NTSTATUS extract_pac_vrfy_sigs(TALLOC_CTX *mem_ctx, DATA_BLOB pac_blob,
ZERO_STRUCT(entry);
ZERO_STRUCT(cursor);
- k5ret = krb5_init_context(&krbctx);
+ k5ret = smb_krb5_init_context_common(&krbctx);
if (k5ret) {
- DEBUG(1, ("Failed to initialize kerberos context: %s\n",
- error_message(k5ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(k5ret));
status = krb5_to_nt_status(k5ret);
goto out;
}
--
2.17.2
From 58979dd1a52f76889aa7fd2e8a03dc6178589658 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 5 Dec 2018 11:55:09 +0100
Subject: [PATCH 10/10] s4: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
source4/kdc/ktutil.c | 6 +++---
source4/kdc/sdb_to_kdb.c | 4 +++-
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/source4/kdc/ktutil.c b/source4/kdc/ktutil.c
index bc263c5b29b..59aa1cf377f 100644
--- a/source4/kdc/ktutil.c
+++ b/source4/kdc/ktutil.c
@@ -59,10 +59,10 @@ int main (int argc, char **argv)
keytab_name = argv[1];
- initialize_krb5_error_table();
-
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
smb_krb5_err(mem_ctx, context, 1, ret, "krb5_context");
}
diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c
index 74d882738f8..1411b0f5f66 100644
--- a/source4/kdc/sdb_to_kdb.c
+++ b/source4/kdc/sdb_to_kdb.c
@@ -327,8 +327,10 @@ static int samba_kdc_kdb_entry_destructor(struct samba_kdc_entry *p)
entry_ex->e_data = NULL;
}
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ret;
}
--
2.17.2
More information about the samba-technical
mailing list