s3-gse Allow printing the partial error string

[amitay/samba.git] / source3 / librpc / crypto / gse.c

diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index ca99f9b03ac5bf0e284d252f761145040966f426..cfa6bf1e0d6b003ecf7584bd6a2a1a6e7a9d4429 100644 (file)
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -27,12 +27,6 @@
 #include "smb_krb5.h"
 #include "gse_krb5.h"
 
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_krb5.h>
-#ifdef HAVE_GSSAPI_GSSAPI_EXT_H
-#include <gssapi/gssapi_ext.h>
-#endif
-
 #ifndef GSS_KRB5_INQ_SSPI_SESSION_KEY_OID
 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"
@@ -365,8 +359,6 @@ NTSTATUS gse_init_server(TALLOC_CTX *mem_ctx,
        OM_uint32 gss_maj, gss_min;
        krb5_error_code ret;
        NTSTATUS status;
-       const char *ktname;
-       gss_OID_set_desc mech_set;
 
        status = gse_context_init(mem_ctx, do_sign, do_seal,
                                  NULL, add_gss_c_flags, &gse_ctx);
@@ -396,24 +388,27 @@ NTSTATUS gse_init_server(TALLOC_CTX *mem_ctx,
         * This call sets the default keytab for the whole server, not
         * just for this context. Need to find a way that does not alter
         * the state of the whole server ... */
+       {
+               const char *ktname;
+               gss_OID_set_desc mech_set;
 
-       ret = smb_krb5_keytab_name(gse_ctx, gse_ctx->k5ctx,
+               ret = smb_krb5_keytab_name(gse_ctx, gse_ctx->k5ctx,
                                   gse_ctx->keytab, &ktname);
-       if (ret) {
-               status = NT_STATUS_INTERNAL_ERROR;
-               goto done;
-       }
+               if (ret) {
+                       status = NT_STATUS_INTERNAL_ERROR;
+                       goto done;
+               }
 
-       ret = gsskrb5_register_acceptor_identity(ktname);
-       if (ret) {
-               status = NT_STATUS_INTERNAL_ERROR;
-               goto done;
-       }
+               ret = gsskrb5_register_acceptor_identity(ktname);
+               if (ret) {
+                       status = NT_STATUS_INTERNAL_ERROR;
+                       goto done;
+               }
 
-       mech_set.count = 1;
-       mech_set.elements = &gse_ctx->gss_mech;
-       
-       gss_maj = gss_acquire_cred(&gss_min,
+               mech_set.count = 1;
+               mech_set.elements = &gse_ctx->gss_mech;
+
+               gss_maj = gss_acquire_cred(&gss_min,
                                   GSS_C_NO_NAME,
                                   GSS_C_INDEFINITE,
                                   &mech_set,
@@ -421,11 +416,12 @@ NTSTATUS gse_init_server(TALLOC_CTX *mem_ctx,
                                   &gse_ctx->creds,
                                   NULL, NULL);
 
-       if (gss_maj) {
-               DEBUG(0, ("gss_acquire_creds failed with [%s]\n",
-                         gse_errstr(gse_ctx, gss_maj, gss_min)));
-               status = NT_STATUS_INTERNAL_ERROR;
-               goto done;
+               if (gss_maj) {
+                       DEBUG(0, ("gss_acquire_creds failed with [%s]\n",
+                                 gse_errstr(gse_ctx, gss_maj, gss_min)));
+                       status = NT_STATUS_INTERNAL_ERROR;
+                       goto done;
+               }
        }
 #endif
        status = NT_STATUS_OK;
@@ -562,6 +558,12 @@ static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min)
        if (gss_maj) {
                goto done;
        }
+       errstr = talloc_strndup(mem_ctx,
+                               (char *)msg_maj.value,
+                                       msg_maj.length);
+       if (!errstr) {
+               goto done;
+       }
        gss_maj = gss_display_status(&gss_min, min, GSS_C_MECH_CODE,
                                     (gss_OID)discard_const(gss_mech_krb5),
                                     &msg_ctx, &msg_min);
@@ -569,12 +571,6 @@ static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min)
                goto done;
        }
 
-       errstr = talloc_strndup(mem_ctx,
-                               (char *)msg_maj.value,
-                                       msg_maj.length);
-       if (!errstr) {
-               goto done;
-       }
        errstr = talloc_strdup_append_buffer(errstr, ": ");
        if (!errstr) {
                goto done;