s3-auth: Add extra error messages on authentication or authorization failure
authorAndrew Bartlett <abartlet@samba.org>
Tue, 31 Jan 2012 01:53:30 +0000 (12:53 +1100)
committerStefan Metzmacher <metze@samba.org>
Fri, 17 Feb 2012 09:48:09 +0000 (10:48 +0100)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
auth/ntlmssp/ntlmssp_server.c
source3/auth/auth_ntlmssp.c
source3/smbd/sesssetup.c

index b190cf3..1a498e8 100644 (file)
@@ -568,6 +568,10 @@ NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
                                                  &state->user_session_key,
                                                  &state->lm_session_key);
        if (!NT_STATUS_IS_OK(nt_status)) {
+               DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n",
+                        __location__,
+                        ntlmssp_state->domain, ntlmssp_state->user,
+                        nt_errstr(nt_status)));
                TALLOC_FREE(state);
                return nt_status;
        }
index 3e809a7..f0c96ab 100644 (file)
@@ -176,6 +176,13 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
        nt_status = auth_context->check_ntlm_password(auth_context,
                                                      mapped_user_info, &server_info);
 
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n",
+                        user_info->client.domain_name,
+                        user_info->client.account_name,
+                        nt_errstr(nt_status)));
+       }
+
        username_was_mapped = mapped_user_info->was_mapped;
 
        free_user_info(&mapped_user_info);
@@ -329,6 +336,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
                                                         user_session_key, lm_session_key);
        }
        talloc_free(user_info);
+
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n",
+                        __location__,
+                        user_info->client.domain_name,
+                        user_info->client.account_name,
+                        nt_errstr(nt_status)));
+       }
+
        NT_STATUS_NOT_OK_RETURN(nt_status);
 
        talloc_steal(mem_ctx, user_session_key->data);
index 1741f4f..987b626 100644 (file)
@@ -257,6 +257,9 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                                             talloc_tos(),
                                             &session_info);
                if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(1,("Failed to generate session_info "
+                                "(user and group token) for session setup: %s\n",
+                                nt_errstr(status)));
                        /* Kill the intermediate vuid */
                        data_blob_free(&out_blob);
                        invalidate_vuid(sconn, vuid);