struct loadparm_context *lp_ctx)
{
char *p;
+ const char *error_string;
if (lp_ctx != NULL) {
cli_credentials_set_conf(cred, lp_ctx);
}
if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
- cli_credentials_set_ccache(cred, event_context_find(cred), lp_ctx, NULL, CRED_GUESS_FILE);
+ cli_credentials_set_ccache(cred, event_context_find(cred), lp_ctx, NULL, CRED_GUESS_FILE,
+ &error_string);
}
}
int cli_credentials_get_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
- struct ccache_container **ccc);
+ struct ccache_container **ccc,
+ const char **error_string);
int cli_credentials_get_named_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
char *ccache_name,
- struct ccache_container **ccc);
+ struct ccache_container **ccc, const char **error_string);
int cli_credentials_get_keytab(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
- struct gssapi_creds_container **_gcc);
+ struct gssapi_creds_container **_gcc,
+ const char **error_string);
void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
enum credentials_use_kerberos use_kerberos);
bool cli_credentials_set_domain(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *name,
- enum credentials_obtained obtained);
+ enum credentials_obtained obtained,
+ const char **error_string);
bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained);
bool cli_credentials_parse_password_fd(struct cli_credentials *credentials,
int fd, enum credentials_obtained obtained);
}
static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
- struct ccache_container *ccache,
- enum credentials_obtained obtained)
+ struct ccache_container *ccache,
+ enum credentials_obtained obtained,
+ const char **error_string)
{
krb5_principal princ;
ccache->ccache, &princ);
if (ret) {
- char *err_mess = smb_get_krb5_error_message(ccache->smb_krb5_context->krb5_context,
- ret, cred);
- DEBUG(1,("failed to get principal from ccache: %s\n",
- err_mess));
- talloc_free(err_mess);
+ (*error_string) = talloc_asprintf(cred, "failed to get principal from ccache: %s\n",
+ smb_get_krb5_error_message(ccache->smb_krb5_context->krb5_context,
+ ret, cred));
return ret;
}
ret = krb5_unparse_name(ccache->smb_krb5_context->krb5_context, princ, &name);
if (ret) {
- char *err_mess = smb_get_krb5_error_message(ccache->smb_krb5_context->krb5_context, ret, cred);
- DEBUG(1,("failed to unparse principal from ccache: %s\n",
- err_mess));
- talloc_free(err_mess);
+ (*error_string) = talloc_asprintf(cred, "failed to unparse principal from ccache: %s\n",
+ smb_get_krb5_error_message(ccache->smb_krb5_context->krb5_context,
+ ret, cred));
return ret;
}
_PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
- struct loadparm_context *lp_ctx,
- const char *name,
- enum credentials_obtained obtained)
+ struct loadparm_context *lp_ctx,
+ const char *name,
+ enum credentials_obtained obtained,
+ const char **error_string)
{
krb5_error_code ret;
krb5_principal princ;
ccc = talloc(cred, struct ccache_container);
if (!ccc) {
+ (*error_string) = error_message(ENOMEM);
return ENOMEM;
}
ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
+ (*error_string) = error_message(ret);
talloc_free(ccc);
return ret;
}
if (!talloc_reference(ccc, ccc->smb_krb5_context)) {
talloc_free(ccc);
+ (*error_string) = error_message(ENOMEM);
return ENOMEM;
}
if (name) {
ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context, name, &ccc->ccache);
if (ret) {
- DEBUG(1,("failed to read krb5 ccache: %s: %s\n",
- name,
- smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context, ret, ccc)));
+ (*error_string) = talloc_asprintf(cred, "failed to read krb5 ccache: %s: %s\n",
+ name,
+ smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context,
+ ret, ccc));
talloc_free(ccc);
return ret;
}
} else {
ret = krb5_cc_default(ccc->smb_krb5_context->krb5_context, &ccc->ccache);
if (ret) {
- DEBUG(3,("failed to read default krb5 ccache: %s\n",
- smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context, ret, ccc)));
+ (*error_string) = talloc_asprintf(cred, "failed to read default krb5 ccache: %s\n",
+ smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context,
+ ret, ccc));
talloc_free(ccc);
return ret;
}
ret = krb5_cc_get_principal(ccc->smb_krb5_context->krb5_context, ccc->ccache, &princ);
if (ret) {
- DEBUG(3,("failed to get principal from default ccache: %s\n",
- smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context, ret, ccc)));
- talloc_free(ccc);
+ (*error_string) = talloc_asprintf(cred, "failed to get principal from default ccache: %s\n",
+ smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context,
+ ret, ccc));
+ talloc_free(ccc);
return ret;
}
krb5_free_principal(ccc->smb_krb5_context->krb5_context, princ);
- ret = cli_credentials_set_from_ccache(cred, ccc, obtained);
+ ret = cli_credentials_set_from_ccache(cred, ccc, obtained, error_string);
if (ret) {
+ (*error_string) = error_message(ret);
return ret;
}
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
char *ccache_name,
- struct ccache_container **_ccc)
+ struct ccache_container **_ccc,
+ const char **error_string)
{
bool must_free_cc_name = false;
krb5_error_code ret;
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
+ (*error_string) = talloc_asprintf(cred, "Failed to get krb5_context: %s",
+ error_message(ret));
return ret;
}
if (!talloc_reference(ccc, ccc->smb_krb5_context)) {
talloc_free(ccc);
+ (*error_string) = strerror(ENOMEM);
return ENOMEM;
}
if (!ccache_name) {
talloc_free(ccc);
+ (*error_string) = strerror(ENOMEM);
return ENOMEM;
}
}
ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context, ccache_name,
&ccc->ccache);
if (ret) {
- DEBUG(1,("failed to generate a new krb5 ccache (%s): %s\n",
- ccache_name,
- smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context, ret, ccc)));
+ (*error_string) = talloc_asprintf(cred, "failed to resolve a krb5 ccache (%s): %s\n",
+ ccache_name,
+ smb_get_krb5_error_message(ccc->smb_krb5_context->krb5_context,
+ ret, ccc));
talloc_free(ccache_name);
talloc_free(ccc);
return ret;
*_ccc = ccc;
- return ret;
+ return 0;
}
_PUBLIC_ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
char *ccache_name,
- struct ccache_container **ccc)
+ struct ccache_container **ccc,
+ const char **error_string)
{
krb5_error_code ret;
return 0;
}
if (cli_credentials_is_anonymous(cred)) {
+ (*error_string) = "Cannot get anonymous kerberos credentials";
return EINVAL;
}
- ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, ccache_name, ccc);
+ ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, ccache_name, ccc, error_string);
if (ret) {
return ret;
}
- ret = kinit_to_ccache(cred, cred, (*ccc)->smb_krb5_context, (*ccc)->ccache);
+ ret = kinit_to_ccache(cred, cred, (*ccc)->smb_krb5_context, (*ccc)->ccache, error_string);
if (ret) {
return ret;
}
ret = cli_credentials_set_from_ccache(cred, *ccc,
(MAX(MAX(cred->principal_obtained,
cred->username_obtained),
- cred->password_obtained)));
+ cred->password_obtained)), error_string);
cred->ccache = *ccc;
cred->ccache_obtained = cred->principal_obtained;
return ret;
}
cli_credentials_invalidate_client_gss_creds(cred, cred->ccache_obtained);
- return ret;
+ return 0;
}
_PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred,
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
- struct ccache_container **ccc)
+ struct ccache_container **ccc,
+ const char **error_string)
{
- return cli_credentials_get_named_ccache(cred, event_ctx, lp_ctx, NULL, ccc);
+ return cli_credentials_get_named_ccache(cred, event_ctx, lp_ctx, NULL, ccc, error_string);
}
void cli_credentials_invalidate_client_gss_creds(struct cli_credentials *cred,
}
_PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
- struct loadparm_context *lp_ctx,
- struct gssapi_creds_container **_gcc)
+ struct tevent_context *event_ctx,
+ struct loadparm_context *lp_ctx,
+ struct gssapi_creds_container **_gcc,
+ const char **error_string)
{
int ret = 0;
OM_uint32 maj_stat, min_stat;
}
ret = cli_credentials_get_ccache(cred, event_ctx, lp_ctx,
- &ccache);
+ &ccache, error_string);
if (ret) {
DEBUG(1, ("Failed to get CCACHE for GSSAPI client: %s\n", error_message(ret)));
return ret;
gcc = talloc(cred, struct gssapi_creds_container);
if (!gcc) {
+ (*error_string) = error_message(ENOMEM);
return ENOMEM;
}
} else {
ret = EINVAL;
}
+ (*error_string) = error_message(ENOMEM);
return ret;
}
} else {
ret = EINVAL;
}
+ (*error_string) = error_message(ENOMEM);
return ret;
}
}
} else {
ret = EINVAL;
}
+ (*error_string) = error_message(ENOMEM);
return ret;
}
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
- enum credentials_obtained obtained)
+ enum credentials_obtained obtained,
+ const char **error_string)
{
int ret;
OM_uint32 maj_stat, min_stat;
gcc = talloc(cred, struct gssapi_creds_container);
if (!gcc) {
+ (*error_string) = error_message(ENOMEM);
return ENOMEM;
}
- ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, NULL, &ccc);
+ ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, NULL, &ccc, error_string);
if (ret != 0) {
return ret;
}
} else {
ret = EINVAL;
}
+ if (ret) {
+ (*error_string) = error_message(ENOMEM);
+ }
}
if (ret == 0) {
- ret = cli_credentials_set_from_ccache(cred, ccc, obtained);
+ ret = cli_credentials_set_from_ccache(cred, ccc, obtained, error_string);
}
cred->ccache = ccc;
cred->ccache_obtained = obtained;
struct smb_krb5_context *smb_krb5_context;
TALLOC_CTX *mem_ctx;
krb5_principal princ;
+ const char *error_string;
if (cred->server_gss_creds_obtained >= (MAX(cred->keytab_obtained,
MAX(cred->principal_obtained,
return ENOMEM;
}
- ret = principal_from_credentials(mem_ctx, cred, smb_krb5_context, &princ);
+ ret = principal_from_credentials(mem_ctx, cred, smb_krb5_context, &princ, &error_string);
if (ret) {
DEBUG(1,("cli_credentials_get_server_gss_creds: makeing krb5 principal failed (%s)\n",
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- ret, mem_ctx)));
+ error_string));
talloc_free(mem_ctx);
return ret;
}
struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
- enum credentials_obtained obtained);
+ enum credentials_obtained obtained,
+ const char **error_string);
/* Manually prototyped here to avoid needing krb5 headers in most callers */
krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
struct cli_credentials *credentials,
struct smb_krb5_context *smb_krb5_context,
- krb5_principal *princ);
+ krb5_principal *princ,
+ const char **error_string);
#endif /* __CREDENTIALS_KRB5_H__ */
struct ccache_container *ccc;
struct tevent_context *event_ctx;
int ret;
+ const char *error_string;
if (!PyArg_ParseTuple(args, "|Os", &py_lp_ctx, &ccache_name))
return NULL;
event_ctx = tevent_context_init(NULL);
- ret = cli_credentials_get_named_ccache(PyCredentials_AsCliCredentials(self), event_ctx, lp_ctx, ccache_name, &ccc);
+ ret = cli_credentials_get_named_ccache(PyCredentials_AsCliCredentials(self), event_ctx, lp_ctx,
+ ccache_name, &ccc, &error_string);
if (ret == 0) {
talloc_steal(ccc, event_ctx);
return PyCredentialCacheContainer_from_ccache_container(ccc);
- } else {
- talloc_free(event_ctx);
- return NULL;
}
+ PyErr_SetStringError(error_string);
+
+ talloc_free(event_ctx);
+ return NULL;
}
static PyMethodDef py_creds_methods[] = {
const char *hostname = gensec_get_target_hostname(gensec_security);
const char *principal;
struct gssapi_creds_container *gcc;
+ const char *error_string;
if (!hostname) {
DEBUG(1, ("Could not determine hostname for target computer, cannot use kerberos\n"));
ret = cli_credentials_get_client_gss_creds(creds,
gensec_security->event_ctx,
- gensec_security->settings->lp_ctx, &gcc);
+ gensec_security->settings->lp_ctx, &gcc, &error_string);
switch (ret) {
case 0:
break;
case KRB5KDC_ERR_PREAUTH_FAILED:
return NT_STATUS_LOGON_FAILURE;
case KRB5_KDC_UNREACH:
- DEBUG(3, ("Cannot reach a KDC we require to contact %s\n", principal));
+ DEBUG(3, ("Cannot reach a KDC we require to contact %s : %s\n", principal, error_string));
return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
default:
- DEBUG(1, ("Aquiring initiator credentials failed\n"));
+ DEBUG(1, ("Aquiring initiator credentials failed: %s\n", error_string));
return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(10, ("gensec_gssapi: NO delegated credentials supplied by client\n"));
} else {
krb5_error_code ret;
+ const char *error_string;
+
DEBUG(10, ("gensec_gssapi: delegated credentials supplied by client\n"));
session_info->credentials = cli_credentials_init(session_info);
if (!session_info->credentials) {
gensec_security->event_ctx,
gensec_security->settings->lp_ctx,
gensec_gssapi_state->delegated_cred_handle,
- CRED_SPECIFIED);
+ CRED_SPECIFIED, &error_string);
if (ret) {
talloc_free(mem_ctx);
+ DEBUG(2,("Failed to get gss creds: %s\n", error_string));
return NT_STATUS_NO_MEMORY;
}
NTSTATUS nt_status;
struct ccache_container *ccache_container;
const char *hostname;
-
+ const char *error_string;
const char *principal;
krb5_data in_data;
ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security),
gensec_security->event_ctx,
- gensec_security->settings->lp_ctx, &ccache_container);
+ gensec_security->settings->lp_ctx, &ccache_container, &error_string);
switch (ret) {
case 0:
break;
case KRB5KDC_ERR_PREAUTH_FAILED:
return NT_STATUS_LOGON_FAILURE;
case KRB5_KDC_UNREACH:
- DEBUG(3, ("Cannot reach a KDC we require to contact %s\n", principal));
+ DEBUG(3, ("Cannot reach a KDC we require to contact %s: %s\n", principal, error_string));
return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
default:
- DEBUG(1, ("gensec_krb5_start: Aquiring initiator credentials failed: %s\n", error_message(ret)));
+ DEBUG(1, ("gensec_krb5_start: Aquiring initiator credentials failed: %s\n", error_string));
return NT_STATUS_UNSUCCESSFUL;
}
in_data.length = 0;
uint8_t tok_id[2];
struct keytab_container *keytab;
krb5_principal server_in_keytab;
+ const char *error_string;
if (!in.data) {
return NT_STATUS_INVALID_PARAMETER;
/* This ensures we lookup the correct entry in that keytab */
ret = principal_from_credentials(out_mem_ctx, gensec_get_credentials(gensec_security),
gensec_krb5_state->smb_krb5_context,
- &server_in_keytab);
+ &server_in_keytab, error_string);
if (ret) {
+ DEBUG(2,("Failed to make credentials from principal: %s\n", error_string));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
Orignally by remus@snapserver.com
*/
krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc,
- krb5_principal principal, const char *password,
- time_t *expire_time, time_t *kdc_time)
+ krb5_principal principal, const char *password,
+ time_t *expire_time, time_t *kdc_time)
{
krb5_error_code code = 0;
krb5_creds my_creds;
krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx);
krb5_error_code kinit_to_ccache(TALLOC_CTX *parent_ctx,
- struct cli_credentials *credentials,
- struct smb_krb5_context *smb_krb5_context,
- krb5_ccache ccache);
+ struct cli_credentials *credentials,
+ struct smb_krb5_context *smb_krb5_context,
+ krb5_ccache ccache,
+ const char **error_string);
krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
struct cli_credentials *credentials,
struct smb_krb5_context *smb_krb5_context,
- krb5_principal *princ);
+ krb5_principal *princ,
+ const char **error_string);
NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA **pac_data_out,
krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
struct cli_credentials *credentials,
struct smb_krb5_context *smb_krb5_context,
- krb5_principal *princ)
+ krb5_principal *princ,
+ const char **error_string)
{
krb5_error_code ret;
const char *princ_string;
struct principal_container *mem_ctx = talloc(parent_ctx, struct principal_container);
if (!mem_ctx) {
+ (*error_string) = error_message(ENOMEM);
return ENOMEM;
}
ret = krb5_parse_name(smb_krb5_context->krb5_context,
princ_string, princ);
- if (ret == 0) {
- /* This song-and-dance effectivly puts the principal
- * into talloc, so we can't loose it. */
- mem_ctx->smb_krb5_context = talloc_reference(mem_ctx, smb_krb5_context);
- mem_ctx->principal = *princ;
- talloc_set_destructor(mem_ctx, free_principal);
+ if (ret) {
+ (*error_string) = smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, parent_ctx);
+ return ret;
}
- return ret;
+
+ /* This song-and-dance effectivly puts the principal
+ * into talloc, so we can't loose it. */
+ mem_ctx->smb_krb5_context = talloc_reference(mem_ctx, smb_krb5_context);
+ mem_ctx->principal = *princ;
+ talloc_set_destructor(mem_ctx, free_principal);
+ return 0;
}
/**
krb5_error_code kinit_to_ccache(TALLOC_CTX *parent_ctx,
struct cli_credentials *credentials,
struct smb_krb5_context *smb_krb5_context,
- krb5_ccache ccache)
+ krb5_ccache ccache,
+ const char **error_string)
{
krb5_error_code ret;
const char *password;
TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
if (!mem_ctx) {
+ (*error_string) = strerror(ENOMEM);
return ENOMEM;
}
- ret = principal_from_credentials(mem_ctx, credentials, smb_krb5_context, &princ);
+ ret = principal_from_credentials(mem_ctx, credentials, smb_krb5_context, &princ, error_string);
if (ret) {
talloc_free(mem_ctx);
return ret;
mach_pwd = cli_credentials_get_nt_hash(credentials, mem_ctx);
if (!mach_pwd) {
talloc_free(mem_ctx);
- DEBUG(1, ("kinit_to_ccache: No password available for kinit\n"));
+ (*error_string) = "kinit_to_ccache: No password available for kinit\n";
return EINVAL;
}
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
}
if (ret == KRB5KRB_AP_ERR_SKEW || ret == KRB5_KDCREP_SKEW) {
- DEBUG(1,("kinit for %s failed (%s)\n",
- cli_credentials_get_principal(credentials, mem_ctx),
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- ret, mem_ctx)));
+ (*error_string) = talloc_asprintf(credentials, "kinit for %s failed (%s)\n",
+ cli_credentials_get_principal(credentials, mem_ctx),
+ smb_get_krb5_error_message(smb_krb5_context->krb5_context,
+ ret, mem_ctx));
talloc_free(mem_ctx);
return ret;
}
ret = kinit_to_ccache(parent_ctx,
credentials,
smb_krb5_context,
- ccache);
+ ccache, error_string);
}
if (ret) {
- DEBUG(1,("kinit for %s failed (%s)\n",
- cli_credentials_get_principal(credentials, mem_ctx),
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- ret, mem_ctx)));
+ (*error_string) = talloc_asprintf(credentials, "kinit for %s failed (%s)\n",
+ cli_credentials_get_principal(credentials, mem_ctx),
+ smb_get_krb5_error_message(smb_krb5_context->krb5_context,
+ ret, mem_ctx));
talloc_free(mem_ctx);
return ret;
}
krb5_principal salt_princ;
krb5_principal princ;
const char *princ_string;
+ const char *error_string;
TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
if (!mem_ctx) {
princ_string = cli_credentials_get_principal(machine_account, mem_ctx);
/* Get the principal we will store the new keytab entries under */
- ret = principal_from_credentials(mem_ctx, machine_account, smb_krb5_context, &princ);
+ ret = principal_from_credentials(mem_ctx, machine_account, smb_krb5_context, &princ, &error_string);
if (ret) {
- DEBUG(1,("create_keytab: makeing krb5 principal failed (%s)\n",
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- ret, mem_ctx)));
+ DEBUG(1,("create_keytab: makeing krb5 principal failed (%s)\n", error_string));
talloc_free(mem_ctx);
return ret;
}
int kvno;
TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
const char *princ_string;
+ const char *error_string;
+
if (!mem_ctx) {
return ENOMEM;
}
princ_string = cli_credentials_get_principal(machine_account, mem_ctx);
/* Get the principal we will store the new keytab entries under */
- ret = principal_from_credentials(mem_ctx, machine_account, smb_krb5_context, &princ);
+ ret = principal_from_credentials(mem_ctx, machine_account, smb_krb5_context, &princ, &error_string);
if (ret) {
- DEBUG(1,("update_keytab: makeing krb5 principal failed (%s)\n",
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- ret, mem_ctx)));
+ DEBUG(1,("update_keytab: makeing krb5 principal failed (%s)\n", error_string));
talloc_free(mem_ctx);
return ret;
}
#define PyErr_FromNTSTATUS(status) Py_BuildValue("(i,s)", NT_STATUS_V(status), discard_const_p(char, get_friendly_nt_error_msg(status)))
+#define PyErr_FromString(str) Py_BuildValue("(s)", discard_const_p(char, str))
+
+#define PyErr_SetStringError(str) \
+ PyErr_SetObject(PyExc_RuntimeError, PyErr_FromString(str))
+
#define PyErr_SetWERROR(err) \
PyErr_SetObject(PyExc_RuntimeError, PyErr_FromWERROR(err))
OM_uint32 gret;
OM_uint32 minor_status;
gss_buffer_desc cred_token;
+ const char *error_string;
ret = cli_credentials_get_client_gss_creds(req->session_info->credentials,
ipriv->ntvfs->ctx->event_ctx,
ipriv->ntvfs->ctx->lp_ctx,
- &gcc);
+ &gcc, &error_string);
if (ret) {
goto skip;
}
gss_buffer_desc cred_token;
gss_cred_id_t cred_handle;
int ret;
+ const char *error_string;
DEBUG(10, ("named_pipe_auth: delegated credentials supplied by client\n"));
conn->event.ctx,
conn->lp_ctx,
cred_handle,
- CRED_SPECIFIED);
+ CRED_SPECIFIED, &error_string);
if (ret) {
rep.status = NT_STATUS_INTERNAL_ERROR;
+ DEBUG(2, ("Failed to set pipe forwarded creds: %s\n", error_string));
goto reply;
}