git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3227b11)
s4:ldb/password_hash.c: improve krb5 context error message
authorWilliam Brown <william@blackhats.net.au>
Tue, 10 Apr 2018 04:51:06 +0000 (14:51 +1000)
committerJeremy Allison <jra@samba.org>
Tue, 10 Apr 2018 23:06:39 +0000 (01:06 +0200)
When heimdal encounters a MIT krb5.conf that it does not understand,
it would emit an "ldb operations error". Sadly this does not help
or communicate to the administrator the root cause of the issue.

Improve the error message for when krb init fails during password_hash.c

Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source4/dsdb/samdb/ldb_modules/password_hash.c patch | blob | history

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index c872f20eb23aec85cc83e0f1c55a57c67059430c..146fb6fa2c35c306e94562201fecc4376848d5c7 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -3138,10 +3138,27 @@ static int setup_io(struct ph_context *ac,
                info_msg = client_msg;
        }
 
-       if (smb_krb5_init_context(ac,
+       ret = smb_krb5_init_context(ac,
                                  (struct loadparm_context *)ldb_get_opaque(ldb, "loadparm"),
-                                 &io->smb_krb5_context) != 0) {
-               return ldb_operr(ldb);
+                                 &io->smb_krb5_context);
+
+       if (ret != 0) {
+               /*
+                * In the special case of mit krb5.conf vs heimdal, the includedir
+                * statement causes ret == 22 (KRB5_CONFIG_BADFORMAT) to be returned.
+                * We look for this case so that we can give a more instructional
+                * message to the administrator.
+                */
+               if (ret == KRB5_CONFIG_BADFORMAT || ret == EINVAL) {
+                       ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s - "
+                               "This could be due to an invalid krb5 configuration. "
+                               "Please check your system's krb5 configuration is correct.",
+                               error_message(ret));
+               } else {
+                       ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s",
+                               error_message(ret));
+               }
+               return LDB_ERR_OPERATIONS_ERROR;
        }
 
        io->ac                          = ac;
Work in progress branches