From ee560fa3a67797deef86b3aea763389488790ef0 Mon Sep 17 00:00:00 2001 From: William Brown Date: Tue, 10 Apr 2018 14:51:06 +1000 Subject: [PATCH] s4:ldb/password_hash.c: improve krb5 context error message When heimdal encounters a MIT krb5.conf that it does not understand, it would emit an "ldb operations error". Sadly this does not help or communicate to the administrator the root cause of the issue. Improve the error message for when krb init fails during password_hash.c Signed-off-by: William Brown Reviewed-by: Alexander Bokovoy Reviewed-by: Jeremy Allison --- .../dsdb/samdb/ldb_modules/password_hash.c | 23 ++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index c872f20eb23a..146fb6fa2c35 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -3138,10 +3138,27 @@ static int setup_io(struct ph_context *ac, info_msg = client_msg; } - if (smb_krb5_init_context(ac, + ret = smb_krb5_init_context(ac, (struct loadparm_context *)ldb_get_opaque(ldb, "loadparm"), - &io->smb_krb5_context) != 0) { - return ldb_operr(ldb); + &io->smb_krb5_context); + + if (ret != 0) { + /* + * In the special case of mit krb5.conf vs heimdal, the includedir + * statement causes ret == 22 (KRB5_CONFIG_BADFORMAT) to be returned. + * We look for this case so that we can give a more instructional + * message to the administrator. + */ + if (ret == KRB5_CONFIG_BADFORMAT || ret == EINVAL) { + ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s - " + "This could be due to an invalid krb5 configuration. " + "Please check your system's krb5 configuration is correct.", + error_message(ret)); + } else { + ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s", + error_message(ret)); + } + return LDB_ERR_OPERATIONS_ERROR; } io->ac = ac; -- 2.34.1