diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-01-20 17:15:49 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2017-03-06 19:40:23 +0100 |
| commit | f43ff04d0965408875b1c17e9cdb6187ff81839d (patch) | |
| tree | c6dbeb9f95dac022357e133f46944be8eb68078f /auth | |
| parent | 83628b44439fd9ef202beb9f5866e40700f693b0 (diff) | |
| download | samba-f43ff04d0965408875b1c17e9cdb6187ff81839d.tar.gz | |
gensec:spnego: Add debug message for the failed principal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4194a67c7efcb58ef2bb7efa1d1556d5fa0ce2e0)
Diffstat (limited to 'auth')
| -rw-r--r-- | auth/gensec/spnego.c | 58 |
1 files changed, 53 insertions, 5 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 47878922f96..f063f7b358b 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -511,10 +511,34 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_LOGON_SERVERS) || NT_STATUS_EQUAL(nt_status, NT_STATUS_TIME_DIFFERENCE_AT_DC) || NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) { - /* Pretend we never started it (lets the first run find some incompatible demand) */ + const char *next = NULL; + const char *principal = NULL; + int dbg_level = DBGLVL_WARNING; + + if (all_sec[i+1].op != NULL) { + next = all_sec[i+1].op->name; + dbg_level = DBGLVL_NOTICE; + } + + if (gensec_security->target.principal != NULL) { + principal = gensec_security->target.principal; + } else if (gensec_security->target.service != NULL && + gensec_security->target.hostname != NULL) + { + principal = talloc_asprintf(spnego_state->sub_sec_security, + "%s/%s", + gensec_security->target.service, + gensec_security->target.hostname); + } else { + principal = gensec_security->target.hostname; + } + + DEBUG(dbg_level, ("SPNEGO(%s) creating NEG_TOKEN_INIT for %s failed (next[%s]): %s\n", + spnego_state->sub_sec_security->ops->name, + principal, + next, nt_errstr(nt_status))); - DEBUG(3, ("SPNEGO(%s) NEG_TOKEN_INIT failed: %s\n", - spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status))); + /* Pretend we never started it (lets the first run find some incompatible demand) */ talloc_free(spnego_state->sub_sec_security); spnego_state->sub_sec_security = NULL; continue; @@ -619,8 +643,32 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(nt_status)) { - DEBUG(1, ("SPNEGO(%s) creating NEG_TOKEN_INIT failed: %s\n", - spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status))); + const char *next = NULL; + const char *principal = NULL; + int dbg_level = DBGLVL_WARNING; + + if (all_sec[i+1].op != NULL) { + next = all_sec[i+1].op->name; + dbg_level = DBGLVL_NOTICE; + } + + if (gensec_security->target.principal != NULL) { + principal = gensec_security->target.principal; + } else if (gensec_security->target.service != NULL && + gensec_security->target.hostname != NULL) + { + principal = talloc_asprintf(spnego_state->sub_sec_security, + "%s/%s", + gensec_security->target.service, + gensec_security->target.hostname); + } else { + principal = gensec_security->target.hostname; + } + + DEBUG(dbg_level, ("SPNEGO(%s) creating NEG_TOKEN_INIT for %s failed (next[%s]): %s\n", + spnego_state->sub_sec_security->ops->name, + principal, + next, nt_errstr(nt_status))); talloc_free(spnego_state->sub_sec_security); spnego_state->sub_sec_security = NULL; /* Pretend we never started it (lets the first run find some incompatible demand) */ |