diff options
-rw-r--r-- | auth/gensec/spnego.c | 58 |
1 files changed, 53 insertions, 5 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 47878922f96..f063f7b358b 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -511,10 +511,34 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_LOGON_SERVERS) || NT_STATUS_EQUAL(nt_status, NT_STATUS_TIME_DIFFERENCE_AT_DC) || NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) { - /* Pretend we never started it (lets the first run find some incompatible demand) */ + const char *next = NULL; + const char *principal = NULL; + int dbg_level = DBGLVL_WARNING; + + if (all_sec[i+1].op != NULL) { + next = all_sec[i+1].op->name; + dbg_level = DBGLVL_NOTICE; + } + + if (gensec_security->target.principal != NULL) { + principal = gensec_security->target.principal; + } else if (gensec_security->target.service != NULL && + gensec_security->target.hostname != NULL) + { + principal = talloc_asprintf(spnego_state->sub_sec_security, + "%s/%s", + gensec_security->target.service, + gensec_security->target.hostname); + } else { + principal = gensec_security->target.hostname; + } + + DEBUG(dbg_level, ("SPNEGO(%s) creating NEG_TOKEN_INIT for %s failed (next[%s]): %s\n", + spnego_state->sub_sec_security->ops->name, + principal, + next, nt_errstr(nt_status))); - DEBUG(3, ("SPNEGO(%s) NEG_TOKEN_INIT failed: %s\n", - spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status))); + /* Pretend we never started it (lets the first run find some incompatible demand) */ talloc_free(spnego_state->sub_sec_security); spnego_state->sub_sec_security = NULL; continue; @@ -619,8 +643,32 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(nt_status)) { - DEBUG(1, ("SPNEGO(%s) creating NEG_TOKEN_INIT failed: %s\n", - spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status))); + const char *next = NULL; + const char *principal = NULL; + int dbg_level = DBGLVL_WARNING; + + if (all_sec[i+1].op != NULL) { + next = all_sec[i+1].op->name; + dbg_level = DBGLVL_NOTICE; + } + + if (gensec_security->target.principal != NULL) { + principal = gensec_security->target.principal; + } else if (gensec_security->target.service != NULL && + gensec_security->target.hostname != NULL) + { + principal = talloc_asprintf(spnego_state->sub_sec_security, + "%s/%s", + gensec_security->target.service, + gensec_security->target.hostname); + } else { + principal = gensec_security->target.hostname; + } + + DEBUG(dbg_level, ("SPNEGO(%s) creating NEG_TOKEN_INIT for %s failed (next[%s]): %s\n", + spnego_state->sub_sec_security->ops->name, + principal, + next, nt_errstr(nt_status))); talloc_free(spnego_state->sub_sec_security); spnego_state->sub_sec_security = NULL; /* Pretend we never started it (lets the first run find some incompatible demand) */ |