mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:kdc: Use newer debugging macros
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
54c38cf9d9
commit
0182ddf97d
@ -102,7 +102,7 @@ static void auth_sam_trigger_repl_secret(TALLOC_CTX *mem_ctx,
|
||||
"dreplsrv",
|
||||
&ndr_table_irpc);
|
||||
if (irpc_handle == NULL) {
|
||||
DEBUG(1,(__location__ ": Unable to get binding handle for dreplsrv\n"));
|
||||
DBG_WARNING("Unable to get binding handle for dreplsrv\n");
|
||||
TALLOC_FREE(tmp_ctx);
|
||||
return;
|
||||
}
|
||||
@ -2034,7 +2034,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
|
||||
|
||||
/* Must have found a cleartext or MD4 password */
|
||||
if (num_keys == 0) {
|
||||
DEBUG(1,(__location__ ": no usable key found\n"));
|
||||
DBG_WARNING("no usable key found\n");
|
||||
krb5_clear_error_message(context);
|
||||
ret = SDB_ERR_NOENTRY;
|
||||
goto out;
|
||||
@ -2647,18 +2647,18 @@ static krb5_error_code samba_kdc_lookup_server(krb5_context context,
|
||||
DSDB_SEARCH_SHOW_EXTENDED_DN | DSDB_SEARCH_NO_GLOBAL_CATALOG,
|
||||
"%s", filter);
|
||||
if (lret == LDB_ERR_NO_SUCH_OBJECT) {
|
||||
DEBUG(10, ("Failed to find an entry for %s filter:%s\n",
|
||||
name1, filter));
|
||||
DBG_DEBUG("Failed to find an entry for %s filter:%s\n",
|
||||
name1, filter);
|
||||
return SDB_ERR_NOENTRY;
|
||||
}
|
||||
if (lret == LDB_ERR_CONSTRAINT_VIOLATION) {
|
||||
DEBUG(10, ("Failed to find unique entry for %s filter:%s\n",
|
||||
name1, filter));
|
||||
DBG_DEBUG("Failed to find unique entry for %s filter:%s\n",
|
||||
name1, filter);
|
||||
return SDB_ERR_NOENTRY;
|
||||
}
|
||||
if (lret != LDB_SUCCESS) {
|
||||
DEBUG(0, ("Failed single search for %s - %s\n",
|
||||
name1, ldb_errstring(kdc_db_ctx->samdb)));
|
||||
DBG_ERR("Failed single search for %s - %s\n",
|
||||
name1, ldb_errstring(kdc_db_ctx->samdb));
|
||||
return SDB_ERR_NOENTRY;
|
||||
}
|
||||
return 0;
|
||||
@ -3274,8 +3274,8 @@ samba_kdc_check_s4u2proxy(krb5_context context,
|
||||
" krb5_unparse_name() failed!");
|
||||
return ret;
|
||||
}
|
||||
DEBUG(10,("samba_kdc_check_s4u2proxy: client[%s] for target[%s]\n",
|
||||
client_dn, tmp));
|
||||
DBG_DEBUG("client[%s] for target[%s]\n",
|
||||
client_dn, tmp);
|
||||
|
||||
target_principal_name = talloc_strdup(mem_ctx, tmp);
|
||||
SAFE_FREE(tmp);
|
||||
@ -3315,8 +3315,8 @@ samba_kdc_check_s4u2proxy(krb5_context context,
|
||||
goto bad_option;
|
||||
}
|
||||
|
||||
DEBUG(10,("samba_kdc_check_s4u2proxy: client[%s] allowed target[%s]\n",
|
||||
client_dn, target_principal_name));
|
||||
DBG_DEBUG("client[%s] allowed target[%s]\n",
|
||||
client_dn, target_principal_name);
|
||||
talloc_free(mem_ctx);
|
||||
return 0;
|
||||
|
||||
@ -3550,7 +3550,7 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte
|
||||
NULL,
|
||||
0);
|
||||
if (kdc_db_ctx->samdb == NULL) {
|
||||
DEBUG(1, ("samba_kdc_setup_db_ctx: Cannot open samdb for KDC backend!\n"));
|
||||
DBG_WARNING("Cannot open samdb for KDC backend!\n");
|
||||
talloc_free(kdc_db_ctx);
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
@ -3558,8 +3558,8 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte
|
||||
/* Find out our own krbtgt kvno */
|
||||
ldb_ret = samdb_rodc(kdc_db_ctx->samdb, &kdc_db_ctx->rodc);
|
||||
if (ldb_ret != LDB_SUCCESS) {
|
||||
DEBUG(1, ("samba_kdc_setup_db_ctx: Cannot determine if we are an RODC in KDC backend: %s\n",
|
||||
ldb_errstring(kdc_db_ctx->samdb)));
|
||||
DBG_WARNING("Cannot determine if we are an RODC in KDC backend: %s\n",
|
||||
ldb_errstring(kdc_db_ctx->samdb));
|
||||
talloc_free(kdc_db_ctx);
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
@ -3569,8 +3569,8 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte
|
||||
struct ldb_dn *account_dn;
|
||||
struct ldb_dn *server_dn = samdb_server_dn(kdc_db_ctx->samdb, kdc_db_ctx);
|
||||
if (!server_dn) {
|
||||
DEBUG(1, ("samba_kdc_setup_db_ctx: Cannot determine server DN in KDC backend: %s\n",
|
||||
ldb_errstring(kdc_db_ctx->samdb)));
|
||||
DBG_WARNING("Cannot determine server DN in KDC backend: %s\n",
|
||||
ldb_errstring(kdc_db_ctx->samdb));
|
||||
talloc_free(kdc_db_ctx);
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
@ -3578,8 +3578,8 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte
|
||||
ldb_ret = samdb_reference_dn(kdc_db_ctx->samdb, kdc_db_ctx, server_dn,
|
||||
"serverReference", &account_dn);
|
||||
if (ldb_ret != LDB_SUCCESS) {
|
||||
DEBUG(1, ("samba_kdc_setup_db_ctx: Cannot determine server account in KDC backend: %s\n",
|
||||
ldb_errstring(kdc_db_ctx->samdb)));
|
||||
DBG_WARNING("Cannot determine server account in KDC backend: %s\n",
|
||||
ldb_errstring(kdc_db_ctx->samdb));
|
||||
talloc_free(kdc_db_ctx);
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
@ -3588,8 +3588,8 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte
|
||||
"msDS-KrbTgtLink", &kdc_db_ctx->krbtgt_dn);
|
||||
talloc_free(account_dn);
|
||||
if (ldb_ret != LDB_SUCCESS) {
|
||||
DEBUG(1, ("samba_kdc_setup_db_ctx: Cannot determine RODC krbtgt account in KDC backend: %s\n",
|
||||
ldb_errstring(kdc_db_ctx->samdb)));
|
||||
DBG_WARNING("Cannot determine RODC krbtgt account in KDC backend: %s\n",
|
||||
ldb_errstring(kdc_db_ctx->samdb));
|
||||
talloc_free(kdc_db_ctx);
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
@ -3600,18 +3600,18 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte
|
||||
DSDB_SEARCH_NO_GLOBAL_CATALOG,
|
||||
"(&(objectClass=user)(msDS-SecondaryKrbTgtNumber=*))");
|
||||
if (ldb_ret != LDB_SUCCESS) {
|
||||
DEBUG(1, ("samba_kdc_setup_db_ctx: Cannot read krbtgt account %s in KDC backend to get msDS-SecondaryKrbTgtNumber: %s: %s\n",
|
||||
ldb_dn_get_linearized(kdc_db_ctx->krbtgt_dn),
|
||||
ldb_errstring(kdc_db_ctx->samdb),
|
||||
ldb_strerror(ldb_ret)));
|
||||
DBG_WARNING("Cannot read krbtgt account %s in KDC backend to get msDS-SecondaryKrbTgtNumber: %s: %s\n",
|
||||
ldb_dn_get_linearized(kdc_db_ctx->krbtgt_dn),
|
||||
ldb_errstring(kdc_db_ctx->samdb),
|
||||
ldb_strerror(ldb_ret));
|
||||
talloc_free(kdc_db_ctx);
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
my_krbtgt_number = ldb_msg_find_attr_as_int(msg, "msDS-SecondaryKrbTgtNumber", -1);
|
||||
if (my_krbtgt_number == -1) {
|
||||
DEBUG(1, ("samba_kdc_setup_db_ctx: Cannot read msDS-SecondaryKrbTgtNumber from krbtgt account %s in KDC backend: got %d\n",
|
||||
ldb_dn_get_linearized(kdc_db_ctx->krbtgt_dn),
|
||||
my_krbtgt_number));
|
||||
DBG_WARNING("Cannot read msDS-SecondaryKrbTgtNumber from krbtgt account %s in KDC backend: got %d\n",
|
||||
ldb_dn_get_linearized(kdc_db_ctx->krbtgt_dn),
|
||||
my_krbtgt_number);
|
||||
talloc_free(kdc_db_ctx);
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
@ -3628,7 +3628,7 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte
|
||||
"(&(objectClass=user)(samAccountName=krbtgt))");
|
||||
|
||||
if (ldb_ret != LDB_SUCCESS) {
|
||||
DEBUG(1, ("samba_kdc_setup_db_ctx: could not find own KRBTGT in DB: %s\n", ldb_errstring(kdc_db_ctx->samdb)));
|
||||
DBG_WARNING("could not find own KRBTGT in DB: %s\n", ldb_errstring(kdc_db_ctx->samdb));
|
||||
talloc_free(kdc_db_ctx);
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
|
@ -405,7 +405,7 @@ static void reset_bad_password_netlogon(TALLOC_CTX *mem_ctx,
|
||||
&ndr_table_winbind);
|
||||
|
||||
if (irpc_handle == NULL) {
|
||||
DEBUG(0, ("No winbind_server running!\n"));
|
||||
DBG_ERR("No winbind_server running!\n");
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -51,7 +51,7 @@ static WERROR kdc_proxy_get_writeable_dcs(struct kdc_server *kdc, TALLOC_CTX *me
|
||||
if (count == 0) {
|
||||
/* we don't have any DCs to replicate with. Very
|
||||
strange for a RODC */
|
||||
DEBUG(1,(__location__ ": No replication sources for RODC in KDC proxy\n"));
|
||||
DBG_WARNING("No replication sources for RODC in KDC proxy\n");
|
||||
talloc_free(reps);
|
||||
return WERR_DS_DRA_NO_REPLICA;
|
||||
}
|
||||
@ -190,8 +190,8 @@ static void kdc_udp_proxy_resolve_done(struct composite_context *csubreq)
|
||||
|
||||
status = resolve_name_recv(csubreq, state, &state->proxy.ip);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0,("Unable to resolve proxy[%s] - %s\n",
|
||||
state->proxy.name.name, nt_errstr(status)));
|
||||
DBG_ERR("Unable to resolve proxy[%s] - %s\n",
|
||||
state->proxy.name.name, nt_errstr(status));
|
||||
kdc_udp_next_proxy(req);
|
||||
return;
|
||||
}
|
||||
@ -450,8 +450,8 @@ static void kdc_tcp_proxy_resolve_done(struct composite_context *csubreq)
|
||||
|
||||
status = resolve_name_recv(csubreq, state, &state->proxy.ip);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0,("Unable to resolve proxy[%s] - %s\n",
|
||||
state->proxy.name.name, nt_errstr(status)));
|
||||
DBG_ERR("Unable to resolve proxy[%s] - %s\n",
|
||||
state->proxy.name.name, nt_errstr(status));
|
||||
kdc_tcp_next_proxy(req);
|
||||
return;
|
||||
}
|
||||
|
@ -132,9 +132,9 @@ static void kdc_udp_call_loop(struct tevent_req *subreq)
|
||||
call->in.data = buf;
|
||||
call->in.length = len;
|
||||
|
||||
DEBUG(10,("Received krb5 UDP packet of length %zu from %s\n",
|
||||
call->in.length,
|
||||
tsocket_address_string(call->src, call)));
|
||||
DBG_DEBUG("Received krb5 UDP packet of length %zu from %s\n",
|
||||
call->in.length,
|
||||
tsocket_address_string(call->src, call));
|
||||
|
||||
/* Call krb5 */
|
||||
ret = sock->kdc_socket->process(sock->kdc_socket->kdc,
|
||||
@ -153,7 +153,7 @@ static void kdc_udp_call_loop(struct tevent_req *subreq)
|
||||
uint16_t port;
|
||||
|
||||
if (!sock->kdc_socket->kdc->am_rodc) {
|
||||
DEBUG(0,("kdc_udp_call_loop: proxying requested when not RODC\n"));
|
||||
DBG_ERR("proxying requested when not RODC\n");
|
||||
talloc_free(call);
|
||||
goto done;
|
||||
}
|
||||
@ -281,9 +281,9 @@ static void kdc_tcp_call_loop(struct tevent_req *subreq)
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUG(10,("Received krb5 TCP packet of length %zu from %s\n",
|
||||
call->in.length,
|
||||
tsocket_address_string(kdc_conn->conn->remote_address, call)));
|
||||
DBG_DEBUG("Received krb5 TCP packet of length %zu from %s\n",
|
||||
call->in.length,
|
||||
tsocket_address_string(kdc_conn->conn->remote_address, call));
|
||||
|
||||
/* skip length header */
|
||||
call->in.data +=4;
|
||||
@ -584,8 +584,8 @@ NTSTATUS kdc_add_socket(struct kdc_server *kdc,
|
||||
kdc_socket,
|
||||
kdc->task->process_context);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0,("Failed to bind to %s:%u TCP - %s\n",
|
||||
address, port, nt_errstr(status)));
|
||||
DBG_ERR("Failed to bind to %s:%u TCP - %s\n",
|
||||
address, port, nt_errstr(status));
|
||||
talloc_free(kdc_socket);
|
||||
return status;
|
||||
}
|
||||
@ -602,8 +602,8 @@ NTSTATUS kdc_add_socket(struct kdc_server *kdc,
|
||||
&kdc_udp_socket->dgram);
|
||||
if (ret != 0) {
|
||||
status = map_nt_error_from_unix_common(errno);
|
||||
DEBUG(0,("Failed to bind to %s:%u UDP - %s\n",
|
||||
address, port, nt_errstr(status)));
|
||||
DBG_ERR("Failed to bind to %s:%u UDP - %s\n",
|
||||
address, port, nt_errstr(status));
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -222,7 +222,7 @@ NTSTATUS mitkdc_task_init(struct task_server *task)
|
||||
#endif
|
||||
NULL);
|
||||
if (subreq == NULL) {
|
||||
DEBUG(0, ("Failed to start MIT KDC as child daemon\n"));
|
||||
DBG_ERR("Failed to start MIT KDC as child daemon\n");
|
||||
|
||||
task_server_terminate(task,
|
||||
"Failed to startup mitkdc task",
|
||||
@ -232,7 +232,7 @@ NTSTATUS mitkdc_task_init(struct task_server *task)
|
||||
|
||||
tevent_req_set_callback(subreq, mitkdc_server_done, task);
|
||||
|
||||
DEBUG(5,("Started krb5kdc process\n"));
|
||||
DBG_INFO("Started krb5kdc process\n");
|
||||
|
||||
status = samba_setup_mit_kdc_irpc(task);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
@ -241,7 +241,7 @@ NTSTATUS mitkdc_task_init(struct task_server *task)
|
||||
true);
|
||||
}
|
||||
|
||||
DEBUG(5,("Started irpc service for kdc_server\n"));
|
||||
DBG_INFO("Started irpc service for kdc_server\n");
|
||||
|
||||
kdc = talloc_zero(task, struct kdc_server);
|
||||
if (kdc == NULL) {
|
||||
@ -342,7 +342,7 @@ NTSTATUS mitkdc_task_init(struct task_server *task)
|
||||
return status;
|
||||
}
|
||||
|
||||
DEBUG(5,("Started kpasswd service for kdc_server\n"));
|
||||
DBG_INFO("Started kpasswd service for kdc_server\n");
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
@ -360,10 +360,10 @@ static void mitkdc_server_done(struct tevent_req *subreq)
|
||||
|
||||
ret = samba_runcmd_recv(subreq, &sys_errno);
|
||||
if (ret != 0) {
|
||||
DEBUG(0, ("The MIT KDC daemon died with exit status %d\n",
|
||||
sys_errno));
|
||||
DBG_ERR("The MIT KDC daemon died with exit status %d\n",
|
||||
sys_errno);
|
||||
} else {
|
||||
DEBUG(0,("The MIT KDC daemon exited normally\n"));
|
||||
DBG_ERR("The MIT KDC daemon exited normally\n");
|
||||
}
|
||||
|
||||
task_server_terminate(task, "mitkdc child process exited", true);
|
||||
|
@ -62,10 +62,10 @@ NTSTATUS samdb_kpasswd_change_password(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
DEBUG(3, ("Changing password of %s\\%s (%s)\n",
|
||||
session_info->info->domain_name,
|
||||
session_info->info->account_name,
|
||||
dom_sid_string(mem_ctx, &session_info->security_token->sids[PRIMARY_USER_SID_INDEX])));
|
||||
DBG_NOTICE("Changing password of %s\\%s (%s)\n",
|
||||
session_info->info->domain_name,
|
||||
session_info->info->account_name,
|
||||
dom_sid_string(mem_ctx, &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]));
|
||||
|
||||
/* Performs the password change */
|
||||
status = samdb_set_password_sid(samdb,
|
||||
|
@ -104,8 +104,8 @@ static NTSTATUS netr_samlogon_generic_logon(struct irpc_message *msg,
|
||||
lpcfg_realm(mki_ctx->task->lp_ctx),
|
||||
NULL);
|
||||
if (code != 0) {
|
||||
DEBUG(0, ("Failed to create krbtgt@%s principal!\n",
|
||||
lpcfg_realm(mki_ctx->task->lp_ctx)));
|
||||
DBG_ERR("Failed to create krbtgt@%s principal!\n",
|
||||
lpcfg_realm(mki_ctx->task->lp_ctx));
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
@ -118,8 +118,8 @@ static NTSTATUS netr_samlogon_generic_logon(struct irpc_message *msg,
|
||||
&sentry);
|
||||
krb5_free_principal(mki_ctx->krb5_context, principal);
|
||||
if (code != 0) {
|
||||
DEBUG(0, ("Failed to fetch krbtgt@%s principal entry!\n",
|
||||
lpcfg_realm(mki_ctx->task->lp_ctx)));
|
||||
DBG_ERR("Failed to fetch krbtgt@%s principal entry!\n",
|
||||
lpcfg_realm(mki_ctx->task->lp_ctx));
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
|
||||
|
@ -1081,7 +1081,7 @@ int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
|
||||
krb5_error_code code = 0;
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
DEBUG(1,("mit_samba_kpasswd_change_password called with: %s\n", pwd));
|
||||
DBG_WARNING("mit_samba_kpasswd_change_password called with: %s\n", pwd);
|
||||
#endif
|
||||
|
||||
tmp_ctx = talloc_named(ctx, 0, "mit_samba_kpasswd_change_password");
|
||||
@ -1093,8 +1093,8 @@ int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
|
||||
p->msg,
|
||||
&user_info_dc);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1,("samba_kdc_get_user_info_from_db failed: %s\n",
|
||||
nt_errstr(status)));
|
||||
DBG_WARNING("samba_kdc_get_user_info_from_db failed: %s\n",
|
||||
nt_errstr(status));
|
||||
talloc_free(tmp_ctx);
|
||||
return EINVAL;
|
||||
}
|
||||
@ -1107,8 +1107,8 @@ int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
|
||||
&ctx->session_info);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1,("auth_generate_session_info failed: %s\n",
|
||||
nt_errstr(status)));
|
||||
DBG_WARNING("auth_generate_session_info failed: %s\n",
|
||||
nt_errstr(status));
|
||||
talloc_free(tmp_ctx);
|
||||
return EINVAL;
|
||||
}
|
||||
@ -1118,7 +1118,7 @@ int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
|
||||
if (!convert_string_talloc(tmp_ctx, CH_UTF8, CH_UTF16,
|
||||
pwd, strlen(pwd),
|
||||
&password.data, &password.length)) {
|
||||
DEBUG(1,("convert_string_talloc failed\n"));
|
||||
DBG_WARNING("convert_string_talloc failed\n");
|
||||
talloc_free(tmp_ctx);
|
||||
return EINVAL;
|
||||
}
|
||||
@ -1133,8 +1133,8 @@ int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
|
||||
&error_string,
|
||||
&result);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1,("samdb_kpasswd_change_password failed: %s\n",
|
||||
nt_errstr(status)));
|
||||
DBG_WARNING("samdb_kpasswd_change_password failed: %s\n",
|
||||
nt_errstr(status));
|
||||
code = KADM5_PASS_Q_GENERIC;
|
||||
krb5_set_error_message(ctx->context, code, "%s", error_string);
|
||||
goto out;
|
||||
|
@ -85,8 +85,8 @@ NTSTATUS samba_get_logon_info_pac_blob(TALLOC_CTX *mem_ctx,
|
||||
&info3,
|
||||
resource_groups);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(1, ("Getting Samba info failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_WARNING("Getting Samba info failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
@ -122,8 +122,8 @@ NTSTATUS samba_get_logon_info_pac_blob(TALLOC_CTX *mem_ctx,
|
||||
(ndr_push_flags_fn_t)ndr_push_PAC_INFO);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(1, ("PAC_LOGON_INFO (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_WARNING("PAC_LOGON_INFO (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
@ -155,8 +155,8 @@ NTSTATUS samba_get_requester_sid_pac_blob(TALLOC_CTX *mem_ctx,
|
||||
(ndr_push_flags_fn_t)ndr_push_PAC_INFO);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(1, ("PAC_REQUESTER_SID (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_WARNING("PAC_REQUESTER_SID (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
return nt_status;
|
||||
}
|
||||
}
|
||||
@ -201,8 +201,8 @@ NTSTATUS samba_get_upn_info_pac_blob(TALLOC_CTX *mem_ctx,
|
||||
(ndr_push_flags_fn_t)ndr_push_PAC_INFO);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(1, ("PAC UPN_DNS_INFO (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_WARNING("PAC UPN_DNS_INFO (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
@ -236,8 +236,8 @@ NTSTATUS samba_get_pac_attrs_blob(TALLOC_CTX *mem_ctx,
|
||||
(ndr_push_flags_fn_t)ndr_push_PAC_INFO);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(1, ("PAC ATTRIBUTES_INFO (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_WARNING("PAC ATTRIBUTES_INFO (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
@ -298,7 +298,7 @@ NTSTATUS samba_get_cred_info_ndr_blob(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
}
|
||||
if (lm_hash != NULL) {
|
||||
DEBUG(5, ("Passing LM password hash through credentials set\n"));
|
||||
DBG_INFO("Passing LM password hash through credentials set\n");
|
||||
ntlm_secpkg.flags |= PAC_CREDENTIAL_NTLM_HAS_LM_HASH;
|
||||
ntlm_secpkg.lm_password = *lm_hash;
|
||||
ZERO_STRUCTP(lm_hash);
|
||||
@ -313,7 +313,7 @@ NTSTATUS samba_get_cred_info_ndr_blob(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
}
|
||||
if (nt_hash != NULL) {
|
||||
DEBUG(5, ("Passing NT password hash through credentials set\n"));
|
||||
DBG_INFO("Passing NT password hash through credentials set\n");
|
||||
ntlm_secpkg.flags |= PAC_CREDENTIAL_NTLM_HAS_NT_HASH;
|
||||
ntlm_secpkg.nt_password = *nt_hash;
|
||||
ZERO_STRUCTP(nt_hash);
|
||||
@ -335,13 +335,13 @@ NTSTATUS samba_get_cred_info_ndr_blob(TALLOC_CTX *mem_ctx,
|
||||
ZERO_STRUCT(ntlm_secpkg);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(1, ("PAC_CREDENTIAL_NTLM_SECPKG (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_WARNING("PAC_CREDENTIAL_NTLM_SECPKG (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
DEBUG(10, ("NTLM credential BLOB (len %zu) for user\n",
|
||||
ntlm_blob.length));
|
||||
DBG_DEBUG("NTLM credential BLOB (len %zu) for user\n",
|
||||
ntlm_blob.length);
|
||||
dump_data_pw("PAC_CREDENTIAL_NTLM_SECPKG",
|
||||
ntlm_blob.data, ntlm_blob.length);
|
||||
|
||||
@ -371,13 +371,13 @@ NTSTATUS samba_get_cred_info_ndr_blob(TALLOC_CTX *mem_ctx,
|
||||
data_blob_clear(&ntlm_blob);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(1, ("PAC_CREDENTIAL_DATA_NDR (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_WARNING("PAC_CREDENTIAL_DATA_NDR (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
DEBUG(10, ("Created credential BLOB (len %zu) for user\n",
|
||||
cred_blob->length));
|
||||
DBG_DEBUG("Created credential BLOB (len %zu) for user\n",
|
||||
cred_blob->length);
|
||||
dump_data_pw("PAC_CREDENTIAL_DATA_NDR",
|
||||
cred_blob->data, cred_blob->length);
|
||||
|
||||
@ -406,20 +406,20 @@ krb5_error_code samba_kdc_encrypt_pac_credentials(krb5_context context,
|
||||
&cred_crypto);
|
||||
if (ret != 0) {
|
||||
krb5err = krb5_get_error_message(context, ret);
|
||||
DEBUG(1, ("Failed initializing cred data crypto: %s\n", krb5err));
|
||||
DBG_WARNING("Failed initializing cred data crypto: %s\n", krb5err);
|
||||
krb5_free_error_message(context, krb5err);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = krb5_crypto_getenctype(context, cred_crypto, &cred_enctype);
|
||||
if (ret != 0) {
|
||||
DEBUG(1, ("Failed getting crypto type for key\n"));
|
||||
DBG_WARNING("Failed getting crypto type for key\n");
|
||||
krb5_crypto_destroy(context, cred_crypto);
|
||||
return ret;
|
||||
}
|
||||
|
||||
DEBUG(10, ("Plain cred_ndr_blob (len %zu)\n",
|
||||
cred_ndr_blob->length));
|
||||
DBG_DEBUG("Plain cred_ndr_blob (len %zu)\n",
|
||||
cred_ndr_blob->length);
|
||||
dump_data_pw("PAC_CREDENTIAL_DATA_NDR",
|
||||
cred_ndr_blob->data, cred_ndr_blob->length);
|
||||
|
||||
@ -430,7 +430,7 @@ krb5_error_code samba_kdc_encrypt_pac_credentials(krb5_context context,
|
||||
krb5_crypto_destroy(context, cred_crypto);
|
||||
if (ret != 0) {
|
||||
krb5err = krb5_get_error_message(context, ret);
|
||||
DEBUG(1, ("Failed crypt of cred data: %s\n", krb5err));
|
||||
DBG_WARNING("Failed crypt of cred data: %s\n", krb5err);
|
||||
krb5_free_error_message(context, krb5err);
|
||||
return ret;
|
||||
}
|
||||
@ -448,13 +448,13 @@ krb5_error_code samba_kdc_encrypt_pac_credentials(krb5_context context,
|
||||
krb5_data_free(&cred_ndr_crypt);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(1, ("PAC_CREDENTIAL_INFO (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_WARNING("PAC_CREDENTIAL_INFO (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
return KRB5KDC_ERR_SVC_UNAVAILABLE;
|
||||
}
|
||||
|
||||
DEBUG(10, ("Encrypted credential BLOB (len %zu) with alg %"PRId32"\n",
|
||||
cred_info_blob->length, pac_cred_info.encryption_type));
|
||||
DBG_DEBUG("Encrypted credential BLOB (len %zu) with alg %"PRId32"\n",
|
||||
cred_info_blob->length, pac_cred_info.encryption_type);
|
||||
dump_data_pw("PAC_CREDENTIAL_INFO",
|
||||
cred_info_blob->data, cred_info_blob->length);
|
||||
|
||||
@ -485,15 +485,15 @@ krb5_error_code samba_kdc_encrypt_pac_credentials(krb5_context context,
|
||||
&cred_key);
|
||||
if (code != 0) {
|
||||
krb5err = krb5_get_error_message(context, code);
|
||||
DEBUG(1, ("Failed initializing cred data crypto: %s\n", krb5err));
|
||||
DBG_WARNING("Failed initializing cred data crypto: %s\n", krb5err);
|
||||
krb5_free_error_message(context, krb5err);
|
||||
return code;
|
||||
}
|
||||
|
||||
cred_enctype = krb5_k_key_enctype(context, cred_key);
|
||||
|
||||
DEBUG(10, ("Plain cred_ndr_blob (len %zu)\n",
|
||||
cred_ndr_blob->length));
|
||||
DBG_DEBUG("Plain cred_ndr_blob (len %zu)\n",
|
||||
cred_ndr_blob->length);
|
||||
dump_data_pw("PAC_CREDENTIAL_DATA_NDR",
|
||||
cred_ndr_blob->data, cred_ndr_blob->length);
|
||||
|
||||
@ -509,7 +509,7 @@ krb5_error_code samba_kdc_encrypt_pac_credentials(krb5_context context,
|
||||
&enc_len);
|
||||
if (code != 0) {
|
||||
krb5err = krb5_get_error_message(context, code);
|
||||
DEBUG(1, ("Failed initializing cred data crypto: %s\n", krb5err));
|
||||
DBG_WARNING("Failed initializing cred data crypto: %s\n", krb5err);
|
||||
krb5_free_error_message(context, krb5err);
|
||||
return code;
|
||||
}
|
||||
@ -532,7 +532,7 @@ krb5_error_code samba_kdc_encrypt_pac_credentials(krb5_context context,
|
||||
krb5_k_free_key(context, cred_key);
|
||||
if (code != 0) {
|
||||
krb5err = krb5_get_error_message(context, code);
|
||||
DEBUG(1, ("Failed crypt of cred data: %s\n", krb5err));
|
||||
DBG_WARNING("Failed crypt of cred data: %s\n", krb5err);
|
||||
krb5_free_error_message(context, krb5err);
|
||||
return code;
|
||||
}
|
||||
@ -546,13 +546,13 @@ krb5_error_code samba_kdc_encrypt_pac_credentials(krb5_context context,
|
||||
TALLOC_FREE(pac_cred_info.encrypted_data.data);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(1, ("PAC_CREDENTIAL_INFO (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_WARNING("PAC_CREDENTIAL_INFO (presig) push failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
return KRB5KDC_ERR_SVC_UNAVAILABLE;
|
||||
}
|
||||
|
||||
DEBUG(10, ("Encrypted credential BLOB (len %zu) with alg %"PRId32"\n",
|
||||
cred_info_blob->length, pac_cred_info.encryption_type));
|
||||
DBG_DEBUG("Encrypted credential BLOB (len %zu) with alg %"PRId32"\n",
|
||||
cred_info_blob->length, pac_cred_info.encryption_type);
|
||||
dump_data_pw("PAC_CREDENTIAL_INFO",
|
||||
cred_info_blob->data, cred_info_blob->length);
|
||||
|
||||
@ -771,7 +771,7 @@ int samba_client_requested_pac(krb5_context context,
|
||||
smb_krb5_free_data_contents(context, &k5pac_attrs_in);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(0,("can't parse the PAC ATTRIBUTES_INFO: %s\n", nt_errstr(nt_status)));
|
||||
DBG_ERR("can't parse the PAC ATTRIBUTES_INFO: %s\n", nt_errstr(nt_status));
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
@ -1054,8 +1054,8 @@ NTSTATUS samba_kdc_get_upn_info_blob(TALLOC_CTX *mem_ctx,
|
||||
user_info_dc,
|
||||
upn_blob);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(0, ("Building PAC UPN INFO failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_ERR("Building PAC UPN INFO failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
@ -1363,7 +1363,7 @@ static NTSTATUS samba_kdc_update_delegation_info_blob(TALLOC_CTX *mem_ctx,
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
smb_krb5_free_data_contents(context, &old_data);
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(0,("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status)));
|
||||
DBG_ERR("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status));
|
||||
talloc_free(tmp_ctx);
|
||||
return nt_status;
|
||||
}
|
||||
@ -1403,7 +1403,7 @@ static NTSTATUS samba_kdc_update_delegation_info_blob(TALLOC_CTX *mem_ctx,
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
smb_krb5_free_data_contents(context, &old_data);
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(0,("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status)));
|
||||
DBG_ERR("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status));
|
||||
talloc_free(tmp_ctx);
|
||||
return nt_status;
|
||||
}
|
||||
@ -1501,7 +1501,7 @@ static krb5_error_code samba_get_requester_sid(TALLOC_CTX *mem_ctx,
|
||||
smb_krb5_free_data_contents(context, &k5pac_requester_sid_in);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(0,("can't parse the PAC REQUESTER_SID: %s\n", nt_errstr(nt_status)));
|
||||
DBG_ERR("can't parse the PAC REQUESTER_SID: %s\n", nt_errstr(nt_status));
|
||||
talloc_free(tmp_ctx);
|
||||
return EINVAL;
|
||||
}
|
||||
@ -2080,8 +2080,8 @@ static krb5_error_code samba_kdc_get_device_info_blob(TALLOC_CTX *mem_ctx,
|
||||
&info3,
|
||||
&resource_groups);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(1, ("Getting Samba info failed: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
DBG_WARNING("Getting Samba info failed: %s\n",
|
||||
nt_errstr(nt_status));
|
||||
talloc_free(frame);
|
||||
return nt_status_to_krb5(nt_status);
|
||||
}
|
||||
|
@ -369,7 +369,7 @@ static krb5_error_code samba_wdc_verify_pac2(astgs_request_t r,
|
||||
NULL,
|
||||
&key->key);
|
||||
if (ret != 0) {
|
||||
DEBUG(1, ("PAC KDC signature failed to verify\n"));
|
||||
DBG_WARNING("PAC KDC signature failed to verify\n");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -580,7 +580,7 @@ static krb5_error_code samba_wdc_verify_pac(void *priv, astgs_request_t r,
|
||||
&ctype,
|
||||
&rodc_id);
|
||||
if (ret != 0) {
|
||||
DEBUG(1, ("Failed to get PAC checksum info\n"));
|
||||
DBG_WARNING("Failed to get PAC checksum info\n");
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user