1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s4:ldb/password_hash.c: improve krb5 context error message

When heimdal encounters a MIT krb5.conf that it does not understand,
it would emit an "ldb operations error". Sadly this does not help
or communicate to the administrator the root cause of the issue.

Improve the error message for when krb init fails during password_hash.c

Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
William Brown 2018-04-10 14:51:06 +10:00 committed by Jeremy Allison
parent 3227b110d0
commit ee560fa3a6

View File

@ -3138,10 +3138,27 @@ static int setup_io(struct ph_context *ac,
info_msg = client_msg;
}
if (smb_krb5_init_context(ac,
ret = smb_krb5_init_context(ac,
(struct loadparm_context *)ldb_get_opaque(ldb, "loadparm"),
&io->smb_krb5_context) != 0) {
return ldb_operr(ldb);
&io->smb_krb5_context);
if (ret != 0) {
/*
* In the special case of mit krb5.conf vs heimdal, the includedir
* statement causes ret == 22 (KRB5_CONFIG_BADFORMAT) to be returned.
* We look for this case so that we can give a more instructional
* message to the administrator.
*/
if (ret == KRB5_CONFIG_BADFORMAT || ret == EINVAL) {
ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s - "
"This could be due to an invalid krb5 configuration. "
"Please check your system's krb5 configuration is correct.",
error_message(ret));
} else {
ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s",
error_message(ret));
}
return LDB_ERR_OPERATIONS_ERROR;
}
io->ac = ac;