diff options
| author | Gordon Ross <gwr@racktopsystems.com> | 2021-10-15 16:02:38 -0400 |
|---|---|---|
| committer | Toomas Soome <tsoome@me.com> | 2022-10-11 22:19:43 +0300 |
| commit | 7b0b8123e6101089b9e44e31f6b14b0762845fbb (patch) | |
| tree | 10b47b7038ab155a275d24c545104f396c12a6d3 /usr/src/lib | |
| parent | 3cc2454804c6ebaa0b2a607ad425214c1e51c4ee (diff) | |
| download | illumos-joyent-7b0b8123e6101089b9e44e31f6b14b0762845fbb.tar.gz | |
15041 smbadm join reports clock skew as bad password
Reviewed by: Matt Barden <mbarden@tintri.com>
Approved by: Dan McDonald <danmcd@mnx.io>
Diffstat (limited to 'usr/src/lib')
| -rw-r--r-- | usr/src/lib/smbsrv/libsmbns/common/libsmbns.h | 2 | ||||
| -rw-r--r-- | usr/src/lib/smbsrv/libsmbns/common/smbns_ads.c | 4 | ||||
| -rw-r--r-- | usr/src/lib/smbsrv/libsmbns/common/smbns_krb.c | 21 |
3 files changed, 19 insertions, 8 deletions
diff --git a/usr/src/lib/smbsrv/libsmbns/common/libsmbns.h b/usr/src/lib/smbsrv/libsmbns/common/libsmbns.h index 7cde269335..5ccd894b6f 100644 --- a/usr/src/lib/smbsrv/libsmbns/common/libsmbns.h +++ b/usr/src/lib/smbsrv/libsmbns/common/libsmbns.h @@ -64,7 +64,9 @@ typedef enum smb_ads_status { SMB_ADS_KRB5_INIT_CTX, SMB_ADS_KRB5_CC_DEFAULT, SMB_ADS_KRB5_PARSE_PRINCIPAL, + SMB_ADS_KRB5_GET_INIT_CREDS_OTHER, SMB_ADS_KRB5_GET_INIT_CREDS_PW, + SMB_ADS_KRB5_GET_INIT_CREDS_SKEW, SMB_ADS_KRB5_CC_INITIALIZE, SMB_ADS_KRB5_CC_STORE_CRED, SMB_ADS_CANT_LOCATE_DC, diff --git a/usr/src/lib/smbsrv/libsmbns/common/smbns_ads.c b/usr/src/lib/smbsrv/libsmbns/common/smbns_ads.c index 8bbe0e8afb..02b9d3c6e0 100644 --- a/usr/src/lib/smbsrv/libsmbns/common/smbns_ads.c +++ b/usr/src/lib/smbsrv/libsmbns/common/smbns_ads.c @@ -1947,8 +1947,12 @@ adjoin_table[] = { "Failed to resolve default credential cache." }, { SMB_ADS_KRB5_PARSE_PRINCIPAL, "Failed parsing the user principal name." }, + { SMB_ADS_KRB5_GET_INIT_CREDS_OTHER, + "Failed getting initial credentials. (See svc. log)" }, { SMB_ADS_KRB5_GET_INIT_CREDS_PW, "Failed getting initial credentials. (Wrong password?)" }, + { SMB_ADS_KRB5_GET_INIT_CREDS_SKEW, + "Failed getting initial credentials. (Clock skew too great)" }, { SMB_ADS_KRB5_CC_INITIALIZE, "Failed initializing the credential cache." }, { SMB_ADS_KRB5_CC_STORE_CRED, diff --git a/usr/src/lib/smbsrv/libsmbns/common/smbns_krb.c b/usr/src/lib/smbsrv/libsmbns/common/smbns_krb.c index aebc6f8c06..b29963f0e9 100644 --- a/usr/src/lib/smbsrv/libsmbns/common/smbns_krb.c +++ b/usr/src/lib/smbsrv/libsmbns/common/smbns_krb.c @@ -68,7 +68,6 @@ smb_kinit(char *domain_name, char *principal_name, char *principal_passwd) krb5_principal me = NULL; krb5_creds my_creds; krb5_error_code code; - const char *errmsg = NULL; const char *doing = NULL; smb_ads_status_t err; @@ -115,11 +114,20 @@ smb_kinit(char *domain_name, char *principal_name, char *principal_passwd) principal_passwd, NULL, 0, (krb5_deltat)0, NULL, NULL); if (code != 0) { - err = SMB_ADS_KRB5_GET_INIT_CREDS_PW; doing = "smbns_krb: getting initial credentials"; + switch (code) { - if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) { - errmsg = "smbns_krb: Password incorrect"; + case KRB5KRB_AP_ERR_BAD_INTEGRITY: + err = SMB_ADS_KRB5_GET_INIT_CREDS_PW; + break; + + case KRB5KRB_AP_ERR_SKEW: + err = SMB_ADS_KRB5_GET_INIT_CREDS_SKEW; + break; + + default: + err = SMB_ADS_KRB5_GET_INIT_CREDS_OTHER; + break; } goto cleanup; @@ -144,10 +152,7 @@ smb_kinit(char *domain_name, char *principal_name, char *principal_passwd) cleanup: if (code != 0) { - if (errmsg == NULL) - smb_krb5_log_errmsg(ctx, doing, code); - else - syslog(LOG_ERR, "%s (%s)", doing, errmsg); + smb_krb5_log_errmsg(ctx, doing, code); } if (my_creds.client == me) { |