better krb5 error handling (thanks andrewb!)

3 files changed, 23 insertions, 9 deletions

diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c
index 51b6e6e8cf7..5fef97c5713 100644
--- a/source/libsmb/clikrb5.c
+++ b/source/libsmb/clikrb5.c
@@ -48,15 +48,22 @@ static krb5_error_code krb5_mk_req2(krb5_context context,
 	
 	/* obtain ticket & session key */
 	memset((char *)&creds, 0, sizeof(creds));
-	if ((retval = krb5_copy_principal(context, server, &creds.server)))
+	if ((retval = krb5_copy_principal(context, server, &creds.server))) {
+		DEBUG(1,("krb5_copy_principal failed (%s)\n", 
+			 error_message(retval)));
 		goto cleanup_princ;
+	}
 	
-	if ((retval = krb5_cc_get_principal(context, ccache, &creds.client)))
+	if ((retval = krb5_cc_get_principal(context, ccache, &creds.client))) {
+		DEBUG(1,("krb5_cc_get_principal failed (%s)\n", 
+			 error_message(retval)));
 		goto cleanup_creds;
+	}
 
 	if ((retval = krb5_get_credentials(context, 0,
 					   ccache, &creds, &credsp))) {
-		DEBUG(1,("krb5_get_credentials failed (%d)\n", retval));
+		DEBUG(1,("krb5_get_credentials failed (%s)\n", 
+			 error_message(retval)));
 		goto cleanup_creds;
 	}
 
@@ -64,7 +71,8 @@ static krb5_error_code krb5_mk_req2(krb5_context context,
 	retval = krb5_mk_req_extended(context, auth_context, ap_req_options, 
 				      &in_data, credsp, outbuf);
 	if (retval) {
-		DEBUG(1,("krb5_mk_req_extended failed (%d)\n", retval));
+		DEBUG(1,("krb5_mk_req_extended failed (%s)\n", 
+			 error_message(retval)));
 	}
 	
 	krb5_free_creds(context, credsp);
@@ -92,12 +100,14 @@ DATA_BLOB krb5_get_ticket(char *service, char *realm)
 
 	retval = krb5_init_context(&context);
 	if (retval) {
-		DEBUG(1,("krb5_init_context failed\n"));
+		DEBUG(1,("krb5_init_context failed (%s)\n", 
+			 error_message(retval)));
 		goto failed;
 	}
 
 	if ((retval = krb5_cc_default(context, &ccdef))) {
-		DEBUG(1,("krb5_cc_default failed\n"));
+		DEBUG(1,("krb5_cc_default failed (%s)\n",
+			 error_message(retval)));
 		goto failed;
 	}
 
@@ -106,7 +116,6 @@ DATA_BLOB krb5_get_ticket(char *service, char *realm)
 				   0, 
 				   service, realm,
 				   ccdef, &packet))) {
-		DEBUG(1,("krb5_mk_req2 failed\n"));
 		goto failed;
 	}
 
diff --git a/source/smbd/negprot.c b/source/smbd/negprot.c
index 678156b528e..2eea6fa2811 100644
--- a/source/smbd/negprot.c
+++ b/source/smbd/negprot.c
@@ -163,7 +163,7 @@ static int negprot_spnego(char *p, uint8 cryptkey[8])
 	DATA_BLOB blob;
 	extern pstring global_myname;
 	uint8 guid[16];
-	const char *OIDs[] = {OID_NTLMSSP, 
+	const char *OIDs[] = {OID_NTLMSSP,
 			      OID_KERBEROS5_OLD,
 			      NULL};
 	char *principle;
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index 0202a247cdc..c8bf2a4f94f 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -62,12 +62,14 @@ static int reply_spnego_kerberos(connection_struct *conn,
 
 	ret = krb5_init_context(&context);
 	if (ret) {
+		DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret)));
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
 	ret = krb5_build_principal(context, &server, strlen(realm),
 				   realm, service, NULL);
 	if (ret) {
+		DEBUG(1,("krb5_build_principal failed (%s)\n", error_message(ret)));
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
@@ -76,12 +78,15 @@ static int reply_spnego_kerberos(connection_struct *conn,
 
 	if ((ret = krb5_rd_req(context, &auth_context, &packet, 
 				       server, keytab, NULL, &tkt))) {
-		DEBUG(3,("krb5_rd_req failed with code %08x\n", ret));
+		DEBUG(3,("krb5_rd_req failed (%s)\n", 
+			 error_message(ret)));
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
 	if ((ret = krb5_unparse_name(context, tkt->enc_part2->client,
 				     &client))) {
+		DEBUG(3,("krb5_unparse_name failed (%s)\n", 
+			 error_message(ret)));
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}