From 82650a1ea32f1860915bfd8b717b3d940c80625c Mon Sep 17 00:00:00 2001 From: Evgeny Sinelnikov Date: Thu, 12 Oct 2017 05:21:27 +0300 Subject: [PATCH] s4-dsdb, s4-kdc, s4-rpc_server: Logging and avoid TGS request problem with forest trust information for crossRef class object nCName attribute --- source4/dsdb/common/util_trusts.c | 9 +++++---- source4/kdc/db-glue.c | 9 ++++++++- source4/rpc_server/lsa/dcesrv_lsa.c | 2 ++ 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c index a083d86..1d213d4 100644 --- a/source4/dsdb/common/util_trusts.c +++ b/source4/dsdb/common/util_trusts.c @@ -414,8 +414,9 @@ static NTSTATUS dsdb_trust_parse_crossref_info(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - nc_dn = samdb_result_dn(sam_ctx, frame, msg, "ncName", NULL); + nc_dn = samdb_result_dn(sam_ctx, frame, msg, "nCName", NULL); if (nc_dn == NULL) { + DEBUG(3, ("dsdb_trust_parse_crossref_info: failed to found nCName for crossRef class object of domain %s\n", netbios)); TALLOC_FREE(frame); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1019,10 +1020,10 @@ NTSTATUS dsdb_trust_xref_forest_info(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_DB_CORRUPTION; } - nc_dn = samdb_result_dn(sam_ctx, m, m, "ncName", NULL); + nc_dn = samdb_result_dn(sam_ctx, m, m, "nCName", NULL); if (nc_dn == NULL) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_DB_CORRUPTION; + DEBUG(3, ("dsdb_trust_xref_forest_info: failed to found nCName for crossRef class object of domain %s\n", netbios)); + continue; } status = dsdb_get_extended_dn_sid(nc_dn, &sid, "SID"); diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index bf55bef..1a4793a 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -1670,6 +1670,7 @@ static krb5_error_code samba_kdc_fetch_client(krb5_context context, mem_ctx, principal, user_attrs, &realm_dn, &msg); if (ret != 0) { + DEBUG(5, ("samba_kdc_fetch_client: failed for samba_kdc_lookup_client()\n")); return ret; } @@ -1677,6 +1678,10 @@ static krb5_error_code samba_kdc_fetch_client(krb5_context context, principal, SAMBA_KDC_ENT_TYPE_CLIENT, flags, realm_dn, msg, entry_ex); + if (ret != 0) { + krb5_warnx(context, "samba_kdc_fetch_client: message2entry failed"); + } + return ret; } @@ -2012,6 +2017,7 @@ static krb5_error_code samba_kdc_fetch_server(krb5_context context, ret = samba_kdc_lookup_server(context, kdc_db_ctx, mem_ctx, principal, flags, server_attrs, &realm_dn, &msg); if (ret != 0) { + DEBUG(5, ("samba_kdc_fetch_server: failed for samba_kdc_lookup_server()\n")); return ret; } @@ -2020,7 +2026,7 @@ static krb5_error_code samba_kdc_fetch_server(krb5_context context, flags, realm_dn, msg, entry_ex); if (ret != 0) { - krb5_warnx(context, "samba_kdc_fetch: message2entry failed"); + krb5_warnx(context, "samba_kdc_fetch_server: message2entry failed"); } return ret; @@ -2174,6 +2180,7 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context, status = dsdb_trust_routing_table_load(kdc_db_ctx->samdb, frame, &trt); if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("samba_kdc_lookup_realm: dsdb_trust_routing_table_load() failed: %s\n", nt_errstr(status))); TALLOC_FREE(frame); return EINVAL; } diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 2aa7006..355db9b 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -4443,11 +4443,13 @@ static NTSTATUS dcesrv_lsa_lsaRSetForestTrustInformation(struct dcesrv_call_stat status = dsdb_trust_xref_tdo_info(mem_ctx, p_state->sam_ldb, &xref_tdo); if (!NT_STATUS_IS_OK(status)) { + DEBUG(4, ("dcesrv_lsa_lsaRSetForestTrustInformation: dsdb_trust_xref_tdo_info() failed: %s\n", nt_errstr(status))); goto done; } status = dsdb_trust_xref_forest_info(mem_ctx, p_state->sam_ldb, &xref_lfti); if (!NT_STATUS_IS_OK(status)) { + DEBUG(4, ("dcesrv_lsa_lsaRSetForestTrustInformation: dsdb_trust_xref_forest_info() failed: %s\n", nt_errstr(status))); goto done; } -- 2.10.2