sspi: print out InitializeSecurityContext() error message #1395

Closed
wants to merge 1 commit into
from

Projects

None yet

5 participants

@frenche
Contributor
frenche commented Apr 6, 2017

Signed-off-by: Isaac Boukris iboukris@gmail.com
Assisted-by: Jay Satiro
Reported-by: Carsten (talksinmath)

See #1384

@frenche, thanks for your PR! By analyzing the history of the files in this pull request, we identified @captain-caveman2k, @bagder and @mirekfranc to be potential reviewers.

@MarcelRaad

Why does this return CURLE_OUT_OF_MEMORY? Most of the other possible return values of InizializeSecurityContext seem more likely to me...

@jay
jay approved these changes Apr 6, 2017 View changes

I don't think See is a parseable keyword, when you are referencing a bug please use Bug: or if it's a github issue you could use one of the github auto keywords instead like Fixes. hre are some examples, check the repo history for more

-- blank line --
Bug: https://github.com/curl/curl/issues/1384
Reported-by: Carsten (talksinmath)

Closes #1395
Reported-by: Carsten (talksinmath)

Fixes https://github.com/curl/curl/issues/1384
Closes https://github.com/curl/curl/pull/1395
Reported-by: Carsten (talksinmath)

Fixes #1384
Closes #1395
Owner
jay commented Apr 6, 2017

Why does this return CURLE_OUT_OF_MEMORY?

It looks like it returns that for all errors that contain 0x80000000 or in other words all SEC_E_ errors. I can't think of a good catch all there, maybe CURLE_RECV_ERROR

Contributor
frenche commented Apr 6, 2017

I think OOM is used as a generic error.
btw, are we ok with dereferencing data->easy_conn ? I think it should be ok.

@bagder
bagder approved these changes Apr 6, 2017 View changes
@@ -224,6 +225,8 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
free(chlg);
if(GSS_ERROR(nego->status)) {
+ failf(data, "InitializeSecurityContext failed: %s",
+ Curl_sspi_strerror(data->easy_conn, nego->status));
return CURLE_OUT_OF_MEMORY;
bagder
bagder Apr 6, 2017 edited Owner

I'm with @jay, CURLE_RECV_ERROR might be slightly better. But none of them is ideal here...

Contributor
frenche commented Apr 6, 2017 edited

btw, are we ok with dereferencing data->easy_conn ?

I think it's ok because Curl_auth_decode_spnego_message() is called from Curl_input_negotiate() which is called with 'conndata' (assuming conn->data->easy_conn is circular).

Owner
jay commented Apr 6, 2017

yes it's fine

@frenche frenche sspi: print out InitializeSecurityContext() error message
Reported-by: Carsten (talksinmath)

Fixes #1384
Closes #1395
51a8445
Contributor
frenche commented Apr 6, 2017

I've updated the commit message. Thanks all for the reviews.

Owner
jay commented Apr 6, 2017

LGTM

@MarcelRaad MarcelRaad added a commit that closed this pull request Apr 7, 2017
@frenche @MarcelRaad frenche + MarcelRaad sspi: print out InitializeSecurityContext() error message
Reported-by: Carsten (talksinmath)

Fixes #1384
Closes #1395
1f152a4
@MarcelRaad MarcelRaad closed this in 1f152a4 Apr 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment