NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info) ;
-NTSTATUS auth_nt_status_squash(NTSTATUS nt_status);
NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
struct tevent_context *ev,
struct gensec_security **gensec_security);
NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
struct auth_session_info **session_info);
-NTSTATUS auth_nt_status_squash(NTSTATUS nt_status);
+NTSTATUS nt_status_squash(NTSTATUS nt_status);
struct netlogon_creds_CredentialState;
NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-
-
-/**
- * Squash an NT_STATUS in line with security requirements.
- * In an attempt to avoid giving the whole game away when users
- * are authenticating, NT replaces both NT_STATUS_NO_SUCH_USER and
- * NT_STATUS_WRONG_PASSWORD with NT_STATUS_LOGON_FAILURE in certain situations
- * (session setups in particular).
- *
- * @param nt_status NTSTATUS input for squashing.
- * @return the 'squashed' nt_status
- **/
-_PUBLIC_ NTSTATUS auth_nt_status_squash(NTSTATUS nt_status)
-{
- if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) {
- /* Match WinXP and don't give the game away */
- return NT_STATUS_LOGON_FAILURE;
- } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) {
- /* Match WinXP and don't give the game away */
- return NT_STATUS_LOGON_FAILURE;
- }
-
- return nt_status;
-}
errstr = talloc_asprintf(reply, "Simple Bind: Failed to advise ldb new credentials: %s", nt_errstr(status));
}
} else {
- status = auth_nt_status_squash(status);
+ status = nt_status_squash(status);
result = LDAP_INVALID_CREDENTIALS;
errstr = talloc_asprintf(reply, "Simple Bind Failed: %s", nt_errstr(status));
talloc_unlink(conn, conn->gensec);
conn->gensec = NULL;
} else {
- status = auth_nt_status_squash(status);
+ status = nt_status_squash(status);
if (result == 0) {
result = LDAP_INVALID_CREDENTIALS;
errstr = talloc_asprintf(reply, "SASL:[%s]: %s", req->creds.SASL.mechanism, nt_errstr(status));
}
return NT_STATUS_UNSUCCESSFUL;
}
+
+/**
+ * Squash an NT_STATUS in line with security requirements.
+ * In an attempt to avoid giving the whole game away when users
+ * are authenticating, NT replaces both NT_STATUS_NO_SUCH_USER and
+ * NT_STATUS_WRONG_PASSWORD with NT_STATUS_LOGON_FAILURE in certain situations
+ * (session setups in particular).
+ *
+ * @param nt_status NTSTATUS input for squashing.
+ * @return the 'squashed' nt_status
+ **/
+
+NTSTATUS nt_status_squash(NTSTATUS nt_status)
+{
+ if NT_STATUS_IS_OK(nt_status) {
+ return nt_status;
+ } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) {
+ /* Match WinXP and don't give the game away */
+ return NT_STATUS_LOGON_FAILURE;
+
+ } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) {
+ /* Match WinXP and don't give the game away */
+ return NT_STATUS_LOGON_FAILURE;
+ } else {
+ return nt_status;
+ }
+}
sess->old.out.vuid = smb_sess->vuid;
failed:
- status = auth_nt_status_squash(status);
+ status = nt_status_squash(status);
smbsrv_sesssetup_backend_send(req, sess, status);
}
done:
status = NT_STATUS_OK;
failed:
- status = auth_nt_status_squash(status);
+ status = nt_status_squash(status);
smbsrv_sesssetup_backend_send(req, sess, status);
}
nomem:
status = NT_STATUS_NO_MEMORY;
failed:
- status = auth_nt_status_squash(status);
+ status = nt_status_squash(status);
smbsrv_sesssetup_backend_send(req, sess, status);
}
done:
sess->spnego.out.vuid = smb_sess->vuid;
failed:
- status = auth_nt_status_squash(status);
+ status = nt_status_squash(status);
smbsrv_sesssetup_backend_send(req, sess, status);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
status = NT_STATUS_NO_MEMORY;
failed:
talloc_free(smb_sess);
- status = auth_nt_status_squash(status);
+ status = nt_status_squash(status);
smbsrv_sesssetup_backend_send(req, sess, status);
}
done:
io->smb2.out.uid = smb_sess->vuid;
failed:
- req->status = auth_nt_status_squash(status);
+ req->status = nt_status_squash(status);
smb2srv_sesssetup_send(req, io);
if (!NT_STATUS_IS_OK(status) && !
NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
status = NT_STATUS_NO_MEMORY;
failed:
talloc_free(smb_sess);
- req->status = auth_nt_status_squash(status);
+ req->status = nt_status_squash(status);
smb2srv_sesssetup_send(req, io);
}
nt_status = gensec_update(state->gensec_state, mem_ctx, in, &out);
/* don't leak 'bad password'/'no such user' info to the network client */
- nt_status = auth_nt_status_squash(nt_status);
+ nt_status = nt_status_squash(nt_status);
if (out.length) {
out_base64 = base64_encode_data_blob(mem_ctx, out);