-/*
- * Unix SMB/Netbios implementation.
- * Version 1.9.
+/*
+ * Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
* Copyright (C) Luke Kenneth Casson Leighton 1997-2001.
- *
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/* NT error codes. please read nterr.h */
#include "includes.h"
+#include "smb_ldap.h"
+#undef strcasecmp
-typedef const struct
+#if !defined(N_)
+#define N_(string) string
+#endif
+
+typedef struct
{
- char *nt_errstr;
+ const char *nt_errstr;
NTSTATUS nt_errcode;
} nt_err_code_struct;
-nt_err_code_struct nt_errs[] =
+static const nt_err_code_struct nt_errs[] =
{
{ "NT_STATUS_OK", NT_STATUS_OK },
+ { "STATUS_NO_MORE_FILES", STATUS_NO_MORE_FILES },
+ { "STATUS_NO_MORE_EAS", STATUS_NO_MORE_EAS },
+ { "STATUS_INVALID_EA_NAME", STATUS_INVALID_EA_NAME },
+ { "STATUS_EA_LIST_INCONSISTENT", STATUS_EA_LIST_INCONSISTENT },
+ { "STATUS_INVALID_EA_FLAG", STATUS_INVALID_EA_FLAG },
{ "NT_STATUS_UNSUCCESSFUL", NT_STATUS_UNSUCCESSFUL },
{ "NT_STATUS_NOT_IMPLEMENTED", NT_STATUS_NOT_IMPLEMENTED },
{ "NT_STATUS_INVALID_INFO_CLASS", NT_STATUS_INVALID_INFO_CLASS },
{ "NT_STATUS_TOO_MANY_LINKS", NT_STATUS_TOO_MANY_LINKS },
{ "NT_STATUS_QUOTA_LIST_INCONSISTENT", NT_STATUS_QUOTA_LIST_INCONSISTENT },
{ "NT_STATUS_FILE_IS_OFFLINE", NT_STATUS_FILE_IS_OFFLINE },
- { "NT_STATUS_NO_MORE_ENTRIES", NT_STATUS_NO_MORE_ENTRIES },
+ { "NT_STATUS_DS_NO_MORE_RIDS", NT_STATUS_DS_NO_MORE_RIDS },
+ { "NT_STATUS_NOT_A_REPARSE_POINT", NT_STATUS_NOT_A_REPARSE_POINT },
+ { "NT_STATUS_NO_MORE_ENTRIES", NT_STATUS_NO_MORE_ENTRIES },
+ { "NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED", NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED },
+ { "NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX", NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX },
+ { "NT_STATUS_RPC_UNKNOWN_IF", NT_STATUS_RPC_UNKNOWN_IF },
+ { "NT_STATUS_RPC_CALL_FAILED", NT_STATUS_RPC_CALL_FAILED },
+ { "NT_STATUS_RPC_PROTOCOL_ERROR", NT_STATUS_RPC_PROTOCOL_ERROR },
+ { "NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE", NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE },
+ { "NT_STATUS_RPC_CANNOT_SUPPORT", NT_STATUS_RPC_CANNOT_SUPPORT },
+ { "NT_STATUS_RPC_SEC_PKG_ERROR", NT_STATUS_RPC_SEC_PKG_ERROR },
+ { "NT_STATUS_RPC_SS_CONTEXT_MISMATCH", NT_STATUS_RPC_SS_CONTEXT_MISMATCH },
+ { "NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE", NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE },
+ { "NT_STATUS_RPC_BAD_STUB_DATA", NT_STATUS_RPC_BAD_STUB_DATA },
+ { "NT_STATUS_RPC_INVALID_PIPE_OBJECT", NT_STATUS_RPC_INVALID_PIPE_OBJECT },
+ { "NT_STATUS_RPC_INVALID_PIPE_OPERATION", NT_STATUS_RPC_INVALID_PIPE_OPERATION },
+ { "NT_STATUS_RPC_WRONG_PIPE_VERSION", NT_STATUS_RPC_WRONG_PIPE_VERSION },
+ { "NT_STATUS_RPC_PIPE_CLOSED", NT_STATUS_RPC_PIPE_CLOSED },
+ { "NT_STATUS_RPC_PIPE_DISCIPLINE_ERROR", NT_STATUS_RPC_PIPE_DISCIPLINE_ERROR },
+ { "NT_STATUS_RPC_PIPE_EMPTY", NT_STATUS_RPC_PIPE_EMPTY },
+ { "NT_STATUS_CURRENT_DOMAIN_NOT_ALLOWED", NT_STATUS_CURRENT_DOMAIN_NOT_ALLOWED },
+ { "NT_STATUS_OBJECTID_NOT_FOUND", NT_STATUS_OBJECTID_NOT_FOUND },
+ { "NT_STATUS_DOWNGRADE_DETECTED", NT_STATUS_DOWNGRADE_DETECTED },
+ { "NT_STATUS_INVALID_LOCK_RANGE", NT_STATUS_INVALID_LOCK_RANGE },
+ { "NT_STATUS_ERROR_DS_OBJ_STRING_NAME_EXISTS", NT_STATUS_ERROR_DS_OBJ_STRING_NAME_EXISTS },
+ { "NT_STATUS_ERROR_DS_INCOMPATIBLE_VERSION", NT_STATUS_ERROR_DS_INCOMPATIBLE_VERSION },
+ { "STATUS_MORE_ENTRIES", STATUS_MORE_ENTRIES },
+ { "STATUS_SOME_UNMAPPED", STATUS_SOME_UNMAPPED },
+ { "STATUS_NOTIFY_CLEANUP", STATUS_NOTIFY_CLEANUP },
+ { "STATUS_NOTIFY_ENUM_DIR", STATUS_NOTIFY_ENUM_DIR },
+
+ { NULL, NT_STATUS(0) }
+};
+
+/* These need sorting..... */
+
+static const nt_err_code_struct nt_err_desc[] =
+{
+ { N_("Success"), NT_STATUS_OK },
+ { N_("Undetermined error"), NT_STATUS_UNSUCCESSFUL },
+ { N_("Access denied"), NT_STATUS_ACCESS_DENIED },
+ { N_("Account locked out"), NT_STATUS_ACCOUNT_LOCKED_OUT },
+ { N_("Must change password"), NT_STATUS_PASSWORD_MUST_CHANGE },
+ { N_("Password is too short"), NT_STATUS_PWD_TOO_SHORT },
+ { N_("Password is too recent"), NT_STATUS_PWD_TOO_RECENT },
+ { N_("Password history conflict"), NT_STATUS_PWD_HISTORY_CONFLICT },
+ { N_("No logon servers"), NT_STATUS_NO_LOGON_SERVERS },
+ { N_("Improperly formed account name"), NT_STATUS_INVALID_ACCOUNT_NAME },
+ { N_("User exists"), NT_STATUS_USER_EXISTS },
+ { N_("No such user"), NT_STATUS_NO_SUCH_USER },
+ { N_("Group exists"), NT_STATUS_GROUP_EXISTS },
+ { N_("No such group"), NT_STATUS_NO_SUCH_GROUP },
+ { N_("Member not in group"), NT_STATUS_MEMBER_NOT_IN_GROUP },
+ { N_("Wrong Password"), NT_STATUS_WRONG_PASSWORD },
+ { N_("Ill formed password"), NT_STATUS_ILL_FORMED_PASSWORD },
+ { N_("Password restriction"), NT_STATUS_PASSWORD_RESTRICTION },
+ { N_("Logon failure"), NT_STATUS_LOGON_FAILURE },
+ { N_("Account restriction"), NT_STATUS_ACCOUNT_RESTRICTION },
+ { N_("Invalid logon hours"), NT_STATUS_INVALID_LOGON_HOURS },
+ { N_("Invalid workstation"), NT_STATUS_INVALID_WORKSTATION },
+ { N_("Password expired"), NT_STATUS_PASSWORD_EXPIRED },
+ { N_("Account disabled"), NT_STATUS_ACCOUNT_DISABLED },
+ { N_("Unexpected information received"), NT_STATUS_INVALID_PARAMETER },
+ { N_("Memory allocation error"), NT_STATUS_NO_MEMORY },
+ { N_("No domain controllers located"), NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND },
+ { N_("Account locked out"), NT_STATUS_ACCOUNT_LOCKED_OUT },
+ { N_("Named pipe not available"), NT_STATUS_PIPE_NOT_AVAILABLE },
+ { N_("Not implemented"), NT_STATUS_NOT_IMPLEMENTED },
+ { N_("Invalid information class"), NT_STATUS_INVALID_INFO_CLASS },
+ { N_("Information length mismatch"), NT_STATUS_INFO_LENGTH_MISMATCH },
+ { N_("Access violation"), NT_STATUS_ACCESS_VIOLATION },
+ { N_("Invalid handle"), NT_STATUS_INVALID_HANDLE },
+ { N_("Invalid parameter"), NT_STATUS_INVALID_PARAMETER },
+ { N_("No memory"), NT_STATUS_NO_MEMORY },
+ { N_("Buffer too small"), NT_STATUS_BUFFER_TOO_SMALL },
+ { N_("Revision mismatch"), NT_STATUS_REVISION_MISMATCH },
+ { N_("No logon servers"), NT_STATUS_NO_LOGON_SERVERS },
+ { N_("No such logon session"), NT_STATUS_NO_SUCH_LOGON_SESSION },
+ { N_("No such privilege"), NT_STATUS_NO_SUCH_PRIVILEGE },
+ { N_("Procedure not found"), NT_STATUS_PROCEDURE_NOT_FOUND },
+ { N_("Server disabled"), NT_STATUS_SERVER_DISABLED },
+ { N_("Invalid pipe state"), NT_STATUS_INVALID_PIPE_STATE },
+ { N_("Named pipe busy"), NT_STATUS_PIPE_BUSY },
+ { N_("Illegal function"), NT_STATUS_ILLEGAL_FUNCTION },
+ { N_("Named pipe disconnected"), NT_STATUS_PIPE_DISCONNECTED },
+ { N_("Named pipe closing"), NT_STATUS_PIPE_CLOSING },
+ { N_("Remote host not listening"), NT_STATUS_REMOTE_NOT_LISTENING },
+ { N_("Duplicate name on network"), NT_STATUS_DUPLICATE_NAME },
+ { N_("Print queue is full"), NT_STATUS_PRINT_QUEUE_FULL },
+ { N_("No print spool space available"), NT_STATUS_NO_SPOOL_SPACE },
+ { N_("The network name cannot be found"), NT_STATUS_BAD_NETWORK_NAME },
+ { N_("The connection was refused"), NT_STATUS_CONNECTION_REFUSED },
+ { N_("Too many names"), NT_STATUS_TOO_MANY_NAMES },
+ { N_("Too many sessions"), NT_STATUS_TOO_MANY_SESSIONS },
+ { N_("Invalid server state"), NT_STATUS_INVALID_SERVER_STATE },
+ { N_("Invalid domain state"), NT_STATUS_INVALID_DOMAIN_STATE },
+ { N_("Invalid domain role"), NT_STATUS_INVALID_DOMAIN_ROLE },
+ { N_("No such domain"), NT_STATUS_NO_SUCH_DOMAIN },
+ { N_("Domain exists"), NT_STATUS_DOMAIN_EXISTS },
+ { N_("Domain limit exceeded"), NT_STATUS_DOMAIN_LIMIT_EXCEEDED },
+ { N_("Bad logon session state"), NT_STATUS_BAD_LOGON_SESSION_STATE },
+ { N_("Logon session collision"), NT_STATUS_LOGON_SESSION_COLLISION },
+ { N_("Invalid logon type"), NT_STATUS_INVALID_LOGON_TYPE },
+ { N_("Cancelled"), NT_STATUS_CANCELLED },
+ { N_("Invalid computer name"), NT_STATUS_INVALID_COMPUTER_NAME },
+ { N_("Logon server conflict"), NT_STATUS_LOGON_SERVER_CONFLICT },
+ { N_("Time difference at domain controller"), NT_STATUS_TIME_DIFFERENCE_AT_DC },
+ { N_("Pipe broken"), NT_STATUS_PIPE_BROKEN },
+ { N_("Registry corrupt"), NT_STATUS_REGISTRY_CORRUPT },
+ { N_("Too many secrets"), NT_STATUS_TOO_MANY_SECRETS },
+ { N_("Too many SIDs"), NT_STATUS_TOO_MANY_SIDS },
+ { N_("Lanmanager cross encryption required"), NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED },
+ { N_("Log file full"), NT_STATUS_LOG_FILE_FULL },
+ { N_("No trusted LSA secret"), NT_STATUS_NO_TRUST_LSA_SECRET },
+ { N_("No trusted SAM account"), NT_STATUS_NO_TRUST_SAM_ACCOUNT },
+ { N_("Trusted domain failure"), NT_STATUS_TRUSTED_DOMAIN_FAILURE },
+ { N_("Trust relationship failure"), NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE },
+ { N_("Trust failure"), NT_STATUS_TRUST_FAILURE },
+ { N_("Netlogon service not started"), NT_STATUS_NETLOGON_NOT_STARTED },
+ { N_("Account expired"), NT_STATUS_ACCOUNT_EXPIRED },
+ { N_("Network credential conflict"), NT_STATUS_NETWORK_CREDENTIAL_CONFLICT },
+ { N_("Remote session limit"), NT_STATUS_REMOTE_SESSION_LIMIT },
+ { N_("No logon interdomain trust account"), NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT },
+ { N_("No logon workstation trust account"), NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT },
+ { N_("No logon server trust account"), NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT },
+ { N_("Domain trust inconsistent"), NT_STATUS_DOMAIN_TRUST_INCONSISTENT },
+ { N_("No user session key available"), NT_STATUS_NO_USER_SESSION_KEY },
+ { N_("User session deleted"), NT_STATUS_USER_SESSION_DELETED },
+ { N_("Insufficient server resources"), NT_STATUS_INSUFF_SERVER_RESOURCES },
+ { N_("Insufficient logon information"), NT_STATUS_INSUFFICIENT_LOGON_INFO },
+
+ { N_("License quota exceeded"), NT_STATUS_LICENSE_QUOTA_EXCEEDED },
+ { N_("No more files"), STATUS_NO_MORE_FILES },
+
{ NULL, NT_STATUS(0) }
};
/*****************************************************************************
- returns an NT error message. not amazingly helpful, but better than a number.
+ Returns an NT error message. not amazingly helpful, but better than a number.
*****************************************************************************/
-char *get_nt_error_msg(NTSTATUS nt_code)
+
+const char *nt_errstr(NTSTATUS nt_code)
{
- static pstring msg;
- int idx = 0;
+ int idx = 0;
+ char *result;
+
+#ifdef HAVE_LDAP
+ if (NT_STATUS_IS_LDAP(nt_code)) {
+ return ldap_err2string(NT_STATUS_LDAP_CODE(nt_code));
+ }
+#endif
- slprintf(msg, sizeof(msg), "NT code 0x%08x", NT_STATUS_V(nt_code));
+ if (NT_STATUS_IS_DOS(nt_code)) {
+ return smb_dos_err_name(NT_STATUS_DOS_CLASS(nt_code),
+ NT_STATUS_DOS_CODE(nt_code));
+ }
while (nt_errs[idx].nt_errstr != NULL) {
- if (NT_STATUS_V(nt_errs[idx].nt_errcode) ==
- NT_STATUS_V(nt_code)) {
- return nt_errs[idx].nt_errstr;
+ if (NT_STATUS_V(nt_errs[idx].nt_errcode) ==
+ NT_STATUS_V(nt_code)) {
+ return nt_errs[idx].nt_errstr;
+ }
+ idx++;
+ }
+
+ result = talloc_asprintf(talloc_tos(), "NT code 0x%08x",
+ NT_STATUS_V(nt_code));
+ SMB_ASSERT(result != NULL);
+ return result;
+}
+
+/************************************************************************
+ Print friendler version fo NT error code
+ ***********************************************************************/
+
+const char *get_friendly_nt_error_msg(NTSTATUS nt_code)
+{
+ int idx = 0;
+
+ while (nt_err_desc[idx].nt_errstr != NULL) {
+ if (NT_STATUS_V(nt_err_desc[idx].nt_errcode) == NT_STATUS_V(nt_code)) {
+ return nt_err_desc[idx].nt_errstr;
}
idx++;
}
- return msg;
+ /* fall back to NT_STATUS_XXX string */
+
+ return nt_errstr(nt_code);
}
/*****************************************************************************
- returns an NT_STATUS constant as a string for inclusion in autogen C code
+ Returns an NT_STATUS constant as a string for inclusion in autogen C code.
*****************************************************************************/
-char *get_nt_error_c_code(NTSTATUS nt_code)
+
+const char *get_nt_error_c_code(NTSTATUS nt_code)
{
- static pstring out;
- int idx = 0;
+ char *result;
+ int idx = 0;
while (nt_errs[idx].nt_errstr != NULL) {
- if (NT_STATUS_V(nt_errs[idx].nt_errcode) ==
- NT_STATUS_V(nt_code)) {
- return nt_errs[idx].nt_errstr;
+ if (NT_STATUS_V(nt_errs[idx].nt_errcode) ==
+ NT_STATUS_V(nt_code)) {
+ return nt_errs[idx].nt_errstr;
}
idx++;
}
- slprintf(out, sizeof(out), "NT_STATUS(0x%08x)", NT_STATUS_V(nt_code));
-
- return out;
+ result = talloc_asprintf(talloc_tos(), "NT_STATUS(0x%08x)",
+ NT_STATUS_V(nt_code));
+ SMB_ASSERT(result);
+ return result;
}
/*****************************************************************************
- returns the NT_STATUS constant matching the string supplied (as an NTSTATUS)
+ Returns the NT_STATUS constant matching the string supplied (as an NTSTATUS)
*****************************************************************************/
-NTSTATUS nt_status_string_to_code(char *nt_status_str)
+
+NTSTATUS nt_status_string_to_code(const char *nt_status_str)
{
- int idx = 0;
+ int idx = 0;
while (nt_errs[idx].nt_errstr != NULL) {
- if (strcmp(nt_errs[idx].nt_errstr, nt_status_str) == 0) {
- return nt_errs[idx].nt_errcode;
+ if (strcasecmp(nt_errs[idx].nt_errstr, nt_status_str) == 0) {
+ return nt_errs[idx].nt_errcode;
}
idx++;
}
return NT_STATUS_UNSUCCESSFUL;
}
+
+/**
+ * Squash an NT_STATUS in line with security requirements.
+ * In an attempt to avoid giving the whole game away when users
+ * are authenticating, NT replaces both NT_STATUS_NO_SUCH_USER and
+ * NT_STATUS_WRONG_PASSWORD with NT_STATUS_LOGON_FAILURE in certain situations
+ * (session setups in particular).
+ *
+ * @param nt_status NTSTATUS input for squashing.
+ * @return the 'squashed' nt_status
+ **/
+
+NTSTATUS nt_status_squash(NTSTATUS nt_status)
+{
+ if NT_STATUS_IS_OK(nt_status) {
+ return nt_status;
+ } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) {
+ /* Match WinXP and don't give the game away */
+ return NT_STATUS_LOGON_FAILURE;
+
+ } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) {
+ /* Match WinXP and don't give the game away */
+ return NT_STATUS_LOGON_FAILURE;
+ } else {
+ return nt_status;
+ }
+}