char *p;
if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- ERROR_NT(nt_status);
+ ERROR_NT(nt_status_squash(nt_status));
} else {
set_message(outbuf,4,0,True);
mem_ctx = talloc_init("reply_spnego_kerberos");
if (mem_ctx == NULL)
- return ERROR_NT(NT_STATUS_NO_MEMORY);
+ return ERROR_NT(nt_status_squash(NT_STATUS_NO_MEMORY));
if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) {
talloc_destroy(mem_ctx);
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
ret = ads_verify_ticket(mem_ctx, lp_realm(), &ticket, &client, &pac_data, &ap_rep, &session_key);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1,("Failed to verify incoming ticket!\n"));
talloc_destroy(mem_ctx);
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
DEBUG(3,("Ticket name is [%s]\n", client));
data_blob_free(&session_key);
SAFE_FREE(client);
talloc_destroy(mem_ctx);
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
*p = 0;
data_blob_free(&session_key);
SAFE_FREE(client);
talloc_destroy(mem_ctx);
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
}
data_blob_free(&ap_rep);
data_blob_free(&session_key);
talloc_destroy(mem_ctx);
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
}
data_blob_free(&ap_rep);
data_blob_free(&session_key);
talloc_destroy(mem_ctx);
- return ERROR_NT(ret);
+ return ERROR_NT(nt_status_squash(ret));
}
} else {
data_blob_free(&ap_rep);
data_blob_free(&session_key);
talloc_destroy(mem_ctx);
- return ERROR_NT(ret);
+ return ERROR_NT(nt_status_squash(ret));
}
/* make_server_info_pw does not set the domain. Without this
data_blob_free(&session_key);
TALLOC_FREE( mem_ctx );
TALLOC_FREE( server_info );
- return ERROR_NT(ret);
+ return ERROR_NT(nt_status_squash(ret));
}
}
/* Kill the intermediate vuid */
invalidate_vuid(vuid);
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
/* only look at the first OID for determining the mechToken --
/* Kill the intermediate vuid */
invalidate_vuid(vuid);
- return ERROR_NT(nt_status);
+ return ERROR_NT(nt_status_squash(nt_status));
}
nt_status = auth_ntlmssp_update(*auth_ntlmssp_state,
/* Kill the intermediate vuid */
invalidate_vuid(vuid);
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
}
if (!*auth_ntlmssp_state) {
invalidate_vuid(vuid);
/* auth before negotiatiate? */
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
}
nt_status = auth_ntlmssp_update(*auth_ntlmssp_state,
if (data_blob_len == 0) {
/* an invalid request */
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
bufrem = smb_bufrem(inbuf, p);
if (!vuser) {
vuid = register_vuid(NULL, data_blob(NULL, 0), data_blob(NULL, 0), NULL);
if (vuid == UID_FIELD_INVALID ) {
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
}
vuser = get_partial_auth_user_struct(vuid);
}
if (!vuser) {
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
}
SSVAL(outbuf,smb_uid,vuid);
/* Kill the intermediate vuid */
invalidate_vuid(vuid);
- return ERROR_NT(nt_status);
+ return ERROR_NT(nt_status_squash(nt_status));
}
}
data_blob_free(&blob1);
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
/****************************************************************************
(SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
if (!global_spnego_negotiated) {
DEBUG(0,("reply_sesssetup_and_X: Rejecting attempt at SPNEGO session setup when it was not negoitiated.\n"));
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
if (SVAL(inbuf,smb_vwv4) == 0) {
remove_from_common_flags2(FLAGS2_32_BIT_ERROR_CODES);
if ((passlen1 > MAX_PASS_LEN) || (passlen1 > smb_bufrem(inbuf, smb_buf(inbuf)))) {
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
}
if (doencrypt) {
/* check for nasty tricks */
if (passlen1 > MAX_PASS_LEN || passlen1 > smb_bufrem(inbuf, p)) {
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
}
if (passlen2 > MAX_PASS_LEN || passlen2 > smb_bufrem(inbuf, p+passlen1)) {
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
}
/* Save the lanman2 password and the NT md4 password. */
/* This has to be here, because this is a perfectly valid behaviour for guest logons :-( */
DEBUG(0,("reply_sesssetup_and_X: Rejecting attempt at 'normal' session setup after negotiating spnego.\n"));
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
fstrcpy(sub_user, user);
} else {
} else if (doencrypt) {
if (!negprot_global_auth_context) {
DEBUG(0, ("reply_sesssetup_and_X: Attempted encrypted session setup without negprot denied!\n"));
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
nt_status = make_user_info_for_reply_enc(&user_info, user, domain,
lm_resp, nt_resp);
/* Ensure we can't possible take a code path leading to a null defref. */
if (!server_info) {
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
nt_status = create_local_token(server_info);
data_blob_free(&lm_resp);
if (sess_vuid == UID_FIELD_INVALID) {
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
/* current_user_info is changed on new vuid */