BOOL prs_ntstatus(const char *name, prs_struct *ps, int depth, NTSTATUS *status) { char *q = prs_mem_get(ps, sizeof(uint32)); if (q == NULL) return False; if (UNMARSHALLING(ps)) { if (ps->bigendian_data) *status = NT_STATUS(RIVAL(q,0)); else *status = NT_STATUS(IVAL(q,0)); } else { if (ps->bigendian_data) RSIVAL(q,0,NT_STATUS_V(*status)); else SIVAL(q,0,NT_STATUS_V(*status)); } DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name, get_nt_error_msg(*status))); ps->data_offset += sizeof(uint32); return True; }
/* Lookup user information from a rid */ static NTSTATUS query_user(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, const DOM_SID *user_sid, WINBIND_USERINFO *info) { struct winbind_cache *cache = get_cache(domain); struct cache_entry *centry = NULL; NTSTATUS status; if (!cache->tdb) goto do_query; centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid)); /* If we have an access denied cache entry and a cached info3 in the samlogon cache then do a query. This will force the rpc back end to return the info3 data. */ if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) && netsamlogon_cache_have(user_sid)) { DEBUG(10, ("query_user: cached access denied and have cached info3\n")); domain->last_status = NT_STATUS_OK; centry_free(centry); goto do_query; } if (!centry) goto do_query; info->acct_name = centry_string(centry, mem_ctx); info->full_name = centry_string(centry, mem_ctx); info->user_sid = centry_sid(centry, mem_ctx); info->group_sid = centry_sid(centry, mem_ctx); status = centry->status; DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n", domain->name, get_friendly_nt_error_msg(status) )); centry_free(centry); return status; do_query: ZERO_STRUCTP(info); /* Return status value returned by seq number check */ if (!NT_STATUS_IS_OK(domain->last_status)) return domain->last_status; DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n", domain->name )); status = domain->backend->query_user(domain, mem_ctx, user_sid, info); /* and save it */ refresh_sequence_number(domain, False); wcache_save_user(domain, status, info); return status; }
static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID *sids; char **domains; char **names; uint32 *types; int i; if (argc == 1) { printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]); return NT_STATUS_OK; } result = cli_lsa_open_policy(cli, mem_ctx, True, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Convert arguments to sids */ sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (argc - 1)); if (!sids) { printf("could not allocate memory for %d sids\n", argc - 1); goto done; } for (i = 0; i < argc - 1; i++) string_to_sid(&sids[i], argv[i + 1]); /* Lookup the SIDs */ result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids, &domains, &names, &types); if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) goto done; result = NT_STATUS_OK; /* Print results */ for (i = 0; i < (argc - 1); i++) { fstring sid_str; sid_to_string(sid_str, &sids[i]); printf("%s %s\\%s (%d)\n", sid_str, domains[i] ? domains[i] : "*unknown*", names[i] ? names[i] : "*unknown*", types[i]); } done: return result; }
enum winbindd_result winbindd_dual_check_machine_acct(struct winbindd_domain *domain, struct winbindd_cli_state *state) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; int num_retries = 0; struct winbindd_domain *contact_domain; DEBUG(3, ("[%5lu]: check machine account\n", (unsigned long)state->pid)); /* Get trust account password */ again: contact_domain = find_our_domain(); /* This call does a cli_nt_setup_creds() which implicitly checks the trust account password. */ invalidate_cm_connection(&contact_domain->conn); { struct rpc_pipe_client *netlogon_pipe; result = cm_connect_netlogon(contact_domain, &netlogon_pipe); } if (!NT_STATUS_IS_OK(result)) { DEBUG(3, ("could not open handle to NETLOGON pipe\n")); goto done; } /* There is a race condition between fetching the trust account password and the periodic machine password change. So it's possible that the trust account password has been changed on us. We are returned NT_STATUS_ACCESS_DENIED if this happens. */ #define MAX_RETRIES 8 if ((num_retries < MAX_RETRIES) && NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) { num_retries++; goto again; } /* Pass back result code - zero for success, other values for specific failures. */ DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(result) ? "good" : "bad")); done: state->response.data.auth.nt_status = NT_STATUS_V(result); fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); fstrcpy(state->response.data.auth.error_string, nt_errstr(result)); state->response.data.auth.pam_error = nt_status_to_pam(result); DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Checking the trust account password returned %s\n", state->response.data.auth.nt_status_string)); return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; }
int cli_errno(struct cli_state *cli) { NTSTATUS status; if (cli_is_nt_error(cli)) { status = cli_nt_error(cli); return map_errno_from_nt_status(status); } if (cli_is_dos_error(cli)) { uint8 eclass; uint32 ecode; cli_dos_error(cli, &eclass, &ecode); status = dos_to_ntstatus(eclass, ecode); return map_errno_from_nt_status(status); } /* * Yuck! A special case for this Vista error. Since its high-order * byte isn't 0xc0, it doesn't match cli_is_nt_error() above. */ status = cli_nt_error(cli); if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT)) { return EACCES; } /* for other cases */ return EINVAL; }
bool prs_dcerpc_status(const char *name, prs_struct *ps, int depth, NTSTATUS *status) { char *q = prs_mem_get(ps, sizeof(uint32)); if (q == NULL) return False; if (UNMARSHALLING(ps)) { if (ps->bigendian_data) *status = NT_STATUS(RIVAL(q,0)); else *status = NT_STATUS(IVAL(q,0)); } else { if (ps->bigendian_data) RSIVAL(q,0,NT_STATUS_V(*status)); else SIVAL(q,0,NT_STATUS_V(*status)); } DEBUGADD(5,("%s%04x %s: %s\n", tab_depth(5,depth), ps->data_offset, name, dcerpc_errstr(talloc_tos(), NT_STATUS_V(*status)))); ps->data_offset += sizeof(uint32); return True; }
int error_packet(char *outbuf, uint8 eclass, uint32 ecode, NTSTATUS ntstatus, int line, const char *file) { int outsize = set_message(outbuf,0,0,True); BOOL force_nt_status = False; BOOL force_dos_status = False; if (override_ERR_class != SMB_SUCCESS || !NT_STATUS_IS_OK(override_ERR_ntstatus)) { eclass = override_ERR_class; ecode = override_ERR_code; ntstatus = override_ERR_ntstatus; override_ERR_class = SMB_SUCCESS; override_ERR_code = 0; override_ERR_ntstatus = NT_STATUS_OK; } if (eclass == (uint8)-1) { force_nt_status = True; } else if (NT_STATUS_IS_INVALID(ntstatus)) { force_dos_status = True; } if (force_nt_status || (!force_dos_status && lp_nt_status_support() && (global_client_caps & CAP_STATUS32))) { /* We're returning an NT error. */ if (NT_STATUS_V(ntstatus) == 0 && eclass) { ntstatus = dos_to_ntstatus(eclass, ecode); } SIVAL(outbuf,smb_rcls,NT_STATUS_V(ntstatus)); SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2)|FLAGS2_32_BIT_ERROR_CODES); DEBUG(3,("error packet at %s(%d) cmd=%d (%s) %s\n", file, line, (int)CVAL(outbuf,smb_com), smb_fn_name(CVAL(outbuf,smb_com)), nt_errstr(ntstatus))); } else { /* We're returning a DOS error only. */ if (eclass == 0 && NT_STATUS_V(ntstatus)) { ntstatus_to_dos(ntstatus, &eclass, &ecode); } SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2)&~FLAGS2_32_BIT_ERROR_CODES); SSVAL(outbuf,smb_rcls,eclass); SSVAL(outbuf,smb_err,ecode); DEBUG(3,("error packet at %s(%d) cmd=%d (%s) eclass=%d ecode=%d\n", file, line, (int)CVAL(outbuf,smb_com), smb_fn_name(CVAL(outbuf,smb_com)), eclass, ecode)); } return outsize; }
/**************************************************************************** look for a partial hit ****************************************************************************/ static void trans2_check_hit(const char *format, int op, int level, NTSTATUS status) { if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_LEVEL) || NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) || NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED) || NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) || NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) { return; } #if VERBOSE printf("possible %s hit op=%3d level=%5d status=%s\n", format, op, level, nt_errstr(status)); #endif }
const char *get_friendly_nt_error_msg(NTSTATUS nt_code) { int idx = 0; while (nt_err_desc[idx].nt_errstr != NULL) { if (NT_STATUS_V(nt_err_desc[idx].nt_errcode) == NT_STATUS_V(nt_code)) { return nt_err_desc[idx].nt_errstr; } idx++; } /* fall back to NT_STATUS_XXX string */ return nt_errstr(nt_code); }
/* this function allocates 'data' using malloc. * The caller is responsible for freeing it */ void samba_kdc_build_edata_reply(NTSTATUS nt_status, DATA_BLOB *e_data) { PA_DATA pa; unsigned char *buf; size_t len; krb5_error_code ret = 0; if (!e_data) return; pa.padata_type = KRB5_PADATA_PW_SALT; pa.padata_value.length = 12; pa.padata_value.data = malloc(pa.padata_value.length); if (!pa.padata_value.data) { e_data->length = 0; e_data->data = NULL; return; } SIVAL(pa.padata_value.data, 0, NT_STATUS_V(nt_status)); SIVAL(pa.padata_value.data, 4, 0); SIVAL(pa.padata_value.data, 8, 1); ASN1_MALLOC_ENCODE(PA_DATA, buf, len, &pa, &len, ret); free(pa.padata_value.data); e_data->data = buf; e_data->length = len; return; }
const char *nt_errstr(NTSTATUS nt_code) { int idx = 0; char *result; #ifdef HAVE_LDAP if (NT_STATUS_IS_LDAP(nt_code)) { return ldap_err2string(NT_STATUS_LDAP_CODE(nt_code)); } #endif if (NT_STATUS_IS_DOS(nt_code)) { return smb_dos_err_name(NT_STATUS_DOS_CLASS(nt_code), NT_STATUS_DOS_CODE(nt_code)); } while (nt_errs[idx].nt_errstr != NULL) { if (NT_STATUS_EQUAL(nt_errs[idx].nt_errcode, nt_code)) { return nt_errs[idx].nt_errstr; } idx++; } result = talloc_asprintf(talloc_tos(), "NT code 0x%08x", NT_STATUS_V(nt_code)); SMB_ASSERT(result != NULL); return result; }
void smb2srv_send_error(struct smb2srv_request *req, NTSTATUS error) { NTSTATUS status; if (req->smb_conn->connection->event.fde == NULL) { /* the socket has been destroyed - no point trying to send an error! */ talloc_free(req); return; } status = smb2srv_setup_reply(req, 8, true, 0); if (!NT_STATUS_IS_OK(status)) { smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); talloc_free(req); return; } SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(error)); SSVAL(req->out.body, 0x02, 0); SIVAL(req->out.body, 0x04, 0); req->chain_status = NT_STATUS_INVALID_PARAMETER; smb2srv_send_reply(req); }
static BOOL reply_sesssetup_blob(connection_struct *conn, char *outbuf, DATA_BLOB blob, NTSTATUS nt_status) { char *p; if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { ERROR_NT(nt_status_squash(nt_status)); } else { set_message(outbuf,4,0,True); nt_status = nt_status_squash(nt_status); SIVAL(outbuf, smb_rcls, NT_STATUS_V(nt_status)); SSVAL(outbuf, smb_vwv0, 0xFF); /* no chaining possible */ SSVAL(outbuf, smb_vwv3, blob.length); p = smb_buf(outbuf); /* should we cap this? */ memcpy(p, blob.data, blob.length); p += blob.length; p += add_signature( outbuf, p ); set_message_end(outbuf,p); } show_msg(outbuf); return send_smb(smbd_server_fd(),outbuf); }
static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID *sids; enum lsa_SidType *types; int i, level; if (argc < 3) { printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]); return NT_STATUS_OK; } result = rpccli_lsa_open_policy(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; level = atoi(argv[1]); result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2, (const char**)(argv + 2), NULL, level, &sids, &types); if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) goto done; result = NT_STATUS_OK; /* Print results */ for (i = 0; i < (argc - 2); i++) { fstring sid_str; sid_to_fstring(sid_str, &sids[i]); printf("%s %s (%s: %d)\n", argv[i + 2], sid_str, sid_type_lookup(types[i]), types[i]); } rpccli_lsa_Close(cli, mem_ctx, &pol); done: return result; }
/***************************************************************************** returns an NT error message. not amazingly helpful, but better than a number. *****************************************************************************/ const char *nt_errstr(NTSTATUS nt_code) { static pstring msg; int idx = 0; slprintf(msg, sizeof(msg), "NT code 0x%08x", NT_STATUS_V(nt_code)); while (nt_errs[idx].nt_errstr != NULL) { if (NT_STATUS_V(nt_errs[idx].nt_errcode) == NT_STATUS_V(nt_code)) { return nt_errs[idx].nt_errstr; } idx++; } return msg; }
/***************************************************************************** returns an NT_STATUS constant as a string for inclusion in autogen C code *****************************************************************************/ const char *get_nt_error_c_code(NTSTATUS nt_code) { static pstring out; int idx = 0; while (nt_errs[idx].nt_errstr != NULL) { if (NT_STATUS_V(nt_errs[idx].nt_errcode) == NT_STATUS_V(nt_code)) { return nt_errs[idx].nt_errstr; } idx++; } slprintf(out, sizeof(out), "NT_STATUS(0x%08x)", NT_STATUS_V(nt_code)); return out; }
static BOOL check_auth_crap(void) { NTSTATUS nt_status; uint32 flags = 0; char lm_key[8]; char user_session_key[16]; char *hex_lm_key; char *hex_user_session_key; char *error_string; static uint8 zeros[16]; x_setbuf(x_stdout, NULL); if (request_lm_key) flags |= WBFLAG_PAM_LMKEY; if (request_user_session_key) flags |= WBFLAG_PAM_USER_SESSION_KEY; flags |= WBFLAG_PAM_NT_STATUS_SQUASH; nt_status = contact_winbind_auth_crap(opt_username, opt_domain, opt_workstation, &opt_challenge, &opt_lm_response, &opt_nt_response, flags, (unsigned char *)lm_key, (unsigned char *)user_session_key, &error_string, NULL); if (!NT_STATUS_IS_OK(nt_status)) { x_fprintf(x_stdout, "%s (0x%x)\n", error_string, NT_STATUS_V(nt_status)); SAFE_FREE(error_string); return False; } if (request_lm_key && (memcmp(zeros, lm_key, sizeof(lm_key)) != 0)) { hex_lm_key = hex_encode(NULL, (const unsigned char *)lm_key, sizeof(lm_key)); x_fprintf(x_stdout, "LM_KEY: %s\n", hex_lm_key); TALLOC_FREE(hex_lm_key); } if (request_user_session_key && (memcmp(zeros, user_session_key, sizeof(user_session_key)) != 0)) { hex_user_session_key = hex_encode(NULL, (const unsigned char *)user_session_key, sizeof(user_session_key)); x_fprintf(x_stdout, "NT_KEY: %s\n", hex_user_session_key); TALLOC_FREE(hex_user_session_key); } return True; }
static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID *sids; uint32 *types; int i; if (argc == 1) { printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]); return NT_STATUS_OK; } result = cli_lsa_open_policy(cli, mem_ctx, True, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1, (const char**)(argv + 1), &sids, &types); if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) goto done; result = NT_STATUS_OK; /* Print results */ for (i = 0; i < (argc - 1); i++) { fstring sid_str; sid_to_string(sid_str, &sids[i]); printf("%s %s (%s: %d)\n", argv[i + 1], sid_str, sid_type_lookup(types[i]), types[i]); } cli_lsa_close(cli, mem_ctx, &pol); done: return result; }
void cli_reset_error(struct cli_state *cli) { if (SVAL(cli->inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES) { SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(NT_STATUS_OK)); } else { SCVAL(cli->inbuf,smb_rcls,0); SSVAL(cli->inbuf,smb_err,0); } }
const char *get_nt_error_c_code(NTSTATUS nt_code) { char *result; int idx = 0; while (nt_errs[idx].nt_errstr != NULL) { if (NT_STATUS_V(nt_errs[idx].nt_errcode) == NT_STATUS_V(nt_code)) { return nt_errs[idx].nt_errstr; } idx++; } result = talloc_asprintf(talloc_tos(), "NT_STATUS(0x%08x)", NT_STATUS_V(nt_code)); SMB_ASSERT(result); return result; }
void error_packet_set(char *outbuf, uint8 eclass, uint32 ecode, NTSTATUS ntstatus, int line, const char *file) { BOOL force_nt_status = False; BOOL force_dos_status = False; if (eclass == (uint8)-1) { force_nt_status = True; } else if (NT_STATUS_IS_DOS(ntstatus)) { force_dos_status = True; } if (force_nt_status || (!force_dos_status && lp_nt_status_support() && (global_client_caps & CAP_STATUS32))) { /* We're returning an NT error. */ if (NT_STATUS_V(ntstatus) == 0 && eclass) { ntstatus = dos_to_ntstatus(eclass, ecode); } SIVAL(outbuf,smb_rcls,NT_STATUS_V(ntstatus)); SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2)|FLAGS2_32_BIT_ERROR_CODES); DEBUG(3,("error packet at %s(%d) cmd=%d (%s) %s\n", file, line, (int)CVAL(outbuf,smb_com), smb_fn_name(CVAL(outbuf,smb_com)), nt_errstr(ntstatus))); } else { /* We're returning a DOS error only. */ if (NT_STATUS_IS_DOS(ntstatus)) { eclass = NT_STATUS_DOS_CLASS(ntstatus); ecode = NT_STATUS_DOS_CODE(ntstatus); } else if (eclass == 0 && NT_STATUS_V(ntstatus)) { ntstatus_to_dos(ntstatus, &eclass, &ecode); } SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2)&~FLAGS2_32_BIT_ERROR_CODES); SSVAL(outbuf,smb_rcls,eclass); SSVAL(outbuf,smb_err,ecode); DEBUG(3,("error packet at %s(%d) cmd=%d (%s) eclass=%d ecode=%d\n", file, line, (int)CVAL(outbuf,smb_com), smb_fn_name(CVAL(outbuf,smb_com)), eclass, ecode)); } }
NTSTATUS smb2srv_queue_pending(struct smb2srv_request *req) { NTSTATUS status; bool signing_used = false; int id; uint16_t credits = SVAL(req->in.hdr, SMB2_HDR_CREDIT); if (credits == 0) { credits = 1; } if (req->pending_id) { return NT_STATUS_INTERNAL_ERROR; } if (req->smb_conn->connection->event.fde == NULL) { /* the socket has been destroyed - no point trying to send an error! */ return NT_STATUS_REMOTE_DISCONNECT; } id = idr_get_new_above(req->smb_conn->requests2.idtree_req, req, 1, req->smb_conn->requests2.idtree_limit); if (id == -1) { return NT_STATUS_INSUFFICIENT_RESOURCES; } DLIST_ADD_END(req->smb_conn->requests2.list, req, struct smb2srv_request *); req->pending_id = id; talloc_set_destructor(req, smb2srv_request_deny_destructor); status = smb2srv_setup_reply(req, 8, true, 0); if (!NT_STATUS_IS_OK(status)) { return status; } SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(STATUS_PENDING)); SSVAL(req->out.hdr, SMB2_HDR_CREDIT, credits); SSVAL(req->out.body, 0x02, 0); SIVAL(req->out.body, 0x04, 0); /* if the real reply will be signed set the signed flags, but don't sign */ if (req->is_signed) { SIVAL(req->out.hdr, SMB2_HDR_FLAGS, IVAL(req->out.hdr, SMB2_HDR_FLAGS) | SMB2_HDR_FLAG_SIGNED); signing_used = req->is_signed; req->is_signed = false; } smb2srv_send_reply(req); req->is_signed = signing_used; talloc_set_destructor(req, smb2srv_request_destructor); return NT_STATUS_OK; }
static int cli_errno_from_nt(NTSTATUS status) { int i; DEBUG(10,("cli_errno_from_nt: 32 bit codes: code=%08x\n", NT_STATUS_V(status))); /* Status codes without this bit set are not errors */ if (!(NT_STATUS_V(status) & 0xc0000000)) { return 0; } for (i=0;nt_errno_map[i].error;i++) { if (NT_STATUS_V(nt_errno_map[i].status) == NT_STATUS_V(status)) return nt_errno_map[i].error; } /* for all other cases - a default code */ return EINVAL; }
/***************************************************************************** convert an NT status32 code to a PAM error *****************************************************************************/ int nt_status_to_pam(NTSTATUS nt_status) { int i; if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS; for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) { if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus)) return nt_status_to_pam_map[i].pam_code; } return PAM_SYSTEM_ERR; }
/***************************************************************************** convert a PAM error to a NT status32 code *****************************************************************************/ NTSTATUS pam_to_nt_status(int pam_error) { int i; if (pam_error == 0) return NT_STATUS_OK; for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) { if (pam_error == pam_to_nt_status_map[i].pam_code) return pam_to_nt_status_map[i].ntstatus; } return NT_STATUS_UNSUCCESSFUL; }
/***************************************************************************** convert a dos eclas/ecode to a NT status32 code *****************************************************************************/ NTSTATUS dos_to_ntstatus(uint8 eclass, uint32 ecode) { int i; if (eclass == 0) return NT_STATUS_OK; for (i=0; NT_STATUS_V(dos_to_ntstatus_map[i].ntstatus); i++) { if (eclass == dos_to_ntstatus_map[i].dos_class && ecode == dos_to_ntstatus_map[i].dos_code) { return dos_to_ntstatus_map[i].ntstatus; } } return NT_STATUS_UNSUCCESSFUL; }
/* turn a NTSTATUS into a MprVar object with lots of funky properties */ struct MprVar mprNTSTATUS(NTSTATUS status) { struct MprVar res; res = mprObject("ntstatus"); mprSetVar(&res, "errstr", mprString(nt_errstr(status))); mprSetVar(&res, "v", mprCreateIntegerVar(NT_STATUS_V(status))); mprSetVar(&res, "is_ok", mprCreateBoolVar(NT_STATUS_IS_OK(status))); mprSetVar(&res, "is_err", mprCreateBoolVar(NT_STATUS_IS_ERR(status))); return res; }
static PyObject *samr_enum_dom_groups(PyObject *self, PyObject *args, PyObject *kw) { samr_domain_hnd_object *domain_hnd = (samr_domain_hnd_object *)self; static char *kwlist[] = { NULL }; TALLOC_CTX *mem_ctx; /* uint32 desired_access = MAXIMUM_ALLOWED_ACCESS; */ uint32 start_idx, size, num_dom_groups; struct acct_info *dom_groups; NTSTATUS result; PyObject *py_result = NULL; if (!PyArg_ParseTupleAndKeywords(args, kw, "", kwlist)) return NULL; if (!(mem_ctx = talloc_init("samr_enum_dom_groups"))) { PyErr_SetString(samr_error, "unable to init talloc context"); return NULL; } start_idx = 0; size = 0xffff; do { result = rpccli_samr_enum_dom_groups( domain_hnd->cli, mem_ctx, &domain_hnd->domain_pol, &start_idx, size, &dom_groups, &num_dom_groups); if (NT_STATUS_IS_OK(result) || NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) { py_from_acct_info(&py_result, dom_groups, num_dom_groups); } } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)); return py_result; }
static int get_exit_code(struct cli_state * cli, NTSTATUS nt_status) { int i; /* List of NTSTATUS errors that are considered * authentication errors */ static const NTSTATUS auth_errors[] = { NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_VIOLATION, NT_STATUS_SHARING_VIOLATION, NT_STATUS_PRIVILEGE_NOT_HELD, NT_STATUS_INVALID_ACCOUNT_NAME, NT_STATUS_NO_SUCH_USER, NT_STATUS_WRONG_PASSWORD, NT_STATUS_LOGON_FAILURE, NT_STATUS_ACCOUNT_RESTRICTION, NT_STATUS_INVALID_LOGON_HOURS, NT_STATUS_PASSWORD_EXPIRED, NT_STATUS_ACCOUNT_DISABLED }; fprintf(stderr, "DEBUG: get_exit_code(cli=%p, nt_status=%x)\n", cli, NT_STATUS_V(nt_status)); for (i = 0; i < ARRAY_SIZE(auth_errors); i++) { if (!NT_STATUS_EQUAL(nt_status, auth_errors[i])) { continue; } if (cli) { if (cli->use_kerberos && cli->got_kerberos_mechanism) fputs("ATTR: auth-info-required=negotiate\n", stderr); else fputs("ATTR: auth-info-required=username,password\n", stderr); } /* * 2 = authentication required... */ return (2); } /* * 1 = fail */ return (1); }
/* start a centry for output. When finished, call centry_end() */ struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status) { struct cache_entry *centry; if (!wcache->tdb) return NULL; centry = smb_xmalloc(sizeof(*centry)); centry->len = 8192; /* reasonable default */ centry->data = smb_xmalloc(centry->len); centry->ofs = 0; centry->sequence_number = domain->sequence_number; centry_put_uint32(centry, NT_STATUS_V(status)); centry_put_uint32(centry, centry->sequence_number); return centry; }