The Samba-Bugzilla – Attachment 12975 Details for
Bug 9048
Samba4 ldap error codes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Work in progress patch for master
tmp.diff.txt (text/plain), 2.25 KB, created by
Stefan Metzmacher
on 2017-02-24 17:38:24 UTC
(
hide
)
Description:
Work in progress patch for master
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2017-02-24 17:38:24 UTC
Size:
2.25 KB
patch
obsolete
>From fe3885f30e0600e58c16c14c7f42cd8ee55b9523 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 24 Feb 2017 18:30:56 +0100 >Subject: [PATCH] s4:ldap_server: match windows in the error messages of > failing LDAP Bind requests > >This is important for some applications to detect the >NT_STATUS_PASSWORD_MUST_CHANGE condition correctly. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source4/ldap_server/ldap_bind.c | 27 +++++++++++++++++++++++++-- > 1 file changed, 25 insertions(+), 2 deletions(-) > >diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c >index 1264d11..fc7c209 100644 >--- a/source4/ldap_server/ldap_bind.c >+++ b/source4/ldap_server/ldap_bind.c >@@ -29,6 +29,27 @@ > #include "param/param.h" > #include "../lib/util/tevent_ntstatus.h" > >+static char *ldapsrv_bind_error_msg(TALLOC_CTX *mem_ctx, >+ HRESULT hresult, >+ uint32_t DSID, >+ NTSTATUS status) >+{ >+ WERROR werr; >+ char *msg = NULL; >+ >+ status = nt_status_squash(status); >+ werr = ntstatus_to_werror(status); >+ >+ msg = talloc_asprintf(mem_ctx, "%08X: LdapErr: DSID-%08X, comment: " >+ "AcceptSecurityContext error, data %x, v1db1", >+ (unsigned)HRES_ERROR_V(hresult), >+ (unsigned)DSID, >+ (unsigned)W_ERROR_V(werr)); >+ >+ return msg; >+} >+ >+ > static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) > { > struct ldap_BindRequest *req = &call->request->r.BindRequest; >@@ -95,7 +116,8 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) > status = nt_status_squash(status); > > result = LDAP_INVALID_CREDENTIALS; >- errstr = talloc_asprintf(reply, "Simple Bind Failed: %s", nt_errstr(status)); >+ errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_INVALID_TOKEN, >+ 0x0C0903A9, status); > } > > do_reply: >@@ -344,7 +366,8 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) > status = nt_status_squash(status); > if (result == 0) { > result = LDAP_INVALID_CREDENTIALS; >- errstr = talloc_asprintf(reply, "SASL:[%s]: %s", req->creds.SASL.mechanism, nt_errstr(status)); >+ errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_LOGON_DENIED, >+ 0x0C0904DC, status); > } > talloc_unlink(conn, conn->gensec); > conn->gensec = NULL; >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9048
: 12975 |
13019
|
13020
|
13024
|
13025