The Samba-Bugzilla – Attachment 13024 Details for
Bug 9048
Samba4 ldap error codes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-6-test (part1 without tests)
tmp46.diff.txt (text/plain), 3.68 KB, created by
Stefan Metzmacher
on 2017-03-06 18:38:29 UTC
(
hide
)
Description:
Patches for v4-6-test (part1 without tests)
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2017-03-06 18:38:29 UTC
Size:
3.68 KB
patch
obsolete
>From b97419722c70db4ff75d27d73ac7a1f51cb9ea9e Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 2 Mar 2017 17:19:21 +0100 >Subject: [PATCH 1/2] ldb-samba: remember the error string of a failing bind in > ildb_connect() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 4738754e7d7216f6acf790827459bb5da6b0a110) >--- > lib/ldb-samba/ldb_ildap.c | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/lib/ldb-samba/ldb_ildap.c b/lib/ldb-samba/ldb_ildap.c >index 65f11db..541971f 100644 >--- a/lib/ldb-samba/ldb_ildap.c >+++ b/lib/ldb-samba/ldb_ildap.c >@@ -863,6 +863,7 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, > return LDB_SUCCESS; > > failed: >+ ldb_set_errstring(ldb, ldap_errstr(ildb->ldap, module, status)); > talloc_free(module); > if (NT_STATUS_IS_LDAP(status)) { > return NT_STATUS_LDAP_CODE(status); >-- >1.9.1 > > >From 4b47e326345e31ecf8949ad050ddd5f3afa55cde Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 24 Feb 2017 18:30:56 +0100 >Subject: [PATCH 2/2] s4:ldap_server: match windows in the error messages of > failing LDAP Bind requests > >This is important for some applications to detect the >NT_STATUS_PASSWORD_MUST_CHANGE condition correctly. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 81ccdad9d045a7a6d6a569d1685bb0bf4e64d12a) >--- > source4/ldap_server/ldap_bind.c | 37 +++++++++++++++++++++++++++++++++++-- > 1 file changed, 35 insertions(+), 2 deletions(-) > >diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c >index 1264d11..aad8931 100644 >--- a/source4/ldap_server/ldap_bind.c >+++ b/source4/ldap_server/ldap_bind.c >@@ -29,6 +29,37 @@ > #include "param/param.h" > #include "../lib/util/tevent_ntstatus.h" > >+static char *ldapsrv_bind_error_msg(TALLOC_CTX *mem_ctx, >+ HRESULT hresult, >+ uint32_t DSID, >+ NTSTATUS status) >+{ >+ WERROR werr; >+ char *msg = NULL; >+ >+ status = nt_status_squash(status); >+ werr = ntstatus_to_werror(status); >+ >+ /* >+ * There are 4 lower case hex digits following 'v' at the end, >+ * but different Windows Versions return different values: >+ * >+ * Windows 2008R2 uses 'v1db1' >+ * Windows 2012R2 uses 'v2580' >+ * >+ * We just match Windows 2008R2 as that's what was referenced >+ * in https://bugzilla.samba.org/show_bug.cgi?id=9048 >+ */ >+ msg = talloc_asprintf(mem_ctx, "%08X: LdapErr: DSID-%08X, comment: " >+ "AcceptSecurityContext error, data %x, v1db1", >+ (unsigned)HRES_ERROR_V(hresult), >+ (unsigned)DSID, >+ (unsigned)W_ERROR_V(werr)); >+ >+ return msg; >+} >+ >+ > static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) > { > struct ldap_BindRequest *req = &call->request->r.BindRequest; >@@ -95,7 +126,8 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) > status = nt_status_squash(status); > > result = LDAP_INVALID_CREDENTIALS; >- errstr = talloc_asprintf(reply, "Simple Bind Failed: %s", nt_errstr(status)); >+ errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_INVALID_TOKEN, >+ 0x0C0903A9, status); > } > > do_reply: >@@ -344,7 +376,8 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) > status = nt_status_squash(status); > if (result == 0) { > result = LDAP_INVALID_CREDENTIALS; >- errstr = talloc_asprintf(reply, "SASL:[%s]: %s", req->creds.SASL.mechanism, nt_errstr(status)); >+ errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_LOGON_DENIED, >+ 0x0C0904DC, status); > } > talloc_unlink(conn, conn->gensec); > conn->gensec = NULL; >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13024">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review?
(
slow
)
abartlet
:
review+
Actions:
View
Attachments on
bug 9048
:
12975
|
13019
|
13020
| 13024 |
13025