summaryrefslogtreecommitdiff
path: root/source4/libcli/util
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2011-03-03 01:05:33 +0100
committerGünther Deschner <gd@samba.org>2011-03-04 01:18:42 +0100
commitdc35442fb163c6f14cf8c5730056a4a094ead85a (patch)
tree5e90c6b5ae6010bb5965db4a61f712827ed8211d /source4/libcli/util
parent9f4b3b103fea1f2b5f54bae79a86b1490ddc21eb (diff)
downloadsamba-dc35442fb163c6f14cf8c5730056a4a094ead85a.tar.gz
samba-dc35442fb163c6f14cf8c5730056a4a094ead85a.tar.bz2
samba-dc35442fb163c6f14cf8c5730056a4a094ead85a.zip
s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.c
Guenther
Diffstat (limited to 'source4/libcli/util')
-rw-r--r--source4/libcli/util/nterr.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/source4/libcli/util/nterr.c b/source4/libcli/util/nterr.c
index cb0c081602..ca998bbf6f 100644
--- a/source4/libcli/util/nterr.c
+++ b/source4/libcli/util/nterr.c
@@ -929,3 +929,30 @@ NTSTATUS nt_status_string_to_code(const char *nt_status_str)
}
return NT_STATUS_UNSUCCESSFUL;
}
+
+/**
+ * Squash an NT_STATUS in line with security requirements.
+ * In an attempt to avoid giving the whole game away when users
+ * are authenticating, NT replaces both NT_STATUS_NO_SUCH_USER and
+ * NT_STATUS_WRONG_PASSWORD with NT_STATUS_LOGON_FAILURE in certain situations
+ * (session setups in particular).
+ *
+ * @param nt_status NTSTATUS input for squashing.
+ * @return the 'squashed' nt_status
+ **/
+
+NTSTATUS nt_status_squash(NTSTATUS nt_status)
+{
+ if NT_STATUS_IS_OK(nt_status) {
+ return nt_status;
+ } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) {
+ /* Match WinXP and don't give the game away */
+ return NT_STATUS_LOGON_FAILURE;
+
+ } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) {
+ /* Match WinXP and don't give the game away */
+ return NT_STATUS_LOGON_FAILURE;
+ } else {
+ return nt_status;
+ }
+}