diff options
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/auth.h | 1 | ||||
-rw-r--r-- | source4/auth/gensec/gensec.h | 2 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_util.c | 24 |
3 files changed, 1 insertions, 26 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 70df694b1e..0e0aa01f4d 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -189,7 +189,6 @@ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, struct loadparm_context *lp_ctx, struct auth_session_info **_session_info) ; -NTSTATUS auth_nt_status_squash(NTSTATUS nt_status); NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, struct tevent_context *ev, diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index ad581e2fa5..3c5257c195 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -274,7 +274,7 @@ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security); NTSTATUS gensec_session_info(struct gensec_security *gensec_security, struct auth_session_info **session_info); -NTSTATUS auth_nt_status_squash(NTSTATUS nt_status); +NTSTATUS nt_status_squash(NTSTATUS nt_status); struct netlogon_creds_CredentialState; NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c index 605cd980c6..d6b53dd4c5 100644 --- a/source4/auth/ntlm/auth_util.c +++ b/source4/auth/ntlm/auth_util.c @@ -231,27 +231,3 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex return NT_STATUS_OK; } - - -/** - * Squash an NT_STATUS in line with security requirements. - * In an attempt to avoid giving the whole game away when users - * are authenticating, NT replaces both NT_STATUS_NO_SUCH_USER and - * NT_STATUS_WRONG_PASSWORD with NT_STATUS_LOGON_FAILURE in certain situations - * (session setups in particular). - * - * @param nt_status NTSTATUS input for squashing. - * @return the 'squashed' nt_status - **/ -_PUBLIC_ NTSTATUS auth_nt_status_squash(NTSTATUS nt_status) -{ - if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) { - /* Match WinXP and don't give the game away */ - return NT_STATUS_LOGON_FAILURE; - } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) { - /* Match WinXP and don't give the game away */ - return NT_STATUS_LOGON_FAILURE; - } - - return nt_status; -} |