Added better error mapping for NEGO results.

2026-04-14 08:24:16 +09:00 · 2017-10-25 09:56:39 +02:00
parent 86bb1e07a8
commit 367bddd7ad
2 changed files with 30 additions and 2 deletions
--- a/include/freerdp/error.h
+++ b/include/freerdp/error.h
@@ -239,6 +239,9 @@ FREERDP_API const char* freerdp_get_error_base_name(UINT32 code);
 #define ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED				0x0000000C
 #define ERRCONNECT_CONNECT_TRANSPORT_FAILED				0x0000000D
 #define ERRCONNECT_PASSWORD_EXPIRED					0x0000000E
+#define ERRCONNECT_ACCOUNT_DISABLED					0x0000000F
+#define ERRCONNECT_PASSWORD_MUST_CHANGE					0x00000010
+
 /* For non-domain workstation where we can't contact a kerberos server */
 #define ERRCONNECT_PASSWORD_CERTAINLY_EXPIRED				0x0000000F
 #define ERRCONNECT_CLIENT_REVOKED				0x00000010
@@ -294,6 +297,12 @@ FREERDP_API const char* freerdp_get_error_connect_name(UINT32 code);
 #define FREERDP_ERROR_CONNECT_PASSWORD_EXPIRED \
 	MAKE_FREERDP_ERROR(CONNECT, ERRCONNECT_PASSWORD_EXPIRED)

+#define FREERDP_ERROR_CONNECT_PASSWORD_MUST_CHANGE \
+	MAKE_FREERDP_ERROR(CONNECT, ERRCONNECT_PASSWORD_MUST_CHANGE)
+
+#define FREERDP_ERROR_CONNECT_ACCOUNT_DISABLED \
+	MAKE_FREERDP_ERROR(CONNECT, ERRCONNECT_ACCOUNT_DISABLED)
+
 #define FREERDP_ERROR_CONNECT_PASSWORD_CERTAINLY_EXPIRED \
 	MAKE_FREERDP_ERROR(CONNECT, ERRCONNECT_PASSWORD_CERTAINLY_EXPIRED)

--- a/libfreerdp/core/nla.c
+++ b/libfreerdp/core/nla.c
@@ -1623,8 +1623,27 @@ int nla_recv_pdu(rdpNla* nla, wStream* s)

 	if (nla->errorCode)
 	{
-		WLog_ERR(TAG, "SPNEGO failed with NTSTATUS: 0x%08"PRIX32"", nla->errorCode);
-		freerdp_set_last_error(nla->instance->context, nla->errorCode);
+		UINT32 code;
+		switch (nla->errorCode)
+		{
+		    case STATUS_PASSWORD_MUST_CHANGE:
+			    code = FREERDP_ERROR_CONNECT_PASSWORD_MUST_CHANGE;
+			    break;
+
+		    case STATUS_PASSWORD_EXPIRED:
+			    code = FREERDP_ERROR_CONNECT_PASSWORD_EXPIRED;
+			    break;
+
+		    case STATUS_ACCOUNT_DISABLED:
+			    code = FREERDP_ERROR_CONNECT_ACCOUNT_DISABLED;
+			    break;
+
+		    default:
+			    WLog_ERR(TAG, "SPNEGO failed with NTSTATUS: 0x%08"PRIX32"", nla->errorCode);
+				code = FREERDP_ERROR_CONNECT_FAILED;
+			    break;
+		}
+		freerdp_set_last_error(nla->instance->context, code);
 		return -1;
 	}