ipaserver/dcerpc: unify error processing

Samba error code reporting changes from version to version but we also did not provide proper input into DCE RPC error processing method we have. Unify error processing and add few more fallback entries. With Samba 4.7 we'll have to change it again because error code processing for Samba Python modules will change with introduction of samba.ntstatus and samba.werror modules. Note that this commit also changes a message returned for error code -1073741772 (NT_STATUS_OBJECT_NOT_FOUND) because it is more general one. Fixes https://pagure.io/freeipa/issue/6859 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-04-03 10:29:21 +03:00
parent bf67974459
commit aef77b3529
1 changed files with 17 additions and 6 deletions
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -117,19 +117,27 @@ dcerpc_error_codes = {
                  # we simply will skip the binding
        access_denied_error,
    -1073741772:  # NT_STATUS_OBJECT_NAME_NOT_FOUND
-        errors.RemoteRetrieveError(
-            reason=_('CIFS server configuration does not allow '
-                     'access to \\\\pipe\\lsarpc')),
+        errors.NotFound(
+            reason=_('Cannot find specified domain or server name')),
 }

 dcerpc_error_messages = {
    "NT_STATUS_OBJECT_NAME_NOT_FOUND":
        errors.NotFound(
            reason=_('Cannot find specified domain or server name')),
+    "The object name is not found.":
+        errors.NotFound(
+            reason=_('Cannot find specified domain or server name')),
    "WERR_NO_LOGON_SERVERS":
        errors.RemoteRetrieveError(
            reason=_('AD DC was unable to reach any IPA domain controller. '
                     'Most likely it is a DNS or firewall issue')),
+    # This is a very long key, don't change it
+    "There are currently no logon servers available to "
+    "service the logon request.":
+        errors.RemoteRetrieveError(
+            reason=_('AD DC was unable to reach any IPA domain controller. '
+                     'Most likely it is a DNS or firewall issue')),
    "NT_STATUS_INVALID_PARAMETER_MIX":
        errors.RequirementError(
            name=_('At least the domain or IP address should be specified')),
@@ -802,7 +810,8 @@ class DomainValidator(object):

        # Both methods should not fail at the same time
        if finddc_error and len(info['gc']) == 0:
-            raise assess_dcerpc_exception(message=str(finddc_error))
+            num, message = e.args  # pylint: disable=unpacking-non-sequence
+            raise assess_dcerpc_exception(num=num, message=message)

        self._info[domain] = info
        return info
@@ -908,7 +917,8 @@ class TrustDomainInstance(object):
            else:
                result = netrc.finddc(address=remote_host, flags=flags)
        except RuntimeError as e:
-            raise assess_dcerpc_exception(message=str(e))
+            num, message = e.args  # pylint: disable=unpacking-non-sequence
+            raise assess_dcerpc_exception(num=num, message=message)

        if not result:
            return False
@@ -1408,7 +1418,8 @@ def fetch_domains(api, mydomain, trustdomain, creds=None, server=None):
            result = netrc.finddc(domain=trustdomain,
                                  flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS)
    except RuntimeError as e:
-        raise assess_dcerpc_exception(message=str(e))
+        num, message = e.args  # pylint: disable=unpacking-non-sequence
+        raise assess_dcerpc_exception(num=num, message=message)

    td.info['dc'] = unicode(result.pdc_dns_name)
    td.info['name'] = unicode(result.dns_domain)