sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

r17571: Change the return code of cli_session_setup from BOOL to NTSTATUS

Browse Source 
Volker
(This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
This commit is contained in:
Volker Lendecke 2006-08-16 17:14:16 +00:00 committed by Gerald (Jerry) Carter
parent 0be131725f
commit b29915d611
12 changed files with 148 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
source3/auth/auth_server.c
View File

@ -120,8 +120,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
this one...
*/
if (!cli_session_setup(cli, "", "", 0, "", 0,
"")) {
if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0,
""))) {
DEBUG(0,("%s rejected the initial session setup (%s)\n",
desthost, cli_errstr(cli)));
release_server_mutex();
@ -241,7 +241,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
return nt_status;
}
cli = my_private_data;
cli = (struct cli_state *)my_private_data;
if (cli) {
} else {
@ -296,8 +296,12 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
*/
if ((!tested_password_server) && (lp_paranoid_server_security())) {
if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass),
(char *)badpass, sizeof(badpass), user_info->domain)) {
if (NT_STATUS_IS_OK(cli_session_setup(cli, baduser,
(char *)badpass,
sizeof(badpass),
(char *)badpass,
sizeof(badpass),
user_info->domain))) {
/*
* We connected to the password server so we
@ -343,30 +347,25 @@ use this machine as the password server.\n"));
if (!user_info->encrypted) {
/* Plaintext available */
if (!cli_session_setup(cli, user_info->smb_name,
(char *)user_info->plaintext_password.data,
user_info->plaintext_password.length,
NULL, 0,
user_info->domain)) {
DEBUG(1,("password server %s rejected the password\n", cli->desthost));
/* Make this cli_nt_error() when the conversion is in */
nt_status = cli_nt_error(cli);
} else {
nt_status = NT_STATUS_OK;
}
nt_status = cli_session_setup(
cli, user_info->smb_name,
(char *)user_info->plaintext_password.data,
user_info->plaintext_password.length,
NULL, 0, user_info->domain);
} else {
if (!cli_session_setup(cli, user_info->smb_name,
(char *)user_info->lm_resp.data,
user_info->lm_resp.length,
(char *)user_info->nt_resp.data,
user_info->nt_resp.length,
user_info->domain)) {
DEBUG(1,("password server %s rejected the password\n", cli->desthost));
/* Make this cli_nt_error() when the conversion is in */
nt_status = cli_nt_error(cli);
} else {
nt_status = NT_STATUS_OK;
}
nt_status = cli_session_setup(
cli, user_info->smb_name,
(char *)user_info->lm_resp.data,
user_info->lm_resp.length,
(char *)user_info->nt_resp.data,
user_info->nt_resp.length,
user_info->domain);
}
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("password server %s rejected the password: %s\n",
cli->desthost, nt_errstr(nt_status)));
}
/* if logged in as guest then reject */

16
source3/client/client.c
View File

@ -432,7 +432,7 @@ static void init_do_list_queue(void)
{
reset_do_list_queue();
do_list_queue_size = 1024;
do_list_queue = SMB_MALLOC(do_list_queue_size);
do_list_queue = (char *)SMB_MALLOC(do_list_queue_size);
if (do_list_queue == 0) {
d_printf("malloc fail for size %d\n",
(int)do_list_queue_size);
@ -476,7 +476,7 @@ static void add_to_do_list_queue(const char* entry)
do_list_queue_size *= 2;
DEBUG(4,("enlarging do_list_queue to %d\n",
(int)do_list_queue_size));
do_list_queue = SMB_REALLOC(do_list_queue, do_list_queue_size);
do_list_queue = (char *)SMB_REALLOC(do_list_queue, do_list_queue_size);
if (! do_list_queue) {
d_printf("failure enlarging do_list_queue to %d bytes\n",
(int)do_list_queue_size);
@ -2879,10 +2879,10 @@ static int cmd_logon(void)
else
pstrcpy(l_password, buf2);
if (!cli_session_setup(cli, l_username,
l_password, strlen(l_password),
l_password, strlen(l_password),
lp_workgroup())) {
if (!NT_STATUS_IS_OK(cli_session_setup(cli, l_username,
l_password, strlen(l_password),
l_password, strlen(l_password),
lp_workgroup()))) {
d_printf("session setup failed: %s\n", cli_errstr(cli));
return -1;
}
@ -3198,7 +3198,7 @@ static char **remote_completion(const char *text, int len)
if (info.count == 2)
info.matches[0] = SMB_STRDUP(info.matches[1]);
else {
info.matches[0] = SMB_MALLOC(info.samelen+1);
info.matches[0] = (char *)SMB_MALLOC(info.samelen+1);
if (!info.matches[0])
goto cleanup;
strncpy(info.matches[0], info.matches[1], info.samelen);
@ -3282,7 +3282,7 @@ static char **completion_fn(const char *text, int start, int end)
matches[0] = SMB_STRDUP(matches[1]);
break;
default:
matches[0] = SMB_MALLOC(samelen+1);
matches[0] = (char *)SMB_MALLOC(samelen+1);
if (!matches[0])
goto cleanup;
strncpy(matches[0], matches[1], samelen);

7
source3/client/smbspool.c
View File

@ -429,9 +429,10 @@ static struct cli_state
}
if (!cli_session_setup(cli, username, password, strlen(password)+1,
password, strlen(password)+1,
workgroup))
if (!NT_STATUS_IS_OK(cli_session_setup(cli, username,
password, strlen(password)+1,
password, strlen(password)+1,
workgroup)))
{
fprintf(stderr,"ERROR: Session setup failed: %s\n", cli_errstr(cli));
if (NT_STATUS_V(cli_nt_error(cli)) ==

65
source3/libsmb/cliconnect.c
View File

@ -802,11 +802,11 @@ ntlmssp:
password is in plaintext, the same should be done.
****************************************************************************/
BOOL cli_session_setup(struct cli_state *cli,
const char *user,
const char *pass, int passlen,
const char *ntpass, int ntpasslen,
const char *workgroup)
NTSTATUS cli_session_setup(struct cli_state *cli,
const char *user,
const char *pass, int passlen,
const char *ntpass, int ntpasslen,
const char *workgroup)
{
char *p;
fstring user2;
@ -820,8 +820,9 @@ BOOL cli_session_setup(struct cli_state *cli,
workgroup = user2;
}
if (cli->protocol < PROTOCOL_LANMAN1)
return True;
if (cli->protocol < PROTOCOL_LANMAN1) {
return NT_STATUS_OK;
}
/* now work out what sort of session setup we are going to
do. I have split this into separate functions to make the
@ -833,31 +834,34 @@ BOOL cli_session_setup(struct cli_state *cli,
if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
DEBUG(1, ("Server requested LM password but 'client lanman auth'"
" is disabled\n"));
return False;
return NT_STATUS_ACCESS_DENIED;
}
if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
!lp_client_plaintext_auth() && (*pass)) {
DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
" is disabled\n"));
return False;
return NT_STATUS_ACCESS_DENIED;
}
return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup);
return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup) ?
NT_STATUS_OK : cli_nt_error(cli);
}
/* if no user is supplied then we have to do an anonymous connection.
passwords are ignored */
if (!user || !*user)
return cli_session_setup_guest(cli);
return cli_session_setup_guest(cli) ?
NT_STATUS_OK : cli_nt_error(cli);
/* if the server is share level then send a plaintext null
password at this point. The password is sent in the tree
connect */
if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
return cli_session_setup_plaintext(cli, user, "", workgroup);
return cli_session_setup_plaintext(cli, user, "", workgroup) ?
NT_STATUS_OK : cli_nt_error(cli);
/* if the server doesn't support encryption then we have to use
plaintext. The second password is ignored */
@ -866,9 +870,10 @@ BOOL cli_session_setup(struct cli_state *cli,
if (!lp_client_plaintext_auth() && (*pass)) {
DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
" is disabled\n"));
return False;
return NT_STATUS_ACCESS_DENIED;
}
return cli_session_setup_plaintext(cli, user, pass, workgroup);
return cli_session_setup_plaintext(cli, user, pass, workgroup) ?
NT_STATUS_OK : cli_nt_error(cli);
}
/* if the server supports extended security then use SPNEGO */
@ -877,13 +882,13 @@ BOOL cli_session_setup(struct cli_state *cli,
ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup);
if (!ADS_ERR_OK(status)) {
DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
return False;
return ads_ntstatus(status);
}
} else {
/* otherwise do a NT1 style session setup */
if ( !cli_session_setup_nt1(cli, user, pass, passlen, ntpass, ntpasslen, workgroup) ) {
DEBUG(3,("cli_session_setup: NT1 session setup failed!\n"));
return False;
return cli_nt_error(cli);
}
}
@ -891,7 +896,7 @@ BOOL cli_session_setup(struct cli_state *cli,
cli->is_samba = True;
}
return True;
return NT_STATUS_OK;
}
@ -1510,20 +1515,26 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
return nt_status;
}
if (!cli_session_setup(cli, user, password, pw_len, password, pw_len, domain)) {
if ((flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)
&& cli_session_setup(cli, "", "", 0, "", 0, domain)) {
} else {
nt_status = cli_nt_error(cli);
DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status)));
nt_status = cli_session_setup(cli, user, password, pw_len, password,
pw_len, domain);
if (!NT_STATUS_IS_OK(nt_status)) {
if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)) {
DEBUG(1,("failed session setup with %s\n",
nt_errstr(nt_status)));
cli_shutdown(cli);
if (NT_STATUS_IS_OK(nt_status)) {
nt_status = NT_STATUS_UNSUCCESSFUL;
}
return nt_status;
}
}
nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("anonymous failed session setup with %s\n",
nt_errstr(nt_status)));
cli_shutdown(cli);
return nt_status;
}
}
if (service) {
if (!cli_send_tconX(cli, service, service_type, password, pw_len)) {
nt_status = cli_nt_error(cli);

11
source3/libsmb/clidfs.c
View File

@ -127,13 +127,14 @@ static struct cli_state *do_connect( const char *server, const char *share,
}
}
if (!cli_session_setup(c, username,
password, strlen(password),
password, strlen(password),
lp_workgroup())) {
if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
password, strlen(password),
password, strlen(password),
lp_workgroup()))) {
/* if a password was not supplied then try again with a null username */
if (password[0] || !username[0] || use_kerberos ||
!cli_session_setup(c, "", "", 0, "", 0, lp_workgroup())) {
!NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0,
lp_workgroup()))) {
d_printf("session setup failed: %s\n", cli_errstr(c));
if (NT_STATUS_V(cli_nt_error(c)) ==
NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))

16
source3/libsmb/libsmbclient.c
View File

@ -814,19 +814,19 @@ smbc_server(SMBCCTX *context,
username_used = username;
if (!cli_session_setup(c, username_used,
password, strlen(password),
password, strlen(password),
workgroup)) {
if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
password, strlen(password),
password, strlen(password),
workgroup))) {
/* Failed. Try an anonymous login, if allowed by flags. */
username_used = "";
if ((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) ||
!cli_session_setup(c, username_used,
password, 1,
password, 0,
workgroup)) {
!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
password, 1,
password, 0,
workgroup))) {
cli_shutdown(c);
errno = EPERM;

39
source3/libsmb/passchange.c
View File

@ -80,39 +80,38 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
/* Given things like SMB signing, restrict anonymous and the like,
try an authenticated connection first */
if (!cli_session_setup(cli, user_name, old_passwd, strlen(old_passwd)+1, old_passwd, strlen(old_passwd)+1, "")) {
result = cli_session_setup(cli, user_name,
old_passwd, strlen(old_passwd)+1,
old_passwd, strlen(old_passwd)+1, "");
result = cli_nt_error(cli);
if (!NT_STATUS_IS_OK(result)) {
if (!NT_STATUS_IS_OK(result)) {
/* Password must change is the only valid error condition here
* from where we can proceed, the rest like account locked out
* or logon failure will lead to errors later anyway */
/* Password must change is the only valid error
* condition here from where we can proceed, the rest
* like account locked out or logon failure will lead
* to errors later anyway */
if (!NT_STATUS_EQUAL(result,
NT_STATUS_PASSWORD_MUST_CHANGE)) {
slprintf(err_str, err_str_len-1, "Could not "
"connect to machine %s: %s\n",
remote_machine, cli_errstr(cli));
cli_shutdown(cli);
return result;
}
pass_must_change = True;
if (!NT_STATUS_EQUAL(result,
NT_STATUS_PASSWORD_MUST_CHANGE)) {
slprintf(err_str, err_str_len-1, "Could not "
"connect to machine %s: %s\n",
remote_machine, cli_errstr(cli));
cli_shutdown(cli);
return result;
}
pass_must_change = True;
/*
* We should connect as the anonymous user here, in case
* the server has "must change password" checked...
* Thanks to <Nicholas.S.Jenkins@cdc.com> for this fix.
*/
if (!cli_session_setup(cli, "", "", 0, "", 0, "")) {
result = cli_session_setup(cli, "", "", 0, "", 0, "");
if (!NT_STATUS_IS_OK(result)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",
remote_machine, cli_errstr(cli) );
result = cli_nt_error(cli);
cli_shutdown(cli);
return result;
}

3
source3/nmbd/nmbd_synclists.c
View File

@ -98,7 +98,8 @@ static void sync_child(char *name, int nm_type,
return;
}
if (!cli_session_setup(cli, "", "", 1, "", 0, workgroup)) {
if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 1, "", 0,
workgroup))) {
cli_shutdown(cli);
return;
}

18
source3/nsswitch/winbindd_cm.c
View File

@ -75,9 +75,9 @@
static void cm_get_ipc_userpass(char **username, char **domain, char **password)
{
*username = secrets_fetch(SECRETS_AUTH_USER, NULL);
*domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
*password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
*username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL);
*domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
*password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
if (*username && **username) {
@ -326,10 +326,11 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
"[%s]\\[%s]\n", controller, global_myname(),
ipc_domain, ipc_username));
if (cli_session_setup(*cli, ipc_username,
ipc_password, strlen(ipc_password)+1,
ipc_password, strlen(ipc_password)+1,
ipc_domain)) {
if (NT_STATUS_IS_OK(cli_session_setup(
*cli, ipc_username,
ipc_password, strlen(ipc_password)+1,
ipc_password, strlen(ipc_password)+1,
ipc_domain))) {
/* Successful logon with given username. */
cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password);
goto session_setup_done;
@ -341,7 +342,8 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
/* Fall back to anonymous connection, this might fail later */
if (cli_session_setup(*cli, "", NULL, 0, NULL, 0, "")) {
if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0,
NULL, 0, ""))) {
DEBUG(5, ("Connected anonymously\n"));
cli_init_creds(*cli, "", "", "");
goto session_setup_done;

10
source3/torture/locktest.c
View File

@ -220,10 +220,12 @@ static struct cli_state *connect_one(char *share, int snum)
fstrcpy(username[1], username[0]);
}
if (!cli_session_setup(c, username[snum],
password[snum], strlen(password[snum]),
password[snum], strlen(password[snum]),
lp_workgroup())) {
if (!NT_STATUS_IS_OK(cli_session_setup(c, username[snum],
password[snum],
strlen(password[snum]),
password[snum],
strlen(password[snum]),
lp_workgroup()))) {
DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
return NULL;
}

8
source3/torture/masktest.c
View File

@ -216,10 +216,10 @@ struct cli_state *connect_one(char *share)
}
}
if (!cli_session_setup(c, username,
password, strlen(password),
password, strlen(password),
lp_workgroup())) {
if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
password, strlen(password),
password, strlen(password),
lp_workgroup()))) {
DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
return NULL;
}

29
source3/torture/torture.c
View File

@ -284,7 +284,10 @@ BOOL torture_cli_session_setup2(struct cli_state *cli, uint16 *new_vuid)
fstrcpy(old_user_name, cli->user_name);
cli->vuid = 0;
ret = cli_session_setup(cli, username, password, passlen, password, passlen, workgroup);
ret = NT_STATUS_IS_OK(cli_session_setup(cli, username,
password, passlen,
password, passlen,
workgroup));
*new_vuid = cli->vuid;
cli->vuid = old_vuid;
fstrcpy(cli->user_name, old_user_name);
@ -4682,8 +4685,8 @@ static BOOL run_error_map_extract(int dummy) {
return False;
}
if (!cli_session_setup(c_nt, "", "", 0, "", 0,
workgroup)) {
if (!NT_STATUS_IS_OK(cli_session_setup(c_nt, "", "", 0, "", 0,
workgroup))) {
printf("%s rejected the NT-error initial session setup (%s)\n",host, cli_errstr(c_nt));
return False;
}
@ -4703,8 +4706,8 @@ static BOOL run_error_map_extract(int dummy) {
return False;
}
if (!cli_session_setup(c_dos, "", "", 0, "", 0,
workgroup)) {
if (!NT_STATUS_IS_OK(cli_session_setup(c_dos, "", "", 0, "", 0,
workgroup))) {
printf("%s rejected the DOS-error initial session setup (%s)\n",host, cli_errstr(c_dos));
return False;
}
@ -4712,10 +4715,10 @@ static BOOL run_error_map_extract(int dummy) {
for (error=(0xc0000000 | 0x1); error < (0xc0000000| 0xFFF); error++) {
fstr_sprintf(user, "%X", error);
if (cli_session_setup(c_nt, user,
password, strlen(password),
password, strlen(password),
workgroup)) {
if (NT_STATUS_IS_OK(cli_session_setup(c_nt, user,
password, strlen(password),
password, strlen(password),
workgroup))) {
printf("/** Session setup succeeded. This shouldn't happen...*/\n");
}
@ -4730,10 +4733,10 @@ static BOOL run_error_map_extract(int dummy) {
nt_status = NT_STATUS(0xc0000000);
}
if (cli_session_setup(c_dos, user,
password, strlen(password),
password, strlen(password),
workgroup)) {
if (NT_STATUS_IS_OK(cli_session_setup(c_dos, user,
password, strlen(password),
password, strlen(password),
workgroup))) {
printf("/** Session setup succeeded. This shouldn't happen...*/\n");
}
flgs2 = SVAL(c_dos->inbuf,smb_flg2), errnum;