2025-02-08 05:57:51 +03:00 · 2006-08-16 17:14:16 +00:00 · 2006-08-16 17:14:16 +00:00 · b29915d611
commit b29915d611
parent 0be131725f
12 changed files with 148 additions and 129 deletions
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@ -120,8 +120,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
 	   this one... 
 	*/
-	if (!cli_session_setup(cli, "", "", 0, "", 0,
+	if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0,
-			       "")) {
+					       ""))) {
 		DEBUG(0,("%s rejected the initial session setup (%s)\n",
 			 desthost, cli_errstr(cli)));
 		release_server_mutex();
@ -241,7 +241,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
 		return nt_status;
 	}
-	cli = my_private_data;
+	cli = (struct cli_state *)my_private_data;
 	if (cli) {
 	} else {
@ -296,8 +296,12 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
 	 */
 	if ((!tested_password_server) && (lp_paranoid_server_security())) {
-		if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), 
+		if (NT_STATUS_IS_OK(cli_session_setup(cli, baduser,
-					(char *)badpass, sizeof(badpass), user_info->domain)) {
+						      (char *)badpass,
 						      sizeof(badpass), 
 						      (char *)badpass,
 						      sizeof(badpass),
 						      user_info->domain))) {
 			/*
 			 * We connected to the password server so we
@ -343,30 +347,25 @@ use this machine as the password server.\n"));
 	if (!user_info->encrypted) {
 		/* Plaintext available */
-		if (!cli_session_setup(cli, user_info->smb_name, 
+		nt_status = cli_session_setup(
-				       (char *)user_info->plaintext_password.data, 
+			cli, user_info->smb_name, 
-				       user_info->plaintext_password.length, 
+			(char *)user_info->plaintext_password.data, 
-				       NULL, 0,
+			user_info->plaintext_password.length, 
-				       user_info->domain)) {
+			NULL, 0, user_info->domain);
-			DEBUG(1,("password server %s rejected the password\n", cli->desthost));
+
 			/* Make this cli_nt_error() when the conversion is in */
 			nt_status = cli_nt_error(cli);
 		} else {
 			nt_status = NT_STATUS_OK;
 		}
 	} else {
-		if (!cli_session_setup(cli, user_info->smb_name, 
+		nt_status = cli_session_setup(
-				       (char *)user_info->lm_resp.data, 
+			cli, user_info->smb_name, 
-				       user_info->lm_resp.length, 
+			(char *)user_info->lm_resp.data, 
-				       (char *)user_info->nt_resp.data, 
+			user_info->lm_resp.length, 
-				       user_info->nt_resp.length, 
+			(char *)user_info->nt_resp.data, 
-				       user_info->domain)) {
+			user_info->nt_resp.length, 
-			DEBUG(1,("password server %s rejected the password\n", cli->desthost));
+			user_info->domain);
-			/* Make this cli_nt_error() when the conversion is in */
+	}
-			nt_status = cli_nt_error(cli);
+
-		} else {
+	if (!NT_STATUS_IS_OK(nt_status)) {
-			nt_status = NT_STATUS_OK;
+		DEBUG(1,("password server %s rejected the password: %s\n",
-		}
+			 cli->desthost, nt_errstr(nt_status)));
 	}
 	/* if logged in as guest then reject */
--- a/source3/client/client.c
+++ b/source3/client/client.c
@ -432,7 +432,7 @@ static void init_do_list_queue(void)
 {
 	reset_do_list_queue();
 	do_list_queue_size = 1024;
-	do_list_queue = SMB_MALLOC(do_list_queue_size);
+	do_list_queue = (char *)SMB_MALLOC(do_list_queue_size);
 	if (do_list_queue == 0) { 
 		d_printf("malloc fail for size %d\n",
 			 (int)do_list_queue_size);
@ -476,7 +476,7 @@ static void add_to_do_list_queue(const char* entry)
 		do_list_queue_size *= 2;
 		DEBUG(4,("enlarging do_list_queue to %d\n",
 			 (int)do_list_queue_size));
-		do_list_queue = SMB_REALLOC(do_list_queue, do_list_queue_size);
+		do_list_queue = (char *)SMB_REALLOC(do_list_queue, do_list_queue_size);
 		if (! do_list_queue) {
 			d_printf("failure enlarging do_list_queue to %d bytes\n",
 				 (int)do_list_queue_size);
@ -2879,10 +2879,10 @@ static int cmd_logon(void)
 	else
 		pstrcpy(l_password, buf2);
-	if (!cli_session_setup(cli, l_username, 
+	if (!NT_STATUS_IS_OK(cli_session_setup(cli, l_username, 
-			       l_password, strlen(l_password),
+					       l_password, strlen(l_password),
-			       l_password, strlen(l_password),
+					       l_password, strlen(l_password),
-			       lp_workgroup())) {
+					       lp_workgroup()))) {
 		d_printf("session setup failed: %s\n", cli_errstr(cli));
 		return -1;
 	}
@ -3198,7 +3198,7 @@ static char **remote_completion(const char *text, int len)
 	if (info.count == 2)
 		info.matches[0] = SMB_STRDUP(info.matches[1]);
 	else {
-		info.matches[0] = SMB_MALLOC(info.samelen+1);
+		info.matches[0] = (char *)SMB_MALLOC(info.samelen+1);
 		if (!info.matches[0])
 			goto cleanup;
 		strncpy(info.matches[0], info.matches[1], info.samelen);
@ -3282,7 +3282,7 @@ static char **completion_fn(const char *text, int start, int end)
 			matches[0] = SMB_STRDUP(matches[1]);
 			break;
 		default:
-			matches[0] = SMB_MALLOC(samelen+1);
+			matches[0] = (char *)SMB_MALLOC(samelen+1);
 			if (!matches[0])
 				goto cleanup;
 			strncpy(matches[0], matches[1], samelen);
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@ -429,9 +429,10 @@ static struct cli_state
  }
-  if (!cli_session_setup(cli, username, password, strlen(password)+1, 
+  if (!NT_STATUS_IS_OK(cli_session_setup(cli, username,
-                         password, strlen(password)+1,
+					 password, strlen(password)+1, 
-                         workgroup)) 
+					 password, strlen(password)+1,
 					 workgroup)))
  {
    fprintf(stderr,"ERROR: Session setup failed: %s\n", cli_errstr(cli));
    if (NT_STATUS_V(cli_nt_error(cli)) == 
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@ -802,11 +802,11 @@ ntlmssp:
 password is in plaintext, the same should be done.
 ****************************************************************************/
-BOOL cli_session_setup(struct cli_state *cli, 
+NTSTATUS cli_session_setup(struct cli_state *cli, 
-		       const char *user, 
+			   const char *user, 
-		       const char *pass, int passlen,
+			   const char *pass, int passlen,
-		       const char *ntpass, int ntpasslen,
+			   const char *ntpass, int ntpasslen,
-		       const char *workgroup)
+			   const char *workgroup)
 {
 	char *p;
 	fstring user2;
@ -820,8 +820,9 @@ BOOL cli_session_setup(struct cli_state *cli,
 		workgroup = user2;
 	}
-	if (cli->protocol < PROTOCOL_LANMAN1)
+	if (cli->protocol < PROTOCOL_LANMAN1) {
-		return True;
+		return NT_STATUS_OK;
 	}
 	/* now work out what sort of session setup we are going to
           do. I have split this into separate functions to make the
@ -833,31 +834,34 @@ BOOL cli_session_setup(struct cli_state *cli,
 		if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
 			DEBUG(1, ("Server requested LM password but 'client lanman auth'"
 				  " is disabled\n"));
-			return False;
+			return NT_STATUS_ACCESS_DENIED;
 		}
 		if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
 		    !lp_client_plaintext_auth() && (*pass)) {
 			DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
 				  " is disabled\n"));
-			return False;
+			return NT_STATUS_ACCESS_DENIED;
 		}
-		return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup);
+		return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup) ?
 			NT_STATUS_OK : cli_nt_error(cli);
 	}
 	/* if no user is supplied then we have to do an anonymous connection.
 	   passwords are ignored */
 	if (!user || !*user)
-		return cli_session_setup_guest(cli);
+		return cli_session_setup_guest(cli) ?
 			NT_STATUS_OK : cli_nt_error(cli);
 	/* if the server is share level then send a plaintext null
           password at this point. The password is sent in the tree
           connect */
 	if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0) 
-		return cli_session_setup_plaintext(cli, user, "", workgroup);
+		return cli_session_setup_plaintext(cli, user, "", workgroup) ?
                        NT_STATUS_OK : cli_nt_error(cli);
 	/* if the server doesn't support encryption then we have to use 
 	   plaintext. The second password is ignored */
@ -866,9 +870,10 @@ BOOL cli_session_setup(struct cli_state *cli,
 		if (!lp_client_plaintext_auth() && (*pass)) {
 			DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
 				  " is disabled\n"));
-			return False;
+			return NT_STATUS_ACCESS_DENIED;
 		}
-		return cli_session_setup_plaintext(cli, user, pass, workgroup);
+		return cli_session_setup_plaintext(cli, user, pass, workgroup) ?
                        NT_STATUS_OK : cli_nt_error(cli);
 	}
 	/* if the server supports extended security then use SPNEGO */
@ -877,13 +882,13 @@ BOOL cli_session_setup(struct cli_state *cli,
 		ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup);
 		if (!ADS_ERR_OK(status)) {
 			DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
-			return False;
+			return ads_ntstatus(status);
 		}
 	} else {
 		/* otherwise do a NT1 style session setup */
 		if ( !cli_session_setup_nt1(cli, user, pass, passlen, ntpass, ntpasslen, workgroup) ) {
 			DEBUG(3,("cli_session_setup: NT1 session setup failed!\n"));
-			return False;
+			return cli_nt_error(cli);
 		}
 	}
@ -891,7 +896,7 @@ BOOL cli_session_setup(struct cli_state *cli,
 		cli->is_samba = True;
 	}
-	return True;
+	return NT_STATUS_OK;
 }
@ -1510,20 +1515,26 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
 		return nt_status;
 	}
-	if (!cli_session_setup(cli, user, password, pw_len, password, pw_len, domain)) {
+	nt_status = cli_session_setup(cli, user, password, pw_len, password,
-		if ((flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)
+				      pw_len, domain);
-		    && cli_session_setup(cli, "", "", 0, "", 0, domain)) {
+	if (!NT_STATUS_IS_OK(nt_status)) {
-		} else {
+
-			nt_status = cli_nt_error(cli);
+		if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)) {
-			DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status)));
+			DEBUG(1,("failed session setup with %s\n",
 				 nt_errstr(nt_status)));
 			cli_shutdown(cli);
 			if (NT_STATUS_IS_OK(nt_status)) {
 				nt_status = NT_STATUS_UNSUCCESSFUL;
 			}
 			return nt_status;
 		}
 	} 
 		nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			DEBUG(1,("anonymous failed session setup with %s\n",
 				 nt_errstr(nt_status)));
 			cli_shutdown(cli);
 			return nt_status;
 		}
 	}
 	if (service) {
 		if (!cli_send_tconX(cli, service, service_type, password, pw_len)) {
 			nt_status = cli_nt_error(cli);
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@ -127,13 +127,14 @@ static struct cli_state *do_connect( const char *server, const char *share,
 		}
 	}
-	if (!cli_session_setup(c, username, 
+	if (!NT_STATUS_IS_OK(cli_session_setup(c, username, 
-			       password, strlen(password),
+					       password, strlen(password),
-			       password, strlen(password),
+					       password, strlen(password),
-			       lp_workgroup())) {
+					       lp_workgroup()))) {
 		/* if a password was not supplied then try again with a null username */
 		if (password[0] || !username[0] || use_kerberos ||
-		    !cli_session_setup(c, "", "", 0, "", 0, lp_workgroup())) { 
+		    !NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0,
 						       lp_workgroup()))) { 
 			d_printf("session setup failed: %s\n", cli_errstr(c));
 			if (NT_STATUS_V(cli_nt_error(c)) == 
 			    NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
--- a/source3/libsmb/libsmbclient.c
+++ b/source3/libsmb/libsmbclient.c
@ -814,19 +814,19 @@ smbc_server(SMBCCTX *context,
        username_used = username;
-	if (!cli_session_setup(c, username_used, 
+	if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used, 
-			       password, strlen(password),
+					       password, strlen(password),
-			       password, strlen(password),
+					       password, strlen(password),
-			       workgroup)) {
+					       workgroup))) {
                /* Failed.  Try an anonymous login, if allowed by flags. */
                username_used = "";
                if ((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) ||
-                     !cli_session_setup(c, username_used,
+                     !NT_STATUS_IS_OK(cli_session_setup(c, username_used,
-                                        password, 1,
+							password, 1,
-                                        password, 0,
+							password, 0,
-                                        workgroup)) {
+							workgroup))) {
                        cli_shutdown(c);
                        errno = EPERM;
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@ -80,39 +80,38 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
 	/* Given things like SMB signing, restrict anonymous and the like, 
 	   try an authenticated connection first */
-	if (!cli_session_setup(cli, user_name, old_passwd, strlen(old_passwd)+1, old_passwd, strlen(old_passwd)+1, "")) {
+	result = cli_session_setup(cli, user_name,
 				   old_passwd, strlen(old_passwd)+1,
 				   old_passwd, strlen(old_passwd)+1, "");
-		result = cli_nt_error(cli);
+	if (!NT_STATUS_IS_OK(result)) {
-		if (!NT_STATUS_IS_OK(result)) {
+		/* Password must change is the only valid error condition here
 		 * from where we can proceed, the rest like account locked out
 		 * or logon failure will lead to errors later anyway */
-			/* Password must change is the only valid error
+		if (!NT_STATUS_EQUAL(result,
-			 * condition here from where we can proceed, the rest
+				     NT_STATUS_PASSWORD_MUST_CHANGE)) {
-			 * like account locked out or logon failure will lead
+			slprintf(err_str, err_str_len-1, "Could not "
-			 * to errors later anyway */
+				 "connect to machine %s: %s\n",
-
+				 remote_machine, cli_errstr(cli));
-			if (!NT_STATUS_EQUAL(result,
+			cli_shutdown(cli);
-					     NT_STATUS_PASSWORD_MUST_CHANGE)) {
+			return result;
 				slprintf(err_str, err_str_len-1, "Could not "
 					 "connect to machine %s: %s\n",
 					 remote_machine, cli_errstr(cli));
 				cli_shutdown(cli);
 				return result;
 			}
 			pass_must_change = True;
 		}
 		pass_must_change = True;
 		/*
 		 * We should connect as the anonymous user here, in case
 		 * the server has "must change password" checked...
 		 * Thanks to <Nicholas.S.Jenkins@cdc.com> for this fix.
 		 */
-		if (!cli_session_setup(cli, "", "", 0, "", 0, "")) {
+		result = cli_session_setup(cli, "", "", 0, "", 0, "");
 		if (!NT_STATUS_IS_OK(result)) {
 			slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",        
 				 remote_machine, cli_errstr(cli) );
 			result = cli_nt_error(cli);
 			cli_shutdown(cli);
 			return result;
 		}
--- a/source3/nmbd/nmbd_synclists.c
+++ b/source3/nmbd/nmbd_synclists.c
@ -98,7 +98,8 @@ static void sync_child(char *name, int nm_type,
 		return;
 	}
-	if (!cli_session_setup(cli, "", "", 1, "", 0, workgroup)) {
+	if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 1, "", 0,
 					       workgroup))) {
 		cli_shutdown(cli);
 		return;
 	}
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@ -75,9 +75,9 @@
 static void cm_get_ipc_userpass(char **username, char **domain, char **password)
 {
-	*username = secrets_fetch(SECRETS_AUTH_USER, NULL);
+	*username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL);
-	*domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
+	*domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
-	*password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
+	*password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
 	if (*username && **username) {
@ -326,10 +326,11 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 			  "[%s]\\[%s]\n",  controller, global_myname(),
 			  ipc_domain, ipc_username));
-		if (cli_session_setup(*cli, ipc_username,
+		if (NT_STATUS_IS_OK(cli_session_setup(
-				      ipc_password, strlen(ipc_password)+1,
+					    *cli, ipc_username,
-				      ipc_password, strlen(ipc_password)+1,
+					    ipc_password, strlen(ipc_password)+1,
-				      ipc_domain)) {
+					    ipc_password, strlen(ipc_password)+1,
 					    ipc_domain))) {
 			/* Successful logon with given username. */
 			cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password);
 			goto session_setup_done;
@ -341,7 +342,8 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 	/* Fall back to anonymous connection, this might fail later */
-	if (cli_session_setup(*cli, "", NULL, 0, NULL, 0, "")) {
+	if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0,
 					      NULL, 0, ""))) {
 		DEBUG(5, ("Connected anonymously\n"));
 		cli_init_creds(*cli, "", "", "");
 		goto session_setup_done;
--- a/source3/torture/locktest.c
+++ b/source3/torture/locktest.c
@ -220,10 +220,12 @@ static struct cli_state *connect_one(char *share, int snum)
 		fstrcpy(username[1], username[0]);
 	}
-	if (!cli_session_setup(c, username[snum], 
+	if (!NT_STATUS_IS_OK(cli_session_setup(c, username[snum], 
-			       password[snum], strlen(password[snum]),
+					       password[snum],
-			       password[snum], strlen(password[snum]),
+					       strlen(password[snum]),
-			       lp_workgroup())) {
+					       password[snum],
 					       strlen(password[snum]),
 					       lp_workgroup()))) {
 		DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
 		return NULL;
 	}
--- a/source3/torture/masktest.c
+++ b/source3/torture/masktest.c
@ -216,10 +216,10 @@ struct cli_state *connect_one(char *share)
 		}
 	}
-	if (!cli_session_setup(c, username, 
+	if (!NT_STATUS_IS_OK(cli_session_setup(c, username, 
-			       password, strlen(password),
+					       password, strlen(password),
-			       password, strlen(password),
+					       password, strlen(password),
-			       lp_workgroup())) {
+					       lp_workgroup()))) {
 		DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
 		return NULL;
 	}
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@ -284,7 +284,10 @@ BOOL torture_cli_session_setup2(struct cli_state *cli, uint16 *new_vuid)
 	fstrcpy(old_user_name, cli->user_name);
 	cli->vuid = 0;
-	ret = cli_session_setup(cli, username, password, passlen, password, passlen, workgroup);
+	ret = NT_STATUS_IS_OK(cli_session_setup(cli, username,
 						password, passlen,
 						password, passlen,
 						workgroup));
 	*new_vuid = cli->vuid;
 	cli->vuid = old_vuid;
 	fstrcpy(cli->user_name, old_user_name);
@ -4682,8 +4685,8 @@ static BOOL run_error_map_extract(int dummy) {
 		return False;
 	}
-	if (!cli_session_setup(c_nt, "", "", 0, "", 0,
+	if (!NT_STATUS_IS_OK(cli_session_setup(c_nt, "", "", 0, "", 0,
-			       workgroup)) {
+					       workgroup))) {
 		printf("%s rejected the NT-error initial session setup (%s)\n",host, cli_errstr(c_nt));
 		return False;
 	}
@ -4703,8 +4706,8 @@ static BOOL run_error_map_extract(int dummy) {
 		return False;
 	}
-	if (!cli_session_setup(c_dos, "", "", 0, "", 0,
+	if (!NT_STATUS_IS_OK(cli_session_setup(c_dos, "", "", 0, "", 0,
-			       workgroup)) {
+					       workgroup))) {
 		printf("%s rejected the DOS-error initial session setup (%s)\n",host, cli_errstr(c_dos));
 		return False;
 	}
@ -4712,10 +4715,10 @@ static BOOL run_error_map_extract(int dummy) {
 	for (error=(0xc0000000 | 0x1); error < (0xc0000000| 0xFFF); error++) {
 		fstr_sprintf(user, "%X", error);
-		if (cli_session_setup(c_nt, user, 
+		if (NT_STATUS_IS_OK(cli_session_setup(c_nt, user, 
-				       password, strlen(password),
+						      password, strlen(password),
-				       password, strlen(password),
+						      password, strlen(password),
-				      workgroup)) {
+						      workgroup))) {
 			printf("/** Session setup succeeded.  This shouldn't happen...*/\n");
 		}
@ -4730,10 +4733,10 @@ static BOOL run_error_map_extract(int dummy) {
 			nt_status = NT_STATUS(0xc0000000);
 		}
-		if (cli_session_setup(c_dos, user, 
+		if (NT_STATUS_IS_OK(cli_session_setup(c_dos, user, 
-				       password, strlen(password),
+						      password, strlen(password),
-				       password, strlen(password),
+						      password, strlen(password),
-				       workgroup)) {
+						      workgroup))) {
 			printf("/** Session setup succeeded.  This shouldn't happen...*/\n");
 		}
 		flgs2 = SVAL(c_dos->inbuf,smb_flg2), errnum;