summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2001-09-04 07:13:01 +0000
committerAndrew Tridgell <tridge@samba.org>2001-09-04 07:13:01 +0000
commit19fea3242cf6234786b6cbb60631e0071f31ff9f (patch)
tree1de6e79890a80a1e03cf0dce5813513aaf51bc59 /source3/auth
parent55cf37488f66eba2826dba08e80dd4ab6df33fc3 (diff)
downloadsamba-19fea3242cf6234786b6cbb60631e0071f31ff9f.tar.gz
samba-19fea3242cf6234786b6cbb60631e0071f31ff9f.tar.bz2
samba-19fea3242cf6234786b6cbb60631e0071f31ff9f.zip
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth.c16
-rw-r--r--source3/auth/auth_domain.c6
-rw-r--r--source3/auth/auth_rhosts.c4
-rw-r--r--source3/auth/auth_sam.c8
-rw-r--r--source3/auth/auth_server.c7
-rw-r--r--source3/auth/auth_unix.c4
-rw-r--r--source3/auth/auth_util.c6
-rw-r--r--source3/auth/pampass.c35
-rw-r--r--source3/auth/pass_check.c2
9 files changed, 44 insertions, 44 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index d6bc8aeadc..b707c38c62 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -68,15 +68,15 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info,
return NT_STATUS_LOGON_FAILURE;
}
- if (nt_status != NT_STATUS_OK) {
+ if (!NT_STATUS_IS_OK(nt_status)) {
nt_status = check_rhosts_security(user_info, server_info);
}
- if ((lp_security() == SEC_DOMAIN) && (nt_status != NT_STATUS_OK)) {
+ if ((lp_security() == SEC_DOMAIN) && !NT_STATUS_IS_OK(nt_status)) {
nt_status = check_domain_security(user_info, server_info);
}
- if ((lp_security() == SEC_SERVER) && (nt_status != NT_STATUS_OK)) {
+ if ((lp_security() == SEC_SERVER) && !NT_STATUS_IS_OK(nt_status)) {
nt_status = check_server_security(user_info, server_info);
}
@@ -84,7 +84,7 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info,
smb_user_control(user_info->smb_username.str, nt_status);
}
- if (nt_status != NT_STATUS_OK) {
+ if (!NT_STATUS_IS_OK(nt_status)) {
if ((user_info->plaintext_password.len > 0)
&& (!lp_plaintext_to_smbpasswd())) {
nt_status = check_unix_security(user_info, server_info);
@@ -94,14 +94,14 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info,
}
}
- if ((nt_status == NT_STATUS_OK) && !done_pam) {
+ if (NT_STATUS_IS_OK(nt_status) && !done_pam) {
/* We might not be root if we are an RPC call */
become_root();
nt_status = smb_pam_accountcheck(user_info->smb_username.str);
unbecome_root();
}
- if (nt_status == NT_STATUS_OK) {
+ if (NT_STATUS_IS_OK(nt_status)) {
DEBUG(5, ("check_password: Password for user %s suceeded\n", user_info->smb_username.str));
} else {
DEBUG(3, ("check_password: Password for user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status)));
@@ -233,11 +233,11 @@ BOOL password_ok(char *user, char *password, int pwlen)
/* The password could be either NTLM or plain LM. Try NTLM first, but fall-through as
required. */
- if (pass_check_smb(user, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen) == NT_STATUS_OK) {
+ if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) {
return True;
}
- if (pass_check_smb(user, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0) == NT_STATUS_OK) {
+ if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) {
return True;
}
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index d9d7b6fd40..111f0f143c 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -30,10 +30,10 @@ BOOL global_machine_password_needs_changing = False;
Check for a valid username and password in security=domain mode.
****************************************************************************/
-uint32 check_domain_security(const auth_usersupplied_info *user_info,
- auth_serversupplied_info *server_info)
+NTSTATUS check_domain_security(const auth_usersupplied_info *user_info,
+ auth_serversupplied_info *server_info)
{
- uint32 nt_status = NT_STATUS_LOGON_FAILURE;
+ NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
char *p, *pserver;
unsigned char trust_passwd[16];
time_t last_change_time;
diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c
index a4914f2ef1..ffb9212264 100644
--- a/source3/auth/auth_rhosts.c
+++ b/source3/auth/auth_rhosts.c
@@ -168,10 +168,10 @@ BOOL check_hosts_equiv(char *user)
Check for a valid .rhosts/hosts.equiv entry for this user
****************************************************************************/
-uint32 check_rhosts_security(const auth_usersupplied_info *user_info,
+NTSTATUS check_rhosts_security(const auth_usersupplied_info *user_info,
auth_serversupplied_info *server_info)
{
- uint32 nt_status = NT_STATUS_LOGON_FAILURE;
+ NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
become_root();
if (check_hosts_equiv(user_info->smb_username.str)) {
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 5484758167..33b0623643 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -109,7 +109,7 @@ static BOOL smb_pwd_check_ntlmv2(const uchar *password, size_t pwd_len,
Do a specific test for an smb password being correct, given a smb_password and
the lanman and NT responses.
****************************************************************************/
-uint32 smb_password_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
+NTSTATUS smb_password_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
{
uint8 *nt_pw, *lm_pw;
uint16 acct_ctrl;
@@ -202,11 +202,11 @@ SMB hash supplied in the user_info structure
return an NT_STATUS constant.
****************************************************************************/
-uint32 check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
+NTSTATUS check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
{
SAM_ACCOUNT *sampass=NULL;
BOOL ret;
- uint32 nt_status;
+ NTSTATUS nt_status;
pdb_init_sam(&sampass);
@@ -220,7 +220,7 @@ uint32 check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_se
{
DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user_info->smb_username.str));
pdb_free_sam(sampass);
- return(NT_STATUS_NO_SUCH_USER);
+ return NT_STATUS_NO_SUCH_USER;
}
nt_status = smb_password_ok(sampass, user_info, server_info);
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 9636094fa3..b279152f74 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -113,14 +113,14 @@ struct cli_state *server_cryptkey(void)
Validate a password with the password server.
****************************************************************************/
-static uint32 server_validate(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
+static NTSTATUS server_validate(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
{
struct cli_state *cli;
static unsigned char badpass[24];
static fstring baduser;
static BOOL tested_password_server = False;
static BOOL bad_password_server = False;
- uint32 nt_status = NT_STATUS_LOGON_FAILURE;
+ NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
cli = server_client();
@@ -232,14 +232,13 @@ use this machine as the password server.\n"));
Check for a valid username and password in security=server mode.
****************************************************************************/
-uint32 check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
+NTSTATUS check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
{
if(lp_security() != SEC_SERVER)
return NT_STATUS_LOGON_FAILURE;
return server_validate(user_info, server_info);
-
}
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index fda44fd91c..1708320961 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -68,9 +68,9 @@ check if a username/password is OK assuming the password
in PLAIN TEXT
****************************************************************************/
-uint32 check_unix_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
+NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
{
- uint32 nt_status;
+ NTSTATUS nt_status;
become_root();
nt_status = (pass_check(user_info->smb_username.str, user_info->plaintext_password.str,
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5ccf963889..28f58eb8ae 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -101,11 +101,11 @@ static int smb_delete_user(char *unix_user)
Add and Delete UNIX users on demand, based on NT_STATUS codes.
****************************************************************************/
-void smb_user_control(char *unix_user, uint32 nt_status)
+void smb_user_control(char *unix_user, NTSTATUS nt_status)
{
struct passwd *pwd=NULL;
- if(nt_status == NT_STATUS_OK) {
+ if (NT_STATUS_IS_OK(nt_status)) {
/*
* User validated ok against Domain controller.
* If the admin wants us to try and create a UNIX
@@ -127,7 +127,7 @@ void smb_user_control(char *unix_user, uint32 nt_status)
smb_create_user(unix_user, pwd->pw_dir);
}
- } else if (nt_status == NT_STATUS_NO_SUCH_USER) {
+ } else if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_NO_SUCH_USER)) {
/*
* User failed to validate ok against Domain controller.
* If the failure was "user doesn't exist" and admin
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index 359ed02b29..46b38ab1c0 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -83,12 +83,13 @@ static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg,
*********************************************************************/
static BOOL smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error,
- char *msg, int dbglvl, uint32 *nt_status)
+ char *msg, int dbglvl,
+ NTSTATUS *nt_status)
{
if (smb_pam_error_handler(pamh, pam_error, msg, dbglvl))
return True;
- if (*nt_status == NT_STATUS_OK) {
+ if (NT_STATUS_IS_OK(*nt_status)) {
/* Complain LOUDLY */
DEBUG(0, ("smb_pam_nt_status_error_handler: PAM: BUG: PAM and NT_STATUS \
error MISMATCH, forcing to NT_STATUS_LOGON_FAILURE"));
@@ -494,10 +495,10 @@ static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost, struct p
/*
* PAM Authentication Handler
*/
-static uint32 smb_pam_auth(pam_handle_t *pamh, char *user)
+static NTSTATUS smb_pam_auth(pam_handle_t *pamh, char *user)
{
int pam_error;
- uint32 nt_status = NT_STATUS_LOGON_FAILURE;
+ NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
/*
* To enable debugging set in /etc/pam.d/samba:
@@ -548,10 +549,10 @@ static uint32 smb_pam_auth(pam_handle_t *pamh, char *user)
/*
* PAM Account Handler
*/
-static uint32 smb_pam_account(pam_handle_t *pamh, char * user)
+static NTSTATUS smb_pam_account(pam_handle_t *pamh, char * user)
{
int pam_error;
- uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED;
+ NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED;
DEBUG(4,("smb_pam_account: PAM: Account Management for User: %s\n", user));
pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account enabled? */
@@ -594,10 +595,10 @@ static uint32 smb_pam_account(pam_handle_t *pamh, char * user)
* PAM Credential Setting
*/
-static uint32 smb_pam_setcred(pam_handle_t *pamh, char * user)
+static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user)
{
int pam_error;
- uint32 nt_status = NT_STATUS_NO_TOKEN;
+ NTSTATUS nt_status = NT_STATUS_NO_TOKEN;
/*
* This will allow samba to aquire a kerberos token. And, when
@@ -778,9 +779,9 @@ BOOL smb_pam_close_session(char *user, char *tty, char *rhost)
* PAM Externally accessible Account handler
*/
-uint32 smb_pam_accountcheck(char * user)
+NTSTATUS smb_pam_accountcheck(char * user)
{
- uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED;
+ NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED;
pam_handle_t *pamh = NULL;
struct pam_conv *pconv = NULL;
@@ -790,12 +791,12 @@ uint32 smb_pam_accountcheck(char * user)
return NT_STATUS_OK;
if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
- return False;
+ return NT_STATUS_NO_MEMORY;
if (!smb_pam_start(&pamh, user, NULL, pconv))
return NT_STATUS_ACCOUNT_DISABLED;
- if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_OK)
+ if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user)))
DEBUG(0, ("smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User %s!\n", user));
smb_pam_end(pamh, pconv);
@@ -806,10 +807,10 @@ uint32 smb_pam_accountcheck(char * user)
* PAM Password Validation Suite
*/
-uint32 smb_pam_passcheck(char * user, char * password)
+NTSTATUS smb_pam_passcheck(char * user, char * password)
{
pam_handle_t *pamh = NULL;
- uint32 nt_status = NT_STATUS_LOGON_FAILURE;
+ NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
struct pam_conv *pconv = NULL;
/*
@@ -824,19 +825,19 @@ uint32 smb_pam_passcheck(char * user, char * password)
if (!smb_pam_start(&pamh, user, NULL, pconv))
return NT_STATUS_LOGON_FAILURE;
- if ((nt_status = smb_pam_auth(pamh, user)) != NT_STATUS_OK) {
+ if (!NT_STATUS_IS_OK(nt_status = smb_pam_auth(pamh, user))) {
DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User %s !\n", user));
smb_pam_end(pamh, pconv);
return nt_status;
}
- if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_OK) {
+ if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user))) {
DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User %s !\n", user));
smb_pam_end(pamh, pconv);
return nt_status;
}
- if ((nt_status = smb_pam_setcred(pamh, user)) != NT_STATUS_OK) {
+ if (!NT_STATUS_IS_OK(nt_status = smb_pam_setcred(pamh, user))) {
DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_setcred failed - Rejecting User %s !\n", user));
smb_pam_end(pamh, pconv);
return nt_status;
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
index bd712b3563..59fc9e2eac 100644
--- a/source3/auth/pass_check.c
+++ b/source3/auth/pass_check.c
@@ -599,7 +599,7 @@ static BOOL password_check(char *password)
{
#ifdef WITH_PAM
- return (smb_pam_passcheck(this_user, password) == NT_STATUS_OK);
+ return NT_STATUS_IS_OK(smb_pam_passcheck(this_user, password));
#endif /* WITH_PAM */
#ifdef WITH_AFS