r17571: Change the return code of cli_session_setup from BOOL to NTSTATUS

Volker
(This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)

4 files changed, 71 insertions, 60 deletions

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index d547bb3854..ae00dc5489 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -802,11 +802,11 @@ ntlmssp:
  password is in plaintext, the same should be done.
 ****************************************************************************/
 
-BOOL cli_session_setup(struct cli_state *cli, 
-		       const char *user, 
-		       const char *pass, int passlen,
-		       const char *ntpass, int ntpasslen,
-		       const char *workgroup)
+NTSTATUS cli_session_setup(struct cli_state *cli, 
+			   const char *user, 
+			   const char *pass, int passlen,
+			   const char *ntpass, int ntpasslen,
+			   const char *workgroup)
 {
 	char *p;
 	fstring user2;
@@ -820,8 +820,9 @@ BOOL cli_session_setup(struct cli_state *cli,
 		workgroup = user2;
 	}
 
-	if (cli->protocol < PROTOCOL_LANMAN1)
-		return True;
+	if (cli->protocol < PROTOCOL_LANMAN1) {
+		return NT_STATUS_OK;
+	}
 
 	/* now work out what sort of session setup we are going to
            do. I have split this into separate functions to make the
@@ -833,31 +834,34 @@ BOOL cli_session_setup(struct cli_state *cli,
 		if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
 			DEBUG(1, ("Server requested LM password but 'client lanman auth'"
 				  " is disabled\n"));
-			return False;
+			return NT_STATUS_ACCESS_DENIED;
 		}
 
 		if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
 		    !lp_client_plaintext_auth() && (*pass)) {
 			DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
 				  " is disabled\n"));
-			return False;
+			return NT_STATUS_ACCESS_DENIED;
 		}
 
-		return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup);
+		return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup) ?
+			NT_STATUS_OK : cli_nt_error(cli);
 	}
 
 	/* if no user is supplied then we have to do an anonymous connection.
 	   passwords are ignored */
 
 	if (!user || !*user)
-		return cli_session_setup_guest(cli);
+		return cli_session_setup_guest(cli) ?
+			NT_STATUS_OK : cli_nt_error(cli);
 
 	/* if the server is share level then send a plaintext null
            password at this point. The password is sent in the tree
            connect */
 
 	if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0) 
-		return cli_session_setup_plaintext(cli, user, "", workgroup);
+		return cli_session_setup_plaintext(cli, user, "", workgroup) ?
+                        NT_STATUS_OK : cli_nt_error(cli);
 
 	/* if the server doesn't support encryption then we have to use 
 	   plaintext. The second password is ignored */
@@ -866,9 +870,10 @@ BOOL cli_session_setup(struct cli_state *cli,
 		if (!lp_client_plaintext_auth() && (*pass)) {
 			DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
 				  " is disabled\n"));
-			return False;
+			return NT_STATUS_ACCESS_DENIED;
 		}
-		return cli_session_setup_plaintext(cli, user, pass, workgroup);
+		return cli_session_setup_plaintext(cli, user, pass, workgroup) ?
+                        NT_STATUS_OK : cli_nt_error(cli);
 	}
 
 	/* if the server supports extended security then use SPNEGO */
@@ -877,13 +882,13 @@ BOOL cli_session_setup(struct cli_state *cli,
 		ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup);
 		if (!ADS_ERR_OK(status)) {
 			DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
-			return False;
+			return ads_ntstatus(status);
 		}
 	} else {
 		/* otherwise do a NT1 style session setup */
 		if ( !cli_session_setup_nt1(cli, user, pass, passlen, ntpass, ntpasslen, workgroup) ) {
 			DEBUG(3,("cli_session_setup: NT1 session setup failed!\n"));
-			return False;
+			return cli_nt_error(cli);
 		}
 	}
 
@@ -891,7 +896,7 @@ BOOL cli_session_setup(struct cli_state *cli,
 		cli->is_samba = True;
 	}
 
-	return True;
+	return NT_STATUS_OK;
 
 }
 
@@ -1510,20 +1515,26 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
 		return nt_status;
 	}
 
-	if (!cli_session_setup(cli, user, password, pw_len, password, pw_len, domain)) {
-		if ((flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)
-		    && cli_session_setup(cli, "", "", 0, "", 0, domain)) {
-		} else {
-			nt_status = cli_nt_error(cli);
-			DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status)));
+	nt_status = cli_session_setup(cli, user, password, pw_len, password,
+				      pw_len, domain);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+
+		if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)) {
+			DEBUG(1,("failed session setup with %s\n",
+				 nt_errstr(nt_status)));
 			cli_shutdown(cli);
-			if (NT_STATUS_IS_OK(nt_status)) {
-				nt_status = NT_STATUS_UNSUCCESSFUL;
-			}
 			return nt_status;
 		}
-	} 
 
+		nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DEBUG(1,("anonymous failed session setup with %s\n",
+				 nt_errstr(nt_status)));
+			cli_shutdown(cli);
+			return nt_status;
+		}
+	}
+	
 	if (service) {
 		if (!cli_send_tconX(cli, service, service_type, password, pw_len)) {
 			nt_status = cli_nt_error(cli);
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 0135881021..916e4cefc6 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -127,13 +127,14 @@ static struct cli_state *do_connect( const char *server, const char *share,
 		}
 	}
 
-	if (!cli_session_setup(c, username, 
-			       password, strlen(password),
-			       password, strlen(password),
-			       lp_workgroup())) {
+	if (!NT_STATUS_IS_OK(cli_session_setup(c, username, 
+					       password, strlen(password),
+					       password, strlen(password),
+					       lp_workgroup()))) {
 		/* if a password was not supplied then try again with a null username */
 		if (password[0] || !username[0] || use_kerberos ||
-		    !cli_session_setup(c, "", "", 0, "", 0, lp_workgroup())) { 
+		    !NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0,
+						       lp_workgroup()))) { 
 			d_printf("session setup failed: %s\n", cli_errstr(c));
 			if (NT_STATUS_V(cli_nt_error(c)) == 
 			    NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c
index c64c3dfb39..d9267e72bd 100644
--- a/source3/libsmb/libsmbclient.c
+++ b/source3/libsmb/libsmbclient.c
@@ -814,19 +814,19 @@ smbc_server(SMBCCTX *context,
 
         username_used = username;
 
-	if (!cli_session_setup(c, username_used, 
-			       password, strlen(password),
-			       password, strlen(password),
-			       workgroup)) {
+	if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used, 
+					       password, strlen(password),
+					       password, strlen(password),
+					       workgroup))) {
                 
                 /* Failed.  Try an anonymous login, if allowed by flags. */
                 username_used = "";
 
                 if ((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) ||
-                     !cli_session_setup(c, username_used,
-                                        password, 1,
-                                        password, 0,
-                                        workgroup)) {
+                     !NT_STATUS_IS_OK(cli_session_setup(c, username_used,
+							password, 1,
+							password, 0,
+							workgroup))) {
 
                         cli_shutdown(c);
                         errno = EPERM;
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 0d3dcf4d75..e400819743 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -80,39 +80,38 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
   
 	/* Given things like SMB signing, restrict anonymous and the like, 
 	   try an authenticated connection first */
-	if (!cli_session_setup(cli, user_name, old_passwd, strlen(old_passwd)+1, old_passwd, strlen(old_passwd)+1, "")) {
+	result = cli_session_setup(cli, user_name,
+				   old_passwd, strlen(old_passwd)+1,
+				   old_passwd, strlen(old_passwd)+1, "");
 
-		result = cli_nt_error(cli);
-
-		if (!NT_STATUS_IS_OK(result)) {
-
-			/* Password must change is the only valid error
-			 * condition here from where we can proceed, the rest
-			 * like account locked out or logon failure will lead
-			 * to errors later anyway */
+	if (!NT_STATUS_IS_OK(result)) {
 
-			if (!NT_STATUS_EQUAL(result,
-					     NT_STATUS_PASSWORD_MUST_CHANGE)) {
-				slprintf(err_str, err_str_len-1, "Could not "
-					 "connect to machine %s: %s\n",
-					 remote_machine, cli_errstr(cli));
-				cli_shutdown(cli);
-				return result;
-			}
+		/* Password must change is the only valid error condition here
+		 * from where we can proceed, the rest like account locked out
+		 * or logon failure will lead to errors later anyway */
 
-			pass_must_change = True;
+		if (!NT_STATUS_EQUAL(result,
+				     NT_STATUS_PASSWORD_MUST_CHANGE)) {
+			slprintf(err_str, err_str_len-1, "Could not "
+				 "connect to machine %s: %s\n",
+				 remote_machine, cli_errstr(cli));
+			cli_shutdown(cli);
+			return result;
 		}
 
+		pass_must_change = True;
+
 		/*
 		 * We should connect as the anonymous user here, in case
 		 * the server has "must change password" checked...
 		 * Thanks to <Nicholas.S.Jenkins@cdc.com> for this fix.
 		 */
 
-		if (!cli_session_setup(cli, "", "", 0, "", 0, "")) {
+		result = cli_session_setup(cli, "", "", 0, "", 0, "");
+
+		if (!NT_STATUS_IS_OK(result)) {
 			slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",        
 				 remote_machine, cli_errstr(cli) );
-			result = cli_nt_error(cli);
 			cli_shutdown(cli);
 			return result;
 		}