need status codes from cli_net_req_chal() and cli_net_auth2().

this format is what i would like _all_ these functions to be (returning status codes, not BOOL) but that's a horrendous amount of work at the moment :) (This used to be commit 02f240604241367f146b26934ad1a1b2563430de)
author: Luke Leighton <lkcl@samba.org> 1999-10-19 19:55:43 +0000
committer: Luke Leighton <lkcl@samba.org> 1999-10-19 19:55:43 +0000
commit: 87d92a1f1182a6b4e4dbe91d7f574c7ac8aecb21 (patch)
tree: 0fc88c021cf841c8487e1614b77022f12fa4ba0e /source3
parent: bb6de2f1e938d2b8fa565ff2196b666053fa957c (diff)
download: samba-87d92a1f1182a6b4e4dbe91d7f574c7ac8aecb21.tar.gz
samba-87d92a1f1182a6b4e4dbe91d7f574c7ac8aecb21.tar.bz2
samba-87d92a1f1182a6b4e4dbe91d7f574c7ac8aecb21.zip
6 files changed, 119 insertions, 96 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 57a81c9abf..4027ca7f82 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1712,8 +1712,9 @@ BOOL do_event_readeventlog(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd,
 
 /*The following definitions come from  rpc_client/cli_login.c  */
 
-BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum,
+uint32 cli_nt_setup_creds(struct cli_state *cli, uint16 fnum,
 				const char* trust_acct,
+				const char* srv_name,
 				unsigned char trust_pwd[16],
 				uint16 sec_chan);
 BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum,
@@ -1760,10 +1761,13 @@ BOOL lsa_close(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd);
 /*The following definitions come from  rpc_client/cli_netlogon.c  */
 
 BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint16 nt_pipe_fnum, uint32 status_level);
-BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum,
-				const char *trust_acct, uint16 sec_chan, 
+uint32 cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum,
+				const char *trust_acct, 
+				const char *srv_name, uint16 sec_chan, 
 				uint32 neg_flags, DOM_CHAL *srv_chal);
-BOOL cli_net_req_chal(struct cli_state *cli, uint16 nt_pipe_fnum, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal);
+uint32 cli_net_req_chal(struct cli_state *cli, uint16 nt_pipe_fnum, 
+				const char *srv_name,
+				DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal);
 BOOL cli_net_srv_pwset(struct cli_state *cli, uint16 nt_pipe_fnum,
 		       uint8 hashed_mach_pwd[16], uint16 sec_chan_type);
 BOOL cli_net_sam_logon(struct cli_state *cli, uint16 nt_pipe_fnum, NET_ID_INFO_CTR *ctr, 
@@ -2207,7 +2211,7 @@ BOOL make_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t,
 BOOL net_io_r_trust_dom(char *desc,  NET_R_TRUST_DOM_LIST *r_t, prs_struct *ps, int depth);
 BOOL net_io_q_trust_dom(char *desc,  NET_Q_TRUST_DOM_LIST *q_l, prs_struct *ps, int depth);
 BOOL make_q_req_chal(NET_Q_REQ_CHAL *q_c,
-				char *logon_srv, char *logon_clnt,
+				const char *logon_srv, const char *logon_clnt,
 				DOM_CHAL *clnt_chal);
 BOOL net_io_q_req_chal(char *desc,  NET_Q_REQ_CHAL *q_c, prs_struct *ps, int depth);
 BOOL net_io_r_req_chal(char *desc,  NET_R_REQ_CHAL *r_c, prs_struct *ps, int depth);
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index f50cd19c38..90ea3d12bf 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -1596,7 +1596,8 @@ size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t
 
 	if (size == 0) return 0;
 
-	while (received < blocks) {
+	while (received < blocks)
+	{
 		int size2;
 
 		while (issued - received < mpx && issued < blocks) {
diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index 858327a1b2..06a31a607e 100644
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -29,14 +29,15 @@ extern int DEBUGLEVEL;
 Initialize domain session credentials.
 ****************************************************************************/
 
-BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum,
+uint32 cli_nt_setup_creds(struct cli_state *cli, uint16 fnum,
 				const char* trust_acct,
+				const char* srv_name,
 				unsigned char trust_pwd[16],
 				uint16 sec_chan)
 {
   DOM_CHAL clnt_chal;
   DOM_CHAL srv_chal;
-
+	uint32 ret;
   UTIME zerotime;
 
   /******************* Request Challenge ********************/
@@ -44,10 +45,11 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum,
   generate_random_buffer( clnt_chal.data, 8, False);
 	
   /* send a client challenge; receive a server challenge */
-  if (!cli_net_req_chal(cli, fnum, &clnt_chal, &srv_chal))
+  ret = cli_net_req_chal(cli, fnum, srv_name, &clnt_chal, &srv_chal);
+  if (ret != 0)
   {
     DEBUG(0,("cli_nt_setup_creds: request challenge failed\n"));
-    return False;
+    return ret;
   }
 
   /**************** Long-term Session key **************/
@@ -67,13 +69,14 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum,
    * Receive an auth-2 challenge response and check it.
    */
 
-  if (!cli_net_auth2(cli, fnum, trust_acct, sec_chan, 0x000001ff, &srv_chal))
+  ret = cli_net_auth2(cli, fnum, trust_acct, srv_name,
+                      sec_chan, 0x000001ff, &srv_chal);
+  if (ret != 0x0)
   {
     DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed\n"));
-    return False;
   }
 
-  return True;
+  return ret;
 }
 
 /****************************************************************************
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 6b7db8ff6e..2693dece75 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -110,87 +110,94 @@ Ensure that the server credential returned matches the session key
 encrypt of the server challenge originally received. JRA.
 ****************************************************************************/
 
-BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum,
-				const char *trust_acct, uint16 sec_chan, 
+uint32 cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum,
+				const char *trust_acct, 
+				const char *srv_name, uint16 sec_chan, 
 				uint32 neg_flags, DOM_CHAL *srv_chal)
 {
-  prs_struct rbuf;
-  prs_struct buf; 
-  NET_Q_AUTH_2 q_a;
-  BOOL ok = False;
+	prs_struct rbuf;
+	prs_struct buf; 
+	NET_Q_AUTH_2 q_a;
+	uint32 status = 0x0;
 
-  prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
-  prs_init(&rbuf, 0,    4, SAFETY_MARGIN, True );
+	prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
+	prs_init(&rbuf, 0,    4, SAFETY_MARGIN, True );
 
-  /* create and send a MSRPC command with api NET_AUTH2 */
+	/* create and send a MSRPC command with api NET_AUTH2 */
 
-  DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
-         cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname,
-         credstr(cli->clnt_cred.challenge.data), neg_flags));
+	DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
+	          cli->srv_name_slash, cli->mach_acct, sec_chan, srv_name,
+	          credstr(cli->clnt_cred.challenge.data), neg_flags));
 
-  /* store the parameters */
-  make_q_auth_2(&q_a, cli->srv_name_slash, trust_acct, sec_chan, global_myname,
-                &cli->clnt_cred.challenge, neg_flags);
+	/* store the parameters */
+	make_q_auth_2(&q_a, cli->srv_name_slash, trust_acct, sec_chan, srv_name,
+	              &cli->clnt_cred.challenge, neg_flags);
 
-  /* turn parameters into data stream */
-  net_io_q_auth_2("", &q_a,  &buf, 0);
+	/* turn parameters into data stream */
+	net_io_q_auth_2("", &q_a,  &buf, 0);
 
-  /* send the data on \PIPE\ */
-  if (rpc_api_pipe_req(cli, nt_pipe_fnum, NET_AUTH2, &buf, &rbuf))
-  {
-    NET_R_AUTH_2 r_a;
+	/* send the data on \PIPE\ */
+	if (rpc_api_pipe_req(cli, nt_pipe_fnum, NET_AUTH2, &buf, &rbuf))
+	{
+		NET_R_AUTH_2 r_a;
 
-    net_io_r_auth_2("", &r_a, &rbuf, 0);
-    ok = (rbuf.offset != 0);
-		
-    if (ok && r_a.status != 0)
-    {
-      /* report error code */
-      DEBUG(0,("cli_net_auth2: Error %s\n", get_nt_error_msg(r_a.status)));
-      cli->nt_error = r_a.status;
-      ok = False;
-    }
+		net_io_r_auth_2("", &r_a, &rbuf, 0);
+		status = (rbuf.offset == 0) ? 0xC0000000 | NT_STATUS_INVALID_PARAMETER : 0;
 
-    if (ok)
-    {
-      /* 
-       * Check the returned value using the initial
-       * server received challenge.
-       */
-      UTIME zerotime;
-
-      zerotime.time = 0;
-      if(cred_assert( &r_a.srv_chal, cli->sess_key, srv_chal, zerotime) == 0) {
-        /*
-         * Server replied with bad credential. Fail.
-         */
-        DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
-password ?).\n", cli->desthost ));
-        ok = False;
-      }
-    }
+		if (status == 0x0 && r_a.status != 0)
+		{
+			/* report error code */
+			DEBUG(0,("cli_net_auth2: Error %s\n",
+			          get_nt_error_msg(r_a.status)));
+			cli->nt_error = r_a.status;
+			status = r_a.status;
+		}
+
+		if (status == 0x0)
+		{
+			/*
+			 * Check the returned value using the initial
+			 * server received challenge.
+			 */
+			UTIME zerotime;
+
+			zerotime.time = 0;
+			if(cred_assert( &r_a.srv_chal, cli->sess_key, srv_chal, zerotime) == 0)
+			{
+				/*
+				 * Server replied with bad credential. Fail.
+				 */
+				DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
+				password ?).\n", cli->desthost ));
+				status = NT_STATUS_NETWORK_CREDENTIAL_CONFLICT | 0xC0000000;
+			}
+		}
 
 #if 0
-    /*
-     * Try commenting this out to see if this makes the connect
-     * work for a NT 3.51 PDC. JRA.
-     */
+		/*
+		 * Try commenting this out to see if this makes the connect
+		 * work for a NT 3.51 PDC. JRA.
+		 */
 
-    if (ok && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags)
-    {
-      /* report different neg_flags */
-      DEBUG(0,("cli_net_auth2: error neg_flags (q,r) differ - (%x,%x)\n",
-          q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags));
-      ok = False;
-    }
+		if (ok && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags)
+		{
+			/* report different neg_flags */
+			DEBUG(0,("cli_net_auth2: error neg_flags (q,r) differ - (%x,%x)\n",
+			q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags));
+			ok = False;
+		}
 #endif
 
-  }
+	}
+	else
+	{
+		status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
+	}
 
-  prs_mem_free(&rbuf);
-  prs_mem_free(&buf );
+	prs_mem_free(&rbuf);
+	prs_mem_free(&buf );
 
-  return ok;
+	return status;
 }
 
 /****************************************************************************
@@ -198,15 +205,17 @@ LSA Request Challenge. Sends our challenge to server, then gets
 server response. These are used to generate the credentials.
 ****************************************************************************/
 
-BOOL cli_net_req_chal(struct cli_state *cli, uint16 nt_pipe_fnum, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal)
+uint32 cli_net_req_chal(struct cli_state *cli, uint16 nt_pipe_fnum, 
+				const char *srv_name,
+				DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal)
 {
   prs_struct rbuf;
   prs_struct buf; 
   NET_Q_REQ_CHAL q_c;
-  BOOL valid_chal = False;
+    uint32 status = 0x0;
 
   if (srv_chal == NULL || clnt_chal == NULL)
-    return False;
+    return 0xC0000000 | NT_STATUS_INVALID_PARAMETER;
 
   prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
   prs_init(&rbuf, 0,    4, SAFETY_MARGIN, True );
@@ -214,10 +223,10 @@ BOOL cli_net_req_chal(struct cli_state *cli, uint16 nt_pipe_fnum, DOM_CHAL *clnt
   /* create and send a MSRPC command with api NET_REQCHAL */
 
   DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n",
-         cli->desthost, global_myname, credstr(clnt_chal->data)));
+         cli->desthost, srv_name, credstr(clnt_chal->data)));
 
   /* store the parameters */
-  make_q_req_chal(&q_c, cli->srv_name_slash, global_myname, clnt_chal);
+  make_q_req_chal(&q_c, cli->srv_name_slash, srv_name, clnt_chal);
 
   /* turn parameters into data stream */
   net_io_q_req_chal("", &q_c,  &buf, 0);
@@ -226,31 +235,33 @@ BOOL cli_net_req_chal(struct cli_state *cli, uint16 nt_pipe_fnum, DOM_CHAL *clnt
   if (rpc_api_pipe_req(cli, nt_pipe_fnum, NET_REQCHAL, &buf, &rbuf))
   {
     NET_R_REQ_CHAL r_c;
-    BOOL ok;
 
     net_io_r_req_chal("", &r_c, &rbuf, 0);
-    ok = (rbuf.offset != 0);
+    status = (rbuf.offset == 0) ? 0xC0000000 | NT_STATUS_INVALID_PARAMETER : 0;
 		
-    if (ok && r_c.status != 0)
+    if (status == 0x0 && r_c.status != 0)
     {
       /* report error code */
       DEBUG(0,("cli_net_req_chal: Error %s\n", get_nt_error_msg(r_c.status)));
       cli->nt_error = r_c.status;
-      ok = False;
+	status = r_c.status;
     }
 
-    if (ok)
+    if (status == 0x0)
     {
       /* ok, at last: we're happy. return the challenge */
       memcpy(srv_chal, r_c.srv_chal.data, sizeof(srv_chal->data));
-      valid_chal = True;
     }
   }
+  else
+  {
+    status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
+  }
 
   prs_mem_free(&rbuf);
   prs_mem_free(&buf );
 
-  return valid_chal;
+  return status;
 }
 
 /***************************************************************************
@@ -628,8 +639,9 @@ client session to server %s. Error was : %s.\n", remote_machine, errstr ));
 		return False;
 	} 
 
-	if (!cli_nt_setup_creds(&cli, nt_pipe_fnum,
-	                      cli.mach_acct, orig_trust_passwd_hash, sec_chan))
+	if (cli_nt_setup_creds(&cli, nt_pipe_fnum, 
+	                       cli.mach_acct, global_myname,
+	                       orig_trust_passwd_hash, sec_chan) != 0x0)
 	{
 		fstring errstr;
 		cli_safe_errstr(&cli, errstr, sizeof(errstr));
@@ -731,8 +743,9 @@ BOOL do_sam_sync(struct cli_state *cli, uchar trust_passwd[16],
 	/* open NETLOGON session.  negotiate credentials */
 	res = res ? cli_nt_session_open(cli, PIPE_NETLOGON, &nt_pipe_fnum) : False;
 
-	res = res ? cli_nt_setup_creds(cli, nt_pipe_fnum, cli->mach_acct,
-	                               trust_passwd, SEC_CHAN_BDC) : False;
+	res = res ? cli_nt_setup_creds(cli, nt_pipe_fnum, 
+	                               cli->mach_acct, global_myname,
+	                               trust_passwd, SEC_CHAN_BDC) == 0x0 : False;
 
 	memset(trust_passwd, 0, 16);
 
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index e2073d00f1..9614af9b51 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -371,7 +371,7 @@ BOOL net_io_q_trust_dom(char *desc,  NET_Q_TRUST_DOM_LIST *q_l, prs_struct *ps,
 makes an NET_Q_REQ_CHAL structure.
 ********************************************************************/
 BOOL make_q_req_chal(NET_Q_REQ_CHAL *q_c,
-				char *logon_srv, char *logon_clnt,
+				const char *logon_srv, const char *logon_clnt,
 				DOM_CHAL *clnt_chal)
 {
 	if (q_c == NULL) return False;
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index f536a0f52f..ce4d727d34 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -94,8 +94,9 @@ void cmd_netlogon_login_test(struct client_info *info)
 
 	res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum,
 	                               smb_cli->mach_acct,
-	                               trust_passwd, SEC_CHAN_WKSTA) : False;
+	                               trust_passwd, SEC_CHAN_WKSTA) == 0x0 : False;
 
+#if 0
 	/* change the machine password? */
 	if (global_machine_password_needs_changing)
 	{
@@ -110,6 +111,7 @@ void cmd_netlogon_login_test(struct client_info *info)
 
 		memset(new_trust_passwd, 0, 16);
 	}
+#endif
 
 	memset(trust_passwd, 0, 16);
 
@@ -163,7 +165,7 @@ void cmd_netlogon_domain_test(struct client_info *info)
 	res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False;
 
 	res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum, inter_dom_acct,
-	                               trust_passwd, SEC_CHAN_DOMAIN) : False;
+	                               trust_passwd, SEC_CHAN_DOMAIN) == 0x0 : False;
 
 	memset(trust_passwd, 0, 16);
author	Luke Leighton <lkcl@samba.org>	1999-10-19 19:55:43 +0000
committer	Luke Leighton <lkcl@samba.org>	1999-10-19 19:55:43 +0000
commit	87d92a1f1182a6b4e4dbe91d7f574c7ac8aecb21 (patch)
tree	0fc88c021cf841c8487e1614b77022f12fa4ba0e /source3
parent	bb6de2f1e938d2b8fa565ff2196b666053fa957c (diff)
download	samba-87d92a1f1182a6b4e4dbe91d7f574c7ac8aecb21.tar.gz samba-87d92a1f1182a6b4e4dbe91d7f574c7ac8aecb21.tar.bz2 samba-87d92a1f1182a6b4e4dbe91d7f574c7ac8aecb21.zip