diff options
-rw-r--r-- | source3/auth/auth_server.c | 55 | ||||
-rw-r--r-- | source3/client/client.c | 16 | ||||
-rw-r--r-- | source3/client/smbspool.c | 7 | ||||
-rw-r--r-- | source3/libsmb/cliconnect.c | 65 | ||||
-rw-r--r-- | source3/libsmb/clidfs.c | 11 | ||||
-rw-r--r-- | source3/libsmb/libsmbclient.c | 16 | ||||
-rw-r--r-- | source3/libsmb/passchange.c | 39 | ||||
-rw-r--r-- | source3/nmbd/nmbd_synclists.c | 3 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_cm.c | 18 | ||||
-rw-r--r-- | source3/torture/locktest.c | 10 | ||||
-rw-r--r-- | source3/torture/masktest.c | 8 | ||||
-rw-r--r-- | source3/torture/torture.c | 29 |
12 files changed, 148 insertions, 129 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 6e4dba0be2..7ffea1ca11 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -120,8 +120,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) this one... */ - if (!cli_session_setup(cli, "", "", 0, "", 0, - "")) { + if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0, + ""))) { DEBUG(0,("%s rejected the initial session setup (%s)\n", desthost, cli_errstr(cli))); release_server_mutex(); @@ -241,7 +241,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context return nt_status; } - cli = my_private_data; + cli = (struct cli_state *)my_private_data; if (cli) { } else { @@ -296,8 +296,12 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context */ if ((!tested_password_server) && (lp_paranoid_server_security())) { - if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), - (char *)badpass, sizeof(badpass), user_info->domain)) { + if (NT_STATUS_IS_OK(cli_session_setup(cli, baduser, + (char *)badpass, + sizeof(badpass), + (char *)badpass, + sizeof(badpass), + user_info->domain))) { /* * We connected to the password server so we @@ -343,30 +347,25 @@ use this machine as the password server.\n")); if (!user_info->encrypted) { /* Plaintext available */ - if (!cli_session_setup(cli, user_info->smb_name, - (char *)user_info->plaintext_password.data, - user_info->plaintext_password.length, - NULL, 0, - user_info->domain)) { - DEBUG(1,("password server %s rejected the password\n", cli->desthost)); - /* Make this cli_nt_error() when the conversion is in */ - nt_status = cli_nt_error(cli); - } else { - nt_status = NT_STATUS_OK; - } + nt_status = cli_session_setup( + cli, user_info->smb_name, + (char *)user_info->plaintext_password.data, + user_info->plaintext_password.length, + NULL, 0, user_info->domain); + } else { - if (!cli_session_setup(cli, user_info->smb_name, - (char *)user_info->lm_resp.data, - user_info->lm_resp.length, - (char *)user_info->nt_resp.data, - user_info->nt_resp.length, - user_info->domain)) { - DEBUG(1,("password server %s rejected the password\n", cli->desthost)); - /* Make this cli_nt_error() when the conversion is in */ - nt_status = cli_nt_error(cli); - } else { - nt_status = NT_STATUS_OK; - } + nt_status = cli_session_setup( + cli, user_info->smb_name, + (char *)user_info->lm_resp.data, + user_info->lm_resp.length, + (char *)user_info->nt_resp.data, + user_info->nt_resp.length, + user_info->domain); + } + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(1,("password server %s rejected the password: %s\n", + cli->desthost, nt_errstr(nt_status))); } /* if logged in as guest then reject */ diff --git a/source3/client/client.c b/source3/client/client.c index 70d5bbda6e..1ff63aa836 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -432,7 +432,7 @@ static void init_do_list_queue(void) { reset_do_list_queue(); do_list_queue_size = 1024; - do_list_queue = SMB_MALLOC(do_list_queue_size); + do_list_queue = (char *)SMB_MALLOC(do_list_queue_size); if (do_list_queue == 0) { d_printf("malloc fail for size %d\n", (int)do_list_queue_size); @@ -476,7 +476,7 @@ static void add_to_do_list_queue(const char* entry) do_list_queue_size *= 2; DEBUG(4,("enlarging do_list_queue to %d\n", (int)do_list_queue_size)); - do_list_queue = SMB_REALLOC(do_list_queue, do_list_queue_size); + do_list_queue = (char *)SMB_REALLOC(do_list_queue, do_list_queue_size); if (! do_list_queue) { d_printf("failure enlarging do_list_queue to %d bytes\n", (int)do_list_queue_size); @@ -2879,10 +2879,10 @@ static int cmd_logon(void) else pstrcpy(l_password, buf2); - if (!cli_session_setup(cli, l_username, - l_password, strlen(l_password), - l_password, strlen(l_password), - lp_workgroup())) { + if (!NT_STATUS_IS_OK(cli_session_setup(cli, l_username, + l_password, strlen(l_password), + l_password, strlen(l_password), + lp_workgroup()))) { d_printf("session setup failed: %s\n", cli_errstr(cli)); return -1; } @@ -3198,7 +3198,7 @@ static char **remote_completion(const char *text, int len) if (info.count == 2) info.matches[0] = SMB_STRDUP(info.matches[1]); else { - info.matches[0] = SMB_MALLOC(info.samelen+1); + info.matches[0] = (char *)SMB_MALLOC(info.samelen+1); if (!info.matches[0]) goto cleanup; strncpy(info.matches[0], info.matches[1], info.samelen); @@ -3282,7 +3282,7 @@ static char **completion_fn(const char *text, int start, int end) matches[0] = SMB_STRDUP(matches[1]); break; default: - matches[0] = SMB_MALLOC(samelen+1); + matches[0] = (char *)SMB_MALLOC(samelen+1); if (!matches[0]) goto cleanup; strncpy(matches[0], matches[1], samelen); diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c index c9a7fbe10e..5783cbe138 100644 --- a/source3/client/smbspool.c +++ b/source3/client/smbspool.c @@ -429,9 +429,10 @@ static struct cli_state } - if (!cli_session_setup(cli, username, password, strlen(password)+1, - password, strlen(password)+1, - workgroup)) + if (!NT_STATUS_IS_OK(cli_session_setup(cli, username, + password, strlen(password)+1, + password, strlen(password)+1, + workgroup))) { fprintf(stderr,"ERROR: Session setup failed: %s\n", cli_errstr(cli)); if (NT_STATUS_V(cli_nt_error(cli)) == diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index d547bb3854..ae00dc5489 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -802,11 +802,11 @@ ntlmssp: password is in plaintext, the same should be done. ****************************************************************************/ -BOOL cli_session_setup(struct cli_state *cli, - const char *user, - const char *pass, int passlen, - const char *ntpass, int ntpasslen, - const char *workgroup) +NTSTATUS cli_session_setup(struct cli_state *cli, + const char *user, + const char *pass, int passlen, + const char *ntpass, int ntpasslen, + const char *workgroup) { char *p; fstring user2; @@ -820,8 +820,9 @@ BOOL cli_session_setup(struct cli_state *cli, workgroup = user2; } - if (cli->protocol < PROTOCOL_LANMAN1) - return True; + if (cli->protocol < PROTOCOL_LANMAN1) { + return NT_STATUS_OK; + } /* now work out what sort of session setup we are going to do. I have split this into separate functions to make the @@ -833,31 +834,34 @@ BOOL cli_session_setup(struct cli_state *cli, if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) { DEBUG(1, ("Server requested LM password but 'client lanman auth'" " is disabled\n")); - return False; + return NT_STATUS_ACCESS_DENIED; } if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 && !lp_client_plaintext_auth() && (*pass)) { DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'" " is disabled\n")); - return False; + return NT_STATUS_ACCESS_DENIED; } - return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup); + return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup) ? + NT_STATUS_OK : cli_nt_error(cli); } /* if no user is supplied then we have to do an anonymous connection. passwords are ignored */ if (!user || !*user) - return cli_session_setup_guest(cli); + return cli_session_setup_guest(cli) ? + NT_STATUS_OK : cli_nt_error(cli); /* if the server is share level then send a plaintext null password at this point. The password is sent in the tree connect */ if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0) - return cli_session_setup_plaintext(cli, user, "", workgroup); + return cli_session_setup_plaintext(cli, user, "", workgroup) ? + NT_STATUS_OK : cli_nt_error(cli); /* if the server doesn't support encryption then we have to use plaintext. The second password is ignored */ @@ -866,9 +870,10 @@ BOOL cli_session_setup(struct cli_state *cli, if (!lp_client_plaintext_auth() && (*pass)) { DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'" " is disabled\n")); - return False; + return NT_STATUS_ACCESS_DENIED; } - return cli_session_setup_plaintext(cli, user, pass, workgroup); + return cli_session_setup_plaintext(cli, user, pass, workgroup) ? + NT_STATUS_OK : cli_nt_error(cli); } /* if the server supports extended security then use SPNEGO */ @@ -877,13 +882,13 @@ BOOL cli_session_setup(struct cli_state *cli, ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup); if (!ADS_ERR_OK(status)) { DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status))); - return False; + return ads_ntstatus(status); } } else { /* otherwise do a NT1 style session setup */ if ( !cli_session_setup_nt1(cli, user, pass, passlen, ntpass, ntpasslen, workgroup) ) { DEBUG(3,("cli_session_setup: NT1 session setup failed!\n")); - return False; + return cli_nt_error(cli); } } @@ -891,7 +896,7 @@ BOOL cli_session_setup(struct cli_state *cli, cli->is_samba = True; } - return True; + return NT_STATUS_OK; } @@ -1510,20 +1515,26 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli, return nt_status; } - if (!cli_session_setup(cli, user, password, pw_len, password, pw_len, domain)) { - if ((flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK) - && cli_session_setup(cli, "", "", 0, "", 0, domain)) { - } else { - nt_status = cli_nt_error(cli); - DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status))); + nt_status = cli_session_setup(cli, user, password, pw_len, password, + pw_len, domain); + if (!NT_STATUS_IS_OK(nt_status)) { + + if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)) { + DEBUG(1,("failed session setup with %s\n", + nt_errstr(nt_status))); cli_shutdown(cli); - if (NT_STATUS_IS_OK(nt_status)) { - nt_status = NT_STATUS_UNSUCCESSFUL; - } return nt_status; } - } + nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(1,("anonymous failed session setup with %s\n", + nt_errstr(nt_status))); + cli_shutdown(cli); + return nt_status; + } + } + if (service) { if (!cli_send_tconX(cli, service, service_type, password, pw_len)) { nt_status = cli_nt_error(cli); diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 0135881021..916e4cefc6 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -127,13 +127,14 @@ static struct cli_state *do_connect( const char *server, const char *share, } } - if (!cli_session_setup(c, username, - password, strlen(password), - password, strlen(password), - lp_workgroup())) { + if (!NT_STATUS_IS_OK(cli_session_setup(c, username, + password, strlen(password), + password, strlen(password), + lp_workgroup()))) { /* if a password was not supplied then try again with a null username */ if (password[0] || !username[0] || use_kerberos || - !cli_session_setup(c, "", "", 0, "", 0, lp_workgroup())) { + !NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0, + lp_workgroup()))) { d_printf("session setup failed: %s\n", cli_errstr(c)); if (NT_STATUS_V(cli_nt_error(c)) == NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED)) diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c index c64c3dfb39..d9267e72bd 100644 --- a/source3/libsmb/libsmbclient.c +++ b/source3/libsmb/libsmbclient.c @@ -814,19 +814,19 @@ smbc_server(SMBCCTX *context, username_used = username; - if (!cli_session_setup(c, username_used, - password, strlen(password), - password, strlen(password), - workgroup)) { + if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used, + password, strlen(password), + password, strlen(password), + workgroup))) { /* Failed. Try an anonymous login, if allowed by flags. */ username_used = ""; if ((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) || - !cli_session_setup(c, username_used, - password, 1, - password, 0, - workgroup)) { + !NT_STATUS_IS_OK(cli_session_setup(c, username_used, + password, 1, + password, 0, + workgroup))) { cli_shutdown(c); errno = EPERM; diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index 0d3dcf4d75..e400819743 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -80,39 +80,38 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam /* Given things like SMB signing, restrict anonymous and the like, try an authenticated connection first */ - if (!cli_session_setup(cli, user_name, old_passwd, strlen(old_passwd)+1, old_passwd, strlen(old_passwd)+1, "")) { + result = cli_session_setup(cli, user_name, + old_passwd, strlen(old_passwd)+1, + old_passwd, strlen(old_passwd)+1, ""); - result = cli_nt_error(cli); - - if (!NT_STATUS_IS_OK(result)) { - - /* Password must change is the only valid error - * condition here from where we can proceed, the rest - * like account locked out or logon failure will lead - * to errors later anyway */ + if (!NT_STATUS_IS_OK(result)) { - if (!NT_STATUS_EQUAL(result, - NT_STATUS_PASSWORD_MUST_CHANGE)) { - slprintf(err_str, err_str_len-1, "Could not " - "connect to machine %s: %s\n", - remote_machine, cli_errstr(cli)); - cli_shutdown(cli); - return result; - } + /* Password must change is the only valid error condition here + * from where we can proceed, the rest like account locked out + * or logon failure will lead to errors later anyway */ - pass_must_change = True; + if (!NT_STATUS_EQUAL(result, + NT_STATUS_PASSWORD_MUST_CHANGE)) { + slprintf(err_str, err_str_len-1, "Could not " + "connect to machine %s: %s\n", + remote_machine, cli_errstr(cli)); + cli_shutdown(cli); + return result; } + pass_must_change = True; + /* * We should connect as the anonymous user here, in case * the server has "must change password" checked... * Thanks to <Nicholas.S.Jenkins@cdc.com> for this fix. */ - if (!cli_session_setup(cli, "", "", 0, "", 0, "")) { + result = cli_session_setup(cli, "", "", 0, "", 0, ""); + + if (!NT_STATUS_IS_OK(result)) { slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n", remote_machine, cli_errstr(cli) ); - result = cli_nt_error(cli); cli_shutdown(cli); return result; } diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c index 0e67c3f69c..7fe39676c6 100644 --- a/source3/nmbd/nmbd_synclists.c +++ b/source3/nmbd/nmbd_synclists.c @@ -98,7 +98,8 @@ static void sync_child(char *name, int nm_type, return; } - if (!cli_session_setup(cli, "", "", 1, "", 0, workgroup)) { + if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 1, "", 0, + workgroup))) { cli_shutdown(cli); return; } diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 2b8a8898ac..cea30f730d 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -75,9 +75,9 @@ static void cm_get_ipc_userpass(char **username, char **domain, char **password) { - *username = secrets_fetch(SECRETS_AUTH_USER, NULL); - *domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL); - *password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); + *username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL); + *domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL); + *password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); if (*username && **username) { @@ -326,10 +326,11 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, "[%s]\\[%s]\n", controller, global_myname(), ipc_domain, ipc_username)); - if (cli_session_setup(*cli, ipc_username, - ipc_password, strlen(ipc_password)+1, - ipc_password, strlen(ipc_password)+1, - ipc_domain)) { + if (NT_STATUS_IS_OK(cli_session_setup( + *cli, ipc_username, + ipc_password, strlen(ipc_password)+1, + ipc_password, strlen(ipc_password)+1, + ipc_domain))) { /* Successful logon with given username. */ cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password); goto session_setup_done; @@ -341,7 +342,8 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, /* Fall back to anonymous connection, this might fail later */ - if (cli_session_setup(*cli, "", NULL, 0, NULL, 0, "")) { + if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0, + NULL, 0, ""))) { DEBUG(5, ("Connected anonymously\n")); cli_init_creds(*cli, "", "", ""); goto session_setup_done; diff --git a/source3/torture/locktest.c b/source3/torture/locktest.c index 3559a55a46..c3200ca038 100644 --- a/source3/torture/locktest.c +++ b/source3/torture/locktest.c @@ -220,10 +220,12 @@ static struct cli_state *connect_one(char *share, int snum) fstrcpy(username[1], username[0]); } - if (!cli_session_setup(c, username[snum], - password[snum], strlen(password[snum]), - password[snum], strlen(password[snum]), - lp_workgroup())) { + if (!NT_STATUS_IS_OK(cli_session_setup(c, username[snum], + password[snum], + strlen(password[snum]), + password[snum], + strlen(password[snum]), + lp_workgroup()))) { DEBUG(0,("session setup failed: %s\n", cli_errstr(c))); return NULL; } diff --git a/source3/torture/masktest.c b/source3/torture/masktest.c index 44d26cdc5a..2ce59c86e6 100644 --- a/source3/torture/masktest.c +++ b/source3/torture/masktest.c @@ -216,10 +216,10 @@ struct cli_state *connect_one(char *share) } } - if (!cli_session_setup(c, username, - password, strlen(password), - password, strlen(password), - lp_workgroup())) { + if (!NT_STATUS_IS_OK(cli_session_setup(c, username, + password, strlen(password), + password, strlen(password), + lp_workgroup()))) { DEBUG(0,("session setup failed: %s\n", cli_errstr(c))); return NULL; } diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 5876707d62..f951b44494 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -284,7 +284,10 @@ BOOL torture_cli_session_setup2(struct cli_state *cli, uint16 *new_vuid) fstrcpy(old_user_name, cli->user_name); cli->vuid = 0; - ret = cli_session_setup(cli, username, password, passlen, password, passlen, workgroup); + ret = NT_STATUS_IS_OK(cli_session_setup(cli, username, + password, passlen, + password, passlen, + workgroup)); *new_vuid = cli->vuid; cli->vuid = old_vuid; fstrcpy(cli->user_name, old_user_name); @@ -4682,8 +4685,8 @@ static BOOL run_error_map_extract(int dummy) { return False; } - if (!cli_session_setup(c_nt, "", "", 0, "", 0, - workgroup)) { + if (!NT_STATUS_IS_OK(cli_session_setup(c_nt, "", "", 0, "", 0, + workgroup))) { printf("%s rejected the NT-error initial session setup (%s)\n",host, cli_errstr(c_nt)); return False; } @@ -4703,8 +4706,8 @@ static BOOL run_error_map_extract(int dummy) { return False; } - if (!cli_session_setup(c_dos, "", "", 0, "", 0, - workgroup)) { + if (!NT_STATUS_IS_OK(cli_session_setup(c_dos, "", "", 0, "", 0, + workgroup))) { printf("%s rejected the DOS-error initial session setup (%s)\n",host, cli_errstr(c_dos)); return False; } @@ -4712,10 +4715,10 @@ static BOOL run_error_map_extract(int dummy) { for (error=(0xc0000000 | 0x1); error < (0xc0000000| 0xFFF); error++) { fstr_sprintf(user, "%X", error); - if (cli_session_setup(c_nt, user, - password, strlen(password), - password, strlen(password), - workgroup)) { + if (NT_STATUS_IS_OK(cli_session_setup(c_nt, user, + password, strlen(password), + password, strlen(password), + workgroup))) { printf("/** Session setup succeeded. This shouldn't happen...*/\n"); } @@ -4730,10 +4733,10 @@ static BOOL run_error_map_extract(int dummy) { nt_status = NT_STATUS(0xc0000000); } - if (cli_session_setup(c_dos, user, - password, strlen(password), - password, strlen(password), - workgroup)) { + if (NT_STATUS_IS_OK(cli_session_setup(c_dos, user, + password, strlen(password), + password, strlen(password), + workgroup))) { printf("/** Session setup succeeded. This shouldn't happen...*/\n"); } flgs2 = SVAL(c_dos->inbuf,smb_flg2), errnum; |