summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/cliconnect.c65
-rw-r--r--source3/libsmb/clidfs.c11
-rw-r--r--source3/libsmb/libsmbclient.c16
-rw-r--r--source3/libsmb/passchange.c39
4 files changed, 71 insertions, 60 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index d547bb3854..ae00dc5489 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -802,11 +802,11 @@ ntlmssp:
password is in plaintext, the same should be done.
****************************************************************************/
-BOOL cli_session_setup(struct cli_state *cli,
- const char *user,
- const char *pass, int passlen,
- const char *ntpass, int ntpasslen,
- const char *workgroup)
+NTSTATUS cli_session_setup(struct cli_state *cli,
+ const char *user,
+ const char *pass, int passlen,
+ const char *ntpass, int ntpasslen,
+ const char *workgroup)
{
char *p;
fstring user2;
@@ -820,8 +820,9 @@ BOOL cli_session_setup(struct cli_state *cli,
workgroup = user2;
}
- if (cli->protocol < PROTOCOL_LANMAN1)
- return True;
+ if (cli->protocol < PROTOCOL_LANMAN1) {
+ return NT_STATUS_OK;
+ }
/* now work out what sort of session setup we are going to
do. I have split this into separate functions to make the
@@ -833,31 +834,34 @@ BOOL cli_session_setup(struct cli_state *cli,
if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
DEBUG(1, ("Server requested LM password but 'client lanman auth'"
" is disabled\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
!lp_client_plaintext_auth() && (*pass)) {
DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
" is disabled\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
- return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup);
+ return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup) ?
+ NT_STATUS_OK : cli_nt_error(cli);
}
/* if no user is supplied then we have to do an anonymous connection.
passwords are ignored */
if (!user || !*user)
- return cli_session_setup_guest(cli);
+ return cli_session_setup_guest(cli) ?
+ NT_STATUS_OK : cli_nt_error(cli);
/* if the server is share level then send a plaintext null
password at this point. The password is sent in the tree
connect */
if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
- return cli_session_setup_plaintext(cli, user, "", workgroup);
+ return cli_session_setup_plaintext(cli, user, "", workgroup) ?
+ NT_STATUS_OK : cli_nt_error(cli);
/* if the server doesn't support encryption then we have to use
plaintext. The second password is ignored */
@@ -866,9 +870,10 @@ BOOL cli_session_setup(struct cli_state *cli,
if (!lp_client_plaintext_auth() && (*pass)) {
DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
" is disabled\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
- return cli_session_setup_plaintext(cli, user, pass, workgroup);
+ return cli_session_setup_plaintext(cli, user, pass, workgroup) ?
+ NT_STATUS_OK : cli_nt_error(cli);
}
/* if the server supports extended security then use SPNEGO */
@@ -877,13 +882,13 @@ BOOL cli_session_setup(struct cli_state *cli,
ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup);
if (!ADS_ERR_OK(status)) {
DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
- return False;
+ return ads_ntstatus(status);
}
} else {
/* otherwise do a NT1 style session setup */
if ( !cli_session_setup_nt1(cli, user, pass, passlen, ntpass, ntpasslen, workgroup) ) {
DEBUG(3,("cli_session_setup: NT1 session setup failed!\n"));
- return False;
+ return cli_nt_error(cli);
}
}
@@ -891,7 +896,7 @@ BOOL cli_session_setup(struct cli_state *cli,
cli->is_samba = True;
}
- return True;
+ return NT_STATUS_OK;
}
@@ -1510,20 +1515,26 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli,
return nt_status;
}
- if (!cli_session_setup(cli, user, password, pw_len, password, pw_len, domain)) {
- if ((flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)
- && cli_session_setup(cli, "", "", 0, "", 0, domain)) {
- } else {
- nt_status = cli_nt_error(cli);
- DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status)));
+ nt_status = cli_session_setup(cli, user, password, pw_len, password,
+ pw_len, domain);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+
+ if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)) {
+ DEBUG(1,("failed session setup with %s\n",
+ nt_errstr(nt_status)));
cli_shutdown(cli);
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = NT_STATUS_UNSUCCESSFUL;
- }
return nt_status;
}
- }
+ nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(1,("anonymous failed session setup with %s\n",
+ nt_errstr(nt_status)));
+ cli_shutdown(cli);
+ return nt_status;
+ }
+ }
+
if (service) {
if (!cli_send_tconX(cli, service, service_type, password, pw_len)) {
nt_status = cli_nt_error(cli);
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 0135881021..916e4cefc6 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -127,13 +127,14 @@ static struct cli_state *do_connect( const char *server, const char *share,
}
}
- if (!cli_session_setup(c, username,
- password, strlen(password),
- password, strlen(password),
- lp_workgroup())) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
+ password, strlen(password),
+ password, strlen(password),
+ lp_workgroup()))) {
/* if a password was not supplied then try again with a null username */
if (password[0] || !username[0] || use_kerberos ||
- !cli_session_setup(c, "", "", 0, "", 0, lp_workgroup())) {
+ !NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0,
+ lp_workgroup()))) {
d_printf("session setup failed: %s\n", cli_errstr(c));
if (NT_STATUS_V(cli_nt_error(c)) ==
NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c
index c64c3dfb39..d9267e72bd 100644
--- a/source3/libsmb/libsmbclient.c
+++ b/source3/libsmb/libsmbclient.c
@@ -814,19 +814,19 @@ smbc_server(SMBCCTX *context,
username_used = username;
- if (!cli_session_setup(c, username_used,
- password, strlen(password),
- password, strlen(password),
- workgroup)) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
+ password, strlen(password),
+ password, strlen(password),
+ workgroup))) {
/* Failed. Try an anonymous login, if allowed by flags. */
username_used = "";
if ((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) ||
- !cli_session_setup(c, username_used,
- password, 1,
- password, 0,
- workgroup)) {
+ !NT_STATUS_IS_OK(cli_session_setup(c, username_used,
+ password, 1,
+ password, 0,
+ workgroup))) {
cli_shutdown(c);
errno = EPERM;
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 0d3dcf4d75..e400819743 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -80,39 +80,38 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
/* Given things like SMB signing, restrict anonymous and the like,
try an authenticated connection first */
- if (!cli_session_setup(cli, user_name, old_passwd, strlen(old_passwd)+1, old_passwd, strlen(old_passwd)+1, "")) {
+ result = cli_session_setup(cli, user_name,
+ old_passwd, strlen(old_passwd)+1,
+ old_passwd, strlen(old_passwd)+1, "");
- result = cli_nt_error(cli);
-
- if (!NT_STATUS_IS_OK(result)) {
-
- /* Password must change is the only valid error
- * condition here from where we can proceed, the rest
- * like account locked out or logon failure will lead
- * to errors later anyway */
+ if (!NT_STATUS_IS_OK(result)) {
- if (!NT_STATUS_EQUAL(result,
- NT_STATUS_PASSWORD_MUST_CHANGE)) {
- slprintf(err_str, err_str_len-1, "Could not "
- "connect to machine %s: %s\n",
- remote_machine, cli_errstr(cli));
- cli_shutdown(cli);
- return result;
- }
+ /* Password must change is the only valid error condition here
+ * from where we can proceed, the rest like account locked out
+ * or logon failure will lead to errors later anyway */
- pass_must_change = True;
+ if (!NT_STATUS_EQUAL(result,
+ NT_STATUS_PASSWORD_MUST_CHANGE)) {
+ slprintf(err_str, err_str_len-1, "Could not "
+ "connect to machine %s: %s\n",
+ remote_machine, cli_errstr(cli));
+ cli_shutdown(cli);
+ return result;
}
+ pass_must_change = True;
+
/*
* We should connect as the anonymous user here, in case
* the server has "must change password" checked...
* Thanks to <Nicholas.S.Jenkins@cdc.com> for this fix.
*/
- if (!cli_session_setup(cli, "", "", 0, "", 0, "")) {
+ result = cli_session_setup(cli, "", "", 0, "", 0, "");
+
+ if (!NT_STATUS_IS_OK(result)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",
remote_machine, cli_errstr(cli) );
- result = cli_nt_error(cli);
cli_shutdown(cli);
return result;
}