diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/auth/auth_server.c | 9 | ||||
| -rw-r--r-- | source3/include/proto.h | 8 | ||||
| -rw-r--r-- | source3/libsmb/cliconnect.c | 168 | ||||
| -rw-r--r-- | source3/libsmb/clidfs.c | 7 | ||||
| -rw-r--r-- | source3/libsmb/libsmb_server.c | 4 | ||||
| -rw-r--r-- | source3/libsmb/passchange.c | 6 | ||||
| -rw-r--r-- | source3/modules/vfs_acl_tdb.c | 2 | ||||
| -rw-r--r-- | source3/modules/vfs_acl_xattr.c | 2 | ||||
| -rw-r--r-- | source3/nmbd/nmbd_synclists.c | 3 | ||||
| -rw-r--r-- | source3/smbd/oplock.c | 31 | ||||
| -rw-r--r-- | source3/torture/locktest.c | 6 | ||||
| -rw-r--r-- | source3/torture/masktest.c | 6 | ||||
| -rw-r--r-- | source3/torture/torture.c | 21 | ||||
| -rw-r--r-- | source3/utils/net_rpc.c | 3 | ||||
| -rw-r--r-- | source3/utils/net_time.c | 6 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cm.c | 7 |
16 files changed, 197 insertions, 92 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index e74e3f5b3b..466c4bf129 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -38,6 +38,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) char *pserver = NULL; bool connected_ok = False; struct named_mutex *mutex = NULL; + NTSTATUS status; if (!(cli = cli_initialise())) return NULL; @@ -49,7 +50,6 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) p = pserver; while(next_token_talloc(mem_ctx, &p, &desthost, LIST_SEP)) { - NTSTATUS status; desthost = talloc_sub_basic(mem_ctx, current_user_info.smb_name, @@ -112,9 +112,12 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) DEBUG(3,("got session\n")); - if (!cli_negprot(cli)) { + status = cli_negprot(cli); + + if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(mutex); - DEBUG(1,("%s rejected the negprot\n",desthost)); + DEBUG(1, ("%s rejected the negprot: %s\n", + desthost, nt_errstr(status))); cli_shutdown(cli); return NULL; } diff --git a/source3/include/proto.h b/source3/include/proto.h index 5e2b823d64..212bbf0df7 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2364,8 +2364,12 @@ bool cli_ulogoff(struct cli_state *cli); bool cli_send_tconX(struct cli_state *cli, const char *share, const char *dev, const char *pass, int passlen); bool cli_tdis(struct cli_state *cli); -void cli_negprot_send(struct cli_state *cli); -bool cli_negprot(struct cli_state *cli); +void cli_negprot_sendsync(struct cli_state *cli); +NTSTATUS cli_negprot(struct cli_state *cli); +struct async_req *cli_negprot_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct cli_state *cli); +NTSTATUS cli_negprot_recv(struct async_req *req); bool cli_session_request(struct cli_state *cli, struct nmb_name *calling, struct nmb_name *called); NTSTATUS cli_connect(struct cli_state *cli, diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 125345fccb..b5287774f5 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1206,7 +1206,7 @@ bool cli_tdis(struct cli_state *cli) Send a negprot command. ****************************************************************************/ -void cli_negprot_send(struct cli_state *cli) +void cli_negprot_sendsync(struct cli_state *cli) { char *p; int numprots; @@ -1241,75 +1241,89 @@ void cli_negprot_send(struct cli_state *cli) Send a negprot command. ****************************************************************************/ -bool cli_negprot(struct cli_state *cli) +struct async_req *cli_negprot_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct cli_state *cli) { - char *p; + struct async_req *result; + uint8_t *bytes = NULL; int numprots; - int plength; if (cli->protocol < PROTOCOL_NT1) cli->use_spnego = False; - memset(cli->outbuf,'\0',smb_size); - - plength = 0; - /* setup the protocol strings */ for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) { + uint8_t c = 2; if (prots[numprots].prot > cli->protocol) { break; } - plength += strlen(prots[numprots].name)+2; - } - - cli_set_message(cli->outbuf,0,plength,True); - - p = smb_buf(cli->outbuf); - for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) { - if (prots[numprots].prot > cli->protocol) { - break; + bytes = (uint8_t *)talloc_append_blob( + talloc_tos(), bytes, data_blob_const(&c, sizeof(c))); + if (bytes == NULL) { + return NULL; + } + bytes = smb_bytes_push_str(bytes, false, prots[numprots].name); + if (bytes == NULL) { + return NULL; } - *p++ = 2; - p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE); } - SCVAL(cli->outbuf,smb_com,SMBnegprot); - cli_setup_packet(cli); + result = cli_request_send(mem_ctx, ev, cli, SMBnegprot, 0, 0, NULL, + talloc_get_size(bytes), bytes); + TALLOC_FREE(bytes); + return result; +} - SCVAL(smb_buf(cli->outbuf),0,2); +NTSTATUS cli_negprot_recv(struct async_req *req) +{ + struct cli_request *cli_req = talloc_get_type_abort( + req->private_data, struct cli_request); + struct cli_state *cli = cli_req->cli; + uint8_t wct; + uint16_t *vwv; + uint16_t num_bytes; + uint8_t *bytes; + NTSTATUS status; + uint16_t protnum; - cli_send_smb(cli); - if (!cli_receive_smb(cli)) - return False; + if (async_req_is_error(req, &status)) { + return status; + } - show_msg(cli->inbuf); + status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + protnum = SVAL(vwv, 0); - if (cli_is_error(cli) || - ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) { - return(False); + if ((protnum >= ARRAY_SIZE(prots)) + || (prots[protnum].prot > cli_req->cli->protocol)) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; } - cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot; + cli->protocol = prots[protnum].prot; if ((cli->protocol < PROTOCOL_NT1) && cli->sign_info.mandatory_signing) { DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n")); - return False; + return NT_STATUS_ACCESS_DENIED; } if (cli->protocol >= PROTOCOL_NT1) { struct timespec ts; /* NT protocol */ - cli->sec_mode = CVAL(cli->inbuf,smb_vwv1); - cli->max_mux = SVAL(cli->inbuf, smb_vwv1+1); - cli->max_xmit = IVAL(cli->inbuf,smb_vwv3+1); - cli->sesskey = IVAL(cli->inbuf,smb_vwv7+1); - cli->serverzone = SVALS(cli->inbuf,smb_vwv15+1); + cli->sec_mode = CVAL(vwv + 1, 0); + cli->max_mux = SVAL(vwv + 1, 1); + cli->max_xmit = IVAL(vwv + 3, 1); + cli->sesskey = IVAL(vwv + 7, 1); + cli->serverzone = SVALS(vwv + 15, 1); cli->serverzone *= 60; /* this time arrives in real GMT */ - ts = interpret_long_date(cli->inbuf+smb_vwv11+1); + ts = interpret_long_date(((char *)(vwv+11))+1); cli->servertime = ts.tv_sec; - cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf)); - cli->capabilities = IVAL(cli->inbuf,smb_vwv9+1); + cli->secblob = data_blob(bytes, num_bytes); + cli->capabilities = IVAL(vwv + 9, 1); if (cli->capabilities & CAP_RAW_MODE) { cli->readbraw_supported = True; cli->writebraw_supported = True; @@ -1317,9 +1331,10 @@ bool cli_negprot(struct cli_state *cli) /* work out if they sent us a workgroup */ if (!(cli->capabilities & CAP_EXTENDED_SECURITY) && smb_buflen(cli->inbuf) > 8) { - clistr_pull(cli, cli->server_domain, - smb_buf(cli->inbuf)+8, sizeof(cli->server_domain), - smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN); + clistr_pull(cli, cli->server_domain, + bytes+8, sizeof(cli->server_domain), + num_bytes-8, + STR_UNICODE|STR_NOALIGN); } /* @@ -1331,7 +1346,7 @@ bool cli_negprot(struct cli_state *cli) /* Fail if server says signing is mandatory and we don't want to support it. */ if (!cli->sign_info.allow_smb_signing) { DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n")); - return False; + return NT_STATUS_ACCESS_DENIED; } cli->sign_info.negotiated_smb_signing = True; cli->sign_info.mandatory_signing = True; @@ -1339,7 +1354,7 @@ bool cli_negprot(struct cli_state *cli) /* Fail if client says signing is mandatory and the server doesn't support it. */ if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) { DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n")); - return False; + return NT_STATUS_ACCESS_DENIED; } cli->sign_info.negotiated_smb_signing = True; cli->sign_info.mandatory_signing = True; @@ -1357,17 +1372,18 @@ bool cli_negprot(struct cli_state *cli) } else if (cli->protocol >= PROTOCOL_LANMAN1) { cli->use_spnego = False; - cli->sec_mode = SVAL(cli->inbuf,smb_vwv1); - cli->max_xmit = SVAL(cli->inbuf,smb_vwv2); - cli->max_mux = SVAL(cli->inbuf, smb_vwv3); - cli->sesskey = IVAL(cli->inbuf,smb_vwv6); - cli->serverzone = SVALS(cli->inbuf,smb_vwv10); + cli->sec_mode = SVAL(vwv + 1, 0); + cli->max_xmit = SVAL(vwv + 2, 0); + cli->max_mux = SVAL(vwv + 3, 0); + cli->sesskey = IVAL(vwv + 6, 0); + cli->serverzone = SVALS(vwv + 10, 0); cli->serverzone *= 60; /* this time is converted to GMT by make_unix_date */ - cli->servertime = cli_make_unix_date(cli,cli->inbuf+smb_vwv8); - cli->readbraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x1) != 0); - cli->writebraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x2) != 0); - cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf)); + cli->servertime = cli_make_unix_date( + cli, (char *)(vwv + 8)); + cli->readbraw_supported = ((SVAL(vwv + 5, 0) & 0x1) != 0); + cli->writebraw_supported = ((SVAL(vwv + 5, 0) & 0x2) != 0); + cli->secblob = data_blob(bytes, num_bytes); } else { /* the old core protocol */ cli->use_spnego = False; @@ -1381,7 +1397,42 @@ bool cli_negprot(struct cli_state *cli) if (getenv("CLI_FORCE_ASCII")) cli->capabilities &= ~CAP_UNICODE; - return True; + return NT_STATUS_OK; +} + +NTSTATUS cli_negprot(struct cli_state *cli) +{ + TALLOC_CTX *frame = talloc_stackframe(); + struct event_context *ev; + struct async_req *req; + NTSTATUS status = NT_STATUS_NO_MEMORY; + + if (cli->fd_event != NULL) { + /* + * Can't use sync call while an async call is in flight + */ + cli_set_error(cli, NT_STATUS_INVALID_PARAMETER); + goto fail; + } + + ev = event_context_init(frame); + if (ev == NULL) { + goto fail; + } + + req = cli_negprot_send(frame, ev, cli); + if (req == NULL) { + goto fail; + } + + while (req->state < ASYNC_REQ_DONE) { + event_loop_once(ev); + } + + status = cli_negprot_recv(req); + fail: + TALLOC_FREE(frame); + return status; } /**************************************************************************** @@ -1667,12 +1718,9 @@ again: cli->fallback_after_kerberos = true; } - if (!cli_negprot(cli)) { - DEBUG(1,("failed negprot\n")); - nt_status = cli_nt_error(cli); - if (NT_STATUS_IS_OK(nt_status)) { - nt_status = NT_STATUS_UNSUCCESSFUL; - } + nt_status = cli_negprot(cli); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status))); cli_shutdown(cli); return nt_status; } diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index f0ac39fed0..4597e63c98 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -195,8 +195,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, DEBUG(4,(" session request ok\n")); - if (!cli_negprot(c)) { - d_printf("protocol negotiation failed\n"); + status = cli_negprot(c); + + if (!NT_STATUS_IS_OK(status)) { + d_printf("protocol negotiation failed: %s\n", + nt_errstr(status)); cli_shutdown(c); return NULL; } diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c index 5e37871deb..f4714346d1 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -433,7 +433,9 @@ again: DEBUG(4,(" session request ok\n")); - if (!cli_negprot(c)) { + status = cli_negprot(c); + + if (!NT_STATUS_IS_OK(status)) { cli_shutdown(c); errno = ETIMEDOUT; return NULL; diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index 4c76234e0c..2746a4681e 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -71,10 +71,12 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam cli->protocol = PROTOCOL_NT1; - if (!cli_negprot(cli)) { + result = cli_negprot(cli); + + if (!NT_STATUS_IS_OK(result)) { asprintf(err_str, "machine %s rejected the negotiate " "protocol. Error was : %s.\n", - remote_machine, cli_errstr(cli) ); + remote_machine, nt_errstr(result)); result = cli_nt_error(cli); cli_shutdown(cli); return result; diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index 915f73233d..9cb887ae51 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -740,6 +740,7 @@ static NTSTATUS fset_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp, psd = nc_psd; } +#if 0 if ((security_info_sent & DACL_SECURITY_INFORMATION) && psd->dacl != NULL && (psd->type & (SE_DESC_DACL_AUTO_INHERITED| @@ -755,6 +756,7 @@ static NTSTATUS fset_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp, } psd = new_psd; } +#endif if (DEBUGLEVEL >= 10) { DEBUG(10,("fset_nt_acl_tdb: storing tdb sd for file %s\n", diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 2edb441741..3c8f241ad9 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -579,6 +579,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, psd = nc_psd; } +#if 0 if ((security_info_sent & DACL_SECURITY_INFORMATION) && psd->dacl != NULL && (psd->type & (SE_DESC_DACL_AUTO_INHERITED| @@ -594,6 +595,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, } psd = new_psd; } +#endif if (DEBUGLEVEL >= 10) { DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n", diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c index 5a2f5c46b4..9e09060f27 100644 --- a/source3/nmbd/nmbd_synclists.c +++ b/source3/nmbd/nmbd_synclists.c @@ -100,7 +100,8 @@ static void sync_child(char *name, int nm_type, return; } - if (!cli_negprot(cli)) { + status = cli_negprot(cli); + if (!NT_STATUS_IS_OK(status)) { cli_shutdown(cli); return; } diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index c98d11426d..261d8fd670 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -821,10 +821,33 @@ void release_level_2_oplocks_on_change(files_struct *fsp) share_mode_entry_to_message(msg, share_entry); - messaging_send_buf(smbd_messaging_context(), share_entry->pid, - MSG_SMB_ASYNC_LEVEL2_BREAK, - (uint8 *)msg, - MSG_SMB_SHARE_MODE_ENTRY_SIZE); + /* + * Deal with a race condition when breaking level2 + * oplocks. Don't send all the messages and release + * the lock, this allows someone else to come in and + * get a level2 lock before any of the messages are + * processed, and thus miss getting a break message. + * Ensure at least one entry (the one we're breaking) + * is processed immediately under the lock and becomes + * set as NO_OPLOCK to stop any waiter getting a level2. + * Bugid #5980. + */ + + if (procid_is_me(&share_entry->pid)) { + DATA_BLOB blob = data_blob_const(msg, + MSG_SMB_SHARE_MODE_ENTRY_SIZE); + process_oplock_async_level2_break_message(smbd_messaging_context(), + NULL, + MSG_SMB_ASYNC_LEVEL2_BREAK, + share_entry->pid, + &blob); + } else { + messaging_send_buf(smbd_messaging_context(), + share_entry->pid, + MSG_SMB_ASYNC_LEVEL2_BREAK, + (uint8 *)msg, + MSG_SMB_SHARE_MODE_ENTRY_SIZE); + } } /* We let the message receivers handle removing the oplock state diff --git a/source3/torture/locktest.c b/source3/torture/locktest.c index 247c9abcc1..1bff95f4f3 100644 --- a/source3/torture/locktest.c +++ b/source3/torture/locktest.c @@ -212,8 +212,10 @@ static struct cli_state *connect_one(char *share, int snum) DEBUG(4,(" session request ok\n")); - if (!cli_negprot(c)) { - DEBUG(0,("protocol negotiation failed\n")); + status = cli_negprot(c); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("protocol negotiation failed: %s\n", + nt_errstr(status))); cli_shutdown(c); return NULL; } diff --git a/source3/torture/masktest.c b/source3/torture/masktest.c index 8fea15877f..2c3bda1d43 100644 --- a/source3/torture/masktest.c +++ b/source3/torture/masktest.c @@ -212,8 +212,10 @@ static struct cli_state *connect_one(char *share) DEBUG(4,(" session request ok\n")); - if (!cli_negprot(c)) { - DEBUG(0,("protocol negotiation failed\n")); + status = cli_negprot(c); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("protocol negotiation failed: %s\n", + nt_errstr(status))); cli_shutdown(c); return NULL; } diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 382b3b65eb..5584c22a8f 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -2346,7 +2346,7 @@ static bool run_negprot_nowait(int dummy) } for (i=0;i<50000;i++) { - cli_negprot_send(cli); + cli_negprot_sendsync(cli); } if (!torture_close_connection(cli)) { @@ -4726,6 +4726,7 @@ static bool run_error_map_extract(int dummy) { static struct cli_state *c_dos; static struct cli_state *c_nt; + NTSTATUS status; uint32 error; @@ -4744,8 +4745,11 @@ static bool run_error_map_extract(int dummy) { c_nt->use_spnego = False; - if (!cli_negprot(c_nt)) { - printf("%s rejected the NT-error negprot (%s)\n",host, cli_errstr(c_nt)); + status = cli_negprot(c_nt); + + if (!NT_STATUS_IS_OK(status)) { + printf("%s rejected the NT-error negprot (%s)\n", host, + nt_errstr(status)); cli_shutdown(c_nt); return False; } @@ -4765,8 +4769,10 @@ static bool run_error_map_extract(int dummy) { c_dos->use_spnego = False; c_dos->force_dos_errors = True; - if (!cli_negprot(c_dos)) { - printf("%s rejected the DOS-error negprot (%s)\n",host, cli_errstr(c_dos)); + status = cli_negprot(c_dos); + if (!NT_STATUS_IS_OK(status)) { + printf("%s rejected the DOS-error negprot (%s)\n", host, + nt_errstr(status)); cli_shutdown(c_dos); return False; } @@ -4839,9 +4845,10 @@ static bool run_sesssetup_bench(int dummy) return false; } - if (!cli_negprot(c)) { + status = cli_negprot(c); + if (!NT_STATUS_IS_OK(status)) { printf("%s rejected the NT-error negprot (%s)\n", host, - cli_errstr(c)); + nt_errstr(status)); cli_shutdown(c); return false; } diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index f69d3f9012..5c83b590c1 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -6326,7 +6326,8 @@ bool net_rpc_check(struct net_context *c, unsigned flags) if (!attempt_netbios_session_request(&cli, global_myname(), server_name, &server_ss)) goto done; - if (!cli_negprot(cli)) + status = cli_negprot(cli); + if (!NT_STATUS_IS_OK(status)) goto done; if (cli->protocol < PROTOCOL_NT1) goto done; diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c index f569538fac..8be9ed922c 100644 --- a/source3/utils/net_time.c +++ b/source3/utils/net_time.c @@ -51,8 +51,10 @@ static time_t cli_servertime(const char *host, struct sockaddr_storage *pss, int fprintf(stderr,"Session request failed\n"); goto done; } - if (!cli_negprot(cli)) { - fprintf(stderr,"Protocol negotiation failed\n"); + status = cli_negprot(cli); + if (!NT_STATUS_IS_OK(status)) { + fprintf(stderr, "Protocol negotiation failed: %s\n", + nt_errstr(status)); goto done; } diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 5f592fc6b7..3135b6a2a3 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -831,9 +831,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, cli_setup_signing_state(*cli, Undefined); - if (!cli_negprot(*cli)) { - DEBUG(1, ("cli_negprot failed\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = cli_negprot(*cli); + + if (!NT_STATUS_IS_OK(result)) { + DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result))); goto done; } |