From 19fea3242cf6234786b6cbb60631e0071f31ff9f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 4 Sep 2001 07:13:01 +0000 Subject: the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66) --- source3/auth/auth.c | 16 ++++++++-------- source3/auth/auth_domain.c | 6 +++--- source3/auth/auth_rhosts.c | 4 ++-- source3/auth/auth_sam.c | 8 ++++---- source3/auth/auth_server.c | 7 +++---- source3/auth/auth_unix.c | 4 ++-- source3/auth/auth_util.c | 6 +++--- source3/auth/pampass.c | 35 ++++++++++++++++++----------------- source3/auth/pass_check.c | 2 +- 9 files changed, 44 insertions(+), 44 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth.c b/source3/auth/auth.c index d6bc8aeadc..b707c38c62 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -68,15 +68,15 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info, return NT_STATUS_LOGON_FAILURE; } - if (nt_status != NT_STATUS_OK) { + if (!NT_STATUS_IS_OK(nt_status)) { nt_status = check_rhosts_security(user_info, server_info); } - if ((lp_security() == SEC_DOMAIN) && (nt_status != NT_STATUS_OK)) { + if ((lp_security() == SEC_DOMAIN) && !NT_STATUS_IS_OK(nt_status)) { nt_status = check_domain_security(user_info, server_info); } - if ((lp_security() == SEC_SERVER) && (nt_status != NT_STATUS_OK)) { + if ((lp_security() == SEC_SERVER) && !NT_STATUS_IS_OK(nt_status)) { nt_status = check_server_security(user_info, server_info); } @@ -84,7 +84,7 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info, smb_user_control(user_info->smb_username.str, nt_status); } - if (nt_status != NT_STATUS_OK) { + if (!NT_STATUS_IS_OK(nt_status)) { if ((user_info->plaintext_password.len > 0) && (!lp_plaintext_to_smbpasswd())) { nt_status = check_unix_security(user_info, server_info); @@ -94,14 +94,14 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info, } } - if ((nt_status == NT_STATUS_OK) && !done_pam) { + if (NT_STATUS_IS_OK(nt_status) && !done_pam) { /* We might not be root if we are an RPC call */ become_root(); nt_status = smb_pam_accountcheck(user_info->smb_username.str); unbecome_root(); } - if (nt_status == NT_STATUS_OK) { + if (NT_STATUS_IS_OK(nt_status)) { DEBUG(5, ("check_password: Password for user %s suceeded\n", user_info->smb_username.str)); } else { DEBUG(3, ("check_password: Password for user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status))); @@ -233,11 +233,11 @@ BOOL password_ok(char *user, char *password, int pwlen) /* The password could be either NTLM or plain LM. Try NTLM first, but fall-through as required. */ - if (pass_check_smb(user, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen) == NT_STATUS_OK) { + if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) { return True; } - if (pass_check_smb(user, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0) == NT_STATUS_OK) { + if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) { return True; } diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index d9d7b6fd40..111f0f143c 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -30,10 +30,10 @@ BOOL global_machine_password_needs_changing = False; Check for a valid username and password in security=domain mode. ****************************************************************************/ -uint32 check_domain_security(const auth_usersupplied_info *user_info, - auth_serversupplied_info *server_info) +NTSTATUS check_domain_security(const auth_usersupplied_info *user_info, + auth_serversupplied_info *server_info) { - uint32 nt_status = NT_STATUS_LOGON_FAILURE; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; char *p, *pserver; unsigned char trust_passwd[16]; time_t last_change_time; diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c index a4914f2ef1..ffb9212264 100644 --- a/source3/auth/auth_rhosts.c +++ b/source3/auth/auth_rhosts.c @@ -168,10 +168,10 @@ BOOL check_hosts_equiv(char *user) Check for a valid .rhosts/hosts.equiv entry for this user ****************************************************************************/ -uint32 check_rhosts_security(const auth_usersupplied_info *user_info, +NTSTATUS check_rhosts_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { - uint32 nt_status = NT_STATUS_LOGON_FAILURE; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; become_root(); if (check_hosts_equiv(user_info->smb_username.str)) { diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 5484758167..33b0623643 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -109,7 +109,7 @@ static BOOL smb_pwd_check_ntlmv2(const uchar *password, size_t pwd_len, Do a specific test for an smb password being correct, given a smb_password and the lanman and NT responses. ****************************************************************************/ -uint32 smb_password_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +NTSTATUS smb_password_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { uint8 *nt_pw, *lm_pw; uint16 acct_ctrl; @@ -202,11 +202,11 @@ SMB hash supplied in the user_info structure return an NT_STATUS constant. ****************************************************************************/ -uint32 check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +NTSTATUS check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { SAM_ACCOUNT *sampass=NULL; BOOL ret; - uint32 nt_status; + NTSTATUS nt_status; pdb_init_sam(&sampass); @@ -220,7 +220,7 @@ uint32 check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_se { DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user_info->smb_username.str)); pdb_free_sam(sampass); - return(NT_STATUS_NO_SUCH_USER); + return NT_STATUS_NO_SUCH_USER; } nt_status = smb_password_ok(sampass, user_info, server_info); diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 9636094fa3..b279152f74 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -113,14 +113,14 @@ struct cli_state *server_cryptkey(void) Validate a password with the password server. ****************************************************************************/ -static uint32 server_validate(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +static NTSTATUS server_validate(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { struct cli_state *cli; static unsigned char badpass[24]; static fstring baduser; static BOOL tested_password_server = False; static BOOL bad_password_server = False; - uint32 nt_status = NT_STATUS_LOGON_FAILURE; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; cli = server_client(); @@ -232,14 +232,13 @@ use this machine as the password server.\n")); Check for a valid username and password in security=server mode. ****************************************************************************/ -uint32 check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +NTSTATUS check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { if(lp_security() != SEC_SERVER) return NT_STATUS_LOGON_FAILURE; return server_validate(user_info, server_info); - } diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index fda44fd91c..1708320961 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -68,9 +68,9 @@ check if a username/password is OK assuming the password in PLAIN TEXT ****************************************************************************/ -uint32 check_unix_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { - uint32 nt_status; + NTSTATUS nt_status; become_root(); nt_status = (pass_check(user_info->smb_username.str, user_info->plaintext_password.str, diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5ccf963889..28f58eb8ae 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -101,11 +101,11 @@ static int smb_delete_user(char *unix_user) Add and Delete UNIX users on demand, based on NT_STATUS codes. ****************************************************************************/ -void smb_user_control(char *unix_user, uint32 nt_status) +void smb_user_control(char *unix_user, NTSTATUS nt_status) { struct passwd *pwd=NULL; - if(nt_status == NT_STATUS_OK) { + if (NT_STATUS_IS_OK(nt_status)) { /* * User validated ok against Domain controller. * If the admin wants us to try and create a UNIX @@ -127,7 +127,7 @@ void smb_user_control(char *unix_user, uint32 nt_status) smb_create_user(unix_user, pwd->pw_dir); } - } else if (nt_status == NT_STATUS_NO_SUCH_USER) { + } else if (NT_STATUS_V(nt_status) == NT_STATUS_V(NT_STATUS_NO_SUCH_USER)) { /* * User failed to validate ok against Domain controller. * If the failure was "user doesn't exist" and admin diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index 359ed02b29..46b38ab1c0 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -83,12 +83,13 @@ static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, *********************************************************************/ static BOOL smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error, - char *msg, int dbglvl, uint32 *nt_status) + char *msg, int dbglvl, + NTSTATUS *nt_status) { if (smb_pam_error_handler(pamh, pam_error, msg, dbglvl)) return True; - if (*nt_status == NT_STATUS_OK) { + if (NT_STATUS_IS_OK(*nt_status)) { /* Complain LOUDLY */ DEBUG(0, ("smb_pam_nt_status_error_handler: PAM: BUG: PAM and NT_STATUS \ error MISMATCH, forcing to NT_STATUS_LOGON_FAILURE")); @@ -494,10 +495,10 @@ static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost, struct p /* * PAM Authentication Handler */ -static uint32 smb_pam_auth(pam_handle_t *pamh, char *user) +static NTSTATUS smb_pam_auth(pam_handle_t *pamh, char *user) { int pam_error; - uint32 nt_status = NT_STATUS_LOGON_FAILURE; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; /* * To enable debugging set in /etc/pam.d/samba: @@ -548,10 +549,10 @@ static uint32 smb_pam_auth(pam_handle_t *pamh, char *user) /* * PAM Account Handler */ -static uint32 smb_pam_account(pam_handle_t *pamh, char * user) +static NTSTATUS smb_pam_account(pam_handle_t *pamh, char * user) { int pam_error; - uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED; + NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED; DEBUG(4,("smb_pam_account: PAM: Account Management for User: %s\n", user)); pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account enabled? */ @@ -594,10 +595,10 @@ static uint32 smb_pam_account(pam_handle_t *pamh, char * user) * PAM Credential Setting */ -static uint32 smb_pam_setcred(pam_handle_t *pamh, char * user) +static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user) { int pam_error; - uint32 nt_status = NT_STATUS_NO_TOKEN; + NTSTATUS nt_status = NT_STATUS_NO_TOKEN; /* * This will allow samba to aquire a kerberos token. And, when @@ -778,9 +779,9 @@ BOOL smb_pam_close_session(char *user, char *tty, char *rhost) * PAM Externally accessible Account handler */ -uint32 smb_pam_accountcheck(char * user) +NTSTATUS smb_pam_accountcheck(char * user) { - uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED; + NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED; pam_handle_t *pamh = NULL; struct pam_conv *pconv = NULL; @@ -790,12 +791,12 @@ uint32 smb_pam_accountcheck(char * user) return NT_STATUS_OK; if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL) - return False; + return NT_STATUS_NO_MEMORY; if (!smb_pam_start(&pamh, user, NULL, pconv)) return NT_STATUS_ACCOUNT_DISABLED; - if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_OK) + if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user))) DEBUG(0, ("smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User %s!\n", user)); smb_pam_end(pamh, pconv); @@ -806,10 +807,10 @@ uint32 smb_pam_accountcheck(char * user) * PAM Password Validation Suite */ -uint32 smb_pam_passcheck(char * user, char * password) +NTSTATUS smb_pam_passcheck(char * user, char * password) { pam_handle_t *pamh = NULL; - uint32 nt_status = NT_STATUS_LOGON_FAILURE; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; struct pam_conv *pconv = NULL; /* @@ -824,19 +825,19 @@ uint32 smb_pam_passcheck(char * user, char * password) if (!smb_pam_start(&pamh, user, NULL, pconv)) return NT_STATUS_LOGON_FAILURE; - if ((nt_status = smb_pam_auth(pamh, user)) != NT_STATUS_OK) { + if (!NT_STATUS_IS_OK(nt_status = smb_pam_auth(pamh, user))) { DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User %s !\n", user)); smb_pam_end(pamh, pconv); return nt_status; } - if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_OK) { + if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user))) { DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User %s !\n", user)); smb_pam_end(pamh, pconv); return nt_status; } - if ((nt_status = smb_pam_setcred(pamh, user)) != NT_STATUS_OK) { + if (!NT_STATUS_IS_OK(nt_status = smb_pam_setcred(pamh, user))) { DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_setcred failed - Rejecting User %s !\n", user)); smb_pam_end(pamh, pconv); return nt_status; diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index bd712b3563..59fc9e2eac 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -599,7 +599,7 @@ static BOOL password_check(char *password) { #ifdef WITH_PAM - return (smb_pam_passcheck(this_user, password) == NT_STATUS_OK); + return NT_STATUS_IS_OK(smb_pam_passcheck(this_user, password)); #endif /* WITH_PAM */ #ifdef WITH_AFS -- cgit