From edba46ce94c335411ab337eeb4ef6f88fb3aae80 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Jun 2010 22:35:53 +1000 Subject: s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS It's nicer to have an NTSTATUS return, and in s3compat there may be a reason other than 'no memory' why this can fail. Andrew Bartlett --- source3/auth/auth_ntlmssp.c | 10 ++++++---- source3/include/proto.h | 5 +++-- source3/rpc_server/srv_pipe.c | 7 ++++--- source3/smbd/sesssetup.c | 2 +- source3/smbd/smb2_sesssetup.c | 7 ++++--- 5 files changed, 18 insertions(+), 13 deletions(-) (limited to 'source3') diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index e0e0003f9d..1b48ba022d 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -74,8 +74,9 @@ bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state) return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL; } -struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, - struct auth_ntlmssp_state *auth_ntlmssp_state) +NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, + struct auth_ntlmssp_state *auth_ntlmssp_state, + struct auth_serversupplied_info **_server_info) { struct auth_serversupplied_info *server_info = auth_ntlmssp_state->server_info; data_blob_free(&server_info->user_session_key); @@ -85,10 +86,11 @@ struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, auth_ntlmssp_state->ntlmssp_state->session_key.data, auth_ntlmssp_state->ntlmssp_state->session_key.length); if (auth_ntlmssp_state->ntlmssp_state->session_key.length && !server_info->user_session_key.data) { - return NULL; + return NT_STATUS_NO_MEMORY; } auth_ntlmssp_state->server_info = NULL; - return talloc_steal(mem_ctx, server_info); + *_server_info = talloc_steal(mem_ctx, server_info); + return NT_STATUS_OK; } struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state) diff --git a/source3/include/proto.h b/source3/include/proto.h index dc6b555fd2..268e2b50aa 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -54,8 +54,9 @@ NTSTATUS auth_netlogond_init(void); /* The following definitions come from auth/auth_ntlmssp.c */ -struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, - struct auth_ntlmssp_state *auth_ntlmssp_state); +NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, + struct auth_ntlmssp_state *auth_ntlmssp_state, + struct auth_serversupplied_info **_server_info); struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state); const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *auth_ntlmssp_state); const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_state); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index fccc41c33a..0f60cdff1c 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -713,9 +713,10 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) TALLOC_FREE(p->server_info); - p->server_info = auth_ntlmssp_server_info(p, a); - if (p->server_info == NULL) { - DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user\n")); + status = auth_ntlmssp_server_info(p, a, &p->server_info); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user: %s\n", + nt_errstr(status))); return false; } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index d707ba3021..28e5aea39b 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -637,7 +637,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req, struct smbd_server_connection *sconn = smbd_server_conn; if (NT_STATUS_IS_OK(nt_status)) { - server_info = auth_ntlmssp_server_info(talloc_tos(), (*auth_ntlmssp_state)); + nt_status = auth_ntlmssp_server_info(talloc_tos(), (*auth_ntlmssp_state), &server_info); } else { /* Note that this server_info won't have a session * key. But for map to guest, that's exactly the right diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index af9157107e..963dbe19e1 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -614,11 +614,12 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s uint64_t *out_session_id) { fstring tmp; - session->server_info = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state); - if (!session->server_info) { + NTSTATUS status = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state, + &session->server_info); + if (!NT_STATUS_IS_OK(status)) { auth_ntlmssp_end(&session->auth_ntlmssp_state); TALLOC_FREE(session); - return NT_STATUS_NO_MEMORY; + return status; } if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || -- cgit