s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS

It's nicer to have an NTSTATUS return, and in s3compat there may be a
reason other than 'no memory' why this can fail.

Andrew Bartlett

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index e0e0003f9dc944c5d4e7eefe009b85b7ff87c2af..1b48ba022db57dac1e2a0b42cba24b2cd1ddc38d 100644 (file)
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -74,8 +74,9 @@ bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
        return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
 }
 
-struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
-                                                         struct auth_ntlmssp_state *auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
+                                 struct auth_ntlmssp_state *auth_ntlmssp_state,
+                                 struct auth_serversupplied_info **_server_info)
 {
        struct auth_serversupplied_info *server_info = auth_ntlmssp_state->server_info;
        data_blob_free(&server_info->user_session_key);
@@ -85,10 +86,11 @@ struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
                        auth_ntlmssp_state->ntlmssp_state->session_key.data,
                        auth_ntlmssp_state->ntlmssp_state->session_key.length);
        if (auth_ntlmssp_state->ntlmssp_state->session_key.length && !server_info->user_session_key.data) {
-               return NULL;
+               return NT_STATUS_NO_MEMORY;
        }
        auth_ntlmssp_state->server_info = NULL;
-       return talloc_steal(mem_ctx, server_info);
+       *_server_info = talloc_steal(mem_ctx, server_info);
+       return NT_STATUS_OK;
 }
 
 struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index dc6b555fd2166c009d7a9195ce9bc5eef367653b..268e2b50aacde9908bfb7ef281aabf089d45898f 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -54,8 +54,9 @@ NTSTATUS auth_netlogond_init(void);
 
 /* The following definitions come from auth/auth_ntlmssp.c  */
 
-struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
-                                                         struct auth_ntlmssp_state *auth_ntlmssp_state);
+NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
+                                 struct auth_ntlmssp_state *auth_ntlmssp_state,
+                                 struct auth_serversupplied_info **_server_info);
 struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state);
 const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *auth_ntlmssp_state);
 const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_state);

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index fccc41c33a97c5f2dae97202c6e30538bc3e91d9..0f60cdff1c6ab93f50302b4ca7eafde669a6a129 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -713,9 +713,10 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
 
        TALLOC_FREE(p->server_info);
 
-       p->server_info = auth_ntlmssp_server_info(p, a);
-       if (p->server_info == NULL) {
-               DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user\n"));
+       status = auth_ntlmssp_server_info(p, a, &p->server_info);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user: %s\n",
+                         nt_errstr(status)));
                return false;
        }
 

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index d707ba3021c46be68b52f3413c86a9138177c001..28e5aea39bea818c62e3ba2227dac5ec6f250af1 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -637,7 +637,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
        struct smbd_server_connection *sconn = smbd_server_conn;
 
        if (NT_STATUS_IS_OK(nt_status)) {
-               server_info = auth_ntlmssp_server_info(talloc_tos(), (*auth_ntlmssp_state));
+               nt_status = auth_ntlmssp_server_info(talloc_tos(), (*auth_ntlmssp_state), &server_info);
        } else {
                /* Note that this server_info won't have a session
                 * key.  But for map to guest, that's exactly the right

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index af9157107ec6f829716d9f4ec64cab498d49e7e3..963dbe19e11491fc526416bc9c8b46b43562cd47 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -614,11 +614,12 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
                                        uint64_t *out_session_id)
 {
        fstring tmp;
-       session->server_info = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state);
-       if (!session->server_info) {
+       NTSTATUS status = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state,
+                                                  &session->server_info);
+       if (!NT_STATUS_IS_OK(status)) {
                auth_ntlmssp_end(&session->auth_ntlmssp_state);
                TALLOC_FREE(session);
-               return NT_STATUS_NO_MEMORY;
+               return status;
        }
 
        if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||