this one...
*/
- if (!cli_session_setup(cli, "", "", 0, "", 0,
- "")) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0,
+ ""))) {
DEBUG(0,("%s rejected the initial session setup (%s)\n",
desthost, cli_errstr(cli)));
release_server_mutex();
return nt_status;
}
- cli = my_private_data;
+ cli = (struct cli_state *)my_private_data;
if (cli) {
} else {
*/
if ((!tested_password_server) && (lp_paranoid_server_security())) {
- if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass),
- (char *)badpass, sizeof(badpass), user_info->domain)) {
+ if (NT_STATUS_IS_OK(cli_session_setup(cli, baduser,
+ (char *)badpass,
+ sizeof(badpass),
+ (char *)badpass,
+ sizeof(badpass),
+ user_info->domain))) {
/*
* We connected to the password server so we
if (!user_info->encrypted) {
/* Plaintext available */
- if (!cli_session_setup(cli, user_info->smb_name,
- (char *)user_info->plaintext_password.data,
- user_info->plaintext_password.length,
- NULL, 0,
- user_info->domain)) {
- DEBUG(1,("password server %s rejected the password\n", cli->desthost));
- /* Make this cli_nt_error() when the conversion is in */
- nt_status = cli_nt_error(cli);
- } else {
- nt_status = NT_STATUS_OK;
- }
+ nt_status = cli_session_setup(
+ cli, user_info->smb_name,
+ (char *)user_info->plaintext_password.data,
+ user_info->plaintext_password.length,
+ NULL, 0, user_info->domain);
+
} else {
- if (!cli_session_setup(cli, user_info->smb_name,
- (char *)user_info->lm_resp.data,
- user_info->lm_resp.length,
- (char *)user_info->nt_resp.data,
- user_info->nt_resp.length,
- user_info->domain)) {
- DEBUG(1,("password server %s rejected the password\n", cli->desthost));
- /* Make this cli_nt_error() when the conversion is in */
- nt_status = cli_nt_error(cli);
- } else {
- nt_status = NT_STATUS_OK;
- }
+ nt_status = cli_session_setup(
+ cli, user_info->smb_name,
+ (char *)user_info->lm_resp.data,
+ user_info->lm_resp.length,
+ (char *)user_info->nt_resp.data,
+ user_info->nt_resp.length,
+ user_info->domain);
+ }
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(1,("password server %s rejected the password: %s\n",
+ cli->desthost, nt_errstr(nt_status)));
}
/* if logged in as guest then reject */
{
reset_do_list_queue();
do_list_queue_size = 1024;
- do_list_queue = SMB_MALLOC(do_list_queue_size);
+ do_list_queue = (char *)SMB_MALLOC(do_list_queue_size);
if (do_list_queue == 0) {
d_printf("malloc fail for size %d\n",
(int)do_list_queue_size);
do_list_queue_size *= 2;
DEBUG(4,("enlarging do_list_queue to %d\n",
(int)do_list_queue_size));
- do_list_queue = SMB_REALLOC(do_list_queue, do_list_queue_size);
+ do_list_queue = (char *)SMB_REALLOC(do_list_queue, do_list_queue_size);
if (! do_list_queue) {
d_printf("failure enlarging do_list_queue to %d bytes\n",
(int)do_list_queue_size);
else
pstrcpy(l_password, buf2);
- if (!cli_session_setup(cli, l_username,
- l_password, strlen(l_password),
- l_password, strlen(l_password),
- lp_workgroup())) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(cli, l_username,
+ l_password, strlen(l_password),
+ l_password, strlen(l_password),
+ lp_workgroup()))) {
d_printf("session setup failed: %s\n", cli_errstr(cli));
return -1;
}
if (info.count == 2)
info.matches[0] = SMB_STRDUP(info.matches[1]);
else {
- info.matches[0] = SMB_MALLOC(info.samelen+1);
+ info.matches[0] = (char *)SMB_MALLOC(info.samelen+1);
if (!info.matches[0])
goto cleanup;
strncpy(info.matches[0], info.matches[1], info.samelen);
matches[0] = SMB_STRDUP(matches[1]);
break;
default:
- matches[0] = SMB_MALLOC(samelen+1);
+ matches[0] = (char *)SMB_MALLOC(samelen+1);
if (!matches[0])
goto cleanup;
strncpy(matches[0], matches[1], samelen);
}
- if (!cli_session_setup(cli, username, password, strlen(password)+1,
- password, strlen(password)+1,
- workgroup))
+ if (!NT_STATUS_IS_OK(cli_session_setup(cli, username,
+ password, strlen(password)+1,
+ password, strlen(password)+1,
+ workgroup)))
{
fprintf(stderr,"ERROR: Session setup failed: %s\n", cli_errstr(cli));
if (NT_STATUS_V(cli_nt_error(cli)) ==
password is in plaintext, the same should be done.
****************************************************************************/
-BOOL cli_session_setup(struct cli_state *cli,
- const char *user,
- const char *pass, int passlen,
- const char *ntpass, int ntpasslen,
- const char *workgroup)
+NTSTATUS cli_session_setup(struct cli_state *cli,
+ const char *user,
+ const char *pass, int passlen,
+ const char *ntpass, int ntpasslen,
+ const char *workgroup)
{
char *p;
fstring user2;
workgroup = user2;
}
- if (cli->protocol < PROTOCOL_LANMAN1)
- return True;
+ if (cli->protocol < PROTOCOL_LANMAN1) {
+ return NT_STATUS_OK;
+ }
/* now work out what sort of session setup we are going to
do. I have split this into separate functions to make the
if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
DEBUG(1, ("Server requested LM password but 'client lanman auth'"
" is disabled\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
!lp_client_plaintext_auth() && (*pass)) {
DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
" is disabled\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
- return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup);
+ return cli_session_setup_lanman2(cli, user, pass, passlen, workgroup) ?
+ NT_STATUS_OK : cli_nt_error(cli);
}
/* if no user is supplied then we have to do an anonymous connection.
passwords are ignored */
if (!user || !*user)
- return cli_session_setup_guest(cli);
+ return cli_session_setup_guest(cli) ?
+ NT_STATUS_OK : cli_nt_error(cli);
/* if the server is share level then send a plaintext null
password at this point. The password is sent in the tree
connect */
if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
- return cli_session_setup_plaintext(cli, user, "", workgroup);
+ return cli_session_setup_plaintext(cli, user, "", workgroup) ?
+ NT_STATUS_OK : cli_nt_error(cli);
/* if the server doesn't support encryption then we have to use
plaintext. The second password is ignored */
if (!lp_client_plaintext_auth() && (*pass)) {
DEBUG(1, ("Server requested plaintext password but 'client use plaintext auth'"
" is disabled\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
- return cli_session_setup_plaintext(cli, user, pass, workgroup);
+ return cli_session_setup_plaintext(cli, user, pass, workgroup) ?
+ NT_STATUS_OK : cli_nt_error(cli);
}
/* if the server supports extended security then use SPNEGO */
ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup);
if (!ADS_ERR_OK(status)) {
DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
- return False;
+ return ads_ntstatus(status);
}
} else {
/* otherwise do a NT1 style session setup */
if ( !cli_session_setup_nt1(cli, user, pass, passlen, ntpass, ntpasslen, workgroup) ) {
DEBUG(3,("cli_session_setup: NT1 session setup failed!\n"));
- return False;
+ return cli_nt_error(cli);
}
}
cli->is_samba = True;
}
- return True;
+ return NT_STATUS_OK;
}
return nt_status;
}
- if (!cli_session_setup(cli, user, password, pw_len, password, pw_len, domain)) {
- if ((flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)
- && cli_session_setup(cli, "", "", 0, "", 0, domain)) {
- } else {
- nt_status = cli_nt_error(cli);
- DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status)));
+ nt_status = cli_session_setup(cli, user, password, pw_len, password,
+ pw_len, domain);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+
+ if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)) {
+ DEBUG(1,("failed session setup with %s\n",
+ nt_errstr(nt_status)));
cli_shutdown(cli);
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = NT_STATUS_UNSUCCESSFUL;
- }
return nt_status;
}
- }
+ nt_status = cli_session_setup(cli, "", "", 0, "", 0, domain);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(1,("anonymous failed session setup with %s\n",
+ nt_errstr(nt_status)));
+ cli_shutdown(cli);
+ return nt_status;
+ }
+ }
+
if (service) {
if (!cli_send_tconX(cli, service, service_type, password, pw_len)) {
nt_status = cli_nt_error(cli);
}
}
- if (!cli_session_setup(c, username,
- password, strlen(password),
- password, strlen(password),
- lp_workgroup())) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
+ password, strlen(password),
+ password, strlen(password),
+ lp_workgroup()))) {
/* if a password was not supplied then try again with a null username */
if (password[0] || !username[0] || use_kerberos ||
- !cli_session_setup(c, "", "", 0, "", 0, lp_workgroup())) {
+ !NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0,
+ lp_workgroup()))) {
d_printf("session setup failed: %s\n", cli_errstr(c));
if (NT_STATUS_V(cli_nt_error(c)) ==
NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
username_used = username;
- if (!cli_session_setup(c, username_used,
- password, strlen(password),
- password, strlen(password),
- workgroup)) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
+ password, strlen(password),
+ password, strlen(password),
+ workgroup))) {
/* Failed. Try an anonymous login, if allowed by flags. */
username_used = "";
if ((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) ||
- !cli_session_setup(c, username_used,
- password, 1,
- password, 0,
- workgroup)) {
+ !NT_STATUS_IS_OK(cli_session_setup(c, username_used,
+ password, 1,
+ password, 0,
+ workgroup))) {
cli_shutdown(c);
errno = EPERM;
/* Given things like SMB signing, restrict anonymous and the like,
try an authenticated connection first */
- if (!cli_session_setup(cli, user_name, old_passwd, strlen(old_passwd)+1, old_passwd, strlen(old_passwd)+1, "")) {
+ result = cli_session_setup(cli, user_name,
+ old_passwd, strlen(old_passwd)+1,
+ old_passwd, strlen(old_passwd)+1, "");
- result = cli_nt_error(cli);
-
- if (!NT_STATUS_IS_OK(result)) {
-
- /* Password must change is the only valid error
- * condition here from where we can proceed, the rest
- * like account locked out or logon failure will lead
- * to errors later anyway */
+ if (!NT_STATUS_IS_OK(result)) {
- if (!NT_STATUS_EQUAL(result,
- NT_STATUS_PASSWORD_MUST_CHANGE)) {
- slprintf(err_str, err_str_len-1, "Could not "
- "connect to machine %s: %s\n",
- remote_machine, cli_errstr(cli));
- cli_shutdown(cli);
- return result;
- }
+ /* Password must change is the only valid error condition here
+ * from where we can proceed, the rest like account locked out
+ * or logon failure will lead to errors later anyway */
- pass_must_change = True;
+ if (!NT_STATUS_EQUAL(result,
+ NT_STATUS_PASSWORD_MUST_CHANGE)) {
+ slprintf(err_str, err_str_len-1, "Could not "
+ "connect to machine %s: %s\n",
+ remote_machine, cli_errstr(cli));
+ cli_shutdown(cli);
+ return result;
}
+ pass_must_change = True;
+
/*
* We should connect as the anonymous user here, in case
* the server has "must change password" checked...
* Thanks to <Nicholas.S.Jenkins@cdc.com> for this fix.
*/
- if (!cli_session_setup(cli, "", "", 0, "", 0, "")) {
+ result = cli_session_setup(cli, "", "", 0, "", 0, "");
+
+ if (!NT_STATUS_IS_OK(result)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",
remote_machine, cli_errstr(cli) );
- result = cli_nt_error(cli);
cli_shutdown(cli);
return result;
}
return;
}
- if (!cli_session_setup(cli, "", "", 1, "", 0, workgroup)) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 1, "", 0,
+ workgroup))) {
cli_shutdown(cli);
return;
}
static void cm_get_ipc_userpass(char **username, char **domain, char **password)
{
- *username = secrets_fetch(SECRETS_AUTH_USER, NULL);
- *domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
- *password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
+ *username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL);
+ *domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
+ *password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
if (*username && **username) {
"[%s]\\[%s]\n", controller, global_myname(),
ipc_domain, ipc_username));
- if (cli_session_setup(*cli, ipc_username,
- ipc_password, strlen(ipc_password)+1,
- ipc_password, strlen(ipc_password)+1,
- ipc_domain)) {
+ if (NT_STATUS_IS_OK(cli_session_setup(
+ *cli, ipc_username,
+ ipc_password, strlen(ipc_password)+1,
+ ipc_password, strlen(ipc_password)+1,
+ ipc_domain))) {
/* Successful logon with given username. */
cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password);
goto session_setup_done;
/* Fall back to anonymous connection, this might fail later */
- if (cli_session_setup(*cli, "", NULL, 0, NULL, 0, "")) {
+ if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0,
+ NULL, 0, ""))) {
DEBUG(5, ("Connected anonymously\n"));
cli_init_creds(*cli, "", "", "");
goto session_setup_done;
fstrcpy(username[1], username[0]);
}
- if (!cli_session_setup(c, username[snum],
- password[snum], strlen(password[snum]),
- password[snum], strlen(password[snum]),
- lp_workgroup())) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(c, username[snum],
+ password[snum],
+ strlen(password[snum]),
+ password[snum],
+ strlen(password[snum]),
+ lp_workgroup()))) {
DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
return NULL;
}
}
}
- if (!cli_session_setup(c, username,
- password, strlen(password),
- password, strlen(password),
- lp_workgroup())) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(c, username,
+ password, strlen(password),
+ password, strlen(password),
+ lp_workgroup()))) {
DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
return NULL;
}
fstrcpy(old_user_name, cli->user_name);
cli->vuid = 0;
- ret = cli_session_setup(cli, username, password, passlen, password, passlen, workgroup);
+ ret = NT_STATUS_IS_OK(cli_session_setup(cli, username,
+ password, passlen,
+ password, passlen,
+ workgroup));
*new_vuid = cli->vuid;
cli->vuid = old_vuid;
fstrcpy(cli->user_name, old_user_name);
return False;
}
- if (!cli_session_setup(c_nt, "", "", 0, "", 0,
- workgroup)) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(c_nt, "", "", 0, "", 0,
+ workgroup))) {
printf("%s rejected the NT-error initial session setup (%s)\n",host, cli_errstr(c_nt));
return False;
}
return False;
}
- if (!cli_session_setup(c_dos, "", "", 0, "", 0,
- workgroup)) {
+ if (!NT_STATUS_IS_OK(cli_session_setup(c_dos, "", "", 0, "", 0,
+ workgroup))) {
printf("%s rejected the DOS-error initial session setup (%s)\n",host, cli_errstr(c_dos));
return False;
}
for (error=(0xc0000000 | 0x1); error < (0xc0000000| 0xFFF); error++) {
fstr_sprintf(user, "%X", error);
- if (cli_session_setup(c_nt, user,
- password, strlen(password),
- password, strlen(password),
- workgroup)) {
+ if (NT_STATUS_IS_OK(cli_session_setup(c_nt, user,
+ password, strlen(password),
+ password, strlen(password),
+ workgroup))) {
printf("/** Session setup succeeded. This shouldn't happen...*/\n");
}
nt_status = NT_STATUS(0xc0000000);
}
- if (cli_session_setup(c_dos, user,
- password, strlen(password),
- password, strlen(password),
- workgroup)) {
+ if (NT_STATUS_IS_OK(cli_session_setup(c_dos, user,
+ password, strlen(password),
+ password, strlen(password),
+ workgroup))) {
printf("/** Session setup succeeded. This shouldn't happen...*/\n");
}
flgs2 = SVAL(c_dos->inbuf,smb_flg2), errnum;