From: Volker Lendecke Date: Sun, 18 Aug 2024 10:55:34 +0000 (+0200) Subject: libsmb: Convert cli_oem_change_password() to NTSTATUS X-Git-Tag: tdb-1.4.13~1363 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b1d5b8ef239a0c4ae92301e598eb864c2c025876;p=thirdparty%2Fsamba.git libsmb: Convert cli_oem_change_password() to NTSTATUS Remove a few calls to cli_nt_error() Signed-off-by: Volker Lendecke Reviewed-by: Andreas Schneider --- diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c index 96ff09449da..8b461ac0140 100644 --- a/source3/libsmb/clirap.c +++ b/source3/libsmb/clirap.c @@ -447,8 +447,10 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32_t stype, Send a SamOEMChangePassword command. ****************************************************************************/ -bool cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password, - const char *old_password) +NTSTATUS cli_oem_change_password(struct cli_state *cli, + const char *user, + const char *new_password, + const char *old_password) { char param[1024]; uint8_t data[532]; @@ -468,7 +470,7 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char if (strlen(user) >= sizeof(fstring)-1) { DBG_ERR("user name %s is too long.\n", user); - return False; + return NT_STATUS_NAME_TOO_LONG; } SSVAL(p,0,214); /* SamOEMChangePassword command. */ @@ -503,14 +505,18 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char if (rc < 0) { DBG_ERR("gnutls_cipher_init failed: %s\n", gnutls_strerror(rc)); - return false; + status = gnutls_error_to_ntstatus( + rc, NT_STATUS_CRYPTO_SYSTEM_INVALID); + return status; } rc = gnutls_cipher_encrypt(cipher_hnd, data, 516); gnutls_cipher_deinit(cipher_hnd); if (rc < 0) { - return false; + status = gnutls_error_to_ntstatus( + rc, NT_STATUS_CRYPTO_SYSTEM_INVALID); + return status; } /* @@ -521,7 +527,9 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char rc = E_old_pw_hash( new_pw_hash, old_pw_hash, (uchar *)&data[516]); if (rc != 0) { DBG_ERR("E_old_pw_hash failed: %s\n", gnutls_strerror(rc)); - return false; + status = gnutls_error_to_ntstatus( + rc, NT_STATUS_CRYPTO_SYSTEM_INVALID); + return status; } status = cli_trans(talloc_tos(), /* mem_ctx */ @@ -551,13 +559,15 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char 0, /* min_rdata */ NULL); /* num_rdata */ if (!NT_STATUS_IS_OK(status)) { - return false; + return status; } cli->rap_error = PULL_LE_U16(rparam, 0); + status = werror_to_ntstatus(W_ERROR(cli->rap_error)); + TALLOC_FREE(rparam); - return (cli->rap_error == 0); + return status; } static void prep_basic_information_buf( diff --git a/source3/libsmb/clirap.h b/source3/libsmb/clirap.h index 4a0f8cfc04e..c31f4e51362 100644 --- a/source3/libsmb/clirap.h +++ b/source3/libsmb/clirap.h @@ -38,8 +38,10 @@ int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32_t, bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32_t stype, void (*fn)(const char *, uint32_t, const char *, void *), void *state); -bool cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password, - const char *old_password); +NTSTATUS cli_oem_change_password(struct cli_state *cli, + const char *user, + const char *new_password, + const char *old_password); NTSTATUS cli_setpathinfo_ext(struct cli_state *cli, const char *fname, struct timespec create_time, struct timespec access_time, diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index 145c51f5373..e1b4a982455 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -183,8 +183,11 @@ NTSTATUS remote_password_change(const char *remote_machine, if (!NT_STATUS_IS_OK(result)) { if (lp_client_lanman_auth()) { /* Use the old RAP method. */ - if (!cli_oem_change_password(cli, user_name, new_passwd, old_passwd)) { - result = cli_nt_error(cli); + result = cli_oem_change_password(cli, + user_name, + new_passwd, + old_passwd); + if (!NT_STATUS_IS_OK(result)) { if (asprintf(err_str, "machine %s rejected the " "password change: Error was : %s.\n", remote_machine, nt_errstr(result)) == -1) { @@ -310,15 +313,17 @@ NTSTATUS remote_password_change(const char *remote_machine, } /* Use the old RAP method. */ - if (cli_oem_change_password( - cli, user_name, new_passwd, old_passwd)) { + result = cli_oem_change_password(cli, + user_name, + new_passwd, + old_passwd); + if (NT_STATUS_IS_OK(result)) { /* SAMR failed, but the old LanMan protocol worked! */ cli_shutdown(cli); return NT_STATUS_OK; } - result = cli_nt_error(cli); if (asprintf(err_str, "machine %s rejected the password " "change: Error was : %s.\n", diff --git a/source3/utils/net_rap.c b/source3/utils/net_rap.c index ed4b2c72277..cd1d5d90f7c 100644 --- a/source3/utils/net_rap.c +++ b/source3/utils/net_rap.c @@ -1240,7 +1240,7 @@ int net_rap_password_usage(struct net_context *c, int argc, const char **argv) int net_rap_password(struct net_context *c, int argc, const char **argv) { struct cli_state *cli; - int ret; + NTSTATUS status; if (argc < 3 || c->display_usage) return net_rap_password_usage(c, argc, argv); @@ -1249,9 +1249,9 @@ int net_rap_password(struct net_context *c, int argc, const char **argv) return -1; /* BB Add check for password lengths? */ - ret = cli_oem_change_password(cli, argv[0], argv[2], argv[1]); + status = cli_oem_change_password(cli, argv[0], argv[2], argv[1]); cli_shutdown(cli); - return ret ? 0 : -1; + return NT_STATUS_IS_OK(status) ? 0 : -1; } int net_rap_admin_usage(struct net_context *c, int argc, const char **argv)