/src/samba/lib/krb5_wrap/krb5_errs.c
Line | Count | Source |
1 | | /* |
2 | | * Unix SMB/CIFS implementation. |
3 | | * Kerberos error mapping functions |
4 | | * Copyright (C) Guenther Deschner 2005 |
5 | | * |
6 | | * This program is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU General Public License as published by |
8 | | * the Free Software Foundation; either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * This program is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU General Public License |
17 | | * along with this program; if not, see <http://www.gnu.org/licenses/>. |
18 | | */ |
19 | | |
20 | | #include "includes.h" |
21 | | #include "krb5_samba.h" |
22 | | |
23 | | #ifdef HAVE_KRB5 |
24 | | |
25 | | static const struct { |
26 | | krb5_error_code krb5_code; |
27 | | NTSTATUS ntstatus; |
28 | | } krb5_to_nt_status_map[] = { |
29 | | {KRB5_CC_IO, NT_STATUS_UNEXPECTED_IO_ERROR}, |
30 | | {KRB5KDC_ERR_BADOPTION, NT_STATUS_INVALID_PARAMETER}, |
31 | | {KRB5KDC_ERR_CLIENT_REVOKED, NT_STATUS_ACCOUNT_LOCKED_OUT}, |
32 | | {KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, NT_STATUS_INVALID_ACCOUNT_NAME}, |
33 | | {KRB5KDC_ERR_ETYPE_NOSUPP, NT_STATUS_LOGON_FAILURE}, |
34 | | #if defined(KRB5KDC_ERR_KEY_EXP) /* MIT */ |
35 | | {KRB5KDC_ERR_KEY_EXP, NT_STATUS_PASSWORD_EXPIRED}, |
36 | | #else /* old Heimdal releases have it with different name only in an enum: */ |
37 | | {KRB5KDC_ERR_KEY_EXPIRED, NT_STATUS_PASSWORD_EXPIRED}, |
38 | | #endif |
39 | | {25, NT_STATUS_PASSWORD_EXPIRED}, /* FIXME: bug in heimdal 0.7 krb5_get_init_creds_password (Inappropriate ioctl for device (25)) */ |
40 | | {KRB5KDC_ERR_NULL_KEY, NT_STATUS_LOGON_FAILURE}, |
41 | | {KRB5KDC_ERR_POLICY, NT_STATUS_INVALID_WORKSTATION}, |
42 | | {KRB5KDC_ERR_PREAUTH_FAILED, NT_STATUS_LOGON_FAILURE}, |
43 | | {KRB5KDC_ERR_SERVICE_REVOKED, NT_STATUS_ACCESS_DENIED}, |
44 | | {KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, NT_STATUS_INVALID_COMPUTER_NAME}, |
45 | | {KRB5KDC_ERR_SUMTYPE_NOSUPP, NT_STATUS_LOGON_FAILURE}, |
46 | | {KRB5KDC_ERR_TGT_REVOKED, NT_STATUS_ACCESS_DENIED}, |
47 | | {KRB5_KDC_UNREACH, NT_STATUS_NO_LOGON_SERVERS}, |
48 | | {KRB5KRB_AP_ERR_BAD_INTEGRITY, NT_STATUS_LOGON_FAILURE}, |
49 | | {KRB5KRB_AP_ERR_MODIFIED, NT_STATUS_LOGON_FAILURE}, |
50 | | {KRB5KRB_AP_ERR_SKEW, NT_STATUS_TIME_DIFFERENCE_AT_DC}, |
51 | | {KRB5_KDCREP_SKEW, NT_STATUS_TIME_DIFFERENCE_AT_DC}, |
52 | | {KRB5KRB_AP_ERR_TKT_EXPIRED, NT_STATUS_LOGON_FAILURE}, |
53 | | {KRB5KRB_ERR_GENERIC, NT_STATUS_UNSUCCESSFUL}, |
54 | | #if defined(KRB5KRB_ERR_RESPONSE_TOO_BIG) |
55 | | {KRB5KRB_ERR_RESPONSE_TOO_BIG, NT_STATUS_PROTOCOL_UNREACHABLE}, |
56 | | #endif |
57 | | {KRB5_CC_NOTFOUND, NT_STATUS_NO_SUCH_FILE}, |
58 | | {KRB5_FCC_NOFILE, NT_STATUS_NO_SUCH_FILE}, |
59 | | {KRB5_RC_MALLOC, NT_STATUS_NO_MEMORY}, |
60 | | {ENOMEM, NT_STATUS_NO_MEMORY}, |
61 | | {KRB5_REALM_CANT_RESOLVE, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND}, |
62 | | {KRB5_REALM_UNKNOWN, NT_STATUS_NO_SUCH_DOMAIN}, |
63 | | |
64 | | /* Must be last entry */ |
65 | | {KRB5KDC_ERR_NONE, NT_STATUS_OK} |
66 | | }; |
67 | | |
68 | | static const struct { |
69 | | NTSTATUS ntstatus; |
70 | | krb5_error_code krb5_code; |
71 | | } nt_status_to_krb5_map[] = { |
72 | | {NT_STATUS_LOGON_FAILURE, KRB5KDC_ERR_PREAUTH_FAILED}, |
73 | | {NT_STATUS_NO_LOGON_SERVERS, KRB5_KDC_UNREACH}, |
74 | | {NT_STATUS_OK, 0} |
75 | | }; |
76 | | |
77 | | /***************************************************************************** |
78 | | convert a KRB5 error to a NT status32 code |
79 | | *****************************************************************************/ |
80 | | NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error) |
81 | 0 | { |
82 | 0 | int i; |
83 | |
|
84 | 0 | if (kerberos_error == 0) { |
85 | 0 | return NT_STATUS_OK; |
86 | 0 | } |
87 | | |
88 | 0 | for (i=0; NT_STATUS_V(krb5_to_nt_status_map[i].ntstatus); i++) { |
89 | 0 | if (kerberos_error == krb5_to_nt_status_map[i].krb5_code) |
90 | 0 | return krb5_to_nt_status_map[i].ntstatus; |
91 | 0 | } |
92 | | |
93 | 0 | return NT_STATUS_UNSUCCESSFUL; |
94 | 0 | } |
95 | | |
96 | | /***************************************************************************** |
97 | | convert an NT status32 code to a KRB5 error |
98 | | *****************************************************************************/ |
99 | | krb5_error_code nt_status_to_krb5(NTSTATUS nt_status) |
100 | 0 | { |
101 | 0 | int i; |
102 | |
|
103 | 0 | if NT_STATUS_IS_OK(nt_status) { |
104 | 0 | return 0; |
105 | 0 | } |
106 | | |
107 | 0 | for (i=0; NT_STATUS_V(nt_status_to_krb5_map[i].ntstatus); i++) { |
108 | 0 | if (NT_STATUS_EQUAL(nt_status,nt_status_to_krb5_map[i].ntstatus)) |
109 | 0 | return nt_status_to_krb5_map[i].krb5_code; |
110 | 0 | } |
111 | | |
112 | 0 | return KRB5KRB_ERR_GENERIC; |
113 | 0 | } |
114 | | |
115 | | #endif |