root/source4/auth/ntlm/pam_errors.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. pam_to_nt_status
  2. nt_status_to_pam
  3. pam_to_nt_status
  4. nt_status_to_pam

   1 /* 
   2  *  Unix SMB/CIFS implementation.
   3  *  PAM error mapping functions
   4  *  Copyright (C) Andrew Bartlett 2002
   5  *  
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *  
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *  
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19 
  20 #include "includes.h"
  21 #include "auth/ntlm/pam_errors.h"
  22 
  23 #ifdef WITH_HAVE_SECURITY_PAM_APPL_H
  24 #include <security/pam_appl.h>
  25 
  26 #if defined(PAM_AUTHTOK_RECOVERY_ERR) && !defined(PAM_AUTHTOK_RECOVER_ERR)
  27 #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
  28 #endif  
  29 
  30 /* PAM -> NT_STATUS map */
  31 static const struct {
  32         int pam_code;
  33         NTSTATUS ntstatus;
  34 } pam_to_nt_status_map[] = {
  35         {PAM_OPEN_ERR, NT_STATUS_UNSUCCESSFUL},
  36         {PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL},
  37         {PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL},
  38         {PAM_SYSTEM_ERR,  NT_STATUS_UNSUCCESSFUL},
  39         {PAM_BUF_ERR, NT_STATUS_UNSUCCESSFUL},
  40         {PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED},
  41         {PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD},
  42         {PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME:  Is this correct? */
  43         {PAM_AUTHINFO_UNAVAIL, NT_STATUS_LOGON_FAILURE},
  44         {PAM_USER_UNKNOWN, NT_STATUS_NO_SUCH_USER},
  45         {PAM_MAXTRIES, NT_STATUS_REMOTE_SESSION_LIMIT}, /* FIXME:  Is this correct? */
  46         {PAM_NEW_AUTHTOK_REQD, NT_STATUS_PASSWORD_MUST_CHANGE},
  47         {PAM_ACCT_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED},
  48         {PAM_SESSION_ERR, NT_STATUS_INSUFFICIENT_RESOURCES},
  49         {PAM_CRED_UNAVAIL, NT_STATUS_NO_TOKEN},  /* FIXME:  Is this correct? */
  50         {PAM_CRED_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},  /* FIXME:  Is this correct? */
  51         {PAM_CRED_ERR, NT_STATUS_UNSUCCESSFUL},
  52         {PAM_AUTHTOK_ERR, NT_STATUS_UNSUCCESSFUL},
  53 #ifdef PAM_AUTHTOK_RECOVER_ERR
  54         {PAM_AUTHTOK_RECOVER_ERR, NT_STATUS_UNSUCCESSFUL},
  55 #endif
  56         {PAM_AUTHTOK_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
  57         {PAM_SUCCESS, NT_STATUS_OK}
  58 };
  59 
  60 /* NT_STATUS -> PAM map */
  61 static const struct {
  62         NTSTATUS ntstatus;
  63         int pam_code;
  64 } nt_status_to_pam_map[] = {
  65         {NT_STATUS_UNSUCCESSFUL, PAM_SYSTEM_ERR},
  66         {NT_STATUS_NO_SUCH_USER, PAM_USER_UNKNOWN},
  67         {NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
  68         {NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
  69         {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
  70         {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
  71         {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
  72         {NT_STATUS_OK, PAM_SUCCESS}
  73 };
  74 
  75 /*****************************************************************************
  76 convert a PAM error to a NT status32 code
  77  *****************************************************************************/
  78 NTSTATUS pam_to_nt_status(int pam_error)
     /* [<][>][^][v][top][bottom][index][help] */
  79 {
  80         int i;
  81         if (pam_error == 0) return NT_STATUS_OK;
  82         
  83         for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) {
  84                 if (pam_error == pam_to_nt_status_map[i].pam_code)
  85                         return pam_to_nt_status_map[i].ntstatus;
  86         }
  87         return NT_STATUS_UNSUCCESSFUL;
  88 }
  89 
  90 /*****************************************************************************
  91 convert an NT status32 code to a PAM error
  92  *****************************************************************************/
  93 int nt_status_to_pam(NTSTATUS nt_status)
     /* [<][>][^][v][top][bottom][index][help] */
  94 {
  95         int i;
  96         if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS;
  97         
  98         for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) {
  99                 if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus))
 100                         return nt_status_to_pam_map[i].pam_code;
 101         }
 102         return PAM_SYSTEM_ERR;
 103 }
 104 
 105 #else 
 106 
 107 /*****************************************************************************
 108 convert a PAM error to a NT status32 code
 109  *****************************************************************************/
 110 NTSTATUS pam_to_nt_status(int pam_error)
     /* [<][>][^][v][top][bottom][index][help] */
 111 {
 112         if (pam_error == 0) return NT_STATUS_OK;
 113         return NT_STATUS_UNSUCCESSFUL;
 114 }
 115 
 116 /*****************************************************************************
 117 convert an NT status32 code to a PAM error
 118  *****************************************************************************/
 119 int nt_status_to_pam(NTSTATUS nt_status)
     /* [<][>][^][v][top][bottom][index][help] */
 120 {
 121         if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) return 0;
 122         return 4; /* PAM_SYSTEM_ERR */
 123 }
 124 
 125 #endif
 126 

/* [<][>][^][v][top][bottom][index][help] */