root/source3/lib/pam_errors.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. pam_to_nt_status
  2. nt_status_to_pam
  3. pam_to_nt_status
  4. nt_status_to_pam

   1 /* 
   2  *  Unix SMB/CIFS implementation.
   3  *  PAM error mapping functions
   4  *  Copyright (C) Andrew Bartlett 2002
   5  *  
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *  
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *  
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19 
  20 #include "includes.h"
  21 
  22 #ifdef WITH_PAM
  23 #if defined(HAVE_SECURITY_PAM_APPL_H)
  24 #include <security/pam_appl.h>
  25 #elif defined(HAVE_PAM_PAM_APPL_H)
  26 #include <pam/pam_appl.h>
  27 #endif
  28 
  29 #if defined(PAM_AUTHTOK_RECOVERY_ERR) && !defined(PAM_AUTHTOK_RECOVER_ERR)
  30 #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
  31 #endif  
  32 
  33 /* PAM -> NT_STATUS map */
  34 static const struct {
  35         int pam_code;
  36         NTSTATUS ntstatus;
  37 } pam_to_nt_status_map[] = {
  38         {PAM_OPEN_ERR, NT_STATUS_UNSUCCESSFUL},
  39         {PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL},
  40         {PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL},
  41         {PAM_SYSTEM_ERR,  NT_STATUS_UNSUCCESSFUL},
  42         {PAM_BUF_ERR, NT_STATUS_NO_MEMORY},
  43         {PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED},
  44         {PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD},
  45         {PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME:  Is this correct? */
  46         {PAM_AUTHINFO_UNAVAIL, NT_STATUS_LOGON_FAILURE},
  47         {PAM_USER_UNKNOWN, NT_STATUS_NO_SUCH_USER},
  48         {PAM_MAXTRIES, NT_STATUS_REMOTE_SESSION_LIMIT}, /* FIXME:  Is this correct? */
  49         {PAM_NEW_AUTHTOK_REQD, NT_STATUS_PASSWORD_MUST_CHANGE},
  50         {PAM_ACCT_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED},
  51         {PAM_SESSION_ERR, NT_STATUS_INSUFFICIENT_RESOURCES},
  52         {PAM_CRED_UNAVAIL, NT_STATUS_NO_TOKEN},  /* FIXME:  Is this correct? */
  53         {PAM_CRED_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},  /* FIXME:  Is this correct? */
  54         {PAM_CRED_ERR, NT_STATUS_UNSUCCESSFUL},
  55         {PAM_AUTHTOK_ERR, NT_STATUS_UNSUCCESSFUL},
  56 #ifdef PAM_AUTHTOK_RECOVER_ERR
  57         {PAM_AUTHTOK_RECOVER_ERR, NT_STATUS_UNSUCCESSFUL},
  58 #endif
  59         {PAM_AUTHTOK_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
  60         {PAM_SUCCESS, NT_STATUS_OK}
  61 };
  62 
  63 /* NT_STATUS -> PAM map */
  64 static const struct {
  65         NTSTATUS ntstatus;
  66         int pam_code;
  67 } nt_status_to_pam_map[] = {
  68         {NT_STATUS_UNSUCCESSFUL, PAM_SYSTEM_ERR},
  69         {NT_STATUS_NO_SUCH_USER, PAM_USER_UNKNOWN},
  70         {NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
  71         {NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
  72         {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
  73         {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
  74         {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
  75         {NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
  76         {NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
  77         {NT_STATUS_PASSWORD_RESTRICTION, PAM_PERM_DENIED},
  78         {NT_STATUS_BACKUP_CONTROLLER, PAM_AUTHINFO_UNAVAIL},
  79         {NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM_AUTHINFO_UNAVAIL},
  80         {NT_STATUS_NO_LOGON_SERVERS, PAM_AUTHINFO_UNAVAIL},
  81         {NT_STATUS_INVALID_WORKSTATION, PAM_PERM_DENIED},
  82         {NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
  83         {NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
  84         {NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
  85         {NT_STATUS_OK, PAM_SUCCESS}
  86 };
  87 
  88 /*****************************************************************************
  89 convert a PAM error to a NT status32 code
  90  *****************************************************************************/
  91 NTSTATUS pam_to_nt_status(int pam_error)
     /* [<][>][^][v][top][bottom][index][help] */
  92 {
  93         int i;
  94         if (pam_error == 0) return NT_STATUS_OK;
  95         
  96         for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) {
  97                 if (pam_error == pam_to_nt_status_map[i].pam_code)
  98                         return pam_to_nt_status_map[i].ntstatus;
  99         }
 100         return NT_STATUS_UNSUCCESSFUL;
 101 }
 102 
 103 /*****************************************************************************
 104 convert an NT status32 code to a PAM error
 105  *****************************************************************************/
 106 int nt_status_to_pam(NTSTATUS nt_status)
     /* [<][>][^][v][top][bottom][index][help] */
 107 {
 108         int i;
 109         if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS;
 110         
 111         for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) {
 112                 if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus))
 113                         return nt_status_to_pam_map[i].pam_code;
 114         }
 115         return PAM_SYSTEM_ERR;
 116 }
 117 
 118 #else 
 119 
 120 /*****************************************************************************
 121 convert a PAM error to a NT status32 code
 122  *****************************************************************************/
 123 NTSTATUS pam_to_nt_status(int pam_error)
     /* [<][>][^][v][top][bottom][index][help] */
 124 {
 125         if (pam_error == 0) return NT_STATUS_OK;
 126         return NT_STATUS_UNSUCCESSFUL;
 127 }
 128 
 129 /*****************************************************************************
 130 convert an NT status32 code to a PAM error
 131  *****************************************************************************/
 132 int nt_status_to_pam(NTSTATUS nt_status)
     /* [<][>][^][v][top][bottom][index][help] */
 133 {
 134         if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) return 0;
 135         return 4; /* PAM_SYSTEM_ERR */
 136 }
 137 
 138 #endif
 139 

/* [<][>][^][v][top][bottom][index][help] */