root/source3/libads/krb5_errs.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. krb5_to_nt_status
  2. nt_status_to_krb5

   1 /* 
   2  *  Unix SMB/CIFS implementation.
   3  *  Kerberos error mapping functions
   4  *  Copyright (C) Guenther Deschner 2005
   5  *  
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *  
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *  
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19 
  20 #include "includes.h"
  21 
  22 #ifdef HAVE_KRB5
  23 
  24 static const struct {
  25         krb5_error_code krb5_code;
  26         NTSTATUS ntstatus;
  27 } krb5_to_nt_status_map[] = {
  28         {KRB5_CC_IO, NT_STATUS_UNEXPECTED_IO_ERROR},
  29         {KRB5KDC_ERR_BADOPTION, NT_STATUS_INVALID_PARAMETER},
  30         {KRB5KDC_ERR_CLIENT_REVOKED, NT_STATUS_ACCESS_DENIED},
  31         {KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, NT_STATUS_INVALID_ACCOUNT_NAME},
  32         {KRB5KDC_ERR_ETYPE_NOSUPP, NT_STATUS_LOGON_FAILURE},
  33 #if defined(KRB5KDC_ERR_KEY_EXP) /* MIT */
  34         {KRB5KDC_ERR_KEY_EXP, NT_STATUS_PASSWORD_EXPIRED},
  35 #else /* old Heimdal releases have it with different name only in an enum: */
  36         {KRB5KDC_ERR_KEY_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
  37 #endif
  38         {25, NT_STATUS_PASSWORD_EXPIRED}, /* FIXME: bug in heimdal 0.7 krb5_get_init_creds_password (Inappropriate ioctl for device (25)) */
  39         {KRB5KDC_ERR_NULL_KEY, NT_STATUS_LOGON_FAILURE},
  40         {KRB5KDC_ERR_POLICY, NT_STATUS_INVALID_WORKSTATION},
  41         {KRB5KDC_ERR_PREAUTH_FAILED, NT_STATUS_LOGON_FAILURE},
  42         {KRB5KDC_ERR_SERVICE_REVOKED, NT_STATUS_ACCESS_DENIED},
  43         {KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, NT_STATUS_INVALID_ACCOUNT_NAME},
  44         {KRB5KDC_ERR_SUMTYPE_NOSUPP, NT_STATUS_LOGON_FAILURE},
  45         {KRB5KDC_ERR_TGT_REVOKED, NT_STATUS_ACCESS_DENIED},
  46         {KRB5_KDC_UNREACH, NT_STATUS_NO_LOGON_SERVERS},
  47         {KRB5KRB_AP_ERR_BAD_INTEGRITY, NT_STATUS_LOGON_FAILURE},
  48         {KRB5KRB_AP_ERR_MODIFIED, NT_STATUS_LOGON_FAILURE},
  49         {KRB5KRB_AP_ERR_SKEW, NT_STATUS_TIME_DIFFERENCE_AT_DC},
  50         {KRB5_KDCREP_SKEW, NT_STATUS_TIME_DIFFERENCE_AT_DC},
  51         {KRB5KRB_AP_ERR_TKT_EXPIRED, NT_STATUS_LOGON_FAILURE},
  52         {KRB5KRB_ERR_GENERIC, NT_STATUS_UNSUCCESSFUL},
  53 #if defined(KRB5KRB_ERR_RESPONSE_TOO_BIG)
  54         {KRB5KRB_ERR_RESPONSE_TOO_BIG, NT_STATUS_PROTOCOL_UNREACHABLE},
  55 #endif
  56         {KRB5_CC_NOTFOUND, NT_STATUS_NO_SUCH_FILE},
  57         {KRB5_FCC_NOFILE, NT_STATUS_NO_SUCH_FILE},
  58         {KRB5_RC_MALLOC, NT_STATUS_NO_MEMORY},
  59         {ENOMEM, NT_STATUS_NO_MEMORY},
  60         {KRB5_REALM_CANT_RESOLVE, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND},
  61 
  62         /* Must be last entry */
  63         {KRB5KDC_ERR_NONE, NT_STATUS_OK}
  64 };
  65 
  66 static const struct {
  67         NTSTATUS ntstatus;
  68         krb5_error_code krb5_code;
  69 } nt_status_to_krb5_map[] = {
  70         {NT_STATUS_LOGON_FAILURE, KRB5KDC_ERR_PREAUTH_FAILED},
  71         {NT_STATUS_NO_LOGON_SERVERS, KRB5_KDC_UNREACH},
  72         {NT_STATUS_OK, 0}
  73 };
  74 
  75 /*****************************************************************************
  76 convert a KRB5 error to a NT status32 code
  77  *****************************************************************************/
  78  NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error)
     /* [<][>][^][v][top][bottom][index][help] */
  79 {
  80         int i;
  81         
  82         if (kerberos_error == 0) {
  83                 return NT_STATUS_OK;
  84         }
  85         
  86         for (i=0; NT_STATUS_V(krb5_to_nt_status_map[i].ntstatus); i++) {
  87                 if (kerberos_error == krb5_to_nt_status_map[i].krb5_code)
  88                         return krb5_to_nt_status_map[i].ntstatus;
  89         }
  90 
  91         return NT_STATUS_UNSUCCESSFUL;
  92 }
  93 
  94 /*****************************************************************************
  95 convert an NT status32 code to a KRB5 error
  96  *****************************************************************************/
  97  krb5_error_code nt_status_to_krb5(NTSTATUS nt_status)
     /* [<][>][^][v][top][bottom][index][help] */
  98 {
  99         int i;
 100         
 101         if NT_STATUS_IS_OK(nt_status) {
 102                 return 0;
 103         }
 104         
 105         for (i=0; NT_STATUS_V(nt_status_to_krb5_map[i].ntstatus); i++) {
 106                 if (NT_STATUS_EQUAL(nt_status,nt_status_to_krb5_map[i].ntstatus))
 107                         return nt_status_to_krb5_map[i].krb5_code;
 108         }
 109 
 110         return KRB5KRB_ERR_GENERIC;
 111 }
 112 
 113 #endif
 114 

/* [<][>][^][v][top][bottom][index][help] */