2006-02-04 01:19:41 +03:00
/*
* Unix SMB / CIFS implementation .
* Kerberos error mapping functions
* Copyright ( C ) Guenther Deschner 2005
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2006-02-04 01:19:41 +03:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2006-02-04 01:19:41 +03:00
*/
# include "includes.h"
2009-11-27 17:52:57 +03:00
# include "smb_krb5.h"
2006-02-04 01:19:41 +03:00
# ifdef HAVE_KRB5
static const struct {
2006-03-09 17:51:40 +03:00
krb5_error_code krb5_code ;
2006-02-04 01:19:41 +03:00
NTSTATUS ntstatus ;
} krb5_to_nt_status_map [ ] = {
{ KRB5_CC_IO , NT_STATUS_UNEXPECTED_IO_ERROR } ,
{ KRB5KDC_ERR_BADOPTION , NT_STATUS_INVALID_PARAMETER } ,
2013-11-25 05:09:48 +04:00
{ KRB5KDC_ERR_CLIENT_REVOKED , NT_STATUS_ACCOUNT_LOCKED_OUT } ,
2006-02-04 01:19:41 +03:00
{ KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN , NT_STATUS_INVALID_ACCOUNT_NAME } ,
{ KRB5KDC_ERR_ETYPE_NOSUPP , NT_STATUS_LOGON_FAILURE } ,
2009-03-16 03:51:09 +03:00
# if defined(KRB5KDC_ERR_KEY_EXP) /* MIT */
2006-02-04 01:19:41 +03:00
{ KRB5KDC_ERR_KEY_EXP , NT_STATUS_PASSWORD_EXPIRED } ,
2009-03-16 03:51:09 +03:00
# else /* old Heimdal releases have it with different name only in an enum: */
{ KRB5KDC_ERR_KEY_EXPIRED , NT_STATUS_PASSWORD_EXPIRED } ,
2006-02-04 01:19:41 +03:00
# endif
{ 25 , NT_STATUS_PASSWORD_EXPIRED } , /* FIXME: bug in heimdal 0.7 krb5_get_init_creds_password (Inappropriate ioctl for device (25)) */
{ KRB5KDC_ERR_NULL_KEY , NT_STATUS_LOGON_FAILURE } ,
2006-05-02 15:54:18 +04:00
{ KRB5KDC_ERR_POLICY , NT_STATUS_INVALID_WORKSTATION } ,
2006-02-04 01:19:41 +03:00
{ KRB5KDC_ERR_PREAUTH_FAILED , NT_STATUS_LOGON_FAILURE } ,
{ KRB5KDC_ERR_SERVICE_REVOKED , NT_STATUS_ACCESS_DENIED } ,
{ KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN , NT_STATUS_INVALID_ACCOUNT_NAME } ,
{ KRB5KDC_ERR_SUMTYPE_NOSUPP , NT_STATUS_LOGON_FAILURE } ,
{ KRB5KDC_ERR_TGT_REVOKED , NT_STATUS_ACCESS_DENIED } ,
{ KRB5_KDC_UNREACH , NT_STATUS_NO_LOGON_SERVERS } ,
{ KRB5KRB_AP_ERR_BAD_INTEGRITY , NT_STATUS_LOGON_FAILURE } ,
{ KRB5KRB_AP_ERR_MODIFIED , NT_STATUS_LOGON_FAILURE } ,
{ KRB5KRB_AP_ERR_SKEW , NT_STATUS_TIME_DIFFERENCE_AT_DC } ,
2006-12-20 13:54:09 +03:00
{ KRB5_KDCREP_SKEW , NT_STATUS_TIME_DIFFERENCE_AT_DC } ,
2006-02-04 01:19:41 +03:00
{ KRB5KRB_AP_ERR_TKT_EXPIRED , NT_STATUS_LOGON_FAILURE } ,
{ KRB5KRB_ERR_GENERIC , NT_STATUS_UNSUCCESSFUL } ,
2006-03-09 17:51:40 +03:00
# if defined(KRB5KRB_ERR_RESPONSE_TOO_BIG)
2006-02-04 01:19:41 +03:00
{ KRB5KRB_ERR_RESPONSE_TOO_BIG , NT_STATUS_PROTOCOL_UNREACHABLE } ,
2006-03-09 17:51:40 +03:00
# endif
2007-01-05 02:41:16 +03:00
{ KRB5_CC_NOTFOUND , NT_STATUS_NO_SUCH_FILE } ,
{ KRB5_FCC_NOFILE , NT_STATUS_NO_SUCH_FILE } ,
2007-03-15 22:18:18 +03:00
{ KRB5_RC_MALLOC , NT_STATUS_NO_MEMORY } ,
{ ENOMEM , NT_STATUS_NO_MEMORY } ,
2007-05-06 22:56:43 +04:00
{ KRB5_REALM_CANT_RESOLVE , NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND } ,
/* Must be last entry */
{ KRB5KDC_ERR_NONE , NT_STATUS_OK }
2006-02-04 01:19:41 +03:00
} ;
static const struct {
NTSTATUS ntstatus ;
2006-03-09 17:51:40 +03:00
krb5_error_code krb5_code ;
2006-02-04 01:19:41 +03:00
} nt_status_to_krb5_map [ ] = {
{ NT_STATUS_LOGON_FAILURE , KRB5KDC_ERR_PREAUTH_FAILED } ,
{ NT_STATUS_NO_LOGON_SERVERS , KRB5_KDC_UNREACH } ,
{ NT_STATUS_OK , 0 }
} ;
/*****************************************************************************
convert a KRB5 error to a NT status32 code
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-03-09 17:51:40 +03:00
NTSTATUS krb5_to_nt_status ( krb5_error_code kerberos_error )
2006-02-04 01:19:41 +03:00
{
int i ;
if ( kerberos_error = = 0 ) {
return NT_STATUS_OK ;
}
for ( i = 0 ; NT_STATUS_V ( krb5_to_nt_status_map [ i ] . ntstatus ) ; i + + ) {
if ( kerberos_error = = krb5_to_nt_status_map [ i ] . krb5_code )
return krb5_to_nt_status_map [ i ] . ntstatus ;
}
return NT_STATUS_UNSUCCESSFUL ;
}
/*****************************************************************************
convert an NT status32 code to a KRB5 error
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-03-09 17:51:40 +03:00
krb5_error_code nt_status_to_krb5 ( NTSTATUS nt_status )
2006-02-04 01:19:41 +03:00
{
int i ;
if NT_STATUS_IS_OK ( nt_status ) {
return 0 ;
}
for ( i = 0 ; NT_STATUS_V ( nt_status_to_krb5_map [ i ] . ntstatus ) ; i + + ) {
if ( NT_STATUS_EQUAL ( nt_status , nt_status_to_krb5_map [ i ] . ntstatus ) )
return nt_status_to_krb5_map [ i ] . krb5_code ;
}
return KRB5KRB_ERR_GENERIC ;
}
# endif