diff options
author | Stefan Metzmacher <metze@samba.org> | 2019-11-06 15:38:23 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2020-02-10 16:32:37 +0000 |
commit | c403fa1a7fe6725957aab7e8039877d1becad8bf (patch) | |
tree | bb7592b151055f523a54bdadc215220f8e4ab2fa /lib/krb5_wrap | |
parent | 98d2d5a40358e26d34c81047d80b79876a8ddab9 (diff) | |
download | samba-c403fa1a7fe6725957aab7e8039877d1becad8bf.tar.gz |
krb5_wrap: move source3/libads/krb5_errs.c to lib/krb5_wrap/krb5_errs.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'lib/krb5_wrap')
-rw-r--r-- | lib/krb5_wrap/krb5_errs.c | 114 | ||||
-rw-r--r-- | lib/krb5_wrap/krb5_samba.h | 3 | ||||
-rw-r--r-- | lib/krb5_wrap/wscript_build | 16 |
3 files changed, 131 insertions, 2 deletions
diff --git a/lib/krb5_wrap/krb5_errs.c b/lib/krb5_wrap/krb5_errs.c new file mode 100644 index 00000000000..37428defe1e --- /dev/null +++ b/lib/krb5_wrap/krb5_errs.c @@ -0,0 +1,114 @@ +/* + * Unix SMB/CIFS implementation. + * Kerberos error mapping functions + * Copyright (C) Guenther Deschner 2005 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" +#include "krb5_samba.h" + +#ifdef HAVE_KRB5 + +static const struct { + krb5_error_code krb5_code; + NTSTATUS ntstatus; +} krb5_to_nt_status_map[] = { + {KRB5_CC_IO, NT_STATUS_UNEXPECTED_IO_ERROR}, + {KRB5KDC_ERR_BADOPTION, NT_STATUS_INVALID_PARAMETER}, + {KRB5KDC_ERR_CLIENT_REVOKED, NT_STATUS_ACCOUNT_LOCKED_OUT}, + {KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, NT_STATUS_INVALID_ACCOUNT_NAME}, + {KRB5KDC_ERR_ETYPE_NOSUPP, NT_STATUS_LOGON_FAILURE}, +#if defined(KRB5KDC_ERR_KEY_EXP) /* MIT */ + {KRB5KDC_ERR_KEY_EXP, NT_STATUS_PASSWORD_EXPIRED}, +#else /* old Heimdal releases have it with different name only in an enum: */ + {KRB5KDC_ERR_KEY_EXPIRED, NT_STATUS_PASSWORD_EXPIRED}, +#endif + {25, NT_STATUS_PASSWORD_EXPIRED}, /* FIXME: bug in heimdal 0.7 krb5_get_init_creds_password (Inappropriate ioctl for device (25)) */ + {KRB5KDC_ERR_NULL_KEY, NT_STATUS_LOGON_FAILURE}, + {KRB5KDC_ERR_POLICY, NT_STATUS_INVALID_WORKSTATION}, + {KRB5KDC_ERR_PREAUTH_FAILED, NT_STATUS_LOGON_FAILURE}, + {KRB5KDC_ERR_SERVICE_REVOKED, NT_STATUS_ACCESS_DENIED}, + {KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, NT_STATUS_INVALID_ACCOUNT_NAME}, + {KRB5KDC_ERR_SUMTYPE_NOSUPP, NT_STATUS_LOGON_FAILURE}, + {KRB5KDC_ERR_TGT_REVOKED, NT_STATUS_ACCESS_DENIED}, + {KRB5_KDC_UNREACH, NT_STATUS_NO_LOGON_SERVERS}, + {KRB5KRB_AP_ERR_BAD_INTEGRITY, NT_STATUS_LOGON_FAILURE}, + {KRB5KRB_AP_ERR_MODIFIED, NT_STATUS_LOGON_FAILURE}, + {KRB5KRB_AP_ERR_SKEW, NT_STATUS_TIME_DIFFERENCE_AT_DC}, + {KRB5_KDCREP_SKEW, NT_STATUS_TIME_DIFFERENCE_AT_DC}, + {KRB5KRB_AP_ERR_TKT_EXPIRED, NT_STATUS_LOGON_FAILURE}, + {KRB5KRB_ERR_GENERIC, NT_STATUS_UNSUCCESSFUL}, +#if defined(KRB5KRB_ERR_RESPONSE_TOO_BIG) + {KRB5KRB_ERR_RESPONSE_TOO_BIG, NT_STATUS_PROTOCOL_UNREACHABLE}, +#endif + {KRB5_CC_NOTFOUND, NT_STATUS_NO_SUCH_FILE}, + {KRB5_FCC_NOFILE, NT_STATUS_NO_SUCH_FILE}, + {KRB5_RC_MALLOC, NT_STATUS_NO_MEMORY}, + {ENOMEM, NT_STATUS_NO_MEMORY}, + {KRB5_REALM_CANT_RESOLVE, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND}, + + /* Must be last entry */ + {KRB5KDC_ERR_NONE, NT_STATUS_OK} +}; + +static const struct { + NTSTATUS ntstatus; + krb5_error_code krb5_code; +} nt_status_to_krb5_map[] = { + {NT_STATUS_LOGON_FAILURE, KRB5KDC_ERR_PREAUTH_FAILED}, + {NT_STATUS_NO_LOGON_SERVERS, KRB5_KDC_UNREACH}, + {NT_STATUS_OK, 0} +}; + +/***************************************************************************** +convert a KRB5 error to a NT status32 code + *****************************************************************************/ + NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error) +{ + int i; + + if (kerberos_error == 0) { + return NT_STATUS_OK; + } + + for (i=0; NT_STATUS_V(krb5_to_nt_status_map[i].ntstatus); i++) { + if (kerberos_error == krb5_to_nt_status_map[i].krb5_code) + return krb5_to_nt_status_map[i].ntstatus; + } + + return NT_STATUS_UNSUCCESSFUL; +} + +/***************************************************************************** +convert an NT status32 code to a KRB5 error + *****************************************************************************/ + krb5_error_code nt_status_to_krb5(NTSTATUS nt_status) +{ + int i; + + if NT_STATUS_IS_OK(nt_status) { + return 0; + } + + for (i=0; NT_STATUS_V(nt_status_to_krb5_map[i].ntstatus); i++) { + if (NT_STATUS_EQUAL(nt_status,nt_status_to_krb5_map[i].ntstatus)) + return nt_status_to_krb5_map[i].krb5_code; + } + + return KRB5KRB_ERR_GENERIC; +} + +#endif diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 64ae0275dbd..ca9a893e4f7 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -406,4 +406,7 @@ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx, time_t *tgs_expire, const char *impersonate_princ_s); +NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error); +krb5_error_code nt_status_to_krb5(NTSTATUS nt_status); + #endif /* _KRB5_SAMBA_H */ diff --git a/lib/krb5_wrap/wscript_build b/lib/krb5_wrap/wscript_build index 624964452af..dd9fc08fff7 100644 --- a/lib/krb5_wrap/wscript_build +++ b/lib/krb5_wrap/wscript_build @@ -5,7 +5,19 @@ if bld.CONFIG_SET('SAMBA4_USES_HEIMDAL'): add_deps = ' asn1' bld.SAMBA_LIBRARY('krb5samba', - source='krb5_samba.c gss_samba.c keytab_util.c enctype_convert.c', - deps='samba-util talloc krb5 com_err gssapi' + add_deps, + source=''' + krb5_samba.c + gss_samba.c + keytab_util.c + enctype_convert.c + krb5_errs.c + ''', + deps=''' + samba-util + talloc + krb5 + com_err + gssapi + ''' + add_deps, private_library=True ) |