summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2011-02-08 10:45:39 +0100
committerGünther Deschner <gd@samba.org>2011-02-08 14:05:36 +0100
commit34722c72f687ad8a357656152aed9f6bafab1cad (patch)
tree4b0c82937608c623336186acc09940035706c01b /source4/auth
parent242797aca93a2f8d1e1670a1eaeb5d8e5cd07a1d (diff)
downloadsamba-34722c72f687ad8a357656152aed9f6bafab1cad.tar.gz
pam: share pam errors in a common location.
Guenther
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/ntlm/auth_unix.c2
-rw-r--r--source4/auth/ntlm/pam_errors.c125
-rw-r--r--source4/auth/ntlm/pam_errors.h34
-rw-r--r--source4/auth/ntlm/wscript_build6
4 files changed, 1 insertions, 166 deletions
diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
index ba37e0a95ec..08759aba674 100644
--- a/source4/auth/ntlm/auth_unix.c
+++ b/source4/auth/ntlm/auth_unix.c
@@ -25,7 +25,7 @@
#include "system/passwd.h" /* needed by some systems for struct passwd */
#include "lib/socket/socket.h"
#include "lib/tsocket/tsocket.h"
-#include "auth/ntlm/pam_errors.h"
+#include "../libcli/auth/pam_errors.h"
#include "param/param.h"
/* TODO: look at how to best fill in parms retrieveing a struct passwd info
diff --git a/source4/auth/ntlm/pam_errors.c b/source4/auth/ntlm/pam_errors.c
deleted file mode 100644
index 9774ad87275..00000000000
--- a/source4/auth/ntlm/pam_errors.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * PAM error mapping functions
- * Copyright (C) Andrew Bartlett 2002
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "includes.h"
-
-#ifdef WITH_HAVE_SECURITY_PAM_APPL_H
-#include <security/pam_appl.h>
-
-#if defined(PAM_AUTHTOK_RECOVERY_ERR) && !defined(PAM_AUTHTOK_RECOVER_ERR)
-#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
-#endif
-
-/* PAM -> NT_STATUS map */
-static const struct {
- int pam_code;
- NTSTATUS ntstatus;
-} pam_to_nt_status_map[] = {
- {PAM_OPEN_ERR, NT_STATUS_UNSUCCESSFUL},
- {PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL},
- {PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL},
- {PAM_SYSTEM_ERR, NT_STATUS_UNSUCCESSFUL},
- {PAM_BUF_ERR, NT_STATUS_UNSUCCESSFUL},
- {PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED},
- {PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD},
- {PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME: Is this correct? */
- {PAM_AUTHINFO_UNAVAIL, NT_STATUS_LOGON_FAILURE},
- {PAM_USER_UNKNOWN, NT_STATUS_NO_SUCH_USER},
- {PAM_MAXTRIES, NT_STATUS_REMOTE_SESSION_LIMIT}, /* FIXME: Is this correct? */
- {PAM_NEW_AUTHTOK_REQD, NT_STATUS_PASSWORD_MUST_CHANGE},
- {PAM_ACCT_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED},
- {PAM_SESSION_ERR, NT_STATUS_INSUFFICIENT_RESOURCES},
- {PAM_CRED_UNAVAIL, NT_STATUS_NO_TOKEN}, /* FIXME: Is this correct? */
- {PAM_CRED_EXPIRED, NT_STATUS_PASSWORD_EXPIRED}, /* FIXME: Is this correct? */
- {PAM_CRED_ERR, NT_STATUS_UNSUCCESSFUL},
- {PAM_AUTHTOK_ERR, NT_STATUS_UNSUCCESSFUL},
-#ifdef PAM_AUTHTOK_RECOVER_ERR
- {PAM_AUTHTOK_RECOVER_ERR, NT_STATUS_UNSUCCESSFUL},
-#endif
- {PAM_AUTHTOK_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
- {PAM_SUCCESS, NT_STATUS_OK}
-};
-
-/* NT_STATUS -> PAM map */
-static const struct {
- NTSTATUS ntstatus;
- int pam_code;
-} nt_status_to_pam_map[] = {
- {NT_STATUS_UNSUCCESSFUL, PAM_SYSTEM_ERR},
- {NT_STATUS_NO_SUCH_USER, PAM_USER_UNKNOWN},
- {NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
- {NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
- {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
- {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
- {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
- {NT_STATUS_OK, PAM_SUCCESS}
-};
-
-/*****************************************************************************
-convert a PAM error to a NT status32 code
- *****************************************************************************/
-NTSTATUS pam_to_nt_status(int pam_error)
-{
- int i;
- if (pam_error == 0) return NT_STATUS_OK;
-
- for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) {
- if (pam_error == pam_to_nt_status_map[i].pam_code)
- return pam_to_nt_status_map[i].ntstatus;
- }
- return NT_STATUS_UNSUCCESSFUL;
-}
-
-/*****************************************************************************
-convert an NT status32 code to a PAM error
- *****************************************************************************/
-int nt_status_to_pam(NTSTATUS nt_status)
-{
- int i;
- if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS;
-
- for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) {
- if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus))
- return nt_status_to_pam_map[i].pam_code;
- }
- return PAM_SYSTEM_ERR;
-}
-
-#else
-
-/*****************************************************************************
-convert a PAM error to a NT status32 code
- *****************************************************************************/
-NTSTATUS pam_to_nt_status(int pam_error)
-{
- if (pam_error == 0) return NT_STATUS_OK;
- return NT_STATUS_UNSUCCESSFUL;
-}
-
-/*****************************************************************************
-convert an NT status32 code to a PAM error
- *****************************************************************************/
-int nt_status_to_pam(NTSTATUS nt_status)
-{
- if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) return 0;
- return 4; /* PAM_SYSTEM_ERR */
-}
-
-#endif
-
diff --git a/source4/auth/ntlm/pam_errors.h b/source4/auth/ntlm/pam_errors.h
deleted file mode 100644
index 2dfe085b770..00000000000
--- a/source4/auth/ntlm/pam_errors.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * PAM error mapping functions
- * Copyright (C) Andrew Bartlett 2002
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef __AUTH_NTLM_PAM_ERRORS_H__
-#define __AUTH_NTLM_PAM_ERRORS_H__
-
-/*****************************************************************************
-convert a PAM error to a NT status32 code
- *****************************************************************************/
-NTSTATUS pam_to_nt_status(int pam_error);
-
-/*****************************************************************************
-convert an NT status32 code to a PAM error
- *****************************************************************************/
-int nt_status_to_pam(NTSTATUS nt_status);
-
-#endif /* __AUTH_NTLM_PAM_ERRORS_H__ */
-
diff --git a/source4/auth/ntlm/wscript_build b/source4/auth/ntlm/wscript_build
index 8063076b66b..b0f519f1c6b 100644
--- a/source4/auth/ntlm/wscript_build
+++ b/source4/auth/ntlm/wscript_build
@@ -48,12 +48,6 @@ bld.SAMBA_MODULE('auth_unix',
)
-bld.SAMBA_SUBSYSTEM('PAM_ERRORS',
- source='pam_errors.c',
- deps='talloc'
- )
-
-
bld.SAMBA_LIBRARY('auth',
source='auth.c auth_util.c auth_simple.c',
autoproto='auth_proto.h',