diff options
author | Günther Deschner <gd@samba.org> | 2011-02-08 10:45:39 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2011-02-08 14:05:36 +0100 |
commit | 34722c72f687ad8a357656152aed9f6bafab1cad (patch) | |
tree | 4b0c82937608c623336186acc09940035706c01b /source4/auth | |
parent | 242797aca93a2f8d1e1670a1eaeb5d8e5cd07a1d (diff) | |
download | samba-34722c72f687ad8a357656152aed9f6bafab1cad.tar.gz |
pam: share pam errors in a common location.
Guenther
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/ntlm/auth_unix.c | 2 | ||||
-rw-r--r-- | source4/auth/ntlm/pam_errors.c | 125 | ||||
-rw-r--r-- | source4/auth/ntlm/pam_errors.h | 34 | ||||
-rw-r--r-- | source4/auth/ntlm/wscript_build | 6 |
4 files changed, 1 insertions, 166 deletions
diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c index ba37e0a95ec..08759aba674 100644 --- a/source4/auth/ntlm/auth_unix.c +++ b/source4/auth/ntlm/auth_unix.c @@ -25,7 +25,7 @@ #include "system/passwd.h" /* needed by some systems for struct passwd */ #include "lib/socket/socket.h" #include "lib/tsocket/tsocket.h" -#include "auth/ntlm/pam_errors.h" +#include "../libcli/auth/pam_errors.h" #include "param/param.h" /* TODO: look at how to best fill in parms retrieveing a struct passwd info diff --git a/source4/auth/ntlm/pam_errors.c b/source4/auth/ntlm/pam_errors.c deleted file mode 100644 index 9774ad87275..00000000000 --- a/source4/auth/ntlm/pam_errors.c +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * PAM error mapping functions - * Copyright (C) Andrew Bartlett 2002 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#include "includes.h" - -#ifdef WITH_HAVE_SECURITY_PAM_APPL_H -#include <security/pam_appl.h> - -#if defined(PAM_AUTHTOK_RECOVERY_ERR) && !defined(PAM_AUTHTOK_RECOVER_ERR) -#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR -#endif - -/* PAM -> NT_STATUS map */ -static const struct { - int pam_code; - NTSTATUS ntstatus; -} pam_to_nt_status_map[] = { - {PAM_OPEN_ERR, NT_STATUS_UNSUCCESSFUL}, - {PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL}, - {PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL}, - {PAM_SYSTEM_ERR, NT_STATUS_UNSUCCESSFUL}, - {PAM_BUF_ERR, NT_STATUS_UNSUCCESSFUL}, - {PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED}, - {PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD}, - {PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME: Is this correct? */ - {PAM_AUTHINFO_UNAVAIL, NT_STATUS_LOGON_FAILURE}, - {PAM_USER_UNKNOWN, NT_STATUS_NO_SUCH_USER}, - {PAM_MAXTRIES, NT_STATUS_REMOTE_SESSION_LIMIT}, /* FIXME: Is this correct? */ - {PAM_NEW_AUTHTOK_REQD, NT_STATUS_PASSWORD_MUST_CHANGE}, - {PAM_ACCT_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED}, - {PAM_SESSION_ERR, NT_STATUS_INSUFFICIENT_RESOURCES}, - {PAM_CRED_UNAVAIL, NT_STATUS_NO_TOKEN}, /* FIXME: Is this correct? */ - {PAM_CRED_EXPIRED, NT_STATUS_PASSWORD_EXPIRED}, /* FIXME: Is this correct? */ - {PAM_CRED_ERR, NT_STATUS_UNSUCCESSFUL}, - {PAM_AUTHTOK_ERR, NT_STATUS_UNSUCCESSFUL}, -#ifdef PAM_AUTHTOK_RECOVER_ERR - {PAM_AUTHTOK_RECOVER_ERR, NT_STATUS_UNSUCCESSFUL}, -#endif - {PAM_AUTHTOK_EXPIRED, NT_STATUS_PASSWORD_EXPIRED}, - {PAM_SUCCESS, NT_STATUS_OK} -}; - -/* NT_STATUS -> PAM map */ -static const struct { - NTSTATUS ntstatus; - int pam_code; -} nt_status_to_pam_map[] = { - {NT_STATUS_UNSUCCESSFUL, PAM_SYSTEM_ERR}, - {NT_STATUS_NO_SUCH_USER, PAM_USER_UNKNOWN}, - {NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR}, - {NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR}, - {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED}, - {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED}, - {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD}, - {NT_STATUS_OK, PAM_SUCCESS} -}; - -/***************************************************************************** -convert a PAM error to a NT status32 code - *****************************************************************************/ -NTSTATUS pam_to_nt_status(int pam_error) -{ - int i; - if (pam_error == 0) return NT_STATUS_OK; - - for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) { - if (pam_error == pam_to_nt_status_map[i].pam_code) - return pam_to_nt_status_map[i].ntstatus; - } - return NT_STATUS_UNSUCCESSFUL; -} - -/***************************************************************************** -convert an NT status32 code to a PAM error - *****************************************************************************/ -int nt_status_to_pam(NTSTATUS nt_status) -{ - int i; - if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS; - - for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) { - if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus)) - return nt_status_to_pam_map[i].pam_code; - } - return PAM_SYSTEM_ERR; -} - -#else - -/***************************************************************************** -convert a PAM error to a NT status32 code - *****************************************************************************/ -NTSTATUS pam_to_nt_status(int pam_error) -{ - if (pam_error == 0) return NT_STATUS_OK; - return NT_STATUS_UNSUCCESSFUL; -} - -/***************************************************************************** -convert an NT status32 code to a PAM error - *****************************************************************************/ -int nt_status_to_pam(NTSTATUS nt_status) -{ - if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) return 0; - return 4; /* PAM_SYSTEM_ERR */ -} - -#endif - diff --git a/source4/auth/ntlm/pam_errors.h b/source4/auth/ntlm/pam_errors.h deleted file mode 100644 index 2dfe085b770..00000000000 --- a/source4/auth/ntlm/pam_errors.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * PAM error mapping functions - * Copyright (C) Andrew Bartlett 2002 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef __AUTH_NTLM_PAM_ERRORS_H__ -#define __AUTH_NTLM_PAM_ERRORS_H__ - -/***************************************************************************** -convert a PAM error to a NT status32 code - *****************************************************************************/ -NTSTATUS pam_to_nt_status(int pam_error); - -/***************************************************************************** -convert an NT status32 code to a PAM error - *****************************************************************************/ -int nt_status_to_pam(NTSTATUS nt_status); - -#endif /* __AUTH_NTLM_PAM_ERRORS_H__ */ - diff --git a/source4/auth/ntlm/wscript_build b/source4/auth/ntlm/wscript_build index 8063076b66b..b0f519f1c6b 100644 --- a/source4/auth/ntlm/wscript_build +++ b/source4/auth/ntlm/wscript_build @@ -48,12 +48,6 @@ bld.SAMBA_MODULE('auth_unix', ) -bld.SAMBA_SUBSYSTEM('PAM_ERRORS', - source='pam_errors.c', - deps='talloc' - ) - - bld.SAMBA_LIBRARY('auth', source='auth.c auth_util.c auth_simple.c', autoproto='auth_proto.h', |