Line data Source code
1 : /*
2 : * Unix SMB/CIFS implementation.
3 : * PAM error mapping functions
4 : * Copyright (C) Andrew Bartlett 2002
5 : *
6 : * This program is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU General Public License as published by
8 : * the Free Software Foundation; either version 3 of the License, or
9 : * (at your option) any later version.
10 : *
11 : * This program is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU General Public License
17 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "../libcli/auth/pam_errors.h"
22 :
23 : #ifdef WITH_PAM
24 : #if defined(HAVE_SECURITY_PAM_APPL_H)
25 : #include <security/pam_appl.h>
26 : #elif defined(HAVE_PAM_PAM_APPL_H)
27 : #include <pam/pam_appl.h>
28 : #endif
29 :
30 : #if defined(PAM_AUTHTOK_RECOVERY_ERR) && !defined(PAM_AUTHTOK_RECOVER_ERR)
31 : #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
32 : #endif
33 :
34 : /* PAM -> NT_STATUS map */
35 : static const struct {
36 : int pam_code;
37 : NTSTATUS ntstatus;
38 : } pam_to_nt_status_map[] = {
39 : {PAM_OPEN_ERR, NT_STATUS_UNSUCCESSFUL},
40 : {PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL},
41 : {PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL},
42 : {PAM_SYSTEM_ERR, NT_STATUS_UNSUCCESSFUL},
43 : {PAM_BUF_ERR, NT_STATUS_NO_MEMORY},
44 : {PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED},
45 : {PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD},
46 : {PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME: Is this correct? */
47 : {PAM_AUTHINFO_UNAVAIL, NT_STATUS_LOGON_FAILURE},
48 : {PAM_USER_UNKNOWN, NT_STATUS_NO_SUCH_USER},
49 : {PAM_MAXTRIES, NT_STATUS_REMOTE_SESSION_LIMIT}, /* FIXME: Is this correct? */
50 : {PAM_NEW_AUTHTOK_REQD, NT_STATUS_PASSWORD_MUST_CHANGE},
51 : {PAM_ACCT_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED},
52 : {PAM_SESSION_ERR, NT_STATUS_INSUFFICIENT_RESOURCES},
53 : {PAM_CRED_UNAVAIL, NT_STATUS_NO_TOKEN}, /* FIXME: Is this correct? */
54 : {PAM_CRED_EXPIRED, NT_STATUS_PASSWORD_EXPIRED}, /* FIXME: Is this correct? */
55 : {PAM_CRED_ERR, NT_STATUS_UNSUCCESSFUL},
56 : {PAM_AUTHTOK_ERR, NT_STATUS_UNSUCCESSFUL},
57 : #ifdef PAM_AUTHTOK_RECOVER_ERR
58 : {PAM_AUTHTOK_RECOVER_ERR, NT_STATUS_UNSUCCESSFUL},
59 : #endif
60 : {PAM_AUTHTOK_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
61 : {PAM_SUCCESS, NT_STATUS_OK}
62 : };
63 :
64 : /* NT_STATUS -> PAM map */
65 : static const struct {
66 : NTSTATUS ntstatus;
67 : int pam_code;
68 : } nt_status_to_pam_map[] = {
69 : {NT_STATUS_UNSUCCESSFUL, PAM_SYSTEM_ERR},
70 : {NT_STATUS_NO_SUCH_USER, PAM_USER_UNKNOWN},
71 : {NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
72 : {NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
73 : {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
74 : {NT_STATUS_ACCOUNT_DISABLED, PAM_ACCT_EXPIRED},
75 : {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
76 : {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
77 : {NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
78 : {NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
79 : {NT_STATUS_PASSWORD_RESTRICTION, PAM_AUTHTOK_ERR},
80 : {NT_STATUS_PWD_HISTORY_CONFLICT, PAM_AUTHTOK_ERR},
81 : {NT_STATUS_PWD_TOO_RECENT, PAM_AUTHTOK_ERR},
82 : {NT_STATUS_PWD_TOO_SHORT, PAM_AUTHTOK_ERR},
83 : {NT_STATUS_BACKUP_CONTROLLER, PAM_AUTHINFO_UNAVAIL},
84 : {NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM_AUTHINFO_UNAVAIL},
85 : {NT_STATUS_NO_LOGON_SERVERS, PAM_AUTHINFO_UNAVAIL},
86 : {NT_STATUS_INVALID_WORKSTATION, PAM_PERM_DENIED},
87 : {NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
88 : {NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
89 : {NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
90 : {NT_STATUS_OK, PAM_SUCCESS}
91 : };
92 :
93 : /*****************************************************************************
94 : convert a PAM error to a NT status32 code
95 : *****************************************************************************/
96 0 : NTSTATUS pam_to_nt_status(int pam_error)
97 : {
98 0 : int i;
99 0 : if (pam_error == 0) return NT_STATUS_OK;
100 :
101 0 : for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) {
102 0 : if (pam_error == pam_to_nt_status_map[i].pam_code)
103 0 : return pam_to_nt_status_map[i].ntstatus;
104 : }
105 0 : return NT_STATUS_UNSUCCESSFUL;
106 : }
107 :
108 : /*****************************************************************************
109 : convert an NT status32 code to a PAM error
110 : *****************************************************************************/
111 4309 : int nt_status_to_pam(NTSTATUS nt_status)
112 : {
113 0 : int i;
114 4309 : if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS;
115 :
116 6104 : for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) {
117 6098 : if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus))
118 2875 : return nt_status_to_pam_map[i].pam_code;
119 : }
120 6 : return PAM_SYSTEM_ERR;
121 : }
122 :
123 : #else
124 :
125 : /*****************************************************************************
126 : convert a PAM error to a NT status32 code
127 : *****************************************************************************/
128 : NTSTATUS pam_to_nt_status(int pam_error)
129 : {
130 : if (pam_error == 0) return NT_STATUS_OK;
131 : return NT_STATUS_UNSUCCESSFUL;
132 : }
133 :
134 : /*****************************************************************************
135 : convert an NT status32 code to a PAM error
136 : *****************************************************************************/
137 : int nt_status_to_pam(NTSTATUS nt_status)
138 : {
139 : if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) return 0;
140 : return 4; /* PAM_SYSTEM_ERR */
141 : }
142 :
143 : #endif
|
