2
* Unix SMB/CIFS implementation.
3
* PAM error mapping functions
4
* Copyright (C) Andrew Bartlett 2002
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 3 of the License, or
9
* (at your option) any later version.
11
* This program is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, see <http://www.gnu.org/licenses/>.
21
#include "../libcli/auth/pam_errors.h"
24
#if defined(HAVE_SECURITY_PAM_APPL_H)
25
#include <security/pam_appl.h>
26
#elif defined(HAVE_PAM_PAM_APPL_H)
27
#include <pam/pam_appl.h>
30
#if defined(PAM_AUTHTOK_RECOVERY_ERR) && !defined(PAM_AUTHTOK_RECOVER_ERR)
31
#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
34
/* PAM -> NT_STATUS map */
38
} pam_to_nt_status_map[] = {
39
{PAM_OPEN_ERR, NT_STATUS_UNSUCCESSFUL},
40
{PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL},
41
{PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL},
42
{PAM_SYSTEM_ERR, NT_STATUS_UNSUCCESSFUL},
43
{PAM_BUF_ERR, NT_STATUS_NO_MEMORY},
44
{PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED},
45
{PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD},
46
{PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME: Is this correct? */
47
{PAM_AUTHINFO_UNAVAIL, NT_STATUS_LOGON_FAILURE},
48
{PAM_USER_UNKNOWN, NT_STATUS_NO_SUCH_USER},
49
{PAM_MAXTRIES, NT_STATUS_REMOTE_SESSION_LIMIT}, /* FIXME: Is this correct? */
50
{PAM_NEW_AUTHTOK_REQD, NT_STATUS_PASSWORD_MUST_CHANGE},
51
{PAM_ACCT_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED},
52
{PAM_SESSION_ERR, NT_STATUS_INSUFFICIENT_RESOURCES},
53
{PAM_CRED_UNAVAIL, NT_STATUS_NO_TOKEN}, /* FIXME: Is this correct? */
54
{PAM_CRED_EXPIRED, NT_STATUS_PASSWORD_EXPIRED}, /* FIXME: Is this correct? */
55
{PAM_CRED_ERR, NT_STATUS_UNSUCCESSFUL},
56
{PAM_AUTHTOK_ERR, NT_STATUS_UNSUCCESSFUL},
57
#ifdef PAM_AUTHTOK_RECOVER_ERR
58
{PAM_AUTHTOK_RECOVER_ERR, NT_STATUS_UNSUCCESSFUL},
60
{PAM_AUTHTOK_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
61
{PAM_SUCCESS, NT_STATUS_OK}
64
/* NT_STATUS -> PAM map */
68
} nt_status_to_pam_map[] = {
69
{NT_STATUS_UNSUCCESSFUL, PAM_SYSTEM_ERR},
70
{NT_STATUS_NO_SUCH_USER, PAM_USER_UNKNOWN},
71
{NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
72
{NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
73
{NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
74
{NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
75
{NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
76
{NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
77
{NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
78
{NT_STATUS_PASSWORD_RESTRICTION, PAM_PERM_DENIED},
79
{NT_STATUS_BACKUP_CONTROLLER, PAM_AUTHINFO_UNAVAIL},
80
{NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM_AUTHINFO_UNAVAIL},
81
{NT_STATUS_NO_LOGON_SERVERS, PAM_AUTHINFO_UNAVAIL},
82
{NT_STATUS_INVALID_WORKSTATION, PAM_PERM_DENIED},
83
{NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
84
{NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
85
{NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
86
{NT_STATUS_OK, PAM_SUCCESS}
89
/*****************************************************************************
90
convert a PAM error to a NT status32 code
91
*****************************************************************************/
92
NTSTATUS pam_to_nt_status(int pam_error)
95
if (pam_error == 0) return NT_STATUS_OK;
97
for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) {
98
if (pam_error == pam_to_nt_status_map[i].pam_code)
99
return pam_to_nt_status_map[i].ntstatus;
101
return NT_STATUS_UNSUCCESSFUL;
104
/*****************************************************************************
105
convert an NT status32 code to a PAM error
106
*****************************************************************************/
107
int nt_status_to_pam(NTSTATUS nt_status)
110
if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS;
112
for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) {
113
if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus))
114
return nt_status_to_pam_map[i].pam_code;
116
return PAM_SYSTEM_ERR;
121
/*****************************************************************************
122
convert a PAM error to a NT status32 code
123
*****************************************************************************/
124
NTSTATUS pam_to_nt_status(int pam_error)
126
if (pam_error == 0) return NT_STATUS_OK;
127
return NT_STATUS_UNSUCCESSFUL;
130
/*****************************************************************************
131
convert an NT status32 code to a PAM error
132
*****************************************************************************/
133
int nt_status_to_pam(NTSTATUS nt_status)
135
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) return 0;
136
return 4; /* PAM_SYSTEM_ERR */