2
* Unix SMB/CIFS implementation.
3
* PAM error mapping functions
4
* Copyright (C) Andrew Bartlett 2002
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 3 of the License, or
9
* (at your option) any later version.
11
* This program is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, see <http://www.gnu.org/licenses/>.
21
#include "auth/ntlm/pam_errors.h"
23
#ifdef WITH_HAVE_SECURITY_PAM_APPL_H
24
#include <security/pam_appl.h>
26
#if defined(PAM_AUTHTOK_RECOVERY_ERR) && !defined(PAM_AUTHTOK_RECOVER_ERR)
27
#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
30
/* PAM -> NT_STATUS map */
34
} pam_to_nt_status_map[] = {
35
{PAM_OPEN_ERR, NT_STATUS_UNSUCCESSFUL},
36
{PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL},
37
{PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL},
38
{PAM_SYSTEM_ERR, NT_STATUS_UNSUCCESSFUL},
39
{PAM_BUF_ERR, NT_STATUS_UNSUCCESSFUL},
40
{PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED},
41
{PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD},
42
{PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME: Is this correct? */
43
{PAM_AUTHINFO_UNAVAIL, NT_STATUS_LOGON_FAILURE},
44
{PAM_USER_UNKNOWN, NT_STATUS_NO_SUCH_USER},
45
{PAM_MAXTRIES, NT_STATUS_REMOTE_SESSION_LIMIT}, /* FIXME: Is this correct? */
46
{PAM_NEW_AUTHTOK_REQD, NT_STATUS_PASSWORD_MUST_CHANGE},
47
{PAM_ACCT_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED},
48
{PAM_SESSION_ERR, NT_STATUS_INSUFFICIENT_RESOURCES},
49
{PAM_CRED_UNAVAIL, NT_STATUS_NO_TOKEN}, /* FIXME: Is this correct? */
50
{PAM_CRED_EXPIRED, NT_STATUS_PASSWORD_EXPIRED}, /* FIXME: Is this correct? */
51
{PAM_CRED_ERR, NT_STATUS_UNSUCCESSFUL},
52
{PAM_AUTHTOK_ERR, NT_STATUS_UNSUCCESSFUL},
53
#ifdef PAM_AUTHTOK_RECOVER_ERR
54
{PAM_AUTHTOK_RECOVER_ERR, NT_STATUS_UNSUCCESSFUL},
56
{PAM_AUTHTOK_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
57
{PAM_SUCCESS, NT_STATUS_OK}
60
/* NT_STATUS -> PAM map */
64
} nt_status_to_pam_map[] = {
65
{NT_STATUS_UNSUCCESSFUL, PAM_SYSTEM_ERR},
66
{NT_STATUS_NO_SUCH_USER, PAM_USER_UNKNOWN},
67
{NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
68
{NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
69
{NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
70
{NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
71
{NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
72
{NT_STATUS_OK, PAM_SUCCESS}
75
/*****************************************************************************
76
convert a PAM error to a NT status32 code
77
*****************************************************************************/
78
NTSTATUS pam_to_nt_status(int pam_error)
81
if (pam_error == 0) return NT_STATUS_OK;
83
for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) {
84
if (pam_error == pam_to_nt_status_map[i].pam_code)
85
return pam_to_nt_status_map[i].ntstatus;
87
return NT_STATUS_UNSUCCESSFUL;
90
/*****************************************************************************
91
convert an NT status32 code to a PAM error
92
*****************************************************************************/
93
int nt_status_to_pam(NTSTATUS nt_status)
96
if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS;
98
for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) {
99
if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus))
100
return nt_status_to_pam_map[i].pam_code;
102
return PAM_SYSTEM_ERR;
107
/*****************************************************************************
108
convert a PAM error to a NT status32 code
109
*****************************************************************************/
110
NTSTATUS pam_to_nt_status(int pam_error)
112
if (pam_error == 0) return NT_STATUS_OK;
113
return NT_STATUS_UNSUCCESSFUL;
116
/*****************************************************************************
117
convert an NT status32 code to a PAM error
118
*****************************************************************************/
119
int nt_status_to_pam(NTSTATUS nt_status)
121
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) return 0;
122
return 4; /* PAM_SYSTEM_ERR */