summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-03-27 00:00:50 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:18:53 -0500
commit3adeddcc4a948ec230db7ea4a6b0d3f1640ff3a6 (patch)
treeb86b4e19060203b81051e70e9da937c3efae60cf
parentf091c04392cec7c4f8f0185566b3560095b899c8 (diff)
downloadsamba-3adeddcc4a948ec230db7ea4a6b0d3f1640ff3a6.tar.gz
samba-3adeddcc4a948ec230db7ea4a6b0d3f1640ff3a6.tar.bz2
samba-3adeddcc4a948ec230db7ea4a6b0d3f1640ff3a6.zip
r21967: Add conversion from gss errors to nt status.
Jeremy (This used to be commit 8ba138efd097b08dcfe98f99b67c77579babf250)
-rw-r--r--source3/libads/ads_status.c11
-rw-r--r--source3/libsmb/errormap.c102
2 files changed, 112 insertions, 1 deletions
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c
index d022e5b323..0e1a2d55d5 100644
--- a/source3/libads/ads_status.c
+++ b/source3/libads/ads_status.c
@@ -87,7 +87,7 @@ NTSTATUS ads_ntstatus(ADS_STATUS status)
#endif
#ifdef HAVE_GSSAPI
case ENUM_ADS_ERROR_GSS:
- return NT_STATUS_UNSUCCESSFUL;
+ return map_nt_error_from_gss(status.err.rc, status.minor_status);
#endif
default:
break;
@@ -145,5 +145,14 @@ const char *ads_errstr(ADS_STATUS status)
default:
return "Unknown ADS error type!? (not compiled in?)";
}
+}
+#ifdef HAVE_GSSAPI
+NTSTATUS gss_err_to_ntstatus(OM_uint32 maj, OM_uint32 min)
+{
+ ADS_STATUS adss = ADS_ERROR_GSS(maj, min);
+ DEBUG(10,("gss_err_to_ntstatus: Error %s\n",
+ ads_errstr(adss) ));
+ return ads_ntstatus(adss);
}
+#endif
diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c
index cb5e8311ca..a78b0af81a 100644
--- a/source3/libsmb/errormap.c
+++ b/source3/libsmb/errormap.c
@@ -4,6 +4,7 @@
* Copyright (C) Andrew Tridgell 2001
* Copyright (C) Andrew Bartlett 2001
* Copyright (C) Tim Potter 2000
+ * Copyright (C) Jeremy Allison 2007
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -1566,3 +1567,104 @@ NTSTATUS map_nt_error_from_unix(int unix_error)
/* Default return */
return NT_STATUS_ACCESS_DENIED;
}
+
+#if defined(HAVE_GSSAPI)
+/*******************************************************************************
+ Map between gssapi errors and NT status. I made these up :-(. JRA.
+*******************************************************************************/
+
+static const struct {
+ unsigned long gss_err;
+ NTSTATUS ntstatus;
+} gss_to_ntstatus_errormap[] = {
+#if defined(GSS_S_CALL_INACCESSIBLE_READ)
+ {GSS_S_CALL_INACCESSIBLE_READ, NT_STATUS_INVALID_PARAMETER},
+#endif
+#if defined(GSS_S_CALL_INACCESSIBLE_WRITE)
+ {GSS_S_CALL_INACCESSIBLE_WRITE, NT_STATUS_INVALID_PARAMETER},
+#endif
+#if defined(GSS_S_CALL_BAD_STRUCTURE)
+ {GSS_S_CALL_BAD_STRUCTURE, NT_STATUS_INVALID_PARAMETER},
+#endif
+#if defined(GSS_S_BAD_MECH)
+ {GSS_S_BAD_MECH, NT_STATUS_INVALID_PARAMETER},
+#endif
+#if defined(GSS_S_BAD_NAME)
+ {GSS_S_BAD_NAME, NT_STATUS_INVALID_ACCOUNT_NAME},
+#endif
+#if defined(GSS_S_BAD_NAMETYPE)
+ {GSS_S_BAD_NAMETYPE, NT_STATUS_INVALID_PARAMETER},
+#endif
+#if defined(GSS_S_BAD_BINDINGS)
+ {GSS_S_BAD_BINDINGS, NT_STATUS_INVALID_PARAMETER},
+#endif
+#if defined(GSS_S_BAD_STATUS)
+ {GSS_S_BAD_STATUS, NT_STATUS_UNSUCCESSFUL},
+#endif
+#if defined(GSS_S_BAD_SIG)
+ {GSS_S_BAD_SIG, NT_STATUS_ACCESS_DENIED},
+#endif
+#if defined(GSS_S_NO_CRED)
+ {GSS_S_NO_CRED, NT_STATUS_ACCESS_DENIED},
+#endif
+#if defined(GSS_S_NO_CONTEXT)
+ {GSS_S_NO_CONTEXT, NT_STATUS_ACCESS_DENIED},
+#endif
+#if defined(GSS_S_DEFECTIVE_TOKEN)
+ {GSS_S_DEFECTIVE_TOKEN, NT_STATUS_ACCESS_DENIED},
+#endif
+#if defined(GSS_S_DEFECTIVE_CREDENTIAL)
+ {GSS_S_DEFECTIVE_CREDENTIAL, NT_STATUS_ACCESS_DENIED},
+#endif
+#if defined(GSS_S_CREDENTIALS_EXPIRED)
+ {GSS_S_CREDENTIALS_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
+#endif
+#if defined(GSS_S_CONTEXT_EXPIRED)
+ {GSS_S_CONTEXT_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
+#endif
+#if defined(GSS_S_BAD_QOP)
+ {GSS_S_BAD_QOP, NT_STATUS_ACCESS_DENIED},
+#endif
+#if defined(GSS_S_UNAUTHORIZED)
+ {GSS_S_UNAUTHORIZED, NT_STATUS_ACCESS_DENIED},
+#endif
+#if defined(GSS_S_UNAVAILABLE)
+ {GSS_S_UNAVAILABLE, NT_STATUS_UNSUCCESSFUL},
+#endif
+#if defined(GSS_S_BAD_NAMETYPE)
+ {GSS_S_DUPLICATE_ELEMENT, NT_STATUS_INVALID_PARAMETER},
+#endif
+#if defined(GSS_S_BAD_NAMETYPE)
+ {GSS_S_NAME_NOT_MN, NT_STATUS_INVALID_PARAMETER},
+#endif
+ { 0, NT_STATUS_OK }
+};
+
+/*********************************************************************
+ Map an NT error code from a gssapi error code.
+*********************************************************************/
+
+NTSTATUS map_nt_error_from_gss(uint32 gss_maj, uint32 minor)
+{
+ int i = 0;
+
+ if (gss_maj == GSS_S_COMPLETE) {
+ return NT_STATUS_OK;
+ }
+
+ if (gss_maj == GSS_S_FAILURE) {
+ return map_nt_error_from_unix((int)minor);
+ }
+
+ /* Look through list */
+ while(gss_to_ntstatus_errormap[i].gss_err != 0) {
+ if (gss_to_ntstatus_errormap[i].gss_err == gss_maj) {
+ return gss_to_ntstatus_errormap[i].ntstatus;
+ }
+ i++;
+ }
+
+ /* Default return */
+ return NT_STATUS_ACCESS_DENIED;
+}
+#endif