diff options
| author | Jeremy Allison <jra@samba.org> | 2007-03-27 00:00:50 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:18:53 -0500 |
| commit | 3adeddcc4a948ec230db7ea4a6b0d3f1640ff3a6 (patch) | |
| tree | b86b4e19060203b81051e70e9da937c3efae60cf | |
| parent | f091c04392cec7c4f8f0185566b3560095b899c8 (diff) | |
| download | samba-3adeddcc4a948ec230db7ea4a6b0d3f1640ff3a6.tar.gz samba-3adeddcc4a948ec230db7ea4a6b0d3f1640ff3a6.tar.bz2 samba-3adeddcc4a948ec230db7ea4a6b0d3f1640ff3a6.zip | |
r21967: Add conversion from gss errors to nt status.
Jeremy
(This used to be commit 8ba138efd097b08dcfe98f99b67c77579babf250)
| -rw-r--r-- | source3/libads/ads_status.c | 11 | ||||
| -rw-r--r-- | source3/libsmb/errormap.c | 102 |
2 files changed, 112 insertions, 1 deletions
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c index d022e5b323..0e1a2d55d5 100644 --- a/source3/libads/ads_status.c +++ b/source3/libads/ads_status.c @@ -87,7 +87,7 @@ NTSTATUS ads_ntstatus(ADS_STATUS status) #endif #ifdef HAVE_GSSAPI case ENUM_ADS_ERROR_GSS: - return NT_STATUS_UNSUCCESSFUL; + return map_nt_error_from_gss(status.err.rc, status.minor_status); #endif default: break; @@ -145,5 +145,14 @@ const char *ads_errstr(ADS_STATUS status) default: return "Unknown ADS error type!? (not compiled in?)"; } +} +#ifdef HAVE_GSSAPI +NTSTATUS gss_err_to_ntstatus(OM_uint32 maj, OM_uint32 min) +{ + ADS_STATUS adss = ADS_ERROR_GSS(maj, min); + DEBUG(10,("gss_err_to_ntstatus: Error %s\n", + ads_errstr(adss) )); + return ads_ntstatus(adss); } +#endif diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c index cb5e8311ca..a78b0af81a 100644 --- a/source3/libsmb/errormap.c +++ b/source3/libsmb/errormap.c @@ -4,6 +4,7 @@ * Copyright (C) Andrew Tridgell 2001 * Copyright (C) Andrew Bartlett 2001 * Copyright (C) Tim Potter 2000 + * Copyright (C) Jeremy Allison 2007 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -1566,3 +1567,104 @@ NTSTATUS map_nt_error_from_unix(int unix_error) /* Default return */ return NT_STATUS_ACCESS_DENIED; } + +#if defined(HAVE_GSSAPI) +/******************************************************************************* + Map between gssapi errors and NT status. I made these up :-(. JRA. +*******************************************************************************/ + +static const struct { + unsigned long gss_err; + NTSTATUS ntstatus; +} gss_to_ntstatus_errormap[] = { +#if defined(GSS_S_CALL_INACCESSIBLE_READ) + {GSS_S_CALL_INACCESSIBLE_READ, NT_STATUS_INVALID_PARAMETER}, +#endif +#if defined(GSS_S_CALL_INACCESSIBLE_WRITE) + {GSS_S_CALL_INACCESSIBLE_WRITE, NT_STATUS_INVALID_PARAMETER}, +#endif +#if defined(GSS_S_CALL_BAD_STRUCTURE) + {GSS_S_CALL_BAD_STRUCTURE, NT_STATUS_INVALID_PARAMETER}, +#endif +#if defined(GSS_S_BAD_MECH) + {GSS_S_BAD_MECH, NT_STATUS_INVALID_PARAMETER}, +#endif +#if defined(GSS_S_BAD_NAME) + {GSS_S_BAD_NAME, NT_STATUS_INVALID_ACCOUNT_NAME}, +#endif +#if defined(GSS_S_BAD_NAMETYPE) + {GSS_S_BAD_NAMETYPE, NT_STATUS_INVALID_PARAMETER}, +#endif +#if defined(GSS_S_BAD_BINDINGS) + {GSS_S_BAD_BINDINGS, NT_STATUS_INVALID_PARAMETER}, +#endif +#if defined(GSS_S_BAD_STATUS) + {GSS_S_BAD_STATUS, NT_STATUS_UNSUCCESSFUL}, +#endif +#if defined(GSS_S_BAD_SIG) + {GSS_S_BAD_SIG, NT_STATUS_ACCESS_DENIED}, +#endif +#if defined(GSS_S_NO_CRED) + {GSS_S_NO_CRED, NT_STATUS_ACCESS_DENIED}, +#endif +#if defined(GSS_S_NO_CONTEXT) + {GSS_S_NO_CONTEXT, NT_STATUS_ACCESS_DENIED}, +#endif +#if defined(GSS_S_DEFECTIVE_TOKEN) + {GSS_S_DEFECTIVE_TOKEN, NT_STATUS_ACCESS_DENIED}, +#endif +#if defined(GSS_S_DEFECTIVE_CREDENTIAL) + {GSS_S_DEFECTIVE_CREDENTIAL, NT_STATUS_ACCESS_DENIED}, +#endif +#if defined(GSS_S_CREDENTIALS_EXPIRED) + {GSS_S_CREDENTIALS_EXPIRED, NT_STATUS_PASSWORD_EXPIRED}, +#endif +#if defined(GSS_S_CONTEXT_EXPIRED) + {GSS_S_CONTEXT_EXPIRED, NT_STATUS_PASSWORD_EXPIRED}, +#endif +#if defined(GSS_S_BAD_QOP) + {GSS_S_BAD_QOP, NT_STATUS_ACCESS_DENIED}, +#endif +#if defined(GSS_S_UNAUTHORIZED) + {GSS_S_UNAUTHORIZED, NT_STATUS_ACCESS_DENIED}, +#endif +#if defined(GSS_S_UNAVAILABLE) + {GSS_S_UNAVAILABLE, NT_STATUS_UNSUCCESSFUL}, +#endif +#if defined(GSS_S_BAD_NAMETYPE) + {GSS_S_DUPLICATE_ELEMENT, NT_STATUS_INVALID_PARAMETER}, +#endif +#if defined(GSS_S_BAD_NAMETYPE) + {GSS_S_NAME_NOT_MN, NT_STATUS_INVALID_PARAMETER}, +#endif + { 0, NT_STATUS_OK } +}; + +/********************************************************************* + Map an NT error code from a gssapi error code. +*********************************************************************/ + +NTSTATUS map_nt_error_from_gss(uint32 gss_maj, uint32 minor) +{ + int i = 0; + + if (gss_maj == GSS_S_COMPLETE) { + return NT_STATUS_OK; + } + + if (gss_maj == GSS_S_FAILURE) { + return map_nt_error_from_unix((int)minor); + } + + /* Look through list */ + while(gss_to_ntstatus_errormap[i].gss_err != 0) { + if (gss_to_ntstatus_errormap[i].gss_err == gss_maj) { + return gss_to_ntstatus_errormap[i].ntstatus; + } + i++; + } + + /* Default return */ + return NT_STATUS_ACCESS_DENIED; +} +#endif |