diff options
-rw-r--r-- | source3/libads/ads_status.c | 35 | ||||
-rw-r--r-- | source3/libsmb/errormap.c | 37 |
2 files changed, 54 insertions, 18 deletions
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c index 5a4165c2f9..00427936ad 100644 --- a/source3/libads/ads_status.c +++ b/source3/libads/ads_status.c @@ -69,30 +69,29 @@ ADS_STATUS ads_build_nt_error(enum ads_error_type etype, */ NTSTATUS ads_ntstatus(ADS_STATUS status) { - if (status.error_type == ENUM_ADS_ERROR_NT){ + switch (status.error_type) { + case ENUM_ADS_ERROR_NT: return status.err.nt_status; - } - if (status.error_type == ENUM_ADS_ERROR_SYSTEM) { + case ENUM_ADS_ERROR_SYSTEM: return map_nt_error_from_unix(status.err.rc); - } #ifdef HAVE_LDAP - if ((status.error_type == ENUM_ADS_ERROR_LDAP) - && (status.err.rc == LDAP_NO_MEMORY)) { - return NT_STATUS_NO_MEMORY; - } + case ENUM_ADS_ERROR_LDAP: + if (status.err.rc == LDAP_NO_MEMORY) { + return NT_STATUS_NO_MEMORY; + } + break; #endif #ifdef HAVE_KRB5 - if (status.error_type == ENUM_ADS_ERROR_KRB5) { - if (status.err.rc == KRB5KDC_ERR_PREAUTH_FAILED) { - return NT_STATUS_LOGON_FAILURE; - } else if (status.err.rc == KRB5_KDC_UNREACH) { - return NT_STATUS_NO_LOGON_SERVERS; - } else if (status.err.rc == KRB5KRB_AP_ERR_SKEW) { - return NT_STATUS_TIME_DIFFERENCE_AT_DC; - } - } + case ENUM_ADS_ERROR_KRB5: + return krb5_to_ntstatus(status.err.rc); #endif - if (ADS_ERR_OK(status)) return NT_STATUS_OK; + default: + break; + } + + if (ADS_ERR_OK(status)) { + return NT_STATUS_OK; + } return NT_STATUS_UNSUCCESSFUL; } diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c index cb5e8311ca..7758246929 100644 --- a/source3/libsmb/errormap.c +++ b/source3/libsmb/errormap.c @@ -1566,3 +1566,40 @@ NTSTATUS map_nt_error_from_unix(int unix_error) /* Default return */ return NT_STATUS_ACCESS_DENIED; } + +#ifdef HAVE_KRB5 +/********************************************************************* + Map a krb5 error code to an NT error code +*********************************************************************/ + +struct krb5_error_map { + int krb5_error; + NTSTATUS nt_error; +}; + +const struct krb5_error_map krb5_nt_errmap[] = { + { KRB5KDC_ERR_PREAUTH_FAILED, NT_STATUS_LOGON_FAILURE }, + { KRB5_KDC_UNREACH, NT_STATUS_NO_LOGON_SERVERS }, + { KRB5KRB_AP_ERR_SKEW, NT_STATUS_TIME_DIFFERENCE_AT_DC }, + /* not sure if this mapping is appropriate */ + { KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, NT_STATUS_NO_TRUST_SAM_ACCOUNT }, + { KRB5KDC_ERR_NONE, NT_STATUS_OK }, + /* end of array flag - not used as error code... */ + { 0, NT_STATUS_OK } +}; + +NTSTATUS krb5_to_ntstatus(int error) +{ + int i = 0; + + while (krb5_nt_errmap[i].krb5_error != 0) { + if (krb5_nt_errmap[i].krb5_error == error) { + return krb5_nt_errmap[i].nt_error; + } + i++; + } + + return NT_STATUS_ACCESS_DENIED; +} +#endif + |