From 34722c72f687ad8a357656152aed9f6bafab1cad Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 8 Feb 2011 10:45:39 +0100
Subject: pam: share pam errors in a common location.

Guenther
---
 source3/Makefile.in               |  10 +--
 source3/auth/pampass.c            |   1 +
 source3/include/proto.h           |   7 --
 source3/lib/pam_errors.c          | 139 --------------------------------------
 source3/pam_smbpass/general.h     |   1 +
 source3/pam_smbpass/wscript_build |   2 +-
 source3/winbindd/winbindd_util.c  |   1 +
 source3/wscript_build             |   5 +-
 8 files changed, 13 insertions(+), 153 deletions(-)
 delete mode 100644 source3/lib/pam_errors.c

(limited to 'source3')

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 27de07eb0b..2055a6e8dc 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -457,7 +457,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
 	  lib/ms_fnmatch.o lib/errmap_unix.o \
 	  lib/tallocmsg.o lib/dmallocmsg.o \
 	  libsmb/clisigning.o libsmb/smb_signing.o \
-	  lib/iconv.o lib/pam_errors.o intl/lang_tdb.o \
+	  lib/iconv.o intl/lang_tdb.o \
 	  lib/conn_tdb.o lib/adt_tree.o lib/gencache.o \
 	  lib/sessionid_tdb.o \
 	  lib/module.o lib/events.o @LIBTEVENT_OBJ0@ \
@@ -838,7 +838,8 @@ VFS_CROSSRENAME_OBJ = modules/vfs_crossrename.o
 VFS_LINUX_XFS_SGID_OBJ = modules/vfs_linux_xfs_sgid.o
 VFS_TIME_AUDIT_OBJ = modules/vfs_time_audit.o
 
-PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
+PAM_ERRORS_OBJ = ../libcli/auth/pam_errors.o
+PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o $(PAM_ERRORS_OBJ)
 
 SLCACHE_OBJ = libsmb/samlogon_cache.o
 
@@ -1294,7 +1295,7 @@ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
 		pam_smbpass/pam_smb_acct.o pam_smbpass/support.o ../lib/util/asn1.o
 PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
 		$(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
-		$(LIBTSOCKET_OBJ)
+		$(LIBTSOCKET_OBJ) $(PAM_ERRORS_OBJ)
 
 IDMAP_RW_OBJ = winbindd/idmap_rw.o
 
@@ -1427,7 +1428,8 @@ WINBINDD_OBJ = \
 		$(LIBCLI_SAMR_OBJ) \
 		$(LIBCLI_NETLOGON_OBJ) \
 		rpc_client/init_netlogon.o \
-		rpc_client/init_samr.o
+		rpc_client/init_samr.o \
+		$(PAM_ERRORS_OBJ)
 
 WBINFO_OBJ = ../nsswitch/wbinfo.o $(LIBSAMBA_OBJ) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
 		$(POPT_LIB_OBJ) $(AFS_SETTOKEN_OBJ) \
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index dfeeb22588..a4f136c5b8 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -27,6 +27,7 @@
  */
 
 #include "includes.h"
+#include "../libcli/auth/pam_errors.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
diff --git a/source3/include/proto.h b/source3/include/proto.h
index a50917762f..2f2c62747d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -608,13 +608,6 @@ int ms_fnmatch(const char *pattern, const char *string, bool translate_pattern,
 	       bool is_case_sensitive);
 int gen_fnmatch(const char *pattern, const char *string);
 
-/* The following definitions come from lib/pam_errors.c  */
-
-NTSTATUS pam_to_nt_status(int pam_error);
-int nt_status_to_pam(NTSTATUS nt_status);
-NTSTATUS pam_to_nt_status(int pam_error);
-int nt_status_to_pam(NTSTATUS nt_status);
-
 /* The following definitions come from lib/pidfile.c  */
 
 pid_t pidfile_pid(const char *name);
diff --git a/source3/lib/pam_errors.c b/source3/lib/pam_errors.c
deleted file mode 100644
index e55d7a0415..0000000000
--- a/source3/lib/pam_errors.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  PAM error mapping functions
- *  Copyright (C) Andrew Bartlett 2002
- *  
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "includes.h"
-
-#ifdef WITH_PAM
-#if defined(HAVE_SECURITY_PAM_APPL_H)
-#include <security/pam_appl.h>
-#elif defined(HAVE_PAM_PAM_APPL_H)
-#include <pam/pam_appl.h>
-#endif
-
-#if defined(PAM_AUTHTOK_RECOVERY_ERR) && !defined(PAM_AUTHTOK_RECOVER_ERR)
-#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
-#endif	
-
-/* PAM -> NT_STATUS map */
-static const struct {
-	int pam_code;
-	NTSTATUS ntstatus;
-} pam_to_nt_status_map[] = {
-	{PAM_OPEN_ERR, NT_STATUS_UNSUCCESSFUL},
-	{PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL},
-	{PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL},
-	{PAM_SYSTEM_ERR,  NT_STATUS_UNSUCCESSFUL},
-	{PAM_BUF_ERR, NT_STATUS_NO_MEMORY},
-	{PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED},
-	{PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD},
-	{PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME:  Is this correct? */
-	{PAM_AUTHINFO_UNAVAIL, NT_STATUS_LOGON_FAILURE},
-	{PAM_USER_UNKNOWN, NT_STATUS_NO_SUCH_USER},
-	{PAM_MAXTRIES, NT_STATUS_REMOTE_SESSION_LIMIT}, /* FIXME:  Is this correct? */
-	{PAM_NEW_AUTHTOK_REQD, NT_STATUS_PASSWORD_MUST_CHANGE},
-	{PAM_ACCT_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED},
-	{PAM_SESSION_ERR, NT_STATUS_INSUFFICIENT_RESOURCES},
-	{PAM_CRED_UNAVAIL, NT_STATUS_NO_TOKEN},  /* FIXME:  Is this correct? */
-	{PAM_CRED_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},  /* FIXME:  Is this correct? */
-	{PAM_CRED_ERR, NT_STATUS_UNSUCCESSFUL},
-	{PAM_AUTHTOK_ERR, NT_STATUS_UNSUCCESSFUL},
-#ifdef PAM_AUTHTOK_RECOVER_ERR
-	{PAM_AUTHTOK_RECOVER_ERR, NT_STATUS_UNSUCCESSFUL},
-#endif
-	{PAM_AUTHTOK_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
-	{PAM_SUCCESS, NT_STATUS_OK}
-};
-
-/* NT_STATUS -> PAM map */
-static const struct {
-	NTSTATUS ntstatus;
-	int pam_code;
-} nt_status_to_pam_map[] = {
-	{NT_STATUS_UNSUCCESSFUL, PAM_SYSTEM_ERR},
-	{NT_STATUS_NO_SUCH_USER, PAM_USER_UNKNOWN},
-	{NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
-	{NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
-	{NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
-	{NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
-	{NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
-	{NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
-	{NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
-	{NT_STATUS_PASSWORD_RESTRICTION, PAM_PERM_DENIED},
-	{NT_STATUS_BACKUP_CONTROLLER, PAM_AUTHINFO_UNAVAIL},
-	{NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM_AUTHINFO_UNAVAIL},
-	{NT_STATUS_NO_LOGON_SERVERS, PAM_AUTHINFO_UNAVAIL},
-	{NT_STATUS_INVALID_WORKSTATION, PAM_PERM_DENIED},
-	{NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
-	{NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
-	{NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
-	{NT_STATUS_OK, PAM_SUCCESS}
-};
-
-/*****************************************************************************
-convert a PAM error to a NT status32 code
- *****************************************************************************/
-NTSTATUS pam_to_nt_status(int pam_error)
-{
-	int i;
-	if (pam_error == 0) return NT_STATUS_OK;
-
-	for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) {
-		if (pam_error == pam_to_nt_status_map[i].pam_code)
-			return pam_to_nt_status_map[i].ntstatus;
-	}
-	return NT_STATUS_UNSUCCESSFUL;
-}
-
-/*****************************************************************************
-convert an NT status32 code to a PAM error
- *****************************************************************************/
-int nt_status_to_pam(NTSTATUS nt_status)
-{
-	int i;
-	if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS;
-
-	for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) {
-		if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus))
-			return nt_status_to_pam_map[i].pam_code;
-	}
-	return PAM_SYSTEM_ERR;
-}
-
-#else 
-
-/*****************************************************************************
-convert a PAM error to a NT status32 code
- *****************************************************************************/
-NTSTATUS pam_to_nt_status(int pam_error)
-{
-	if (pam_error == 0) return NT_STATUS_OK;
-	return NT_STATUS_UNSUCCESSFUL;
-}
-
-/*****************************************************************************
-convert an NT status32 code to a PAM error
- *****************************************************************************/
-int nt_status_to_pam(NTSTATUS nt_status)
-{
-	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) return 0;
-	return 4; /* PAM_SYSTEM_ERR */
-}
-
-#endif
-
diff --git a/source3/pam_smbpass/general.h b/source3/pam_smbpass/general.h
index f6b3e672ae..74bd870bc5 100644
--- a/source3/pam_smbpass/general.h
+++ b/source3/pam_smbpass/general.h
@@ -1,4 +1,5 @@
 #include "../librpc/gen_ndr/samr.h"
+#include "../libcli/auth/pam_errors.h"
 
 #ifndef LINUX
 /* This is only needed by modules in the Sun implementation. */
diff --git a/source3/pam_smbpass/wscript_build b/source3/pam_smbpass/wscript_build
index 1a43bcea71..2eaee2ea98 100644
--- a/source3/pam_smbpass/wscript_build
+++ b/source3/pam_smbpass/wscript_build
@@ -6,7 +6,7 @@ if bld.CONFIG_SET('WITH_PAM_MODULES'):
                   pam_smb_passwd.c
                   pam_smb_acct.c
                   support.c''',
-        deps='''tdb talloc pam wbclient cap ASN1_UTIL PARAM LIB_NONSMBD PASSDB GROUPDB SMBLDAP
+        deps='''tdb talloc pam PAM_ERRORS wbclient cap ASN1_UTIL PARAM LIB_NONSMBD PASSDB GROUPDB SMBLDAP
                 LIBSAMBA LIBTSOCKET''',
         cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR,
         realname='pam_smbpass.so',
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 58cec444aa..e87f25e18f 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -24,6 +24,7 @@
 #include "winbindd.h"
 #include "secrets.h"
 #include "../libcli/security/security.h"
+#include "../libcli/auth/pam_errors.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
diff --git a/source3/wscript_build b/source3/wscript_build
index a799e1ac8a..35e45d758c 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -101,7 +101,7 @@ LIB_SRC = '''${LIBSAMBAUTIL_SRC}
           lib/ms_fnmatch.c lib/errmap_unix.c
           lib/tallocmsg.c lib/dmallocmsg.c
           libsmb/clisigning.c libsmb/smb_signing.c
-          lib/pam_errors.c intl/lang_tdb.c
+          intl/lang_tdb.c
           lib/conn_tdb.c lib/adt_tree.c lib/gencache.c
           lib/sessionid_tdb.c
           lib/module.c lib/events.c ${LIBTEVENT_SRC0}
@@ -995,7 +995,7 @@ bld.SAMBA_SUBSYSTEM('SERVICES',
 
 bld.SAMBA_SUBSYSTEM('PLAINTEXT_AUTH',
                     source=PLAINTEXT_AUTH_SRC,
-                    deps='pam',
+                    deps='pam PAM_ERRORS',
                     vars=locals())
 
 bld.SAMBA_SUBSYSTEM('PASSCHANGE',
@@ -1133,6 +1133,7 @@ bld.SAMBA_BINARY('winbindd/winbindd',
                  LIBCLI_SAMR LIBCLI_LSA LIBRPCCLI_NETLOGON
                  RPC_NDR_DSSETUP NAMED_PIPE_AUTH_TSTREAM INIT_NETLOGON
                  RPC_NCACN_NP RPC_PIPE_REGISTER RPC_SAMR RPC_LSARPC
+                 PAM_ERRORS
                  ''',
                  enabled=bld.env.build_winbind,
                  install_path='${SBINDIR}',
-- 
cgit