LCOV - code coverage report
Current view: top level - lib/krb5_wrap - krb5_errs.c (source / functions) Hit Total Coverage
Test: coverage report for master 70ed9daf Lines: 8 16 50.0 %
Date: 2024-01-11 09:59:51 Functions: 1 2 50.0 %

          Line data    Source code
       1             : /*
       2             :  *  Unix SMB/CIFS implementation.
       3             :  *  Kerberos error mapping functions
       4             :  *  Copyright (C) Guenther Deschner 2005
       5             :  *
       6             :  *  This program is free software; you can redistribute it and/or modify
       7             :  *  it under the terms of the GNU General Public License as published by
       8             :  *  the Free Software Foundation; either version 3 of the License, or
       9             :  *  (at your option) any later version.
      10             :  *
      11             :  *  This program is distributed in the hope that it will be useful,
      12             :  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14             :  *  GNU General Public License for more details.
      15             :  *
      16             :  *  You should have received a copy of the GNU General Public License
      17             :  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
      18             :  */
      19             : 
      20             : #include "includes.h"
      21             : #include "krb5_samba.h"
      22             : 
      23             : #ifdef HAVE_KRB5
      24             : 
      25             : static const struct {
      26             :         krb5_error_code krb5_code;
      27             :         NTSTATUS ntstatus;
      28             : } krb5_to_nt_status_map[] = {
      29             :         {KRB5_CC_IO, NT_STATUS_UNEXPECTED_IO_ERROR},
      30             :         {KRB5KDC_ERR_BADOPTION, NT_STATUS_INVALID_PARAMETER},
      31             :         {KRB5KDC_ERR_CLIENT_REVOKED, NT_STATUS_ACCOUNT_LOCKED_OUT},
      32             :         {KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, NT_STATUS_INVALID_ACCOUNT_NAME},
      33             :         {KRB5KDC_ERR_ETYPE_NOSUPP, NT_STATUS_LOGON_FAILURE},
      34             : #if defined(KRB5KDC_ERR_KEY_EXP) /* MIT */
      35             :         {KRB5KDC_ERR_KEY_EXP, NT_STATUS_PASSWORD_EXPIRED},
      36             : #else /* old Heimdal releases have it with different name only in an enum: */
      37             :         {KRB5KDC_ERR_KEY_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
      38             : #endif
      39             :         {25, NT_STATUS_PASSWORD_EXPIRED}, /* FIXME: bug in heimdal 0.7 krb5_get_init_creds_password (Inappropriate ioctl for device (25)) */
      40             :         {KRB5KDC_ERR_NULL_KEY, NT_STATUS_LOGON_FAILURE},
      41             :         {KRB5KDC_ERR_POLICY, NT_STATUS_INVALID_WORKSTATION},
      42             :         {KRB5KDC_ERR_PREAUTH_FAILED, NT_STATUS_LOGON_FAILURE},
      43             :         {KRB5KDC_ERR_SERVICE_REVOKED, NT_STATUS_ACCESS_DENIED},
      44             :         {KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, NT_STATUS_INVALID_COMPUTER_NAME},
      45             :         {KRB5KDC_ERR_SUMTYPE_NOSUPP, NT_STATUS_LOGON_FAILURE},
      46             :         {KRB5KDC_ERR_TGT_REVOKED, NT_STATUS_ACCESS_DENIED},
      47             :         {KRB5_KDC_UNREACH, NT_STATUS_NO_LOGON_SERVERS},
      48             :         {KRB5KRB_AP_ERR_BAD_INTEGRITY, NT_STATUS_LOGON_FAILURE},
      49             :         {KRB5KRB_AP_ERR_MODIFIED, NT_STATUS_LOGON_FAILURE},
      50             :         {KRB5KRB_AP_ERR_SKEW, NT_STATUS_TIME_DIFFERENCE_AT_DC},
      51             :         {KRB5_KDCREP_SKEW, NT_STATUS_TIME_DIFFERENCE_AT_DC},
      52             :         {KRB5KRB_AP_ERR_TKT_EXPIRED, NT_STATUS_LOGON_FAILURE},
      53             :         {KRB5KRB_ERR_GENERIC, NT_STATUS_UNSUCCESSFUL},
      54             : #if defined(KRB5KRB_ERR_RESPONSE_TOO_BIG)
      55             :         {KRB5KRB_ERR_RESPONSE_TOO_BIG, NT_STATUS_PROTOCOL_UNREACHABLE},
      56             : #endif
      57             :         {KRB5_CC_NOTFOUND, NT_STATUS_NO_SUCH_FILE},
      58             :         {KRB5_FCC_NOFILE, NT_STATUS_NO_SUCH_FILE},
      59             :         {KRB5_RC_MALLOC, NT_STATUS_NO_MEMORY},
      60             :         {ENOMEM, NT_STATUS_NO_MEMORY},
      61             :         {KRB5_REALM_CANT_RESOLVE, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND},
      62             :         {KRB5_REALM_UNKNOWN, NT_STATUS_NO_SUCH_DOMAIN},
      63             : 
      64             :         /* Must be last entry */
      65             :         {KRB5KDC_ERR_NONE, NT_STATUS_OK}
      66             : };
      67             : 
      68             : static const struct {
      69             :         NTSTATUS ntstatus;
      70             :         krb5_error_code krb5_code;
      71             : } nt_status_to_krb5_map[] = {
      72             :         {NT_STATUS_LOGON_FAILURE, KRB5KDC_ERR_PREAUTH_FAILED},
      73             :         {NT_STATUS_NO_LOGON_SERVERS, KRB5_KDC_UNREACH},
      74             :         {NT_STATUS_OK, 0}
      75             : };
      76             : 
      77             : /*****************************************************************************
      78             : convert a KRB5 error to a NT status32 code
      79             :  *****************************************************************************/
      80       30328 :  NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error)
      81             : {
      82        1170 :         int i;
      83             : 
      84       30328 :         if (kerberos_error == 0) {
      85       17414 :                 return NT_STATUS_OK;
      86             :         }
      87             : 
      88      275418 :         for (i=0; NT_STATUS_V(krb5_to_nt_status_map[i].ntstatus); i++) {
      89      275412 :                 if (kerberos_error == krb5_to_nt_status_map[i].krb5_code)
      90       12908 :                         return krb5_to_nt_status_map[i].ntstatus;
      91             :         }
      92             : 
      93           6 :         return NT_STATUS_UNSUCCESSFUL;
      94             : }
      95             : 
      96             : /*****************************************************************************
      97             : convert an NT status32 code to a KRB5 error
      98             :  *****************************************************************************/
      99           0 :  krb5_error_code nt_status_to_krb5(NTSTATUS nt_status)
     100             : {
     101           0 :         int i;
     102             : 
     103           0 :         if NT_STATUS_IS_OK(nt_status) {
     104           0 :                 return 0;
     105             :         }
     106             : 
     107           0 :         for (i=0; NT_STATUS_V(nt_status_to_krb5_map[i].ntstatus); i++) {
     108           0 :                 if (NT_STATUS_EQUAL(nt_status,nt_status_to_krb5_map[i].ntstatus))
     109           0 :                         return nt_status_to_krb5_map[i].krb5_code;
     110             :         }
     111             : 
     112           0 :         return KRB5KRB_ERR_GENERIC;
     113             : }
     114             : 
     115             : #endif

Generated by: LCOV version 1.14