00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021 #include "includes.h"
00022
00023 #ifdef WITH_PAM
00024 #include <security/pam_appl.h>
00025
00026 #if defined(PAM_AUTHTOK_RECOVERY_ERR) && !defined(PAM_AUTHTOK_RECOVER_ERR)
00027 #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
00028 #endif
00029
00030
00031 static const struct {
00032 int pam_code;
00033 NTSTATUS ntstatus;
00034 } pam_to_nt_status_map[] = {
00035 {PAM_OPEN_ERR, NT_STATUS_UNSUCCESSFUL},
00036 {PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL},
00037 {PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL},
00038 {PAM_SYSTEM_ERR, NT_STATUS_UNSUCCESSFUL},
00039 {PAM_BUF_ERR, NT_STATUS_NO_MEMORY},
00040 {PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED},
00041 {PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD},
00042 {PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO},
00043 {PAM_AUTHINFO_UNAVAIL, NT_STATUS_LOGON_FAILURE},
00044 {PAM_USER_UNKNOWN, NT_STATUS_NO_SUCH_USER},
00045 {PAM_MAXTRIES, NT_STATUS_REMOTE_SESSION_LIMIT},
00046 {PAM_NEW_AUTHTOK_REQD, NT_STATUS_PASSWORD_MUST_CHANGE},
00047 {PAM_ACCT_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED},
00048 {PAM_SESSION_ERR, NT_STATUS_INSUFFICIENT_RESOURCES},
00049 {PAM_CRED_UNAVAIL, NT_STATUS_NO_TOKEN},
00050 {PAM_CRED_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
00051 {PAM_CRED_ERR, NT_STATUS_UNSUCCESSFUL},
00052 {PAM_AUTHTOK_ERR, NT_STATUS_UNSUCCESSFUL},
00053 #ifdef PAM_AUTHTOK_RECOVER_ERR
00054 {PAM_AUTHTOK_RECOVER_ERR, NT_STATUS_UNSUCCESSFUL},
00055 #endif
00056 {PAM_AUTHTOK_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
00057 {PAM_SUCCESS, NT_STATUS_OK}
00058 };
00059
00060
00061 static const struct {
00062 NTSTATUS ntstatus;
00063 int pam_code;
00064 } nt_status_to_pam_map[] = {
00065 {NT_STATUS_UNSUCCESSFUL, PAM_SYSTEM_ERR},
00066 {NT_STATUS_NO_SUCH_USER, PAM_USER_UNKNOWN},
00067 {NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
00068 {NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
00069 {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
00070 {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
00071 {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
00072 {NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
00073 {NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
00074 {NT_STATUS_PASSWORD_RESTRICTION, PAM_PERM_DENIED},
00075 {NT_STATUS_BACKUP_CONTROLLER, PAM_AUTHINFO_UNAVAIL},
00076 {NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM_AUTHINFO_UNAVAIL},
00077 {NT_STATUS_NO_LOGON_SERVERS, PAM_AUTHINFO_UNAVAIL},
00078 {NT_STATUS_INVALID_WORKSTATION, PAM_PERM_DENIED},
00079 {NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
00080 {NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
00081 {NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL},
00082 {NT_STATUS_OK, PAM_SUCCESS}
00083 };
00084
00085
00086
00087
00088 NTSTATUS pam_to_nt_status(int pam_error)
00089 {
00090 int i;
00091 if (pam_error == 0) return NT_STATUS_OK;
00092
00093 for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) {
00094 if (pam_error == pam_to_nt_status_map[i].pam_code)
00095 return pam_to_nt_status_map[i].ntstatus;
00096 }
00097 return NT_STATUS_UNSUCCESSFUL;
00098 }
00099
00100
00101
00102
00103 int nt_status_to_pam(NTSTATUS nt_status)
00104 {
00105 int i;
00106 if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS;
00107
00108 for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) {
00109 if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus))
00110 return nt_status_to_pam_map[i].pam_code;
00111 }
00112 return PAM_SYSTEM_ERR;
00113 }
00114
00115 #else
00116
00117
00118
00119
00120 NTSTATUS pam_to_nt_status(int pam_error)
00121 {
00122 if (pam_error == 0) return NT_STATUS_OK;
00123 return NT_STATUS_UNSUCCESSFUL;
00124 }
00125
00126
00127
00128
00129 int nt_status_to_pam(NTSTATUS nt_status)
00130 {
00131 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) return 0;
00132 return 4;
00133 }
00134
00135 #endif
00136