From 41a4496b20e510dc47fe2b816196cef6fe937cea Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Fri, 18 Aug 2006 15:10:46 +0000
Subject: r17606: Introduce krb5_to_ntstatus.

Thanks to Michael Adam <ma@sernet.de>

Volker
(This used to be commit 6e641c90b8f52a822a83701cdf305c60416d7f0c)
---
 source3/libads/ads_status.c | 35 +++++++++++++++++------------------
 source3/libsmb/errormap.c   | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 18 deletions(-)

diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c
index 5a4165c2f94..00427936ade 100644
--- a/source3/libads/ads_status.c
+++ b/source3/libads/ads_status.c
@@ -69,30 +69,29 @@ ADS_STATUS ads_build_nt_error(enum ads_error_type etype,
 */
 NTSTATUS ads_ntstatus(ADS_STATUS status)
 {
-	if (status.error_type == ENUM_ADS_ERROR_NT){
+	switch (status.error_type) {
+	case ENUM_ADS_ERROR_NT:
 		return status.err.nt_status;	
-	}
-	if (status.error_type == ENUM_ADS_ERROR_SYSTEM) {
+	case ENUM_ADS_ERROR_SYSTEM:
 		return map_nt_error_from_unix(status.err.rc);
-	}
 #ifdef HAVE_LDAP
-	if ((status.error_type == ENUM_ADS_ERROR_LDAP) 
-	    && (status.err.rc == LDAP_NO_MEMORY)) {
-		return NT_STATUS_NO_MEMORY;
-	}
+	case ENUM_ADS_ERROR_LDAP:
+		if (status.err.rc == LDAP_NO_MEMORY) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		break;
 #endif
 #ifdef HAVE_KRB5
-	if (status.error_type == ENUM_ADS_ERROR_KRB5) { 
-		if (status.err.rc == KRB5KDC_ERR_PREAUTH_FAILED) {
-			return NT_STATUS_LOGON_FAILURE;
-		} else if (status.err.rc == KRB5_KDC_UNREACH) {
-			return NT_STATUS_NO_LOGON_SERVERS;
-		} else if (status.err.rc == KRB5KRB_AP_ERR_SKEW) {
-			return NT_STATUS_TIME_DIFFERENCE_AT_DC;
-		}
-	}
+	case ENUM_ADS_ERROR_KRB5:
+		return krb5_to_ntstatus(status.err.rc);
 #endif
-	if (ADS_ERR_OK(status)) return NT_STATUS_OK;
+	default:
+		break;
+	}
+
+	if (ADS_ERR_OK(status)) {
+		return NT_STATUS_OK;
+	}
 	return NT_STATUS_UNSUCCESSFUL;
 }
 
diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c
index cb5e8311cad..7758246929b 100644
--- a/source3/libsmb/errormap.c
+++ b/source3/libsmb/errormap.c
@@ -1566,3 +1566,40 @@ NTSTATUS map_nt_error_from_unix(int unix_error)
 	/* Default return */
 	return NT_STATUS_ACCESS_DENIED;
 }
+
+#ifdef HAVE_KRB5
+/*********************************************************************
+ Map a krb5 error code to an NT error code
+*********************************************************************/
+
+struct krb5_error_map {
+	int krb5_error;
+	NTSTATUS nt_error;
+};
+
+const struct krb5_error_map krb5_nt_errmap[] = {
+	{ KRB5KDC_ERR_PREAUTH_FAILED, NT_STATUS_LOGON_FAILURE },
+	{ KRB5_KDC_UNREACH, NT_STATUS_NO_LOGON_SERVERS },
+	{ KRB5KRB_AP_ERR_SKEW, NT_STATUS_TIME_DIFFERENCE_AT_DC },
+	/* not sure if this mapping is appropriate */
+	{ KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, NT_STATUS_NO_TRUST_SAM_ACCOUNT },
+	{ KRB5KDC_ERR_NONE, NT_STATUS_OK },
+	/* end of array flag - not used as error code... */
+	{ 0, NT_STATUS_OK }
+};
+
+NTSTATUS krb5_to_ntstatus(int error) 
+{
+	int i = 0;
+
+	while (krb5_nt_errmap[i].krb5_error != 0) {
+		if (krb5_nt_errmap[i].krb5_error == error) {
+			return krb5_nt_errmap[i].nt_error;
+		}
+		i++;
+	}
+
+	return NT_STATUS_ACCESS_DENIED;
+}
+#endif
+
-- 
cgit