s4:kdc: Return (possibly) more appropriate error codes

This change ultimately won’t make much difference to responses, as
unrecognized codes are mapped to ERR_GENERIC in any case. But it might
provide some help for debugging.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 94b2065fe5fc3734ae780fc4f3610d52e4c58aad..839bc8d840bf292eeb9ce9ceb9b82ecf3f8b2ca2 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -772,7 +772,7 @@ int samba_client_requested_pac(krb5_context context,
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
                DBG_ERR("can't parse the PAC ATTRIBUTES_INFO: %s\n", nt_errstr(nt_status));
-               return EINVAL;
+               return map_errno_from_nt_status(nt_status);
        }
 
        if (pac_attrs.attributes_info.flags & (PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY
@@ -819,7 +819,7 @@ int samba_krbtgt_is_in_db(struct samba_kdc_entry *p,
 
        if (!NT_STATUS_IS_OK(status)) {
                talloc_free(mem_ctx);
-               return EINVAL;
+               return map_errno_from_nt_status(status);
        }
 
        rodc_krbtgt_number = ldb_msg_find_attr_as_int(p->msg, "msDS-SecondaryKrbTgtNumber", -1);
@@ -1272,7 +1272,7 @@ static krb5_error_code samba_kdc_obtain_user_info_dc(TALLOC_CTX *mem_ctx,
                        DBG_ERR("authsam_update_user_info_dc failed: %s\n",
                                nt_errstr(nt_status));
 
-                       ret = EINVAL;
+                       ret = map_errno_from_nt_status(nt_status);
                        goto out;
                }
        } else {
@@ -1497,7 +1497,7 @@ static krb5_error_code samba_get_requester_sid(TALLOC_CTX *mem_ctx,
                nt_status = ndr_map_error2ntstatus(ndr_err);
                DBG_ERR("can't parse the PAC REQUESTER_SID: %s\n", nt_errstr(nt_status));
                talloc_free(tmp_ctx);
-               return EINVAL;
+               return map_errno_from_nt_status(nt_status);
        }
 
        *sid = info.requester_sid.sid;
@@ -1785,7 +1785,7 @@ static krb5_error_code samba_kdc_add_domain_group_sid(TALLOC_CTX *mem_ctx,
                                           &domain_group->domain_sid,
                                           &rid);
                if (!NT_STATUS_IS_OK(status)) {
-                       return EINVAL;
+                       return map_errno_from_nt_status(status);
                }
        } else {
                status = dom_sid_split_rid(NULL,
@@ -1793,7 +1793,7 @@ static krb5_error_code samba_kdc_add_domain_group_sid(TALLOC_CTX *mem_ctx,
                                           NULL,
                                           &rid);
                if (!NT_STATUS_IS_OK(status)) {
-                       return EINVAL;
+                       return map_errno_from_nt_status(status);
                }
        }
 
@@ -1902,7 +1902,7 @@ static krb5_error_code samba_kdc_update_device_info(TALLOC_CTX *mem_ctx,
                                                          true, /* This user was authenticated */
                                                          &device_info_dc);
        if (!NT_STATUS_IS_OK(nt_status)) {
-               return EINVAL;
+               return map_errno_from_nt_status(nt_status);
        }
 
        num_existing_sids = device_info_dc->num_sids;
@@ -1915,7 +1915,7 @@ static krb5_error_code samba_kdc_update_device_info(TALLOC_CTX *mem_ctx,
                                                samdb,
                                                device_info_dc);
        if (!NT_STATUS_IS_OK(nt_status)) {
-               return EINVAL;
+               return map_errno_from_nt_status(nt_status);
        }
 
        for (i = num_existing_sids; i < device_info_dc->num_sids; ++i) {
@@ -1953,7 +1953,7 @@ static krb5_error_code samba_kdc_get_device_info_pac_blob(TALLOC_CTX *mem_ctx,
                NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
                DBG_WARNING("PAC_DEVICE_INFO (presig) push failed: %s\n",
                            nt_errstr(nt_status));
-               return EINVAL;
+               return map_errno_from_nt_status(nt_status);
        }
 
        return 0;
@@ -2002,7 +2002,7 @@ static krb5_error_code samba_kdc_create_device_info_blob(TALLOC_CTX *mem_ctx,
                DBG_ERR("can't parse device PAC LOGON_INFO: %s\n",
                        nt_errstr(nt_status));
                talloc_free(frame);
-               return EINVAL;
+               return map_errno_from_nt_status(nt_status);
        }
 
        /*
@@ -2463,7 +2463,7 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
                        if (!NT_STATUS_IS_OK(nt_status)) {
                                DBG_ERR("samba_kdc_get_claims_blob failed: %s\n",
                                        nt_errstr(nt_status));
-                               code = EINVAL;
+                               code = map_errno_from_nt_status(nt_status);
                                goto done;
                        }
 
@@ -2494,7 +2494,7 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
                if (!NT_STATUS_IS_OK(nt_status)) {
                        DBG_ERR("update delegation info blob failed: %s\n",
                                nt_errstr(nt_status));
-                       code = EINVAL;
+                       code = map_errno_from_nt_status(nt_status);
                        goto done;
                }
        }
@@ -2587,7 +2587,7 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
                        DBG_ERR("samba_get_logon_info_pac_blob failed: %s\n",
                                nt_errstr(nt_status));
 
-                       code = EINVAL;
+                       code = map_errno_from_nt_status(nt_status);
                        goto done;
                }
 
@@ -2637,7 +2637,7 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
                if (!NT_STATUS_IS_OK(nt_status)) {
                        DBG_ERR("samba_kdc_get_claims_blob failed: %s\n",
                                nt_errstr(nt_status));
-                       code = EINVAL;
+                       code = map_errno_from_nt_status(nt_status);
                        goto done;
                }
        }
@@ -2952,7 +2952,7 @@ krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx,
                                                                  true, /* This user was authenticated */
                                                                  &device_info);
                if (!NT_STATUS_IS_OK(nt_status)) {
-                       code = EINVAL;
+                       code = map_errno_from_nt_status(nt_status);
                        goto out;
                }
 
@@ -2964,7 +2964,7 @@ krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx,
                                                        samdb,
                                                        device_info);
                if (!NT_STATUS_IS_OK(nt_status)) {
-                       code = EINVAL;
+                       code = map_errno_from_nt_status(nt_status);
                        goto out;
                }
        } else {

diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index 695ef6a3bf9fa5dad0bfcb1482b0a53c72515171..96d67e639f4e310042ba5d61422fbc919b6425b3 100644 (file)
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -153,7 +153,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv,
                                               &user_info_dc);
        if (!NT_STATUS_IS_OK(nt_status)) {
                talloc_free(mem_ctx);
-               return EINVAL;
+               return map_errno_from_nt_status(nt_status);
        }
 
        /*
@@ -196,7 +196,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv,
                                                  &logon_blob);
        if (!NT_STATUS_IS_OK(nt_status)) {
                talloc_free(mem_ctx);
-               return EINVAL;
+               return map_errno_from_nt_status(nt_status);
        }
 
        if (cred_ndr_ptr != NULL) {
@@ -205,7 +205,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv,
                                                        cred_ndr_ptr);
                if (!NT_STATUS_IS_OK(nt_status)) {
                        talloc_free(mem_ctx);
-                       return EINVAL;
+                       return map_errno_from_nt_status(nt_status);
                }
        }
 
@@ -214,7 +214,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv,
                                                &upn_blob);
        if (!NT_STATUS_IS_OK(nt_status)) {
                talloc_free(mem_ctx);
-               return EINVAL;
+               return map_errno_from_nt_status(nt_status);
        }
 
        if (is_krbtgt) {
@@ -223,7 +223,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv,
                                                         &pac_attrs_blob);
                if (!NT_STATUS_IS_OK(nt_status)) {
                        talloc_free(mem_ctx);
-                       return EINVAL;
+                       return map_errno_from_nt_status(nt_status);
                }
 
                nt_status = samba_kdc_get_requester_sid_blob(mem_ctx,
@@ -231,7 +231,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv,
                                                             &requester_sid_blob);
                if (!NT_STATUS_IS_OK(nt_status)) {
                        talloc_free(mem_ctx);
-                       return EINVAL;
+                       return map_errno_from_nt_status(nt_status);
                }
        }
 
@@ -240,7 +240,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv,
                                              &client_claims_blob);
        if (!NT_STATUS_IS_OK(nt_status)) {
                talloc_free(mem_ctx);
-               return EINVAL;
+               return map_errno_from_nt_status(nt_status);
        }
 
        if (pk_reply_key != NULL && cred_ndr != NULL) {