From ab0857540551648af28b6d1079d539e9b1b35e00 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 4 Aug 2015 11:35:45 +0200
Subject: [PATCH] hdb-samba: Translate SDB errors to HDB errors

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/kdc/hdb-samba4.c | 123 +++++++++++++++++++++++++++++++++++++----------
 1 file changed, 97 insertions(+), 26 deletions(-)

diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index c8f26e03c18..14a974aa8e5 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -95,24 +95,33 @@ static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db,
 	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
 					   struct samba_kdc_db_context);
 
-	code = samba_kdc_fetch(context,
-			       kdc_db_ctx,
-			       principal,
-			       flags,
-			       kvno,
-			       &sdb_entry_ex);
-	/*
-	 * If SDB_ERR_WRONG_REALM is returned we need to process the sdb_entry
-	 * to fill the principal in the HDB entry.
-	 */
-	if (code != 0 && code != SDB_ERR_WRONG_REALM) {
-		return code;
+	ret = samba_kdc_fetch(context,
+			      kdc_db_ctx,
+			      principal,
+			      flags,
+			      kvno,
+			      &sdb_entry_ex);
+	switch (ret) {
+	case 0:
+		code = 0;
+		break;
+	case SDB_ERR_WRONG_REALM:
+		/*
+		 * If SDB_ERR_WRONG_REALM is returned we need to process the
+		 * sdb_entry to fill the principal in the HDB entry.
+		 */
+		code = HDB_ERR_WRONG_REALM;
+		break;
+	case SDB_ERR_NOENTRY:
+		return HDB_ERR_NOENTRY;
+	default:
+		return HDB_ERR_NOT_FOUND_HERE;
 	}
 
 	ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry_ex);
 	sdb_free_entry(&sdb_entry_ex);
 
-	if (code == 0 && ret != 0) {
+	if (code != 0 && ret != 0) {
 		code = ret;
 	}
 
@@ -130,8 +139,15 @@ static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsign
 					   struct samba_kdc_db_context);
 
 	ret = samba_kdc_firstkey(context, kdc_db_ctx, &sdb_entry_ex);
-	if (ret) {
-		return ret;
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_WRONG_REALM:
+		return HDB_ERR_WRONG_REALM;
+	case SDB_ERR_NOENTRY:
+		return HDB_ERR_NOENTRY;
+	default:
+		return HDB_ERR_NOT_FOUND_HERE;
 	}
 
 	ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry);
@@ -150,8 +166,15 @@ static krb5_error_code hdb_samba4_nextkey(krb5_context context, HDB *db, unsigne
 					   struct samba_kdc_db_context);
 
 	ret = samba_kdc_nextkey(context, kdc_db_ctx, &sdb_entry_ex);
-	if (ret) {
-		return ret;
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_WRONG_REALM:
+		return HDB_ERR_WRONG_REALM;
+	case SDB_ERR_NOENTRY:
+		return HDB_ERR_NOENTRY;
+	default:
+		return HDB_ERR_NOT_FOUND_HERE;
 	}
 
 	ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry);
@@ -172,15 +195,31 @@ hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db,
 {
 	struct samba_kdc_db_context *kdc_db_ctx;
 	struct samba_kdc_entry *skdc_entry;
+	krb5_error_code ret;
 
 	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
 					   struct samba_kdc_db_context);
 	skdc_entry = talloc_get_type_abort(entry->ctx,
 					   struct samba_kdc_entry);
 
-	return samba_kdc_check_s4u2proxy(context, kdc_db_ctx,
-					 skdc_entry,
-					 target_principal);
+	ret = samba_kdc_check_s4u2proxy(context, kdc_db_ctx,
+					skdc_entry,
+					target_principal);
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_WRONG_REALM:
+		ret = HDB_ERR_WRONG_REALM;
+		break;
+	case SDB_ERR_NOENTRY:
+		ret = HDB_ERR_NOENTRY;
+		break;
+	default:
+		ret = HDB_ERR_NOT_FOUND_HERE;
+		break;
+	}
+
+	return ret;
 }
 
 static krb5_error_code
@@ -190,15 +229,31 @@ hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db,
 {
 	struct samba_kdc_db_context *kdc_db_ctx;
 	struct samba_kdc_entry *skdc_entry;
+	krb5_error_code ret;
 
 	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
 					   struct samba_kdc_db_context);
 	skdc_entry = talloc_get_type_abort(entry->ctx,
 					   struct samba_kdc_entry);
 
-	return samba_kdc_check_pkinit_ms_upn_match(context, kdc_db_ctx,
-						   skdc_entry,
-						   certificate_principal);
+	ret = samba_kdc_check_pkinit_ms_upn_match(context, kdc_db_ctx,
+						  skdc_entry,
+						  certificate_principal);
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_WRONG_REALM:
+		ret = HDB_ERR_WRONG_REALM;
+		break;
+	case SDB_ERR_NOENTRY:
+		ret = HDB_ERR_NOENTRY;
+		break;
+	default:
+		ret = HDB_ERR_NOT_FOUND_HERE;
+		break;
+	}
+
+	return ret;
 }
 
 static krb5_error_code
@@ -208,15 +263,31 @@ hdb_samba4_check_s4u2self(krb5_context context, HDB *db,
 {
 	struct samba_kdc_db_context *kdc_db_ctx;
 	struct samba_kdc_entry *skdc_entry;
+	krb5_error_code ret;
 
 	kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
 					   struct samba_kdc_db_context);
 	skdc_entry = talloc_get_type_abort(entry->ctx,
 					   struct samba_kdc_entry);
 
-	return samba_kdc_check_s4u2self(context, kdc_db_ctx,
-				        skdc_entry,
-				        target_principal);
+	ret = samba_kdc_check_s4u2self(context, kdc_db_ctx,
+				       skdc_entry,
+				       target_principal);
+	switch (ret) {
+	case 0:
+		break;
+	case SDB_ERR_WRONG_REALM:
+		ret = HDB_ERR_WRONG_REALM;
+		break;
+	case SDB_ERR_NOENTRY:
+		ret = HDB_ERR_NOENTRY;
+		break;
+	default:
+		ret = HDB_ERR_NOT_FOUND_HERE;
+		break;
+	}
+
+	return ret;
 }
 
 static krb5_error_code hdb_samba4_auth_status(krb5_context context, HDB *db,
-- 
2.11.4.GIT