1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
/* krb5/error.c --- Kerberos 5 GSS-API error handling functionality.
* Copyright (C) 2003-2022 Simon Josefsson
*
* This file is part of the GNU Generic Security Service Library.
*
* This file is free software: you can redistribute it and/or modify
* it under the terms of either:
*
* * the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* * the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* or both in parallel, as here.
*
* This file is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received copies of the GNU General Public License
* and the GNU Lesser General Public License along with this file. If
* not, see <http://www.gnu.org/licenses/>.
*
*/
/* Get specification. */
#include "k5internal.h"
struct gss_status_codes
{
gss_uint32 err;
const char *name;
const char *text;
};
static struct gss_status_codes gss_krb5_errors[] = {
/* 4.1.1. Non-Kerberos-specific codes */
{GSS_KRB5_S_G_BAD_SERVICE_NAME, "GSS_KRB5_S_G_BAD_SERVICE_NAME",
N_("No @ in SERVICE-NAME name string")},
{GSS_KRB5_S_G_BAD_STRING_UID, "GSS_KRB5_S_G_BAD_STRING_UID",
N_("STRING-UID-NAME contains nondigits")},
{GSS_KRB5_S_G_NOUSER, "GSS_KRB5_S_G_NOUSER",
N_("UID does not resolve to username")},
{GSS_KRB5_S_G_VALIDATE_FAILED, "GSS_KRB5_S_G_VALIDATE_FAILED",
N_("Validation error")},
{GSS_KRB5_S_G_BUFFER_ALLOC, "GSS_KRB5_S_G_BUFFER_ALLOC",
N_("Couldn't allocate gss_buffer_t data")},
{GSS_KRB5_S_G_BAD_MSG_CTX, "GSS_KRB5_S_G_BAD_MSG_CTX",
N_("Message context invalid")},
{GSS_KRB5_S_G_WRONG_SIZE, "GSS_KRB5_S_G_WRONG_SIZE",
N_("Buffer is the wrong size")},
{GSS_KRB5_S_G_BAD_USAGE, "GSS_KRB5_S_G_BAD_USAGE",
N_("Credential usage type is unknown")},
{GSS_KRB5_S_G_UNKNOWN_QOP, "GSS_KRB5_S_G_UNKNOWN_QOP",
N_("Unknown quality of protection specified")},
/* 4.1.2. Kerberos-specific-codes */
{GSS_KRB5_S_KG_CCACHE_NOMATCH, "GSS_KRB5_S_KG_CCACHE_NOMATCH",
N_("Principal in credential cache does not match desired name")},
{GSS_KRB5_S_KG_KEYTAB_NOMATCH, "GSS_KRB5_S_KG_KEYTAB_NOMATCH",
N_("No principal in keytab matches desired name")},
{GSS_KRB5_S_KG_TGT_MISSING, "GSS_KRB5_S_KG_TGT_MISSING",
N_("Credential cache has no TGT")},
{GSS_KRB5_S_KG_NO_SUBKEY, "GSS_KRB5_S_KG_NO_SUBKEY",
N_("Authenticator has no subkey")},
{GSS_KRB5_S_KG_CONTEXT_ESTABLISHED, "GSS_KRB5_S_KG_CONTEXT_ESTABLISHED",
N_("Context is already fully established")},
{GSS_KRB5_S_KG_BAD_SIGN_TYPE, "GSS_KRB5_S_KG_BAD_SIGN_TYPE",
N_("Unknown signature type in token")},
{GSS_KRB5_S_KG_BAD_LENGTH, "GSS_KRB5_S_KG_BAD_LENGTH",
N_("Invalid field length in token")},
{GSS_KRB5_S_KG_CTX_INCOMPLETE, "GSS_KRB5_S_KG_CTX_INCOMPLETE",
N_("Attempt to use incomplete security context")}
};
OM_uint32
gss_krb5_display_status (OM_uint32 * minor_status,
OM_uint32 status_value,
int status_type,
const gss_OID mech_type,
OM_uint32 * message_context,
gss_buffer_t status_string)
{
if (minor_status)
*minor_status = 0;
switch (status_value)
{
case 0:
status_string->value = strdup (_("No krb5 error"));
if (!status_string->value)
{
if (minor_status)
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
status_string->length = strlen (status_string->value);
break;
/* 4.1.1. Non-Kerberos-specific codes */
case GSS_KRB5_S_G_BAD_SERVICE_NAME:
case GSS_KRB5_S_G_BAD_STRING_UID:
case GSS_KRB5_S_G_NOUSER:
case GSS_KRB5_S_G_VALIDATE_FAILED:
case GSS_KRB5_S_G_BUFFER_ALLOC:
case GSS_KRB5_S_G_BAD_MSG_CTX:
case GSS_KRB5_S_G_WRONG_SIZE:
case GSS_KRB5_S_G_BAD_USAGE:
case GSS_KRB5_S_G_UNKNOWN_QOP:
/* 4.1.2. Kerberos-specific-codes */
case GSS_KRB5_S_KG_CCACHE_NOMATCH:
case GSS_KRB5_S_KG_KEYTAB_NOMATCH:
case GSS_KRB5_S_KG_TGT_MISSING:
case GSS_KRB5_S_KG_NO_SUBKEY:
case GSS_KRB5_S_KG_CONTEXT_ESTABLISHED:
case GSS_KRB5_S_KG_BAD_SIGN_TYPE:
case GSS_KRB5_S_KG_BAD_LENGTH:
case GSS_KRB5_S_KG_CTX_INCOMPLETE:
status_string->value =
strdup (_(gss_krb5_errors[status_value - 1].text));
if (!status_string->value)
{
if (minor_status)
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
status_string->length = strlen (status_string->value);
break;
default:
status_string->value = strdup (_("Unknown krb5 error"));
if (!status_string->value)
{
if (minor_status)
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
status_string->length = strlen (status_string->value);
break;
}
return GSS_S_COMPLETE;
}
|
