/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
/*
* glue routine gss_display_status
*
*/
#include <mglueP.h>
#include "gssapiP_generic.h"
#include <stdio.h>
#ifdef HAVE_STDLIB_H
#include <stdlib.h>
#endif
#include <string.h>
#include <libintl.h>
#include <errno.h>
#include <syslog.h>
#ifndef TEXT_DOMAIN
#endif
/* local function */
int status_type;
const gss_OID req_mech_type;
{
if (minor_status != NULL)
*minor_status = 0;
if (status_string != GSS_C_NO_BUFFER) {
status_string->length = 0;
}
if (minor_status == NULL ||
message_context == NULL ||
return (GSS_S_CALL_INACCESSIBLE_WRITE);
/* we handle major status codes, and the mechs do the minor */
if (status_type == GSS_C_GSS_CODE)
/*
* must be the minor status - let mechs do the work
* select the appropriate underlying mechanism routine and
* call it.
*/
/*
* In this version, we only handle status codes that have been
* mapped to a flat numbering space. Look up the value we got
* passed. If it's not found, complain.
*/
if (status_value == 0) {
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
*message_context = 0;
*minor_status = 0;
return (GSS_S_COMPLETE);
}
{
int err;
if (err) {
*minor_status = err;
return (GSS_S_BAD_STATUS);
}
/* Magic flag for com_err values. */
if (status != GSS_S_COMPLETE)
return (status);
}
}
OM_uint32 r;
if (mech_type == GSS_C_NULL_OID)
/*
* How's this for weird? If we get an error returning the
* mechanism-specific error code, we save away the
* mechanism-specific error code describing the error.
*/
if (r != GSS_S_COMPLETE)
return (r);
}
if (!mech)
return (GSS_S_BAD_MECH);
return (GSS_S_UNAVAILABLE);
} /* gss_display_status */
/*
* function to map the major error codes
* it uses case statements so that the strings could be wrapped by gettext
* msgCtxt is interpreted as:
* 0 - first call
* 1 - routine error
* >= 2 - the supplementary error code bit shifted by 1
*/
static OM_uint32
{
int i, haveErr = 0;
/* take care of the success value first */
if (status == GSS_S_COMPLETE)
"The routine completed successfully");
switch (oneVal) {
"A required input parameter"
" could not be read");
break;
"A required output parameter"
" could not be written");
break;
case GSS_S_CALL_BAD_STRUCTURE:
"A parameter was malformed");
break;
default:
"An invalid status code was supplied");
break;
}
/* we now need to determine new value of msgCtxt */
if (GSS_ROUTINE_ERROR(status))
*msgCtxt = 1;
else
*msgCtxt = 0;
switch (oneVal) {
case GSS_S_BAD_MECH:
"An unsupported mechanism"
" was requested");
break;
case GSS_S_BAD_NAME:
"An invalid name was supplied");
break;
case GSS_S_BAD_NAMETYPE:
"A supplied name was of an"
" unsupported type");
break;
case GSS_S_BAD_BINDINGS:
"Incorrect channel bindings"
" were supplied");
break;
case GSS_S_BAD_SIG: /* same as GSS_S_BAD_MIC: */
"A token had an invalid Message"
" Integrity Check (MIC)");
break;
case GSS_S_NO_CRED:
"No credentials were supplied, or the"
" credentials were unavailable or"
" inaccessible");
break;
case GSS_S_NO_CONTEXT:
"No context has been established");
break;
case GSS_S_DEFECTIVE_TOKEN:
"Invalid token was supplied");
break;
"Invalid credential was supplied");
break;
"The referenced credential has"
" expired");
break;
case GSS_S_CONTEXT_EXPIRED:
"The referenced context has expired");
break;
case GSS_S_FAILURE:
"Unspecified GSS failure. Minor code"
" may provide more information");
break;
case GSS_S_BAD_QOP:
"The quality-of-protection (QOP) "
"requested could not be provided");
break;
case GSS_S_UNAUTHORIZED:
"The operation is forbidden by local"
" security policy");
break;
case GSS_S_UNAVAILABLE:
"The operation or option is not"
" available or unsupported");
break;
case GSS_S_DUPLICATE_ELEMENT:
"The requested credential element"
" already exists");
break;
case GSS_S_NAME_NOT_MN:
"The provided name was not mechanism"
" specific (MN)");
break;
case GSS_S_BAD_STATUS:
default:
"An invalid status code was supplied");
}
/* we must determine if the caller should call us again */
else
*msgCtxt = 0;
/*
* if msgCtxt is not 0, then it should encode
* the supplementary error code we should be printing
*/
if (*msgCtxt >= 2)
else
/* we display the errors LSB first */
for (i = 0; i < 16; i++) {
haveErr = 1;
break;
}
mask <<= 1;
}
/* isolate the bit or if not found set to illegal value */
if (haveErr)
else
switch (currErr) {
case GSS_S_CONTINUE_NEEDED:
"The routine must be called again to"
" complete its function");
break;
case GSS_S_DUPLICATE_TOKEN:
"The token was a duplicate of an"
" earlier token");
break;
case GSS_S_OLD_TOKEN:
"The token's validity period"
" has expired");
break;
case GSS_S_UNSEQ_TOKEN:
"A later token has already been"
" processed");
break;
case GSS_S_GAP_TOKEN:
"An expected per-message token was"
" not received");
break;
default:
"An invalid status code was supplied");
}
/*
* we must check if there is any other supplementary errors
* if found, then turn off current bit, and store next value
* in msgCtxt shifted by 1 bit
*/
if (!haveErr)
*msgCtxt = 0;
else
*msgCtxt = 0;
}
"An invalid status code was supplied");
/* now copy the status code and return to caller */
return (GSS_S_FAILURE);
}
return (GSS_S_COMPLETE);
} /* displayMajor */