Movatterモバイル変換

[0]ホーム
URL:

Go to main content
oracle home

Developer's Guide to Oracle® Solaris 11.4 Security

Exit Print View

 
Search Scope:
  »  ...Documentation Home  »  Oracle Solaris 11.4 Information Library  »  Developer's Guide to Oracle® ...  »  GSS-API Reference  »  GSS-API Status Codes
Updated: November 2020
 
 

GSS-API Status Codes

Major status codes are encoded intheOM_uint32 as shown in the following figure.

Figure 15  Major Status Encoding

image:Diagram shows how major status codes are encoded in OM_uint32.

If a GSS-API routine returns a GSS status code whose upper 16 bits containa nonzero value, the call has failed. If the calling error field is nonzero,the application's call of the routine was erroneous. Thecallingerrors are listed inFigure 3, Table 3, GSS-API Calling Errors. If the routine error field is nonzero, the routine failed becauseof aroutine-specific error, as listed inFigure 4, Table 4, GSS-API Routine Errors. The bits in thesupplementary information field of the status code can be set whether theupper 16 bits indicate a failure or a success. The meaning of individual bitsis listed inFigure 5, Table 5, GSS-API Supplementary Information Codes.

GSS-API Major Status Code Values

The following tables list thecalling errors that are returned by GSS-API. These errors are specific toa particular language-binding, which is C in this case.

Table 3  GSS-API Calling Errors
Error
Value in Field
Meaning
GSS_S_CALL_INACCESSIBLE_READ
1
An input parameter that is required could not be read
GSS_S_CALL_INACCESSIBLE_WRITE
2
A required output parameter could not be written
GSS_S_CALL_BAD_STRUCTURE
3
A parameter was malformed

The following table lists the GSS-API routine errors, generic errorsthat are returned by GSS-API functions.

Table 4  GSS-API Routine Errors
Error
Value in Field
Meaning
GSS_S_BAD_MECH
1
An unsupported mechanism was requested.
GSS_S_BAD_NAME
2
An invalid name was supplied.
GSS_S_BAD_NAMETYPE
3
A supplied name was of an unsupported type.
GSS_S_BAD_BINDINGS
4
Incorrect channel bindings were supplied.
GSS_S_BAD_STATUS
5
An invalid status code was supplied.
GSS_S_BAD_MIC, GSS_S_BAD_SIG
6
A token had an invalid MIC.
GSS_S_NO_CRED
7
The credentials were unavailable, inaccessible, or not supplied.
GSS_S_NO_CONTEXT
8
No context has been established.
GSS_S_DEFECTIVE_TOKEN
9
A token was invalid.
GSS_S_DEFECTIVE_CREDENTIAL
10
A credential was invalid.
GSS_S_CREDENTIALS_EXPIRED
11
The referenced credentials have expired.
GSS_S_CONTEXT_EXPIRED
12
The context has expired.
GSS_S_FAILURE
13
Miscellaneous failure. The underlying mechanism detected an error forwhich no specific GSS-API status code is defined. The mechanism-specificstatus code, that is, the minor-status code, provides more details about theerror.
GSS_S_BAD_QOP
14
The quality of protection that was requested could not be provided.
GSS_S_UNAUTHORIZED
15
The operation is forbidden by local security policy.
GSS_S_UNAVAILABLE
16
The operation or option is unavailable.
GSS_S_DUPLICATE_ELEMENT
17
The requested credential element already exists.
GSS_S_NAME_NOT_MN
18
The provided name was not a mechanism name (MN).

The name GSS_S_COMPLETE, which is a zero value,indicates an absence of any API errors or supplementary information bits.

The following table lists the supplementary information values returnedby GSS-API functions.

Table 5  GSS-API Supplementary InformationCodes
Code
Bit Number
Meaning
GSS_S_CONTINUE_NEEDED
0 (LSB)
Returned only bygss_init_sec_context() orgss_accept_sec_context(). The routine must be called again to complete its function.
GSS_S_DUPLICATE_TOKEN
1
The token was a duplicate of an earlier token.
GSS_S_OLD_TOKEN
2
The token's validity period has expired.
GSS_S_UNSEQ_TOKEN
3
A later token has already been processed.
GSS_S_GAP_TOKEN
4
An expected per-message token was not received.

For more on status codes, seeGSS-API Status Codes.

Displaying GSS-API Status Codes

The functiongss_display_status() translates GSS-APIstatus codes into text format. This format allows the codes to be displayedto a user or put in a text log.gss_display_status() onlydisplays one status code at a time, and some functions can return multiplestatus conditions. Accordingly,gss_display_status() shouldbe called as part of a loop. Whengss_display_status() indicatesa non-zero status code, another status code is available for the functionto fetch.

Example 29  Displaying Status Codes withgss_display_status()
OM_uint32 message_context;OM_uint32 status_code;OM_uint32 maj_status;OM_uint32 min_status;gss_buffer_desc status_string;...message_context = 0;do {     maj_status = gss_display_status(               &min_status,               status_code,               GSS_C_GSS_CODE,               GSS_C_NO_OID,               &message_context,               &status_string);     fprintf(stderr, "%.*s\n", \               (int)status_string.length, \               (char *)status_string.value);     gss_release_buffer(&min_status, &status_string,);} while (message_context != 0);

GSS-API Status Code Macros

The macros,GSS_CALLING_ERROR(),GSS_ROUTINE_ERROR() andGSS_SUPPLEMENTARY_INFO(), take a GSS statuscode. These macros remove all information except for the relevant field. For example, theGSS_ROUTINE_ERROR() can be applied toa status code to remove the calling errors and supplementary information fields.This operation leaves the routine errors field only. The values deliveredby these macros can be directly compared with a GSS_S_xxx symbolof the appropriate type. The macroGSS_ERROR() returnsa non-zero value if a status code indicates a calling or routine error, anda zero value otherwise. All macros that are defined by GSS-API evaluate thearguments exactly once.

Copyright © 2000, 2020, Oracle and/or its affiliates. 
Previous
Next
[8]ページ先頭
©2009-2025 Movatter.jp