10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*9698SPeter.Shoults@Sun.COM * Common Development and Distribution License (the "License"). 6*9698SPeter.Shoults@Sun.COM * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*9698SPeter.Shoults@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate /* 270Sstevel@tonic-gate * glue routine gss_display_status 280Sstevel@tonic-gate * 290Sstevel@tonic-gate */ 300Sstevel@tonic-gate 310Sstevel@tonic-gate #include <mechglueP.h> 320Sstevel@tonic-gate #include <stdio.h> 330Sstevel@tonic-gate #ifdef HAVE_STDLIB_H 340Sstevel@tonic-gate #include <stdlib.h> 350Sstevel@tonic-gate #endif 360Sstevel@tonic-gate #include <string.h> 370Sstevel@tonic-gate #include <libintl.h> 380Sstevel@tonic-gate #include <errno.h> 390Sstevel@tonic-gate 400Sstevel@tonic-gate #ifndef TEXT_DOMAIN 410Sstevel@tonic-gate #error TEXT_DOMAIN not defined 420Sstevel@tonic-gate #endif 430Sstevel@tonic-gate 440Sstevel@tonic-gate /* local function */ 450Sstevel@tonic-gate static OM_uint32 displayMajor(OM_uint32, OM_uint32 *, gss_buffer_t); 460Sstevel@tonic-gate 470Sstevel@tonic-gate 480Sstevel@tonic-gate OM_uint32 490Sstevel@tonic-gate gss_display_status(minor_status, 500Sstevel@tonic-gate status_value, 510Sstevel@tonic-gate status_type, 520Sstevel@tonic-gate req_mech_type, 530Sstevel@tonic-gate message_context, 540Sstevel@tonic-gate status_string) 550Sstevel@tonic-gate 560Sstevel@tonic-gate OM_uint32 *minor_status; 570Sstevel@tonic-gate OM_uint32 status_value; 580Sstevel@tonic-gate int status_type; 590Sstevel@tonic-gate const gss_OID req_mech_type; 600Sstevel@tonic-gate OM_uint32 *message_context; 610Sstevel@tonic-gate gss_buffer_t status_string; 620Sstevel@tonic-gate { 630Sstevel@tonic-gate gss_OID mech_type = (gss_OID) req_mech_type; 640Sstevel@tonic-gate gss_mechanism mech; 650Sstevel@tonic-gate 66*9698SPeter.Shoults@Sun.COM if (minor_status != NULL) 67*9698SPeter.Shoults@Sun.COM *minor_status = 0; 680Sstevel@tonic-gate 69*9698SPeter.Shoults@Sun.COM if (status_string != GSS_C_NO_BUFFER) { 70*9698SPeter.Shoults@Sun.COM status_string->length = 0; 71*9698SPeter.Shoults@Sun.COM status_string->value = NULL; 72*9698SPeter.Shoults@Sun.COM } 730Sstevel@tonic-gate 74*9698SPeter.Shoults@Sun.COM if (minor_status == NULL || 75*9698SPeter.Shoults@Sun.COM message_context == NULL || 76*9698SPeter.Shoults@Sun.COM status_string == GSS_C_NO_BUFFER) 77*9698SPeter.Shoults@Sun.COM return (GSS_S_CALL_INACCESSIBLE_WRITE); 780Sstevel@tonic-gate 790Sstevel@tonic-gate /* we handle major status codes, and the mechs do the minor */ 800Sstevel@tonic-gate if (status_type == GSS_C_GSS_CODE) 810Sstevel@tonic-gate return (displayMajor(status_value, message_context, 820Sstevel@tonic-gate status_string)); 830Sstevel@tonic-gate 840Sstevel@tonic-gate /* 850Sstevel@tonic-gate * must be the minor status - let mechs do the work 860Sstevel@tonic-gate * select the appropriate underlying mechanism routine and 870Sstevel@tonic-gate * call it. 880Sstevel@tonic-gate */ 890Sstevel@tonic-gate mech = __gss_get_mechanism(mech_type); 900Sstevel@tonic-gate 910Sstevel@tonic-gate if (mech && mech->gss_display_status) { 920Sstevel@tonic-gate if (mech_type == GSS_C_NULL_OID) 930Sstevel@tonic-gate mech_type = &mech->mech_type; 940Sstevel@tonic-gate 950Sstevel@tonic-gate return (mech->gss_display_status(mech->context, minor_status, 960Sstevel@tonic-gate status_value, status_type, mech_type, 970Sstevel@tonic-gate message_context, status_string)); 980Sstevel@tonic-gate } 990Sstevel@tonic-gate 1000Sstevel@tonic-gate if (!mech) 1010Sstevel@tonic-gate return (GSS_S_BAD_MECH); 1020Sstevel@tonic-gate 1030Sstevel@tonic-gate return (GSS_S_UNAVAILABLE); 1040Sstevel@tonic-gate } /* gss_display_status */ 1050Sstevel@tonic-gate 1060Sstevel@tonic-gate 1070Sstevel@tonic-gate /* 1080Sstevel@tonic-gate * function to map the major error codes 1090Sstevel@tonic-gate * it uses case statements so that the strings could be wrapped by gettext 1100Sstevel@tonic-gate * msgCtxt is interpreted as: 1110Sstevel@tonic-gate * 0 - first call 1120Sstevel@tonic-gate * 1 - routine error 1130Sstevel@tonic-gate * >= 2 - the supplementary error code bit shifted by 1 1140Sstevel@tonic-gate */ 1150Sstevel@tonic-gate static OM_uint32 1160Sstevel@tonic-gate displayMajor(status, msgCtxt, outStr) 1170Sstevel@tonic-gate OM_uint32 status; 1180Sstevel@tonic-gate OM_uint32 *msgCtxt; 1190Sstevel@tonic-gate gss_buffer_t outStr; 1200Sstevel@tonic-gate { 1210Sstevel@tonic-gate OM_uint32 oneVal, mask = 0x1, currErr; 1220Sstevel@tonic-gate char *errStr = NULL; 1230Sstevel@tonic-gate int i, haveErr = 0; 1240Sstevel@tonic-gate 1250Sstevel@tonic-gate /* take care of the success value first */ 1260Sstevel@tonic-gate if (status == GSS_S_COMPLETE) 1270Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1280Sstevel@tonic-gate "The routine completed successfully"); 1290Sstevel@tonic-gate else if (*msgCtxt == 0 && (oneVal = GSS_CALLING_ERROR(status))) { 1300Sstevel@tonic-gate switch (oneVal) { 1310Sstevel@tonic-gate case GSS_S_CALL_INACCESSIBLE_READ: 1320Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1330Sstevel@tonic-gate "A required input parameter" 1340Sstevel@tonic-gate " could not be read"); 1350Sstevel@tonic-gate break; 1360Sstevel@tonic-gate 1370Sstevel@tonic-gate case GSS_S_CALL_INACCESSIBLE_WRITE: 1380Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1390Sstevel@tonic-gate "A required output parameter" 1400Sstevel@tonic-gate " could not be written"); 1410Sstevel@tonic-gate break; 1420Sstevel@tonic-gate 1430Sstevel@tonic-gate case GSS_S_CALL_BAD_STRUCTURE: 1440Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1450Sstevel@tonic-gate "A parameter was malformed"); 1460Sstevel@tonic-gate break; 1470Sstevel@tonic-gate 1480Sstevel@tonic-gate default: 1490Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1500Sstevel@tonic-gate "An invalid status code was supplied"); 1510Sstevel@tonic-gate break; 1520Sstevel@tonic-gate } 1530Sstevel@tonic-gate 1540Sstevel@tonic-gate /* we now need to determine new value of msgCtxt */ 1550Sstevel@tonic-gate if (GSS_ROUTINE_ERROR(status)) 1560Sstevel@tonic-gate *msgCtxt = 1; 1570Sstevel@tonic-gate else if ((oneVal = GSS_SUPPLEMENTARY_INFO(status)) != 0) 1580Sstevel@tonic-gate *msgCtxt = (OM_uint32)(oneVal << 1); 1590Sstevel@tonic-gate else 1600Sstevel@tonic-gate *msgCtxt = 0; 1610Sstevel@tonic-gate 1620Sstevel@tonic-gate } else if ((*msgCtxt == 0 || *msgCtxt == 1) && 1630Sstevel@tonic-gate (oneVal = GSS_ROUTINE_ERROR(status))) { 1640Sstevel@tonic-gate switch (oneVal) { 1650Sstevel@tonic-gate case GSS_S_BAD_MECH: 1660Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1670Sstevel@tonic-gate "An unsupported mechanism" 1680Sstevel@tonic-gate " was requested"); 1690Sstevel@tonic-gate break; 1700Sstevel@tonic-gate 1710Sstevel@tonic-gate case GSS_S_BAD_NAME: 1720Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1730Sstevel@tonic-gate "An invalid name was supplied"); 1740Sstevel@tonic-gate break; 1750Sstevel@tonic-gate 1760Sstevel@tonic-gate case GSS_S_BAD_NAMETYPE: 1770Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1780Sstevel@tonic-gate "A supplied name was of an" 1790Sstevel@tonic-gate " unsupported type"); 1800Sstevel@tonic-gate break; 1810Sstevel@tonic-gate 1820Sstevel@tonic-gate case GSS_S_BAD_BINDINGS: 1830Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1840Sstevel@tonic-gate "Incorrect channel bindings" 1850Sstevel@tonic-gate " were supplied"); 1860Sstevel@tonic-gate break; 1870Sstevel@tonic-gate 1880Sstevel@tonic-gate case GSS_S_BAD_SIG: /* same as GSS_S_BAD_MIC: */ 1890Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1900Sstevel@tonic-gate "A token had an invalid Message" 1910Sstevel@tonic-gate " Integrity Check (MIC)"); 1920Sstevel@tonic-gate break; 1930Sstevel@tonic-gate 1940Sstevel@tonic-gate case GSS_S_NO_CRED: 1950Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 1960Sstevel@tonic-gate "No credentials were supplied, or the" 1970Sstevel@tonic-gate " credentials were unavailable or" 1980Sstevel@tonic-gate " inaccessible"); 1990Sstevel@tonic-gate break; 2000Sstevel@tonic-gate 2010Sstevel@tonic-gate case GSS_S_NO_CONTEXT: 2020Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2030Sstevel@tonic-gate "No context has been established"); 2040Sstevel@tonic-gate break; 2050Sstevel@tonic-gate 2060Sstevel@tonic-gate case GSS_S_DEFECTIVE_TOKEN: 2070Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2080Sstevel@tonic-gate "Invalid token was supplied"); 2090Sstevel@tonic-gate break; 2100Sstevel@tonic-gate 2110Sstevel@tonic-gate case GSS_S_DEFECTIVE_CREDENTIAL: 2120Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2130Sstevel@tonic-gate "Invalid credential was supplied"); 2140Sstevel@tonic-gate break; 2150Sstevel@tonic-gate 2160Sstevel@tonic-gate case GSS_S_CREDENTIALS_EXPIRED: 2170Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2180Sstevel@tonic-gate "The referenced credential has" 2190Sstevel@tonic-gate " expired"); 2200Sstevel@tonic-gate break; 2210Sstevel@tonic-gate 2220Sstevel@tonic-gate case GSS_S_CONTEXT_EXPIRED: 2230Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2240Sstevel@tonic-gate "The referenced context has expired"); 2250Sstevel@tonic-gate break; 2260Sstevel@tonic-gate 2270Sstevel@tonic-gate case GSS_S_FAILURE: 2280Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2290Sstevel@tonic-gate "Unspecified GSS failure. Minor code" 2300Sstevel@tonic-gate " may provide more information"); 2310Sstevel@tonic-gate break; 2320Sstevel@tonic-gate 2330Sstevel@tonic-gate case GSS_S_BAD_QOP: 2340Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2350Sstevel@tonic-gate "The quality-of-protection (QOP) " 2360Sstevel@tonic-gate "requested could not be provided"); 2370Sstevel@tonic-gate break; 2380Sstevel@tonic-gate 2390Sstevel@tonic-gate case GSS_S_UNAUTHORIZED: 2400Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2410Sstevel@tonic-gate "The operation is forbidden by local" 2420Sstevel@tonic-gate " security policy"); 2430Sstevel@tonic-gate break; 2440Sstevel@tonic-gate 2450Sstevel@tonic-gate case GSS_S_UNAVAILABLE: 2460Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2470Sstevel@tonic-gate "The operation or option is not" 2480Sstevel@tonic-gate " available or unsupported"); 2490Sstevel@tonic-gate break; 2500Sstevel@tonic-gate 2510Sstevel@tonic-gate case GSS_S_DUPLICATE_ELEMENT: 2520Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2530Sstevel@tonic-gate "The requested credential element" 2540Sstevel@tonic-gate " already exists"); 2550Sstevel@tonic-gate break; 2560Sstevel@tonic-gate 2570Sstevel@tonic-gate case GSS_S_NAME_NOT_MN: 2580Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2590Sstevel@tonic-gate "The provided name was not mechanism" 2600Sstevel@tonic-gate " specific (MN)"); 2610Sstevel@tonic-gate break; 2620Sstevel@tonic-gate 2630Sstevel@tonic-gate case GSS_S_BAD_STATUS: 2640Sstevel@tonic-gate default: 2650Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 2660Sstevel@tonic-gate "An invalid status code was supplied"); 2670Sstevel@tonic-gate } 2680Sstevel@tonic-gate 2690Sstevel@tonic-gate /* we must determine if the caller should call us again */ 2700Sstevel@tonic-gate if ((oneVal = GSS_SUPPLEMENTARY_INFO(status)) != 0) 2710Sstevel@tonic-gate *msgCtxt = (OM_uint32)(oneVal << 1); 2720Sstevel@tonic-gate else 2730Sstevel@tonic-gate *msgCtxt = 0; 2740Sstevel@tonic-gate 2750Sstevel@tonic-gate } else if ((*msgCtxt == 0 || *msgCtxt >= 2) && 2760Sstevel@tonic-gate (oneVal = GSS_SUPPLEMENTARY_INFO(status))) { 2770Sstevel@tonic-gate /* 2780Sstevel@tonic-gate * if msgCtxt is not 0, then it should encode 2790Sstevel@tonic-gate * the supplementary error code we should be printing 2800Sstevel@tonic-gate */ 2810Sstevel@tonic-gate if (*msgCtxt >= 2) 2820Sstevel@tonic-gate oneVal = (OM_uint32) (*msgCtxt) >> 1; 2830Sstevel@tonic-gate else 2840Sstevel@tonic-gate oneVal = GSS_SUPPLEMENTARY_INFO(status); 2850Sstevel@tonic-gate 2860Sstevel@tonic-gate /* we display the errors LSB first */ 2870Sstevel@tonic-gate for (i = 0; i < 16; i++) { 2880Sstevel@tonic-gate if (oneVal & mask) { 2890Sstevel@tonic-gate haveErr = 1; 2900Sstevel@tonic-gate break; 2910Sstevel@tonic-gate } 2920Sstevel@tonic-gate mask <<= 1; 2930Sstevel@tonic-gate } 2940Sstevel@tonic-gate 2950Sstevel@tonic-gate /* isolate the bit or if not found set to illegal value */ 2960Sstevel@tonic-gate if (haveErr) 2970Sstevel@tonic-gate currErr = oneVal & mask; 2980Sstevel@tonic-gate else 2990Sstevel@tonic-gate currErr = 1 << 17; /* illegal value */ 3000Sstevel@tonic-gate 3010Sstevel@tonic-gate switch (currErr) { 3020Sstevel@tonic-gate case GSS_S_CONTINUE_NEEDED: 3030Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 3040Sstevel@tonic-gate "The routine must be called again to" 3050Sstevel@tonic-gate " complete its function"); 3060Sstevel@tonic-gate break; 3070Sstevel@tonic-gate 3080Sstevel@tonic-gate case GSS_S_DUPLICATE_TOKEN: 3090Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 3100Sstevel@tonic-gate "The token was a duplicate of an" 3110Sstevel@tonic-gate " earlier token"); 3120Sstevel@tonic-gate break; 3130Sstevel@tonic-gate 3140Sstevel@tonic-gate case GSS_S_OLD_TOKEN: 3150Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 3160Sstevel@tonic-gate "The token's validity period" 3170Sstevel@tonic-gate " has expired"); 3180Sstevel@tonic-gate break; 3190Sstevel@tonic-gate 3200Sstevel@tonic-gate case GSS_S_UNSEQ_TOKEN: 3210Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 3220Sstevel@tonic-gate "A later token has already been" 3230Sstevel@tonic-gate " processed"); 3240Sstevel@tonic-gate break; 3250Sstevel@tonic-gate 3260Sstevel@tonic-gate case GSS_S_GAP_TOKEN: 3270Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 3280Sstevel@tonic-gate "An expected per-message token was" 3290Sstevel@tonic-gate " not received"); 3300Sstevel@tonic-gate break; 3310Sstevel@tonic-gate 3320Sstevel@tonic-gate default: 3330Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 3340Sstevel@tonic-gate "An invalid status code was supplied"); 3350Sstevel@tonic-gate } 3360Sstevel@tonic-gate 3370Sstevel@tonic-gate /* 3380Sstevel@tonic-gate * we must check if there is any other supplementary errors 3390Sstevel@tonic-gate * if found, then turn off current bit, and store next value 3400Sstevel@tonic-gate * in msgCtxt shifted by 1 bit 3410Sstevel@tonic-gate */ 3420Sstevel@tonic-gate if (!haveErr) 3430Sstevel@tonic-gate *msgCtxt = 0; 3440Sstevel@tonic-gate else if (GSS_SUPPLEMENTARY_INFO(oneVal) ^ mask) 3450Sstevel@tonic-gate *msgCtxt = (OM_uint32) 3460Sstevel@tonic-gate ((GSS_SUPPLEMENTARY_INFO(oneVal) ^ mask) << 1); 3470Sstevel@tonic-gate else 3480Sstevel@tonic-gate *msgCtxt = 0; 3490Sstevel@tonic-gate } 3500Sstevel@tonic-gate 3510Sstevel@tonic-gate if (errStr == NULL) 3520Sstevel@tonic-gate errStr = dgettext(TEXT_DOMAIN, 3530Sstevel@tonic-gate "An invalid status code was supplied"); 3540Sstevel@tonic-gate 3550Sstevel@tonic-gate /* now copy the status code and return to caller */ 3560Sstevel@tonic-gate outStr->length = strlen(errStr); 3570Sstevel@tonic-gate outStr->value = malloc((size_t)outStr->length+1); 3580Sstevel@tonic-gate if (outStr->value == NULL) { 3590Sstevel@tonic-gate outStr->length = 0; 3600Sstevel@tonic-gate return (GSS_S_FAILURE); 3610Sstevel@tonic-gate } 3620Sstevel@tonic-gate 3630Sstevel@tonic-gate (void) strcpy((char *)outStr->value, errStr); 3640Sstevel@tonic-gate return (GSS_S_COMPLETE); 3650Sstevel@tonic-gate } /* displayMajor */ 366