Next: , Up: Error Handling   [Contents][Index]

12.1 Error values

Errors are returned as int values.

The value of the symbol GSASL_OK is guaranteed to always be 0, and all other error codes are guaranteed to be non-0, so you may use that information to build boolean expressions involving return codes. Otherwise, an application should not depend on the particular value for error codes, and are encouraged to use the constants even for GSASL_OK to improve readability. Possible values are:

GSASL_OK

Libgsasl success

GSASL_NEEDS_MORE

SASL mechanism needs more data

GSASL_UNKNOWN_MECHANISM

Unknown SASL mechanism

GSASL_MECHANISM_CALLED_TOO_MANY_TIMES

SASL mechanism called too many times

GSASL_MALLOC_ERROR

Memory allocation error in SASL library

GSASL_BASE64_ERROR

Base 64 coding error in SASL library

GSASL_CRYPTO_ERROR

Low-level crypto error in SASL library

GSASL_SASLPREP_ERROR

Could not prepare internationalized (non-ASCII) string.

GSASL_MECHANISM_PARSE_ERROR

SASL mechanism could not parse input

GSASL_AUTHENTICATION_ERROR

Error authenticating user

GSASL_INTEGRITY_ERROR

Integrity error in application payload

GSASL_NO_CLIENT_CODE

Client-side functionality not available in library (application error)

GSASL_NO_SERVER_CODE

Server-side functionality not available in library (application error)

GSASL_GSSAPI_RELEASE_BUFFER_ERROR

GSSAPI library could not deallocate memory in gss_release_buffer() in SASL library. This is a serious internal error.

GSASL_GSSAPI_IMPORT_NAME_ERROR

GSSAPI library could not understand a peer name in gss_import_name() in SASL library. This is most likely due to incorrect service and/or hostnames.

GSASL_GSSAPI_INIT_SEC_CONTEXT_ERROR

GSSAPI error in client while negotiating security context in gss_init_sec_context() in SASL library. This is most likely due insufficient credentials or malicious interactions.

GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR

GSSAPI error in server while negotiating security context in gss_accept_sec_context() in SASL library. This is most likely due insufficient credentials or malicious interactions.

GSASL_GSSAPI_UNWRAP_ERROR

GSSAPI error while decrypting or decoding data in gss_unwrap() in SASL library. This is most likely due to data corruption.

GSASL_GSSAPI_WRAP_ERROR

GSSAPI error while encrypting or encoding data in gss_wrap() in SASL library.

GSASL_GSSAPI_ACQUIRE_CRED_ERROR

GSSAPI error acquiring credentials in gss_acquire_cred() in SASL library. This is most likely due to not having the proper Kerberos key available in /etc/krb5.keytab on the server.

GSASL_GSSAPI_DISPLAY_NAME_ERROR

GSSAPI error creating a display name denoting the client in gss_display_name() in SASL library. This is probably because the client supplied bad data.

GSASL_GSSAPI_UNSUPPORTED_PROTECTION_ERROR

Other entity requested integrity or confidentiality protection in GSSAPI mechanism but this is currently not implemented.

GSASL_SECURID_SERVER_NEED_ADDITIONAL_PASSCODE

SecurID needs additional passcode.

GSASL_SECURID_SERVER_NEED_NEW_PIN

SecurID needs new pin.

GSASL_NO_CALLBACK

No callback specified by caller (application error).

GSASL_NO_ANONYMOUS_TOKEN

Authentication failed because the anonymous token was not provided.

GSASL_NO_AUTHID

Authentication failed because the authentication identity was not provided.

GSASL_NO_AUTHZID

Authentication failed because the authorization identity was not provided.

GSASL_NO_PASSWORD

Authentication failed because the password was not provided.

GSASL_NO_PASSCODE

Authentication failed because the passcode was not provided.

GSASL_NO_PIN

Authentication failed because the pin code was not provided.

GSASL_NO_SERVICE

Authentication failed because the service name was not provided.

GSASL_NO_HOSTNAME

Authentication failed because the host name was not provided.

GSASL_GSSAPI_ENCAPSULATE_TOKEN_ERROR

GSSAPI error encapsulating token.

GSASL_GSSAPI_DECAPSULATE_TOKEN_ERROR

GSSAPI error decapsulating token.

GSASL_GSSAPI_INQUIRE_MECH_FOR_SASLNAME_ERROR

GSSAPI error getting OID for SASL mechanism name.

GSASL_GSSAPI_TEST_OID_SET_MEMBER_ERROR

GSSAPI error testing for OID in OID set.

GSASL_GSSAPI_RELEASE_OID_SET_ERROR

GSSAPI error releasing OID set.

GSASL_NO_CB_TLS_UNIQUE

Authentication failed because a tls-unique CB was not provided.

GSASL_NO_SAML20_IDP_IDENTIFIER

Callback failed to provide SAML20 IdP identifier.

GSASL_NO_SAML20_REDIRECT_URL

Callback failed to provide SAML20 redirect URL.

GSASL_NO_OPENID20_REDIRECT_URL

Callback failed to provide OPENID20 redirect URL.

GSASL_NO_CB_TLS_EXPORTER

Authentication failed because a tls-exporter channel binding was not provided.

Next: Error strings, Up: Error Handling   [Contents][Index]