HP-UX Reference (11i v3 07/02) - 5 Miscellaneous Topics (vol 9)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

181

182

183

184

185

186

187

188

189

190

gssapi(5) gssapi(5)

The following table lists the calling error values and their meanings:

Calling Errors

Field

Name Value Meaning

Could not read a required input parameter.GSS_S_CALL_INACCESSIBLE_READ 1

Could not write a required output parameter.GSS_S_CALL_INACCESSIBLE_WRITE 2

A parameter was incorrectly structured.GSS_S_BAD_STRUCTURE 3

The following table lists the supplementary bits and their meanings.

Supplementary Information Status Bits

Bit

Name Number Meaning

Call the routine again to complete its function.GSS_S_CONTINUE_NEEDED 0 (LSB)

The token was a duplicate of an earlier token.GSS_S_DUPLICATE_TOKEN 1

The token’s validity period expired; the routine cannot

verify that the token is not a duplicate of an earlier token.

GSS_S_OLD_TOKEN 2

A later token has been processed.GSS_S_UNSEQ_TOKEN 3

All

GSS_S_ symbols equate to complete OM_uint32 status codes, rather than to bitﬁeld values. For

example, the actual value of GSS_S_BAD_NAMETYPE

(value 3 in the routine error ﬁeld) is 3<<16.

The major status code

GSS_S_FAILURE

indicates that the underlying security mechanism has detected

an error for which no major status code is available. Check the minor status code for details about the

error. See the section on minor status values for more information.

The GSSAPI provides three macros:

GSS_CALLING_ERROR()

GSS_ROUTINE_ERROR()

GSS_SUPPLEMENTARY_INFO()

Each macro takes a GSS status code and masks all but the relevant ﬁeld. For example, when you use the

GSS_ROUTINE_ERROR()

macro on a status code, it returns a value. The value of the macro is arrived

at by using only the routine errors ﬁeld and zeroing the values of the calling error and the supplementary

information ﬁelds.

An additional macro,

GSS_ERROR() , lets you determine whether the status code indicated a calling or

routine error. If the status code indicated a calling or routine error, the macro returns a nonzero value. If

no calling or routine error is indicated, the macro returns a 0 (zero).

NOTE: At times, a GSSAPI routine that is unable to access data can generate a platform-speciﬁc signal,

instead of returning a GSS_S_CALL_INACCESSIBLE_READ

GSS_S_CALL_INACCESSIBLE_WRITE

status value.

Minor Status Values

The GSSAPI routines return a minor_status parameter to indicate errors from the underlying security

mechanism. The parameter can contain a single error, indicated by an

OM_uint32 datatype value.

Names

Names identify principals. The GSSAPI authenticates the relationship between a name and the principal

claiming the name.

Names are represented in two forms:

A printable form, for presentation to an application.

An internal, canonical form that is used by the APIs and is opaque to applications.

The gss_import_name() and gss_display_name()

routines convert names between their print-

able form and their

gss_name_t data type.

The gss_compare_name() routine compares internal form names.

186 Hewlett-Packard Company − 5 − HP-UX 11i Version 3: February 2007