12.1 Error values
Errors are returned as int
values.
The value of the symbol GSASL_OK
is guaranteed to always be
0
, and all other error codes are guaranteed to be non-0
,
so you may use that information to build boolean expressions involving
return codes. Otherwise, an application should not depend on the
particular value for error codes, and are encouraged to use the
constants even for GSASL_OK
to improve readability. Possible
values are:
GSASL_OK
- Libgsasl success
GSASL_NEEDS_MORE
- SASL mechanism needs more data
GSASL_UNKNOWN_MECHANISM
- Unknown SASL mechanism
GSASL_MECHANISM_CALLED_TOO_MANY_TIMES
- SASL mechanism called too many times
GSASL_TOO_SMALL_BUFFER
- SASL function needs larger buffer (internal error)
GSASL_FOPEN_ERROR
- Could not open file in SASL library
GSASL_FCLOSE_ERROR
- Could not close file in SASL library
GSASL_MALLOC_ERROR
- Memory allocation error in SASL library
GSASL_BASE64_ERROR
- Base 64 coding error in SASL library
GSASL_CRYPTO_ERROR
- Low-level crypto error in SASL library
GSASL_NEED_CLIENT_ANONYMOUS_CALLBACK
- SASL mechanism needs gsasl_client_callback_anonymous() callback (application error)
GSASL_NEED_CLIENT_PASSWORD_CALLBACK
- SASL mechanism needs gsasl_client_callback_password() callback (application error)
GSASL_NEED_CLIENT_PASSCODE_CALLBACK
- SASL mechanism needs gsasl_client_callback_passcode() callback (application error)
GSASL_NEED_CLIENT_PIN_CALLBACK
- SASL mechanism needs gsasl_client_callback_pin() callback (application error)
GSASL_NEED_CLIENT_AUTHORIZATION_ID_CALLBACK
- SASL mechanism needs gsasl_client_callback_authorization_id() callback (application error)
GSASL_NEED_CLIENT_AUTHENTICATION_ID_CALLBACK
- SASL mechanism needs gsasl_client_callback_authentication_id() callback (application error)
GSASL_NEED_CLIENT_SERVICE_CALLBACK
- SASL mechanism needs gsasl_client_callback_service() callback (application error)
GSASL_NEED_SERVER_VALIDATE_CALLBACK
- SASL mechanism needs gsasl_server_callback_validate() callback (application error)
GSASL_NEED_SERVER_CRAM_MD5_CALLBACK
- SASL mechanism needs gsasl_server_callback_cram_md5() callback (application error)
GSASL_NEED_SERVER_DIGEST_MD5_CALLBACK
- SASL mechanism needs gsasl_server_callback_digest_md5() callback (application error)
GSASL_NEED_SERVER_EXTERNAL_CALLBACK
- SASL mechanism needs gsasl_server_callback_external() callback (application error)
GSASL_NEED_SERVER_ANONYMOUS_CALLBACK
- SASL mechanism needs gsasl_server_callback_anonymous() callback (application error)
GSASL_NEED_SERVER_REALM_CALLBACK
- SASL mechanism needs gsasl_server_callback_realm() callback (application error)
GSASL_NEED_SERVER_SECURID_CALLBACK
- SASL mechanism needs gsasl_server_callback_securid() callback (application error)
GSASL_NEED_SERVER_SERVICE_CALLBACK
- SASL mechanism needs gsasl_server_callback_service() callback (application error)
GSASL_NEED_SERVER_GSSAPI_CALLBACK
- SASL mechanism needs gsasl_server_callback_gssapi() callback (application error)
GSASL_NEED_SERVER_RETRIEVE_CALLBACK
- SASL mechanism needs gsasl_server_callback_retrieve() callback (application error)
GSASL_UNICODE_NORMALIZATION_ERROR
- Failed to perform Unicode Normalization on string.
GSASL_SASLPREP_ERROR
- Could not prepare internationalized (non-ASCII) string.
GSASL_MECHANISM_PARSE_ERROR
- SASL mechanism could not parse input
GSASL_AUTHENTICATION_ERROR
- Error authenticating user
GSASL_CANNOT_GET_CTX
- Cannot get internal library handle (library error)
GSASL_INTEGRITY_ERROR
- Integrity error in application payload
GSASL_NO_MORE_REALMS
- No more realms available (non-fatal)
GSASL_NO_CLIENT_CODE
- Client-side functionality not available in library (application error)
GSASL_NO_SERVER_CODE
- Server-side functionality not available in library (application error)
GSASL_GSSAPI_RELEASE_BUFFER_ERROR
- GSSAPI library could not deallocate memory in gss_release_buffer() in SASL library. This is a serious internal error.
GSASL_GSSAPI_IMPORT_NAME_ERROR
- GSSAPI library could not understand a peer name in gss_import_name() in SASL library. This is most likely due to incorrect service and/or hostnames.
GSASL_GSSAPI_INIT_SEC_CONTEXT_ERROR
- GSSAPI error in client while negotiating security context in gss_init_sec_context() in SASL library. This is most likely due insufficient credentials or malicious interactions.
GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR
- GSSAPI error in server while negotiating security context in gss_accept_sec_context() in SASL library. This is most likely due insufficient credentials or malicious interactions.
GSASL_GSSAPI_UNWRAP_ERROR
- GSSAPI error while decrypting or decoding data in gss_unwrap() in SASL library. This is most likely due to data corruption.
GSASL_GSSAPI_WRAP_ERROR
- GSSAPI error while encrypting or encoding data in gss_wrap() in SASL library.
GSASL_GSSAPI_ACQUIRE_CRED_ERROR
- GSSAPI error acquiring credentials in gss_acquire_cred() in SASL library. This is most likely due to not having the proper Kerberos key available in /etc/krb5.keytab on the server.
GSASL_GSSAPI_DISPLAY_NAME_ERROR
- GSSAPI error creating a display name denoting the client in gss_display_name() in SASL library. This is probably because the client supplied bad data.
GSASL_GSSAPI_UNSUPPORTED_PROTECTION_ERROR
- Other entity requested integrity or confidentiality protection in GSSAPI mechanism but this is currently not implemented.
GSASL_KERBEROS_V5_INIT_ERROR
- Kerberos V5 initialization failure.
GSASL_KERBEROS_V5_INTERNAL_ERROR
- Kerberos V5 internal error.
GSASL_SECURID_SERVER_NEED_ADDITIONAL_PASSCODE
- SecurID needs additional passcode.
GSASL_SECURID_SERVER_NEED_NEW_PIN
- SecurID needs new pin.
GSASL_INVALID_HANDLE
- The provided library handle was invalid (application error)
GSASL_NO_CALLBACK
- No callback specified by caller (application error).
GSASL_NO_ANONYMOUS_TOKEN
- Authentication failed because the anonymous token was not provided.
GSASL_NO_AUTHID
- Authentication failed because the authentication identity was not provided.
GSASL_NO_AUTHZID
- Authentication failed because the authorization identity was not provided.
GSASL_NO_PASSWORD
- Authentication failed because the password was not provided.
GSASL_NO_PASSCODE
- Authentication failed because the passcode was not provided.
GSASL_NO_PIN
- Authentication failed because the pin code was not provided.
GSASL_NO_SERVICE
- Authentication failed because the service name was not provided.
GSASL_NO_HOSTNAME
- Authentication failed because the host name was not provided.
GSASL_GSSAPI_ENCAPSULATE_TOKEN_ERROR
- GSSAPI error encapsulating token.
GSASL_GSSAPI_DECAPSULATE_TOKEN_ERROR
- GSSAPI error decapsulating token.
GSASL_GSSAPI_INQUIRE_MECH_FOR_SASLNAME_ERROR
- GSSAPI error getting OID for SASL mechanism name.
GSASL_GSSAPI_TEST_OID_SET_MEMBER_ERROR
- GSSAPI error testing for OID in OID set.
GSASL_GSSAPI_RELEASE_OID_SET_ERROR
- GSSAPI error releasing OID set.
GSASL_NO_CB_TLS_UNIQUE
- Authentication failed because a tls-unique CB was not provided.
GSASL_NO_SAML20_IDP_IDENTIFIER
- Callback failed to provide SAML20 IdP identifier.
GSASL_NO_SAML20_REDIRECT_URL
- Callback failed to provide SAML20 redirect URL.
GSASL_NO_OPENID20_REDIRECT_URL
- Callback failed to provide OPENID20 redirect URL.