The first revision after the creation of the

implementor's guide

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3770 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 271 insertions, 0 deletions

diff --git a/doc/api/errors.tex b/doc/api/errors.tex
new file mode 100644
index 0000000000..1aa393e5de
--- /dev/null
+++ b/doc/api/errors.tex
@@ -0,0 +1,271 @@
+\subsection{error_table krb5}
+
+% $Source$
+% $Author$
+
+The Kerberos v5 library error code table follows.
+Protocol error codes are ERROR_TABLE_BASE_krb5 + the protocol error
+code number.  Other error codes start at ERROR_TABLE_BASE_krb5 + 128.
+
+\begin{small}
+\begin{tabular}{ll}
+{\sc krb5kdc_err_none }&	 No error \\
+{\sc krb5kdc_err_name_exp }& Client's entry in database has expired \\
+{\sc krb5kdc_err_service_exp }& Server's entry in database has expired \\
+{\sc krb5kdc_err_bad_pvno }& Requested protocol version not supported \\	
+{\sc krb5kdc_err_c_old_mast_kvno }& Client's key is encrypted in an old master key \\
+{\sc krb5kdc_err_s_old_mast_kvno }& Server's key is encrypted in an old master key \\
+{\sc krb5kdc_err_c_principal_unknown }&  Client not found in Kerberos database \\
+{\sc krb5kdc_err_s_principal_unknown }&  Server not found in Kerberos database \\
+{\sc krb5kdc_err_principal_not_unique }&  Principal has multiple entries in Kerberos database \\
+{\sc krb5kdc_err_null_key }& Client or server has a null key \\
+{\sc krb5kdc_err_cannot_postdate }& Ticket is ineligible for postdating \\
+{\sc krb5kdc_err_never_valid }& Requested effective lifetime is negative or too short \\
+{\sc krb5kdc_err_policy }&	 KDC policy rejects request \\
+{\sc krb5kdc_err_badoption }& KDC can't fulfill requested option \\
+{\sc krb5kdc_err_etype_nosupp }& KDC has no support for encryption type \\
+{\sc krb5kdc_err_sumtype_nosupp }& KDC has no support for checksum type \\
+{\sc krb5kdc_err_padata_type_nosupp }&  KDC has no support for padata type \\
+{\sc krb5kdc_err_trtype_nosupp }& KDC has no support for transited type \\
+{\sc krb5kdc_err_client_revoked }& Clients credentials have been revoked \\
+{\sc krb5kdc_err_service_revoked }& Credentials for server have been revoked \\
+{\sc krb5kdc_err_tgt_revoked }& TGT has been revoked \\
+{\sc krb5kdc_err_client_notyet }& Client not yet valid - try again later \\
+{\sc krb5kdc_err_service_notyet }& Server not yet valid - try again later \\
+{\sc krb5kdc_err_key_exp }&  	 Password has expired \\
+{\sc krb5kdc_preauth_failed }&  	 Preauthentication failed \\
+
+ & \multicolumn{1}{c}{error codes 25-30 are currently placeholders} \\
+\end{tabular}
+
+\begin{tabular}{ll}
+{\sc krb5krb_ap_err_bad_integrity }&  Decrypt integrity check failed \\
+{\sc krb5krb_ap_err_tkt_expired }& Ticket expired \\
+{\sc krb5krb_ap_err_tkt_nyv }& Ticket not yet valid \\
+{\sc krb5krb_ap_err_repeat }& Request is a replay \\
+{\sc krb5krb_ap_err_not_us }& The ticket isn't for us \\
+{\sc krb5krb_ap_err_badmatch }& Ticket/authenticator don't match \\
+{\sc krb5krb_ap_err_skew }& Clock skew too great \\
+{\sc krb5krb_ap_err_badaddr }& Incorrect net address \\
+{\sc krb5krb_ap_err_badversion }& Protocol version mismatch \\
+{\sc krb5krb_ap_err_msg_type }& Invalid message type \\
+{\sc krb5krb_ap_err_modified }& Message stream modified \\
+{\sc krb5krb_ap_err_badorder }& Message out of order \\
+{\sc krb5placehold_43 }&	 KRB5 error code 43 \\
+{\sc krb5krb_ap_err_badkeyver }& Key version is not available \\
+{\sc krb5krb_ap_err_nokey }& Service key not available \\
+{\sc krb5krb_ap_err_mut_fail }& Mutual authentication failed \\
+{\sc krb5krb_ap_err_baddirection }& Incorrect message direction \\
+{\sc krb5krb_ap_err_method }& Alternative authentication method required \\
+{\sc krb5krb_ap_err_badseq }& Incorrect sequence number in message \\
+{\sc krb5krb_ap_err_inapp_cksum }& Inappropriate type of checksum in message \\ 
+
+ & \multicolumn{1}{c}{error codes 51-59 are currently placeholders} \\
+
+{\sc krb5krb_err_generic }& Generic error (see e-text) \\
+{\sc krb5krb_err_field_toolong }& Field is too long for this implementation \\
+
+& \multicolumn{1}{c}{error codes 62-127 are currently placeholders} \\
+\end{tabular}
+
+\begin{tabular}{ll}
+{\sc krb5_libos_badlockflag }& Invalid flag for file lock mode \\
+{\sc krb5_libos_cantreadpwd }& Cannot read password \\
+{\sc krb5_libos_badpwdmatch }& Password mismatch \\
+{\sc krb5_libos_pwdintr }&	 Password read interrupted \\
+{\sc krb5_parse_illchar }&	 Illegal character in component name \\
+{\sc krb5_parse_malformed }& Malformed representation of principal \\
+{\sc krb5_config_cantopen }& Can't open/find configuration file \\
+{\sc krb5_config_badformat }& Improper format of configuration file \\
+{\sc krb5_config_notenufspace }& Insufficient space to return complete information \\
+{\sc krb5_badmsgtype }&	 Invalid message type specified for encoding \\
+{\sc krb5_cc_badname }&	 Credential cache name malformed \\
+{\sc krb5_cc_unknown_type }& Unknown credential cache type  \\
+{\sc krb5_cc_notfound }&	 Matching credential not found \\
+{\sc krb5_cc_end }&		 End of credential cache reached \\
+{\sc krb5_no_tkt_supplied }& Request did not supply a ticket \\
+{\sc krb5krb_ap_wrong_princ }&	 Wrong principal in request \\
+{\sc krb5krb_ap_err_tkt_invalid }& Ticket has invalid flag set \\
+{\sc krb5_princ_nomatch }&	 Requested principal and ticket don't match \\
+{\sc krb5_kdcrep_modified }& KDC reply did not match expectations \\
+{\sc krb5_prog_etype_nosupp }& Program lacks support for encryption type \\
+{\sc krb5_prog_keytype_nosupp }& Program lacks support for key type \\
+{\sc krb5_wrong_etype }&	 Requested encryption type not used in message \\
+{\sc krb5_prog_sumtype_nosupp }& Program lacks support for checksum type \\
+{\sc krb5_realm_unknown }&	 Cannot find KDC for requested realm \\
+{\sc krb5_kdc_unreach }&	 Cannot contact any KDC for requested realm \\
+{\sc krb5_no_localname }&	 No local name found for principal name \\
+
+%\multicolumn{1}{c}{some of these should be combined/supplanted by system codes} \\
+\end{tabular}
+
+\begin{tabular}{ll}
+{\sc krb5_rc_type_exists }&	 Replay cache type is already registered \\
+{\sc krb5_rc_malloc }&	 No more memory to allocate (in replay cache code) \\
+{\sc krb5_rc_type_notfound }& Replay cache type is unknown \\
+{\sc krb5_rc_unknown }&	 Generic unknown RC error \\
+{\sc krb5_rc_replay }&	 Message is a replay \\
+{\sc krb5_rc_io }&		 Replay I/O operation failed XXX \\
+{\sc krb5_rc_noio }&	 Replay cache type does not support non-volatile storage \\
+{\sc krb5_rc_parse }& Replay cache name parse/format error \\
+{\sc krb5_rc_io_eof }&	 End-of-file on replay cache I/O \\
+{\sc krb5_rc_io_malloc }& No more memory to allocate (in replay cache I/O code)\\
+{\sc krb5_rc_io_perm }&	 Permission denied in replay cache code \\
+{\sc krb5_rc_io_io }&	 I/O error in replay cache i/o code \\
+{\sc krb5_rc_io_unknown }&	 Generic unknown RC/IO error \\
+{\sc krb5_rc_io_space }& Insufficient system space to store replay information \\
+{\sc krb5_trans_cantopen }&	 Can't open/find realm translation file \\
+{\sc krb5_trans_badformat }& Improper format of realm translation file \\
+{\sc krb5_lname_cantopen }&	 Can't open/find lname translation database \\
+{\sc krb5_lname_notrans }&	 No translation available for requested principal \\
+{\sc krb5_lname_badformat }& Improper format of translation database entry \\
+{\sc krb5_crypto_internal }& Cryptosystem internal error \\
+{\sc krb5_kt_badname }&	 Key table name malformed \\
+{\sc krb5_kt_unknown_type }& Unknown Key table type  \\
+{\sc krb5_kt_notfound }&	 Key table entry not found \\
+{\sc krb5_kt_end }&		 End of key table reached \\
+{\sc krb5_kt_nowrite }&	 Cannot write to specified key table \\
+{\sc krb5_kt_ioerr }&	 Error writing to key table \\
+{\sc krb5_no_tkt_in_rlm }&	 Cannot find ticket for requested realm \\
+{\sc krb5des_bad_keypar }&	 DES key has bad parity \\
+{\sc krb5des_weak_key }&	 DES key is a weak key \\
+{\sc krb5_bad_keytype }&	 Keytype is incompatible with encryption type \\
+{\sc krb5_bad_keysize }&	 Key size is incompatible with encryption type \\
+{\sc krb5_bad_msize }&	 Message size is incompatible with encryption type \\
+{\sc krb5_cc_type_exists }&	 Credentials cache type is already registered. \\
+{\sc krb5_kt_type_exists }&	 Key table type is already registered. \\
+{\sc krb5_cc_io }&		 Credentials cache I/O operation failed XXX \\
+{\sc krb5_fcc_perm }&	 Credentials cache file permissions incorrect \\
+{\sc krb5_fcc_nofile }&	 No credentials cache file found \\
+{\sc krb5_fcc_internal }&	 Internal file credentials cache error \\
+{\sc krb5_cc_nomem }& No more memory to allocate (in credentials cache code) \\ 
+
+\end{tabular}
+
+\begin{tabular}{ll}
+& \multicolumn{1}{c}{errors for dual TGT library calls} \\
+
+{\sc krb5_invalid_flags }& Invalid KDC option combination (library internal error) \\
+{\sc krb5_no_2nd_tkt }&	 Request missing second ticket \\
+{\sc krb5_nocreds_supplied }& No credentials supplied to library routine \\
+
+\end{tabular}
+
+\begin{tabular}{ll}
+& \multicolumn{1}{c}{errors for sendauth and recvauth} \\
+
+{\sc krb5_sendauth_badauthvers }& Bad sendauth version was sent \\
+{\sc krb5_sendauth_badapplvers }& Bad application version was sent (via sendauth) \\
+{\sc krb5_sendauth_badresponse }& Bad response (during sendauth exchange) \\
+{\sc krb5_sendauth_rejected }& Server rejected authentication (during sendauth exchange) \\
+{\sc krb5_sendauth_mutual_failed }& Mutual authentication failed (during sendauth exchange) \\
+
+\end{tabular}
+
+\begin{tabular}{ll}
+&\multicolumn{1}{c}{errors for preauthentication} \\
+
+{\sc krb5_preauth_bad_type }& Unsupported preauthentication type \\
+{\sc krb5_preauth_no_key }&	 Required preauthentication key not supplied \\
+{\sc krb5_preauth_failed }&	 Generic preauthentication failure \\
+
+\end{tabular}
+
+\begin{tabular}{ll}
+&\multicolumn{1}{c}{version number errors} \\
+
+{\sc krb5_rcache_badvno }& Unsupported replay cache format version number \\
+{\sc krb5_ccache_badvno }& Unsupported credentials cache format version number \\
+{\sc krb5_keytab_badvno }& Unsupported key table format version number \\
+
+\end{tabular}
+
+\begin{tabular}{ll}
+&\multicolumn{1}{c}{other errors} \\ 
+
+{\sc krb5_prog_atype_nosupp }& Program lacks support for address type \\
+{\sc krb5_rc_required }& Message replay detection requires rcache parameter \\
+{\sc krb5_err_bad_hostname }& Hostname cannot be canonicalized \\
+{\sc krb5_err_host_realm_unknown }& Cannot determine realm for host \\
+{\sc krb5_sname_unsupp_nametype }& Conversion to service principal undefined for name type \\
+\end{tabular}
+\end{small}
+
+\subsection{error_table kdb5}
+
+% $Source$
+% $Author$
+
+The Kerberos v5 database library error code table
+
+\begin{small}
+\begin{tabular}{ll}
+&\multicolumn{1}{c}{From the server side routines} \\
+{\sc krb5_kdb_inuse }&	Entry already exists in database\\
+{\sc krb5_kdb_uk_serror }&	Database store error\\
+{\sc krb5_kdb_uk_rerror }&	Database read error\\
+{\sc krb5_kdb_unauth }&	Insufficient access to perform requested operation\\
+{\sc krb5_kdb_noentry }&	No such entry in the database\\
+{\sc krb5_kdb_ill_wildcard }& Illegal use of wildcard\\
+{\sc krb5_kdb_db_inuse }&	Database is locked or in use--try again later\\
+{\sc krb5_kdb_db_changed }&	Database was modified during read\\
+{\sc krb5_kdb_truncated_record }&	Database record is incomplete or corrupted\\
+{\sc krb5_kdb_recursivelock }&	Attempt to lock database twice\\
+{\sc krb5_kdb_notlocked }&		Attempt to unlock database when not locked\\
+{\sc krb5_kdb_badlockmode }&	Invalid kdb lock mode\\
+{\sc krb5_kdb_dbnotinited }&	Database has not been initialized\\
+{\sc krb5_kdb_dbinited }&		Database has already been initialized\\
+{\sc krb5_kdb_illdirection }&	Bad direction for converting keys\\
+{\sc krb5_kdb_nomasterkey }&	Cannot find master key record in database\\
+{\sc krb5_kdb_badmasterkey }&	Master key does not match database\\
+{\sc krb5_kdb_invalidkeysize }&	Key size in database is invalid\\
+{\sc krb5_kdb_cantread_stored }&	Cannot find/read stored master key\\
+{\sc krb5_kdb_badstored_mkey }&	Stored master key is corrupted\\
+{\sc krb5_kdb_cantlock_db }&	Insufficient access to lock database \\
+{\sc krb5_kdb_db_corrupt }&		Database format error\\
+{\sc krb5_kdb_bad_version }&	Unsupported version in database entry \\
+\end{tabular}
+\end{small}
+
+\subsection{error_table isod}
+
+% $Source$
+% $Author$
+
+ The Kerberos v5/ISODE 5.0 error table mappings --- see $<$isode/psap.h$>$
+
+\begin{small}
+\begin{tabular}{ll} 
+{\sc isode_50_ps_err_none}& isode (ps): No error \\
+{\sc isode_50_ps_err_overid}& isode (ps):Overflow in ID \\
+{\sc isode_50_ps_err_overlen}& isode (ps):Overflow in length \\
+{\sc isode_50_ps_err_nmem}& isode (ps):Out of memory \\
+{\sc isode_50_ps_err_eof}& isode (ps):End of file \\
+{\sc isode_50_ps_err_eofid}& isode (ps):End of file reading extended ID \\
+{\sc isode_50_ps_err_eoflen}& isode (ps):End of file reading extended length \\
+{\sc isode_50_ps_err_len}& isode (ps):Length mismatch \\
+{\sc isode_50_ps_err_trnc}& isode (ps):Truncated \\
+{\sc isode_50_ps_err_indf}& isode (ps):Indefinite length in primitive form \\
+{\sc isode_50_ps_err_io}& isode (ps):I/O error \\
+{\sc isode_50_ps_err_extra}& isode (ps): Extraneous octets \\
+{\sc isode_50_ps_err_xxx}& isode (ps):XXX \\
+{\sc isode_50_pe_err_none}& isode(pe):No error \\
+{\sc isode_50_pe_err_over}& isode(pe):Overflow \\
+{\sc isode_50_pe_err_nmem}& isode(pe):Out of memory \\
+{\sc isode_50_pe_err_bit}& isode(pe):No such bit \\
+{\sc isode_50_pe_err_utct}& isode(pe):Malformed universal timestring \\
+{\sc isode_50_pe_err_gent}& isode(pe):Malformed generalized timestring \\
+{\sc isode_50_pe_err_mber}& isode(pe):No such member \\
+{\sc isode_50_pe_err_prim}& isode(pe):Not a primitive form \\
+{\sc isode_50_pe_err_cons}& isode(pe):Not a constructor form \\
+{\sc isode_50_pe_err_type}& isode(pe):Class/ID mismatch in constructor \\
+{\sc isode_50_pe_err_oid}& isode(pe):Malformed object identifier \\
+{\sc isode_50_pe_err_bits}& isode(pe):Malformed bitstring \\
+{\sc isode_50_pe_err_nosupp}& isode(pe):Type not supported \\
+{\sc isode_50_pe_err_signed}& isode(pe):Signed integer not expected \\
+{\sc isode_50_local_err_baddecode}&	isode: ASN.1 decode failed \\
+{\sc isode_50_local_err_badmsgtype}&	isode: wrong message type after decoding \\
+{\sc isode_50_local_err_badcombo}&	isode: unacceptable combination of options \\
+{\sc isode_local_err_missing_part}&	isode: missing element during translation \\
+\end{tabular}
+\end{small}