src/lib/krb425/425error.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

/*
 * lib/krb425/425error.c
 *
 * Copyright 1990,1991 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 * 
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 * 
 *
 * convert error codes from v5 to v4
 */


#include <krb.h>
#include "krb5.h"

int	krb5_425_error;		/* For people who want to know what */
				/* the *real* error was....  */

int
krb425error(e)
krb5_error_code e;
{
	/*
	 * This is not a very good switch.
	 * Probably needs to be rewritten.
	 */
	krb5_425_error = e;
	switch (e) {
	case 0:				/* No error */
		return(KSUCCESS);

	case KRB5KDC_ERR_NAME_EXP:	/* Client's entry in DB expired */
		return(KDC_NAME_EXP);

	case KRB5KDC_ERR_SERVICE_EXP:	/* Server's entry in DB expired */
		return(KDC_SERVICE_EXP);

	case KRB5KDC_ERR_BAD_PVNO:	/* Requested pvno not supported */
		return(KDC_PKT_VER);

	case KRB5KDC_ERR_C_OLD_MAST_KVNO:/* C's key encrypted in old master */
		return(KDC_P_MKEY_VER);

	case KRB5KDC_ERR_S_OLD_MAST_KVNO:/* S's key encrypted in old master */
		return(KDC_S_MKEY_VER);

	case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:/* Client not found in Kerberos DB */
	case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:/* Server not found in Kerberos DB */
		return(KDC_PR_UNKNOWN);

	case KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE:/* Multiple entries in Kerberos DB */
		return(KDC_PR_N_UNIQUE);

	case KRB5KDC_ERR_NULL_KEY:	/* The C or S has a null key */
		return(KDC_NULL_KEY);

	case KRB5KDC_ERR_CANNOT_POSTDATE:/* Tkt ineligible for postdating */
	case KRB5KDC_ERR_NEVER_VALID:	/* Requested starttime > endtime */
	case KRB5KDC_ERR_POLICY:	/* KDC policy rejects request */
	case KRB5KDC_ERR_BADOPTION:	/* KDC can't do requested opt. */
	case KRB5KDC_ERR_ETYPE_NOSUPP:	/* No support for encryption type */
	case KRB5_KDCREP_MODIFIED:	/* KDC reply did not match expectations */
	case KRB5_KDCREP_SKEW:		/* Clock skew too great in KDC reply */
		return(KDC_GEN_ERR);
	case KRB5_KDC_UNREACH:		/* Cannot contact any KDC for requested realm */
	case KRB5_REALM_UNKNOWN:	/* Cannot find KDC for requested realm */
		return(SKDC_CANT);

	case KRB5KRB_AP_ERR_BAD_INTEGRITY: /* Decrypt integrity check failed */
	case KRB5KRB_AP_ERR_TKT_INVALID: /* Ticket has invalid flag set */

		return(RD_AP_UNDEC);

	case KRB5KRB_AP_ERR_TKT_EXPIRED:/* Ticket expired */
		return(RD_AP_EXP);

	case KRB5KRB_AP_ERR_TKT_NYV:	/* Ticket not yet valid */
		return(RD_AP_NYV);

	case KRB5KRB_AP_ERR_REPEAT:		/* Request is a replay */
		return(RD_AP_REPEAT);

	case KRB5KRB_AP_ERR_NOT_US:		/* The ticket isn't for us */
		return(RD_AP_NOT_US);

	case KRB5KRB_AP_ERR_BADMATCH:	/* Ticket/authenticator don't match */
		return(RD_AP_INCON);

	case KRB5KRB_AP_ERR_SKEW:		/* Clock skew too great */
		return(RD_AP_TIME);

	case KRB5KRB_AP_ERR_BADADDR:	/* Incorrect net address */
		return(RD_AP_BADD);

	case KRB5KRB_AP_ERR_BADVERSION:	/* Protocol version mismatch */
		return(RD_AP_VERSION);

	case KRB5KRB_AP_ERR_MSG_TYPE:	/* Invalid message type */
	case KRB5_BADMSGTYPE:		/* Invalid message type specified for encoding */
		return(RD_AP_MSG_TYPE);

	case KRB5KRB_AP_ERR_MODIFIED:	/* Message stream modified */
		return(RD_AP_MODIFIED);

	case KRB5KRB_AP_ERR_BADORDER:	/* Message out of order */
	case KRB5KRB_AP_ERR_BADSEQ:	/* Message out of order */
	case KRB5KRB_AP_ERR_BADDIRECTION: /* Incorrect message direction */
		return(RD_AP_ORDER);

	case KRB5KRB_AP_ERR_BADKEYVER:	/* Key version is not available */
	case KRB5KRB_AP_ERR_NOKEY:		/* Service key not available */
	case KRB5KRB_AP_ERR_MUT_FAIL:	/* Mutual authentication failed */
		return(RD_AP_INCON);

	case KRB5_CC_BADNAME:		/* Credential cache name malformed */
	case KRB5_CC_UNKNOWN_TYPE:	/* Unknown credential cache type */
	case KRB5_CC_TYPE_EXISTS:	/* Credentials cache type is already registered */
	case KRB5_CC_IO:		/* Credentials cache I/O operation failedXXX */
	case KRB5_CC_NOMEM:		/* No more memory to allocate (in credentials cache code) */
		return(TKT_FIL_ACC);
	case KRB5_CC_END:		/* End of credential cache reached */
		return(RET_NOTKT);
	case KRB5_CC_NOTFOUND:		/* Matching credential not found */
		return(NO_TKT_FIL);

	case KRB5_NO_TKT_IN_RLM:	/* Cannot find ticket for requested realm */
		return(AD_NOTGT);
	case KRB5KRB_ERR_FIELD_TOOLONG:	/* Field is too long for impl. */
	default:
		return(KFAILURE);
	}
}