The crypto/krb5 library returns standard negative errno values,
but the GSS mechanism layer reports results as GSS_S_* major
status codes. A translation is needed at each call site that
will be switched to the new library.
Rather than open-coding the mapping in every wrapper, provide a
single helper function.
Assisted-by: Claude:claude-opus-4-6
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
u32 krb5_etm_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
struct xdr_buf *buf, u32 *headskip, u32 *tailskip);
+u32 gss_krb5_errno_to_status(int err);
+
#if IS_ENABLED(CONFIG_KUNIT)
void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out);
const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype);
kfree(kctx);
}
+/**
+ * gss_krb5_errno_to_status - Map a negative errno to a GSS major status
+ * @err: negative errno value, or zero
+ *
+ * Returns:
+ * %GSS_S_COMPLETE if @err is zero
+ * %GSS_S_BAD_SIG if @err is -EBADMSG (integrity check failure)
+ * %GSS_S_DEFECTIVE_TOKEN if @err is -EPROTO (malformed token)
+ * %GSS_S_FAILURE for all other negative values
+ */
+u32 gss_krb5_errno_to_status(int err)
+{
+ switch (err) {
+ case 0:
+ return GSS_S_COMPLETE;
+ case -EBADMSG:
+ return GSS_S_BAD_SIG;
+ case -EPROTO:
+ return GSS_S_DEFECTIVE_TOKEN;
+ default:
+ return GSS_S_FAILURE;
+ }
+}
+
/**
* gss_krb5_get_mic - get_mic for the Kerberos GSS mechanism
* @gctx: GSS context
projects / thirdparty / linux.git / commitdiff
