On Dec 7, 2009, at 5:12 AM, Alexander Lamaison wrote: >> The thought that occured to me before was that we might need to take >> a bit of a stand in libssh2 here on whether it should provide error >> codes that are close to the protocol errors (which I would prefer) or >> whether it should try to be smart and cook protocol error codes into >> something that could be expected that application writers would >> prefer, or just where we think that protocol errors suck. > > Which protocol errors are we actually talking about here? According > to the spec the only error that all the various authentication methods > return is SSH_MSG_USERAUTH_FAILURE. There don't seem to be any > method-specific errors. So why does libssh2 have them? > > If it's just a matter of libssh2 cooking up separate error codes for > its different authentication methods, then I think we should revisit > the option of making them all return some common > LIBSSH2_ERROR_USERAUTH value. After all, that would be the protocol > error.
That's the question: Should we have a single "authorization failed" error vs. more specific codes. If you look at UNIX error codes as a model, it has been kept simple; ENOENT which means "Not found", exactly what is not found depends on the context, there aren't a proliferation of error codes for "directory not found", "regular file not found", "symlink not found", "domain socket not found" etc. Personally, I think that we should have a single "authorization failed" -- it's reporting is that you've been denied login because you're not authorized (regardless of *how* you're being authorized). Now this doesn't mean that there are other, related errors that can happen -- such as not having the right password for the private key, or maybe the server might report that the username you've used doesn't exist. These are all valid reasons why the login failed, but they don't mean you're not authorized, just that you *couldn't* be authorized at this time. _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
