constants.go
12.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
// Package errorcode provides Kerberos 5 assigned error codes.
package errorcode
import "fmt"
// Kerberos error codes.
const (
KDC_ERR_NONE int32 = 0 //No error
KDC_ERR_NAME_EXP int32 = 1 //Client's entry in database has expired
KDC_ERR_SERVICE_EXP int32 = 2 //Server's entry in database has expired
KDC_ERR_BAD_PVNO int32 = 3 //Requested protocol version number not supported
KDC_ERR_C_OLD_MAST_KVNO int32 = 4 //Client's key encrypted in old master key
KDC_ERR_S_OLD_MAST_KVNO int32 = 5 //Server's key encrypted in old master key
KDC_ERR_C_PRINCIPAL_UNKNOWN int32 = 6 //Client not found in Kerberos database
KDC_ERR_S_PRINCIPAL_UNKNOWN int32 = 7 //Server not found in Kerberos database
KDC_ERR_PRINCIPAL_NOT_UNIQUE int32 = 8 //Multiple principal entries in database
KDC_ERR_NULL_KEY int32 = 9 //The client or server has a null key
KDC_ERR_CANNOT_POSTDATE int32 = 10 //Ticket not eligible for postdating
KDC_ERR_NEVER_VALID int32 = 11 //Requested starttime is later than end time
KDC_ERR_POLICY int32 = 12 //KDC policy rejects request
KDC_ERR_BADOPTION int32 = 13 //KDC cannot accommodate requested option
KDC_ERR_ETYPE_NOSUPP int32 = 14 //KDC has no support for encryption type
KDC_ERR_SUMTYPE_NOSUPP int32 = 15 //KDC has no support for checksum type
KDC_ERR_PADATA_TYPE_NOSUPP int32 = 16 //KDC has no support for padata type
KDC_ERR_TRTYPE_NOSUPP int32 = 17 //KDC has no support for transited type
KDC_ERR_CLIENT_REVOKED int32 = 18 //Clients credentials have been revoked
KDC_ERR_SERVICE_REVOKED int32 = 19 //Credentials for server have been revoked
KDC_ERR_TGT_REVOKED int32 = 20 //TGT has been revoked
KDC_ERR_CLIENT_NOTYET int32 = 21 //Client not yet valid; try again later
KDC_ERR_SERVICE_NOTYET int32 = 22 //Server not yet valid; try again later
KDC_ERR_KEY_EXPIRED int32 = 23 //Password has expired; change password to reset
KDC_ERR_PREAUTH_FAILED int32 = 24 //Pre-authentication information was invalid
KDC_ERR_PREAUTH_REQUIRED int32 = 25 //Additional pre-authentication required
KDC_ERR_SERVER_NOMATCH int32 = 26 //Requested server and ticket don't match
KDC_ERR_MUST_USE_USER2USER int32 = 27 //Server principal valid for user2user only
KDC_ERR_PATH_NOT_ACCEPTED int32 = 28 //KDC Policy rejects transited path
KDC_ERR_SVC_UNAVAILABLE int32 = 29 //A service is not available
KRB_AP_ERR_BAD_INTEGRITY int32 = 31 //Integrity check on decrypted field failed
KRB_AP_ERR_TKT_EXPIRED int32 = 32 //Ticket expired
KRB_AP_ERR_TKT_NYV int32 = 33 //Ticket not yet valid
KRB_AP_ERR_REPEAT int32 = 34 //Request is a replay
KRB_AP_ERR_NOT_US int32 = 35 //The ticket isn't for us
KRB_AP_ERR_BADMATCH int32 = 36 //Ticket and authenticator don't match
KRB_AP_ERR_SKEW int32 = 37 //Clock skew too great
KRB_AP_ERR_BADADDR int32 = 38 //Incorrect net address
KRB_AP_ERR_BADVERSION int32 = 39 //Protocol version mismatch
KRB_AP_ERR_MSG_TYPE int32 = 40 //Invalid msg type
KRB_AP_ERR_MODIFIED int32 = 41 //Message stream modified
KRB_AP_ERR_BADORDER int32 = 42 //Message out of order
KRB_AP_ERR_BADKEYVER int32 = 44 //Specified version of key is not available
KRB_AP_ERR_NOKEY int32 = 45 //Service key not available
KRB_AP_ERR_MUT_FAIL int32 = 46 //Mutual authentication failed
KRB_AP_ERR_BADDIRECTION int32 = 47 //Incorrect message direction
KRB_AP_ERR_METHOD int32 = 48 //Alternative authentication method required
KRB_AP_ERR_BADSEQ int32 = 49 //Incorrect sequence number in message
KRB_AP_ERR_INAPP_CKSUM int32 = 50 //Inappropriate type of checksum in message
KRB_AP_PATH_NOT_ACCEPTED int32 = 51 //Policy rejects transited path
KRB_ERR_RESPONSE_TOO_BIG int32 = 52 //Response too big for UDP; retry with TCP
KRB_ERR_GENERIC int32 = 60 //Generic error (description in e-text)
KRB_ERR_FIELD_TOOLONG int32 = 61 //Field is too long for this implementation
KDC_ERROR_CLIENT_NOT_TRUSTED int32 = 62 //Reserved for PKINIT
KDC_ERROR_KDC_NOT_TRUSTED int32 = 63 //Reserved for PKINIT
KDC_ERROR_INVALID_SIG int32 = 64 //Reserved for PKINIT
KDC_ERR_KEY_TOO_WEAK int32 = 65 //Reserved for PKINIT
KDC_ERR_CERTIFICATE_MISMATCH int32 = 66 //Reserved for PKINIT
KRB_AP_ERR_NO_TGT int32 = 67 //No TGT available to validate USER-TO-USER
KDC_ERR_WRONG_REALM int32 = 68 //Reserved for future use
KRB_AP_ERR_USER_TO_USER_REQUIRED int32 = 69 //Ticket must be for USER-TO-USER
KDC_ERR_CANT_VERIFY_CERTIFICATE int32 = 70 //Reserved for PKINIT
KDC_ERR_INVALID_CERTIFICATE int32 = 71 //Reserved for PKINIT
KDC_ERR_REVOKED_CERTIFICATE int32 = 72 //Reserved for PKINIT
KDC_ERR_REVOCATION_STATUS_UNKNOWN int32 = 73 //Reserved for PKINIT
KDC_ERR_REVOCATION_STATUS_UNAVAILABLE int32 = 74 //Reserved for PKINIT
KDC_ERR_CLIENT_NAME_MISMATCH int32 = 75 //Reserved for PKINIT
KDC_ERR_KDC_NAME_MISMATCH int32 = 76 //Reserved for PKINIT
)
// Lookup an error code description.
func Lookup(i int32) string {
if s, ok := errorcodeLookup[i]; ok {
return fmt.Sprintf("(%d) %s", i, s)
}
return fmt.Sprintf("Unknown ErrorCode %d", i)
}
var errorcodeLookup = map[int32]string{
KDC_ERR_NONE: "KDC_ERR_NONE No error",
KDC_ERR_NAME_EXP: "KDC_ERR_NAME_EXP Client's entry in database has expired",
KDC_ERR_SERVICE_EXP: "KDC_ERR_SERVICE_EXP Server's entry in database has expired",
KDC_ERR_BAD_PVNO: "KDC_ERR_BAD_PVNO Requested protocol version number not supported",
KDC_ERR_C_OLD_MAST_KVNO: "KDC_ERR_C_OLD_MAST_KVNO Client's key encrypted in old master key",
KDC_ERR_S_OLD_MAST_KVNO: "KDC_ERR_S_OLD_MAST_KVNO Server's key encrypted in old master key",
KDC_ERR_C_PRINCIPAL_UNKNOWN: "KDC_ERR_C_PRINCIPAL_UNKNOWN Client not found in Kerberos database",
KDC_ERR_S_PRINCIPAL_UNKNOWN: "KDC_ERR_S_PRINCIPAL_UNKNOWN Server not found in Kerberos database",
KDC_ERR_PRINCIPAL_NOT_UNIQUE: "KDC_ERR_PRINCIPAL_NOT_UNIQUE Multiple principal entries in database",
KDC_ERR_NULL_KEY: "KDC_ERR_NULL_KEY The client or server has a null key",
KDC_ERR_CANNOT_POSTDATE: "KDC_ERR_CANNOT_POSTDATE Ticket not eligible for postdating",
KDC_ERR_NEVER_VALID: "KDC_ERR_NEVER_VALID Requested starttime is later than end time",
KDC_ERR_POLICY: "KDC_ERR_POLICY KDC policy rejects request",
KDC_ERR_BADOPTION: "KDC_ERR_BADOPTION KDC cannot accommodate requested option",
KDC_ERR_ETYPE_NOSUPP: "KDC_ERR_ETYPE_NOSUPP KDC has no support for encryption type",
KDC_ERR_SUMTYPE_NOSUPP: "KDC_ERR_SUMTYPE_NOSUPP KDC has no support for checksum type",
KDC_ERR_PADATA_TYPE_NOSUPP: "KDC_ERR_PADATA_TYPE_NOSUPP KDC has no support for padata type",
KDC_ERR_TRTYPE_NOSUPP: "KDC_ERR_TRTYPE_NOSUPP KDC has no support for transited type",
KDC_ERR_CLIENT_REVOKED: "KDC_ERR_CLIENT_REVOKED Clients credentials have been revoked",
KDC_ERR_SERVICE_REVOKED: "KDC_ERR_SERVICE_REVOKED Credentials for server have been revoked",
KDC_ERR_TGT_REVOKED: "KDC_ERR_TGT_REVOKED TGT has been revoked",
KDC_ERR_CLIENT_NOTYET: "KDC_ERR_CLIENT_NOTYET Client not yet valid; try again later",
KDC_ERR_SERVICE_NOTYET: "KDC_ERR_SERVICE_NOTYET Server not yet valid; try again later",
KDC_ERR_KEY_EXPIRED: "KDC_ERR_KEY_EXPIRED Password has expired; change password to reset",
KDC_ERR_PREAUTH_FAILED: "KDC_ERR_PREAUTH_FAILED Pre-authentication information was invalid",
KDC_ERR_PREAUTH_REQUIRED: "KDC_ERR_PREAUTH_REQUIRED Additional pre-authentication required",
KDC_ERR_SERVER_NOMATCH: "KDC_ERR_SERVER_NOMATCH Requested server and ticket don't match",
KDC_ERR_MUST_USE_USER2USER: "KDC_ERR_MUST_USE_USER2USER Server principal valid for user2user only",
KDC_ERR_PATH_NOT_ACCEPTED: "KDC_ERR_PATH_NOT_ACCEPTED KDC Policy rejects transited path",
KDC_ERR_SVC_UNAVAILABLE: "KDC_ERR_SVC_UNAVAILABLE A service is not available",
KRB_AP_ERR_BAD_INTEGRITY: "KRB_AP_ERR_BAD_INTEGRITY Integrity check on decrypted field failed",
KRB_AP_ERR_TKT_EXPIRED: "KRB_AP_ERR_TKT_EXPIRED Ticket expired",
KRB_AP_ERR_TKT_NYV: "KRB_AP_ERR_TKT_NYV Ticket not yet valid",
KRB_AP_ERR_REPEAT: "KRB_AP_ERR_REPEAT Request is a replay",
KRB_AP_ERR_NOT_US: "KRB_AP_ERR_NOT_US The ticket isn't for us",
KRB_AP_ERR_BADMATCH: "KRB_AP_ERR_BADMATCH Ticket and authenticator don't match",
KRB_AP_ERR_SKEW: "KRB_AP_ERR_SKEW Clock skew too great",
KRB_AP_ERR_BADADDR: "KRB_AP_ERR_BADADDR Incorrect net address",
KRB_AP_ERR_BADVERSION: "KRB_AP_ERR_BADVERSION Protocol version mismatch",
KRB_AP_ERR_MSG_TYPE: "KRB_AP_ERR_MSG_TYPE Invalid msg type",
KRB_AP_ERR_MODIFIED: "KRB_AP_ERR_MODIFIED Message stream modified",
KRB_AP_ERR_BADORDER: "KRB_AP_ERR_BADORDER Message out of order",
KRB_AP_ERR_BADKEYVER: "KRB_AP_ERR_BADKEYVER Specified version of key is not available",
KRB_AP_ERR_NOKEY: "KRB_AP_ERR_NOKEY Service key not available",
KRB_AP_ERR_MUT_FAIL: "KRB_AP_ERR_MUT_FAIL Mutual authentication failed",
KRB_AP_ERR_BADDIRECTION: "KRB_AP_ERR_BADDIRECTION Incorrect message direction",
KRB_AP_ERR_METHOD: "KRB_AP_ERR_METHOD Alternative authentication method required",
KRB_AP_ERR_BADSEQ: "KRB_AP_ERR_BADSEQ Incorrect sequence number in message",
KRB_AP_ERR_INAPP_CKSUM: "KRB_AP_ERR_INAPP_CKSUM Inappropriate type of checksum in message",
KRB_AP_PATH_NOT_ACCEPTED: "KRB_AP_PATH_NOT_ACCEPTED Policy rejects transited path",
KRB_ERR_RESPONSE_TOO_BIG: "KRB_ERR_RESPONSE_TOO_BIG Response too big for UDP; retry with TCP",
KRB_ERR_GENERIC: "KRB_ERR_GENERIC Generic error (description in e-text)",
KRB_ERR_FIELD_TOOLONG: "KRB_ERR_FIELD_TOOLONG Field is too long for this implementation",
KDC_ERROR_CLIENT_NOT_TRUSTED: "KDC_ERROR_CLIENT_NOT_TRUSTED Reserved for PKINIT",
KDC_ERROR_KDC_NOT_TRUSTED: "KDC_ERROR_KDC_NOT_TRUSTED Reserved for PKINIT",
KDC_ERROR_INVALID_SIG: "KDC_ERROR_INVALID_SIG Reserved for PKINIT",
KDC_ERR_KEY_TOO_WEAK: "KDC_ERR_KEY_TOO_WEAK Reserved for PKINIT",
KDC_ERR_CERTIFICATE_MISMATCH: "KDC_ERR_CERTIFICATE_MISMATCH Reserved for PKINIT",
KRB_AP_ERR_NO_TGT: "KRB_AP_ERR_NO_TGT No TGT available to validate USER-TO-USER",
KDC_ERR_WRONG_REALM: "KDC_ERR_WRONG_REALM Reserved for future use",
KRB_AP_ERR_USER_TO_USER_REQUIRED: "KRB_AP_ERR_USER_TO_USER_REQUIRED Ticket must be for USER-TO-USER",
KDC_ERR_CANT_VERIFY_CERTIFICATE: "KDC_ERR_CANT_VERIFY_CERTIFICATE Reserved for PKINIT",
KDC_ERR_INVALID_CERTIFICATE: "KDC_ERR_INVALID_CERTIFICATE Reserved for PKINIT",
KDC_ERR_REVOKED_CERTIFICATE: "KDC_ERR_REVOKED_CERTIFICATE Reserved for PKINIT",
KDC_ERR_REVOCATION_STATUS_UNKNOWN: "KDC_ERR_REVOCATION_STATUS_UNKNOWN Reserved for PKINIT",
KDC_ERR_REVOCATION_STATUS_UNAVAILABLE: "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE Reserved for PKINIT",
KDC_ERR_CLIENT_NAME_MISMATCH: "KDC_ERR_CLIENT_NAME_MISMATCH Reserved for PKINIT",
KDC_ERR_KDC_NAME_MISMATCH: "KDC_ERR_KDC_NAME_MISMATCH Reserved for PKINIT",
}