156 lines
12 KiB
Go
156 lines
12 KiB
Go
// Package errorcode provides Kerberos 5 assigned error codes.
|
|
package errorcode
|
|
|
|
import "fmt"
|
|
|
|
// Kerberos error codes.
|
|
const (
|
|
KDC_ERR_NONE int32 = 0 //No error
|
|
KDC_ERR_NAME_EXP int32 = 1 //Client's entry in database has expired
|
|
KDC_ERR_SERVICE_EXP int32 = 2 //Server's entry in database has expired
|
|
KDC_ERR_BAD_PVNO int32 = 3 //Requested protocol version number not supported
|
|
KDC_ERR_C_OLD_MAST_KVNO int32 = 4 //Client's key encrypted in old master key
|
|
KDC_ERR_S_OLD_MAST_KVNO int32 = 5 //Server's key encrypted in old master key
|
|
KDC_ERR_C_PRINCIPAL_UNKNOWN int32 = 6 //Client not found in Kerberos database
|
|
KDC_ERR_S_PRINCIPAL_UNKNOWN int32 = 7 //Server not found in Kerberos database
|
|
KDC_ERR_PRINCIPAL_NOT_UNIQUE int32 = 8 //Multiple principal entries in database
|
|
KDC_ERR_NULL_KEY int32 = 9 //The client or server has a null key
|
|
KDC_ERR_CANNOT_POSTDATE int32 = 10 //Ticket not eligible for postdating
|
|
KDC_ERR_NEVER_VALID int32 = 11 //Requested starttime is later than end time
|
|
KDC_ERR_POLICY int32 = 12 //KDC policy rejects request
|
|
KDC_ERR_BADOPTION int32 = 13 //KDC cannot accommodate requested option
|
|
KDC_ERR_ETYPE_NOSUPP int32 = 14 //KDC has no support for encryption type
|
|
KDC_ERR_SUMTYPE_NOSUPP int32 = 15 //KDC has no support for checksum type
|
|
KDC_ERR_PADATA_TYPE_NOSUPP int32 = 16 //KDC has no support for padata type
|
|
KDC_ERR_TRTYPE_NOSUPP int32 = 17 //KDC has no support for transited type
|
|
KDC_ERR_CLIENT_REVOKED int32 = 18 //Clients credentials have been revoked
|
|
KDC_ERR_SERVICE_REVOKED int32 = 19 //Credentials for server have been revoked
|
|
KDC_ERR_TGT_REVOKED int32 = 20 //TGT has been revoked
|
|
KDC_ERR_CLIENT_NOTYET int32 = 21 //Client not yet valid; try again later
|
|
KDC_ERR_SERVICE_NOTYET int32 = 22 //Server not yet valid; try again later
|
|
KDC_ERR_KEY_EXPIRED int32 = 23 //Password has expired; change password to reset
|
|
KDC_ERR_PREAUTH_FAILED int32 = 24 //Pre-authentication information was invalid
|
|
KDC_ERR_PREAUTH_REQUIRED int32 = 25 //Additional pre-authentication required
|
|
KDC_ERR_SERVER_NOMATCH int32 = 26 //Requested server and ticket don't match
|
|
KDC_ERR_MUST_USE_USER2USER int32 = 27 //Server principal valid for user2user only
|
|
KDC_ERR_PATH_NOT_ACCEPTED int32 = 28 //KDC Policy rejects transited path
|
|
KDC_ERR_SVC_UNAVAILABLE int32 = 29 //A service is not available
|
|
KRB_AP_ERR_BAD_INTEGRITY int32 = 31 //Integrity check on decrypted field failed
|
|
KRB_AP_ERR_TKT_EXPIRED int32 = 32 //Ticket expired
|
|
KRB_AP_ERR_TKT_NYV int32 = 33 //Ticket not yet valid
|
|
KRB_AP_ERR_REPEAT int32 = 34 //Request is a replay
|
|
KRB_AP_ERR_NOT_US int32 = 35 //The ticket isn't for us
|
|
KRB_AP_ERR_BADMATCH int32 = 36 //Ticket and authenticator don't match
|
|
KRB_AP_ERR_SKEW int32 = 37 //Clock skew too great
|
|
KRB_AP_ERR_BADADDR int32 = 38 //Incorrect net address
|
|
KRB_AP_ERR_BADVERSION int32 = 39 //Protocol version mismatch
|
|
KRB_AP_ERR_MSG_TYPE int32 = 40 //Invalid msg type
|
|
KRB_AP_ERR_MODIFIED int32 = 41 //Message stream modified
|
|
KRB_AP_ERR_BADORDER int32 = 42 //Message out of order
|
|
KRB_AP_ERR_BADKEYVER int32 = 44 //Specified version of key is not available
|
|
KRB_AP_ERR_NOKEY int32 = 45 //Service key not available
|
|
KRB_AP_ERR_MUT_FAIL int32 = 46 //Mutual authentication failed
|
|
KRB_AP_ERR_BADDIRECTION int32 = 47 //Incorrect message direction
|
|
KRB_AP_ERR_METHOD int32 = 48 //Alternative authentication method required
|
|
KRB_AP_ERR_BADSEQ int32 = 49 //Incorrect sequence number in message
|
|
KRB_AP_ERR_INAPP_CKSUM int32 = 50 //Inappropriate type of checksum in message
|
|
KRB_AP_PATH_NOT_ACCEPTED int32 = 51 //Policy rejects transited path
|
|
KRB_ERR_RESPONSE_TOO_BIG int32 = 52 //Response too big for UDP; retry with TCP
|
|
KRB_ERR_GENERIC int32 = 60 //Generic error (description in e-text)
|
|
KRB_ERR_FIELD_TOOLONG int32 = 61 //Field is too long for this implementation
|
|
KDC_ERROR_CLIENT_NOT_TRUSTED int32 = 62 //Reserved for PKINIT
|
|
KDC_ERROR_KDC_NOT_TRUSTED int32 = 63 //Reserved for PKINIT
|
|
KDC_ERROR_INVALID_SIG int32 = 64 //Reserved for PKINIT
|
|
KDC_ERR_KEY_TOO_WEAK int32 = 65 //Reserved for PKINIT
|
|
KDC_ERR_CERTIFICATE_MISMATCH int32 = 66 //Reserved for PKINIT
|
|
KRB_AP_ERR_NO_TGT int32 = 67 //No TGT available to validate USER-TO-USER
|
|
KDC_ERR_WRONG_REALM int32 = 68 //Reserved for future use
|
|
KRB_AP_ERR_USER_TO_USER_REQUIRED int32 = 69 //Ticket must be for USER-TO-USER
|
|
KDC_ERR_CANT_VERIFY_CERTIFICATE int32 = 70 //Reserved for PKINIT
|
|
KDC_ERR_INVALID_CERTIFICATE int32 = 71 //Reserved for PKINIT
|
|
KDC_ERR_REVOKED_CERTIFICATE int32 = 72 //Reserved for PKINIT
|
|
KDC_ERR_REVOCATION_STATUS_UNKNOWN int32 = 73 //Reserved for PKINIT
|
|
KDC_ERR_REVOCATION_STATUS_UNAVAILABLE int32 = 74 //Reserved for PKINIT
|
|
KDC_ERR_CLIENT_NAME_MISMATCH int32 = 75 //Reserved for PKINIT
|
|
KDC_ERR_KDC_NAME_MISMATCH int32 = 76 //Reserved for PKINIT
|
|
)
|
|
|
|
// Lookup an error code description.
|
|
func Lookup(i int32) string {
|
|
if s, ok := errorcodeLookup[i]; ok {
|
|
return fmt.Sprintf("(%d) %s", i, s)
|
|
}
|
|
return fmt.Sprintf("Unknown ErrorCode %d", i)
|
|
}
|
|
|
|
var errorcodeLookup = map[int32]string{
|
|
KDC_ERR_NONE: "KDC_ERR_NONE No error",
|
|
KDC_ERR_NAME_EXP: "KDC_ERR_NAME_EXP Client's entry in database has expired",
|
|
KDC_ERR_SERVICE_EXP: "KDC_ERR_SERVICE_EXP Server's entry in database has expired",
|
|
KDC_ERR_BAD_PVNO: "KDC_ERR_BAD_PVNO Requested protocol version number not supported",
|
|
KDC_ERR_C_OLD_MAST_KVNO: "KDC_ERR_C_OLD_MAST_KVNO Client's key encrypted in old master key",
|
|
KDC_ERR_S_OLD_MAST_KVNO: "KDC_ERR_S_OLD_MAST_KVNO Server's key encrypted in old master key",
|
|
KDC_ERR_C_PRINCIPAL_UNKNOWN: "KDC_ERR_C_PRINCIPAL_UNKNOWN Client not found in Kerberos database",
|
|
KDC_ERR_S_PRINCIPAL_UNKNOWN: "KDC_ERR_S_PRINCIPAL_UNKNOWN Server not found in Kerberos database",
|
|
KDC_ERR_PRINCIPAL_NOT_UNIQUE: "KDC_ERR_PRINCIPAL_NOT_UNIQUE Multiple principal entries in database",
|
|
KDC_ERR_NULL_KEY: "KDC_ERR_NULL_KEY The client or server has a null key",
|
|
KDC_ERR_CANNOT_POSTDATE: "KDC_ERR_CANNOT_POSTDATE Ticket not eligible for postdating",
|
|
KDC_ERR_NEVER_VALID: "KDC_ERR_NEVER_VALID Requested starttime is later than end time",
|
|
KDC_ERR_POLICY: "KDC_ERR_POLICY KDC policy rejects request",
|
|
KDC_ERR_BADOPTION: "KDC_ERR_BADOPTION KDC cannot accommodate requested option",
|
|
KDC_ERR_ETYPE_NOSUPP: "KDC_ERR_ETYPE_NOSUPP KDC has no support for encryption type",
|
|
KDC_ERR_SUMTYPE_NOSUPP: "KDC_ERR_SUMTYPE_NOSUPP KDC has no support for checksum type",
|
|
KDC_ERR_PADATA_TYPE_NOSUPP: "KDC_ERR_PADATA_TYPE_NOSUPP KDC has no support for padata type",
|
|
KDC_ERR_TRTYPE_NOSUPP: "KDC_ERR_TRTYPE_NOSUPP KDC has no support for transited type",
|
|
KDC_ERR_CLIENT_REVOKED: "KDC_ERR_CLIENT_REVOKED Clients credentials have been revoked",
|
|
KDC_ERR_SERVICE_REVOKED: "KDC_ERR_SERVICE_REVOKED Credentials for server have been revoked",
|
|
KDC_ERR_TGT_REVOKED: "KDC_ERR_TGT_REVOKED TGT has been revoked",
|
|
KDC_ERR_CLIENT_NOTYET: "KDC_ERR_CLIENT_NOTYET Client not yet valid; try again later",
|
|
KDC_ERR_SERVICE_NOTYET: "KDC_ERR_SERVICE_NOTYET Server not yet valid; try again later",
|
|
KDC_ERR_KEY_EXPIRED: "KDC_ERR_KEY_EXPIRED Password has expired; change password to reset",
|
|
KDC_ERR_PREAUTH_FAILED: "KDC_ERR_PREAUTH_FAILED Pre-authentication information was invalid",
|
|
KDC_ERR_PREAUTH_REQUIRED: "KDC_ERR_PREAUTH_REQUIRED Additional pre-authentication required",
|
|
KDC_ERR_SERVER_NOMATCH: "KDC_ERR_SERVER_NOMATCH Requested server and ticket don't match",
|
|
KDC_ERR_MUST_USE_USER2USER: "KDC_ERR_MUST_USE_USER2USER Server principal valid for user2user only",
|
|
KDC_ERR_PATH_NOT_ACCEPTED: "KDC_ERR_PATH_NOT_ACCEPTED KDC Policy rejects transited path",
|
|
KDC_ERR_SVC_UNAVAILABLE: "KDC_ERR_SVC_UNAVAILABLE A service is not available",
|
|
KRB_AP_ERR_BAD_INTEGRITY: "KRB_AP_ERR_BAD_INTEGRITY Integrity check on decrypted field failed",
|
|
KRB_AP_ERR_TKT_EXPIRED: "KRB_AP_ERR_TKT_EXPIRED Ticket expired",
|
|
KRB_AP_ERR_TKT_NYV: "KRB_AP_ERR_TKT_NYV Ticket not yet valid",
|
|
KRB_AP_ERR_REPEAT: "KRB_AP_ERR_REPEAT Request is a replay",
|
|
KRB_AP_ERR_NOT_US: "KRB_AP_ERR_NOT_US The ticket isn't for us",
|
|
KRB_AP_ERR_BADMATCH: "KRB_AP_ERR_BADMATCH Ticket and authenticator don't match",
|
|
KRB_AP_ERR_SKEW: "KRB_AP_ERR_SKEW Clock skew too great",
|
|
KRB_AP_ERR_BADADDR: "KRB_AP_ERR_BADADDR Incorrect net address",
|
|
KRB_AP_ERR_BADVERSION: "KRB_AP_ERR_BADVERSION Protocol version mismatch",
|
|
KRB_AP_ERR_MSG_TYPE: "KRB_AP_ERR_MSG_TYPE Invalid msg type",
|
|
KRB_AP_ERR_MODIFIED: "KRB_AP_ERR_MODIFIED Message stream modified",
|
|
KRB_AP_ERR_BADORDER: "KRB_AP_ERR_BADORDER Message out of order",
|
|
KRB_AP_ERR_BADKEYVER: "KRB_AP_ERR_BADKEYVER Specified version of key is not available",
|
|
KRB_AP_ERR_NOKEY: "KRB_AP_ERR_NOKEY Service key not available",
|
|
KRB_AP_ERR_MUT_FAIL: "KRB_AP_ERR_MUT_FAIL Mutual authentication failed",
|
|
KRB_AP_ERR_BADDIRECTION: "KRB_AP_ERR_BADDIRECTION Incorrect message direction",
|
|
KRB_AP_ERR_METHOD: "KRB_AP_ERR_METHOD Alternative authentication method required",
|
|
KRB_AP_ERR_BADSEQ: "KRB_AP_ERR_BADSEQ Incorrect sequence number in message",
|
|
KRB_AP_ERR_INAPP_CKSUM: "KRB_AP_ERR_INAPP_CKSUM Inappropriate type of checksum in message",
|
|
KRB_AP_PATH_NOT_ACCEPTED: "KRB_AP_PATH_NOT_ACCEPTED Policy rejects transited path",
|
|
KRB_ERR_RESPONSE_TOO_BIG: "KRB_ERR_RESPONSE_TOO_BIG Response too big for UDP; retry with TCP",
|
|
KRB_ERR_GENERIC: "KRB_ERR_GENERIC Generic error (description in e-text)",
|
|
KRB_ERR_FIELD_TOOLONG: "KRB_ERR_FIELD_TOOLONG Field is too long for this implementation",
|
|
KDC_ERROR_CLIENT_NOT_TRUSTED: "KDC_ERROR_CLIENT_NOT_TRUSTED Reserved for PKINIT",
|
|
KDC_ERROR_KDC_NOT_TRUSTED: "KDC_ERROR_KDC_NOT_TRUSTED Reserved for PKINIT",
|
|
KDC_ERROR_INVALID_SIG: "KDC_ERROR_INVALID_SIG Reserved for PKINIT",
|
|
KDC_ERR_KEY_TOO_WEAK: "KDC_ERR_KEY_TOO_WEAK Reserved for PKINIT",
|
|
KDC_ERR_CERTIFICATE_MISMATCH: "KDC_ERR_CERTIFICATE_MISMATCH Reserved for PKINIT",
|
|
KRB_AP_ERR_NO_TGT: "KRB_AP_ERR_NO_TGT No TGT available to validate USER-TO-USER",
|
|
KDC_ERR_WRONG_REALM: "KDC_ERR_WRONG_REALM Reserved for future use",
|
|
KRB_AP_ERR_USER_TO_USER_REQUIRED: "KRB_AP_ERR_USER_TO_USER_REQUIRED Ticket must be for USER-TO-USER",
|
|
KDC_ERR_CANT_VERIFY_CERTIFICATE: "KDC_ERR_CANT_VERIFY_CERTIFICATE Reserved for PKINIT",
|
|
KDC_ERR_INVALID_CERTIFICATE: "KDC_ERR_INVALID_CERTIFICATE Reserved for PKINIT",
|
|
KDC_ERR_REVOKED_CERTIFICATE: "KDC_ERR_REVOKED_CERTIFICATE Reserved for PKINIT",
|
|
KDC_ERR_REVOCATION_STATUS_UNKNOWN: "KDC_ERR_REVOCATION_STATUS_UNKNOWN Reserved for PKINIT",
|
|
KDC_ERR_REVOCATION_STATUS_UNAVAILABLE: "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE Reserved for PKINIT",
|
|
KDC_ERR_CLIENT_NAME_MISMATCH: "KDC_ERR_CLIENT_NAME_MISMATCH Reserved for PKINIT",
|
|
KDC_ERR_KDC_NAME_MISMATCH: "KDC_ERR_KDC_NAME_MISMATCH Reserved for PKINIT",
|
|
}
|