windows-nt/Source/XPSP1/NT/ds/security/protocols/kerberos/inc/kerberr.h

//+-----------------------------------------------------------------------
//
// File:        kerberr.h
//
// Contents:    Security Status codes
//
// History:     <Whenever>  RichardW    Created secscode.h
//              26-May-93   RichardW    fixed dependency & conflict with scode.h
//              02-Jun-93   WadeR   Added FAILED and SUCCEDED macros
//              14-Jun-93   WadeR   Added "proper" kerberos errors, changed
//                                  to hex.
//              07-Jul-93   WadeR   Removed FAILED and SUCCEEDED macros
//              20-Sep-93   WadeR   Moved to $(SECURITY)\h\kerberr.h
//
//------------------------------------------------------------------------

#ifndef __KERBERR_H__
#define __KERBERR_H__


// Component specific errors:

//
// KERBERR is a kerberos-specific error. Make it a pointer to a structure
// to make sure we only return the correct error.
//

typedef LONG KERBERR, *PKERBERR;

#define KERB_SUCCESS(_kerberr_) ((KERBERR)(_kerberr_) == KDC_ERR_NONE)

// These are the error codes as defined by the Kerberos V5 R5.2
// spec, section 8.3


#define KDC_ERR_NONE                  ((KERBERR) 0x0 ) // 0 No error
#define KDC_ERR_NAME_EXP              ((KERBERR) 0x1 ) // 1 Client's entry in database has expired
#define KDC_ERR_SERVICE_EXP           ((KERBERR) 0x2 ) // 2 Server's entry in database has expired
#define KDC_ERR_BAD_PVNO              ((KERBERR) 0x3 ) // 3 Requested protocol version number not supported
#define KDC_ERR_C_OLD_MAST_KVNO       ((KERBERR) 0x4 ) // 4 Client's key encrypted in old master key
#define KDC_ERR_S_OLD_MAST_KVNO       ((KERBERR) 0x5 ) // 5 Server's key encrypted in old master key
#define KDC_ERR_C_PRINCIPAL_UNKNOWN   ((KERBERR) 0x6 ) // 6 Client not found in Kerberos database
#define KDC_ERR_S_PRINCIPAL_UNKNOWN   ((KERBERR) 0x7 ) // 7 Server not found in Kerberos database
#define KDC_ERR_PRINCIPAL_NOT_UNIQUE  ((KERBERR) 0x8 ) // 8 Multiple principal entries in database
#define KDC_ERR_NULL_KEY              ((KERBERR) 0x9 ) // 9 The client or server has a null key
#define KDC_ERR_CANNOT_POSTDATE       ((KERBERR) 0xA ) // 10 Ticket not eligible for postdating
#define KDC_ERR_NEVER_VALID           ((KERBERR) 0xB ) // 11 Requested start time is later than end time
#define KDC_ERR_POLICY                ((KERBERR) 0xC ) // 12 KDC policy rejects request
#define KDC_ERR_BADOPTION             ((KERBERR) 0xD ) // 13 KDC cannot accommodate requested option
#define KDC_ERR_ETYPE_NOTSUPP         ((KERBERR) 0xE ) // 14 KDC has no support for encryption type
#define KDC_ERR_SUMTYPE_NOSUPP        ((KERBERR) 0xF ) // 15 KDC has no support for checksum type
#define KDC_ERR_PADATA_TYPE_NOSUPP    ((KERBERR) 0x10 ) // 16 KDC has no support for padata type
#define KDC_ERR_TRTYPE_NO_SUPP        ((KERBERR) 0x11 ) // 17 KDC has no support for transited type
#define KDC_ERR_CLIENT_REVOKED        ((KERBERR) 0x12 ) // 18 Clients credentials have been revoked
#define KDC_ERR_SERVICE_REVOKED       ((KERBERR) 0x13 ) // 19 Credentials for server have been revoked
#define KDC_ERR_TGT_REVOKED           ((KERBERR) 0x14 ) // 20 TGT has been revoked
#define KDC_ERR_CLIENT_NOTYET         ((KERBERR) 0x15 ) // 21 Client not yet valid - try again later
#define KDC_ERR_SERVICE_NOTYET        ((KERBERR) 0x16 ) // 22 Server not yet valid - try again later
#define KDC_ERR_KEY_EXPIRED           ((KERBERR) 0x17 ) // 23 Password has expired - change password to reset
#define KDC_ERR_PREAUTH_FAILED        ((KERBERR) 0x18 ) // 24 Pre-authentication information was invalid
#define KDC_ERR_PREAUTH_REQUIRED      ((KERBERR) 0x19 ) // 25 Additional pre-authenticationrequired [40]
#define KDC_ERR_SERVER_NOMATCH        ((KERBERR) 0x1A ) // 26 Requested server and ticket don't match
#define KDC_ERR_MUST_USE_USER2USER    ((KERBERR) 0x1B ) // 27 Server principal valid for user2user only
#define KDC_ERR_PATH_NOT_ACCEPTED     ((KERBERR) 0x1C ) // 28 KDC Policy rejects transited path
#define KDC_ERR_SVC_UNAVAILABLE       ((KERBERR) 0x1D ) // 29 A service is not available
#define KRB_AP_ERR_BAD_INTEGRITY      ((KERBERR) 0x1F ) // 31 Integrity check on decrypted field failed
#define KRB_AP_ERR_TKT_EXPIRED        ((KERBERR) 0x20 ) // 32 Ticket expired
#define KRB_AP_ERR_TKT_NYV            ((KERBERR) 0x21 ) // 33 Ticket not yet valid
#define KRB_AP_ERR_REPEAT             ((KERBERR) 0x22 ) // 34 Request is a replay
#define KRB_AP_ERR_NOT_US             ((KERBERR) 0x23 ) // 35 The ticket isn't for us
#define KRB_AP_ERR_BADMATCH           ((KERBERR) 0x24 ) // 36 Ticket and authenticator don't match
#define KRB_AP_ERR_SKEW               ((KERBERR) 0x25 ) // 37 Clock skew too great
#define KRB_AP_ERR_BADADDR            ((KERBERR) 0x26 ) // 38 Incorrect net address
#define KRB_AP_ERR_BADVERSION         ((KERBERR) 0x27 ) // 39 Protocol version mismatch
#define KRB_AP_ERR_MSG_TYPE           ((KERBERR) 0x28 ) // 40 Invalid msg type
#define KRB_AP_ERR_MODIFIED           ((KERBERR) 0x29 ) // 41 Message stream modified
#define KRB_AP_ERR_BADORDER           ((KERBERR) 0x2A ) // 42 Message out of order
#define KRB_AP_ERR_ILL_CR_TKT         ((KERBERR) 0x2B ) // 43 Illegal cross realm ticket
#define KRB_AP_ERR_BADKEYVER          ((KERBERR) 0x2C ) // 44 Specified version of key is not available
#define KRB_AP_ERR_NOKEY              ((KERBERR) 0x2D ) // 45 Service key not available
#define KRB_AP_ERR_MUT_FAIL           ((KERBERR) 0x2E ) // 46 Mutual authentication failed
#define KRB_AP_ERR_BADDIRECTION       ((KERBERR) 0x2F ) // 47 Incorrect message direction
#define KRB_AP_ERR_METHOD             ((KERBERR) 0x30 ) // 48 Alternative authentication method required
#define KRB_AP_ERR_BADSEQ             ((KERBERR) 0x31 ) // 49 Incorrect sequence number in message
#define KRB_AP_ERR_INAPP_CKSUM        ((KERBERR) 0x32 ) // 50 Inappropriate type of checksum in message
#define KRB_AP_PATH_NOT_ACCEPTED      ((KERBERR) 0x33 ) // 51 Policy rejects transited path
#define KRB_ERR_RESPONSE_TOO_BIG      ((KERBERR) 0x34 ) // 52 Response too big for UDP, retry with TCP
#define KRB_ERR_GENERIC               ((KERBERR) 0x3C ) // 60 Generic error (description in e-text)
#define KRB_ERR_FIELD_TOOLONG         ((KERBERR) 0x3D ) // 61 Field is too long for this implementation
#define KDC_ERR_CLIENT_NOT_TRUSTED    ((KERBERR) 0x3E ) // 62 (pkinit)
#define KDC_ERR_KDC_NOT_TRUSTED       ((KERBERR) 0x3F ) // 63 (pkinit)
#define KDC_ERR_INVALID_SIG           ((KERBERR) 0x40 ) // 64 (pkinit)
#define KDC_ERR_KEY_TOO_WEAK          ((KERBERR) 0x41 ) // 65 (pkinit)
#define KDC_ERR_CERTIFICATE_MISMATCH  ((KERBERR) 0x42 ) // 66 (pkinit)
#define KRB_AP_ERR_NO_TGT             ((KERBERR) 0x43 ) // 67 (user-to-user)
#define KDC_ERR_WRONG_REALM           ((KERBERR) 0x44 ) // 68 (user-to-user)
#define KRB_AP_ERR_USER_TO_USER_REQUIRED ((KERBERR) 0x45 ) // 69 (user-to-user)
#define KDC_ERR_CANT_VERIFY_CERTIFICATE ((KERBERR) 0x46 ) // 70 (pkinit)
#define KDC_ERR_INVALID_CERTIFICATE     ((KERBERR) 0x47 ) // 71 (pkinit)
#define KDC_ERR_REVOKED_CERTIFICATE     ((KERBERR) 0x48 ) // 72 (pkinit)
#define KDC_ERR_REVOCATION_STATUS_UNKNOWN ((KERBERR) 0x49 ) // 73 (pkinit)
#define KDC_ERR_REVOCATION_STATUS_UNAVAILABLE ((KERBERR) 0x4a ) // 74 (pkinit)
#define KDC_ERR_CLIENT_NAME_MISMATCH    ((KERBERR) 0x4b ) // 75 (pkinit)
#define KDC_ERR_KDC_NAME_MISMATCH       ((KERBERR) 0x4c ) // 76 (pkinit)
//
// These are local definitions that should not be sent over the network
//

#define KDC_ERR_MORE_DATA             ((KERBERR) 0x80000001 )
#define KDC_ERR_NOT_RUNNING           ((KERBERR) 0x80000002 )
#define KDC_ERR_NO_RESPONSE           ((KERBERR) 0x80000003 ) // used when we don't get a certain level of "goodness" in our response.

#endif // __KERBERR_H__
Add source files 2020-09-26 03:20:57 -05:00			`//+-----------------------------------------------------------------------`
			`//`
			`// File: kerberr.h`
			`//`
			`// Contents: Security Status codes`
			`//`
			`// History: <Whenever> RichardW Created secscode.h`
			`// 26-May-93 RichardW fixed dependency & conflict with scode.h`
			`// 02-Jun-93 WadeR Added FAILED and SUCCEDED macros`
			`// 14-Jun-93 WadeR Added "proper" kerberos errors, changed`
			`// to hex.`
			`// 07-Jul-93 WadeR Removed FAILED and SUCCEEDED macros`
			`// 20-Sep-93 WadeR Moved to $(SECURITY)\h\kerberr.h`
			`//`
			`//------------------------------------------------------------------------`

			`#ifndef __KERBERR_H__`
			`#define __KERBERR_H__`




			`// Component specific errors:`

			`//`
			`// KERBERR is a kerberos-specific error. Make it a pointer to a structure`
			`// to make sure we only return the correct error.`
			`//`

			`typedef LONG KERBERR, *PKERBERR;`

			`#define KERB_SUCCESS(_kerberr_) ((KERBERR)(_kerberr_) == KDC_ERR_NONE)`

			`// These are the error codes as defined by the Kerberos V5 R5.2`
			`// spec, section 8.3`


			`#define KDC_ERR_NONE ((KERBERR) 0x0 ) // 0 No error`
			`#define KDC_ERR_NAME_EXP ((KERBERR) 0x1 ) // 1 Client's entry in database has expired`
			`#define KDC_ERR_SERVICE_EXP ((KERBERR) 0x2 ) // 2 Server's entry in database has expired`
			`#define KDC_ERR_BAD_PVNO ((KERBERR) 0x3 ) // 3 Requested protocol version number not supported`
			`#define KDC_ERR_C_OLD_MAST_KVNO ((KERBERR) 0x4 ) // 4 Client's key encrypted in old master key`
			`#define KDC_ERR_S_OLD_MAST_KVNO ((KERBERR) 0x5 ) // 5 Server's key encrypted in old master key`
			`#define KDC_ERR_C_PRINCIPAL_UNKNOWN ((KERBERR) 0x6 ) // 6 Client not found in Kerberos database`
			`#define KDC_ERR_S_PRINCIPAL_UNKNOWN ((KERBERR) 0x7 ) // 7 Server not found in Kerberos database`
			`#define KDC_ERR_PRINCIPAL_NOT_UNIQUE ((KERBERR) 0x8 ) // 8 Multiple principal entries in database`
			`#define KDC_ERR_NULL_KEY ((KERBERR) 0x9 ) // 9 The client or server has a null key`
			`#define KDC_ERR_CANNOT_POSTDATE ((KERBERR) 0xA ) // 10 Ticket not eligible for postdating`
			`#define KDC_ERR_NEVER_VALID ((KERBERR) 0xB ) // 11 Requested start time is later than end time`
			`#define KDC_ERR_POLICY ((KERBERR) 0xC ) // 12 KDC policy rejects request`
			`#define KDC_ERR_BADOPTION ((KERBERR) 0xD ) // 13 KDC cannot accommodate requested option`
			`#define KDC_ERR_ETYPE_NOTSUPP ((KERBERR) 0xE ) // 14 KDC has no support for encryption type`
			`#define KDC_ERR_SUMTYPE_NOSUPP ((KERBERR) 0xF ) // 15 KDC has no support for checksum type`
			`#define KDC_ERR_PADATA_TYPE_NOSUPP ((KERBERR) 0x10 ) // 16 KDC has no support for padata type`
			`#define KDC_ERR_TRTYPE_NO_SUPP ((KERBERR) 0x11 ) // 17 KDC has no support for transited type`
			`#define KDC_ERR_CLIENT_REVOKED ((KERBERR) 0x12 ) // 18 Clients credentials have been revoked`
			`#define KDC_ERR_SERVICE_REVOKED ((KERBERR) 0x13 ) // 19 Credentials for server have been revoked`
			`#define KDC_ERR_TGT_REVOKED ((KERBERR) 0x14 ) // 20 TGT has been revoked`
			`#define KDC_ERR_CLIENT_NOTYET ((KERBERR) 0x15 ) // 21 Client not yet valid - try again later`
			`#define KDC_ERR_SERVICE_NOTYET ((KERBERR) 0x16 ) // 22 Server not yet valid - try again later`
			`#define KDC_ERR_KEY_EXPIRED ((KERBERR) 0x17 ) // 23 Password has expired - change password to reset`
			`#define KDC_ERR_PREAUTH_FAILED ((KERBERR) 0x18 ) // 24 Pre-authentication information was invalid`
			`#define KDC_ERR_PREAUTH_REQUIRED ((KERBERR) 0x19 ) // 25 Additional pre-authenticationrequired [40]`
			`#define KDC_ERR_SERVER_NOMATCH ((KERBERR) 0x1A ) // 26 Requested server and ticket don't match`
			`#define KDC_ERR_MUST_USE_USER2USER ((KERBERR) 0x1B ) // 27 Server principal valid for user2user only`
			`#define KDC_ERR_PATH_NOT_ACCEPTED ((KERBERR) 0x1C ) // 28 KDC Policy rejects transited path`
			`#define KDC_ERR_SVC_UNAVAILABLE ((KERBERR) 0x1D ) // 29 A service is not available`
			`#define KRB_AP_ERR_BAD_INTEGRITY ((KERBERR) 0x1F ) // 31 Integrity check on decrypted field failed`
			`#define KRB_AP_ERR_TKT_EXPIRED ((KERBERR) 0x20 ) // 32 Ticket expired`
			`#define KRB_AP_ERR_TKT_NYV ((KERBERR) 0x21 ) // 33 Ticket not yet valid`
			`#define KRB_AP_ERR_REPEAT ((KERBERR) 0x22 ) // 34 Request is a replay`
			`#define KRB_AP_ERR_NOT_US ((KERBERR) 0x23 ) // 35 The ticket isn't for us`
			`#define KRB_AP_ERR_BADMATCH ((KERBERR) 0x24 ) // 36 Ticket and authenticator don't match`
			`#define KRB_AP_ERR_SKEW ((KERBERR) 0x25 ) // 37 Clock skew too great`
			`#define KRB_AP_ERR_BADADDR ((KERBERR) 0x26 ) // 38 Incorrect net address`
			`#define KRB_AP_ERR_BADVERSION ((KERBERR) 0x27 ) // 39 Protocol version mismatch`
			`#define KRB_AP_ERR_MSG_TYPE ((KERBERR) 0x28 ) // 40 Invalid msg type`
			`#define KRB_AP_ERR_MODIFIED ((KERBERR) 0x29 ) // 41 Message stream modified`
			`#define KRB_AP_ERR_BADORDER ((KERBERR) 0x2A ) // 42 Message out of order`
			`#define KRB_AP_ERR_ILL_CR_TKT ((KERBERR) 0x2B ) // 43 Illegal cross realm ticket`
			`#define KRB_AP_ERR_BADKEYVER ((KERBERR) 0x2C ) // 44 Specified version of key is not available`
			`#define KRB_AP_ERR_NOKEY ((KERBERR) 0x2D ) // 45 Service key not available`
			`#define KRB_AP_ERR_MUT_FAIL ((KERBERR) 0x2E ) // 46 Mutual authentication failed`
			`#define KRB_AP_ERR_BADDIRECTION ((KERBERR) 0x2F ) // 47 Incorrect message direction`
			`#define KRB_AP_ERR_METHOD ((KERBERR) 0x30 ) // 48 Alternative authentication method required`
			`#define KRB_AP_ERR_BADSEQ ((KERBERR) 0x31 ) // 49 Incorrect sequence number in message`
			`#define KRB_AP_ERR_INAPP_CKSUM ((KERBERR) 0x32 ) // 50 Inappropriate type of checksum in message`
			`#define KRB_AP_PATH_NOT_ACCEPTED ((KERBERR) 0x33 ) // 51 Policy rejects transited path`
			`#define KRB_ERR_RESPONSE_TOO_BIG ((KERBERR) 0x34 ) // 52 Response too big for UDP, retry with TCP`
			`#define KRB_ERR_GENERIC ((KERBERR) 0x3C ) // 60 Generic error (description in e-text)`
			`#define KRB_ERR_FIELD_TOOLONG ((KERBERR) 0x3D ) // 61 Field is too long for this implementation`
			`#define KDC_ERR_CLIENT_NOT_TRUSTED ((KERBERR) 0x3E ) // 62 (pkinit)`
			`#define KDC_ERR_KDC_NOT_TRUSTED ((KERBERR) 0x3F ) // 63 (pkinit)`
			`#define KDC_ERR_INVALID_SIG ((KERBERR) 0x40 ) // 64 (pkinit)`
			`#define KDC_ERR_KEY_TOO_WEAK ((KERBERR) 0x41 ) // 65 (pkinit)`
			`#define KDC_ERR_CERTIFICATE_MISMATCH ((KERBERR) 0x42 ) // 66 (pkinit)`
			`#define KRB_AP_ERR_NO_TGT ((KERBERR) 0x43 ) // 67 (user-to-user)`
			`#define KDC_ERR_WRONG_REALM ((KERBERR) 0x44 ) // 68 (user-to-user)`
			`#define KRB_AP_ERR_USER_TO_USER_REQUIRED ((KERBERR) 0x45 ) // 69 (user-to-user)`
			`#define KDC_ERR_CANT_VERIFY_CERTIFICATE ((KERBERR) 0x46 ) // 70 (pkinit)`
			`#define KDC_ERR_INVALID_CERTIFICATE ((KERBERR) 0x47 ) // 71 (pkinit)`
			`#define KDC_ERR_REVOKED_CERTIFICATE ((KERBERR) 0x48 ) // 72 (pkinit)`
			`#define KDC_ERR_REVOCATION_STATUS_UNKNOWN ((KERBERR) 0x49 ) // 73 (pkinit)`
			`#define KDC_ERR_REVOCATION_STATUS_UNAVAILABLE ((KERBERR) 0x4a ) // 74 (pkinit)`
			`#define KDC_ERR_CLIENT_NAME_MISMATCH ((KERBERR) 0x4b ) // 75 (pkinit)`
			`#define KDC_ERR_KDC_NAME_MISMATCH ((KERBERR) 0x4c ) // 76 (pkinit)`
			`//`
			`// These are local definitions that should not be sent over the network`
			`//`

			`#define KDC_ERR_MORE_DATA ((KERBERR) 0x80000001 )`
			`#define KDC_ERR_NOT_RUNNING ((KERBERR) 0x80000002 )`
			`#define KDC_ERR_NO_RESPONSE ((KERBERR) 0x80000003 ) // used when we don't get a certain level of "goodness" in our response.`

			`#endif // __KERBERR_H__`