Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

116 lines
7.7 KiB

  1. //+-----------------------------------------------------------------------
  2. //
  3. // File: kerberr.h
  4. //
  5. // Contents: Security Status codes
  6. //
  7. // History: <Whenever> RichardW Created secscode.h
  8. // 26-May-93 RichardW fixed dependency & conflict with scode.h
  9. // 02-Jun-93 WadeR Added FAILED and SUCCEDED macros
  10. // 14-Jun-93 WadeR Added "proper" kerberos errors, changed
  11. // to hex.
  12. // 07-Jul-93 WadeR Removed FAILED and SUCCEEDED macros
  13. // 20-Sep-93 WadeR Moved to $(SECURITY)\h\kerberr.h
  14. //
  15. //------------------------------------------------------------------------
  16. #ifndef __KERBERR_H__
  17. #define __KERBERR_H__
  18. // Component specific errors:
  19. //
  20. // KERBERR is a kerberos-specific error. Make it a pointer to a structure
  21. // to make sure we only return the correct error.
  22. //
  23. typedef LONG KERBERR, *PKERBERR;
  24. #define KERB_SUCCESS(_kerberr_) ((KERBERR)(_kerberr_) == KDC_ERR_NONE)
  25. // These are the error codes as defined by the Kerberos V5 R5.2
  26. // spec, section 8.3
  27. #define KDC_ERR_NONE ((KERBERR) 0x0 ) // 0 No error
  28. #define KDC_ERR_NAME_EXP ((KERBERR) 0x1 ) // 1 Client's entry in database has expired
  29. #define KDC_ERR_SERVICE_EXP ((KERBERR) 0x2 ) // 2 Server's entry in database has expired
  30. #define KDC_ERR_BAD_PVNO ((KERBERR) 0x3 ) // 3 Requested protocol version number not supported
  31. #define KDC_ERR_C_OLD_MAST_KVNO ((KERBERR) 0x4 ) // 4 Client's key encrypted in old master key
  32. #define KDC_ERR_S_OLD_MAST_KVNO ((KERBERR) 0x5 ) // 5 Server's key encrypted in old master key
  33. #define KDC_ERR_C_PRINCIPAL_UNKNOWN ((KERBERR) 0x6 ) // 6 Client not found in Kerberos database
  34. #define KDC_ERR_S_PRINCIPAL_UNKNOWN ((KERBERR) 0x7 ) // 7 Server not found in Kerberos database
  35. #define KDC_ERR_PRINCIPAL_NOT_UNIQUE ((KERBERR) 0x8 ) // 8 Multiple principal entries in database
  36. #define KDC_ERR_NULL_KEY ((KERBERR) 0x9 ) // 9 The client or server has a null key
  37. #define KDC_ERR_CANNOT_POSTDATE ((KERBERR) 0xA ) // 10 Ticket not eligible for postdating
  38. #define KDC_ERR_NEVER_VALID ((KERBERR) 0xB ) // 11 Requested start time is later than end time
  39. #define KDC_ERR_POLICY ((KERBERR) 0xC ) // 12 KDC policy rejects request
  40. #define KDC_ERR_BADOPTION ((KERBERR) 0xD ) // 13 KDC cannot accommodate requested option
  41. #define KDC_ERR_ETYPE_NOTSUPP ((KERBERR) 0xE ) // 14 KDC has no support for encryption type
  42. #define KDC_ERR_SUMTYPE_NOSUPP ((KERBERR) 0xF ) // 15 KDC has no support for checksum type
  43. #define KDC_ERR_PADATA_TYPE_NOSUPP ((KERBERR) 0x10 ) // 16 KDC has no support for padata type
  44. #define KDC_ERR_TRTYPE_NO_SUPP ((KERBERR) 0x11 ) // 17 KDC has no support for transited type
  45. #define KDC_ERR_CLIENT_REVOKED ((KERBERR) 0x12 ) // 18 Clients credentials have been revoked
  46. #define KDC_ERR_SERVICE_REVOKED ((KERBERR) 0x13 ) // 19 Credentials for server have been revoked
  47. #define KDC_ERR_TGT_REVOKED ((KERBERR) 0x14 ) // 20 TGT has been revoked
  48. #define KDC_ERR_CLIENT_NOTYET ((KERBERR) 0x15 ) // 21 Client not yet valid - try again later
  49. #define KDC_ERR_SERVICE_NOTYET ((KERBERR) 0x16 ) // 22 Server not yet valid - try again later
  50. #define KDC_ERR_KEY_EXPIRED ((KERBERR) 0x17 ) // 23 Password has expired - change password to reset
  51. #define KDC_ERR_PREAUTH_FAILED ((KERBERR) 0x18 ) // 24 Pre-authentication information was invalid
  52. #define KDC_ERR_PREAUTH_REQUIRED ((KERBERR) 0x19 ) // 25 Additional pre-authenticationrequired [40]
  53. #define KDC_ERR_SERVER_NOMATCH ((KERBERR) 0x1A ) // 26 Requested server and ticket don't match
  54. #define KDC_ERR_MUST_USE_USER2USER ((KERBERR) 0x1B ) // 27 Server principal valid for user2user only
  55. #define KDC_ERR_PATH_NOT_ACCEPTED ((KERBERR) 0x1C ) // 28 KDC Policy rejects transited path
  56. #define KDC_ERR_SVC_UNAVAILABLE ((KERBERR) 0x1D ) // 29 A service is not available
  57. #define KRB_AP_ERR_BAD_INTEGRITY ((KERBERR) 0x1F ) // 31 Integrity check on decrypted field failed
  58. #define KRB_AP_ERR_TKT_EXPIRED ((KERBERR) 0x20 ) // 32 Ticket expired
  59. #define KRB_AP_ERR_TKT_NYV ((KERBERR) 0x21 ) // 33 Ticket not yet valid
  60. #define KRB_AP_ERR_REPEAT ((KERBERR) 0x22 ) // 34 Request is a replay
  61. #define KRB_AP_ERR_NOT_US ((KERBERR) 0x23 ) // 35 The ticket isn't for us
  62. #define KRB_AP_ERR_BADMATCH ((KERBERR) 0x24 ) // 36 Ticket and authenticator don't match
  63. #define KRB_AP_ERR_SKEW ((KERBERR) 0x25 ) // 37 Clock skew too great
  64. #define KRB_AP_ERR_BADADDR ((KERBERR) 0x26 ) // 38 Incorrect net address
  65. #define KRB_AP_ERR_BADVERSION ((KERBERR) 0x27 ) // 39 Protocol version mismatch
  66. #define KRB_AP_ERR_MSG_TYPE ((KERBERR) 0x28 ) // 40 Invalid msg type
  67. #define KRB_AP_ERR_MODIFIED ((KERBERR) 0x29 ) // 41 Message stream modified
  68. #define KRB_AP_ERR_BADORDER ((KERBERR) 0x2A ) // 42 Message out of order
  69. #define KRB_AP_ERR_ILL_CR_TKT ((KERBERR) 0x2B ) // 43 Illegal cross realm ticket
  70. #define KRB_AP_ERR_BADKEYVER ((KERBERR) 0x2C ) // 44 Specified version of key is not available
  71. #define KRB_AP_ERR_NOKEY ((KERBERR) 0x2D ) // 45 Service key not available
  72. #define KRB_AP_ERR_MUT_FAIL ((KERBERR) 0x2E ) // 46 Mutual authentication failed
  73. #define KRB_AP_ERR_BADDIRECTION ((KERBERR) 0x2F ) // 47 Incorrect message direction
  74. #define KRB_AP_ERR_METHOD ((KERBERR) 0x30 ) // 48 Alternative authentication method required
  75. #define KRB_AP_ERR_BADSEQ ((KERBERR) 0x31 ) // 49 Incorrect sequence number in message
  76. #define KRB_AP_ERR_INAPP_CKSUM ((KERBERR) 0x32 ) // 50 Inappropriate type of checksum in message
  77. #define KRB_AP_PATH_NOT_ACCEPTED ((KERBERR) 0x33 ) // 51 Policy rejects transited path
  78. #define KRB_ERR_RESPONSE_TOO_BIG ((KERBERR) 0x34 ) // 52 Response too big for UDP, retry with TCP
  79. #define KRB_ERR_GENERIC ((KERBERR) 0x3C ) // 60 Generic error (description in e-text)
  80. #define KRB_ERR_FIELD_TOOLONG ((KERBERR) 0x3D ) // 61 Field is too long for this implementation
  81. #define KDC_ERR_CLIENT_NOT_TRUSTED ((KERBERR) 0x3E ) // 62 (pkinit)
  82. #define KDC_ERR_KDC_NOT_TRUSTED ((KERBERR) 0x3F ) // 63 (pkinit)
  83. #define KDC_ERR_INVALID_SIG ((KERBERR) 0x40 ) // 64 (pkinit)
  84. #define KDC_ERR_KEY_TOO_WEAK ((KERBERR) 0x41 ) // 65 (pkinit)
  85. #define KDC_ERR_CERTIFICATE_MISMATCH ((KERBERR) 0x42 ) // 66 (pkinit)
  86. #define KRB_AP_ERR_NO_TGT ((KERBERR) 0x43 ) // 67 (user-to-user)
  87. #define KDC_ERR_WRONG_REALM ((KERBERR) 0x44 ) // 68 (user-to-user)
  88. #define KRB_AP_ERR_USER_TO_USER_REQUIRED ((KERBERR) 0x45 ) // 69 (user-to-user)
  89. #define KDC_ERR_CANT_VERIFY_CERTIFICATE ((KERBERR) 0x46 ) // 70 (pkinit)
  90. #define KDC_ERR_INVALID_CERTIFICATE ((KERBERR) 0x47 ) // 71 (pkinit)
  91. #define KDC_ERR_REVOKED_CERTIFICATE ((KERBERR) 0x48 ) // 72 (pkinit)
  92. #define KDC_ERR_REVOCATION_STATUS_UNKNOWN ((KERBERR) 0x49 ) // 73 (pkinit)
  93. #define KDC_ERR_REVOCATION_STATUS_UNAVAILABLE ((KERBERR) 0x4a ) // 74 (pkinit)
  94. #define KDC_ERR_CLIENT_NAME_MISMATCH ((KERBERR) 0x4b ) // 75 (pkinit)
  95. #define KDC_ERR_KDC_NAME_MISMATCH ((KERBERR) 0x4c ) // 76 (pkinit)
  96. //
  97. // These are local definitions that should not be sent over the network
  98. //
  99. #define KDC_ERR_MORE_DATA ((KERBERR) 0x80000001 )
  100. #define KDC_ERR_NOT_RUNNING ((KERBERR) 0x80000002 )
  101. #define KDC_ERR_NO_RESPONSE ((KERBERR) 0x80000003 ) // used when we don't get a certain level of "goodness" in our response.
  102. #define KRB_ERR_NAME_TOO_LONG ((KERBERR) 0x80000004 )
  103. #endif // __KERBERR_H__