golint tidy

client/ASExchange.go

@@ -19,15 +19,15 @@ func (cl *Client) ASExchange() error {
 	}
 	ASReq, err := messages.NewASReq(cl.Config, cl.Credentials.CName)
 	if err != nil {
-		return krberror.Errorf(err, krberror.KRBMSG_ERROR, "Error generating new AS_REQ")
+		return krberror.Errorf(err, krberror.KRBMsgError, "Error generating new AS_REQ")
 	}
 	err = setPAData(cl, messages.KRBError{}, &ASReq)
 	if err != nil {
-		return krberror.Errorf(err, krberror.KRBMSG_ERROR, "AS Exchange Error: failed setting AS_REQ PAData")
+		return krberror.Errorf(err, krberror.KRBMsgError, "AS Exchange Error: failed setting AS_REQ PAData")
 	}
 	b, err := ASReq.Marshal()
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "AS Exchange Error: failed marshaling AS_REQ")
+		return krberror.Errorf(err, krberror.EncodingError, "AS Exchange Error: failed marshaling AS_REQ")
 	}
 
 	var ASRep messages.ASRep
@@ -39,26 +39,26 @@ func (cl *Client) ASExchange() error {
 			cl.GoKrb5Conf.Assume_PA_ENC_TIMESTAMP_Required = true
 			err = setPAData(cl, e, &ASReq)
 			if err != nil {
-				return krberror.Errorf(err, krberror.KRBMSG_ERROR, "AS Exchange Error: failed setting AS_REQ PAData for pre-authentication required")
+				return krberror.Errorf(err, krberror.KRBMsgError, "AS Exchange Error: failed setting AS_REQ PAData for pre-authentication required")
 			}
 			b, err := ASReq.Marshal()
 			if err != nil {
-				return krberror.Errorf(err, krberror.ENCODING_ERROR, "AS Exchange Error: failed marshaling AS_REQ with PAData")
+				return krberror.Errorf(err, krberror.EncodingError, "AS Exchange Error: failed marshaling AS_REQ with PAData")
 			}
 			rb, err = cl.SendToKDC(b)
 			if err != nil {
-				return krberror.Errorf(err, krberror.NETWORKING_ERROR, "AS Exchange Error: failed sending AS_REQ to KDC")
+				return krberror.Errorf(err, krberror.NetworkingError, "AS Exchange Error: failed sending AS_REQ to KDC")
 			}
 		} else {
-			return krberror.Errorf(err, krberror.NETWORKING_ERROR, "AS Exchange Error: failed sending AS_REQ to KDC")
+			return krberror.Errorf(err, krberror.NetworkingError, "AS Exchange Error: failed sending AS_REQ to KDC")
 		}
 	}
 	err = ASRep.Unmarshal(rb)
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "AS Exchange Error: failed to process the AS_REP")
+		return krberror.Errorf(err, krberror.EncodingError, "AS Exchange Error: failed to process the AS_REP")
 	}
 	if ok, err := ASRep.IsValid(cl.Config, cl.Credentials, ASReq); !ok {
-		return krberror.Errorf(err, krberror.KRBMSG_ERROR, "AS Exchange Error: AS_REP is not valid")
+		return krberror.Errorf(err, krberror.KRBMsgError, "AS Exchange Error: AS_REP is not valid")
 	}
 	cl.session = &session{
 		AuthTime:             ASRep.DecryptedEncPart.AuthTime,
@@ -79,24 +79,24 @@ func setPAData(cl *Client, krberr messages.KRBError, ASReq *messages.ASReq) erro
 	if cl.GoKrb5Conf.Assume_PA_ENC_TIMESTAMP_Required {
 		paTSb, err := types.GetPAEncTSEncAsnMarshalled()
 		if err != nil {
-			return krberror.Errorf(err, krberror.KRBMSG_ERROR, "Error creating PAEncTSEnc for Pre-Authentication")
+			return krberror.Errorf(err, krberror.KRBMsgError, "Error creating PAEncTSEnc for Pre-Authentication")
 		}
 		sort.Sort(sort.Reverse(sort.IntSlice(cl.Config.LibDefaults.Default_tkt_enctype_ids)))
 		etype, err := crypto.GetEtype(cl.Config.LibDefaults.Default_tkt_enctype_ids[0])
 		if err != nil {
-			return krberror.Errorf(err, krberror.ENCRYPTING_ERROR, "Error creating etype")
+			return krberror.Errorf(err, krberror.EncryptingError, "Error creating etype")
 		}
 		key, err := cl.Key(etype, krberr)
 		if err != nil {
-			return krberror.Errorf(err, krberror.ENCRYPTING_ERROR, "Error getting key from credentials")
+			return krberror.Errorf(err, krberror.EncryptingError, "Error getting key from credentials")
 		}
 		paEncTS, err := crypto.GetEncryptedData(paTSb, key, keyusage.AS_REQ_PA_ENC_TIMESTAMP, 1)
 		if err != nil {
-			return krberror.Errorf(err, krberror.ENCRYPTING_ERROR, "Error encrypting pre-authentication timestamp")
+			return krberror.Errorf(err, krberror.EncryptingError, "Error encrypting pre-authentication timestamp")
 		}
 		pb, err := paEncTS.Marshal()
 		if err != nil {
-			return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error marshaling the PAEncTSEnc encrypted data")
+			return krberror.Errorf(err, krberror.EncodingError, "Error marshaling the PAEncTSEnc encrypted data")
 		}
 		pa := types.PAData{
 			PADataType:  patype.PA_ENC_TIMESTAMP,

client/TGSExchange.go

@@ -18,26 +18,26 @@ func (cl *Client) TGSExchange(spn types.PrincipalName, tkt messages.Ticket, sess
 	}
 	tgsReq, err = messages.NewTGSReq(cl.Credentials.CName, cl.Config, tkt, sessionKey, spn, renewal)
 	if err != nil {
-		return tgsReq, tgsRep, krberror.Errorf(err, krberror.KRBMSG_ERROR, "TGS Exchange Error: failed to generate a new TGS_REQ")
+		return tgsReq, tgsRep, krberror.Errorf(err, krberror.KRBMsgError, "TGS Exchange Error: failed to generate a new TGS_REQ")
 	}
 	b, err := tgsReq.Marshal()
 	if err != nil {
-		return tgsReq, tgsRep, krberror.Errorf(err, krberror.ENCODING_ERROR, "TGS Exchange Error: failed to generate a new TGS_REQ")
+		return tgsReq, tgsRep, krberror.Errorf(err, krberror.EncodingError, "TGS Exchange Error: failed to generate a new TGS_REQ")
 	}
 	r, err := cl.SendToKDC(b)
 	if err != nil {
-		return tgsReq, tgsRep, krberror.Errorf(err, krberror.NETWORKING_ERROR, "TGS Exchange Error: issue sending TGS_REQ to KDC")
+		return tgsReq, tgsRep, krberror.Errorf(err, krberror.NetworkingError, "TGS Exchange Error: issue sending TGS_REQ to KDC")
 	}
 	err = tgsRep.Unmarshal(r)
 	if err != nil {
-		return tgsReq, tgsRep, krberror.Errorf(err, krberror.ENCODING_ERROR, "TGS Exchange Error: failed to process the TGS_REP")
+		return tgsReq, tgsRep, krberror.Errorf(err, krberror.EncodingError, "TGS Exchange Error: failed to process the TGS_REP")
 	}
 	err = tgsRep.DecryptEncPart(sessionKey)
 	if err != nil {
-		return tgsReq, tgsRep, krberror.Errorf(err, krberror.ENCODING_ERROR, "TGS Exchange Error: failed to process the TGS_REP")
+		return tgsReq, tgsRep, krberror.Errorf(err, krberror.EncodingError, "TGS Exchange Error: failed to process the TGS_REP")
 	}
 	if ok, err := tgsRep.IsValid(cl.Config, tgsReq); !ok {
-		return tgsReq, tgsRep, krberror.Errorf(err, krberror.ENCODING_ERROR, "TGS Exchange Error: TGS_REP is not valid")
+		return tgsReq, tgsRep, krberror.Errorf(err, krberror.EncodingError, "TGS Exchange Error: TGS_REP is not valid")
 	}
 	return tgsReq, tgsRep, nil
 }

client/http.go

@@ -34,7 +34,7 @@ func SetSPNEGOHeader(creds credentials.Credentials, tkt messages.Ticket, session
 	SPNEGOToken, err := gssapi.GetSPNEGOKrbNegTokenInit(creds, tkt, sessionKey)
 	nb, err := SPNEGOToken.Marshal()
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Could marshal SPNEGO")
+		return krberror.Errorf(err, krberror.EncodingError, "Could marshal SPNEGO")
 	}
 	hs := "Negotiate " + base64.StdEncoding.EncodeToString(nb)
 	r.Header.Set("Authorization", hs)

client/session.go

@@ -42,7 +42,7 @@ func (cl *Client) RenewTGT() error {
 	}
 	_, tgsRep, err := cl.TGSExchange(spn, cl.session.TGT, cl.session.SessionKey, true)
 	if err != nil {
-		return krberror.Errorf(err, krberror.KRBMSG_ERROR, "Error renewing TGT")
+		return krberror.Errorf(err, krberror.KRBMsgError, "Error renewing TGT")
 	}
 	cl.session = &session{
 		AuthTime:             tgsRep.DecryptedEncPart.AuthTime,

gssapi/gssapi_test.go

@@ -8,12 +8,12 @@ import (
 )
 
 const (
-	test_gssapi_init = "608202b606062b0601050502a08202aa308202a6a027302506092a864886f71201020206052b0501050206092a864882f71201020206062b0601050205a2820279048202756082027106092a864886f71201020201006e8202603082025ca003020105a10302010ea20703050000000000a38201706182016c30820168a003020105a10d1b0b544553542e474f4b524235a2233021a003020103a11a30181b04485454501b10686f73742e746573742e676f6b726235a382012b30820127a003020112a103020102a282011904820115d4bd890abc456f44e2e7a2e8111bd6767abf03266dfcda97c629af2ece450a5ae1f145e4a4d1bc2c848e66a6c6b31d9740b26b03cdbd2570bfcf126e90adf5f5ebce9e283ff5086da47b129b14fc0aabd4d1df9c1f3c72b80cc614dfc28783450b2c7b7749651f432b47aaa2ff158c0066b757f3fb00dd7b4f63d68276c76373ecdd3f19c66ebc43a81e577f3c263b878356f57e8d6c4eccd587b81538e70392cf7e73fc12a6f7c537a894a7bb5566c83ac4d69757aa320a51d8d690017aebf952add1889adfc3307b0e6cd8c9b57cf8589fbe52800acb6461c25473d49faa1bdceb8bce3f61db23f9cd6a09d5adceb411e1c4546b30b33331e570fd6bc50aa403557e75f488e759750ea038aab6454667d9b64f41a481d23081cfa003020112a281c70481c4eb593beb5afcb1a2a669d54cb85a3772231559f2d40c9f8f053f218ba6eb084ed7efc467d94b88bcd189dda920d6e675ec001a6a2bca11f0a1de37f2f7ae9929f94a86d625b2ec1b213a88cbae6099dda7b172cd3bd1802cb177ae4554d59277004bfd3435248f55044fe7af7b2c9c5a3c43763278c585395aebe2856cdff9f2569d8b823564ce6be2d19748b910ec06bd3c0a9bc5de51ddcf7d875f1108ca6ad935f52d90cb62a18197d9b8e796bef0fbe1463f61df61cfbce6008ae9e1a2d2314a986d"
-	test_gssapi_resp = "a1143012a0030a0100a10b06092a864886f712010202"
+	testGSSAPIInit = "608202b606062b0601050502a08202aa308202a6a027302506092a864886f71201020206052b0501050206092a864882f71201020206062b0601050205a2820279048202756082027106092a864886f71201020201006e8202603082025ca003020105a10302010ea20703050000000000a38201706182016c30820168a003020105a10d1b0b544553542e474f4b524235a2233021a003020103a11a30181b04485454501b10686f73742e746573742e676f6b726235a382012b30820127a003020112a103020102a282011904820115d4bd890abc456f44e2e7a2e8111bd6767abf03266dfcda97c629af2ece450a5ae1f145e4a4d1bc2c848e66a6c6b31d9740b26b03cdbd2570bfcf126e90adf5f5ebce9e283ff5086da47b129b14fc0aabd4d1df9c1f3c72b80cc614dfc28783450b2c7b7749651f432b47aaa2ff158c0066b757f3fb00dd7b4f63d68276c76373ecdd3f19c66ebc43a81e577f3c263b878356f57e8d6c4eccd587b81538e70392cf7e73fc12a6f7c537a894a7bb5566c83ac4d69757aa320a51d8d690017aebf952add1889adfc3307b0e6cd8c9b57cf8589fbe52800acb6461c25473d49faa1bdceb8bce3f61db23f9cd6a09d5adceb411e1c4546b30b33331e570fd6bc50aa403557e75f488e759750ea038aab6454667d9b64f41a481d23081cfa003020112a281c70481c4eb593beb5afcb1a2a669d54cb85a3772231559f2d40c9f8f053f218ba6eb084ed7efc467d94b88bcd189dda920d6e675ec001a6a2bca11f0a1de37f2f7ae9929f94a86d625b2ec1b213a88cbae6099dda7b172cd3bd1802cb177ae4554d59277004bfd3435248f55044fe7af7b2c9c5a3c43763278c585395aebe2856cdff9f2569d8b823564ce6be2d19748b910ec06bd3c0a9bc5de51ddcf7d875f1108ca6ad935f52d90cb62a18197d9b8e796bef0fbe1463f61df61cfbce6008ae9e1a2d2314a986d"
+	testGSSAPIResp = "a1143012a0030a0100a10b06092a864886f712010202"
 )
 
 func TestUnmarshal_SPNEGO_Init(t *testing.T) {
-	b, err := hex.DecodeString(test_gssapi_init)
+	b, err := hex.DecodeString(testGSSAPIInit)
 	if err != nil {
 		t.Fatalf("Error converting hex string test data to bytes: %v", err)
 	}
@@ -36,7 +36,7 @@ func TestUnmarshal_SPNEGO_Init(t *testing.T) {
 }
 
 func TestUnmarshal_SPNEGO_RespTarg(t *testing.T) {
-	b, err := hex.DecodeString(test_gssapi_resp)
+	b, err := hex.DecodeString(testGSSAPIResp)
 	if err != nil {
 		t.Fatalf("Error converting hex string test data to bytes: %v", err)
 	}
@@ -52,7 +52,7 @@ func TestUnmarshal_SPNEGO_RespTarg(t *testing.T) {
 }
 
 func TestMarshal_SPNEGO_Init(t *testing.T) {
-	b, err := hex.DecodeString(test_gssapi_init)
+	b, err := hex.DecodeString(testGSSAPIInit)
 	if err != nil {
 		t.Fatalf("Error converting hex string test data to bytes: %v", err)
 	}
@@ -69,7 +69,7 @@ func TestMarshal_SPNEGO_Init(t *testing.T) {
 }
 
 func TestMarshal_SPNEGO_RespTarg(t *testing.T) {
-	b, err := hex.DecodeString(test_gssapi_resp)
+	b, err := hex.DecodeString(testGSSAPIResp)
 	if err != nil {
 		t.Fatalf("Error converting hex string test data to bytes: %v", err)
 	}

gssapi/krb5Token.go

@@ -124,7 +124,7 @@ func newAuthenticator(creds credentials.Credentials, keyType int) (types.Authent
 	//RFC 4121 Section 4.1.1
 	auth, err := types.NewAuthenticator(creds.Realm, creds.CName)
 	if err != nil {
-		return auth, krberror.Errorf(err, krberror.KRBMSG_ERROR, "Error generating new authenticator")
+		return auth, krberror.Errorf(err, krberror.KRBMsgError, "Error generating new authenticator")
 	}
 	etype, _ := crypto.GetEtype(keyType)
 	auth.GenerateSeqNumberAndSubKey(keyType, etype.GetKeyByteSize())

gssapi/krb5Token_test.go

@@ -13,12 +13,12 @@ import (
 )
 
 const (
-	MechToken_Hex = "6082026306092a864886f71201020201006e8202523082024ea003020105a10302010ea20703050000000000a382015d6182015930820155a003020105a10d1b0b544553542e474f4b524235a2233021a003020101a11a30181b04485454501b10686f73742e746573742e676f6b726235a382011830820114a003020112a103020103a28201060482010230621d868c97f30bf401e03bbffcd724bd9d067dce2afc31f71a356449b070cdafcc1ff372d0eb1e7a708b50c0152f3996c45b1ea312a803907fb97192d39f20cdcaea29876190f51de6e2b4a4df0460122ed97f363434e1e120b0e76c172b4424a536987152ac0b73013ab88af4b13a3fcdc63f739039dd46d839709cf5b51bb0ce6cb3af05fab3844caac280929955495235e9d0424f8a1fb9b4bd4f6bba971f40b97e9da60b9dabfcf0b1feebfca02c9a19b327a0004aa8e19192726cf347561fa8ac74afad5d6a264e50cf495b93aac86c77b2bc2d184234f6c2767dbea431485a25687b9044a20b601e968efaefffa1fc5283ff32aa6a53cb6c5cdd2eddcb26a481d73081d4a003020112a103020103a281c70481c4a1b29e420324f7edf9efae39df7bcaaf196a3160cf07e72f52a4ef8a965721b2f3343719c50699046e4fcc18ca26c2bfc7e4a9eddfc9d9cfc57ff2f6bdbbd1fc40ac442195bc669b9a0dbba12563b3e4cac9f4022fc01b8aa2d1ab84815bb078399ff7f4d5f9815eef896a0c7e3c049e6fd9932b97096cdb5861425b9d81753d0743212ded1a0fb55a00bf71a46be5ce5e1c8a5cc327b914347d9efcb6cb31ca363b1850d95c7b6c4c3cc6301615ad907318a0c5379d343610fab17eca9c7dc0a5a60658"
-	Auth_Chksum   = "100000000000000000000000000000000000000030000000"
+	MechTokenHex = "6082026306092a864886f71201020201006e8202523082024ea003020105a10302010ea20703050000000000a382015d6182015930820155a003020105a10d1b0b544553542e474f4b524235a2233021a003020101a11a30181b04485454501b10686f73742e746573742e676f6b726235a382011830820114a003020112a103020103a28201060482010230621d868c97f30bf401e03bbffcd724bd9d067dce2afc31f71a356449b070cdafcc1ff372d0eb1e7a708b50c0152f3996c45b1ea312a803907fb97192d39f20cdcaea29876190f51de6e2b4a4df0460122ed97f363434e1e120b0e76c172b4424a536987152ac0b73013ab88af4b13a3fcdc63f739039dd46d839709cf5b51bb0ce6cb3af05fab3844caac280929955495235e9d0424f8a1fb9b4bd4f6bba971f40b97e9da60b9dabfcf0b1feebfca02c9a19b327a0004aa8e19192726cf347561fa8ac74afad5d6a264e50cf495b93aac86c77b2bc2d184234f6c2767dbea431485a25687b9044a20b601e968efaefffa1fc5283ff32aa6a53cb6c5cdd2eddcb26a481d73081d4a003020112a103020103a281c70481c4a1b29e420324f7edf9efae39df7bcaaf196a3160cf07e72f52a4ef8a965721b2f3343719c50699046e4fcc18ca26c2bfc7e4a9eddfc9d9cfc57ff2f6bdbbd1fc40ac442195bc669b9a0dbba12563b3e4cac9f4022fc01b8aa2d1ab84815bb078399ff7f4d5f9815eef896a0c7e3c049e6fd9932b97096cdb5861425b9d81753d0743212ded1a0fb55a00bf71a46be5ce5e1c8a5cc327b914347d9efcb6cb31ca363b1850d95c7b6c4c3cc6301615ad907318a0c5379d343610fab17eca9c7dc0a5a60658"
+	AuthChksum   = "100000000000000000000000000000000000000030000000"
 )
 
 func TestMechToken_Unmarshal(t *testing.T) {
-	b, err := hex.DecodeString(MechToken_Hex)
+	b, err := hex.DecodeString(MechTokenHex)
 	if err != nil {
 		t.Fatalf("Error decoding MechToken hex: %v", err)
 	}
@@ -35,7 +35,7 @@ func TestMechToken_Unmarshal(t *testing.T) {
 }
 
 func TestMechToken_newAuthenticatorChksum(t *testing.T) {
-	b, err := hex.DecodeString(Auth_Chksum)
+	b, err := hex.DecodeString(AuthChksum)
 	if err != nil {
 		t.Fatalf("Error decoding MechToken hex: %v", err)
 	}

iana/chksumtype/constants.go

@@ -2,6 +2,7 @@
 package chksumtype
 
 const (
+	// Checksum type IDs.
 	//RESERVED : 0
 	CRC32         = 1
 	RSA_MD4       = 2

iana/nametype/constants.go

@@ -2,6 +2,7 @@
 package nametype
 
 const (
+	// KRB name type IDs.
 	KRB_NT_UNKNOWN        = 0  //Name type not known
 	KRB_NT_PRINCIPAL      = 1  //Just the name of the principal as in DCE,  or for users
 	KRB_NT_SRV_INST       = 2  //Service and other unique instance (krbtgt)

keytab/keytab.go

@@ -131,7 +131,7 @@ func Parse(b []byte) (kt Keytab, err error) {
 	*/
 	// n tracks position in the byte array
 	n := 2
-	l := read_int32(b, &n, &endian)
+	l := readInt32(b, &n, &endian)
 	for l != 0 {
 		if l < 0 {
 			//Zero padded so skip over
@@ -145,18 +145,18 @@ func Parse(b []byte) (kt Keytab, err error) {
 			ke := newKeytabEntry()
 			// p keeps track as to where we are in the byte stream
 			var p int
-			parse_principal(eb, &p, &kt, &ke, &endian)
-			ke.Timestamp = read_timestamp(eb, &p, &endian)
-			ke.KVNO8 = uint8(read_int8(eb, &p, &endian))
-			ke.Key.KeyType = int(read_int16(eb, &p, &endian))
-			key_len := int(read_int16(eb, &p, &endian))
-			ke.Key.KeyValue = read_Bytes(eb, &p, key_len, &endian)
+			parsePrincipal(eb, &p, &kt, &ke, &endian)
+			ke.Timestamp = readTimestamp(eb, &p, &endian)
+			ke.KVNO8 = uint8(readInt8(eb, &p, &endian))
+			ke.Key.KeyType = int(readInt16(eb, &p, &endian))
+			kl := int(readInt16(eb, &p, &endian))
+			ke.Key.KeyValue = readBytes(eb, &p, kl, &endian)
 			//The 32-bit key version overrides the 8-bit key version.
 			// To determine if it is present, the implementation must check that at least 4 bytes remain in the record after the other fields are read,
 			// and that the value of the 32-bit integer contained in those bytes is non-zero.
 			if len(eb)-p >= 4 {
 				// The 32-bit key may be present
-				ke.KVNO = uint32(read_int32(eb, &p, &endian))
+				ke.KVNO = uint32(readInt32(eb, &p, &endian))
 			}
 			if ke.KVNO == 0 {
 				// Handles if the value from the last 4 bytes was zero and also if there are not the 4 bytes present. Makes sense to put the same value here as KVNO8
@@ -170,38 +170,38 @@ func Parse(b []byte) (kt Keytab, err error) {
 			break
 		}
 		// Read the size of the next entry
-		l = read_int32(b, &n, &endian)
+		l = readInt32(b, &n, &endian)
 	}
 	return
 }
 
 // Parse the Keytab bytes of a principal into a Keytab entry's principal.
-func parse_principal(b []byte, p *int, kt *Keytab, ke *entry, e *binary.ByteOrder) (err error) {
-	ke.Principal.NumComponents = read_int16(b, p, e)
+func parsePrincipal(b []byte, p *int, kt *Keytab, ke *entry, e *binary.ByteOrder) (err error) {
+	ke.Principal.NumComponents = readInt16(b, p, e)
 	if kt.Version == 1 {
 		//In version 1 the number of components includes the realm. Minus 1 to make consistent with version 2
 		ke.Principal.NumComponents--
 	}
-	len_realm := read_int16(b, p, e)
-	ke.Principal.Realm = string(read_Bytes(b, p, int(len_realm), e))
+	lenRealm := readInt16(b, p, e)
+	ke.Principal.Realm = string(readBytes(b, p, int(lenRealm), e))
 	for i := 0; i < int(ke.Principal.NumComponents); i++ {
-		l := read_int16(b, p, e)
-		ke.Principal.Components = append(ke.Principal.Components, string(read_Bytes(b, p, int(l), e)))
+		l := readInt16(b, p, e)
+		ke.Principal.Components = append(ke.Principal.Components, string(readBytes(b, p, int(l), e)))
 	}
 	if kt.Version != 1 {
 		//Name Type is omitted in version 1
-		ke.Principal.NameType = read_int32(b, p, e)
+		ke.Principal.NameType = readInt32(b, p, e)
 	}
 	return
 }
 
 // Read bytes representing a timestamp.
-func read_timestamp(b []byte, p *int, e *binary.ByteOrder) time.Time {
-	return time.Unix(int64(read_int32(b, p, e)), 0)
+func readTimestamp(b []byte, p *int, e *binary.ByteOrder) time.Time {
+	return time.Unix(int64(readInt32(b, p, e)), 0)
 }
 
 // Read bytes representing an eight bit integer.
-func read_int8(b []byte, p *int, e *binary.ByteOrder) (i int8) {
+func readInt8(b []byte, p *int, e *binary.ByteOrder) (i int8) {
 	buf := bytes.NewBuffer(b[*p : *p+1])
 	binary.Read(buf, *e, &i)
 	*p++
@@ -209,7 +209,7 @@ func read_int8(b []byte, p *int, e *binary.ByteOrder) (i int8) {
 }
 
 // Read bytes representing a sixteen bit integer.
-func read_int16(b []byte, p *int, e *binary.ByteOrder) (i int16) {
+func readInt16(b []byte, p *int, e *binary.ByteOrder) (i int16) {
 	buf := bytes.NewBuffer(b[*p : *p+2])
 	binary.Read(buf, *e, &i)
 	*p += 2
@@ -217,14 +217,14 @@ func read_int16(b []byte, p *int, e *binary.ByteOrder) (i int16) {
 }
 
 // Read bytes representing a thirty two bit integer.
-func read_int32(b []byte, p *int, e *binary.ByteOrder) (i int32) {
+func readInt32(b []byte, p *int, e *binary.ByteOrder) (i int32) {
 	buf := bytes.NewBuffer(b[*p : *p+4])
 	binary.Read(buf, *e, &i)
 	*p += 4
 	return
 }
 
-func read_Bytes(b []byte, p *int, s int, e *binary.ByteOrder) []byte {
+func readBytes(b []byte, p *int, s int, e *binary.ByteOrder) []byte {
 	buf := bytes.NewBuffer(b[*p : *p+s])
 	r := make([]byte, s)
 	binary.Read(buf, *e, &r)

krberror/error.go

@@ -7,13 +7,13 @@ import (
 )
 
 const (
-	SEPARATOR        = " < "
-	ENCODING_ERROR   = "Encoding_Error"
-	NETWORKING_ERROR = "Networking_Error"
-	DECRYPTING_ERROR = "Decrypting_Error"
-	ENCRYPTING_ERROR = "Encrypting_Error"
-	CHKSUM_ERROR     = "Checksum_Error"
-	KRBMSG_ERROR     = "KRBMessage_Handling_Error"
+	separator       = " < "
+	EncodingError   = "Encoding_Error"
+	NetworkingError = "Networking_Error"
+	DecryptingError = "Decrypting_Error"
+	EncryptingError = "Encrypting_Error"
+	ChksumError     = "Checksum_Error"
+	KRBMsgError     = "KRBMessage_Handling_Error"
 )
 
 // Krberror is an error type for gokrb5
@@ -24,7 +24,7 @@ type Krberror struct {
 
 // Error function to implement the error interface.
 func (e Krberror) Error() string {
-	return fmt.Sprintf("[Root cause: %s] ", e.RootCause) + strings.Join(e.EText, SEPARATOR)
+	return fmt.Sprintf("[Root cause: %s] ", e.RootCause) + strings.Join(e.EText, separator)
 }
 
 // Add another error statement to the error.

messages/APRep.go

@@ -48,7 +48,7 @@ func (a *APRep) Unmarshal(b []byte) error {
 	}
 	expectedMsgType := msgtype.KRB_AP_REP
 	if a.MsgType != expectedMsgType {
-		return krberror.NewErrorf(krberror.KRBMSG_ERROR, "Message ID does not indicate a KRB_AP_REP. Expected: %v; Actual: %v", expectedMsgType, a.MsgType)
+		return krberror.NewErrorf(krberror.KRBMsgError, "Message ID does not indicate a KRB_AP_REP. Expected: %v; Actual: %v", expectedMsgType, a.MsgType)
 	}
 	return nil
 }
@@ -57,7 +57,7 @@ func (a *APRep) Unmarshal(b []byte) error {
 func (a *EncAPRepPart) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, a, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.EncAPRepPart))
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "AP_REP unmarshal error")
+		return krberror.Errorf(err, krberror.EncodingError, "AP_REP unmarshal error")
 	}
 	return nil
 }

messages/APReq.go

@@ -50,7 +50,7 @@ func NewAPReq(tkt Ticket, sessionKey types.EncryptionKey, auth types.Authenticat
 	var a APReq
 	ed, err := encryptAuthenticator(auth, sessionKey, tkt)
 	if err != nil {
-		return a, krberror.Errorf(err, krberror.KRBMSG_ERROR, "Error creating Authenticator for AP_REQ")
+		return a, krberror.Errorf(err, krberror.KRBMsgError, "Error creating Authenticator for AP_REQ")
 	}
 	a = APReq{
 		PVNO:          iana.PVNO,
@@ -67,7 +67,7 @@ func encryptAuthenticator(a types.Authenticator, sessionKey types.EncryptionKey,
 	var ed types.EncryptedData
 	m, err := a.Marshal()
 	if err != nil {
-		return ed, krberror.Errorf(err, krberror.ENCODING_ERROR, "Marshaling error of EncryptedData form of Authenticator")
+		return ed, krberror.Errorf(err, krberror.EncodingError, "Marshaling error of EncryptedData form of Authenticator")
 	}
 	var usage int
 	switch tkt.SName.NameType {
@@ -78,7 +78,7 @@ func encryptAuthenticator(a types.Authenticator, sessionKey types.EncryptionKey,
 	}
 	ed, err = crypto.GetEncryptedData(m, sessionKey, uint32(usage), tkt.EncPart.KVNO)
 	if err != nil {
-		return ed, krberror.Errorf(err, krberror.ENCRYPTING_ERROR, "Error encrypting Authenticator")
+		return ed, krberror.Errorf(err, krberror.EncryptingError, "Error encrypting Authenticator")
 	}
 	return ed, nil
 }
@@ -88,10 +88,10 @@ func (a *APReq) Unmarshal(b []byte) error {
 	var m marshalAPReq
 	_, err := asn1.UnmarshalWithParams(b, &m, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.APREQ))
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Unmarshal error of AP_REQ")
+		return krberror.Errorf(err, krberror.EncodingError, "Unmarshal error of AP_REQ")
 	}
 	if m.MsgType != msgtype.KRB_AP_REQ {
-		return krberror.NewErrorf(krberror.KRBMSG_ERROR, "Message ID does not indicate an AP_REQ. Expected: %v; Actual: %v", msgtype.KRB_AP_REQ, m.MsgType)
+		return krberror.NewErrorf(krberror.KRBMsgError, "Message ID does not indicate an AP_REQ. Expected: %v; Actual: %v", msgtype.KRB_AP_REQ, m.MsgType)
 	}
 	a.PVNO = m.PVNO
 	a.MsgType = m.MsgType
@@ -99,7 +99,7 @@ func (a *APReq) Unmarshal(b []byte) error {
 	a.Authenticator = m.Authenticator
 	a.Ticket, err = UnmarshalTicket(m.Ticket.Bytes)
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Unmarshaling error of Ticket within AP_REQ")
+		return krberror.Errorf(err, krberror.EncodingError, "Unmarshaling error of Ticket within AP_REQ")
 	}
 	return nil
 }
@@ -125,7 +125,7 @@ func (a *APReq) Marshal() ([]byte, error) {
 	}
 	mk, err := asn1.Marshal(m)
 	if err != nil {
-		return mk, krberror.Errorf(err, krberror.ENCODING_ERROR, "Marshaling error of AP_REQ")
+		return mk, krberror.Errorf(err, krberror.EncodingError, "Marshaling error of AP_REQ")
 	}
 	mk = asn1tools.AddASNAppTag(mk, asnAppTag.APREQ)
 	return mk, nil

messages/KDCRep.go

@@ -83,12 +83,12 @@ func (k *ASRep) Unmarshal(b []byte) error {
 		return processUnmarshalReplyError(b, err)
 	}
 	if m.MsgType != msgtype.KRB_AS_REP {
-		return krberror.NewErrorf(krberror.KRBMSG_ERROR, "Message ID does not indicate an AS_REP. Expected: %v; Actual: %v", msgtype.KRB_AS_REP, m.MsgType)
+		return krberror.NewErrorf(krberror.KRBMsgError, "Message ID does not indicate an AS_REP. Expected: %v; Actual: %v", msgtype.KRB_AS_REP, m.MsgType)
 	}
 	//Process the raw ticket within
 	tkt, err := UnmarshalTicket(m.Ticket.Bytes)
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling Ticket within AS_REP")
+		return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling Ticket within AS_REP")
 	}
 	k.KDCRepFields = KDCRepFields{
 		PVNO:    m.PVNO,
@@ -110,12 +110,12 @@ func (k *TGSRep) Unmarshal(b []byte) error {
 		return processUnmarshalReplyError(b, err)
 	}
 	if m.MsgType != msgtype.KRB_TGS_REP {
-		return krberror.NewErrorf(krberror.KRBMSG_ERROR, "Message ID does not indicate an TGS_REP. Expected: %v; Actual: %v", msgtype.KRB_TGS_REP, m.MsgType)
+		return krberror.NewErrorf(krberror.KRBMsgError, "Message ID does not indicate an TGS_REP. Expected: %v; Actual: %v", msgtype.KRB_TGS_REP, m.MsgType)
 	}
 	//Process the raw ticket within
 	tkt, err := UnmarshalTicket(m.Ticket.Bytes)
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling Ticket within TGS_REP")
+		return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling Ticket within TGS_REP")
 	}
 	k.KDCRepFields = KDCRepFields{
 		PVNO:    m.PVNO,
@@ -142,7 +142,7 @@ func (e *EncKDCRepPart) Unmarshal(b []byte) error {
 		tag number of the decrypted ENC-PART.*/
 		_, err = asn1.UnmarshalWithParams(b, e, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.EncTGSRepPart))
 		if err != nil {
-			return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling encrypted part within KDC_REP")
+			return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling encrypted part within KDC_REP")
 		}
 	}
 	return nil
@@ -155,26 +155,26 @@ func (k *ASRep) DecryptEncPart(c *credentials.Credentials) (types.EncryptionKey,
 	if c.HasKeytab() {
 		key, err = c.Keytab.GetEncryptionKey(k.CName.NameString, k.CRealm, k.EncPart.KVNO, k.EncPart.EType)
 		if err != nil {
-			return key, krberror.Errorf(err, krberror.DECRYPTING_ERROR, "Error decrypting AS_REP encrypted part")
+			return key, krberror.Errorf(err, krberror.DecryptingError, "Error decrypting AS_REP encrypted part")
 		}
 	}
 	if c.HasPassword() {
 		key, _, err = crypto.GetKeyFromPassword(c.Password, k.CName, k.CRealm, k.EncPart.EType, k.PAData)
 		if err != nil {
-			return key, krberror.Errorf(err, krberror.DECRYPTING_ERROR, "Error decrypting AS_REP encrypted part")
+			return key, krberror.Errorf(err, krberror.DecryptingError, "Error decrypting AS_REP encrypted part")
 		}
 	}
 	if !c.HasKeytab() && !c.HasPassword() {
-		return key, krberror.NewErrorf(krberror.DECRYPTING_ERROR, "No secret available in credentials to preform decryption of AS_REP encrypted part")
+		return key, krberror.NewErrorf(krberror.DecryptingError, "No secret available in credentials to preform decryption of AS_REP encrypted part")
 	}
 	b, err := crypto.DecryptEncPart(k.EncPart, key, keyusage.AS_REP_ENCPART)
 	if err != nil {
-		return key, krberror.Errorf(err, krberror.DECRYPTING_ERROR, "Error decrypting AS_REP encrypted part")
+		return key, krberror.Errorf(err, krberror.DecryptingError, "Error decrypting AS_REP encrypted part")
 	}
 	var denc EncKDCRepPart
 	err = denc.Unmarshal(b)
 	if err != nil {
-		return key, krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling decrypted encpart of AS_REP")
+		return key, krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling decrypted encpart of AS_REP")
 	}
 	k.DecryptedEncPart = denc
 	return key, nil
@@ -184,62 +184,62 @@ func (k *ASRep) DecryptEncPart(c *credentials.Credentials) (types.EncryptionKey,
 func (k *ASRep) IsValid(cfg *config.Config, creds *credentials.Credentials, asReq ASReq) (bool, error) {
 	//Ref RFC 4120 Section 3.1.5
 	if k.CName.NameType != asReq.ReqBody.CName.NameType || k.CName.NameString == nil {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "CName in response does not match what was requested. Requested: %+v; Reply: %+v", asReq.ReqBody.CName, k.CName)
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "CName in response does not match what was requested. Requested: %+v; Reply: %+v", asReq.ReqBody.CName, k.CName)
 	}
 	for i := range k.CName.NameString {
 		if k.CName.NameString[i] != asReq.ReqBody.CName.NameString[i] {
-			return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "CName in response does not match what was requested. Requested: %+v; Reply: %+v", asReq.ReqBody.CName, k.CName)
+			return false, krberror.NewErrorf(krberror.KRBMsgError, "CName in response does not match what was requested. Requested: %+v; Reply: %+v", asReq.ReqBody.CName, k.CName)
 		}
 	}
 	if k.CRealm != asReq.ReqBody.Realm {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "CRealm in response does not match what was requested. Requested: %s; Reply: %s", asReq.ReqBody.Realm, k.CRealm)
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "CRealm in response does not match what was requested. Requested: %s; Reply: %s", asReq.ReqBody.Realm, k.CRealm)
 	}
 	key, err := k.DecryptEncPart(creds)
 	if err != nil {
-		return false, krberror.Errorf(err, krberror.DECRYPTING_ERROR, "Error decrypting EncPart of AS_REP")
+		return false, krberror.Errorf(err, krberror.DecryptingError, "Error decrypting EncPart of AS_REP")
 	}
 	if k.DecryptedEncPart.Nonce != asReq.ReqBody.Nonce {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "Possible replay attack, nonce in response does not match that in request")
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "Possible replay attack, nonce in response does not match that in request")
 	}
 	if k.DecryptedEncPart.SName.NameType != asReq.ReqBody.SName.NameType || k.DecryptedEncPart.SName.NameString == nil {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "SName in response does not match what was requested. Requested: %v; Reply: %v", asReq.ReqBody.SName, k.DecryptedEncPart.SName)
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "SName in response does not match what was requested. Requested: %v; Reply: %v", asReq.ReqBody.SName, k.DecryptedEncPart.SName)
 	}
 	for i := range k.CName.NameString {
 		if k.DecryptedEncPart.SName.NameString[i] != asReq.ReqBody.SName.NameString[i] {
-			return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "SName in response does not match what was requested. Requested: %+v; Reply: %+v", asReq.ReqBody.SName, k.DecryptedEncPart.SName)
+			return false, krberror.NewErrorf(krberror.KRBMsgError, "SName in response does not match what was requested. Requested: %+v; Reply: %+v", asReq.ReqBody.SName, k.DecryptedEncPart.SName)
 		}
 	}
 	if k.DecryptedEncPart.SRealm != asReq.ReqBody.Realm {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "SRealm in response does not match what was requested. Requested: %s; Reply: %s", asReq.ReqBody.Realm, k.DecryptedEncPart.SRealm)
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "SRealm in response does not match what was requested. Requested: %s; Reply: %s", asReq.ReqBody.Realm, k.DecryptedEncPart.SRealm)
 	}
 	if len(asReq.ReqBody.Addresses) > 0 {
 		if !types.HostAddressesEqual(k.DecryptedEncPart.CAddr, asReq.ReqBody.Addresses) {
-			return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "Addresses listed in the AS_REP does not match those listed in the AS_REQ")
+			return false, krberror.NewErrorf(krberror.KRBMsgError, "Addresses listed in the AS_REP does not match those listed in the AS_REQ")
 		}
 	}
 	t := time.Now().UTC()
 	if t.Sub(k.DecryptedEncPart.AuthTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.AuthTime.Sub(t) > cfg.LibDefaults.Clockskew {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "Clock skew with KDC too large. Greater than %v seconds", cfg.LibDefaults.Clockskew.Seconds())
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "Clock skew with KDC too large. Greater than %v seconds", cfg.LibDefaults.Clockskew.Seconds())
 	}
 	// RFC 6806 https://tools.ietf.org/html/rfc6806.html#section-11
 	if asReq.PAData.Contains(patype.PA_REQ_ENC_PA_REP) && types.IsFlagSet(&k.DecryptedEncPart.Flags, flags.EncPARep) {
 		if len(k.DecryptedEncPart.EncPAData) < 2 || !k.DecryptedEncPart.EncPAData.Contains(patype.PA_FX_FAST) {
-			return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "KDC did not respond appropriately to FAST negotiation")
+			return false, krberror.NewErrorf(krberror.KRBMsgError, "KDC did not respond appropriately to FAST negotiation")
 		}
 		for _, pa := range k.DecryptedEncPart.EncPAData {
 			if pa.PADataType == patype.PA_REQ_ENC_PA_REP {
 				var pafast types.PAReqEncPARep
 				err := pafast.Unmarshal(pa.PADataValue)
 				if err != nil {
-					return false, krberror.Errorf(err, krberror.ENCODING_ERROR, "KDC FAST negotiation response error, could not unmarshal PA_REQ_ENC_PA_REP")
+					return false, krberror.Errorf(err, krberror.EncodingError, "KDC FAST negotiation response error, could not unmarshal PA_REQ_ENC_PA_REP")
 				}
 				etype, err := crypto.GetChksumEtype(pafast.ChksumType)
 				if err != nil {
-					return false, krberror.Errorf(err, krberror.CHKSUM_ERROR, "KDC FAST negotiation response error")
+					return false, krberror.Errorf(err, krberror.ChksumError, "KDC FAST negotiation response error")
 				}
 				ab, _ := asReq.Marshal()
 				if !etype.VerifyChecksum(key.KeyValue, ab, pafast.Chksum, keyusage.KEY_USAGE_AS_REQ) {
-					return false, krberror.Errorf(err, krberror.CHKSUM_ERROR, "KDC FAST negotiation response checksum invalid")
+					return false, krberror.Errorf(err, krberror.ChksumError, "KDC FAST negotiation response checksum invalid")
 				}
 			}
 		}
@@ -251,12 +251,12 @@ func (k *ASRep) IsValid(cfg *config.Config, creds *credentials.Credentials, asRe
 func (k *TGSRep) DecryptEncPart(key types.EncryptionKey) error {
 	b, err := crypto.DecryptEncPart(k.EncPart, key, keyusage.TGS_REP_ENCPART_SESSION_KEY)
 	if err != nil {
-		return krberror.Errorf(err, krberror.DECRYPTING_ERROR, "Error decrypting TGS_REP EncPart")
+		return krberror.Errorf(err, krberror.DecryptingError, "Error decrypting TGS_REP EncPart")
 	}
 	var denc EncKDCRepPart
 	err = denc.Unmarshal(b)
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling encrypted part")
+		return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling encrypted part")
 	}
 	k.DecryptedEncPart = denc
 	return nil
@@ -265,46 +265,46 @@ func (k *TGSRep) DecryptEncPart(key types.EncryptionKey) error {
 // IsValid checks the validity of the TGS_REP message.
 func (k *TGSRep) IsValid(cfg *config.Config, tgsReq TGSReq) (bool, error) {
 	if k.CName.NameType != tgsReq.ReqBody.CName.NameType || k.CName.NameString == nil {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "CName in response does not match what was requested. Requested: %+v; Reply: %+v", tgsReq.ReqBody.CName, k.CName)
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "CName in response does not match what was requested. Requested: %+v; Reply: %+v", tgsReq.ReqBody.CName, k.CName)
 	}
 	for i := range k.CName.NameString {
 		if k.CName.NameString[i] != tgsReq.ReqBody.CName.NameString[i] {
-			return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "CName in response does not match what was requested. Requested: %+v; Reply: %+v", tgsReq.ReqBody.CName, k.CName)
+			return false, krberror.NewErrorf(krberror.KRBMsgError, "CName in response does not match what was requested. Requested: %+v; Reply: %+v", tgsReq.ReqBody.CName, k.CName)
 		}
 	}
 	if k.CRealm != tgsReq.ReqBody.Realm {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "CRealm in response does not match what was requested. Requested: %s; Reply: %s", tgsReq.ReqBody.Realm, k.CRealm)
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "CRealm in response does not match what was requested. Requested: %s; Reply: %s", tgsReq.ReqBody.Realm, k.CRealm)
 	}
 	if k.DecryptedEncPart.Nonce != tgsReq.ReqBody.Nonce {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "Possible replay attack, nonce in response does not match that in request")
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "Possible replay attack, nonce in response does not match that in request")
 	}
 	if k.Ticket.SName.NameType != tgsReq.ReqBody.SName.NameType || k.Ticket.SName.NameString == nil {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "SName in response ticket does not match what was requested. Requested: %v; Reply: %v", tgsReq.ReqBody.SName, k.Ticket.SName)
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "SName in response ticket does not match what was requested. Requested: %v; Reply: %v", tgsReq.ReqBody.SName, k.Ticket.SName)
 	}
 	for i := range k.Ticket.SName.NameString {
 		if k.Ticket.SName.NameString[i] != tgsReq.ReqBody.SName.NameString[i] {
-			return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "SName in response ticket does not match what was requested. Requested: %+v; Reply: %+v", tgsReq.ReqBody.SName, k.Ticket.SName)
+			return false, krberror.NewErrorf(krberror.KRBMsgError, "SName in response ticket does not match what was requested. Requested: %+v; Reply: %+v", tgsReq.ReqBody.SName, k.Ticket.SName)
 		}
 	}
 	if k.DecryptedEncPart.SName.NameType != tgsReq.ReqBody.SName.NameType || k.DecryptedEncPart.SName.NameString == nil {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "SName in response does not match what was requested. Requested: %v; Reply: %v", tgsReq.ReqBody.SName, k.DecryptedEncPart.SName)
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "SName in response does not match what was requested. Requested: %v; Reply: %v", tgsReq.ReqBody.SName, k.DecryptedEncPart.SName)
 	}
 	for i := range k.CName.NameString {
 		if k.DecryptedEncPart.SName.NameString[i] != tgsReq.ReqBody.SName.NameString[i] {
-			return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "SName in response does not match what was requested. Requested: %+v; Reply: %+v", tgsReq.ReqBody.SName, k.DecryptedEncPart.SName)
+			return false, krberror.NewErrorf(krberror.KRBMsgError, "SName in response does not match what was requested. Requested: %+v; Reply: %+v", tgsReq.ReqBody.SName, k.DecryptedEncPart.SName)
 		}
 	}
 	if k.DecryptedEncPart.SRealm != tgsReq.ReqBody.Realm {
-		return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "SRealm in response does not match what was requested. Requested: %s; Reply: %s", tgsReq.ReqBody.Realm, k.DecryptedEncPart.SRealm)
+		return false, krberror.NewErrorf(krberror.KRBMsgError, "SRealm in response does not match what was requested. Requested: %s; Reply: %s", tgsReq.ReqBody.Realm, k.DecryptedEncPart.SRealm)
 	}
 	if len(tgsReq.ReqBody.Addresses) > 0 {
 		if !types.HostAddressesEqual(k.DecryptedEncPart.CAddr, tgsReq.ReqBody.Addresses) {
-			return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "Addresses listed in the TGS_REP does not match those listed in the TGS_REQ")
+			return false, krberror.NewErrorf(krberror.KRBMsgError, "Addresses listed in the TGS_REP does not match those listed in the TGS_REQ")
 		}
 	}
 	if time.Since(k.DecryptedEncPart.StartTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.StartTime.Sub(time.Now().UTC()) > cfg.LibDefaults.Clockskew {
 		if time.Since(k.DecryptedEncPart.AuthTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.AuthTime.Sub(time.Now().UTC()) > cfg.LibDefaults.Clockskew {
-			return false, krberror.NewErrorf(krberror.KRBMSG_ERROR, "Clock skew with KDC too large. Greater than %v seconds.", cfg.LibDefaults.Clockskew.Seconds())
+			return false, krberror.NewErrorf(krberror.KRBMsgError, "Clock skew with KDC too large. Greater than %v seconds.", cfg.LibDefaults.Clockskew.Seconds())
 		}
 	}
 	return true, nil

messages/KDCRep_test.go

@@ -14,11 +14,11 @@ import (
 )
 
 const (
-	testuser1_etype18_keytab = "05020000004b0001000b544553542e474f4b5242350009746573747573657231000000015898e0770100120020bbdc430aab7e2d4622a0b6951481453b0962e9db8e2f168942ad175cda6d9de900000001"
-	testuser1_etype18_ASREP  = "6b8202f3308202efa003020105a10302010ba22e302c302aa103020113a2230421301f301da003020112a1161b14544553542e474f4b524235746573747573657231a30d1b0b544553542e474f4b524235a4163014a003020101a10d300b1b09746573747573657231a582015a6182015630820152a003020105a10d1b0b544553542e474f4b524235a220301ea003020102a11730151b066b72627467741b0b544553542e474f4b524235a382011830820114a003020112a103020101a28201060482010237e486e32cd18ab1ac9f8d42e93f8babd7b3497084cc5599f18ec61961c6d5242d350354d99d67a7604c451116188d16cb719e84377212eac2743440e8c504ef69c755e489cc6b65f935dd032bfc076f9b2c56d816197845b8fe857d738bc59712787631a50e86833d1b0e4732c8712c856417a6a257758e7d01d3182adb3233f0dde65d228c240ed26aa1af69f8d765dc0bc69096fdb037a75af220fea176839528d44b70f7dabfaa2ea506de1296f847176a60c501fd8cef8e0a51399bb6d5f753962d96292e93ffe344c6630db912931d46d88c0279f00719e22d0efcfd4ee33a702d0b660c1f13970a9beec12c0c8af3dda68bd81ac1fe3f126d2a24ebb445c5a682012c30820128a003020112a282011f0482011bb149cc16018072c4c18788d95a33aba540e52c11b54a93e67e788d05de75d8f3d4aa1afafbbfa6fde3eb40e5aa1890644cea2607efd5213a3fd00345b02eeb9ae1b589f36c74c689cd4ec1239dfe61e42ba6afa33f6240e3cfab291e4abb465d273302dbf7dbd148a299a9369044dd03377c1687e7dd36aa66501284a4ca50c0a7b08f4f87aecfa23b0dd0b11490e3ad330906dab715de81fc52f120d09c39990b8b5330d4601cc396b2ed258834329c4cc02c563a12de3ef9bf11e946258bc2ab5257f4caa4d443a7daf0fc25f6f531c2fcba88af8ca55c85300997cd05abbea52811fe2d038ba8f62fc8e3bc71ce04362d356ea2e1df8ac55c784c53cfb07817d48e39fe99fc8788040d98209c79dcf044d97e80de9f47824646"
-	test_realm               = "TEST.GOKRB5"
-	test_user                = "testuser1"
-	test_user_password       = "passwordvalue"
+	testuser1EType18Keytab = "05020000004b0001000b544553542e474f4b5242350009746573747573657231000000015898e0770100120020bbdc430aab7e2d4622a0b6951481453b0962e9db8e2f168942ad175cda6d9de900000001"
+	testuser1EType18ASREP  = "6b8202f3308202efa003020105a10302010ba22e302c302aa103020113a2230421301f301da003020112a1161b14544553542e474f4b524235746573747573657231a30d1b0b544553542e474f4b524235a4163014a003020101a10d300b1b09746573747573657231a582015a6182015630820152a003020105a10d1b0b544553542e474f4b524235a220301ea003020102a11730151b066b72627467741b0b544553542e474f4b524235a382011830820114a003020112a103020101a28201060482010237e486e32cd18ab1ac9f8d42e93f8babd7b3497084cc5599f18ec61961c6d5242d350354d99d67a7604c451116188d16cb719e84377212eac2743440e8c504ef69c755e489cc6b65f935dd032bfc076f9b2c56d816197845b8fe857d738bc59712787631a50e86833d1b0e4732c8712c856417a6a257758e7d01d3182adb3233f0dde65d228c240ed26aa1af69f8d765dc0bc69096fdb037a75af220fea176839528d44b70f7dabfaa2ea506de1296f847176a60c501fd8cef8e0a51399bb6d5f753962d96292e93ffe344c6630db912931d46d88c0279f00719e22d0efcfd4ee33a702d0b660c1f13970a9beec12c0c8af3dda68bd81ac1fe3f126d2a24ebb445c5a682012c30820128a003020112a282011f0482011bb149cc16018072c4c18788d95a33aba540e52c11b54a93e67e788d05de75d8f3d4aa1afafbbfa6fde3eb40e5aa1890644cea2607efd5213a3fd00345b02eeb9ae1b589f36c74c689cd4ec1239dfe61e42ba6afa33f6240e3cfab291e4abb465d273302dbf7dbd148a299a9369044dd03377c1687e7dd36aa66501284a4ca50c0a7b08f4f87aecfa23b0dd0b11490e3ad330906dab715de81fc52f120d09c39990b8b5330d4601cc396b2ed258834329c4cc02c563a12de3ef9bf11e946258bc2ab5257f4caa4d443a7daf0fc25f6f531c2fcba88af8ca55c85300997cd05abbea52811fe2d038ba8f62fc8e3bc71ce04362d356ea2e1df8ac55c784c53cfb07817d48e39fe99fc8788040d98209c79dcf044d97e80de9f47824646"
+	testRealm              = "TEST.GOKRB5"
+	testUser               = "testuser1"
+	testUserPassword       = "passwordvalue"
 )
 
 func TestUnmarshalASRep(t *testing.T) {
@@ -223,33 +223,33 @@ func TestUnmarshalEncKDCRepPart_optionalsNULL(t *testing.T) {
 
 func TestUnmarshalASRepDecodeAndDecrypt(t *testing.T) {
 	var asRep ASRep
-	b, _ := hex.DecodeString(testuser1_etype18_ASREP)
+	b, _ := hex.DecodeString(testuser1EType18ASREP)
 	err := asRep.Unmarshal(b)
 	if err != nil {
 		t.Fatalf("AS REP Unmarshal error: %v\n", err)
 	}
 	assert.Equal(t, 5, asRep.PVNO, "PVNO not as expected")
 	assert.Equal(t, 11, asRep.MsgType, "MsgType not as expected")
-	assert.Equal(t, test_realm, asRep.CRealm, "Client Realm not as expected")
+	assert.Equal(t, testRealm, asRep.CRealm, "Client Realm not as expected")
 	assert.Equal(t, 1, asRep.CName.NameType, "CName NameType not as expected")
-	assert.Equal(t, test_user, asRep.CName.NameString[0], "CName NameType not as expected")
+	assert.Equal(t, testUser, asRep.CName.NameString[0], "CName NameType not as expected")
 	assert.Equal(t, 19, asRep.PAData[0].PADataType, "PADataType not as expected")
 	assert.Equal(t, 5, asRep.Ticket.TktVNO, "TktVNO not as expected")
-	assert.Equal(t, test_realm, asRep.Ticket.Realm, "Ticket Realm not as expected")
+	assert.Equal(t, testRealm, asRep.Ticket.Realm, "Ticket Realm not as expected")
 	assert.Equal(t, 2, asRep.Ticket.SName.NameType, "Ticket service nametype not as expected")
 	assert.Equal(t, "krbtgt", asRep.Ticket.SName.NameString[0], "Ticket service name string not as expected")
-	assert.Equal(t, test_realm, asRep.Ticket.SName.NameString[1], "Ticket service name string not as expected")
+	assert.Equal(t, testRealm, asRep.Ticket.SName.NameString[1], "Ticket service name string not as expected")
 	assert.Equal(t, etypeID.ETypesByName["aes256-cts-hmac-sha1-96"], asRep.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected")
 	assert.Equal(t, 1, asRep.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected")
 	assert.Equal(t, etypeID.ETypesByName["aes256-cts-hmac-sha1-96"], asRep.EncPart.EType, "Etype of encrypted part not as expected")
 	assert.Equal(t, 0, asRep.EncPart.KVNO, "Encrypted part KVNO not as expected")
 	//t.Log("Finished testing unecrypted parts of AS REP")
-	ktb, _ := hex.DecodeString(testuser1_etype18_keytab)
+	ktb, _ := hex.DecodeString(testuser1EType18Keytab)
 	kt, err := keytab.Parse(ktb)
 	if err != nil {
 		t.Fatalf("keytab parse error: %v\n", err)
 	}
-	cred := credentials.NewCredentials(test_user, test_realm)
+	cred := credentials.NewCredentials(testUser, testRealm)
 	_, err = asRep.DecryptEncPart(cred.WithKeytab(kt))
 	if err != nil {
 		t.Fatalf("Decryption of AS_REP EncPart failed: %v", err)
@@ -262,35 +262,35 @@ func TestUnmarshalASRepDecodeAndDecrypt(t *testing.T) {
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.StartTime, "StartTime not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.EndTime, "StartTime not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.RenewTill, "RenewTill not a time type")
-	assert.Equal(t, test_realm, asRep.DecryptedEncPart.SRealm, "Service realm not as expected")
+	assert.Equal(t, testRealm, asRep.DecryptedEncPart.SRealm, "Service realm not as expected")
 	assert.Equal(t, 2, asRep.DecryptedEncPart.SName.NameType, "Name type for AS_REP not as expected")
-	assert.Equal(t, []string{"krbtgt", test_realm}, asRep.DecryptedEncPart.SName.NameString, "Service name string not as expected")
+	assert.Equal(t, []string{"krbtgt", testRealm}, asRep.DecryptedEncPart.SName.NameString, "Service name string not as expected")
 }
 
 func TestUnmarshalASRepDecodeAndDecrypt_withPassword(t *testing.T) {
 	var asRep ASRep
-	b, _ := hex.DecodeString(testuser1_etype18_ASREP)
+	b, _ := hex.DecodeString(testuser1EType18ASREP)
 	err := asRep.Unmarshal(b)
 	if err != nil {
 		t.Fatalf("AS REP Unmarshal error: %v\n", err)
 	}
 	assert.Equal(t, 5, asRep.PVNO, "PVNO not as expected")
 	assert.Equal(t, 11, asRep.MsgType, "MsgType not as expected")
-	assert.Equal(t, test_realm, asRep.CRealm, "Client Realm not as expected")
+	assert.Equal(t, testRealm, asRep.CRealm, "Client Realm not as expected")
 	assert.Equal(t, 1, asRep.CName.NameType, "CName NameType not as expected")
-	assert.Equal(t, test_user, asRep.CName.NameString[0], "CName NameType not as expected")
+	assert.Equal(t, testUser, asRep.CName.NameString[0], "CName NameType not as expected")
 	assert.Equal(t, 19, asRep.PAData[0].PADataType, "PADataType not as expected")
 	assert.Equal(t, 5, asRep.Ticket.TktVNO, "TktVNO not as expected")
-	assert.Equal(t, test_realm, asRep.Ticket.Realm, "Ticket Realm not as expected")
+	assert.Equal(t, testRealm, asRep.Ticket.Realm, "Ticket Realm not as expected")
 	assert.Equal(t, 2, asRep.Ticket.SName.NameType, "Ticket service nametype not as expected")
 	assert.Equal(t, "krbtgt", asRep.Ticket.SName.NameString[0], "Ticket service name string not as expected")
-	assert.Equal(t, test_realm, asRep.Ticket.SName.NameString[1], "Ticket service name string not as expected")
+	assert.Equal(t, testRealm, asRep.Ticket.SName.NameString[1], "Ticket service name string not as expected")
 	assert.Equal(t, etypeID.AES256_CTS_HMAC_SHA1_96, asRep.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected")
 	assert.Equal(t, 1, asRep.Ticket.EncPart.KVNO, "Ticket encrypted part KVNO not as expected")
 	assert.Equal(t, etypeID.AES256_CTS_HMAC_SHA1_96, asRep.EncPart.EType, "Etype of encrypted part not as expected")
 	assert.Equal(t, 0, asRep.EncPart.KVNO, "Encrypted part KVNO not as expected")
-	cred := credentials.NewCredentials(test_user, test_realm)
-	_, err = asRep.DecryptEncPart(cred.WithPassword(test_user_password))
+	cred := credentials.NewCredentials(testUser, testRealm)
+	_, err = asRep.DecryptEncPart(cred.WithPassword(testUserPassword))
 	if err != nil {
 		t.Fatalf("Decryption of AS_REP EncPart failed: %v", err)
 	}
@@ -302,7 +302,7 @@ func TestUnmarshalASRepDecodeAndDecrypt_withPassword(t *testing.T) {
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.StartTime, "StartTime not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.EndTime, "StartTime not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.RenewTill, "RenewTill not a time type")
-	assert.Equal(t, test_realm, asRep.DecryptedEncPart.SRealm, "Service realm not as expected")
+	assert.Equal(t, testRealm, asRep.DecryptedEncPart.SRealm, "Service realm not as expected")
 	assert.Equal(t, 2, asRep.DecryptedEncPart.SName.NameType, "Name type for AS_REP not as expected")
-	assert.Equal(t, []string{"krbtgt", test_realm}, asRep.DecryptedEncPart.SName.NameString, "Service name string not as expected")
+	assert.Equal(t, []string{"krbtgt", testRealm}, asRep.DecryptedEncPart.SName.NameString, "Service name string not as expected")
 }

messages/KDCReq.go

@@ -169,17 +169,17 @@ func NewTGSReq(cname types.PrincipalName, c *config.Config, tkt Ticket, sessionK
 	}
 	auth, err := types.NewAuthenticator(c.LibDefaults.Default_realm, cname)
 	if err != nil {
-		return a, krberror.Errorf(err, krberror.KRBMSG_ERROR, "Error generating new authenticator")
+		return a, krberror.Errorf(err, krberror.KRBMsgError, "Error generating new authenticator")
 	}
 	// Add the CName to make validation of the reply easier
 	a.ReqBody.CName = auth.CName
 	b, err := a.ReqBody.Marshal()
 	if err != nil {
-		return a, krberror.Errorf(err, krberror.ENCODING_ERROR, "Error marshaling TGS_REQ body")
+		return a, krberror.Errorf(err, krberror.EncodingError, "Error marshaling TGS_REQ body")
 	}
 	etype, err := crypto.GetEtype(sessionKey.KeyType)
 	if err != nil {
-		return a, krberror.Errorf(err, krberror.ENCRYPTING_ERROR, "Error getting etype to encrypt authenticator")
+		return a, krberror.Errorf(err, krberror.EncryptingError, "Error getting etype to encrypt authenticator")
 	}
 	cb, err := etype.GetChecksumHash(sessionKey.KeyValue, b, keyusage.TGS_REQ_PA_TGS_REQ_AP_REQ_AUTHENTICATOR_CHKSUM)
 	auth.Cksum = types.Checksum{
@@ -189,7 +189,7 @@ func NewTGSReq(cname types.PrincipalName, c *config.Config, tkt Ticket, sessionK
 	apReq, err := NewAPReq(tkt, sessionKey, auth)
 	apb, err := apReq.Marshal()
 	if err != nil {
-		return a, krberror.Errorf(err, krberror.ENCODING_ERROR, "Error marshaling AP_REQ for pre-authentication data")
+		return a, krberror.Errorf(err, krberror.EncodingError, "Error marshaling AP_REQ for pre-authentication data")
 	}
 	a.PAData = types.PADataSequence{
 		types.PAData{
@@ -205,16 +205,16 @@ func (k *ASReq) Unmarshal(b []byte) error {
 	var m marshalKDCReq
 	_, err := asn1.UnmarshalWithParams(b, &m, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.ASREQ))
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling AS_REQ")
+		return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling AS_REQ")
 	}
 	expectedMsgType := msgtype.KRB_AS_REQ
 	if m.MsgType != expectedMsgType {
-		return krberror.NewErrorf(krberror.KRBMSG_ERROR, "Message ID does not indicate a AS_REQ. Expected: %v; Actual: %v", expectedMsgType, m.MsgType)
+		return krberror.NewErrorf(krberror.KRBMsgError, "Message ID does not indicate a AS_REQ. Expected: %v; Actual: %v", expectedMsgType, m.MsgType)
 	}
 	var reqb KDCReqBody
 	err = reqb.Unmarshal(m.ReqBody.Bytes)
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error processing AS_REQ body")
+		return krberror.Errorf(err, krberror.EncodingError, "Error processing AS_REQ body")
 	}
 	k.MsgType = m.MsgType
 	k.PAData = m.PAData
@@ -228,16 +228,16 @@ func (k *TGSReq) Unmarshal(b []byte) error {
 	var m marshalKDCReq
 	_, err := asn1.UnmarshalWithParams(b, &m, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.TGSREQ))
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling TGS_REQ")
+		return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling TGS_REQ")
 	}
 	expectedMsgType := msgtype.KRB_TGS_REQ
 	if m.MsgType != expectedMsgType {
-		return krberror.NewErrorf(krberror.KRBMSG_ERROR, "Message ID does not indicate a TGS_REQ. Expected: %v; Actual: %v", expectedMsgType, m.MsgType)
+		return krberror.NewErrorf(krberror.KRBMsgError, "Message ID does not indicate a TGS_REQ. Expected: %v; Actual: %v", expectedMsgType, m.MsgType)
 	}
 	var reqb KDCReqBody
 	err = reqb.Unmarshal(m.ReqBody.Bytes)
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error processing TGS_REQ body")
+		return krberror.Errorf(err, krberror.EncodingError, "Error processing TGS_REQ body")
 	}
 	k.MsgType = m.MsgType
 	k.PAData = m.PAData
@@ -251,7 +251,7 @@ func (k *KDCReqBody) Unmarshal(b []byte) error {
 	var m marshalKDCReqBody
 	_, err := asn1.Unmarshal(b, &m)
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling KDC_REQ body")
+		return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling KDC_REQ body")
 	}
 	k.KDCOptions = m.KDCOptions
 	if len(k.KDCOptions.Bytes) < 4 {
@@ -272,7 +272,7 @@ func (k *KDCReqBody) Unmarshal(b []byte) error {
 	if len(m.AdditionalTickets.Bytes) > 0 {
 		k.AdditionalTickets, err = UnmarshalTicketsSequence(m.AdditionalTickets)
 		if err != nil {
-			return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling additional tickets")
+			return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling additional tickets")
 		}
 	}
 	return nil
@@ -298,7 +298,7 @@ func (k *ASReq) Marshal() ([]byte, error) {
 	}
 	mk, err := asn1.Marshal(m)
 	if err != nil {
-		return mk, krberror.Errorf(err, krberror.ENCODING_ERROR, "Error marshaling AS_REQ")
+		return mk, krberror.Errorf(err, krberror.EncodingError, "Error marshaling AS_REQ")
 	}
 	mk = asn1tools.AddASNAppTag(mk, asnAppTag.ASREQ)
 	return mk, nil
@@ -324,7 +324,7 @@ func (k *TGSReq) Marshal() ([]byte, error) {
 	}
 	mk, err := asn1.Marshal(m)
 	if err != nil {
-		return mk, krberror.Errorf(err, krberror.ENCODING_ERROR, "Error marshaling AS_REQ")
+		return mk, krberror.Errorf(err, krberror.EncodingError, "Error marshaling AS_REQ")
 	}
 	mk = asn1tools.AddASNAppTag(mk, asnAppTag.TGSREQ)
 	return mk, nil
@@ -348,7 +348,7 @@ func (k *KDCReqBody) Marshal() ([]byte, error) {
 	}
 	rawtkts, err := MarshalTicketSequence(k.AdditionalTickets)
 	if err != nil {
-		return b, krberror.Errorf(err, krberror.ENCODING_ERROR, "Error in marshaling KDC request body additional tickets")
+		return b, krberror.Errorf(err, krberror.EncodingError, "Error in marshaling KDC request body additional tickets")
 	}
 	//The asn1.rawValue needs the tag setting on it for where it is in the KDCReqBody
 	rawtkts.Tag = 11
@@ -357,7 +357,7 @@ func (k *KDCReqBody) Marshal() ([]byte, error) {
 	}
 	b, err = asn1.Marshal(m)
 	if err != nil {
-		return b, krberror.Errorf(err, krberror.ENCODING_ERROR, "Error in marshaling KDC request body")
+		return b, krberror.Errorf(err, krberror.EncodingError, "Error in marshaling KDC request body")
 	}
 	return b, nil
 }

messages/KRBCred.go

@@ -62,7 +62,7 @@ func (k *KRBCred) Unmarshal(b []byte) error {
 	}
 	expectedMsgType := msgtype.KRB_CRED
 	if m.MsgType != expectedMsgType {
-		return krberror.NewErrorf(krberror.KRBMSG_ERROR, "Message ID does not indicate a KRB_CRED. Expected: %v; Actual: %v", expectedMsgType, m.MsgType)
+		return krberror.NewErrorf(krberror.KRBMsgError, "Message ID does not indicate a KRB_CRED. Expected: %v; Actual: %v", expectedMsgType, m.MsgType)
 	}
 	k.PVNO = m.PVNO
 	k.MsgType = m.MsgType
@@ -70,7 +70,7 @@ func (k *KRBCred) Unmarshal(b []byte) error {
 	if len(m.Tickets.Bytes) > 0 {
 		k.Tickets, err = UnmarshalTicketsSequence(m.Tickets)
 		if err != nil {
-			return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling tickets within KRB_CRED")
+			return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling tickets within KRB_CRED")
 		}
 	}
 	return nil
@@ -80,12 +80,12 @@ func (k *KRBCred) Unmarshal(b []byte) error {
 func (k *KRBCred) DecryptEncPart(key types.EncryptionKey) error {
 	b, err := crypto.DecryptEncPart(k.EncPart, key, keyusage.KRB_CRED_ENCPART)
 	if err != nil {
-		return krberror.Errorf(err, krberror.DECRYPTING_ERROR, "Error decrypting KRB_CRED EncPart")
+		return krberror.Errorf(err, krberror.DecryptingError, "Error decrypting KRB_CRED EncPart")
 	}
 	var denc EncKrbCredPart
 	err = denc.Unmarshal(b)
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling encrypted part of KRB_CRED")
+		return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling encrypted part of KRB_CRED")
 	}
 	k.DecryptedEncPart = denc
 	return nil
@@ -95,7 +95,7 @@ func (k *KRBCred) DecryptEncPart(key types.EncryptionKey) error {
 func (k *EncKrbCredPart) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, k, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.EncKrbCredPart))
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling EncKrbCredPart")
+		return krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling EncKrbCredPart")
 	}
 	return nil
 }

messages/KRBError.go

@@ -49,11 +49,11 @@ func NewKRBError(sname types.PrincipalName, realm string, code int, etext string
 func (k *KRBError) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, k, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.KRBError))
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "KRB_ERROR unmarshal error")
+		return krberror.Errorf(err, krberror.EncodingError, "KRB_ERROR unmarshal error")
 	}
 	expectedMsgType := msgtype.KRB_ERROR
 	if k.MsgType != expectedMsgType {
-		return krberror.NewErrorf(krberror.KRBMSG_ERROR, "Message ID does not indicate a KRB_ERROR. Expected: %v; Actual: %v", expectedMsgType, k.MsgType)
+		return krberror.NewErrorf(krberror.KRBMsgError, "Message ID does not indicate a KRB_ERROR. Expected: %v; Actual: %v", expectedMsgType, k.MsgType)
 	}
 	return nil
 }
@@ -73,10 +73,10 @@ func processUnmarshalReplyError(b []byte, err error) error {
 		var krberr KRBError
 		tmperr := krberr.Unmarshal(b)
 		if tmperr != nil {
-			return krberror.Errorf(err, krberror.ENCODING_ERROR, "Failed to unmarshal KDC's reply")
+			return krberror.Errorf(err, krberror.EncodingError, "Failed to unmarshal KDC's reply")
 		}
 		return krberr
 	default:
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "Failed to unmarshal KDC's reply")
+		return krberror.Errorf(err, krberror.EncodingError, "Failed to unmarshal KDC's reply")
 	}
 }

messages/KRBPriv.go

@@ -35,7 +35,7 @@ func (k *KRBPriv) Unmarshal(b []byte) error {
 	}
 	expectedMsgType := msgtype.KRB_PRIV
 	if k.MsgType != expectedMsgType {
-		return krberror.NewErrorf(krberror.KRBMSG_ERROR, "Message ID does not indicate a KRB_PRIV. Expected: %v; Actual: %v", expectedMsgType, k.MsgType)
+		return krberror.NewErrorf(krberror.KRBMsgError, "Message ID does not indicate a KRB_PRIV. Expected: %v; Actual: %v", expectedMsgType, k.MsgType)
 	}
 	return nil
 }
@@ -44,7 +44,7 @@ func (k *KRBPriv) Unmarshal(b []byte) error {
 func (k *EncKrbPrivPart) Unmarshal(b []byte) error {
 	_, err := asn1.UnmarshalWithParams(b, k, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.EncKrbPrivPart))
 	if err != nil {
-		return krberror.Errorf(err, krberror.ENCODING_ERROR, "KRB_PRIV unmarshal error")
+		return krberror.Errorf(err, krberror.EncodingError, "KRB_PRIV unmarshal error")
 	}
 	return nil
 }

messages/KRBSafe.go

@@ -54,7 +54,7 @@ func (s *KRBSafe) Unmarshal(b []byte) error {
 	}
 	expectedMsgType := msgtype.KRB_SAFE
 	if s.MsgType != expectedMsgType {
-		return krberror.NewErrorf(krberror.KRBMSG_ERROR, "Message ID does not indicate a KRB_SAFE. Expected: %v; Actual: %v", expectedMsgType, s.MsgType)
+		return krberror.NewErrorf(krberror.KRBMsgError, "Message ID does not indicate a KRB_SAFE. Expected: %v; Actual: %v", expectedMsgType, s.MsgType)
 	}
 	return nil
 }

messages/Ticket.go

@@ -55,7 +55,7 @@ type TransitedEncoding struct {
 func NewTicket(cname types.PrincipalName, crealm string, sname types.PrincipalName, srealm string, flags asn1.BitString, sktab keytab.Keytab, eTypeID, kvno int, authTime, startTime, endTime, renewTill time.Time) (Ticket, types.EncryptionKey, error) {
 	etype, err := crypto.GetEtype(eTypeID)
 	if err != nil {
-		return Ticket{}, types.EncryptionKey{}, krberror.Errorf(err, krberror.ENCRYPTING_ERROR, "Error getting etype for new ticket")
+		return Ticket{}, types.EncryptionKey{}, krberror.Errorf(err, krberror.EncryptingError, "Error getting etype for new ticket")
 	}
 	ks := etype.GetKeyByteSize()
 	kv := make([]byte, ks, ks)
@@ -79,11 +79,11 @@ func NewTicket(cname types.PrincipalName, crealm string, sname types.PrincipalNa
 	b = asn1tools.AddASNAppTag(b, asnAppTag.EncTicketPart)
 	skey, err := sktab.GetEncryptionKey(sname.NameString, srealm, kvno, eTypeID)
 	if err != nil {
-		return Ticket{}, types.EncryptionKey{}, krberror.Errorf(err, krberror.ENCRYPTING_ERROR, "Error getting encryption key for new ticket")
+		return Ticket{}, types.EncryptionKey{}, krberror.Errorf(err, krberror.EncryptingError, "Error getting encryption key for new ticket")
 	}
 	ed, err := crypto.GetEncryptedData(b, skey, keyusage.KDC_REP_TICKET, kvno)
 	if err != nil {
-		return Ticket{}, types.EncryptionKey{}, krberror.Errorf(err, krberror.ENCRYPTING_ERROR, "Error encrypting ticket encpart")
+		return Ticket{}, types.EncryptionKey{}, krberror.Errorf(err, krberror.EncryptingError, "Error encrypting ticket encpart")
 	}
 	tkt := Ticket{
 		TktVNO:  iana.PVNO,

mstypes/group_membership.go

@@ -14,7 +14,7 @@ type GroupMembership struct {
 }
 
 // Read_GroupMembership reads a GroupMembership from the bytes slice.
-func Read_GroupMembership(b *[]byte, p *int, e *binary.ByteOrder) GroupMembership {
+func ReadGroupMembership(b *[]byte, p *int, e *binary.ByteOrder) GroupMembership {
 	r := ndr.Read_uint32(b, p, e)
 	a := ndr.Read_uint32(b, p, e)
 	return GroupMembership{
@@ -42,7 +42,7 @@ func Read_DomainGroupMembership(b *[]byte, p *int, e *binary.ByteOrder) (DomainG
 	c := ndr.Read_uint32(b, p, e)
 	g := make([]GroupMembership, c, c)
 	for i := range g {
-		g[i] = Read_GroupMembership(b, p, e)
+		g[i] = ReadGroupMembership(b, p, e)
 	}
 	return DomainGroupMembership{
 		DomainID:   d,

mstypes/user_session_key.go

@@ -16,7 +16,7 @@ type UserSessionKey struct {
 }
 
 // Read_UserSessionKey reads a UserSessionKey from the bytes slice.
-func Read_UserSessionKey(b *[]byte, p *int, e *binary.ByteOrder) UserSessionKey {
+func ReadUserSessionKey(b *[]byte, p *int, e *binary.ByteOrder) UserSessionKey {
 	cb1 := CypherBlock{
 		Data: ndr.Read_bytes(b, p, 8, e),
 	}

pac/device_info.go

@@ -40,7 +40,7 @@ func (k *DeviceInfo) Unmarshal(b []byte) error {
 	if k.AccountGroupCount > 0 {
 		ag := make([]mstypes.GroupMembership, k.AccountGroupCount, k.AccountGroupCount)
 		for i := range ag {
-			ag[i] = mstypes.Read_GroupMembership(&b, &p, e)
+			ag[i] = mstypes.ReadGroupMembership(&b, &p, e)
 		}
 		k.AccountGroupIDs = ag
 	}

pac/kerb_validation_info.go

@@ -108,7 +108,7 @@ func (k *KerbValidationInfo) Unmarshal(b []byte) (err error) {
 	k.pGroupIDs = ndr.Read_uint32(&b, &p, e)
 
 	k.UserFlags = ndr.Read_uint32(&b, &p, e)
-	k.UserSessionKey = mstypes.Read_UserSessionKey(&b, &p, e)
+	k.UserSessionKey = mstypes.ReadUserSessionKey(&b, &p, e)
 
 	k.LogonServer, err = mstypes.Read_RPC_UnicodeString(&b, &p, e)
 	k.LogonDomainName, err = mstypes.Read_RPC_UnicodeString(&b, &p, e)
@@ -152,7 +152,7 @@ func (k *KerbValidationInfo) Unmarshal(b []byte) (err error) {
 		}
 		g := make([]mstypes.GroupMembership, k.GroupCount, k.GroupCount)
 		for i := range g {
-			g[i] = mstypes.Read_GroupMembership(&b, &p, e)
+			g[i] = mstypes.ReadGroupMembership(&b, &p, e)
 		}
 		k.GroupIDs = g
 	}
@@ -205,7 +205,7 @@ func (k *KerbValidationInfo) Unmarshal(b []byte) (err error) {
 		}
 		g := make([]mstypes.GroupMembership, ac, ac)
 		for i := range g {
-			g[i] = mstypes.Read_GroupMembership(&b, &p, e)
+			g[i] = mstypes.ReadGroupMembership(&b, &p, e)
 		}
 		k.ResourceGroupIDs = g
 	}

pac/pac_type.go

@@ -22,7 +22,7 @@ type PACType struct {
 	KDCChecksum        *SignatureData
 	ClientInfo         *ClientInfo
 	S4U_DelegationInfo *S4UDelegationInfo
-	UPN_DNSInfo        *UPN_DNSInfo
+	UPN_DNSInfo        *UPNDNSInfo
 	ClientClaimsInfo   *ClientClaimsInfo
 	DeviceInfo         *DeviceInfo
 	DeviceClaimsInfo   *DeviceClaimsInfo
@@ -127,7 +127,7 @@ func (pac *PACType) ProcessPACInfoBuffers(key types.EncryptionKey) error {
 				//Must ignore subsequent buffers of this type
 				continue
 			}
-			var k UPN_DNSInfo
+			var k UPNDNSInfo
 			err := k.Unmarshal(p)
 			if err != nil {
 				return fmt.Errorf("Error processing UPN_DNSInfo: %v", err)

pac/s4u_delegation_info.go

@@ -6,14 +6,14 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
-// S4U_DelegationInfo implements https://msdn.microsoft.com/en-us/library/cc237944.aspx
+// S4UDelegationInfo implements https://msdn.microsoft.com/en-us/library/cc237944.aspx
 type S4UDelegationInfo struct {
 	S4U2proxyTarget      mstypes.RPC_UnicodeString // The name of the principal to whom the application can forward the ticket.
 	TransitedListSize    uint32
 	S4UTransitedServices []mstypes.RPC_UnicodeString // List of all services that have been delegated through by this client and subsequent services or servers.. Size is value of TransitedListSize
 }
 
-// Unmarshal bytes into the S4U_DelegationInfo struct
+// Unmarshal bytes into the S4UDelegationInfo struct
 func (k *S4UDelegationInfo) Unmarshal(b []byte) error {
 	ch, _, p, err := ndr.ReadHeaders(&b)
 	if err != nil {

pac/upn_dns_info.go

@@ -6,8 +6,8 @@ import (
 	"sort"
 )
 
-// UPN_DNSInfo implements https://msdn.microsoft.com/en-us/library/dd240468.aspx
-type UPN_DNSInfo struct {
+// UPNDNSInfo implements https://msdn.microsoft.com/en-us/library/dd240468.aspx
+type UPNDNSInfo struct {
 	UPNLength           uint16 // An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the UPN field.
 	UPNOffset           uint16 // An unsigned 16-bit integer in little-endian format that contains the offset to the beginning of the buffer, in bytes, from the beginning of the UPN_DNS_INFO structure.
 	DNSDomainNameLength uint16
@@ -18,11 +18,11 @@ type UPN_DNSInfo struct {
 }
 
 const (
-	UPN_NO_UPN_ATTR = 31 // The user account object does not have the userPrincipalName attribute ([MS-ADA3] section 2.349) set. A UPN constructed by concatenating the user name with the DNS domain name of the account domain is provided.
+	upnNoUPNAttr = 31 // The user account object does not have the userPrincipalName attribute ([MS-ADA3] section 2.349) set. A UPN constructed by concatenating the user name with the DNS domain name of the account domain is provided.
 )
 
 // Unmarshal bytes into the UPN_DNSInfo struct
-func (k *UPN_DNSInfo) Unmarshal(b []byte) error {
+func (k *UPNDNSInfo) Unmarshal(b []byte) error {
 	//The UPN_DNS_INFO structure is a simple structure that is not NDR-encoded.
 	var p int
 	var e binary.ByteOrder = binary.LittleEndian

pac/upn_dns_info_test.go

@@ -12,7 +12,7 @@ func TestUPN_DNSInfo_Unmarshal(t *testing.T) {
 	if err != nil {
 		t.Fatal("Could not decode test data hex string")
 	}
-	var k UPN_DNSInfo
+	var k UPNDNSInfo
 	err = k.Unmarshal(b)
 	if err != nil {
 		t.Fatalf("Error unmarshaling test data: %v", err)

service/APExchange.go

@@ -19,16 +19,16 @@ func ValidateAPREQ(APReq messages.APReq, kt keytab.Keytab, sa string, cAddr stri
 	var creds credentials.Credentials
 	err := APReq.Ticket.DecryptEncPart(kt, sa)
 	if err != nil {
-		return false, creds, krberror.Errorf(err, krberror.DECRYPTING_ERROR, "Error decrypting encpart of service ticket provided")
+		return false, creds, krberror.Errorf(err, krberror.DecryptingError, "Error decrypting encpart of service ticket provided")
 	}
 	ab, err := crypto.DecryptEncPart(APReq.Authenticator, APReq.Ticket.DecryptedEncPart.Key, keyusage.AP_REQ_AUTHENTICATOR)
 	if err != nil {
-		return false, creds, krberror.Errorf(err, krberror.DECRYPTING_ERROR, "Error decrypting authenticator")
+		return false, creds, krberror.Errorf(err, krberror.DecryptingError, "Error decrypting authenticator")
 	}
 	var a types.Authenticator
 	err = a.Unmarshal(ab)
 	if err != nil {
-		return false, creds, krberror.Errorf(err, krberror.ENCODING_ERROR, "Error unmarshaling authenticator")
+		return false, creds, krberror.Errorf(err, krberror.EncodingError, "Error unmarshaling authenticator")
 	}
 	// Check CName in Authenticator is the same as that in the ticket
 	if !a.CName.Equal(APReq.Ticket.DecryptedEncPart.CName) {