}, validationErrorLambda);
        });
    }

    /**
     * Adds a password validation error message to the messages object based on the error key.
     *
     * @param messages the FessMessages object to add the error to
     * @param errorKey the error key identifying the type of password validation error
     */
    protected void addPasswordValidationError(final FessMessages messages, final String errorKey) {

pkg crypto/x509, func ParseOID(string) (OID, error) #66249
pkg crypto/x509, method (*OID) UnmarshalBinary([]uint8) error #66249
pkg crypto/x509, method (*OID) UnmarshalText([]uint8) error #66249
pkg crypto/x509, method (OID) MarshalBinary() ([]uint8, error) #66249
pkg crypto/x509, method (OID) MarshalText() ([]uint8, error) #66249
pkg debug/elf, const PT_OPENBSD_NOBTCFI = 1705237480 #66054

		slog.String("sql", sql),
	}

	if rows != -1 {
		fields = append(fields, slog.Int64("rows", rows))
	}

	switch {
	case err != nil && (!l.IgnoreRecordNotFoundError || !errors.Is(err, ErrRecordNotFound)):
		fields = append(fields, slog.String("error", err.Error()))
		l.log(ctx, slog.LevelError, "SQL executed", slog.Attr{
			Key:   "trace",
			Value: slog.GroupValue(fields...),
		})

)

var (
	errInvalidAccessKeyID = errors.New("The access key ID you provided does not exist in our records")
	errAccessKeyDisabled  = errors.New("The access key you provided is disabled")
	errAuthentication     = errors.New("Authentication failed, check your access credentials")
	errNoAuthToken        = errors.New("JWT token missing")
	errSkewedAuthTime     = errors.New("Skewed authentication date/time")

func (w WebhookArgs) Validate() error {
	if !w.Enable {
		return nil
	}
	if w.Endpoint.IsEmpty() {
		return errors.New("endpoint empty")
	}
	if w.QueueDir != "" {
		if !filepath.IsAbs(w.QueueDir) {
			return errors.New("queueDir path should be absolute")
		}
	}
	if w.ClientCert != "" && w.ClientKey == "" || w.ClientCert == "" && w.ClientKey != "" {
		return errors.New("cert and key must be specified as a pair")
	}

package sql

import (
	"errors"
	"strings"
)

var (
	errMalformedEscapeSequence  = errors.New("Malformed escape sequence in LIKE clause")
	errInvalidTrimArg           = errors.New("Trim argument is invalid - this should not happen")
	errInvalidSubstringIndexLen = errors.New("Substring start index or length falls outside the string")
)

const (

		return nil, errors.New("both the access and secret keys are required")
	case conf.AWSRole && (conf.AWSRoleWebIdentityTokenFile != "" || conf.AWSRoleARN != "" || conf.AccessKey != "" || conf.SecretKey != ""):
		return nil, errors.New("AWS Role cannot be activated with static credentials or the web identity token file")
	case conf.Bucket == "":
		return nil, errors.New("no bucket name was provided")
	}

// initializeProvider initializes if any additional vendor specific information
// was provided, initialization will return an error initial login fails.
func (p *providerCfg) initializeProvider(cfgGet func(string) string, transport http.RoundTripper) error {
	vendor := cfgGet(Vendor)
	if vendor == "" {
		return nil
	}
	var err error
	switch vendor {
	case keyCloakVendor:
		adminURL := cfgGet(KeyCloakAdminURL)
		realm := cfgGet(KeyCloakRealm)

	var cfgInfos []madmin.IDPCfgInfo
	var err error
	switch idpCfgType {
	case madmin.OpenidIDPCfg:
		cfgInfos, err = globalIAMSys.OpenIDConfig.GetConfigInfo(cfg, cfgName)
	case madmin.LDAPIDPCfg:
		cfgInfos, err = globalIAMSys.LDAPConfig.GetConfigInfo(cfg, cfgName)
	}
	if err != nil {
		if errors.Is(err, openid.ErrProviderConfigNotFound) || errors.Is(err, cfgldap.ErrProviderConfigNotFound) {

	newSSHCon := newSSHConnMock("dillon=ldap")
	_, err = sshPubKeyAuth(newSSHCon, testKey)
	if err == nil || !errors.Is(err, errAuthentication) {
		c.Fatalf("expected err(%s) but got (%s)", errAuthentication, err)
	}

	newSSHCon = newSSHConnMock("dillon")
	_, err = sshPubKeyAuth(newSSHCon, testKey)
	if err == nil || !errors.Is(err, errNoSuchUser) {
		c.Fatalf("expected err(%s) but got (%s)", errNoSuchUser, err)
	}
}