*/
package jcifs.pac.kerberos;

/**
 * Constants used in Kerberos protocol implementation.
 */
public interface KerberosConstants {

    /** Kerberos OID identifier */
    String KERBEROS_OID = "1.2.840.113554.1.2.2";
    /** Kerberos protocol version */
    String KERBEROS_VERSION = "5";

    /** Kerberos AP-REQ message type */
    String KERBEROS_AP_REQ = "14";

	[op(0x07)]
	int SamrOpenDomain([in] policy_handle *handle,
			[in] uint32_t access_mask,
			[in] sid_t *sid,
			[out] policy_handle *domain_handle);

	typedef struct {
		uint32_t idx;
		unicode_string name;
	} SamrSamEntry;

	typedef struct {
		uint32_t count;
		[size_is(count)] SamrSamEntry *entries;
	} SamrSamArray;

	[op(0x0f)]

	for idx, t := range proxyTargets.Targets {
		tgt := globalBucketTargetSys.GetRemoteTargetClient(bucket, t.Arn)
		if tgt == nil || globalBucketTargetSys.isOffline(tgt.EndpointURL()) {
			continue
		}
		// if proxying explicitly disabled on remote target
		if tgt.disableProxy {
			continue
		}
		idx := idx
		wg.Add(1)
		go func(idx int, tgt *TargetClient) {
			defer wg.Done()

	tgts := sys.targetsMap[bucket]
	newtgts := make([]madmin.BucketTarget, len(tgts))
	found := false
	for idx, t := range tgts {
		if t.Type == tgt.Type {
			if t.Arn == tgt.Arn {
				if !update {
					return BucketRemoteAlreadyExists{Bucket: t.TargetBucket}
				}
				newtgts[idx] = *tgt
				found = true
				continue
			}
			// fail if endpoint is already present in list of targets and not a matching ARN

	if l.LastMin >= t {
		return
	}
	if t-l.LastMin >= 60 {
		l.Totals = [60]AccElem{}
		return
	}
	for l.LastMin != t {
		// Clear next element.
		idx := (l.LastMin + 1) % 60
		l.Totals[idx] = AccElem{}
		l.LastMin++
	}
}

// BucketStatsMap captures bucket statistics for all buckets
type BucketStatsMap struct {
	Stats     map[string]BucketStats
	Timestamp time.Time
}

        }

        /** The relative ID (RID) of the SAM entry */
        public int idx;
        /** The name of the SAM entry */
        public rpc.unicode_string name;

        @Override
        public void encode(NdrBuffer _dst) throws NdrException {
            _dst.align(4);
            _dst.enc_ndr_long(this.idx);
            _dst.enc_ndr_short(this.name.length);

        }

        /** The relative ID (RID) of the SAM entry */
        public int idx;
        /** The name of the SAM entry */
        public rpc.unicode_string name;

        @Override
        public void encode(NdrBuffer _dst) throws NdrException {
            _dst.align(4);
            _dst.enc_ndr_long(idx);
            _dst.enc_ndr_short(name.length);
            _dst.enc_ndr_short(name.maximum_length);

field, [`Policies`](/pkg/crypto/x509/#Certificate.Policies), which supports
certificate policy OIDs with components larger than 31 bits. By default this
field is only used during parsing, when it is populated with policy OIDs, but
not used during marshaling. It can be used to marshal these larger OIDs, instead
of the existing PolicyIdentifiers field, by using the
[`x509usepolicies` setting](/pkg/crypto/x509/#CreateCertificate).

    /**
     * The NTLMSSP OID (1.3.6.1.4.1.311.2.2.10) used in SPNEGO negotiation.
     */
    public static ASN1ObjectIdentifier NTLMSSP_OID;

    static {
        try {
            NTLMSSP_OID = new ASN1ObjectIdentifier("1.3.6.1.4.1.311.2.2.10");
        } catch (final IllegalArgumentException e) {
            log.error("Failed to parse OID", e);
        }
    }

			APIErr := errorCodes.ToAPIErrWithErr(ErrAdminNoSuchUser, err)
			writeErrorResponseJSON(ctx, w, APIErr, r.URL)
			return
		}

		// In case of LDAP/OIDC we need to set `opts.claims` to ensure
		// it is associated with the LDAP/OIDC user properly.
		for k, v := range cred.Claims {
			if k == expClaim {
				continue
			}
			opts.claims[k] = v
		}
	} else {