gosasl

package module
v0.0.0-...-51c871f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2022 License: MIT Imports: 8 Imported by: 0

README

Go SASL library

See README.md at github.com/beltran/gosasl this repository adds dynamic linking library interface to support windows platform from github.com/beltran/gosasl

Installation

Gosasl can be installed with:

go get github.com/Sikurity/gosasl

To add kerberos support gosasl requires header files to build against the GSSAPI C library. They can be installed with:

  • Ubuntu: apt-get install libkrb5-dev
  • MacOS: brew install homebrew/dupes/heimdal --without-x11
  • Debian: yum install -y krb5-devel
  • Windows: choco install mitkerberos --install-arguments="ADDLOCAL=all"

Then:

go get -tags kerberos github.com/Sikurity/gosasl

Example Usage

    mechanism, err := NewGSSAPIMechanism("service")
	if err != nil {
		log.Fatal(err)
    }    
    conn = getConnection("somehost")
    client := NewSaslClientWithMechanism("somehost", mechanism)
    response, err := client.Start()
    if err != nil {
		log.Fatal(err)
    }
    conn.sendResponse(response)

    for true {
        status, challenge = conn.getChallenge()
        if status == COMPLETE {
            break
        } else if status == OK {
            response = client.Step(challenge)
            conn.sendResponse(response)
        } else {
            log.Fatal("Failed to establish connection")
        }
    }
    if !client.Complete() {
        log.Fatal("SASL negotiation did not complete")
    }

    // begin normal communication
    encoded := conn.fetchData()
    decoded := client.Decode(encoded)
    response = processData(decoded)
    conn.sendData(client.Encode(response))

    client.Dispose()

Documentation

Index

Constants

View Source 
const DEFAULT_MAX_LENGTH = 16384000

DEFAULT_MAX_LENGTH is the max length that will be requested in the negotiation It can be set with gssapiMechanism.MaxLength = 1000

Variables

View Source 
var AUTH = "auth"

AUTH if the flag used for just basic auth, no confidentiality

View Source 
var AUTH_CONF = "auth-conf"

AUTH_CONF is the flag for authentication and confidentiality. It the most secure option.

View Source 
var AUTH_INT = "auth-int"

AUTH_INT is the flag for authentication and integrety

View Source 
var QOP_TO_FLAG = map[string]byte{
	AUTH:      1,
	AUTH_INT:  2,
	AUTH_CONF: 4,
}

QOP_TO_FLAG is a dict that translate the string flag name into the actual bit It can be used wiht gssapiMechanism.UserSelectQop = QOP_TO_FLAG[AUTH_CONF] | QOP_TO_FLAG[AUTH_INT]

Functions

This section is empty.

Types

type AnonymousMechanism 

type AnonymousMechanism struct {
	// contains filtered or unexported fields
}

AnonymousMechanism corresponds to NONE/ Anonymous SASL mechanism

func NewAnonymousMechanism 

func NewAnonymousMechanism() *AnonymousMechanism

NewAnonymousMechanism returns a new AnonymousMechanism

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is the entry point for usage of this library

func NewSaslClient 

func NewSaslClient(host string, mechanism Mechanism) *Client

NewSaslClient creates a new client given a host and a mechanism

func (*Client) Complete 

func (client *Client) Complete() bool

Complete returns true if the handshake has ended

func (*Client) Decode 

func (client *Client) Decode(incoming []byte) ([]byte, error)

Decode is used on the incoming data to produce the usable bytes

func (*Client) Dispose 

func (client *Client) Dispose()

Dispose eliminates sensitive information

func (*Client) Encode 

func (client *Client) Encode(outgoing []byte) ([]byte, error)

Encode is applied on the outgoing bytes to secure them usually

func (*Client) GetConfig 

func (client *Client) GetConfig() *MechanismConfig

GetConfig returns the configuration of the mechanism

func (*Client) Start 

func (client *Client) Start() ([]byte, error)

Start initializes the client and may generate the first challenge

func (*Client) Step 

func (client *Client) Step(challenge []byte) ([]byte, error)

Step is used for the initial handshake

type CramMD5Mechanism 

type CramMD5Mechanism struct {
	*PlainMechanism
}

CramMD5Mechanism corresponds to PLAIN SASL mechanism

func NewCramMD5Mechanism 

func NewCramMD5Mechanism(username string, password string) *CramMD5Mechanism

NewCramMD5Mechanism returns a new PlainMechanism

type DigestMD5Mechanism 

type DigestMD5Mechanism struct {
	// contains filtered or unexported fields
}

DigestMD5Mechanism corresponds to PLAIN SASL mechanism

func NewDigestMD5Mechanism 

func NewDigestMD5Mechanism(service string, username string, password string) *DigestMD5Mechanism

NewDigestMD5Mechanism returns a new PlainMechanism

type GSSAPIMechanism 

type GSSAPIMechanism struct {
	// contains filtered or unexported fields
}

GSSAPIMechanism corresponds to GSSAPI SASL mechanism

func NewGSSAPIMechanism 

func NewGSSAPIMechanism(service string) (mechanism *GSSAPIMechanism, err error)

NewGSSAPIMechanism returns a new GSSAPIMechanism

type Mechanism 

type Mechanism interface {
	// contains filtered or unexported methods
}

Mechanism is the common interface for all mechanisms

type MechanismConfig 

type MechanismConfig struct {

	// It can be set with mechanism.getConfig().AuthorizationID = "authorizationId"
	AuthorizationID string
	// contains filtered or unexported fields
}

MechanismConfig is the configuration to use for mechanisms

type PlainMechanism 

type PlainMechanism struct {
	// contains filtered or unexported fields
}

PlainMechanism corresponds to PLAIN SASL mechanism

func NewPlainMechanism 

func NewPlainMechanism(username string, password string) *PlainMechanism

NewPlainMechanism returns a new PlainMechanism

type QOP 

type QOP []byte

QOP is the byte that holds the QOP flags

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.