client

package
v8.4.4+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 25, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Package client provides a client library and methods for Kerberos 5 authentication.

Index

Constants

View Source
const (
	KRB5_KPASSWD_SUCCESS             = 0
	KRB5_KPASSWD_MALFORMED           = 1
	KRB5_KPASSWD_HARDERROR           = 2
	KRB5_KPASSWD_AUTHERROR           = 3
	KRB5_KPASSWD_SOFTERROR           = 4
	KRB5_KPASSWD_ACCESSDENIED        = 5
	KRB5_KPASSWD_BAD_VERSION         = 6
	KRB5_KPASSWD_INITIAL_FLAG_NEEDED = 7
)

Kpasswd server response codes.

Variables

This section is empty.

Functions

func AssumePreAuthentication

func AssumePreAuthentication(b bool) func(*Settings)

AssumePreAuthentication used to configure the client to assume pre-authentication is required.

s := NewSettings(AssumePreAuthentication(true))

func DisablePAFXFAST

func DisablePAFXFAST(b bool) func(*Settings)

DisablePAFXFAST used to configure the client to not use PA_FX_FAST.

s := NewSettings(DisablePAFXFAST(true))

func Logger

func Logger(l *log.Logger) func(*Settings)

Logger used to configure client with a logger.

s := NewSettings(kt, Logger(l))

Types

type Cache

type Cache struct {
	Entries map[string]CacheEntry
	// contains filtered or unexported fields
}

Cache for service tickets held by the client.

func NewCache

func NewCache() *Cache

NewCache creates a new client ticket cache instance.

func (*Cache) RemoveEntry

func (c *Cache) RemoveEntry(spn string)

RemoveEntry removes the cache entry for the defined SPN.

type CacheEntry

type CacheEntry struct {
	Ticket     messages.Ticket
	AuthTime   time.Time
	StartTime  time.Time
	EndTime    time.Time
	RenewTill  time.Time
	SessionKey types.EncryptionKey
}

CacheEntry holds details for a cache entry.

type Client

type Client struct {
	Credentials *credentials.Credentials
	Config      *config.Config
	// contains filtered or unexported fields
}

Client side configuration and state.

func NewClientFromCCache

func NewClientFromCCache(c *credentials.CCache, krb5conf *config.Config, settings ...func(*Settings)) (*Client, error)

NewClientFromCCache create a client from a populated client cache.

WARNING: A client created from CCache does not automatically renew TGTs and a failure will occur after the TGT expires.

func NewClientWithKeytab

func NewClientWithKeytab(username, realm string, kt *keytab.Keytab, krb5conf *config.Config, settings ...func(*Settings)) *Client

NewClientWithKeytab creates a new client from a keytab credential.

func NewClientWithPassword

func NewClientWithPassword(username, realm, password string, krb5conf *config.Config, settings ...func(*Settings)) *Client

NewClientWithPassword creates a new client from a password credential. Set the realm to empty string to use the default realm from config.

func (*Client) ASExchange

func (cl *Client) ASExchange(realm string, ASReq messages.ASReq, referral int) (messages.ASRep, error)

ASExchange performs an AS exchange for the client to retrieve a TGT.

func (*Client) AffirmLogin

func (cl *Client) AffirmLogin() error

AffirmLogin will only perform an AS exchange with the KDC if the client does not already have a TGT.

func (*Client) ChangePasswd

func (cl *Client) ChangePasswd(newPasswd string) (bool, error)

ChangePasswd changes the password of the client to the value provided.

func (*Client) Destroy

func (cl *Client) Destroy()

Destroy stops the auto-renewal of all sessions and removes the sessions and cache entries from the client.

func (*Client) GetCachedTicket

func (cl *Client) GetCachedTicket(spn string) (messages.Ticket, types.EncryptionKey, bool)

GetCachedTicket returns a ticket from the cache for the SPN. Only a ticket that is currently valid will be returned.

func (*Client) GetServiceTicket

func (cl *Client) GetServiceTicket(spn string) (messages.Ticket, types.EncryptionKey, error)

GetServiceTicket makes a request to get a service ticket for the SPN specified SPN format: <SERVICE>/<FQDN> Eg. HTTP/www.example.com The ticket will be added to the client's ticket cache

func (*Client) IsConfigured

func (cl *Client) IsConfigured() (bool, error)

IsConfigured indicates if the client has the values required set.

func (*Client) Key

func (cl *Client) Key(etype etype.EType, krberr *messages.KRBError) (types.EncryptionKey, error)

Key returns the client's encryption key for the specified encryption type. The key can be retrieved either from the keytab or generated from the client's password. If the client has both a keytab and a password defined the keytab is favoured as the source for the key A KRBError can be passed in the event the KDC returns one of type KDC_ERR_PREAUTH_REQUIRED and is required to derive the key for pre-authentication from the client's password. If a KRBError is not available, pass nil to this argument.

func (*Client) Log

func (cl *Client) Log(format string, v ...interface{})

Log will write to the service's logger if it is configured.

func (*Client) Login

func (cl *Client) Login() error

Login the client with the KDC via an AS exchange.

func (*Client) TGSExchange

func (cl *Client) TGSExchange(tgsReq messages.TGSReq, kdcRealm string, tgt messages.Ticket, sessionKey types.EncryptionKey, referral int) (messages.TGSReq, messages.TGSRep, error)

TGSExchange exchanges the provided TGS_REQ with the KDC to retrieve a TGS_REP. Referrals are automatically handled. The client's cache is updated with the ticket received.

func (*Client) TGSREQGenerateAndExchange

func (cl *Client) TGSREQGenerateAndExchange(spn types.PrincipalName, kdcRealm string, tgt messages.Ticket, sessionKey types.EncryptionKey, renewal bool) (tgsReq messages.TGSReq, tgsRep messages.TGSRep, err error)

TGSREQGenerateAndExchange generates the TGS_REQ and performs a TGS exchange to retrieve a ticket to the specified SPN.

type Settings

type Settings struct {
	// contains filtered or unexported fields
}

Settings holds optional client settings.

func NewSettings

func NewSettings(settings ...func(*Settings)) *Settings

NewSettings creates a new client settings struct.

func (*Settings) AssumePreAuthentication

func (s *Settings) AssumePreAuthentication() bool

AssumePreAuthentication indicates if the client should proactively assume using pre-authentication.

func (*Settings) DisablePAFXFAST

func (s *Settings) DisablePAFXFAST() bool

DisablePAFXFAST indicates is the client should disable the use of PA_FX_FAST.

func (*Settings) Logger

func (s *Settings) Logger() *log.Logger

Logger returns the client logger instance.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL