Documentation

Overview

    Package messages implements Kerberos 5 message types and methods.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func MarshalTicketSequence

    func MarshalTicketSequence(tkts []Ticket) (asn1.RawValue, error)

      MarshalTicketSequence marshals a slice of Tickets returning an ASN1 raw value containing the ticket sequence.

      Types

      type APRep

      type APRep struct {
      	PVNO    int                 `asn1:"explicit,tag:0"`
      	MsgType int                 `asn1:"explicit,tag:1"`
      	EncPart types.EncryptedData `asn1:"explicit,tag:2"`
      }

        APRep implements RFC 4120 KRB_AP_REP: https://tools.ietf.org/html/rfc4120#section-5.5.2.

        func (*APRep) Unmarshal

        func (a *APRep) Unmarshal(b []byte) error

          Unmarshal bytes b into the APRep struct.

          type APReq

          type APReq struct {
          	PVNO          int                 `asn1:"explicit,tag:0"`
          	MsgType       int                 `asn1:"explicit,tag:1"`
          	APOptions     asn1.BitString      `asn1:"explicit,tag:2"`
          	Ticket        Ticket              `asn1:"explicit,tag:3"`
          	Authenticator types.EncryptedData `asn1:"explicit,tag:4"`
          }

            APReq implements RFC 4120 KRB_AP_REQ: https://tools.ietf.org/html/rfc4120#section-5.5.1.

            func NewAPReq

            func NewAPReq(tkt Ticket, sessionKey types.EncryptionKey, auth types.Authenticator) (APReq, error)

              NewAPReq generates a new KRB_AP_REQ struct.

              func (*APReq) Marshal

              func (a *APReq) Marshal() ([]byte, error)

                Marshal APReq struct.

                func (*APReq) Unmarshal

                func (a *APReq) Unmarshal(b []byte) error

                  Unmarshal bytes b into the APReq struct.

                  type ASRep

                  type ASRep struct {
                  	KDCRepFields
                  }

                    ASRep implements RFC 4120 KRB_AS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.

                    func (*ASRep) DecryptEncPart

                    func (k *ASRep) DecryptEncPart(c *credentials.Credentials) (types.EncryptionKey, error)

                      DecryptEncPart decrypts the encrypted part of an AS_REP.

                      func (*ASRep) IsValid

                      func (k *ASRep) IsValid(cfg *config.Config, creds *credentials.Credentials, asReq ASReq) (bool, error)

                        IsValid checks the validity of AS_REP message.

                        func (*ASRep) Unmarshal

                        func (k *ASRep) Unmarshal(b []byte) error

                          Unmarshal bytes b into the ASRep struct.

                          type ASReq

                          type ASReq struct {
                          	KDCReqFields
                          }

                            ASReq implements RFC 4120 KRB_AS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.

                            func NewASReq

                            func NewASReq(realm string, c *config.Config, cname types.PrincipalName) (ASReq, error)

                              NewASReq generates a new KRB_AS_REQ struct.

                              func (*ASReq) Marshal

                              func (k *ASReq) Marshal() ([]byte, error)

                                Marshal ASReq struct.

                                func (*ASReq) Unmarshal

                                func (k *ASReq) Unmarshal(b []byte) error

                                  Unmarshal bytes b into the ASReq struct.

                                  type EncAPRepPart

                                  type EncAPRepPart struct {
                                  	CTime          time.Time           `asn1:"generalized,explicit,tag:0"`
                                  	Cusec          int                 `asn1:"explicit,tag:1"`
                                  	Subkey         types.EncryptionKey `asn1:"optional,explicit,tag:2"`
                                  	SequenceNumber int                 `asn1:"optional,explicit,tag:3"`
                                  }

                                    EncAPRepPart is the encrypted part of KRB_AP_REP.

                                    func (*EncAPRepPart) Unmarshal

                                    func (a *EncAPRepPart) Unmarshal(b []byte) error

                                      Unmarshal bytes b into the APRep encrypted part struct.

                                      type EncKDCRepPart

                                      type EncKDCRepPart struct {
                                      	Key           types.EncryptionKey  `asn1:"explicit,tag:0"`
                                      	LastReqs      []LastReq            `asn1:"explicit,tag:1"`
                                      	Nonce         int                  `asn1:"explicit,tag:2"`
                                      	KeyExpiration time.Time            `asn1:"generalized,explicit,optional,tag:3"`
                                      	Flags         asn1.BitString       `asn1:"explicit,tag:4"`
                                      	AuthTime      time.Time            `asn1:"generalized,explicit,tag:5"`
                                      	StartTime     time.Time            `asn1:"generalized,explicit,optional,tag:6"`
                                      	EndTime       time.Time            `asn1:"generalized,explicit,tag:7"`
                                      	RenewTill     time.Time            `asn1:"generalized,explicit,optional,tag:8"`
                                      	SRealm        string               `asn1:"generalstring,explicit,tag:9"`
                                      	SName         types.PrincipalName  `asn1:"explicit,tag:10"`
                                      	CAddr         []types.HostAddress  `asn1:"explicit,optional,tag:11"`
                                      	EncPAData     types.PADataSequence `asn1:"explicit,optional,tag:12"`
                                      }

                                        EncKDCRepPart is the encrypted part of KRB_KDC_REP.

                                        func (*EncKDCRepPart) Unmarshal

                                        func (e *EncKDCRepPart) Unmarshal(b []byte) error

                                          Unmarshal bytes b into encrypted part of KRB_KDC_REP.

                                          type EncKrbCredPart

                                          type EncKrbCredPart struct {
                                          	TicketInfo []KrbCredInfo     `asn1:"explicit,tag:0"`
                                          	Nouce      int               `asn1:"optional,explicit,tag:1"`
                                          	Timestamp  time.Time         `asn1:"generalized,optional,explicit,tag:2"`
                                          	Usec       int               `asn1:"optional,explicit,tag:3"`
                                          	SAddress   types.HostAddress `asn1:"optional,explicit,tag:4"`
                                          	RAddress   types.HostAddress `asn1:"optional,explicit,tag:5"`
                                          }

                                            EncKrbCredPart is the encrypted part of KRB_CRED.

                                            func (*EncKrbCredPart) Unmarshal

                                            func (k *EncKrbCredPart) Unmarshal(b []byte) error

                                              Unmarshal bytes b into the encrypted part of KRB_CRED.

                                              type EncKrbPrivPart

                                              type EncKrbPrivPart struct {
                                              	UserData       []byte            `asn1:"explicit,tag:0"`
                                              	Timestamp      time.Time         `asn1:"generalized,optional,explicit,tag:1"`
                                              	Usec           int               `asn1:"optional,explicit,tag:2"`
                                              	SequenceNumber int               `asn1:"optional,explicit,tag:3"`
                                              	SAddress       types.HostAddress `asn1:"explicit,tag:4"`
                                              	RAddress       types.HostAddress `asn1:"optional,explicit,tag:5"`
                                              }

                                                EncKrbPrivPart is the encrypted part of KRB_PRIV.

                                                func (*EncKrbPrivPart) Unmarshal

                                                func (k *EncKrbPrivPart) Unmarshal(b []byte) error

                                                  Unmarshal bytes b into the EncKrbPrivPart struct.

                                                  type EncTicketPart

                                                  type EncTicketPart struct {
                                                  	Flags             asn1.BitString          `asn1:"explicit,tag:0"`
                                                  	Key               types.EncryptionKey     `asn1:"explicit,tag:1"`
                                                  	CRealm            string                  `asn1:"generalstring,explicit,tag:2"`
                                                  	CName             types.PrincipalName     `asn1:"explicit,tag:3"`
                                                  	Transited         TransitedEncoding       `asn1:"explicit,tag:4"`
                                                  	AuthTime          time.Time               `asn1:"generalized,explicit,tag:5"`
                                                  	StartTime         time.Time               `asn1:"generalized,explicit,optional,tag:6"`
                                                  	EndTime           time.Time               `asn1:"generalized,explicit,tag:7"`
                                                  	RenewTill         time.Time               `asn1:"generalized,explicit,optional,tag:8"`
                                                  	CAddr             types.HostAddresses     `asn1:"explicit,optional,tag:9"`
                                                  	AuthorizationData types.AuthorizationData `asn1:"explicit,optional,tag:10"`
                                                  }

                                                    EncTicketPart is the encrypted part of the Ticket.

                                                    func (*EncTicketPart) Unmarshal

                                                    func (t *EncTicketPart) Unmarshal(b []byte) error

                                                      Unmarshal bytes b into the EncTicketPart struct.

                                                      type KDCRepFields

                                                      type KDCRepFields struct {
                                                      	PVNO             int
                                                      	MsgType          int
                                                      	PAData           []types.PAData
                                                      	CRealm           string
                                                      	CName            types.PrincipalName
                                                      	Ticket           Ticket
                                                      	EncPart          types.EncryptedData
                                                      	DecryptedEncPart EncKDCRepPart
                                                      }

                                                        KDCRepFields represents the KRB_KDC_REP fields.

                                                        type KDCReqBody

                                                        type KDCReqBody struct {
                                                        	KDCOptions        asn1.BitString      `asn1:"explicit,tag:0"`
                                                        	CName             types.PrincipalName `asn1:"explicit,optional,tag:1"`
                                                        	Realm             string              `asn1:"generalstring,explicit,tag:2"`
                                                        	SName             types.PrincipalName `asn1:"explicit,optional,tag:3"`
                                                        	From              time.Time           `asn1:"generalized,explicit,optional,tag:4"`
                                                        	Till              time.Time           `asn1:"generalized,explicit,tag:5"`
                                                        	RTime             time.Time           `asn1:"generalized,explicit,optional,tag:6"`
                                                        	Nonce             int                 `asn1:"explicit,tag:7"`
                                                        	EType             []int               `asn1:"explicit,tag:8"`
                                                        	Addresses         []types.HostAddress `asn1:"explicit,optional,tag:9"`
                                                        	EncAuthData       types.EncryptedData `asn1:"explicit,optional,tag:10"`
                                                        	AdditionalTickets []Ticket            `asn1:"explicit,optional,tag:11"`
                                                        }

                                                          KDCReqBody implements the KRB_KDC_REQ request body.

                                                          func (*KDCReqBody) Marshal

                                                          func (k *KDCReqBody) Marshal() ([]byte, error)

                                                            Marshal KRB_KDC_REQ body struct.

                                                            func (*KDCReqBody) Unmarshal

                                                            func (k *KDCReqBody) Unmarshal(b []byte) error

                                                              Unmarshal bytes b into the KRB_KDC_REQ body struct.

                                                              type KDCReqFields

                                                              type KDCReqFields struct {
                                                              	PVNO    int
                                                              	MsgType int
                                                              	PAData  types.PADataSequence
                                                              	ReqBody KDCReqBody
                                                              	Renewal bool
                                                              }

                                                                KDCReqFields represents the KRB_KDC_REQ fields.

                                                                type KRBCred

                                                                type KRBCred struct {
                                                                	PVNO             int
                                                                	MsgType          int
                                                                	Tickets          []Ticket
                                                                	EncPart          types.EncryptedData
                                                                	DecryptedEncPart EncKrbCredPart
                                                                }

                                                                  KRBCred implements RFC 4120 KRB_CRED: https://tools.ietf.org/html/rfc4120#section-5.8.1.

                                                                  func (*KRBCred) DecryptEncPart

                                                                  func (k *KRBCred) DecryptEncPart(key types.EncryptionKey) error

                                                                    DecryptEncPart decrypts the encrypted part of a KRB_CRED.

                                                                    func (*KRBCred) Unmarshal

                                                                    func (k *KRBCred) Unmarshal(b []byte) error

                                                                      Unmarshal bytes b into the KRBCred struct.

                                                                      type KRBError

                                                                      type KRBError struct {
                                                                      	PVNO      int                 `asn1:"explicit,tag:0"`
                                                                      	MsgType   int                 `asn1:"explicit,tag:1"`
                                                                      	CTime     time.Time           `asn1:"generalized,optional,explicit,tag:2"`
                                                                      	Cusec     int                 `asn1:"optional,explicit,tag:3"`
                                                                      	STime     time.Time           `asn1:"generalized,explicit,tag:4"`
                                                                      	Susec     int                 `asn1:"explicit,tag:5"`
                                                                      	ErrorCode int                 `asn1:"explicit,tag:6"`
                                                                      	CRealm    string              `asn1:"generalstring,optional,explicit,tag:7"`
                                                                      	CName     types.PrincipalName `asn1:"optional,explicit,tag:8"`
                                                                      	Realm     string              `asn1:"generalstring,explicit,tag:9"`
                                                                      	SName     types.PrincipalName `asn1:"explicit,tag:10"`
                                                                      	EText     string              `asn1:"generalstring,optional,explicit,tag:11"`
                                                                      	EData     []byte              `asn1:"optional,explicit,tag:12"`
                                                                      }

                                                                        KRBError implements RFC 4120 KRB_ERROR: https://tools.ietf.org/html/rfc4120#section-5.9.1.

                                                                        func NewKRBError

                                                                        func NewKRBError(sname types.PrincipalName, realm string, code int, etext string) KRBError

                                                                          NewKRBError creates a new KRBError.

                                                                          func (KRBError) Error

                                                                          func (k KRBError) Error() string

                                                                            Error method implementing error interface on KRBError struct.

                                                                            func (*KRBError) Unmarshal

                                                                            func (k *KRBError) Unmarshal(b []byte) error

                                                                              Unmarshal bytes b into the KRBError struct.

                                                                              type KRBPriv

                                                                              type KRBPriv struct {
                                                                              	PVNO    int                 `asn1:"explicit,tag:0"`
                                                                              	MsgType int                 `asn1:"explicit,tag:1"`
                                                                              	EncPart types.EncryptedData `asn1:"explicit,tag:3"`
                                                                              }

                                                                                KRBPriv implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.7.1.

                                                                                func (*KRBPriv) Unmarshal

                                                                                func (k *KRBPriv) Unmarshal(b []byte) error

                                                                                  Unmarshal bytes b into the KRBPriv struct.

                                                                                  type KRBSafe

                                                                                  type KRBSafe struct {
                                                                                  	PVNO     int            `asn1:"explicit,tag:0"`
                                                                                  	MsgType  int            `asn1:"explicit,tag:1"`
                                                                                  	SafeBody KRBSafeBody    `asn1:"explicit,tag:2"`
                                                                                  	Cksum    types.Checksum `asn1:"explicit,tag:3"`
                                                                                  }

                                                                                    KRBSafe implements RFC 4120 KRB_SAFE: https://tools.ietf.org/html/rfc4120#section-5.6.1.

                                                                                    func (*KRBSafe) Unmarshal

                                                                                    func (s *KRBSafe) Unmarshal(b []byte) error

                                                                                      Unmarshal bytes b into the KRBSafe struct.

                                                                                      type KRBSafeBody

                                                                                      type KRBSafeBody struct {
                                                                                      	UserData       []byte            `asn1:"explicit,tag:0"`
                                                                                      	Timestamp      time.Time         `asn1:"generalized,optional,explicit,tag:1"`
                                                                                      	Usec           int               `asn1:"optional,explicit,tag:2"`
                                                                                      	SequenceNumber int               `asn1:"optional,explicit,tag:3"`
                                                                                      	SAddress       types.HostAddress `asn1:"explicit,tag:4"`
                                                                                      	RAddress       types.HostAddress `asn1:"optional,explicit,tag:5"`
                                                                                      }

                                                                                        KRBSafeBody implements the KRB_SAFE_BODY of KRB_SAFE.

                                                                                        type KrbCredInfo

                                                                                        type KrbCredInfo struct {
                                                                                        	Key       types.EncryptionKey `asn1:"explicit,tag:0"`
                                                                                        	PRealm    string              `asn1:"generalstring,optional,explicit,tag:1"`
                                                                                        	PName     types.PrincipalName `asn1:"optional,explicit,tag:2"`
                                                                                        	Flags     asn1.BitString      `asn1:"optional,explicit,tag:3"`
                                                                                        	AuthTime  time.Time           `asn1:"generalized,optional,explicit,tag:4"`
                                                                                        	StartTime time.Time           `asn1:"generalized,optional,explicit,tag:5"`
                                                                                        	EndTime   time.Time           `asn1:"generalized,optional,explicit,tag:6"`
                                                                                        	RenewTill time.Time           `asn1:"generalized,optional,explicit,tag:7"`
                                                                                        	SRealm    string              `asn1:"optional,explicit,ia5,tag:8"`
                                                                                        	SName     types.PrincipalName `asn1:"optional,explicit,tag:9"`
                                                                                        	CAddr     types.HostAddresses `asn1:"optional,explicit,tag:10"`
                                                                                        }

                                                                                          KrbCredInfo is the KRB_CRED_INFO part of KRB_CRED.

                                                                                          type LastReq

                                                                                          type LastReq struct {
                                                                                          	LRType  int       `asn1:"explicit,tag:0"`
                                                                                          	LRValue time.Time `asn1:"generalized,explicit,tag:1"`
                                                                                          }

                                                                                            LastReq part of KRB_KDC_REP.

                                                                                            type TGSRep

                                                                                            type TGSRep struct {
                                                                                            	KDCRepFields
                                                                                            }

                                                                                              TGSRep implements RFC 4120 KRB_TGS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.

                                                                                              func (*TGSRep) DecryptEncPart

                                                                                              func (k *TGSRep) DecryptEncPart(key types.EncryptionKey) error

                                                                                                DecryptEncPart decrypts the encrypted part of an TGS_REP.

                                                                                                func (*TGSRep) IsValid

                                                                                                func (k *TGSRep) IsValid(cfg *config.Config, tgsReq TGSReq) (bool, error)

                                                                                                  IsValid checks the validity of the TGS_REP message.

                                                                                                  func (*TGSRep) Unmarshal

                                                                                                  func (k *TGSRep) Unmarshal(b []byte) error

                                                                                                    Unmarshal bytes b into the TGSRep struct.

                                                                                                    type TGSReq

                                                                                                    type TGSReq struct {
                                                                                                    	KDCReqFields
                                                                                                    }

                                                                                                      TGSReq implements RFC 4120 KRB_TGS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.

                                                                                                      func NewTGSReq

                                                                                                      func NewTGSReq(cname types.PrincipalName, kdcRealm string, c *config.Config, tkt Ticket, sessionKey types.EncryptionKey, spn types.PrincipalName, renewal bool) (TGSReq, error)

                                                                                                        NewTGSReq generates a new KRB_TGS_REQ struct.

                                                                                                        func (*TGSReq) Marshal

                                                                                                        func (k *TGSReq) Marshal() ([]byte, error)

                                                                                                          Marshal TGSReq struct.

                                                                                                          func (*TGSReq) Unmarshal

                                                                                                          func (k *TGSReq) Unmarshal(b []byte) error

                                                                                                            Unmarshal bytes b into the TGSReq struct.

                                                                                                            type Ticket

                                                                                                            type Ticket struct {
                                                                                                            	TktVNO           int                 `asn1:"explicit,tag:0"`
                                                                                                            	Realm            string              `asn1:"generalstring,explicit,tag:1"`
                                                                                                            	SName            types.PrincipalName `asn1:"explicit,tag:2"`
                                                                                                            	EncPart          types.EncryptedData `asn1:"explicit,tag:3"`
                                                                                                            	DecryptedEncPart EncTicketPart       `asn1:"optional"` // Not part of ASN1 bytes so marked as optional so unmarshalling works
                                                                                                            }

                                                                                                              Ticket implements the Kerberos ticket.

                                                                                                              func NewTicket

                                                                                                              func NewTicket(cname types.PrincipalName, crealm string, sname types.PrincipalName, srealm string, flags asn1.BitString, sktab keytab.Keytab, eTypeID, kvno int, authTime, startTime, endTime, renewTill time.Time) (Ticket, types.EncryptionKey, error)

                                                                                                                NewTicket creates a new Ticket instance.

                                                                                                                func UnmarshalTicket

                                                                                                                func UnmarshalTicket(b []byte) (t Ticket, err error)

                                                                                                                  UnmarshalTicket returns a ticket from the bytes provided.

                                                                                                                  func UnmarshalTicketsSequence

                                                                                                                  func UnmarshalTicketsSequence(in asn1.RawValue) ([]Ticket, error)

                                                                                                                    UnmarshalTicketsSequence returns a slice of Tickets from a raw ASN1 value.

                                                                                                                    func (*Ticket) DecryptEncPart

                                                                                                                    func (t *Ticket) DecryptEncPart(keytab keytab.Keytab, sa string) error

                                                                                                                      DecryptEncPart decrypts the encrypted part of the ticket.

                                                                                                                      func (*Ticket) GetPACType

                                                                                                                      func (t *Ticket) GetPACType(keytab keytab.Keytab, sa string) (bool, pac.PACType, error)

                                                                                                                        GetPACType returns a Microsoft PAC that has been extracted from the ticket and processed.

                                                                                                                        func (*Ticket) Marshal

                                                                                                                        func (t *Ticket) Marshal() ([]byte, error)

                                                                                                                          Marshal the Ticket.

                                                                                                                          func (*Ticket) Unmarshal

                                                                                                                          func (t *Ticket) Unmarshal(b []byte) error

                                                                                                                            Unmarshal bytes b into a Ticket struct.

                                                                                                                            type TransitedEncoding

                                                                                                                            type TransitedEncoding struct {
                                                                                                                            	TRType   int    `asn1:"explicit,tag:0"`
                                                                                                                            	Contents []byte `asn1:"explicit,tag:1"`
                                                                                                                            }

                                                                                                                              TransitedEncoding part of the ticket's encrypted part.