Documentation

Overview

    Package credentials provides credentials management for Kerberos 5 authentication.

    Index

    Constants

    View Source
    const (
    	// AttributeKeyADCredentials assigned number for AD credentials.
    	AttributeKeyADCredentials = "gokrb5AttributeKeyADCredentials"
    )

    Variables

    This section is empty.

    Functions

    This section is empty.

    Types

    type ADCredentials

    type ADCredentials struct {
    	EffectiveName       string
    	FullName            string
    	UserID              int
    	PrimaryGroupID      int
    	LogOnTime           time.Time
    	LogOffTime          time.Time
    	PasswordLastSet     time.Time
    	GroupMembershipSIDs []string
    	LogonDomainName     string
    	LogonDomainID       string
    	LogonServer         string
    }

      ADCredentials contains information obtained from the PAC.

      type CCache

      type CCache struct {
      	Version          uint8
      	Header           header
      	DefaultPrincipal principal
      	Credentials      []*Credential
      	Path             string
      }

        CCache is the file credentials cache as define here: https://web.mit.edu/kerberos/krb5-latest/doc/formats/ccache_file_format.html

        func LoadCCache

        func LoadCCache(cpath string) (*CCache, error)

          LoadCCache loads a credential cache file into a CCache type.

          func (*CCache) Contains

          func (c *CCache) Contains(p types.PrincipalName) bool

            Contains tests if the cache contains a credential for the provided server PrincipalName

            func (*CCache) GetClientCredentials

            func (c *CCache) GetClientCredentials() *Credentials

              GetClientCredentials returns a Credentials object representing the client of the credentials cache.

              func (*CCache) GetClientPrincipalName

              func (c *CCache) GetClientPrincipalName() types.PrincipalName

                GetClientPrincipalName returns a PrincipalName type for the client the credentials cache is for.

                func (*CCache) GetClientRealm

                func (c *CCache) GetClientRealm() string

                  GetClientRealm returns the reals of the client the credentials cache is for.

                  func (*CCache) GetEntries

                  func (c *CCache) GetEntries() []*Credential

                    GetEntries filters out configuration entries an returns a slice of credentials.

                    func (*CCache) GetEntry

                    func (c *CCache) GetEntry(p types.PrincipalName) (*Credential, bool)

                      GetEntry returns a specific credential for the PrincipalName provided.

                      func (*CCache) Unmarshal

                      func (c *CCache) Unmarshal(b []byte) error

                        Unmarshal a byte slice of credential cache data into CCache type.

                        type Credential

                        type Credential struct {
                        	Client       principal
                        	Server       principal
                        	Key          types.EncryptionKey
                        	AuthTime     time.Time
                        	StartTime    time.Time
                        	EndTime      time.Time
                        	RenewTill    time.Time
                        	IsSKey       bool
                        	TicketFlags  asn1.BitString
                        	Addresses    []types.HostAddress
                        	AuthData     []types.AuthorizationDataEntry
                        	Ticket       []byte
                        	SecondTicket []byte
                        }

                          Credential holds a Kerberos client's ccache credential information.

                          type Credentials

                          type Credentials struct {
                          	// contains filtered or unexported fields
                          }

                            Credentials struct for a user. Contains either a keytab, password or both. Keytabs are used over passwords if both are defined.

                            func New

                            func New(username string, realm string) *Credentials

                              New creates a new Credentials instance.

                              func NewFromPrincipalName

                              func NewFromPrincipalName(cname types.PrincipalName, realm string) *Credentials

                                NewFromPrincipalName creates a new Credentials instance with the user details provides as a PrincipalName type.

                                func (*Credentials) AddAuthzAttribute

                                func (c *Credentials) AddAuthzAttribute(a string)

                                  AddAuthzAttribute adds an authorization attribute to the credential.

                                  func (*Credentials) Attributes

                                  func (c *Credentials) Attributes() map[string]interface{}

                                    Attributes returns the Credentials' attributes map.

                                    func (*Credentials) AuthTime

                                    func (c *Credentials) AuthTime() time.Time

                                      AuthTime returns the time the credential was authenticated.

                                      func (*Credentials) Authenticated

                                      func (c *Credentials) Authenticated() bool

                                        Authenticated indicates if the credential has been successfully authenticated or not.

                                        func (*Credentials) Authorized

                                        func (c *Credentials) Authorized(a string) bool

                                          Authorized indicates if the credential has the specified authorizing attribute.

                                          func (*Credentials) AuthzAttributes

                                          func (c *Credentials) AuthzAttributes() []string

                                            AuthzAttributes returns the credentials authorizing attributes.

                                            func (*Credentials) CName

                                            func (c *Credentials) CName() types.PrincipalName

                                              CName returns the credential's client principal name.

                                              func (*Credentials) DisableAuthzAttribute

                                              func (c *Credentials) DisableAuthzAttribute(a string)

                                                DisableAuthzAttribute toggles an authorization attribute to a disabled state on the credential.

                                                func (*Credentials) DisplayName

                                                func (c *Credentials) DisplayName() string

                                                  DisplayName returns the credential's display name.

                                                  func (*Credentials) Domain

                                                  func (c *Credentials) Domain() string

                                                    Domain returns the credential's domain.

                                                    func (*Credentials) EnableAuthzAttribute

                                                    func (c *Credentials) EnableAuthzAttribute(a string)

                                                      EnableAuthzAttribute toggles an authorization attribute to an enabled state on the credential.

                                                      func (*Credentials) Expired

                                                      func (c *Credentials) Expired() bool

                                                        Expired indicates if the credential has expired.

                                                        func (*Credentials) GetADCredentials

                                                        func (c *Credentials) GetADCredentials() ADCredentials

                                                          GetADCredentials returns ADCredentials attributes sorted in the credential

                                                          func (*Credentials) HasKeytab

                                                          func (c *Credentials) HasKeytab() bool

                                                            HasKeytab queries if the Credentials has a keytab defined.

                                                            func (*Credentials) HasPassword

                                                            func (c *Credentials) HasPassword() bool

                                                              HasPassword queries if the Credentials has a password defined.

                                                              func (*Credentials) Human

                                                              func (c *Credentials) Human() bool

                                                                Human returns if the credential represents a human or not.

                                                                func (*Credentials) JSON

                                                                func (c *Credentials) JSON() (string, error)

                                                                  JSON return details of the Credentials in a JSON format.

                                                                  func (*Credentials) Keytab

                                                                  func (c *Credentials) Keytab() *keytab.Keytab

                                                                    Keytab returns the credential's Keytab.

                                                                    func (*Credentials) Marshal

                                                                    func (c *Credentials) Marshal() ([]byte, error)

                                                                      Marshal the Credentials into a byte slice

                                                                      func (*Credentials) Password

                                                                      func (c *Credentials) Password() string

                                                                        Password returns the credential's password.

                                                                        func (*Credentials) Realm

                                                                        func (c *Credentials) Realm() string

                                                                          Realm returns the credential's realm. Same as the domain.

                                                                          func (*Credentials) RemoveAttribute

                                                                          func (c *Credentials) RemoveAttribute(k string)

                                                                            RemoveAttribute deletes an attribute from the attribute map that has the key provided.

                                                                            func (*Credentials) RemoveAuthzAttribute

                                                                            func (c *Credentials) RemoveAuthzAttribute(a string)

                                                                              RemoveAuthzAttribute removes an authorization attribute from the credential.

                                                                              func (*Credentials) SessionID

                                                                              func (c *Credentials) SessionID() string

                                                                                SessionID returns the credential's session ID.

                                                                                func (*Credentials) SetADCredentials

                                                                                func (c *Credentials) SetADCredentials(a ADCredentials)

                                                                                  SetADCredentials adds ADCredentials attributes to the credentials

                                                                                  func (*Credentials) SetAttribute

                                                                                  func (c *Credentials) SetAttribute(k string, v interface{})

                                                                                    SetAttribute sets the value of an attribute.

                                                                                    func (*Credentials) SetAttributes

                                                                                    func (c *Credentials) SetAttributes(a map[string]interface{})

                                                                                      SetAttributes replaces the attributes map with the one provided.

                                                                                      func (*Credentials) SetAuthTime

                                                                                      func (c *Credentials) SetAuthTime(t time.Time)

                                                                                        SetAuthTime sets the time the credential was authenticated.

                                                                                        func (*Credentials) SetAuthenticated

                                                                                        func (c *Credentials) SetAuthenticated(b bool)

                                                                                          SetAuthenticated sets the credential as having been successfully authenticated.

                                                                                          func (*Credentials) SetCName

                                                                                          func (c *Credentials) SetCName(pn types.PrincipalName)

                                                                                            SetCName sets the client principal name on the credential.

                                                                                            func (*Credentials) SetDisplayName

                                                                                            func (c *Credentials) SetDisplayName(s string)

                                                                                              SetDisplayName sets the display name value on the credential.

                                                                                              func (*Credentials) SetDomain

                                                                                              func (c *Credentials) SetDomain(s string)

                                                                                                SetDomain sets the domain value on the credential.

                                                                                                func (*Credentials) SetHuman

                                                                                                func (c *Credentials) SetHuman(b bool)

                                                                                                  SetHuman sets the credential as human.

                                                                                                  func (*Credentials) SetRealm

                                                                                                  func (c *Credentials) SetRealm(s string)

                                                                                                    SetRealm sets the realm value on the credential. Same as the domain

                                                                                                    func (*Credentials) SetUserName

                                                                                                    func (c *Credentials) SetUserName(s string)

                                                                                                      SetUserName sets the username value on the credential.

                                                                                                      func (*Credentials) SetValidUntil

                                                                                                      func (c *Credentials) SetValidUntil(t time.Time)

                                                                                                        SetValidUntil sets the expiry time of the credentials

                                                                                                        func (*Credentials) Unmarshal

                                                                                                        func (c *Credentials) Unmarshal(b []byte) error

                                                                                                          Unmarshal a byte slice into Credentials

                                                                                                          func (*Credentials) UserName

                                                                                                          func (c *Credentials) UserName() string

                                                                                                            UserName returns the credential's username.

                                                                                                            func (*Credentials) ValidUntil

                                                                                                            func (c *Credentials) ValidUntil() time.Time

                                                                                                              ValidUntil returns the credential's valid until date

                                                                                                              func (*Credentials) WithKeytab

                                                                                                              func (c *Credentials) WithKeytab(kt *keytab.Keytab) *Credentials

                                                                                                                WithKeytab sets the Keytab in the Credentials struct.

                                                                                                                func (*Credentials) WithPassword

                                                                                                                func (c *Credentials) WithPassword(password string) *Credentials

                                                                                                                  WithPassword sets the password in the Credentials struct.