Documentation ¶
Overview ¶
Package gssapi implements Generic Security Services Application Program Interface required for SPNEGO kerberos authentication.
Index ¶
- Constants
- Variables
- func NewAuthenticator(creds credentials.Credentials, keyType int, flags []int) (types.Authenticator, error)
- func NewKRB5APREQMechToken(creds credentials.Credentials, tkt messages.Ticket, ...) ([]byte, error)
- func UnmarshalNegToken(b []byte) (bool, interface{}, error)
- type ContextFlags
- type MechToken
- type NegTokenInit
- type NegTokenResp
- type NegTokenTarg
- type SPNEGO
Constants ¶
const ( TOK_ID_KRB_AP_REQ = "0100" TOK_ID_KRB_AP_REP = "0200" TOK_ID_KRB_ERROR = "0300" GSS_C_DELEG_FLAG = 1 GSS_C_MUTUAL_FLAG = 2 GSS_C_REPLAY_FLAG = 4 GSS_C_SEQUENCE_FLAG = 8 GSS_C_CONF_FLAG = 16 GSS_C_INTEG_FLAG = 32 )
GSSAPI MechToken IDs and flags.
Variables ¶
var MechTypeOIDKRB5 = asn1.ObjectIdentifier{1, 2, 840, 113554, 1, 2, 2}
MechTypeOIDKRB5 is the MechType OID for Kerberos 5
var MechTypeOIDMSLegacyKRB5 = asn1.ObjectIdentifier{1, 2, 840, 48018, 1, 2, 2}
MechTypeOIDMSLegacyKRB5 is the MechType OID for MS legacy Kerberos 5
var SPNEGO_OID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 2}
SPNEGO_OID is the OID for SPNEGO header type.
Functions ¶
func NewAuthenticator ¶
func NewAuthenticator(creds credentials.Credentials, keyType int, flags []int) (types.Authenticator, error)
NewAuthenticator creates a new kerberos authenticator for kerberos MechToken
func NewKRB5APREQMechToken ¶
func NewKRB5APREQMechToken(creds credentials.Credentials, tkt messages.Ticket, sessionKey types.EncryptionKey) ([]byte, error)
NewKRB5APREQMechToken (DEPRECATED - use NewAPREQMechToken and then call Marshal() on the MechToken instead) creates new kerberos AP_REQ MechToken.
func UnmarshalNegToken ¶
UnmarshalNegToken umarshals and returns either a NegTokenInit or a NegTokenResp.
The boolean indicates if the response is a NegTokenInit. If error is nil and the boolean is false the response is a NegTokenResp.
Types ¶
type ContextFlags ¶
ContextFlags flags for GSSAPI
func NewContextFlags ¶
func NewContextFlags() ContextFlags
NewContextFlags creates a new ContextFlags instance.
type MechToken ¶
type MechToken struct { OID asn1.ObjectIdentifier TokID []byte APReq messages.APReq APRep messages.APRep KRBError messages.KRBError }
MechToken implementation for GSSAPI.
func NewAPREQMechToken ¶
func NewAPREQMechToken(creds credentials.Credentials, tkt messages.Ticket, sessionKey types.EncryptionKey, GSSAPIFlags []int, APOptions []int) (MechToken, error)
NewAPREQMechToken creates new Kerberos AP_REQ MechToken.
func (*MechToken) IsKRBError ¶
IsKRBError tests if the MechToken contains an KRB_ERROR.
type NegTokenInit ¶
type NegTokenInit struct { MechTypes []asn1.ObjectIdentifier `asn1:"explicit,tag:0"` ReqFlags ContextFlags `asn1:"explicit,optional,tag:1"` MechToken []byte `asn1:"explicit,optional,tag:2"` MechTokenMIC []byte `asn1:"explicit,optional,tag:3"` }
NegTokenInit implements Negotiation Token of type Init
func NewNegTokenInitKrb5 ¶
func NewNegTokenInitKrb5(creds credentials.Credentials, tkt messages.Ticket, sessionKey types.EncryptionKey) (NegTokenInit, error)
NewNegTokenInitKrb5 creates new Init negotiation token for Kerberos 5
func (*NegTokenInit) Marshal ¶
func (n *NegTokenInit) Marshal() ([]byte, error)
Marshal an Init negotiation token
type NegTokenResp ¶
type NegTokenResp struct { NegState asn1.Enumerated `asn1:"explicit,tag:0"` SupportedMech asn1.ObjectIdentifier `asn1:"explicit,optional,tag:1"` ResponseToken []byte `asn1:"explicit,optional,tag:2"` MechListMIC []byte `asn1:"explicit,optional,tag:3"` }
NegTokenResp implements Negotiation Token of type Resp/Targ
func (*NegTokenResp) Marshal ¶
func (n *NegTokenResp) Marshal() ([]byte, error)
Marshal a Resp/Targ negotiation token
type NegTokenTarg ¶
type NegTokenTarg NegTokenResp
NegTokenTarg implements Negotiation Token of type Resp/Targ
type SPNEGO ¶
type SPNEGO struct { Init bool Resp bool NegTokenInit NegTokenInit NegTokenResp NegTokenResp }
SPNEGO header struct
func GetSPNEGOKrbNegTokenInit ¶
func GetSPNEGOKrbNegTokenInit(creds credentials.Credentials, tkt messages.Ticket, sessionKey types.EncryptionKey) (SPNEGO, error)
GetSPNEGOKrbNegTokenInit returns an SPNEGO struct containing a NegTokenInit.