gssapi

package
v2.1.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2017 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package gssapi implements Generic Security Services Application Program Interface required for SPNEGO kerberos authentication.

Index

Constants

View Source
const (
	TOK_ID_KRB_AP_REQ = "0100"
	TOK_ID_KRB_AP_REP = "0200"
	TOK_ID_KRB_ERROR  = "0300"

	GSS_C_DELEG_FLAG    = 1
	GSS_C_MUTUAL_FLAG   = 2
	GSS_C_REPLAY_FLAG   = 4
	GSS_C_SEQUENCE_FLAG = 8
	GSS_C_CONF_FLAG     = 16
	GSS_C_INTEG_FLAG    = 32
)

GSSAPI MechToken IDs and flags.

Variables

View Source
var MechTypeOIDKRB5 = asn1.ObjectIdentifier{1, 2, 840, 113554, 1, 2, 2}

MechTypeOIDKRB5 is the MechType OID for Kerberos 5

View Source
var MechTypeOIDMSLegacyKRB5 = asn1.ObjectIdentifier{1, 2, 840, 48018, 1, 2, 2}

MechTypeOIDMSLegacyKRB5 is the MechType OID for MS legacy Kerberos 5

View Source
var SPNEGO_OID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 2}

SPNEGO_OID is the OID for SPNEGO header type.

Functions

func NewAuthenticator

func NewAuthenticator(creds credentials.Credentials, keyType int, flags []int) (types.Authenticator, error)

NewAuthenticator creates a new kerberos authenticator for kerberos MechToken

func NewKRB5APREQMechToken

func NewKRB5APREQMechToken(creds credentials.Credentials, tkt messages.Ticket, sessionKey types.EncryptionKey) ([]byte, error)

NewKRB5APREQMechToken (DEPRECATED - use NewAPREQMechToken and then call Marshal() on the MechToken instead) creates new kerberos AP_REQ MechToken.

func UnmarshalNegToken

func UnmarshalNegToken(b []byte) (bool, interface{}, error)

UnmarshalNegToken umarshals and returns either a NegTokenInit or a NegTokenResp.

The boolean indicates if the response is a NegTokenInit. If error is nil and the boolean is false the response is a NegTokenResp.

Types

type ContextFlags

type ContextFlags asn1.BitString

ContextFlags flags for GSSAPI

func NewContextFlags

func NewContextFlags() ContextFlags

NewContextFlags creates a new ContextFlags instance.

type MechToken

type MechToken struct {
	OID      asn1.ObjectIdentifier
	TokID    []byte
	APReq    messages.APReq
	APRep    messages.APRep
	KRBError messages.KRBError
}

MechToken implementation for GSSAPI.

func NewAPREQMechToken

func NewAPREQMechToken(creds credentials.Credentials, tkt messages.Ticket, sessionKey types.EncryptionKey, GSSAPIFlags []int, APOptions []int) (MechToken, error)

NewAPREQMechToken creates new Kerberos AP_REQ MechToken.

func (*MechToken) IsAPRep

func (m *MechToken) IsAPRep() bool

IsAPRep tests if the MechToken contains an AP_REP.

func (*MechToken) IsAPReq

func (m *MechToken) IsAPReq() bool

IsAPReq tests if the MechToken contains an AP_REQ.

func (*MechToken) IsKRBError

func (m *MechToken) IsKRBError() bool

IsKRBError tests if the MechToken contains an KRB_ERROR.

func (*MechToken) Marshal

func (m *MechToken) Marshal() ([]byte, error)

Marshal a MechToken into a slice of bytes.

func (*MechToken) Unmarshal

func (m *MechToken) Unmarshal(b []byte) error

Unmarshal a MechToken.

type NegTokenInit

type NegTokenInit struct {
	MechTypes    []asn1.ObjectIdentifier `asn1:"explicit,tag:0"`
	ReqFlags     ContextFlags            `asn1:"explicit,optional,tag:1"`
	MechToken    []byte                  `asn1:"explicit,optional,tag:2"`
	MechTokenMIC []byte                  `asn1:"explicit,optional,tag:3"`
}

NegTokenInit implements Negotiation Token of type Init

func NewNegTokenInitKrb5

func NewNegTokenInitKrb5(creds credentials.Credentials, tkt messages.Ticket, sessionKey types.EncryptionKey) (NegTokenInit, error)

NewNegTokenInitKrb5 creates new Init negotiation token for Kerberos 5

func (*NegTokenInit) Marshal

func (n *NegTokenInit) Marshal() ([]byte, error)

Marshal an Init negotiation token

type NegTokenResp

type NegTokenResp struct {
	NegState      asn1.Enumerated       `asn1:"explicit,tag:0"`
	SupportedMech asn1.ObjectIdentifier `asn1:"explicit,optional,tag:1"`
	ResponseToken []byte                `asn1:"explicit,optional,tag:2"`
	MechListMIC   []byte                `asn1:"explicit,optional,tag:3"`
}

NegTokenResp implements Negotiation Token of type Resp/Targ

func (*NegTokenResp) Marshal

func (n *NegTokenResp) Marshal() ([]byte, error)

Marshal a Resp/Targ negotiation token

type NegTokenTarg

type NegTokenTarg NegTokenResp

NegTokenTarg implements Negotiation Token of type Resp/Targ

type SPNEGO

type SPNEGO struct {
	Init         bool
	Resp         bool
	NegTokenInit NegTokenInit
	NegTokenResp NegTokenResp
}

SPNEGO header struct

func GetSPNEGOKrbNegTokenInit

func GetSPNEGOKrbNegTokenInit(creds credentials.Credentials, tkt messages.Ticket, sessionKey types.EncryptionKey) (SPNEGO, error)

GetSPNEGOKrbNegTokenInit returns an SPNEGO struct containing a NegTokenInit.

func (*SPNEGO) Marshal

func (s *SPNEGO) Marshal() ([]byte, error)

Marshal SPNEGO negotiation token

func (*SPNEGO) Unmarshal

func (s *SPNEGO) Unmarshal(b []byte) error

Unmarshal SPNEGO negotiation token

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL