krb5

package module
v0.0.0-...-f3a4e20 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2017 License: Apache-2.0 Imports: 5 Imported by: 1

Documentation

Overview

Package krb5 is a set of Go bindings to the MIT Kerberos library.

Index

Constants

View Source 
const (
	APOptsUseSessionKey  = C.AP_OPTS_USE_SESSION_KEY
	APOptsMutualRequired = C.AP_OPTS_MUTUAL_REQUIRED
	APOptsUseSubkey      = C.AP_OPTS_USE_SUBKEY
)
View Source 
const (
	KEYUSAGE_AS_REQ_PA_ENC_TS         = C.KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS
	KEYUSAGE_KDC_REP_TICKET           = C.KRB5_KEYUSAGE_KDC_REP_TICKET
	KEYUSAGE_AS_REP_ENCPART           = C.KRB5_KEYUSAGE_AS_REP_ENCPART
	KEYUSAGE_TGS_REQ_AD_SESSKEY       = C.KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY
	KEYUSAGE_TGS_REQ_AD_SUBKEY        = C.KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY
	KEYUSAGE_TGS_REQ_AUTH_CKSUM       = C.KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM
	KEYUSAGE_TGS_REQ_AUTH             = C.KRB5_KEYUSAGE_TGS_REQ_AUTH
	KEYUSAGE_TGS_REP_ENCPART_SESSKEY  = C.KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY
	KEYUSAGE_TGS_REP_ENCPART_SUBKEY   = C.KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY
	KEYUSAGE_AP_REQ_AUTH_CKSUM        = C.KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM
	KEYUSAGE_AP_REQ_AUTH              = C.KRB5_KEYUSAGE_AP_REQ_AUTH
	KEYUSAGE_AP_REP_ENCPART           = C.KRB5_KEYUSAGE_AP_REP_ENCPART
	KEYUSAGE_KRB_PRIV_ENCPART         = C.KRB5_KEYUSAGE_KRB_PRIV_ENCPART
	KEYUSAGE_KRB_CRED_ENCPART         = C.KRB5_KEYUSAGE_KRB_CRED_ENCPART
	KEYUSAGE_KRB_SAFE_CKSUM           = C.KRB5_KEYUSAGE_KRB_SAFE_CKSUM
	KEYUSAGE_APP_DATA_ENCRYPT         = C.KRB5_KEYUSAGE_APP_DATA_ENCRYPT
	KEYUSAGE_APP_DATA_CKSUM           = C.KRB5_KEYUSAGE_APP_DATA_CKSUM
	KEYUSAGE_KRB_ERROR_CKSUM          = C.KRB5_KEYUSAGE_KRB_ERROR_CKSUM
	KEYUSAGE_AD_KDCISSUED_CKSUM       = C.KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM
	KEYUSAGE_AD_MTE                   = C.KRB5_KEYUSAGE_AD_MTE
	KEYUSAGE_AD_ITE                   = C.KRB5_KEYUSAGE_AD_ITE
	KEYUSAGE_GSS_TOK_MIC              = C.KRB5_KEYUSAGE_GSS_TOK_MIC
	KEYUSAGE_GSS_TOK_WRAP_INTEG       = C.KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG
	KEYUSAGE_GSS_TOK_WRAP_PRIV        = C.KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV
	KEYUSAGE_PA_SAM_CHALLENGE_CKSUM   = C.KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM
	KEYUSAGE_PA_SAM_CHALLENGE_TRACKID = C.KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID
	KEYUSAGE_PA_SAM_RESPONSE          = C.KRB5_KEYUSAGE_PA_SAM_RESPONSE
	KEYUSAGE_PA_REFERRAL              = C.KRB5_KEYUSAGE_PA_REFERRAL
	KEYUSAGE_PA_S4U_X509_USER_REQUEST = C.KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST
	KEYUSAGE_PA_S4U_X509_USER_REPLY   = C.KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY
	KEYUSAGE_AD_SIGNEDPATH            = C.KRB5_KEYUSAGE_AD_SIGNEDPATH
	KEYUSAGE_IAKERB_FINISHED          = C.KRB5_KEYUSAGE_IAKERB_FINISHED
	KEYUSAGE_PA_PKINIT_KX             = C.KRB5_KEYUSAGE_PA_PKINIT_KX
	KEYUSAGE_FAST_REQ_CHKSUM          = C.KRB5_KEYUSAGE_FAST_REQ_CHKSUM
	KEYUSAGE_FAST_ENC                 = C.KRB5_KEYUSAGE_FAST_ENC
	KEYUSAGE_FAST_REP                 = C.KRB5_KEYUSAGE_FAST_REP
	KEYUSAGE_FAST_FINISHED            = C.KRB5_KEYUSAGE_FAST_FINISHED
	KEYUSAGE_ENC_CHALLENGE_CLIENT     = C.KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT
	KEYUSAGE_ENC_CHALLENGE_KDC        = C.KRB5_KEYUSAGE_ENC_CHALLENGE_KDC
	KEYUSAGE_AS_REQ                   = C.KRB5_KEYUSAGE_AS_REQ
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AddrType 

type AddrType int32
const (
	AddrTypeINET     AddrType = C.ADDRTYPE_INET
	AddrTypeChaos    AddrType = C.ADDRTYPE_CHAOS
	AddrTypeXNS      AddrType = C.ADDRTYPE_XNS
	AddrTypeISO      AddrType = C.ADDRTYPE_ISO
	AddrTypeDDP      AddrType = C.ADDRTYPE_DDP
	AddrTypeNetBIOS  AddrType = C.ADDRTYPE_NETBIOS
	AddrTypeINET6    AddrType = C.ADDRTYPE_INET6
	AddrTypeAddrPort AddrType = C.ADDRTYPE_ADDRPORT
	AddrTypeIPPort   AddrType = C.ADDRTYPE_IPPORT
)

func (AddrType) String 

func (a AddrType) String() string

type Address 

type Address struct {
	Type     AddrType
	Contents []byte
}

An Address is a value type that includes a krb5 address. These are basically unused.

type AuthContext 

type AuthContext struct {
	// contains filtered or unexported fields
}

func (*AuthContext) Free 

func (ac *AuthContext) Free()

func (*AuthContext) MakeRequest 

func (ac *AuthContext) MakeRequest(
	cred *Credential, options int32, data []byte) ([]byte, error)

func (*AuthContext) ReadRequest 

func (ac *AuthContext) ReadRequest(
	request []byte, server *Principal, keytab *KeyTab) error

TODO(davidben): Return ap_req_options and ticket output parameters?

func (*AuthContext) SaveSequenceNumbers 

func (ac *AuthContext) SaveSequenceNumbers() bool

func (*AuthContext) SaveTimestamps 

func (ac *AuthContext) SaveTimestamps() bool

func (*AuthContext) SessionKey 

func (ac *AuthContext) SessionKey() (*KeyBlock, error)

func (*AuthContext) SetSaveSequenceNumbers 

func (ac *AuthContext) SetSaveSequenceNumbers(value bool)

func (*AuthContext) SetSaveTimestamps 

func (ac *AuthContext) SetSaveTimestamps(value bool)

func (*AuthContext) SetUseSequenceNumbers 

func (ac *AuthContext) SetUseSequenceNumbers(value bool)

func (*AuthContext) SetUseTimestamps 

func (ac *AuthContext) SetUseTimestamps(value bool)

func (*AuthContext) UseSequenceNumbers 

func (ac *AuthContext) UseSequenceNumbers() bool

func (*AuthContext) UseTimestamps 

func (ac *AuthContext) UseTimestamps() bool

type AuthData 

type AuthData struct {
	Type     int32
	Contents []byte
}

An AuthData is a value type that contains a Kerberos authorization data.

type CCache 

type CCache struct {
	// contains filtered or unexported fields
}

A CCache is a wrapper over a krb5_ccache object, a handle to a Kerberos credential cache.

func (*CCache) Close 

func (cc *CCache) Close() error

Close releases resources associated with a ccache.

func (*CCache) FullName 

func (cc *CCache) FullName() string

FullName returns the full name of the ccache.

func (*CCache) Name 

func (cc *CCache) Name() string

Name returns the name of the ccache.

func (*CCache) Principal 

func (cc *CCache) Principal() (*Principal, error)

Principal returns the default principal of the ccache.

func (*CCache) Type 

func (cc *CCache) Type() string

Type returns the type of the ccache.

type Checksum 

type Checksum struct {
	SumType  SumType
	Contents []byte
}

A Checksum is a value type containing a checksum generated from a Kerberos key.

type Context 

type Context struct {
	// contains filtered or unexported fields
}

A Context wraps a krb5_context and is passed in to most functions.

func NewContext 

func NewContext() (*Context, error)

NewContext creates a new Context with default parameters. It must be released with Free.

func (*Context) DefaultCCache 

func (ctx *Context) DefaultCCache() (*CCache, error)

DefaultCCache opens the default ccache for a context. The ccache must be released with Close.

func (*Context) DefaultKeyTab 

func (ctx *Context) DefaultKeyTab() (*KeyTab, error)

DefaultKeyTab opens the default keytab. It must be released by calling Close.

func (*Context) DefaultRealm 

func (ctx *Context) DefaultRealm() (string, error)

DefaultRealm returns the default realm associated with a context.

func (*Context) ErrorMessage 

func (ctx *Context) ErrorMessage(code int32) string

ErrorMessage returns the error message for a given error code.

func (*Context) Free 

func (ctx *Context) Free()

Free releases resources associated with a context.

func (*Context) GetCredential 

func (ctx *Context) GetCredential(
	cc *CCache, client *Principal, service *Principal) (*Credential, error)

TODO(davidben): Expose more of these options.

func (*Context) GetInitialCredentialWithKeyTab 

func (ctx *Context) GetInitialCredentialWithKeyTab(
	kt *KeyTab, client *Principal, service *Principal) (*Credential, error)

TODO(davidben): Write a second version with more options.

func (*Context) GetInitialCredentialWithPassword 

func (ctx *Context) GetInitialCredentialWithPassword(
	pw string, client *Principal, service *Principal) (*Credential, error)

func (*Context) MakeChecksum 

func (ctx *Context) MakeChecksum(sumType SumType, key *KeyBlock, usage int32, input []byte) (*Checksum, error)

MakeChecksum generates a checksum for the input keyed by a supplied key.

func (*Context) MakeRandomKey 

func (ctx *Context) MakeRandomKey(encType EncType) (*KeyBlock, error)

MakeRandomKey generates a random key for a given enctype.

func (*Context) MakeRequest 

func (ctx *Context) MakeRequest(
	cred *Credential, options int32, data []byte) ([]byte, error)

Convenience function

func (*Context) NewAuthContext 

func (ctx *Context) NewAuthContext() (*AuthContext, error)

func (*Context) OpenCCache 

func (ctx *Context) OpenCCache(name string) (*CCache, error)

OpenCCache opens a given ccache. It must be released with Close.

func (*Context) OpenKeyTab 

func (ctx *Context) OpenKeyTab(name string) (*KeyTab, error)

OpenKeyTab opens a keytab. It must be released by calling Close.

func (*Context) ParseName 

func (ctx *Context) ParseName(name string) (*Principal, error)

ParseName parses a string into a Principal, taking into account the context's default realm.

func (*Context) ResetDefaultRealm 

func (ctx *Context) ResetDefaultRealm()

ResetDefaultRealm resets the default realm to the system default one.

func (*Context) SetDefaultRealm 

func (ctx *Context) SetDefaultRealm(realm string)

SetDefaultRealm overrides the default realm.

func (*Context) VerifyChecksum 

func (ctx *Context) VerifyChecksum(key *KeyBlock, usage int32, data []byte, checksum *Checksum) (bool, error)

VerifyChecksum verifies a checksum given a key and parameters.

type Credential 

type Credential struct {
	Client       *Principal
	Server       *Principal
	KeyBlock     *KeyBlock
	AuthTimeRaw  int32
	StartTimeRaw int32
	EndTimeRaw   int32
	RenewTillRaw int32
	IsSkey       bool
	Flags        int32
	Addresses    []Address
	Ticket       []byte
	SecondTicket []byte
	AuthData     []AuthData
}

A Credential is a value type containing a Kerberos credential.

func (*Credential) AuthTime 

func (c *Credential) AuthTime() time.Time

AuthTime returns the authentication time of the ticket.

func (*Credential) EndTime 

func (c *Credential) EndTime() time.Time

EndTime returns the end time of the ticket.

func (*Credential) HasRenewTill 

func (c *Credential) HasRenewTill() bool

HasRenewTill returns whether the credential specifies a renew time.

func (*Credential) HasStartTime 

func (c *Credential) HasStartTime() bool

HasStartTime returns whether the credential specifies a start time.

func (*Credential) RenewTill 

func (c *Credential) RenewTill() time.Time

RenewTill returns the renew limit of the ticket, falling back to the end time if not specified.

func (*Credential) StartTime 

func (c *Credential) StartTime() time.Time

StartTime returns the start time of the ticket, falling back to the authentication time if not specified.

type EncType 

type EncType int32
const (
	ENCTYPE_NULL                    EncType = C.ENCTYPE_NULL
	ENCTYPE_DES_CBC_CRC             EncType = C.ENCTYPE_DES_CBC_CRC
	ENCTYPE_DES_CBC_MD4             EncType = C.ENCTYPE_DES_CBC_MD4
	ENCTYPE_DES_CBC_MD5             EncType = C.ENCTYPE_DES_CBC_MD5
	ENCTYPE_DES_CBC_RAW             EncType = C.ENCTYPE_DES_CBC_RAW
	ENCTYPE_DES3_CBC_SHA            EncType = C.ENCTYPE_DES3_CBC_SHA
	ENCTYPE_DES3_CBC_RAW            EncType = C.ENCTYPE_DES3_CBC_RAW
	ENCTYPE_DES_HMAC_SHA1           EncType = C.ENCTYPE_DES_HMAC_SHA1
	ENCTYPE_DSA_SHA1_CMS            EncType = C.ENCTYPE_DSA_SHA1_CMS
	ENCTYPE_MD5_RSA_CMS             EncType = C.ENCTYPE_MD5_RSA_CMS
	ENCTYPE_SHA1_RSA_CMS            EncType = C.ENCTYPE_SHA1_RSA_CMS
	ENCTYPE_RC2_CBC_ENV             EncType = C.ENCTYPE_RC2_CBC_ENV
	ENCTYPE_RSA_ENV                 EncType = C.ENCTYPE_RSA_ENV
	ENCTYPE_RSA_ES_OAEP_ENV         EncType = C.ENCTYPE_RSA_ES_OAEP_ENV
	ENCTYPE_DES3_CBC_ENV            EncType = C.ENCTYPE_DES3_CBC_ENV
	ENCTYPE_DES3_CBC_SHA1           EncType = C.ENCTYPE_DES3_CBC_SHA1
	ENCTYPE_AES128_CTS_HMAC_SHA1_96 EncType = C.ENCTYPE_AES128_CTS_HMAC_SHA1_96
	ENCTYPE_AES256_CTS_HMAC_SHA1_96 EncType = C.ENCTYPE_AES256_CTS_HMAC_SHA1_96
	ENCTYPE_ARCFOUR_HMAC            EncType = C.ENCTYPE_ARCFOUR_HMAC
	ENCTYPE_ARCFOUR_HMAC_EXP        EncType = C.ENCTYPE_ARCFOUR_HMAC_EXP
	ENCTYPE_UNKNOWN                 EncType = C.ENCTYPE_UNKNOWN
)

func (EncType) String 

func (e EncType) String() string

type Error 

type Error struct {
	// contains filtered or unexported fields
}

An Error is a krb5 library error. It may internally have an associated context.

func (*Error) Error 

func (err *Error) Error() string

Error implements the error interface. It returns the error from obtained from krb5.

func (*Error) ErrorCode 

func (err *Error) ErrorCode() int32

ErrorCode returns the C error code for this library.

type KeyBlock 

type KeyBlock struct {
	EncType  EncType
	Contents []byte
}

A KeyBlock is a value type containing a Kerberos key. TODO(davidben): Wrap krb5_key if the performance is ever relevant.

type KeyTab 

type KeyTab struct {
	// contains filtered or unexported fields
}

A KeyTab wraps a krb5_keytab.

func (*KeyTab) AddEntry 

func (kt *KeyTab) AddEntry(kte *KeyTabEntry) error

AddEntry adds a given entry to a keytab.

func (*KeyTab) Close 

func (kt *KeyTab) Close() error

Close releases resources associated with a keytab.

func (*KeyTab) GetEntry 

func (kt *KeyTab) GetEntry(princ *Principal, vno uint, enctype EncType) (*KeyTabEntry, error)

GetEntry queries a keytab for an entry matching some parameters.

func (*KeyTab) RemoveEntry 

func (kt *KeyTab) RemoveEntry(kte *KeyTabEntry) error

RemoveEntry removes a keytab entry from a keytab.

func (*KeyTab) Type 

func (kt *KeyTab) Type() string

Type returns the type of a keytab.

type KeyTabEntry 

type KeyTabEntry struct {
	Principal    *Principal
	TimestampRaw int32
	Version      uint
	Key          *KeyBlock
}

A KeyTabEntry is a value type containing an entry from a KeyTab.

type NameType 

type NameType int32
const (
	NT_UNKNOWN              NameType = C.KRB5_NT_UNKNOWN
	NT_PRINCIPAL            NameType = C.KRB5_NT_PRINCIPAL
	NT_SRV_INST             NameType = C.KRB5_NT_SRV_INST
	NT_SRV_HST              NameType = C.KRB5_NT_SRV_HST
	NT_SRV_XHST             NameType = C.KRB5_NT_SRV_XHST
	NT_UID                  NameType = C.KRB5_NT_UID
	NT_X500_PRINCIPAL       NameType = C.KRB5_NT_X500_PRINCIPAL
	NT_SMTP_NAME            NameType = C.KRB5_NT_SMTP_NAME
	NT_ENTERPRISE_PRINCIPAL NameType = C.KRB5_NT_ENTERPRISE_PRINCIPAL
	NT_WELLKNOWN            NameType = C.KRB5_NT_WELLKNOWN
	NT_MS_PRINCIPAL         NameType = C.KRB5_NT_MS_PRINCIPAL
	NT_MS_PRINCIPAL_AND_ID  NameType = C.KRB5_NT_MS_PRINCIPAL_AND_ID
	NT_ENT_PRINCIPAL_AND_ID NameType = C.KRB5_NT_ENT_PRINCIPAL_AND_ID
)

func (NameType) String 

func (n NameType) String() string

type Principal 

type Principal struct {
	Type  NameType
	Realm string
	Data  []string
}

A Principal is a value type representing a Kerberos principal.

func (*Principal) String 

func (p *Principal) String() string

String returns the serialized form of a principal.

type SumType 

type SumType int32
const (
	SUMTYPE_DEFAULT             SumType = 0
	SUMTYPE_CRC32               SumType = C.CKSUMTYPE_CRC32
	SUMTYPE_RSA_MD4             SumType = C.CKSUMTYPE_RSA_MD4
	SUMTYPE_RSA_MD4_DES         SumType = C.CKSUMTYPE_RSA_MD4_DES
	SUMTYPE_DESCBC              SumType = C.CKSUMTYPE_DESCBC
	SUMTYPE_RSA_MD5             SumType = C.CKSUMTYPE_RSA_MD5
	SUMTYPE_RSA_MD5_DES         SumType = C.CKSUMTYPE_RSA_MD5_DES
	SUMTYPE_NIST_SHA            SumType = C.CKSUMTYPE_NIST_SHA
	SUMTYPE_HMAC_SHA1_DES3      SumType = C.CKSUMTYPE_HMAC_SHA1_DES3
	SUMTYPE_HMAC_SHA1_96_AES128 SumType = C.CKSUMTYPE_HMAC_SHA1_96_AES128
	SUMTYPE_HMAC_SHA1_96_AES256 SumType = C.CKSUMTYPE_HMAC_SHA1_96_AES256
	SUMTYPE_MD5_HMAC_ARCFOUR    SumType = C.CKSUMTYPE_MD5_HMAC_ARCFOUR
	SUMTYPE_HMAC_MD5_ARCFOUR    SumType = C.CKSUMTYPE_HMAC_MD5_ARCFOUR
)

func (SumType) IsCollisionProof 

func (s SumType) IsCollisionProof() bool

func (SumType) IsKeyed 

func (s SumType) IsKeyed() bool

func (SumType) String 

func (s SumType) String() string

Source Files

View all Source files

Directories

Path Synopsis
Package krb5test contains test vectors for fake davidben and zephyr/zephyr credentials.
 Package krb5test contains test vectors for fake davidben and zephyr/zephyr credentials.
samples
ccache-to-credential
keytab-to-credential

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.