Documentation ¶
Overview ¶
Package krb5 is a set of Go bindings to the MIT Kerberos library.
Index ¶
- Constants
- type AddrType
- type Address
- type AuthContext
- func (ac *AuthContext) Free()
- func (ac *AuthContext) MakeRequest(cred *Credential, options int32, data []byte) ([]byte, error)
- func (ac *AuthContext) ReadRequest(request []byte, server *Principal, keytab *KeyTab) error
- func (ac *AuthContext) SaveSequenceNumbers() bool
- func (ac *AuthContext) SaveTimestamps() bool
- func (ac *AuthContext) SessionKey() (*KeyBlock, error)
- func (ac *AuthContext) SetSaveSequenceNumbers(value bool)
- func (ac *AuthContext) SetSaveTimestamps(value bool)
- func (ac *AuthContext) SetUseSequenceNumbers(value bool)
- func (ac *AuthContext) SetUseTimestamps(value bool)
- func (ac *AuthContext) UseSequenceNumbers() bool
- func (ac *AuthContext) UseTimestamps() bool
- type AuthData
- type CCache
- type Checksum
- type Context
- func (ctx *Context) DefaultCCache() (*CCache, error)
- func (ctx *Context) DefaultKeyTab() (*KeyTab, error)
- func (ctx *Context) DefaultRealm() (string, error)
- func (ctx *Context) ErrorMessage(code int32) string
- func (ctx *Context) Free()
- func (ctx *Context) GetCredential(cc *CCache, client *Principal, service *Principal) (*Credential, error)
- func (ctx *Context) GetInitialCredentialWithKeyTab(kt *KeyTab, client *Principal, service *Principal) (*Credential, error)
- func (ctx *Context) GetInitialCredentialWithPassword(pw string, client *Principal, service *Principal) (*Credential, error)
- func (ctx *Context) MakeChecksum(sumType SumType, key *KeyBlock, usage int32, input []byte) (*Checksum, error)
- func (ctx *Context) MakeRandomKey(encType EncType) (*KeyBlock, error)
- func (ctx *Context) MakeRequest(cred *Credential, options int32, data []byte) ([]byte, error)
- func (ctx *Context) NewAuthContext() (*AuthContext, error)
- func (ctx *Context) OpenCCache(name string) (*CCache, error)
- func (ctx *Context) OpenKeyTab(name string) (*KeyTab, error)
- func (ctx *Context) ParseName(name string) (*Principal, error)
- func (ctx *Context) ResetDefaultRealm()
- func (ctx *Context) SetDefaultRealm(realm string)
- func (ctx *Context) VerifyChecksum(key *KeyBlock, usage int32, data []byte, checksum *Checksum) (bool, error)
- type Credential
- type EncType
- type Error
- type KeyBlock
- type KeyTab
- type KeyTabEntry
- type NameType
- type Principal
- type SumType
Constants ¶
const ( APOptsUseSessionKey = C.AP_OPTS_USE_SESSION_KEY APOptsMutualRequired = C.AP_OPTS_MUTUAL_REQUIRED APOptsUseSubkey = C.AP_OPTS_USE_SUBKEY )
const ( KEYUSAGE_AS_REQ_PA_ENC_TS = C.KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS KEYUSAGE_KDC_REP_TICKET = C.KRB5_KEYUSAGE_KDC_REP_TICKET KEYUSAGE_AS_REP_ENCPART = C.KRB5_KEYUSAGE_AS_REP_ENCPART KEYUSAGE_TGS_REQ_AD_SESSKEY = C.KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY KEYUSAGE_TGS_REQ_AD_SUBKEY = C.KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY KEYUSAGE_TGS_REQ_AUTH_CKSUM = C.KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM KEYUSAGE_TGS_REQ_AUTH = C.KRB5_KEYUSAGE_TGS_REQ_AUTH KEYUSAGE_TGS_REP_ENCPART_SESSKEY = C.KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY KEYUSAGE_TGS_REP_ENCPART_SUBKEY = C.KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY KEYUSAGE_AP_REQ_AUTH_CKSUM = C.KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM KEYUSAGE_AP_REQ_AUTH = C.KRB5_KEYUSAGE_AP_REQ_AUTH KEYUSAGE_AP_REP_ENCPART = C.KRB5_KEYUSAGE_AP_REP_ENCPART KEYUSAGE_KRB_PRIV_ENCPART = C.KRB5_KEYUSAGE_KRB_PRIV_ENCPART KEYUSAGE_KRB_CRED_ENCPART = C.KRB5_KEYUSAGE_KRB_CRED_ENCPART KEYUSAGE_KRB_SAFE_CKSUM = C.KRB5_KEYUSAGE_KRB_SAFE_CKSUM KEYUSAGE_APP_DATA_ENCRYPT = C.KRB5_KEYUSAGE_APP_DATA_ENCRYPT KEYUSAGE_APP_DATA_CKSUM = C.KRB5_KEYUSAGE_APP_DATA_CKSUM KEYUSAGE_KRB_ERROR_CKSUM = C.KRB5_KEYUSAGE_KRB_ERROR_CKSUM KEYUSAGE_AD_KDCISSUED_CKSUM = C.KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM KEYUSAGE_AD_MTE = C.KRB5_KEYUSAGE_AD_MTE KEYUSAGE_AD_ITE = C.KRB5_KEYUSAGE_AD_ITE KEYUSAGE_GSS_TOK_MIC = C.KRB5_KEYUSAGE_GSS_TOK_MIC KEYUSAGE_GSS_TOK_WRAP_INTEG = C.KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG KEYUSAGE_GSS_TOK_WRAP_PRIV = C.KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV KEYUSAGE_PA_SAM_CHALLENGE_CKSUM = C.KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM KEYUSAGE_PA_SAM_CHALLENGE_TRACKID = C.KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID KEYUSAGE_PA_SAM_RESPONSE = C.KRB5_KEYUSAGE_PA_SAM_RESPONSE KEYUSAGE_PA_REFERRAL = C.KRB5_KEYUSAGE_PA_REFERRAL KEYUSAGE_PA_S4U_X509_USER_REQUEST = C.KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST KEYUSAGE_PA_S4U_X509_USER_REPLY = C.KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY KEYUSAGE_AD_SIGNEDPATH = C.KRB5_KEYUSAGE_AD_SIGNEDPATH KEYUSAGE_IAKERB_FINISHED = C.KRB5_KEYUSAGE_IAKERB_FINISHED KEYUSAGE_PA_PKINIT_KX = C.KRB5_KEYUSAGE_PA_PKINIT_KX KEYUSAGE_FAST_REQ_CHKSUM = C.KRB5_KEYUSAGE_FAST_REQ_CHKSUM KEYUSAGE_FAST_ENC = C.KRB5_KEYUSAGE_FAST_ENC KEYUSAGE_FAST_REP = C.KRB5_KEYUSAGE_FAST_REP KEYUSAGE_FAST_FINISHED = C.KRB5_KEYUSAGE_FAST_FINISHED KEYUSAGE_ENC_CHALLENGE_CLIENT = C.KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT KEYUSAGE_ENC_CHALLENGE_KDC = C.KRB5_KEYUSAGE_ENC_CHALLENGE_KDC KEYUSAGE_AS_REQ = C.KRB5_KEYUSAGE_AS_REQ )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddrType ¶
type AddrType int32
const ( AddrTypeINET AddrType = C.ADDRTYPE_INET AddrTypeChaos AddrType = C.ADDRTYPE_CHAOS AddrTypeXNS AddrType = C.ADDRTYPE_XNS AddrTypeISO AddrType = C.ADDRTYPE_ISO AddrTypeDDP AddrType = C.ADDRTYPE_DDP AddrTypeNetBIOS AddrType = C.ADDRTYPE_NETBIOS AddrTypeINET6 AddrType = C.ADDRTYPE_INET6 AddrTypeAddrPort AddrType = C.ADDRTYPE_ADDRPORT AddrTypeIPPort AddrType = C.ADDRTYPE_IPPORT )
type AuthContext ¶
type AuthContext struct {
// contains filtered or unexported fields
}
func (*AuthContext) Free ¶
func (ac *AuthContext) Free()
func (*AuthContext) MakeRequest ¶
func (ac *AuthContext) MakeRequest( cred *Credential, options int32, data []byte) ([]byte, error)
func (*AuthContext) ReadRequest ¶
func (ac *AuthContext) ReadRequest( request []byte, server *Principal, keytab *KeyTab) error
TODO(davidben): Return ap_req_options and ticket output parameters?
func (*AuthContext) SaveSequenceNumbers ¶
func (ac *AuthContext) SaveSequenceNumbers() bool
func (*AuthContext) SaveTimestamps ¶
func (ac *AuthContext) SaveTimestamps() bool
func (*AuthContext) SessionKey ¶
func (ac *AuthContext) SessionKey() (*KeyBlock, error)
func (*AuthContext) SetSaveSequenceNumbers ¶
func (ac *AuthContext) SetSaveSequenceNumbers(value bool)
func (*AuthContext) SetSaveTimestamps ¶
func (ac *AuthContext) SetSaveTimestamps(value bool)
func (*AuthContext) SetUseSequenceNumbers ¶
func (ac *AuthContext) SetUseSequenceNumbers(value bool)
func (*AuthContext) SetUseTimestamps ¶
func (ac *AuthContext) SetUseTimestamps(value bool)
func (*AuthContext) UseSequenceNumbers ¶
func (ac *AuthContext) UseSequenceNumbers() bool
func (*AuthContext) UseTimestamps ¶
func (ac *AuthContext) UseTimestamps() bool
type CCache ¶
type CCache struct {
// contains filtered or unexported fields
}
A CCache is a wrapper over a krb5_ccache object, a handle to a Kerberos credential cache.
type Context ¶
type Context struct {
// contains filtered or unexported fields
}
A Context wraps a krb5_context and is passed in to most functions.
func NewContext ¶
NewContext creates a new Context with default parameters. It must be released with Free.
func (*Context) DefaultCCache ¶
DefaultCCache opens the default ccache for a context. The ccache must be released with Close.
func (*Context) DefaultKeyTab ¶
DefaultKeyTab opens the default keytab. It must be released by calling Close.
func (*Context) DefaultRealm ¶
DefaultRealm returns the default realm associated with a context.
func (*Context) ErrorMessage ¶
ErrorMessage returns the error message for a given error code.
func (*Context) Free ¶
func (ctx *Context) Free()
Free releases resources associated with a context.
func (*Context) GetCredential ¶
func (ctx *Context) GetCredential( cc *CCache, client *Principal, service *Principal) (*Credential, error)
TODO(davidben): Expose more of these options.
func (*Context) GetInitialCredentialWithKeyTab ¶
func (ctx *Context) GetInitialCredentialWithKeyTab( kt *KeyTab, client *Principal, service *Principal) (*Credential, error)
TODO(davidben): Write a second version with more options.
func (*Context) GetInitialCredentialWithPassword ¶
func (*Context) MakeChecksum ¶
func (ctx *Context) MakeChecksum(sumType SumType, key *KeyBlock, usage int32, input []byte) (*Checksum, error)
MakeChecksum generates a checksum for the input keyed by a supplied key.
func (*Context) MakeRandomKey ¶
MakeRandomKey generates a random key for a given enctype.
func (*Context) MakeRequest ¶
Convenience function
func (*Context) NewAuthContext ¶
func (ctx *Context) NewAuthContext() (*AuthContext, error)
func (*Context) OpenCCache ¶
OpenCCache opens a given ccache. It must be released with Close.
func (*Context) OpenKeyTab ¶
OpenKeyTab opens a keytab. It must be released by calling Close.
func (*Context) ParseName ¶
ParseName parses a string into a Principal, taking into account the context's default realm.
func (*Context) ResetDefaultRealm ¶
func (ctx *Context) ResetDefaultRealm()
ResetDefaultRealm resets the default realm to the system default one.
func (*Context) SetDefaultRealm ¶
SetDefaultRealm overrides the default realm.
type Credential ¶
type Credential struct { Client *Principal Server *Principal KeyBlock *KeyBlock AuthTimeRaw int32 StartTimeRaw int32 EndTimeRaw int32 RenewTillRaw int32 IsSkey bool Flags int32 Addresses []Address Ticket []byte SecondTicket []byte AuthData []AuthData }
A Credential is a value type containing a Kerberos credential.
func (*Credential) AuthTime ¶
func (c *Credential) AuthTime() time.Time
AuthTime returns the authentication time of the ticket.
func (*Credential) EndTime ¶
func (c *Credential) EndTime() time.Time
EndTime returns the end time of the ticket.
func (*Credential) HasRenewTill ¶
func (c *Credential) HasRenewTill() bool
HasRenewTill returns whether the credential specifies a renew time.
func (*Credential) HasStartTime ¶
func (c *Credential) HasStartTime() bool
HasStartTime returns whether the credential specifies a start time.
func (*Credential) RenewTill ¶
func (c *Credential) RenewTill() time.Time
RenewTill returns the renew limit of the ticket, falling back to the end time if not specified.
func (*Credential) StartTime ¶
func (c *Credential) StartTime() time.Time
StartTime returns the start time of the ticket, falling back to the authentication time if not specified.
type EncType ¶
type EncType int32
const ( ENCTYPE_NULL EncType = C.ENCTYPE_NULL ENCTYPE_DES_CBC_CRC EncType = C.ENCTYPE_DES_CBC_CRC ENCTYPE_DES_CBC_MD4 EncType = C.ENCTYPE_DES_CBC_MD4 ENCTYPE_DES_CBC_MD5 EncType = C.ENCTYPE_DES_CBC_MD5 ENCTYPE_DES_CBC_RAW EncType = C.ENCTYPE_DES_CBC_RAW ENCTYPE_DES3_CBC_SHA EncType = C.ENCTYPE_DES3_CBC_SHA ENCTYPE_DES3_CBC_RAW EncType = C.ENCTYPE_DES3_CBC_RAW ENCTYPE_DES_HMAC_SHA1 EncType = C.ENCTYPE_DES_HMAC_SHA1 ENCTYPE_DSA_SHA1_CMS EncType = C.ENCTYPE_DSA_SHA1_CMS ENCTYPE_MD5_RSA_CMS EncType = C.ENCTYPE_MD5_RSA_CMS ENCTYPE_SHA1_RSA_CMS EncType = C.ENCTYPE_SHA1_RSA_CMS ENCTYPE_RC2_CBC_ENV EncType = C.ENCTYPE_RC2_CBC_ENV ENCTYPE_RSA_ENV EncType = C.ENCTYPE_RSA_ENV ENCTYPE_RSA_ES_OAEP_ENV EncType = C.ENCTYPE_RSA_ES_OAEP_ENV ENCTYPE_DES3_CBC_ENV EncType = C.ENCTYPE_DES3_CBC_ENV ENCTYPE_DES3_CBC_SHA1 EncType = C.ENCTYPE_DES3_CBC_SHA1 ENCTYPE_AES128_CTS_HMAC_SHA1_96 EncType = C.ENCTYPE_AES128_CTS_HMAC_SHA1_96 ENCTYPE_AES256_CTS_HMAC_SHA1_96 EncType = C.ENCTYPE_AES256_CTS_HMAC_SHA1_96 ENCTYPE_ARCFOUR_HMAC EncType = C.ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_EXP EncType = C.ENCTYPE_ARCFOUR_HMAC_EXP ENCTYPE_UNKNOWN EncType = C.ENCTYPE_UNKNOWN )
type Error ¶
type Error struct {
// contains filtered or unexported fields
}
An Error is a krb5 library error. It may internally have an associated context.
type KeyBlock ¶
A KeyBlock is a value type containing a Kerberos key. TODO(davidben): Wrap krb5_key if the performance is ever relevant.
type KeyTab ¶
type KeyTab struct {
// contains filtered or unexported fields
}
A KeyTab wraps a krb5_keytab.
func (*KeyTab) AddEntry ¶
func (kt *KeyTab) AddEntry(kte *KeyTabEntry) error
AddEntry adds a given entry to a keytab.
func (*KeyTab) RemoveEntry ¶
func (kt *KeyTab) RemoveEntry(kte *KeyTabEntry) error
RemoveEntry removes a keytab entry from a keytab.
type KeyTabEntry ¶
A KeyTabEntry is a value type containing an entry from a KeyTab.
type NameType ¶
type NameType int32
const ( NT_UNKNOWN NameType = C.KRB5_NT_UNKNOWN NT_PRINCIPAL NameType = C.KRB5_NT_PRINCIPAL NT_SRV_INST NameType = C.KRB5_NT_SRV_INST NT_SRV_HST NameType = C.KRB5_NT_SRV_HST NT_SRV_XHST NameType = C.KRB5_NT_SRV_XHST NT_UID NameType = C.KRB5_NT_UID NT_X500_PRINCIPAL NameType = C.KRB5_NT_X500_PRINCIPAL NT_SMTP_NAME NameType = C.KRB5_NT_SMTP_NAME NT_ENTERPRISE_PRINCIPAL NameType = C.KRB5_NT_ENTERPRISE_PRINCIPAL NT_WELLKNOWN NameType = C.KRB5_NT_WELLKNOWN NT_MS_PRINCIPAL NameType = C.KRB5_NT_MS_PRINCIPAL NT_MS_PRINCIPAL_AND_ID NameType = C.KRB5_NT_MS_PRINCIPAL_AND_ID NT_ENT_PRINCIPAL_AND_ID NameType = C.KRB5_NT_ENT_PRINCIPAL_AND_ID )
type SumType ¶
type SumType int32
const ( SUMTYPE_DEFAULT SumType = 0 SUMTYPE_CRC32 SumType = C.CKSUMTYPE_CRC32 SUMTYPE_RSA_MD4 SumType = C.CKSUMTYPE_RSA_MD4 SUMTYPE_RSA_MD4_DES SumType = C.CKSUMTYPE_RSA_MD4_DES SUMTYPE_DESCBC SumType = C.CKSUMTYPE_DESCBC SUMTYPE_RSA_MD5 SumType = C.CKSUMTYPE_RSA_MD5 SUMTYPE_RSA_MD5_DES SumType = C.CKSUMTYPE_RSA_MD5_DES SUMTYPE_NIST_SHA SumType = C.CKSUMTYPE_NIST_SHA SUMTYPE_HMAC_SHA1_DES3 SumType = C.CKSUMTYPE_HMAC_SHA1_DES3 SUMTYPE_HMAC_SHA1_96_AES128 SumType = C.CKSUMTYPE_HMAC_SHA1_96_AES128 SUMTYPE_HMAC_SHA1_96_AES256 SumType = C.CKSUMTYPE_HMAC_SHA1_96_AES256 SUMTYPE_MD5_HMAC_ARCFOUR SumType = C.CKSUMTYPE_MD5_HMAC_ARCFOUR SUMTYPE_HMAC_MD5_ARCFOUR SumType = C.CKSUMTYPE_HMAC_MD5_ARCFOUR )
func (SumType) IsCollisionProof ¶
Directories ¶
Path | Synopsis |
---|---|
Package krb5test contains test vectors for fake davidben and zephyr/zephyr credentials.
|
Package krb5test contains test vectors for fake davidben and zephyr/zephyr credentials. |
samples
|
|