negotiate

package

v0.0.0-...-1a75b47 Latest Latest Go to latest Published: Oct 16, 2023 License: BSD-3-Clause Imports: 7 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/alexbrainman/sspi

Links

Open Source Insights

Documentation ¶

Rendered for windows/amd64

Overview ¶

Package negotiate provides access to the Microsoft Negotiate SSP Package.

Index ¶

Variables
func AcquireCurrentUserCredentials() (*sspi.Credentials, error)
func AcquireServerCredentials(principalName string) (*sspi.Credentials, error)
func AcquireUserCredentials(domain, username, password string) (*sspi.Credentials, error)
func GetPackageInfo() (*sspi.PackageInfo, error)
type ClientContext
- func NewClientContext(cred *sspi.Credentials, targetName string) (cc *ClientContext, outputToken []byte, err error)
- func NewClientContextWithFlags(cred *sspi.Credentials, targetName string, flags uint32) (cc *ClientContext, outputToken []byte, err error)
type ServerContext
- func NewServerContext(cred *sspi.Credentials, token []byte) (sc *ServerContext, authDone bool, outputToken []byte, err error)

Constants ¶

This section is empty.

Variables ¶

View Source

var PackageInfo *sspi.PackageInfo

PackageInfo contains the Negotiate SSP package description.

It's initialized best-effort during init. During early boot it may not yet be loaded & available and thus this will be nil.

Deprecated: use GetPackageInfo instead.

Functions ¶

func AcquireCurrentUserCredentials ¶

func AcquireCurrentUserCredentials() (*sspi.Credentials, error)

AcquireCurrentUserCredentials acquires credentials of currently logged on user. These will be used by the client to authenticate itself to the server. It will also be used by the server to impersonate the user.

func AcquireServerCredentials ¶

func AcquireServerCredentials(principalName string) (*sspi.Credentials, error)

AcquireServerCredentials acquires server credentials that will be used to authenticate clients. The principalName parameter is passed to the underlying call to the winapi AcquireCredentialsHandle function (and specifies the name of the principal whose credentials the underlying handle will reference). As a special case, using an empty string for the principal name will require the credential of the user under whose security context the current process is running.

func AcquireUserCredentials ¶

func AcquireUserCredentials(domain, username, password string) (*sspi.Credentials, error)

AcquireUserCredentials acquires credentials of user described by domain, username and password. These will be used by the client to authenticate itself to the server. It will also be used by the server to impersonate the user.

func GetPackageInfo ¶

func GetPackageInfo() (*sspi.PackageInfo, error)

GetPackageInfo returns the Negotiate SSP package description.

Types ¶

type ClientContext ¶

type ClientContext struct {
	// contains filtered or unexported fields
}

ClientContext is used by the client to manage all steps of Negotiate negotiation.

func NewClientContext ¶

func NewClientContext(cred *sspi.Credentials, targetName string) (cc *ClientContext, outputToken []byte, err error)

NewClientContext creates a new client context. It uses client credentials cred generated by AcquireCurrentUserCredentials or AcquireUserCredentials and SPN to start a client Negotiate negotiation sequence. targetName is the service principal name (SPN) or the security context of the destination server. NewClientContext returns a new token to be sent to the server.

func NewClientContextWithFlags ¶

func NewClientContextWithFlags(cred *sspi.Credentials, targetName string, flags uint32) (cc *ClientContext, outputToken []byte, err error)

NewClientContextWithFlags creates a new client context. It uses client credentials cred generated by AcquireCurrentUserCredentials or AcquireUserCredentials and SPN to start a client Negotiate negotiation sequence. targetName is the service principal name (SPN) or the security context of the destination server. The flags parameter is used to indicate requests for the context (for example sspi.ISC_REQ_CONFIDENTIALITY|sspi.ISC_REQ_REPLAY_DETECT) NewClientContextWithFlags returns a new token to be sent to the server.

func (*ClientContext) DecryptMessage ¶

func (c *ClientContext) DecryptMessage(msg []byte, seqno uint32) (uint32, []byte, error)

DecryptMessage uses the established client context to decrypt a message using the provided sequence number. It returns the quality of protection flag and the decrypted message in addition to any error.

func (*ClientContext) EncryptMessage ¶

func (c *ClientContext) EncryptMessage(msg []byte, qop, seqno uint32) ([]byte, error)

EncryptMessage uses the established client context to encrypt a message using the provided quality of protection flags and sequence number. It returns the signature token in addition to any error. IMPORTANT: the input msg parameter is updated in place by the low-level windows api so must be copied if the initial content should not be modified.

func (*ClientContext) Expiry ¶

func (c *ClientContext) Expiry() time.Time

Expiry returns c expiry time.

func (*ClientContext) MakeSignature ¶

func (c *ClientContext) MakeSignature(msg []byte, qop, seqno uint32) ([]byte, error)

MakeSignature uses the established client context to create a signature for the given message using the provided quality of protection flags and sequence number. It returns the signature token in addition to any error.

func (*ClientContext) Release ¶

func (c *ClientContext) Release() error

Release free up resources associated with client context c.

func (*ClientContext) Sizes ¶

func (c *ClientContext) Sizes() (uint32, uint32, uint32, uint32, error)

Sizes queries the client context for the sizes used in per-message functions. It returns the maximum token size used in authentication exchanges, the maximum signature size, the preferred integral size of messages, the size of any security trailer, and any error.

func (*ClientContext) Update ¶

func (c *ClientContext) Update(token []byte) (authCompleted bool, outputToken []byte, err error)

Update advances client part of Negotiate negotiation c. It uses token received from the server and returns true if client part of authentication is complete. It also returns new token to be sent to the server.

func (*ClientContext) VerifyFlags ¶

func (c *ClientContext) VerifyFlags() error

VerifyFlags determines if all flags used to construct the client context were honored (see NewClientContextWithFlags). It should be called after c.Update.

func (*ClientContext) VerifySelectiveFlags ¶

func (c *ClientContext) VerifySelectiveFlags(flags uint32) error

VerifySelectiveFlags determines if the given flags were honored (see NewClientContextWithFlags). It should be called after c.Update.

func (*ClientContext) VerifySignature ¶

func (c *ClientContext) VerifySignature(msg, token []byte, seqno uint32) (uint32, error)

VerifySignature uses the established client context and signature token to check that the provided message hasn't been tampered or received out of sequence. It returns any quality of protection flags and any error that occurred.

type ServerContext ¶

type ServerContext struct {
	// contains filtered or unexported fields
}

ServerContext is used by the server to manage all steps of Negotiate negotiation. Once authentication is completed the context can be used to impersonate client.

func NewServerContext ¶

func NewServerContext(cred *sspi.Credentials, token []byte) (sc *ServerContext, authDone bool, outputToken []byte, err error)

NewServerContext creates new server context. It uses server credentials created by AcquireServerCredentials and token from the client to start server Negotiate negotiation sequence. It also returns new token to be sent to the client.

func (*ServerContext) DecryptMessage ¶

func (c *ServerContext) DecryptMessage(msg []byte, seqno uint32) (uint32, []byte, error)

DecryptMessage uses the established server context to decrypt a message using the provided sequence number. It returns the quality of protection flag and the decrypted message in addition to any error.

func (*ServerContext) EncryptMessage ¶

func (c *ServerContext) EncryptMessage(msg []byte, qop, seqno uint32) ([]byte, error)

EncryptMessage uses the established server context to encrypt a message using the provided quality of protection flags and sequence number. It returns the signature token in addition to any error. IMPORTANT: the input msg parameter is updated in place by the low-level windows api so must be copied if the initial content should not be modified.

func (*ServerContext) Expiry ¶

func (c *ServerContext) Expiry() time.Time

Expiry returns c expiry time.

func (*ServerContext) GetUsername ¶

func (c *ServerContext) GetUsername() (string, error)

GetUsername returns the username corresponding to the authenticated client

func (*ServerContext) ImpersonateUser ¶

func (c *ServerContext) ImpersonateUser() error

ImpersonateUser changes current OS thread user. New user is the user as specified by client credentials.

func (*ServerContext) MakeSignature ¶

func (c *ServerContext) MakeSignature(msg []byte, qop, seqno uint32) ([]byte, error)

MakeSignature uses the established server context to create a signature for the given message using the provided quality of protection flags and sequence number. It returns the signature token in addition to any error.

func (*ServerContext) Release ¶

func (c *ServerContext) Release() error

Release free up resources associated with server context c.

func (*ServerContext) RevertToSelf ¶

func (c *ServerContext) RevertToSelf() error

RevertToSelf stops impersonation. It changes current OS thread user to what it was before ImpersonateUser was executed.

func (*ServerContext) Sizes ¶

func (c *ServerContext) Sizes() (uint32, uint32, uint32, uint32, error)

Sizes queries the server context for the sizes used in per-message functions. It returns the maximum token size used in authentication exchanges, the maximum signature size, the preferred integral size of messages, the size of any security trailer, and any error.

func (*ServerContext) Update ¶

func (c *ServerContext) Update(token []byte) (authCompleted bool, outputToken []byte, err error)

Update advances server part of Negotiate negotiation c. It uses token received from the client and returns true if server part of authentication is complete. It also returns new token to be sent to the client.

func (*ServerContext) VerifySignature ¶

func (c *ServerContext) VerifySignature(msg, token []byte, seqno uint32) (uint32, error)

VerifySignature uses the established server context and signature token to check that the provided message hasn't been tampered or received out of sequence. It returns any quality of protection flags and any error that occurred.

Source Files ¶

View all Source files

negotiate.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL