gss

package
v0.0.0-...-252e15b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 8, 2015 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	C_DCE_STYLE           = C.GSS_C_DCE_STYLE
	C_IDENTIFY_FLAG       = C.GSS_C_IDENTIFY_FLAG
	C_EXTENDED_ERROR_FLAG = C.GSS_C_EXTENDED_ERROR_FLAG

	// credUsage values passed to AcquireCred(), AddCred(), StoreCred() and related functions.
	C_BOTH     = C.GSS_C_BOTH
	C_INITIATE = C.GSS_C_INITIATE
	C_ACCEPT   = C.GSS_C_ACCEPT

	// statusType values to be passed to DisplayStatus().
	C_GSS_CODE  = C.GSS_C_GSS_CODE
	C_MECH_CODE = C.GSS_C_MECH_CODE

	C_QOP_DEFAULT = C.GSS_C_QOP_DEFAULT

	// The maximum-allowed lifetime value.
	C_INDEFINITE = C.GSS_C_INDEFINITE

	C_CALLING_ERROR_OFFSET = C.GSS_C_CALLING_ERROR_OFFSET
	C_ROUTINE_ERROR_OFFSET = C.GSS_C_ROUTINE_ERROR_OFFSET
	C_SUPPLEMENTARY_OFFSET = C.GSS_C_SUPPLEMENTARY_OFFSET
	C_CALLING_ERROR_MASK   = C.GSS_C_CALLING_ERROR_MASK
	C_ROUTINE_ERROR_MASK   = C.GSS_C_ROUTINE_ERROR_MASK
	C_SUPPLEMENTARY_MASK   = C.GSS_C_SUPPLEMENTARY_MASK

	// Major result codes.
	S_COMPLETE                = C.GSS_S_COMPLETE
	S_CALL_INACCESSIBLE_READ  = C.GSS_S_CALL_INACCESSIBLE_READ
	S_CALL_INACCESSIBLE_WRITE = C.GSS_S_CALL_INACCESSIBLE_WRITE
	S_CALL_BAD_STRUCTURE      = C.GSS_S_CALL_BAD_STRUCTURE
	S_BAD_MECH                = C.GSS_S_BAD_MECH
	S_BAD_NAME                = C.GSS_S_BAD_NAME
	S_BAD_NAMETYPE            = C.GSS_S_BAD_NAMETYPE
	S_BAD_BINDINGS            = C.GSS_S_BAD_BINDINGS
	S_BAD_STATUS              = C.GSS_S_BAD_STATUS
	S_BAD_SIG                 = C.GSS_S_BAD_SIG
	S_NO_CRED                 = C.GSS_S_NO_CRED
	S_NO_CONTEXT              = C.GSS_S_NO_CONTEXT
	S_DEFECTIVE_TOKEN         = C.GSS_S_DEFECTIVE_TOKEN
	S_DEFECTIVE_CREDENTIAL    = C.GSS_S_DEFECTIVE_CREDENTIAL
	S_CREDENTIALS_EXPIRED     = C.GSS_S_CREDENTIALS_EXPIRED
	S_CONTEXT_EXPIRED         = C.GSS_S_CONTEXT_EXPIRED
	S_FAILURE                 = C.GSS_S_FAILURE
	S_BAD_QOP                 = C.GSS_S_BAD_QOP
	S_UNAUTHORIZED            = C.GSS_S_UNAUTHORIZED
	S_UNAVAILABLE             = C.GSS_S_UNAVAILABLE
	S_DUPLICATE_ELEMENT       = C.GSS_S_DUPLICATE_ELEMENT
	S_NAME_NOT_MN             = C.GSS_S_NAME_NOT_MN
	S_BAD_MECH_ATTR           = C.GSS_S_BAD_MECH_ATTR
	S_CONTINUE_NEEDED         = C.GSS_S_CONTINUE_NEEDED
	S_DUPLICATE_TOKEN         = C.GSS_S_DUPLICATE_TOKEN
	S_OLD_TOKEN               = C.GSS_S_OLD_TOKEN
	S_UNSEQ_TOKEN             = C.GSS_S_UNSEQ_TOKEN
	S_GAP_TOKEN               = C.GSS_S_GAP_TOKEN
	S_CRED_UNAVAIL            = C.GSS_S_CRED_UNAVAIL

	// prfKey values to be passed to PseudoRandom()
	C_PRF_KEY_FULL    = C.GSS_C_PRF_KEY_FULL
	C_PRF_KEY_PARTIAL = C.GSS_C_PRF_KEY_PARTIAL
)

Variables

View Source 
var (
	C_INQ_SSPI_SESSION_KEY  = coidToOid(*C.GSS_C_INQ_SSPI_SESSION_KEY)
	C_ATTR_LOCAL_LOGIN_USER = bufferToString(*C.GSS_C_ATTR_LOCAL_LOGIN_USER)
	C_NT_COMPOSITE_EXPORT   = coidToOid(*C.GSS_C_NT_COMPOSITE_EXPORT)

	// Recognized name types.
	C_NT_USER_NAME                 = coidToOid(*C.GSS_C_NT_USER_NAME)
	C_NT_MACHINE_UID_NAME          = coidToOid(*C.GSS_C_NT_MACHINE_UID_NAME)
	C_NT_STRING_UID_NAME           = coidToOid(*C.GSS_C_NT_STRING_UID_NAME)
	C_NT_HOSTBASED_SERVICE_X       = coidToOid(*C.GSS_C_NT_HOSTBASED_SERVICE_X)
	C_NT_HOSTBASED_SERVICE         = coidToOid(*C.GSS_C_NT_HOSTBASED_SERVICE)
	C_NT_ANONYMOUS                 = coidToOid(*C.GSS_C_NT_ANONYMOUS)
	C_NT_EXPORT_NAME               = coidToOid(*C.GSS_C_NT_EXPORT_NAME)
	KRB5_NT_PRINCIPAL_NAME         = coidToOid(*C.GSS_KRB5_NT_PRINCIPAL_NAME)
	KRB5_NT_HOSTBASED_SERVICE_NAME = coidToOid(*C.GSS_KRB5_NT_HOSTBASED_SERVICE_NAME)
	KRB5_NT_USER_NAME              = coidToOid(*C.GSS_KRB5_NT_USER_NAME)
	KRB5_NT_MACHINE_UID_NAME       = coidToOid(*C.GSS_KRB5_NT_MACHINE_UID_NAME)
	KRB5_NT_STRING_UID_NAME        = coidToOid(*C.GSS_KRB5_NT_STRING_UID_NAME)

	// Recognized mechanism attributes.
	C_MA_MECH_CONCRETE  = coidToOid(*C.GSS_C_MA_MECH_CONCRETE)
	C_MA_MECH_PSEUDO    = coidToOid(*C.GSS_C_MA_MECH_PSEUDO)
	C_MA_MECH_COMPOSITE = coidToOid(*C.GSS_C_MA_MECH_COMPOSITE)
	C_MA_MECH_NEGO      = coidToOid(*C.GSS_C_MA_MECH_NEGO)
	C_MA_MECH_GLUE      = coidToOid(*C.GSS_C_MA_MECH_GLUE)
	C_MA_NOT_MECH       = coidToOid(*C.GSS_C_MA_NOT_MECH)
	C_MA_DEPRECATED     = coidToOid(*C.GSS_C_MA_DEPRECATED)
	C_MA_NOT_DFLT_MECH  = coidToOid(*C.GSS_C_MA_NOT_DFLT_MECH)
	C_MA_ITOK_FRAMED    = coidToOid(*C.GSS_C_MA_ITOK_FRAMED)
	C_MA_AUTH_INIT      = coidToOid(*C.GSS_C_MA_AUTH_INIT)
	C_MA_AUTH_TARG      = coidToOid(*C.GSS_C_MA_AUTH_TARG)
	C_MA_AUTH_INIT_INIT = coidToOid(*C.GSS_C_MA_AUTH_INIT_INIT)
	C_MA_AUTH_TARG_INIT = coidToOid(*C.GSS_C_MA_AUTH_TARG_INIT)
	C_MA_AUTH_INIT_ANON = coidToOid(*C.GSS_C_MA_AUTH_INIT_ANON)
	C_MA_AUTH_TARG_ANON = coidToOid(*C.GSS_C_MA_AUTH_TARG_ANON)
	C_MA_DELEG_CRED     = coidToOid(*C.GSS_C_MA_DELEG_CRED)
	C_MA_INTEG_PROT     = coidToOid(*C.GSS_C_MA_INTEG_PROT)
	C_MA_CONF_PROT      = coidToOid(*C.GSS_C_MA_CONF_PROT)
	C_MA_MIC            = coidToOid(*C.GSS_C_MA_MIC)
	C_MA_WRAP           = coidToOid(*C.GSS_C_MA_WRAP)
	C_MA_PROT_READY     = coidToOid(*C.GSS_C_MA_PROT_READY)
	C_MA_REPLAY_DET     = coidToOid(*C.GSS_C_MA_REPLAY_DET)
	C_MA_OOS_DET        = coidToOid(*C.GSS_C_MA_OOS_DET)
	C_MA_CBINDINGS      = coidToOid(*C.GSS_C_MA_CBINDINGS)
	C_MA_PFS            = coidToOid(*C.GSS_C_MA_PFS)
	C_MA_COMPRESS       = coidToOid(*C.GSS_C_MA_COMPRESS)
	C_MA_CTX_TRANS      = coidToOid(*C.GSS_C_MA_CTX_TRANS)

	// Some mechanisms.
	Mech_krb5          = coidToOid(*C.gss_mech_krb5)
	Mech_krb5_old      = coidToOid(*C.gss_mech_krb5_old)
	Mech_krb5_wrong    = coidToOid(*C.gss_mech_krb5_wrong)
	Mech_iakerb        = coidToOid(*C.gss_mech_iakerb)
	Mech_spnego        = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 2}
	Mech_set_krb5      = coidSetToOids(C.gss_mech_set_krb5)
	Mech_set_krb5_old  = coidSetToOids(C.gss_mech_set_krb5_old)
	Mech_set_krb5_both = coidSetToOids(C.gss_mech_set_krb5_both)

	NT_krb5_name      = coidToOid(*C.gss_nt_krb5_name)
	NT_krb5_principal = coidToOid(*C.gss_nt_krb5_principal)
)

Functions

func AcceptSecContext 

func AcceptSecContext(acceptorCredHandle CredHandle, contextHandle *ContextHandle, chanBindings *ChannelBindings, inputToken []byte) (majorStatus, minorStatus uint32, srcName InternalName, mechType asn1.ObjectIdentifier, recFlags Flags, transState, protReadyState bool, lifetimeRec uint32, delegatedCredHandle CredHandle, outputToken []byte)

Accept a security context from a peer, using the specified acceptor credentials, or the default acceptor credentials if acceptorCredHandle is nil. If the returned majorStatus is gss.S_CONTINUE_NEEDED, the function should be called again using the same contextHandle, but with a new token obtained from the peer. This may need to be done an unknown number of times. Any output tokens produced (including when the returned majorStatus is gss.S_COMPLETE) should be sent to the peer. The context is successfully set up when the returned majorStatus is gss.S_COMPLETE. If contextHandle is not nil, it should eventually be freed using gss.DeleteSecContext(). If srcName is not nil, it should eventually be freed using gss.ReleaseName(). If delegatedCredHandle is not nil, it should also be freed.

func AuthorizeLocalname 

func AuthorizeLocalname(name, user InternalName) (majorStatus, minorStatus uint32)

Userok() checks if the entity named by name is authorized to act as local user user.

func CompareName 

func CompareName(name1, name2 InternalName) (majorStatus, minorStatus uint32, nameEqual bool)

CompareName() compares two names to see if they refer to the same entity.

func CompleteAuthToken 

func CompleteAuthToken(contextHandle ContextHandle, inputMessage []byte) (majorStatus, minorStatus uint32)

func ContextTime 

func ContextTime(contextHandle ContextHandle) (majorStatus, minorStatus, lifetimeRec uint32)

ContextTime() returns the amount of time for which an already-established security context will remain valid.

func DeleteNameAttribute 

func DeleteNameAttribute(name InternalName, attribute string) (majorStatus, minorStatus uint32)

DeleteNameAttribute() removes a named attribute for name.

func DeleteSecContext 

func DeleteSecContext(contextHandle ContextHandle) (majorStatus, minorStatus uint32, outputContextToken []byte)

DeleteSecContext() frees resources associated with a security context which is no longer needed. If an outputContextToken is produced, the calling application should attempt to send it to the peer to pass to ProcessContextToken().

func DisplayGSSError 

func DisplayGSSError(when string, major, minor uint32, mech *asn1.ObjectIdentifier)

DisplayError prints error messages associated with the passed-in major and minor error codes.

func DisplayGSSFlags 

func DisplayGSSFlags(flags Flags, complete bool, file io.Writer)

DisplayGSSFlags logs the contents of the passed-in flags.

func DisplayName 

func DisplayName(name InternalName) (majorStatus, minorStatus uint32, nameString string, nameType asn1.ObjectIdentifier)

DisplayName() returns a printable representation of name, along with the type of name that it represents.

func DisplayNameExt 

func DisplayNameExt(name InternalName, displayAsNameType asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, displayName string)

func DisplayStatus 

func DisplayStatus(statusValue uint32, statusType int, mechType asn1.ObjectIdentifier) []interface{}

DisplayStatus() returns a printable representation of a major (C_GSS_CODE) or mechanism-specific minor (C_MECH_CODE) status code.

func ExportCred 

func ExportCred(credHandle CredHandle) (majorStatus, minorStatus uint32, token []byte)

ExportCred() serializes the contents of the credential handle into a portable token. The credHandle is not modified.

func ExportName 

func ExportName(inputName InternalName) (majorStatus, minorStatus uint32, outputName []byte)

ExportName() returns a flat representation of a mechanism-specific inputName that's suitable for bytewise comparison with other exported names.

func ExportNameComposite 

func ExportNameComposite(name InternalName) (majorStatus, minorStatus uint32, compositeName []byte)

func ExportSecContext 

func ExportSecContext(contextHandle ContextHandle) (majorStatus, minorStatus uint32, interProcessToken []byte)

ExportSecContext() serializes all state data related to an established security context. Upon return, contextHandle will have become invalid.

func FlagsToRaw 

func FlagsToRaw(flags Flags) uint32

FlagsToRaw returns the integer representation of the flags structure, as would typically be used by C implementations. It is here mainly to aid in running diagnostics.

func GetMIC 

func GetMIC(contextHandle ContextHandle, qopReq uint32, message []byte) (majorStatus, minorStatus uint32, perMessageToken []byte)

GetMIC() computes a signature over the passed-in message.

func GetNameAttribute 

func GetNameAttribute(name InternalName, attr string, more *int) (majorStatus, minorStatus uint32, authenticated, complete bool, value []byte, displayValue string)

GetNameAttribute() returns a value for the named attribute which is known about name. When called for the first time, more should be set to -1. When the last value of the attribute is returned, more will be set to 0.

func IndicateMechs 

func IndicateMechs() (majorStatus, minorStatus uint32, mechSet []asn1.ObjectIdentifier)

IndicateMechs() returns a list of the available security mechanism types.

func IndicateMechsByAttrs 

func IndicateMechsByAttrs(desiredMechAttrs, exceptMechAttrs, criticalMechAttrs []asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, mechs []asn1.ObjectIdentifier)

IndicateMechsByAttrs() returns a list of security mechanisms, each of which matches at least one of the desiredMechAttrs, none of which match any of the exceptMechAttrs, and all of which match all of the criticalMechAttrs.

func InquireContext 

func InquireContext(contextHandle ContextHandle) (majorStatus, minorStatus uint32, srcName, targName InternalName, lifetimeRec uint32, mechType asn1.ObjectIdentifier, recFlags Flags, transState, protReadyState, locallyInitiated, open bool)

InquireContext() returns information about an already-established security context. The returned srcName and targName values should be released using gss.ReleaseName().

func InquireCredByOid 

func InquireCredByOid(credHandle CredHandle, desiredObject asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, dataSet [][]byte)

func InquireMechsForName 

func InquireMechsForName(inputName InternalName) (majorStatus, minorStatus uint32, mechTypes []asn1.ObjectIdentifier)

InquireMechsForName() returns a list of the mechanisms with which the provided name can be used.

func InquireName 

func InquireName(name InternalName) (majorStatus, minorStatus uint32, nameIsMN bool, mnMech asn1.ObjectIdentifier, attrs []string)

InquireName() returns a list of attributes which are known about name.

func InquireNamesForMech 

func InquireNamesForMech(inputMechType asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, nameTypeSet []asn1.ObjectIdentifier)

InquireNamesForMech() returns a list of the name types which can be used with the specified mechanism.

func InquireSecContextByOid 

func InquireSecContextByOid(contextHandle ContextHandle, desiredObject asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, dataSet [][]byte)

func Krb5ExtractAuthzDataFromSecContext 

func Krb5ExtractAuthzDataFromSecContext(contextHandle ContextHandle, adType int) (majorStatus, minorStatus uint32, adData []byte)

Krb5ExtractAuthzDataFromSecContext() returns the raw bytes of a specific Kerberos auth-data type associated with the established security context's client.

func Krb5RegisterAcceptorIdentity 

func Krb5RegisterAcceptorIdentity(identity string) uint32

Krb5RegisterAcceptorIdentity() sets the location of the keytab which will be used when acting as an acceptor using Kerberos 5 mechanisms.

func Localname 

func Localname(name InternalName, mechType asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, localName string)

Localname() returns the name of a local user who is considered to be the same entity as name.

func MechInvoke 

func MechInvoke(desiredMech, desiredObject asn1.ObjectIdentifier, value *[]byte) (majorStatus, minorStatus uint32)

func NewGSSError 

func NewGSSError(when string, major, minor uint32, mech *asn1.ObjectIdentifier) error

func OidToStr 

func OidToStr(oid asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, text string)

OidToStr() converts an OID to a displayable form preferred by the GSSAPI library, which may differ from the default representation returned by oid's String() method.

func PNameToUid 

func PNameToUid(name InternalName, nmech asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, uid string)

PNameToUid returns a numeric UID corresponding to the entity named by name.

func ProcessContextToken 

func ProcessContextToken(contextHandle ContextHandle, contextToken []byte) (majorStatus, minorStatus uint32)

ProcessContextToken() processes a context token which was created using gss.DeleteSecContext(). It is not usually used, and is included for backward compatibility.

func PseudoRandom 

func PseudoRandom(contextHandle ContextHandle, prfKey int, prfIn []byte, desiredOutputLen int) (majorStatus, minorStatus uint32, prfOut []byte)

PseudoRandom() generates some pseudo-random data using the context handle of the desired level of randomness (either gss.C_PRF_KEY_FULL or gss.C_PRF_KEY_PARTIAL) of the desired size.

func ReleaseCred 

func ReleaseCred(credHandle CredHandle) (majorStatus, minorStatus uint32)

ReleaseCred() releases a credential handle which is no longer needed.

func ReleaseName 

func ReleaseName(inputName InternalName) (majorStatus, minorStatus uint32)

ReleaseName() frees resources associated with an InternalName after it is no longer needed.

func SetCredOption 

func SetCredOption(credHandle *CredHandle, desiredObject asn1.ObjectIdentifier, value []byte) (majorStatus, minorStatus uint32)

func SetNameAttribute 

func SetNameAttribute(name InternalName, complete bool, attribute string, value []byte) (majorStatus, minorStatus uint32)

SetNameAttribute() adds a named attribute value for name.

func SetNegMechs 

func SetNegMechs(credHandle CredHandle, mechSet []asn1.ObjectIdentifier) (majorStatus, minorStatus uint32)

SetNegMechs() sets the list of mechanisms which will be negotiated when using credHandle with the SPNEGO mechanism ("1.3.6.1.5.5.2").

func SetSecContextOption 

func SetSecContextOption(contextHandle *ContextHandle, desiredObject asn1.ObjectIdentifier, value []byte) (majorStatus, minorStatus uint32)

func StoreCred 

func StoreCred(credHandle CredHandle, credUsage uint32, desiredMech asn1.ObjectIdentifier, overwriteCred, defCred bool) (majorStatus, minorStatus uint32, elementsStored []asn1.ObjectIdentifier, credUsageStored uint32)

StoreCred() stores non-nil credentials (for initiator, acceptor, or both) in the current credential store.

func StoreCredInto 

func StoreCredInto(inputCredHandle CredHandle, desiredCredUsage uint32, desiredMech asn1.ObjectIdentifier, overwriteCred, defaultCred bool, credStore [][2]string) (majorStatus, minorStatus uint32, elementsStored []asn1.ObjectIdentifier, credUsage uint32)

StoreCredInto() stores non-nil credentials (for initiator, acceptor, or both) in locations pointed to by the credential store, or the default location if defaultCred is set.

func Unwrap 

func Unwrap(contextHandle ContextHandle, inputMessage []byte) (majorStatus, minorStatus uint32, confState bool, qopState uint32, outputMessage []byte)

Unwrap() accepts an integrity-protected or confidential token and returns the plaintext, along with an indication of whether or not the input token was confidential (encrypted).

func Userok 

func Userok(name InternalName, username string) (ok bool)

Userok() checks if the entity named by name is authorized to act as local user username.

func VerifyMIC 

func VerifyMIC(contextHandle ContextHandle, message, perMessageToken []byte) (majorStatus, minorStatus, qopState uint32)

VerifyMIC() checks a passed-in signature over a passed-in message.

func Wrap 

func Wrap(contextHandle ContextHandle, confReq bool, qopReq uint32, inputMessage []byte) (majorStatus, minorStatus uint32, confState bool, outputMessage []byte)

Wrap() produces either an integrity-protected or confidential token containing the passed-in inputMessage.

func WrapSizeLimit 

func WrapSizeLimit(contextHandle ContextHandle, confReqFlag bool, qopReq uint32, outputSize uint32) (majorStatus, minorStatus, maxInputSize uint32)

WrapSizeLimit() returns the maximum size of plaintext which the underlying mechanism can accept if it must guarantee that wrapped tokens must be less than or equal to outputSize bytes.

Types

type ChannelBindings 

type ChannelBindings struct {
	// These four fields are deprecated.
	//initiatorAddressType uint32
	//acceptorAddressType          uint32
	//initiatorAddress []byte
	//acceptorAddress []byte
	ApplicationData []byte
}

type ContextHandle 

type ContextHandle C.gss_ctx_id_t

CredHandle holds a reference to an established or partially-established security context. It should be released using gss.DeleteSecContext() when it's no longer needed.

func ImportSecContext 

func ImportSecContext(interprocessToken []byte) (majorStatus, minorStatus uint32, contextHandle ContextHandle)

ImportSecContext() deserializes all state data related to an established security context and reconstructs it. The returned contextHandle can be used immediately, and should eventually be freed using gss.DeleteSecContext().

type CredHandle 

type CredHandle C.gss_cred_id_t

CredHandle holds a reference to client or server credentials, or delegated credentials. It should be released using gss.ReleaseCred() when it's no longer needed.

func AcquireCred 

func AcquireCred(desiredName InternalName, lifetimeReq uint32, desiredMechs []asn1.ObjectIdentifier, credUsage uint32) (majorStatus, minorStatus uint32, outputCredHandle CredHandle, actualMechs []asn1.ObjectIdentifier, lifetimeRec uint32)

AcquireCred() obtains credentials to be used to either initiate or accept (or both) a security context as desiredName. The returned outputCredHandle should be released using gss.ReleaseCred() when it's no longer needed.

func AcquireCredFrom 

func AcquireCredFrom(desiredName InternalName, timeReq uint32, desiredMechs []asn1.ObjectIdentifier, desiredCredUsage uint32, credStore [][2]string) (majorStatus, minorStatus uint32, outputCredHandle CredHandle, actualMechs []asn1.ObjectIdentifier, timeRec uint32)

AcquireCredFrom() obtains credentials to be used to either initiate or accept (or both) a security context as desiredName using information pointed to by the credStore. The returned outputCredHandle should be released using gss.ReleaseCred() when it's no longer needed.

func AcquireCredImpersonateName 

func AcquireCredImpersonateName(impersonatorCredHandle CredHandle, desiredName InternalName, timeReq uint32, desiredMechs []asn1.ObjectIdentifier, credUsage uint32) (majorStatus, minorStatus uint32, outputCredHandle CredHandle, actualMechs []asn1.ObjectIdentifier, timeRec uint32)

AcquireCredImpersonateName() uses impersonatorCredHandle to acquire credentials which can be used to impersonate desiredName and returns a new outputCredHandle.

func AcquireCredWithPassword 

func AcquireCredWithPassword(desiredName InternalName, password []byte, timeReq uint32, desiredMechs []asn1.ObjectIdentifier, credUsage uint32) (majorStatus, minorStatus uint32, credHandle CredHandle, actualMechs []asn1.ObjectIdentifier, timeRec uint32)

AcquireCredWithPassword() uses a password to obtain credentials to act as desiredName as an initiator, as an acceptor, or as both. The returned credHandle should eventually be freed using gss.ReleaseCred().

func AddCred 

func AddCred(credHandle CredHandle, desiredName InternalName, desiredMech asn1.ObjectIdentifier, initiatorTimeReq, acceptorTimeReq, credUsage uint32, outputCredHandle CredHandle) (majorStatus, minorStatus uint32, outputCredHandleRec CredHandle, actualMechs []asn1.ObjectIdentifier, initiatorTimeRec, acceptorTimeRec uint32)

AddCred() obtains credentials specific to a particular mechanism, optionally merging them with already-obtained credentials (if outputCredHandle is not nil) or storing them in an entirely new credential handle.

func AddCredFrom 

func AddCredFrom(inputCredHandle CredHandle, desiredName InternalName, desiredMech asn1.ObjectIdentifier, desiredCredUsage, initiatorTimeReq, acceptorTimeReq uint32, outputCredHandle CredHandle, credStore [][2]string) (majorStatus, minorStatus uint32, outputCredHandleRec CredHandle, actualMechs []asn1.ObjectIdentifier, initiatorTimeRec, acceptorTimeRec uint32)

AddCredFrom() obtains credentials specific to a particular mechanism using information pointed to by credStore, optionally merging them with already-obtained credentials (if outputCredHandle is not nil) or storing them in a new credential handle which should eventually be freed using gss.ReleaseCred().

func AddCredImpersonateName 

func AddCredImpersonateName(inputCredHandle, impersonatorCredHandle CredHandle, desiredName InternalName, desiredMech asn1.ObjectIdentifier, credUsage, initiatorTimeReq, acceptorTimeReq uint32, outputCredHandle CredHandle) (majorStatus, minorStatus uint32, outputCredHandleRec CredHandle, actualMechs []asn1.ObjectIdentifier, initiatorTimeRec, acceptorTimeRec uint32)

AddCredImpersonateName() uses impersonatorCredHandle to acquire credentials which can be used to impersonate desiredName, merging them with outputCredHandle (if non-nil), or creating an entirely new credential handle, returning them in outputCredHandleRec.

func ImportCred 

func ImportCred(token []byte) (majorStatus, minorStatus uint32, credHandle CredHandle)

ImportCred() constructs a credential handle using the contents of the passed-in token. The returned credHandle should eventually be freed using gss.ReleaseCred().

type Flags 

type Flags struct {
	Deleg, DelegPolicy, Mutual, Replay, Sequence, Anon, Conf, Integ, Trans, ProtReady bool
}

Flags describe requested parameters for a context passed to InitSecContext(), or the parameters of an established context as returned by AcceptSecContext() or InquireContext().

func InitSecContext 

func InitSecContext(claimantCredHandle CredHandle, contextHandle *ContextHandle, targName InternalName, mechType asn1.ObjectIdentifier, reqFlags Flags, lifetimeReq uint32, chanBindings *ChannelBindings, inputToken []byte) (majorStatus, minorStatus uint32, mechTypeRec asn1.ObjectIdentifier, outputToken []byte, recFlags Flags, transState, protReadyState bool, lifetimeRec uint32)

Initialize a security context with a peer named by targName, optionally specifying a requested GSSAPI mechanism. If the application expects to use confidentiality or integrity-checking functionality, they should be specified in reqFlags. If the returned majorStatus is gss.S_CONTINUE_NEEDED, the function should be called again using the same contextHandle, but with a new token obtained from the peer. This may need to be done an unknown number of times. Any output tokens produced (including when the returned majorStatus is gss.S_COMPLETE) should be sent to the peer. The context is successfully set up when the returned majorStatus is gss.S_COMPLETE. If contextHandle is not nil, it should eventually be freed using gss.DeleteSecContext().

type InternalName 

type InternalName C.gss_name_t

CredHandle holds a reference to a client or server's name. It should be released using gss.ReleaseName() when it's no longer needed.

func CanonicalizeName 

func CanonicalizeName(inputName InternalName, mechType asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, outputName InternalName)

CanonicalizeName() returns a copy of inputName that has been canonicalized according to the rules for the specified mechanism. The returned outputName should eventually be freed using gss.ReleaseName().

func DuplicateName 

func DuplicateName(inputName InternalName) (majorStatus, minorStatus uint32, destName InternalName)

DuplicateName() returns a copy of inputName which will eventually need to be freed using gss.ReleaseName().

func ImportName 

func ImportName(inputName string, nameType asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, outputName InternalName)

ImportName() creates an InternalName from an external representation and name type, which is often gss.C_NT_USER_NAME or gss.C_NT_HOSTBASED_SERVICE. The returned outputName should eventually be freed by calling gss.ReleaseName().

func InquireCred 

func InquireCred(credHandle CredHandle) (majorStatus, minorStatus uint32, credName InternalName, lifetimeRec, credUsage uint32, mechSet []asn1.ObjectIdentifier)

InquireCred() reads information about a credential handle, or about the default acceptor credentials if credHandle is nil. The returned credName should be released using gss.ReleaseName() when it's no longer needed.

func InquireCredByMech 

func InquireCredByMech(credHandle CredHandle, mechType asn1.ObjectIdentifier) (majorStatus, minorStatus uint32, credName InternalName, initiatorLifetimeRec, acceptorLifetimeRec, credUsage uint32)

InquireCredByMech() obtains information about mechanism-specific credentials. The returned credName is a mechanism-specific name, and should be released using gss.ReleaseName() when it's no longer needed.

Source Files

View all Source files

Directories

Path Synopsis
http

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.