client

package
v8.4.3-0...-3c20c31 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 26, 2020 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Overview

Package client provides a client library and methods for Kerberos 5 authentication.

Index

Constants

View Source
const (
	KRB5_KPASSWD_SUCCESS             = 0
	KRB5_KPASSWD_MALFORMED           = 1
	KRB5_KPASSWD_HARDERROR           = 2
	KRB5_KPASSWD_AUTHERROR           = 3
	KRB5_KPASSWD_SOFTERROR           = 4
	KRB5_KPASSWD_ACCESSDENIED        = 5
	KRB5_KPASSWD_BAD_VERSION         = 6
	KRB5_KPASSWD_INITIAL_FLAG_NEEDED = 7
)

Kpasswd server response codes.

Variables

This section is empty.

Functions

func AssumePreAuthentication

func AssumePreAuthentication(b bool) func(*Settings)

AssumePreAuthentication used to configure the client to assume pre-authentication is required.

s := NewSettings(AssumePreAuthentication(true))

func DisablePAFXFAST

func DisablePAFXFAST(b bool) func(*Settings)

DisablePAFXFAST used to configure the client to not use PA_FX_FAST.

s := NewSettings(DisablePAFXFAST(true))

func Logger

func Logger(l *log.Logger) func(*Settings)

Logger used to configure client with a logger.

s := NewSettings(kt, Logger(l))

Types

type Cache

type Cache struct {
	Entries map[string]CacheEntry
	// contains filtered or unexported fields
}

Cache for service tickets held by the client.

func NewCache

func NewCache() *Cache

NewCache creates a new client ticket cache instance.

func (*Cache) JSON

func (c *Cache) JSON() (string, error)

JSON returns information about the cached service tickets in a JSON format.

func (*Cache) RemoveEntry

func (c *Cache) RemoveEntry(spn string)

RemoveEntry removes the cache entry for the defined SPN.

type CacheEntry

type CacheEntry struct {
	SPN        string
	Ticket     messages.Ticket `json:"-"`
	AuthTime   time.Time
	StartTime  time.Time
	EndTime    time.Time
	RenewTill  time.Time
	SessionKey types.EncryptionKey `json:"-"`
}

CacheEntry holds details for a cache entry.

type Client

type Client struct {
	Credentials *credentials.Credentials
	Config      *config.Config
	// contains filtered or unexported fields
}

Client side configuration and state.

func NewFromCCache

func NewFromCCache(c *credentials.CCache, krb5conf *config.Config, settings ...func(*Settings)) (*Client, error)

NewFromCCache create a client from a populated client cache.

WARNING: A client created from CCache does not automatically renew TGTs and a failure will occur after the TGT expires.

func NewWithKeytab

func NewWithKeytab(username, realm string, kt *keytab.Keytab, krb5conf *config.Config, settings ...func(*Settings)) *Client

NewWithKeytab creates a new client from a keytab credential.

func NewWithPassword

func NewWithPassword(username, realm, password string, krb5conf *config.Config, settings ...func(*Settings)) *Client

NewWithPassword creates a new client from a password credential. Set the realm to empty string to use the default realm from config.

func (*Client) ASExchange

func (cl *Client) ASExchange(realm string, ASReq messages.ASReq, referral int) (messages.ASRep, error)

ASExchange performs an AS exchange for the client to retrieve a TGT.

func (*Client) AffirmLogin

func (cl *Client) AffirmLogin() error

AffirmLogin will only perform an AS exchange with the KDC if the client does not already have a TGT.

func (*Client) ChangePasswd

func (cl *Client) ChangePasswd(newPasswd string) (bool, error)

ChangePasswd changes the password of the client to the value provided.

func (*Client) Destroy

func (cl *Client) Destroy()

Destroy stops the auto-renewal of all sessions and removes the sessions and cache entries from the client.

func (*Client) Diagnostics

func (cl *Client) Diagnostics(w io.Writer) error

Diagnostics runs a set of checks that the client is properly configured and writes details to the io.Writer provided.

func (*Client) GetCachedTicket

func (cl *Client) GetCachedTicket(spn string) (messages.Ticket, types.EncryptionKey, bool)

GetCachedTicket returns a ticket from the cache for the SPN. Only a ticket that is currently valid will be returned.

func (*Client) GetServiceTicket

func (cl *Client) GetServiceTicket(spn string) (messages.Ticket, types.EncryptionKey, error)

GetServiceTicket makes a request to get a service ticket for the SPN specified SPN format: <SERVICE>/<FQDN> Eg. HTTP/www.example.com The ticket will be added to the client's ticket cache

func (*Client) IsConfigured

func (cl *Client) IsConfigured() (bool, error)

IsConfigured indicates if the client has the values required set.

func (*Client) Key

func (cl *Client) Key(etype etype.EType, kvno int, krberr *messages.KRBError) (types.EncryptionKey, int, error)

Key returns the client's encryption key for the specified encryption type and its kvno (kvno of zero will find latest). The key can be retrieved either from the keytab or generated from the client's password. If the client has both a keytab and a password defined the keytab is favoured as the source for the key A KRBError can be passed in the event the KDC returns one of type KDC_ERR_PREAUTH_REQUIRED and is required to derive the key for pre-authentication from the client's password. If a KRBError is not available, pass nil to this argument.

func (*Client) Log

func (cl *Client) Log(format string, v ...interface{})

Log will write to the service's logger if it is configured.

func (*Client) Login

func (cl *Client) Login() error

Login the client with the KDC via an AS exchange.

func (*Client) Print

func (cl *Client) Print(w io.Writer)

Print writes the details of the client to the io.Writer provided.

func (*Client) TGSExchange

func (cl *Client) TGSExchange(tgsReq messages.TGSReq, kdcRealm string, tgt messages.Ticket, sessionKey types.EncryptionKey, referral int) (messages.TGSReq, messages.TGSRep, error)

TGSExchange exchanges the provided TGS_REQ with the KDC to retrieve a TGS_REP. Referrals are automatically handled. The client's cache is updated with the ticket received.

func (*Client) TGSREQGenerateAndExchange

func (cl *Client) TGSREQGenerateAndExchange(spn types.PrincipalName, kdcRealm string, tgt messages.Ticket, sessionKey types.EncryptionKey, renewal bool) (tgsReq messages.TGSReq, tgsRep messages.TGSRep, err error)

TGSREQGenerateAndExchange generates the TGS_REQ and performs a TGS exchange to retrieve a ticket to the specified SPN.

func (*Client) WriteCCache

func (cl *Client) WriteCCache(file io.Writer) error

WriteCCache writes the credential and cached tickets out to a file as a credential cache. This can then be read in by MIT or heimdal kerberos.

type Settings

type Settings struct {
	// contains filtered or unexported fields
}

Settings holds optional client settings.

func NewSettings

func NewSettings(settings ...func(*Settings)) *Settings

NewSettings creates a new client settings struct.

func (*Settings) AssumePreAuthentication

func (s *Settings) AssumePreAuthentication() bool

AssumePreAuthentication indicates if the client should proactively assume using pre-authentication.

func (*Settings) DisablePAFXFAST

func (s *Settings) DisablePAFXFAST() bool

DisablePAFXFAST indicates is the client should disable the use of PA_FX_FAST.

func (*Settings) JSON

func (s *Settings) JSON() (string, error)

JSON returns a JSON representation of the settings.

func (*Settings) Logger

func (s *Settings) Logger() *log.Logger

Logger returns the client logger instance.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL