Documentation ¶
Overview ¶
Package credentials provides credentials management for Kerberos 5 authentication.
Index ¶
- Constants
- type ADCredentials
- type CCache
- func (c *CCache) Contains(p types.PrincipalName) bool
- func (c *CCache) GetClientCredentials() *Credentials
- func (c *CCache) GetClientPrincipalName() types.PrincipalName
- func (c *CCache) GetClientRealm() string
- func (c *CCache) GetEntries() []*Credential
- func (c *CCache) GetEntry(p types.PrincipalName) (*Credential, bool)
- func (c *CCache) Marshal() ([]byte, error)
- func (c *CCache) Unmarshal(b []byte) error
- type Credential
- type Credentials
- func (c *Credentials) AddAuthzAttribute(a string)
- func (c *Credentials) Attributes() map[string]interface{}
- func (c *Credentials) AuthTime() time.Time
- func (c *Credentials) Authenticated() bool
- func (c *Credentials) Authorized(a string) bool
- func (c *Credentials) AuthzAttributes() []string
- func (c *Credentials) CName() types.PrincipalName
- func (c *Credentials) DisableAuthzAttribute(a string)
- func (c *Credentials) DisplayName() string
- func (c *Credentials) Domain() string
- func (c *Credentials) EnableAuthzAttribute(a string)
- func (c *Credentials) Expired() bool
- func (c *Credentials) GetADCredentials() ADCredentials
- func (c *Credentials) HasKeytab() bool
- func (c *Credentials) HasPassword() bool
- func (c *Credentials) Human() bool
- func (c *Credentials) JSON() (string, error)
- func (c *Credentials) Keytab() *keytab.Keytab
- func (c *Credentials) Marshal() ([]byte, error)
- func (c *Credentials) Password() string
- func (c *Credentials) Realm() string
- func (c *Credentials) RemoveAttribute(k string)
- func (c *Credentials) RemoveAuthzAttribute(a string)
- func (c *Credentials) SessionID() string
- func (c *Credentials) SetADCredentials(a ADCredentials)
- func (c *Credentials) SetAttribute(k string, v interface{})
- func (c *Credentials) SetAttributes(a map[string]interface{})
- func (c *Credentials) SetAuthTime(t time.Time)
- func (c *Credentials) SetAuthenticated(b bool)
- func (c *Credentials) SetCName(pn types.PrincipalName)
- func (c *Credentials) SetDisplayName(s string)
- func (c *Credentials) SetDomain(s string)
- func (c *Credentials) SetHuman(b bool)
- func (c *Credentials) SetRealm(s string)
- func (c *Credentials) SetUserName(s string)
- func (c *Credentials) SetValidUntil(t time.Time)
- func (c *Credentials) Unmarshal(b []byte) error
- func (c *Credentials) UserName() string
- func (c *Credentials) ValidUntil() time.Time
- func (c *Credentials) WithKeytab(kt *keytab.Keytab) *Credentials
- func (c *Credentials) WithPassword(password string) *Credentials
Constants ¶
const (
// AttributeKeyADCredentials assigned number for AD credentials.
AttributeKeyADCredentials = "gokrb5AttributeKeyADCredentials"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ADCredentials ¶
type ADCredentials struct { EffectiveName string FullName string UserID int PrimaryGroupID int LogOnTime time.Time LogOffTime time.Time PasswordLastSet time.Time GroupMembershipSIDs []string LogonDomainName string LogonDomainID string LogonServer string }
ADCredentials contains information obtained from the PAC.
type CCache ¶
type CCache struct { Version uint8 Header header DefaultPrincipal principal Credentials []*Credential Path string }
CCache is the file credentials cache as define here: https://web.mit.edu/kerberos/krb5-latest/doc/formats/ccache_file_format.html
func LoadCCache ¶
LoadCCache loads a credential cache file into a CCache type.
func NewCCacheFromTicket ¶
func (*CCache) Contains ¶
func (c *CCache) Contains(p types.PrincipalName) bool
Contains tests if the cache contains a credential for the provided server PrincipalName
func (*CCache) GetClientCredentials ¶
func (c *CCache) GetClientCredentials() *Credentials
GetClientCredentials returns a Credentials object representing the client of the credentials cache.
func (*CCache) GetClientPrincipalName ¶
func (c *CCache) GetClientPrincipalName() types.PrincipalName
GetClientPrincipalName returns a PrincipalName type for the client the credentials cache is for.
func (*CCache) GetClientRealm ¶
GetClientRealm returns the reals of the client the credentials cache is for.
func (*CCache) GetEntries ¶
func (c *CCache) GetEntries() []*Credential
GetEntries filters out configuration entries an returns a slice of credentials.
func (*CCache) GetEntry ¶
func (c *CCache) GetEntry(p types.PrincipalName) (*Credential, bool)
GetEntry returns a specific credential for the PrincipalName provided.
type Credential ¶
type Credential struct { Client principal Server principal Key types.EncryptionKey AuthTime time.Time StartTime time.Time EndTime time.Time RenewTill time.Time IsSKey bool TicketFlags asn1.BitString Addresses []types.HostAddress AuthData []types.AuthorizationDataEntry Ticket []byte SecondTicket []byte }
Credential holds a Kerberos client's ccache credential information.
type Credentials ¶
type Credentials struct {
// contains filtered or unexported fields
}
Credentials struct for a user. Contains either a keytab, password or both. Keytabs are used over passwords if both are defined.
func New ¶
func New(username string, realm string) *Credentials
New creates a new Credentials instance.
func NewFromPrincipalName ¶
func NewFromPrincipalName(cname types.PrincipalName, realm string) *Credentials
NewFromPrincipalName creates a new Credentials instance with the user details provides as a PrincipalName type.
func (*Credentials) AddAuthzAttribute ¶
func (c *Credentials) AddAuthzAttribute(a string)
AddAuthzAttribute adds an authorization attribute to the credential.
func (*Credentials) Attributes ¶
func (c *Credentials) Attributes() map[string]interface{}
Attributes returns the Credentials' attributes map.
func (*Credentials) AuthTime ¶
func (c *Credentials) AuthTime() time.Time
AuthTime returns the time the credential was authenticated.
func (*Credentials) Authenticated ¶
func (c *Credentials) Authenticated() bool
Authenticated indicates if the credential has been successfully authenticated or not.
func (*Credentials) Authorized ¶
func (c *Credentials) Authorized(a string) bool
Authorized indicates if the credential has the specified authorizing attribute.
func (*Credentials) AuthzAttributes ¶
func (c *Credentials) AuthzAttributes() []string
AuthzAttributes returns the credentials authorizing attributes.
func (*Credentials) CName ¶
func (c *Credentials) CName() types.PrincipalName
CName returns the credential's client principal name.
func (*Credentials) DisableAuthzAttribute ¶
func (c *Credentials) DisableAuthzAttribute(a string)
DisableAuthzAttribute toggles an authorization attribute to a disabled state on the credential.
func (*Credentials) DisplayName ¶
func (c *Credentials) DisplayName() string
DisplayName returns the credential's display name.
func (*Credentials) Domain ¶
func (c *Credentials) Domain() string
Domain returns the credential's domain.
func (*Credentials) EnableAuthzAttribute ¶
func (c *Credentials) EnableAuthzAttribute(a string)
EnableAuthzAttribute toggles an authorization attribute to an enabled state on the credential.
func (*Credentials) Expired ¶
func (c *Credentials) Expired() bool
Expired indicates if the credential has expired.
func (*Credentials) GetADCredentials ¶
func (c *Credentials) GetADCredentials() ADCredentials
GetADCredentials returns ADCredentials attributes sorted in the credential
func (*Credentials) HasKeytab ¶
func (c *Credentials) HasKeytab() bool
HasKeytab queries if the Credentials has a keytab defined.
func (*Credentials) HasPassword ¶
func (c *Credentials) HasPassword() bool
HasPassword queries if the Credentials has a password defined.
func (*Credentials) Human ¶
func (c *Credentials) Human() bool
Human returns if the credential represents a human or not.
func (*Credentials) JSON ¶
func (c *Credentials) JSON() (string, error)
JSON return details of the Credentials in a JSON format.
func (*Credentials) Keytab ¶
func (c *Credentials) Keytab() *keytab.Keytab
Keytab returns the credential's Keytab.
func (*Credentials) Marshal ¶
func (c *Credentials) Marshal() ([]byte, error)
Marshal the Credentials into a byte slice
func (*Credentials) Password ¶
func (c *Credentials) Password() string
Password returns the credential's password.
func (*Credentials) Realm ¶
func (c *Credentials) Realm() string
Realm returns the credential's realm. Same as the domain.
func (*Credentials) RemoveAttribute ¶
func (c *Credentials) RemoveAttribute(k string)
RemoveAttribute deletes an attribute from the attribute map that has the key provided.
func (*Credentials) RemoveAuthzAttribute ¶
func (c *Credentials) RemoveAuthzAttribute(a string)
RemoveAuthzAttribute removes an authorization attribute from the credential.
func (*Credentials) SessionID ¶
func (c *Credentials) SessionID() string
SessionID returns the credential's session ID.
func (*Credentials) SetADCredentials ¶
func (c *Credentials) SetADCredentials(a ADCredentials)
SetADCredentials adds ADCredentials attributes to the credentials
func (*Credentials) SetAttribute ¶
func (c *Credentials) SetAttribute(k string, v interface{})
SetAttribute sets the value of an attribute.
func (*Credentials) SetAttributes ¶
func (c *Credentials) SetAttributes(a map[string]interface{})
SetAttributes replaces the attributes map with the one provided.
func (*Credentials) SetAuthTime ¶
func (c *Credentials) SetAuthTime(t time.Time)
SetAuthTime sets the time the credential was authenticated.
func (*Credentials) SetAuthenticated ¶
func (c *Credentials) SetAuthenticated(b bool)
SetAuthenticated sets the credential as having been successfully authenticated.
func (*Credentials) SetCName ¶
func (c *Credentials) SetCName(pn types.PrincipalName)
SetCName sets the client principal name on the credential.
func (*Credentials) SetDisplayName ¶
func (c *Credentials) SetDisplayName(s string)
SetDisplayName sets the display name value on the credential.
func (*Credentials) SetDomain ¶
func (c *Credentials) SetDomain(s string)
SetDomain sets the domain value on the credential.
func (*Credentials) SetHuman ¶
func (c *Credentials) SetHuman(b bool)
SetHuman sets the credential as human.
func (*Credentials) SetRealm ¶
func (c *Credentials) SetRealm(s string)
SetRealm sets the realm value on the credential. Same as the domain
func (*Credentials) SetUserName ¶
func (c *Credentials) SetUserName(s string)
SetUserName sets the username value on the credential.
func (*Credentials) SetValidUntil ¶
func (c *Credentials) SetValidUntil(t time.Time)
SetValidUntil sets the expiry time of the credentials
func (*Credentials) Unmarshal ¶
func (c *Credentials) Unmarshal(b []byte) error
Unmarshal a byte slice into Credentials
func (*Credentials) UserName ¶
func (c *Credentials) UserName() string
UserName returns the credential's username.
func (*Credentials) ValidUntil ¶
func (c *Credentials) ValidUntil() time.Time
ValidUntil returns the credential's valid until date
func (*Credentials) WithKeytab ¶
func (c *Credentials) WithKeytab(kt *keytab.Keytab) *Credentials
WithKeytab sets the Keytab in the Credentials struct.
func (*Credentials) WithPassword ¶
func (c *Credentials) WithPassword(password string) *Credentials
WithPassword sets the password in the Credentials struct.