Documentation ¶
Overview ¶
Package messages implements Kerberos 5 message types and methods.
Index ¶
- func MarshalTicketSequence(tkts []Ticket) (asn1.RawValue, error)
- type APRep
- type APReq
- type ASRep
- type ASReq
- type EncAPRepPart
- type EncKDCRepPart
- type EncKrbCredPart
- type EncKrbPrivPart
- type EncTicketPart
- type KDCRepFields
- type KDCReqBody
- type KDCReqFields
- type KRBCred
- type KRBError
- type KRBPriv
- type KRBSafe
- type KRBSafeBody
- type KrbCredInfo
- type LastReq
- type TGSRep
- type TGSReq
- type Ticket
- type TransitedEncoding
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type APRep ¶
type APRep struct { PVNO int `asn1:"explicit,tag:0"` MsgType int `asn1:"explicit,tag:1"` EncPart types.EncryptedData `asn1:"explicit,tag:2"` }
APRep implements RFC 4120 KRB_AP_REP: https://tools.ietf.org/html/rfc4120#section-5.5.2.
type APReq ¶
type APReq struct { PVNO int `asn1:"explicit,tag:0"` MsgType int `asn1:"explicit,tag:1"` APOptions asn1.BitString `asn1:"explicit,tag:2"` Ticket Ticket `asn1:"explicit,tag:3"` Authenticator types.EncryptedData `asn1:"explicit,tag:4"` }
APReq implements RFC 4120 KRB_AP_REQ: https://tools.ietf.org/html/rfc4120#section-5.5.1.
func NewAPReq ¶
func NewAPReq(tkt Ticket, sessionKey types.EncryptionKey, auth types.Authenticator) (APReq, error)
NewAPReq generates a new KRB_AP_REQ struct.
func (*APReq) DecryptAuthenticator ¶
func (a *APReq) DecryptAuthenticator(sessionKey types.EncryptionKey) (auth types.Authenticator, err error)
DecryptAuthenticator decrypts the Authenticator within the AP_REQ. sessionKey may simply be the key within the decrypted EncPart of the ticket within the AP_REQ.
type ASRep ¶
type ASRep struct {
KDCRepFields
}
ASRep implements RFC 4120 KRB_AS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
func (*ASRep) DecryptEncPart ¶
func (k *ASRep) DecryptEncPart(c *credentials.Credentials) (types.EncryptionKey, error)
DecryptEncPart decrypts the encrypted part of an AS_REP.
func (*ASRep) IsValid ¶ added in v1.0.0
func (k *ASRep) IsValid(cfg *config.Config, creds *credentials.Credentials, asReq ASReq) (bool, error)
IsValid checks the validity of AS_REP message.
type ASReq ¶
type ASReq struct {
KDCReqFields
}
ASReq implements RFC 4120 KRB_AS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
func NewASReqForChgPasswd ¶
NewASReqForChgPasswd generates a new KRB_AS_REQ struct for a change password request.
func NewASReqForTGT ¶
NewASReqForTGT generates a new KRB_AS_REQ struct for a TGT request.
type EncAPRepPart ¶
type EncAPRepPart struct { CTime time.Time `asn1:"generalized,explicit,tag:0"` Cusec int `asn1:"explicit,tag:1"` Subkey types.EncryptionKey `asn1:"optional,explicit,tag:2"` SequenceNumber int64 `asn1:"optional,explicit,tag:3"` }
EncAPRepPart is the encrypted part of KRB_AP_REP.
func (*EncAPRepPart) Unmarshal ¶
func (a *EncAPRepPart) Unmarshal(b []byte) error
Unmarshal bytes b into the APRep encrypted part struct.
type EncKDCRepPart ¶
type EncKDCRepPart struct { Key types.EncryptionKey `asn1:"explicit,tag:0"` LastReqs []LastReq `asn1:"explicit,tag:1"` Nonce int `asn1:"explicit,tag:2"` KeyExpiration time.Time `asn1:"generalized,explicit,optional,tag:3"` Flags asn1.BitString `asn1:"explicit,tag:4"` AuthTime time.Time `asn1:"generalized,explicit,tag:5"` StartTime time.Time `asn1:"generalized,explicit,optional,tag:6"` EndTime time.Time `asn1:"generalized,explicit,tag:7"` RenewTill time.Time `asn1:"generalized,explicit,optional,tag:8"` SRealm string `asn1:"generalstring,explicit,tag:9"` SName types.PrincipalName `asn1:"explicit,tag:10"` CAddr []types.HostAddress `asn1:"explicit,optional,tag:11"` EncPAData types.PADataSequence `asn1:"explicit,optional,tag:12"` }
EncKDCRepPart is the encrypted part of KRB_KDC_REP.
func (*EncKDCRepPart) Unmarshal ¶
func (e *EncKDCRepPart) Unmarshal(b []byte) error
Unmarshal bytes b into encrypted part of KRB_KDC_REP.
type EncKrbCredPart ¶
type EncKrbCredPart struct { TicketInfo []KrbCredInfo `asn1:"explicit,tag:0"` Nouce int `asn1:"optional,explicit,tag:1"` Timestamp time.Time `asn1:"generalized,optional,explicit,tag:2"` Usec int `asn1:"optional,explicit,tag:3"` SAddress types.HostAddress `asn1:"optional,explicit,tag:4"` RAddress types.HostAddress `asn1:"optional,explicit,tag:5"` }
EncKrbCredPart is the encrypted part of KRB_CRED.
func (*EncKrbCredPart) Unmarshal ¶
func (k *EncKrbCredPart) Unmarshal(b []byte) error
Unmarshal bytes b into the encrypted part of KRB_CRED.
type EncKrbPrivPart ¶
type EncKrbPrivPart struct { UserData []byte `asn1:"explicit,tag:0"` Timestamp time.Time `asn1:"generalized,optional,explicit,tag:1"` Usec int `asn1:"optional,explicit,tag:2"` SequenceNumber int64 `asn1:"optional,explicit,tag:3"` SAddress types.HostAddress `asn1:"explicit,tag:4"` RAddress types.HostAddress `asn1:"optional,explicit,tag:5"` }
EncKrbPrivPart is the encrypted part of KRB_PRIV.
func (*EncKrbPrivPart) Unmarshal ¶
func (k *EncKrbPrivPart) Unmarshal(b []byte) error
Unmarshal bytes b into the EncKrbPrivPart struct.
type EncTicketPart ¶
type EncTicketPart struct { Flags asn1.BitString `asn1:"explicit,tag:0"` Key types.EncryptionKey `asn1:"explicit,tag:1"` CRealm string `asn1:"generalstring,explicit,tag:2"` CName types.PrincipalName `asn1:"explicit,tag:3"` Transited TransitedEncoding `asn1:"explicit,tag:4"` AuthTime time.Time `asn1:"generalized,explicit,tag:5"` StartTime time.Time `asn1:"generalized,explicit,optional,tag:6"` EndTime time.Time `asn1:"generalized,explicit,tag:7"` RenewTill time.Time `asn1:"generalized,explicit,optional,tag:8"` CAddr types.HostAddresses `asn1:"explicit,optional,tag:9"` AuthorizationData types.AuthorizationData `asn1:"explicit,optional,tag:10"` }
EncTicketPart is the encrypted part of the Ticket.
func (*EncTicketPart) Unmarshal ¶
func (t *EncTicketPart) Unmarshal(b []byte) error
Unmarshal bytes b into the EncTicketPart struct.
type KDCRepFields ¶
type KDCRepFields struct { PVNO int MsgType int PAData []types.PAData CRealm string CName types.PrincipalName Ticket Ticket EncPart types.EncryptedData DecryptedEncPart EncKDCRepPart }
KDCRepFields represents the KRB_KDC_REP fields.
type KDCReqBody ¶
type KDCReqBody struct { KDCOptions asn1.BitString `asn1:"explicit,tag:0"` CName types.PrincipalName `asn1:"explicit,optional,tag:1"` Realm string `asn1:"generalstring,explicit,tag:2"` SName types.PrincipalName `asn1:"explicit,optional,tag:3"` From time.Time `asn1:"generalized,explicit,optional,tag:4"` Till time.Time `asn1:"generalized,explicit,tag:5"` RTime time.Time `asn1:"generalized,explicit,optional,tag:6"` Nonce int `asn1:"explicit,tag:7"` EType []int32 `asn1:"explicit,tag:8"` Addresses []types.HostAddress `asn1:"explicit,optional,tag:9"` EncAuthData types.EncryptedData `asn1:"explicit,optional,tag:10"` AdditionalTickets []Ticket `asn1:"explicit,optional,tag:11"` }
KDCReqBody implements the KRB_KDC_REQ request body.
func (*KDCReqBody) Marshal ¶
func (k *KDCReqBody) Marshal() ([]byte, error)
Marshal KRB_KDC_REQ body struct.
func (*KDCReqBody) Unmarshal ¶
func (k *KDCReqBody) Unmarshal(b []byte) error
Unmarshal bytes b into the KRB_KDC_REQ body struct.
type KDCReqFields ¶
type KDCReqFields struct { PVNO int MsgType int PAData types.PADataSequence ReqBody KDCReqBody Renewal bool }
KDCReqFields represents the KRB_KDC_REQ fields.
type KRBCred ¶
type KRBCred struct { PVNO int MsgType int Tickets []Ticket EncPart types.EncryptedData DecryptedEncPart EncKrbCredPart }
KRBCred implements RFC 4120 KRB_CRED: https://tools.ietf.org/html/rfc4120#section-5.8.1.
func (*KRBCred) DecryptEncPart ¶
func (k *KRBCred) DecryptEncPart(key types.EncryptionKey) error
DecryptEncPart decrypts the encrypted part of a KRB_CRED.
type KRBError ¶
type KRBError struct { PVNO int `asn1:"explicit,tag:0"` MsgType int `asn1:"explicit,tag:1"` CTime time.Time `asn1:"generalized,optional,explicit,tag:2"` Cusec int `asn1:"optional,explicit,tag:3"` STime time.Time `asn1:"generalized,explicit,tag:4"` Susec int `asn1:"explicit,tag:5"` ErrorCode int32 `asn1:"explicit,tag:6"` CRealm string `asn1:"generalstring,optional,explicit,tag:7"` CName types.PrincipalName `asn1:"optional,explicit,tag:8"` Realm string `asn1:"generalstring,explicit,tag:9"` SName types.PrincipalName `asn1:"explicit,tag:10"` EText string `asn1:"generalstring,optional,explicit,tag:11"` EData []byte `asn1:"optional,explicit,tag:12"` }
KRBError implements RFC 4120 KRB_ERROR: https://tools.ietf.org/html/rfc4120#section-5.9.1.
func NewKRBError ¶
NewKRBError creates a new KRBError.
type KRBPriv ¶
type KRBPriv struct { PVNO int `asn1:"explicit,tag:0"` MsgType int `asn1:"explicit,tag:1"` EncPart types.EncryptedData `asn1:"explicit,tag:3"` DecryptedEncPart EncKrbPrivPart `asn1:"optional,omitempty"` // Not part of ASN1 bytes so marked as optional so unmarshalling works }
KRBPriv implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.7.1.
func NewKRBPriv ¶
func NewKRBPriv(part EncKrbPrivPart) KRBPriv
NewKRBPriv returns a new KRBPriv type.
func (*KRBPriv) DecryptEncPart ¶
func (k *KRBPriv) DecryptEncPart(key types.EncryptionKey) error
DecryptEncPart decrypts the encrypted part of the KRBPriv message.
func (*KRBPriv) EncryptEncPart ¶
func (k *KRBPriv) EncryptEncPart(key types.EncryptionKey) error
EncryptEncPart encrypts the DecryptedEncPart within the KRBPriv. Use to prepare for marshaling.
type KRBSafe ¶
type KRBSafe struct { PVNO int `asn1:"explicit,tag:0"` MsgType int `asn1:"explicit,tag:1"` SafeBody KRBSafeBody `asn1:"explicit,tag:2"` Cksum types.Checksum `asn1:"explicit,tag:3"` }
KRBSafe implements RFC 4120 KRB_SAFE: https://tools.ietf.org/html/rfc4120#section-5.6.1.
type KRBSafeBody ¶
type KRBSafeBody struct { UserData []byte `asn1:"explicit,tag:0"` Timestamp time.Time `asn1:"generalized,optional,explicit,tag:1"` Usec int `asn1:"optional,explicit,tag:2"` SequenceNumber int64 `asn1:"optional,explicit,tag:3"` SAddress types.HostAddress `asn1:"explicit,tag:4"` RAddress types.HostAddress `asn1:"optional,explicit,tag:5"` }
KRBSafeBody implements the KRB_SAFE_BODY of KRB_SAFE.
type KrbCredInfo ¶
type KrbCredInfo struct { Key types.EncryptionKey `asn1:"explicit,tag:0"` PRealm string `asn1:"generalstring,optional,explicit,tag:1"` PName types.PrincipalName `asn1:"optional,explicit,tag:2"` Flags asn1.BitString `asn1:"optional,explicit,tag:3"` AuthTime time.Time `asn1:"generalized,optional,explicit,tag:4"` StartTime time.Time `asn1:"generalized,optional,explicit,tag:5"` EndTime time.Time `asn1:"generalized,optional,explicit,tag:6"` RenewTill time.Time `asn1:"generalized,optional,explicit,tag:7"` SRealm string `asn1:"optional,explicit,ia5,tag:8"` SName types.PrincipalName `asn1:"optional,explicit,tag:9"` CAddr types.HostAddresses `asn1:"optional,explicit,tag:10"` }
KrbCredInfo is the KRB_CRED_INFO part of KRB_CRED.
type LastReq ¶
type LastReq struct { LRType int32 `asn1:"explicit,tag:0"` LRValue time.Time `asn1:"generalized,explicit,tag:1"` }
LastReq part of KRB_KDC_REP.
type TGSRep ¶
type TGSRep struct {
KDCRepFields
}
TGSRep implements RFC 4120 KRB_TGS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
func (*TGSRep) DecryptEncPart ¶
func (k *TGSRep) DecryptEncPart(key types.EncryptionKey) error
DecryptEncPart decrypts the encrypted part of an TGS_REP.
type TGSReq ¶
type TGSReq struct {
KDCReqFields
}
TGSReq implements RFC 4120 KRB_TGS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
func NewTGSReq ¶
func NewTGSReq(cname types.PrincipalName, kdcRealm string, c *config.Config, tgt Ticket, sessionKey types.EncryptionKey, sname types.PrincipalName, renewal bool) (TGSReq, error)
NewTGSReq generates a new KRB_TGS_REQ struct.
func NewUser2UserTGSReq ¶
func NewUser2UserTGSReq(cname types.PrincipalName, kdcRealm string, c *config.Config, clientTGT Ticket, sessionKey types.EncryptionKey, sname types.PrincipalName, renewal bool, verifyingTGT Ticket) (TGSReq, error)
NewUser2UserTGSReq returns a TGS-REQ suitable for user-to-user authentication (https://tools.ietf.org/html/rfc4120#section-3.7)
type Ticket ¶
type Ticket struct { TktVNO int `asn1:"explicit,tag:0"` Realm string `asn1:"generalstring,explicit,tag:1"` SName types.PrincipalName `asn1:"explicit,tag:2"` EncPart types.EncryptedData `asn1:"explicit,tag:3"` DecryptedEncPart EncTicketPart `asn1:"optional"` // Not part of ASN1 bytes so marked as optional so unmarshalling works }
Ticket implements the Kerberos ticket.
func NewTicket ¶
func NewTicket(cname types.PrincipalName, crealm string, sname types.PrincipalName, srealm string, flags asn1.BitString, sktab keytab.Keytab, eTypeID int32, kvno int, authTime, startTime, endTime, renewTill time.Time) (Ticket, types.EncryptionKey, error)
NewTicket creates a new Ticket instance.
func UnmarshalTicket ¶ added in v1.0.0
UnmarshalTicket returns a ticket from the bytes provided.
func UnmarshalTicketsSequence ¶ added in v1.0.0
UnmarshalTicketsSequence returns a slice of Tickets from a raw ASN1 value.
func (*Ticket) DecryptEncPart ¶
DecryptEncPart decrypts the encrypted part of the ticket.
func (*Ticket) GetPACType ¶
GetPACType returns a Microsoft PAC that has been extracted from the ticket and processed.
type TransitedEncoding ¶
type TransitedEncoding struct { TRType int32 `asn1:"explicit,tag:0"` Contents []byte `asn1:"explicit,tag:1"` }
TransitedEncoding part of the ticket's encrypted part.