gosasl

package module

v0.0.0-...-d984219 Latest Latest Go to latest Published: Oct 20, 2024 License: MIT Imports: 8 Imported by: 25

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/beltran/gosasl

Links

Open Source Insights

README ¶

Go SASL library

gosasl is a library for different SASL mechanisms. Currently GSSAPI, DIGEST-MD5, PLAIN and ANONYMOUS are implemented. Support for other mechanisms may be added in the future. Only GSSAPI supports a QOP higher than auth.

Installation

Gosasl can be installed with:

go get github.com/beltran/gosasl

To add kerberos support gosasl requires header files to build against the GSSAPI C library. They can be installed with:

Ubuntu: sudo apt-get install libkrb5-dev
MacOS: brew install homebrew/dupes/heimdal --without-x11
Debian: yum install -y krb5-devel

Then:

go get -tags kerberos github.com/beltran/gosasl

Example Usage

    mechanism, err := NewGSSAPIMechanism("service")
	if err != nil {
		log.Fatal(err)
    }    
    conn = getConnection("somehost")
    client := NewSaslClientWithMechanism("somehost", mechanism)
    response, err := client.Start()
    if err != nil {
		log.Fatal(err)
    }
    conn.sendResponse(response)

    for true {
        status, challenge = conn.getChallenge()
        if status == COMPLETE {
            break
        } else if status == OK {
            response = client.Step(challenge)
            conn.sendResponse(response)
        } else {
            log.Fatal("Failed to establish connection")
        }
    }
    if !client.Complete() {
        log.Fatal("SASL negotiation did not complete")
    }

    // begin normal communication
    encoded := conn.fetchData()
    decoded := client.Decode(encoded)
    response = processData(decoded)
    conn.sendData(client.Encode(response))

    client.Dispose()

This library is inspired by pure-sasl.

Documentation ¶

Index ¶

Constants
Variables
type AnonymousMechanism
- func NewAnonymousMechanism() *AnonymousMechanism
type Client
- func NewSaslClient(host string, mechanism Mechanism) *Client
type CramMD5Mechanism
- func NewCramMD5Mechanism(username string, password string) *CramMD5Mechanism
type DigestMD5Mechanism
- func NewDigestMD5Mechanism(service string, username string, password string) *DigestMD5Mechanism
type GSSAPIMechanism
- func NewGSSAPIMechanism(service string) (mechanism *GSSAPIMechanism, err error)
type Mechanism
type MechanismConfig
type PlainMechanism
- func NewPlainMechanism(username string, password string) *PlainMechanism
type QOP

Constants ¶

View Source

const DEFAULT_MAX_LENGTH = 16384000

DEFAULT_MAX_LENGTH is the max length that will be requested in the negotiation It can be set with gssapiMechanism.MaxLength = 1000

Variables ¶

View Source

var AUTH = "auth"

AUTH if the flag used for just basic auth, no confidentiality

View Source

var AUTH_CONF = "auth-conf"

AUTH_CONF is the flag for authentication and confidentiality. It the most secure option.

View Source

var AUTH_INT = "auth-int"

AUTH_INT is the flag for authentication and integrety

View Source

var QOP_TO_FLAG = map[string]byte{
	AUTH:      1,
	AUTH_INT:  2,
	AUTH_CONF: 4,
}

QOP_TO_FLAG is a dict that translate the string flag name into the actual bit It can be used wiht gssapiMechanism.UserSelectQop = QOP_TO_FLAG[AUTH_CONF] | QOP_TO_FLAG[AUTH_INT]

Functions ¶

This section is empty.

Types ¶

type AnonymousMechanism ¶

type AnonymousMechanism struct {
	// contains filtered or unexported fields
}

AnonymousMechanism corresponds to NONE/ Anonymous SASL mechanism

func NewAnonymousMechanism ¶

func NewAnonymousMechanism() *AnonymousMechanism

NewAnonymousMechanism returns a new AnonymousMechanism

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is the entry point for usage of this library

func NewSaslClient ¶

func NewSaslClient(host string, mechanism Mechanism) *Client

NewSaslClient creates a new client given a host and a mechanism

func (*Client) Complete ¶

func (client *Client) Complete() bool

Complete returns true if the handshake has ended

func (*Client) Decode ¶

func (client *Client) Decode(incoming []byte) ([]byte, error)

Decode is used on the incoming data to produce the usable bytes

func (*Client) Dispose ¶

func (client *Client) Dispose()

Dispose eliminates sensitive information

func (*Client) Encode ¶

func (client *Client) Encode(outgoing []byte) ([]byte, error)

Encode is applied on the outgoing bytes to secure them usually

func (*Client) GetConfig ¶

func (client *Client) GetConfig() *MechanismConfig

GetConfig returns the configuration of the mechanism

func (*Client) Start ¶

func (client *Client) Start() ([]byte, error)

Start initializes the client and may generate the first challenge

func (*Client) Step ¶

func (client *Client) Step(challenge []byte) ([]byte, error)

Step is used for the initial handshake

type CramMD5Mechanism ¶

type CramMD5Mechanism struct {
	*PlainMechanism
}

CramMD5Mechanism corresponds to PLAIN SASL mechanism

func NewCramMD5Mechanism ¶

func NewCramMD5Mechanism(username string, password string) *CramMD5Mechanism

NewCramMD5Mechanism returns a new PlainMechanism

type DigestMD5Mechanism ¶

type DigestMD5Mechanism struct {
	// contains filtered or unexported fields
}

DigestMD5Mechanism corresponds to PLAIN SASL mechanism

func NewDigestMD5Mechanism ¶

func NewDigestMD5Mechanism(service string, username string, password string) *DigestMD5Mechanism

NewDigestMD5Mechanism returns a new PlainMechanism

type GSSAPIMechanism ¶

type GSSAPIMechanism struct {
	// contains filtered or unexported fields
}

GSSAPIMechanism corresponds to GSSAPI SASL mechanism

func NewGSSAPIMechanism ¶

func NewGSSAPIMechanism(service string) (mechanism *GSSAPIMechanism, err error)

NewGSSAPIMechanism returns a new GSSAPIMechanism

type Mechanism ¶

type Mechanism interface {
	// contains filtered or unexported methods
}

Mechanism is the common interface for all mechanisms

type MechanismConfig ¶

type MechanismConfig struct {

	// It can be set with mechanism.getConfig().AuthorizationID = "authorizationId"
	AuthorizationID string
	// contains filtered or unexported fields
}

MechanismConfig is the configuration to use for mechanisms

type PlainMechanism ¶

type PlainMechanism struct {
	// contains filtered or unexported fields
}

PlainMechanism corresponds to PLAIN SASL mechanism

func NewPlainMechanism ¶

func NewPlainMechanism(username string, password string) *PlainMechanism

NewPlainMechanism returns a new PlainMechanism

type QOP ¶

type QOP []byte

QOP is the byte that holds the QOP flags

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL