credentials

package
v6.0.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 28, 2018 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package credentials provides credentials management for Kerberos 5 authentication.

Index

Constants

View Source
const (
	// AttributeKeyADCredentials assigned number for AD credentials.
	AttributeKeyADCredentials = "gokrb5AttributeKeyADCredentials"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type ADCredentials

type ADCredentials struct {
	EffectiveName       string
	FullName            string
	UserID              int
	PrimaryGroupID      int
	LogOnTime           time.Time
	LogOffTime          time.Time
	PasswordLastSet     time.Time
	GroupMembershipSIDs []string
	LogonDomainName     string
	LogonDomainID       string
	LogonServer         string
}

ADCredentials contains information obtained from the PAC.

type CCache

type CCache struct {
	Version          uint8
	Header           header
	DefaultPrincipal principal
	Credentials      []credential
	Path             string
}

CCache is the file credentials cache as define here: https://web.mit.edu/kerberos/krb5-latest/doc/formats/ccache_file_format.html

func LoadCCache

func LoadCCache(cpath string) (CCache, error)

LoadCCache loads a credential cache file into a CCache type.

func ParseCCache

func ParseCCache(b []byte) (c CCache, err error)

ParseCCache byte slice of credential cache data into CCache type.

func (*CCache) Contains

func (c *CCache) Contains(p types.PrincipalName) bool

Contains tests if the cache contains a credential for the provided server PrincipalName

func (*CCache) GetClientCredentials

func (c *CCache) GetClientCredentials() *Credentials

GetClientCredentials returns a Credentials object representing the client of the credentials cache.

func (*CCache) GetClientPrincipalName

func (c *CCache) GetClientPrincipalName() types.PrincipalName

GetClientPrincipalName returns a PrincipalName type for the client the credentials cache is for.

func (*CCache) GetClientRealm

func (c *CCache) GetClientRealm() string

GetClientRealm returns the reals of the client the credentials cache is for.

func (*CCache) GetEntries

func (c *CCache) GetEntries() []credential

GetEntries filters out configuration entries an returns a slice of credentials.

func (*CCache) GetEntry

func (c *CCache) GetEntry(p types.PrincipalName) (credential, bool)

GetEntry returns a specific credential for the PrincipalName provided.

type Credentials

type Credentials struct {
	Username string

	Realm    string
	CName    types.PrincipalName
	Keytab   keytab.Keytab
	Password string

	ValidUntil time.Time
	// contains filtered or unexported fields
}

Credentials struct for a user. Contains either a keytab, password or both. Keytabs are used over passwords if both are defined.

func NewCredentials

func NewCredentials(username string, realm string) Credentials

NewCredentials creates a new Credentials instance.

func NewCredentialsFromPrincipal

func NewCredentialsFromPrincipal(cname types.PrincipalName, realm string) Credentials

NewCredentialsFromPrincipal creates a new Credentials instance with the user details provides as a PrincipalName type.

func (*Credentials) AddAuthzAttribute

func (c *Credentials) AddAuthzAttribute(a string)

AddAuthzAttribute adds an authorization attribute to the credential.

func (*Credentials) Attributes

func (c *Credentials) Attributes() map[string]interface{}

func (*Credentials) AuthTime

func (c *Credentials) AuthTime() time.Time

AuthTime returns the time the credential was authenticated.

func (*Credentials) Authenticated

func (c *Credentials) Authenticated() bool

Authenticated indicates if the credential has been successfully authenticated or not.

func (*Credentials) Authorized

func (c *Credentials) Authorized(a string) bool

Authorized indicates if the credential has the specified authorizing attribute.

func (*Credentials) AuthzAttributes

func (c *Credentials) AuthzAttributes() []string

AuthzAttributes returns the credentials authorizing attributes.

func (*Credentials) DisableAuthzAttribute

func (c *Credentials) DisableAuthzAttribute(a string)

DisableAuthzAttribute toggles an authorization attribute to a disabled state on the credential.

func (*Credentials) DisplayName

func (c *Credentials) DisplayName() string

DisplayName returns the credential's display name.

func (*Credentials) Domain

func (c *Credentials) Domain() string

Domain returns the credential's domain.

func (*Credentials) EnableAuthzAttribute

func (c *Credentials) EnableAuthzAttribute(a string)

EnableAuthzAttribute toggles an authorization attribute to an enabled state on the credential.

func (*Credentials) Expired

func (c *Credentials) Expired() bool

Expired indicates if the credential has expired.

func (*Credentials) HasKeytab

func (c *Credentials) HasKeytab() bool

HasKeytab queries if the Credentials has a keytab defined.

func (*Credentials) HasPassword

func (c *Credentials) HasPassword() bool

HasPassword queries if the Credentials has a password defined.

func (*Credentials) Human

func (c *Credentials) Human() bool

Human returns if the credential represents a human or not.

func (*Credentials) RemoveAttribute

func (c *Credentials) RemoveAttribute(k string)

func (*Credentials) RemoveAuthzAttribute

func (c *Credentials) RemoveAuthzAttribute(a string)

RemoveAuthzAttribute removes an authorization attribute from the credential.

func (*Credentials) SessionID

func (c *Credentials) SessionID() string

SessionID returns the credential's session ID.

func (*Credentials) SetADCredentials

func (c *Credentials) SetADCredentials(a ADCredentials)

SetADCredentials adds ADCredentials attributes to the credentials

func (*Credentials) SetAttribute

func (c *Credentials) SetAttribute(k string, v interface{})

func (*Credentials) SetAttributes

func (c *Credentials) SetAttributes(a map[string]interface{})

func (*Credentials) SetAuthTime

func (c *Credentials) SetAuthTime(t time.Time)

SetAuthTime sets the time the credential was authenticated.

func (*Credentials) SetAuthenticated

func (c *Credentials) SetAuthenticated(b bool)

SetAuthenticated sets the credential as having been successfully authenticated.

func (*Credentials) SetDisplayName

func (c *Credentials) SetDisplayName(s string)

SetDisplayName sets the display name value on the credential.

func (*Credentials) SetDomain

func (c *Credentials) SetDomain(s string)

SetDomain sets the domain value on the credential.

func (*Credentials) SetHuman

func (c *Credentials) SetHuman(b bool)

SetHuman sets the credential as human.

func (*Credentials) SetUserName

func (c *Credentials) SetUserName(s string)

SetUserName sets the username value on the credential.

func (*Credentials) SetValidUntil

func (c *Credentials) SetValidUntil(t time.Time)

SetValidUntil sets the expiry time of the credentials

func (*Credentials) UserName

func (c *Credentials) UserName() string

UserName returns the credential's username.

func (*Credentials) WithKeytab

func (c *Credentials) WithKeytab(kt keytab.Keytab) *Credentials

WithKeytab sets the Keytab in the Credentials struct.

func (*Credentials) WithPassword

func (c *Credentials) WithPassword(password string) *Credentials

WithPassword sets the password in the Credentials struct.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL