spnego

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 18, 2024 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

spnego package implements the SPNEGO security service client.

This package also contains client-side GSSAPI bindings (InitSecurityContext, Wrap, Unwrap and so on).

Index

Constants

View Source
const Application = 1 << 6
View Source
const (
	HintName = "not_defined_in_RFC4178@please_ignore"
)

Variables

View Source
var (
	ErrReject = errors.New("spnego: rejected")
)
View Source
var (
	MechanismTypeSPNEGO = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 2}
)

Functions

This section is empty.

Types

type Authentifier

type Authentifier struct {
	// The authentifier configuration.
	*Config
	// The selected mechanism.
	Mechanism gssapi.Mechanism
	// The retrieved Mechanism List.
	RetrievedMechanismList []asn1.ObjectIdentifier
}

func (*Authentifier) IsNegTokenInit

func (a *Authentifier) IsNegTokenInit(ctx context.Context, b []byte) bool

func (*Authentifier) MakeMechanismList

func (a *Authentifier) MakeMechanismList(ctx context.Context) []asn1.ObjectIdentifier

func (*Authentifier) Negotiate

func (a *Authentifier) Negotiate(ctx context.Context) ([]byte, error)

func (*Authentifier) Respond

func (a *Authentifier) Respond(ctx context.Context, b []byte) ([]byte, error)

func (*Authentifier) SelectMechanism

func (a *Authentifier) SelectMechanism(ctx context.Context, oid gssapi.OID) gssapi.Mechanism

type Config

type Config struct {
	// The services available.
	Capabilities gssapi.Cap
	// The list of negotiated mechanisms.
	MechanismsList []gssapi.MechanismFactory
	// Require mechanism list MIC.
	RequireMechanismListMIC bool
}

func (Config) Type

func (Config) Type() gssapi.OID

The configuration type.

type Mechanism

type Mechanism struct {
	*Authentifier
}

func (*Mechanism) Accept

func (m *Mechanism) Accept(ctx context.Context, tok *gssapi.Token) (*gssapi.Token, error)

func (Mechanism) DefaultConfig

func (Mechanism) DefaultConfig(ctx context.Context) (gssapi.MechanismConfig, error)

func (*Mechanism) Init

func (m *Mechanism) Init(ctx context.Context, tok *gssapi.Token) (*gssapi.Token, error)

func (*Mechanism) MakeSignature

func (m *Mechanism) MakeSignature(ctx context.Context, tok *gssapi.MessageToken) (*gssapi.MessageToken, error)

MakeSignature function.

func (*Mechanism) MakeSignatureEx

func (m *Mechanism) MakeSignatureEx(ctx context.Context, tok *gssapi.MessageTokenEx) (*gssapi.MessageTokenEx, error)

MakeSignatureEx function.

func (Mechanism) New

func (Mechanism) Type

func (Mechanism) Type() gssapi.OID

func (*Mechanism) Unwrap

Unwrap function.

func (*Mechanism) UnwrapEx

UnwrapEx function.

func (*Mechanism) VerifySignature

func (m *Mechanism) VerifySignature(ctx context.Context, tok *gssapi.MessageToken) error

VerifySignature function.

func (*Mechanism) VerifySignatureEx

func (m *Mechanism) VerifySignatureEx(ctx context.Context, tok *gssapi.MessageTokenEx) error

VerifySignatureEx function.

func (*Mechanism) Wrap

Wrap function.

func (*Mechanism) WrapEx

WrapEx function.

func (*Mechanism) WrapSizeLimit

func (m *Mechanism) WrapSizeLimit(ctx context.Context, sz int, conf bool) int

type NegTokenInit

type NegTokenInit struct {
	// This field contains one or more security mechanisms
	// available for the initiator, in decreasing preference order
	// (favorite choice first).
	MechTypes []asn1.ObjectIdentifier
	// This field, if present, contains the service options that are
	// requested to establish the context.
	ReqFlags asn1.BitString
	// This field, if present, contains the optimistic mechanism token.
	MechToken []byte
	// This field, if present, contains an MIC token for the mechanism
	// list in the initial negotiation message.
	MechTokenMIC []byte
	// Negotiate hints.
	HintName string
	// Hint address.
	HintAddress []byte
}

The negotiate token initialization message.

func (*NegTokenInit) Marshal

func (tok *NegTokenInit) Marshal(ctx context.Context) ([]byte, error)

Marshal function marshals the negotiate token initialization.

func (*NegTokenInit) Unmarshal

func (tok *NegTokenInit) Unmarshal(ctx context.Context, b []byte) error

Unmarshal function unmarshals the negotiate token initialization.

type NegTokenResp

type NegTokenResp struct {
	// This field, if present, contains the state of the negotiation.
	State State
	// This field SHALL only be present in the first reply from the
	// target. It MUST be one of the mechanism(s) offered by the initiator.
	SupportedMech asn1.ObjectIdentifier
	// This field, if present, contains tokens specific to the mechanism
	// selected.
	ResponseToken []byte
	// This field, if present, contains an MIC token for the mechanism
	// list in the initial negotiation message.
	MechListMIC []byte
}

The negotiate token response.

func (*NegTokenResp) Marshal

func (tok *NegTokenResp) Marshal(ctx context.Context) ([]byte, error)

Marshal function marshals the negotiate token response.

func (*NegTokenResp) Unmarshal

func (tok *NegTokenResp) Unmarshal(ctx context.Context, b []byte) error

Unmarshal function unmarshals the negotiate token response.

type State

type State int

The negotiation state.

var (
	// No further negotiation message from the peer is expected,
	// and the security context is established for the sender.
	AcceptCompleted State = 0
	// At least one additional negotiation message from the peer is
	// needed to establish the security context.
	AcceptIncomplete State = 1
	// The sender terminates the negotiation.
	Reject State = 2
	// The sender indicates that the exchange of MIC tokens will be
	// REQUIRED if per-message integrity services are available on the
	// mechanism context to be established.
	//
	// This value SHALL only be present in the first reply from the target.
	RequestMIC State = 3
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL