Documentation
¶
Index ¶
- Variables
- func ValidateAuthLevel(level string) error
- func ValidateImpersonation(level string) error
- type Config
- func (cfg *Config) ClientOptions(ctx context.Context) []dcerpc.Option
- func (cfg *Config) Credentials() []credential.Credential
- func (cfg *Config) DialOptions(ctx context.Context) []dcerpc.Option
- func (cfg *Config) DisableEPM() *Config
- func (cfg *Config) EPMOptions(ctx context.Context) []dcerpc.Option
- func (cfg *Config) GenKRB5Config() (*krb5_config.Config, error)
- func (cfg *Config) KRB5() *krb5.Config
- func (cfg *Config) Log()
- func (cfg *Config) MachineAccountCredentials() []credential.Credential
- func (cfg *Config) Mechanisms() []gssapi.MechanismFactory
- func (cfg *Config) NTLM() *ntlm.Config
- func (cfg *Config) ParseServerAddr() error
- func (cfg *Config) SMBDialerOptions() []smb2.DialerOption
- func (cfg *Config) ServerAddr() string
- func (cfg *Config) UseGlobalCredentials() *Config
- func (cfg *Config) UseMachineAccount() *Config
- func (cfg *Config) UseNetlogonSSP() *Config
- func (cfg *Config) Validate() error
- type StringSlice
Constants ¶
This section is empty.
Variables ¶
View Source
var KRB5ConfigT = template.Must(template.New("krb5-config").Parse(`
[realms]
{{ .Domain }} = {
{{- if .Auth.KRB5.KDCServer }}
kdc = {{ .Auth.KRB5.KDCServer }}
{{- end }}
{{- if .Auth.KRB5.AdminServer }}
admin_server = {{ .Auth.KRB5.AdminServer }}
{{- end }}
}
[libdefaults]
default_realm = {{ .Domain }}
default_tkt_enctypes = {{ range $encType := .Auth.KRB5.EncryptionTypes }}{{ $encType }} {{ end }}
default_tgs_enctypes = {{ range $encType := .Auth.KRB5.EncryptionTypes }}{{ $encType }} {{ end }}
`))
Functions ¶
func ValidateAuthLevel ¶
ValidateAuthLevel function validates the auth level.
func ValidateImpersonation ¶
Types ¶
type Config ¶
type Config struct {
// Debug enables debug logging.
Debug bool `json:"debug"`
// The debug logger.
Logger zerolog.Logger `json:"-"`
// The server IP, or FQDN or binding string.
Server string `json:"server"`
// Server address.
ServerAddress string `json:"server_address"`
// The domain to connect to.
Domain string `json:"domain"`
// The username to connect with.
Username string `json:"username"`
// The workstation to connect from.
Workstation string `json:"workstation"`
// The timeout for the connection.
Timeout time.Duration `json:"timeout"`
// The credential configuration.
Credential struct {
// The password to use.
Password string `json:"password"`
// The NT hash to use.
NTHash string `json:"nt_hash"`
// The machine account password to use.
MachineAccountPassword string `json:"machine_account_password"`
// The machine account NT hash.
MachineAccountNTHash string `json:"machine_account_nt_hash"`
} `json:"credential"`
// The auth configuration.
Auth struct {
// The auth level to use. (none, connect, call, pkt, integrity, privacy)
Level string `json:"level"`
// The impersonation level to use (anonymous, identify, impersonate, delegate). (default is impersonate)
Impersonation string `json:"impersonation"`
// The auth type to use. (ntlm, krb5)
Type string `json:"type"`
// The target name to use.
TargetName string `json:"target_name"`
// The flag that indicates whether the SPNEGO should be used.
SPNEGO bool `json:"spnego"`
// The auth configuration for KRB5.
KRB5 struct {
// The path to the krb5.conf file.
ConfigFile string `json:"config_file_path"`
// The KDC server to connect to.
KDCServer string `json:"kdc_server,omitempty"`
// The admin server to connect to.
AdminServer string `json:"admin_server,omitempty"`
// The encryption types to use.
EncryptionTypes StringSlice `json:"encryption_types"`
// The path to the keytab file.
Keytab string `json:"keytab_path"`
// The path to the ccache file.
CCache string `json:"ccache_path"`
// The flag that indicates whether the 3-leg DCE authentication
// should be used. (default true)
DCEStyle bool `json:"dce_style"`
// The flag that indicates whether the PAF-X FAST should be
// disabled. (default true)
DisablePAFXFAST bool `json:"disable_pafx_fast"`
// The flag that indicates whether the mutual authentication
// is required.
MutualAuthn bool `json:"mutual_authn"`
} `json:"auth_krb5_config"`
// The auth configuration for NTLM.
NTLM struct {
// The flag that indicates whether the NTLMv1 should be used.
// (default false)
NTLMv1 bool `json:"ntlm_v1"`
// The flag that indicates whether the Extended Session Security
// should be used. (default true)
NoESS bool `json:"no_ess"`
} `json:"auth_ntlm_config"`
} `json:"auth"`
// The verification trailer configuration.
Verify struct {
// The flag that indicates whether the to include presentation
// verification command.
Presentation bool `json:"presentation"`
// The flag that indicates whether the to include header2
// verification command.
Header2 bool `json:"header2"`
// The flag that indicates whether the to include bit mask
// verification command.
BitMask bool `json:"bitmask"`
} `json:"verify"`
// The SMB2 configuration.
SMB struct {
// The port to connect to. (default is 445)
Port int `json:"port"`
// The flag that indicates whether the message should be signed.
Sign bool `json:"sign"`
// The flag that indicates whether the message should be encrypted.
Seal bool `json:"seal"`
// The SMB2/3 dialect to use.
Dialect string `json:"dialect"`
} `json:"smb"`
// The Endpoint Mapper configuration.
EPM struct {
// The flag that indicates whether the EPM should be enabled.
Enabled bool `json:"enabled"`
// The auth level to use. (none, connect, call, pkt, integrity, privacy)
// By default auth level is inherited from the Auth.Level.
AuthLevel string `json:"auth_level"`
} `json:"epm"`
// The protocol to use. (ncacn_np or smb, ncacn_ip_tcp or tcp)
Protocol string `json:"protocol"`
// contains filtered or unexported fields
}
Config struct represents the MSRPC configuration.
func (*Config) ClientOptions ¶
ClientOptions function returns the set of client options.
func (*Config) Credentials ¶
func (cfg *Config) Credentials() []credential.Credential
Credentials function returns the set of credentials. If GlobalCredentials is true, then credentials are not included into connection options. You should manually call dcerpc.WithCredentials or gssapi.AddCredential function to add credentials into global security context.
func (*Config) DialOptions ¶
DialOptions function returns the set of connection options.
func (*Config) DisableEPM ¶
DisableEPM function disables the Endpoint Mapper.
func (*Config) EPMOptions ¶
epmOptions ...
func (*Config) GenKRB5Config ¶
func (cfg *Config) GenKRB5Config() (*krb5_config.Config, error)
func (*Config) MachineAccountCredentials ¶
func (cfg *Config) MachineAccountCredentials() []credential.Credential
MachineAccountCredentials function returns the set of machine account credentials.
func (*Config) Mechanisms ¶
func (cfg *Config) Mechanisms() []gssapi.MechanismFactory
Mechanisms function returns the set of mechanisms. If GlobalCredentials is true, then mechanisms are not included into connection options. You should manually call gssapi.AddMechanism function to add mechanisms into global security context.
func (*Config) ParseServerAddr ¶
func (*Config) SMBDialerOptions ¶
func (cfg *Config) SMBDialerOptions() []smb2.DialerOption
SMBDialerOptions function returns the set of SMB dialer options.
func (*Config) ServerAddr ¶
ServerAddr returns the server address (with optional binding).
func (*Config) UseGlobalCredentials ¶
UseGlobalCredentials function sets the flag that indicates whether credentials and mechanisms should be included into connection options. If GlobalCredentials is true, then credentials and mechanisms are not included into connection options. If GlobalCredentials is false, then credentials and mechanisms are included into connection options and credentials and mechanisms should be exported in code.
func (*Config) UseMachineAccount ¶
UseMachineAccount function sets the flag that indicates whether machine account credentials only should be used.
func (*Config) UseNetlogonSSP ¶
UseNetlogonSSP function sets the flag that indicates whether Netlogon SSP should be used.
type StringSlice ¶
type StringSlice []string
func (*StringSlice) Set ¶
func (s *StringSlice) Set(value string) error
func (*StringSlice) String ¶
func (s *StringSlice) String() string
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.