credentials

package
v8.4.5-secman.1.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 2, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package credentials provides credentials management for Kerberos 5 authentication.

Index

Constants

View Source
const (
	// AttributeKeyADCredentials assigned number for AD credentials.
	AttributeKeyADCredentials = "gokrb5AttributeKeyADCredentials"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type ADCredentials

type ADCredentials struct {
	EffectiveName       string
	FullName            string
	UserID              int
	PrimaryGroupID      int
	LogOnTime           time.Time
	LogOffTime          time.Time
	PasswordLastSet     time.Time
	GroupMembershipSIDs []string
	LogonDomainName     string
	LogonDomainID       string
	LogonServer         string
}

ADCredentials contains information obtained from the PAC.

type CCache

type CCache struct {
	Version          uint8
	Header           header
	DefaultPrincipal principal
	Credentials      []*Credential
	Path             string
}

CCache is the file credentials cache as define here: https://web.mit.edu/kerberos/krb5-latest/doc/formats/ccache_file_format.html

func LoadCCache

func LoadCCache(cpath string) (*CCache, error)

LoadCCache loads a credential cache file into a CCache type.

func (*CCache) Contains

func (c *CCache) Contains(p types.PrincipalName) bool

Contains tests if the cache contains a credential for the provided server PrincipalName

func (*CCache) GetClientCredentials

func (c *CCache) GetClientCredentials() *Credentials

GetClientCredentials returns a Credentials object representing the client of the credentials cache.

func (*CCache) GetClientPrincipalName

func (c *CCache) GetClientPrincipalName() types.PrincipalName

GetClientPrincipalName returns a PrincipalName type for the client the credentials cache is for.

func (*CCache) GetClientRealm

func (c *CCache) GetClientRealm() string

GetClientRealm returns the reals of the client the credentials cache is for.

func (*CCache) GetEntries

func (c *CCache) GetEntries() []*Credential

GetEntries filters out configuration entries an returns a slice of credentials.

func (*CCache) GetEntry

func (c *CCache) GetEntry(p types.PrincipalName) (*Credential, bool)

GetEntry returns a specific credential for the PrincipalName provided.

func (*CCache) Unmarshal

func (c *CCache) Unmarshal(b []byte) error

Unmarshal a byte slice of credential cache data into CCache type.

type Credential

type Credential struct {
	Client       principal
	Server       principal
	Key          types.EncryptionKey
	AuthTime     time.Time
	StartTime    time.Time
	EndTime      time.Time
	RenewTill    time.Time
	IsSKey       bool
	TicketFlags  asn1.BitString
	Addresses    []types.HostAddress
	AuthData     []types.AuthorizationDataEntry
	Ticket       []byte
	SecondTicket []byte
}

Credential holds a Kerberos client's ccache credential information.

type Credentials

type Credentials struct {
	// contains filtered or unexported fields
}

Credentials struct for a user. Contains either a keytab, password or both. Keytabs are used over passwords if both are defined.

func New

func New(username string, realm string) *Credentials

New creates a new Credentials instance.

func NewFromPrincipalName

func NewFromPrincipalName(cname types.PrincipalName, realm string) *Credentials

NewFromPrincipalName creates a new Credentials instance with the user details provides as a PrincipalName type.

func (*Credentials) AddAuthzAttribute

func (c *Credentials) AddAuthzAttribute(a string)

AddAuthzAttribute adds an authorization attribute to the credential.

func (*Credentials) Attributes

func (c *Credentials) Attributes() map[string]interface{}

Attributes returns the Credentials' attributes map.

func (*Credentials) AuthTime

func (c *Credentials) AuthTime() time.Time

AuthTime returns the time the credential was authenticated.

func (*Credentials) Authenticated

func (c *Credentials) Authenticated() bool

Authenticated indicates if the credential has been successfully authenticated or not.

func (*Credentials) Authorized

func (c *Credentials) Authorized(a string) bool

Authorized indicates if the credential has the specified authorizing attribute.

func (*Credentials) AuthzAttributes

func (c *Credentials) AuthzAttributes() []string

AuthzAttributes returns the credentials authorizing attributes.

func (*Credentials) CName

func (c *Credentials) CName() types.PrincipalName

CName returns the credential's client principal name.

func (*Credentials) DisableAuthzAttribute

func (c *Credentials) DisableAuthzAttribute(a string)

DisableAuthzAttribute toggles an authorization attribute to a disabled state on the credential.

func (*Credentials) DisplayName

func (c *Credentials) DisplayName() string

DisplayName returns the credential's display name.

func (*Credentials) Domain

func (c *Credentials) Domain() string

Domain returns the credential's domain.

func (*Credentials) EnableAuthzAttribute

func (c *Credentials) EnableAuthzAttribute(a string)

EnableAuthzAttribute toggles an authorization attribute to an enabled state on the credential.

func (*Credentials) Expired

func (c *Credentials) Expired() bool

Expired indicates if the credential has expired.

func (*Credentials) GetADCredentials

func (c *Credentials) GetADCredentials() ADCredentials

GetADCredentials returns ADCredentials attributes sorted in the credential

func (*Credentials) HasKeytab

func (c *Credentials) HasKeytab() bool

HasKeytab queries if the Credentials has a keytab defined.

func (*Credentials) HasPassword

func (c *Credentials) HasPassword() bool

HasPassword queries if the Credentials has a password defined.

func (*Credentials) Human

func (c *Credentials) Human() bool

Human returns if the credential represents a human or not.

func (*Credentials) JSON

func (c *Credentials) JSON() (string, error)

JSON return details of the Credentials in a JSON format.

func (*Credentials) Keytab

func (c *Credentials) Keytab() *keytab.Keytab

Keytab returns the credential's Keytab.

func (*Credentials) Marshal

func (c *Credentials) Marshal() ([]byte, error)

Marshal the Credentials into a byte slice

func (*Credentials) Password

func (c *Credentials) Password() string

Password returns the credential's password.

func (*Credentials) Realm

func (c *Credentials) Realm() string

Realm returns the credential's realm. Same as the domain.

func (*Credentials) RemoveAttribute

func (c *Credentials) RemoveAttribute(k string)

RemoveAttribute deletes an attribute from the attribute map that has the key provided.

func (*Credentials) RemoveAuthzAttribute

func (c *Credentials) RemoveAuthzAttribute(a string)

RemoveAuthzAttribute removes an authorization attribute from the credential.

func (*Credentials) SessionID

func (c *Credentials) SessionID() string

SessionID returns the credential's session ID.

func (*Credentials) SetADCredentials

func (c *Credentials) SetADCredentials(a ADCredentials)

SetADCredentials adds ADCredentials attributes to the credentials

func (*Credentials) SetAttribute

func (c *Credentials) SetAttribute(k string, v interface{})

SetAttribute sets the value of an attribute.

func (*Credentials) SetAttributes

func (c *Credentials) SetAttributes(a map[string]interface{})

SetAttributes replaces the attributes map with the one provided.

func (*Credentials) SetAuthTime

func (c *Credentials) SetAuthTime(t time.Time)

SetAuthTime sets the time the credential was authenticated.

func (*Credentials) SetAuthenticated

func (c *Credentials) SetAuthenticated(b bool)

SetAuthenticated sets the credential as having been successfully authenticated.

func (*Credentials) SetCName

func (c *Credentials) SetCName(pn types.PrincipalName)

SetCName sets the client principal name on the credential.

func (*Credentials) SetDisplayName

func (c *Credentials) SetDisplayName(s string)

SetDisplayName sets the display name value on the credential.

func (*Credentials) SetDomain

func (c *Credentials) SetDomain(s string)

SetDomain sets the domain value on the credential.

func (*Credentials) SetHuman

func (c *Credentials) SetHuman(b bool)

SetHuman sets the credential as human.

func (*Credentials) SetRealm

func (c *Credentials) SetRealm(s string)

SetRealm sets the realm value on the credential. Same as the domain

func (*Credentials) SetUserName

func (c *Credentials) SetUserName(s string)

SetUserName sets the username value on the credential.

func (*Credentials) SetValidUntil

func (c *Credentials) SetValidUntil(t time.Time)

SetValidUntil sets the expiry time of the credentials

func (*Credentials) Unmarshal

func (c *Credentials) Unmarshal(b []byte) error

Unmarshal a byte slice into Credentials

func (*Credentials) UserName

func (c *Credentials) UserName() string

UserName returns the credential's username.

func (*Credentials) ValidUntil

func (c *Credentials) ValidUntil() time.Time

ValidUntil returns the credential's valid until date

func (*Credentials) WithKeytab

func (c *Credentials) WithKeytab(kt *keytab.Keytab) *Credentials

WithKeytab sets the Keytab in the Credentials struct.

func (*Credentials) WithPassword

func (c *Credentials) WithPassword(password string) *Credentials

WithPassword sets the password in the Credentials struct.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL