package gssapi
Import Path
github.com/jcmturner/gokrb5/v8/gssapi (on go.dev)
Dependency Relation
imports 11 packages, and imported by one package
Involved Source Files
MICToken.go
contextFlags.go
Package gssapi implements Generic Security Services Application Program Interface required for SPNEGO kerberos authentication.
wrapToken.go
Package-Level Type Names (total 7)
ContextFlags flags for GSSAPI
DEPRECATED - do not use
// length in bits.
// bits packed into bytes.
func NewContextFlags() ContextFlags
ContextToken is an interface for a GSS-API context token.
( ContextToken) Context() context.Context
( ContextToken) Marshal() ([]byte, error)
( ContextToken) Unmarshal(b []byte) error
( ContextToken) Verify() (bool, Status)
*github.com/jcmturner/gokrb5/v8/spnego.KRB5Token
*github.com/jcmturner/gokrb5/v8/spnego.NegTokenInit
*github.com/jcmturner/gokrb5/v8/spnego.NegTokenResp
*github.com/jcmturner/gokrb5/v8/spnego.SPNEGOToken
func Mechanism.InitSecContext() (ContextToken, error)
func github.com/jcmturner/gokrb5/v8/spnego.(*SPNEGO).InitSecContext() (ContextToken, error)
func Mechanism.AcceptSecContext(ct ContextToken) (bool, context.Context, Status)
func github.com/jcmturner/gokrb5/v8/spnego.(*SPNEGO).AcceptSecContext(ct ContextToken) (bool, context.Context, Status)
Mechanism is the GSS-API interface for authentication mechanisms.
// service verifies the token server side to establish a context
// acquire credentials for use (eg. AS exchange for KRB5)
// initiate outbound security context (eg TGS exchange builds AP_REQ to go into ContextToken to send to service)
// apply integrity check, receive as token separate from message
( Mechanism) OID() asn1.ObjectIdentifier
// decapsulate, decrypt if needed, validate integrity check
// validate integrity check token along with message
// sign, optionally encrypt, encapsulate
MICToken represents a GSS API MIC token, as defined in RFC 4121.
It contains the header fields, the payload (this is not transmitted) and
the checksum, and provides the logic for converting to/from bytes plus
computing and verifying checksums
// checksum of { payload | header }
const GSS Token ID: 0x0404
// contains three flags: acceptor, sealed, acceptor subkey
// your data! :)
const Filler: 0xFF 0xFF 0xFF 0xFF 0xFF
// sender's sequence number. big-endian
Marshal the MICToken into a byte slice.
The payload should have been set and the checksum computed, otherwise an error is returned.
SetChecksum uses the passed encryption key and key usage to compute the checksum over the payload and
the header, and sets the Checksum field of this MICToken.
If the payload has not been set or the checksum has already been set, an error is returned.
Unmarshal bytes into the corresponding MICToken.
If expectFromAcceptor is true we expect the token to have been emitted by the gss acceptor,
and will check the according flag, returning an error if the token does not match the expectation.
Verify computes the token's checksum with the provided key and usage,
and compares it to the checksum present in the token.
In case of any failure, (false, err) is returned, with err an explanatory error.
func NewInitiatorMICToken(payload []byte, key types.EncryptionKey) (*MICToken, error)
func Mechanism.MIC() MICToken
func Mechanism.VerifyMIC(mt MICToken) (bool, error)
OIDName is the type for defined GSS-API OIDs.
OID returns the OID for the provided OID name.
const OIDGSSIAKerb
const OIDKRB5
const OIDMSLegacyKRB5
const OIDSPNEGO
Status is the GSS-API status and implements the error interface.
Code int
Message string
Error returns the Status description.
Status : error
func ContextToken.Verify() (bool, Status)
func Mechanism.AcceptSecContext(ct ContextToken) (bool, context.Context, Status)
func github.com/jcmturner/gokrb5/v8/spnego.(*KRB5Token).Verify() (bool, Status)
func github.com/jcmturner/gokrb5/v8/spnego.(*NegTokenInit).Verify() (bool, Status)
func github.com/jcmturner/gokrb5/v8/spnego.(*NegTokenResp).Verify() (bool, Status)
func github.com/jcmturner/gokrb5/v8/spnego.(*SPNEGO).AcceptSecContext(ct ContextToken) (bool, context.Context, Status)
func github.com/jcmturner/gokrb5/v8/spnego.(*SPNEGOToken).Verify() (bool, Status)
WrapToken represents a GSS API Wrap token, as defined in RFC 4121.
It contains the header fields, the payload and the checksum, and provides
the logic for converting to/from bytes plus computing and verifying checksums
// authenticated checksum of { payload | header }
const Filler: 0xFF
// checksum length. big-endian
const GSS Token ID: 0x0504
// contains three flags: acceptor, sealed, acceptor subkey
// your data! :)
// right rotation count. big-endian
// sender's sequence number. big-endian
Marshal the WrapToken into a byte slice.
The payload should have been set and the checksum computed, otherwise an error is returned.
SetCheckSum uses the passed encryption key and key usage to compute the checksum over the payload and
the header, and sets the CheckSum field of this WrapToken.
If the payload has not been set or the checksum has already been set, an error is returned.
Unmarshal bytes into the corresponding WrapToken.
If expectFromAcceptor is true, we expect the token to have been emitted by the gss acceptor,
and will check the according flag, returning an error if the token does not match the expectation.
Verify computes the token's checksum with the provided key and usage,
and compares it to the checksum present in the token.
In case of any failure, (false, Err) is returned, with Err an explanatory error.
func NewInitiatorWrapToken(payload []byte, key types.EncryptionKey) (*WrapToken, error)
func Mechanism.Wrap(msg []byte) WrapToken
func Mechanism.Unwrap(wt WrapToken) []byte
Package-Level Functions (total 3)
NewContextFlags creates a new ContextFlags instance
DEPRECATED - do not use
NewInitiatorMICToken builds a new initiator token (acceptor flag will be set to 0) and computes the authenticated checksum.
Other flags are set to 0.
Note that in certain circumstances you may need to provide a sequence number that has been defined earlier.
This is currently not supported.
NewInitiatorWrapToken builds a new initiator token (acceptor flag will be set to 0) and computes the authenticated checksum.
Other flags are set to 0, and the RRC and sequence number are initialized to 0.
Note that in certain circumstances you may need to provide a sequence number that has been defined earlier.
This is currently not supported.
Package-Level Constants (total 41)
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
FillerByte is a filler in the WrapToken structure
HdrLen is the length of the Wrap Token's header
MICTokenFlagAcceptorSubkey - a subkey asserted by the context acceptor is used to protect the message
MICTokenFlagSealed - this flag indicates confidentiality is provided for. It SHALL NOT be set in MIC tokens
MICTokenFlagSentByAcceptor - this flag indicates the sender is the context acceptor. When not set, it indicates the sender is the context initiator
GSS-API OID names
GSS-API OID names
GSS-API OID names
GSS-API OID names
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
GSS-API status values
 |
The pages are generated with Golds v0.6.7. (GOOS=linux GOARCH=amd64) Golds is a Go 101 project developed by Tapir Liu. PR and bug reports are welcome and can be submitted to the issue list. Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds. |