package spnego
Import Path
github.com/jcmturner/gokrb5/v8/spnego (on go.dev)
Dependency Relation
imports 27 packages, and imported by one package
Involved Source Files
http.go
krb5Token.go
negotiationToken.go
Package spnego implements the Simple and Protected GSSAPI Negotiation Mechanism for Kerberos authentication.
Package-Level Type Names (total 8)
Client will negotiate authentication with a server using SPNEGO.
Client *http.Client
CheckRedirect specifies the policy for handling redirects.
If CheckRedirect is not nil, the client calls it before
following an HTTP redirect. The arguments req and via are
the upcoming request and the requests made already, oldest
first. If CheckRedirect returns an error, the Client's Get
method returns both the previous Response (with its Body
closed) and CheckRedirect's error (wrapped in a url.Error)
instead of issuing the Request req.
As a special case, if CheckRedirect returns ErrUseLastResponse,
then the most recent response is returned with its body
unclosed, along with a nil error.
If CheckRedirect is nil, the Client uses its default policy,
which is to stop after 10 consecutive requests.
Jar specifies the cookie jar.
The Jar is used to insert relevant cookies into every
outbound Request and is updated with the cookie values
of every inbound Response. The Jar is consulted for every
redirect that the Client follows.
If Jar is nil, cookies are only sent if they are explicitly
set on the Request.
Timeout specifies a time limit for requests made by this
Client. The timeout includes connection time, any
redirects, and reading the response body. The timer remains
running after Get, Head, Post, or Do return and will
interrupt reading of the Response.Body.
A Timeout of zero means no timeout.
The Client cancels requests to the underlying Transport
as if the Request's Context ended.
For compatibility, the Client will also use the deprecated
CancelRequest method on Transport if found. New
RoundTripper implementations should use the Request's Context
for cancellation instead of implementing CancelRequest.
Transport specifies the mechanism by which individual
HTTP requests are made.
If nil, DefaultTransport is used.
CloseIdleConnections closes any connections on its Transport which
were previously connected from previous requests but are now
sitting idle in a "keep-alive" state. It does not interrupt any
connections currently in use.
If the Client's Transport does not have a CloseIdleConnections method
then this method does nothing.
Do is the SPNEGO enabled HTTP client's equivalent of the http.Client's Do method.
Get is the SPNEGO enabled HTTP client's equivalent of the http.Client's Get method.
Head is the SPNEGO enabled HTTP client's equivalent of the http.Client's Head method.
Post is the SPNEGO enabled HTTP client's equivalent of the http.Client's Post method.
PostForm is the SPNEGO enabled HTTP client's equivalent of the http.Client's PostForm method.
func NewClient(krb5Cl *client.Client, httpCl *http.Client, spn string) *Client
KRB5Token context token implementation for GSSAPI.
APRep messages.APRep
APReq messages.APReq
KRBError messages.KRBError
OID asn1.ObjectIdentifier
Context returns the KRB5 token's context which will contain any verify user identity information.
IsAPRep tests if the MechToken contains an AP_REP.
IsAPReq tests if the MechToken contains an AP_REQ.
IsKRBError tests if the MechToken contains an KRB_ERROR.
Marshal a KRB5Token into a slice of bytes.
Unmarshal a KRB5Token.
Verify a KRB5Token.
*KRB5Token : github.com/jcmturner/gokrb5/v8/gssapi.ContextToken
func NewKRB5TokenAPREQ(cl *client.Client, tkt messages.Ticket, sessionKey types.EncryptionKey, GSSAPIFlags []int, APOptions []int) (KRB5Token, error)
NegState is a type to indicate the SPNEGO negotiation state.
func (*NegTokenResp).State() NegState
const NegStateAcceptCompleted
const NegStateAcceptIncomplete
const NegStateReject
const NegStateRequestMIC
NegTokenInit implements Negotiation Token of type Init.
MechListMIC []byte
MechTokenBytes []byte
MechTypes []asn1.ObjectIdentifier
ReqFlags asn1.BitString
Context returns the SPNEGO context which will contain any verify user identity information.
Marshal an Init negotiation token
Unmarshal an Init negotiation token
Verify an Init negotiation token
*NegTokenInit : github.com/jcmturner/gokrb5/v8/gssapi.ContextToken
func NewNegTokenInitKRB5(cl *client.Client, tkt messages.Ticket, sessionKey types.EncryptionKey) (NegTokenInit, error)
NegTokenResp implements Negotiation Token of type Resp/Targ
MechListMIC []byte
NegState asn1.Enumerated
ResponseToken []byte
SupportedMech asn1.ObjectIdentifier
Context returns the SPNEGO context which will contain any verify user identity information.
Marshal a Resp/Targ negotiation token
State returns the negotiation state of the negotiation response.
Unmarshal a Resp/Targ negotiation token
Verify a Resp/Targ negotiation token
*NegTokenResp : github.com/jcmturner/gokrb5/v8/gssapi.ContextToken
NegTokenTarg implements Negotiation Token of type Resp/Targ
MechListMIC []byte
NegState asn1.Enumerated
ResponseToken []byte
SupportedMech asn1.ObjectIdentifier
SPNEGO implements the GSS-API mechanism for RFC 4178
AcceptSecContext is the GSS-API method for the service to verify the context token provided by the client and
establish a context.
AcquireCred is the GSS-API method to acquire a client credential via Kerberos for SPNEGO.
InitSecContext is the GSS-API method for the client to a generate a context token to the service via Kerberos.
Log will write to the service's logger if it is configured.
OID returns the GSS-API assigned OID for SPNEGO.
func SPNEGOClient(cl *client.Client, spn string) *SPNEGO
func SPNEGOService(kt *keytab.Keytab, options ...func(*service.Settings)) *SPNEGO
SPNEGOToken is a GSS-API context token
Init bool
NegTokenInit NegTokenInit
NegTokenResp NegTokenResp
Resp bool
Context returns the SPNEGO context which will contain any verify user identity information.
Marshal SPNEGO context token
Unmarshal SPNEGO context token
Verify the SPNEGOToken
*SPNEGOToken : github.com/jcmturner/gokrb5/v8/gssapi.ContextToken
Package-Level Functions (total 8)
NewClient returns a SPNEGO enabled HTTP client.
Be careful when passing in the *http.Client if it is beginning reused in multiple calls to this function.
Ensure reuse of the provided *http.Client is for the same user as a session cookie may have been added to
http.Client's cookie jar.
Incorrect reuse of the provided *http.Client could lead to access to the wrong user's session.
NewKRB5TokenAPREQ creates a new KRB5 token with AP_REQ
NewNegTokenInitKRB5 creates new Init negotiation token for Kerberos 5
SetSPNEGOHeader gets the service ticket and sets it as the SPNEGO authorization header on HTTP request object.
To auto generate the SPN from the request object pass a null string "".
SPNEGOClient configures the SPNEGO mechanism suitable for client side use.
SPNEGOKRB5Authenticate is a Kerberos SPNEGO authentication HTTP handler wrapper.
SPNEGOService configures the SPNEGO mechanism suitable for service side use.
UnmarshalNegToken umarshals and returns either a NegTokenInit or a NegTokenResp.
The boolean indicates if the response is a NegTokenInit.
If error is nil and the boolean is false the response is a NegTokenResp.
Package-Level Constants (total 11)
HTTPHeaderAuthRequest is the header that will hold authn/z information.
HTTPHeaderAuthResponse is the header that will hold SPNEGO data from the server.
HTTPHeaderAuthResponseValueKey is the key in the auth header for SPNEGO.
Negotiation state values.
Negotiation state values.
Negotiation state values.
Negotiation state values.
GSSAPI KRB5 MechToken IDs.
GSSAPI KRB5 MechToken IDs.
GSSAPI KRB5 MechToken IDs.
 |
The pages are generated with Golds v0.6.7. (GOOS=linux GOARCH=amd64) Golds is a Go 101 project developed by Tapir Liu. PR and bug reports are welcome and can be submitted to the issue list. Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds. |