package messages
import "github.com/jcmturner/gokrb5/v8/messages"
Package messages implements Kerberos 5 message types and methods.
Index ¶
- func MarshalTicketSequence(tkts []Ticket) (asn1.RawValue, error)
- type APRep
- type APReq
- func NewAPReq(tkt Ticket, sessionKey types.EncryptionKey, auth types.Authenticator) (APReq, error)
- func (a *APReq) DecryptAuthenticator(sessionKey types.EncryptionKey) error
- func (a *APReq) Marshal() ([]byte, error)
- func (a *APReq) Unmarshal(b []byte) error
- func (a *APReq) Verify(kt *keytab.Keytab, d time.Duration, cAddr types.HostAddress, snameOverride *types.PrincipalName) (bool, error)
- type ASRep
- func (k *ASRep) DecryptEncPart(c *credentials.Credentials) (types.EncryptionKey, error)
- func (k *ASRep) Marshal() ([]byte, error)
- func (k *ASRep) Unmarshal(b []byte) error
- func (k *ASRep) Verify(cfg *config.Config, creds *credentials.Credentials, asReq ASReq) (bool, error)
- type ASReq
- func NewASReq(realm string, c *config.Config, cname, sname types.PrincipalName) (ASReq, error)
- func NewASReqForChgPasswd(realm string, c *config.Config, cname types.PrincipalName) (ASReq, error)
- func NewASReqForTGT(realm string, c *config.Config, cname types.PrincipalName) (ASReq, error)
- func (k *ASReq) Marshal() ([]byte, error)
- func (k *ASReq) Unmarshal(b []byte) error
- type EncAPRepPart
- type EncKDCRepPart
- type EncKrbCredPart
- type EncKrbPrivPart
- type EncTicketPart
- type KDCRepFields
- type KDCReqBody
- type KDCReqFields
- type KRBCred
- func (k *KRBCred) DecryptEncPart(key types.EncryptionKey) error
- func (k *KRBCred) Unmarshal(b []byte) error
- type KRBError
- func NewKRBError(sname types.PrincipalName, realm string, code int32, etext string) KRBError
- func (k KRBError) Error() string
- func (k *KRBError) Marshal() ([]byte, error)
- func (k *KRBError) Unmarshal(b []byte) error
- type KRBPriv
- func NewKRBPriv(part EncKrbPrivPart) KRBPriv
- func (k *KRBPriv) DecryptEncPart(key types.EncryptionKey) error
- func (k *KRBPriv) EncryptEncPart(key types.EncryptionKey) error
- func (k *KRBPriv) Marshal() ([]byte, error)
- func (k *KRBPriv) Unmarshal(b []byte) error
- type KRBSafe
- type KRBSafeBody
- type KrbCredInfo
- type LastReq
- type TGSRep
- func (k *TGSRep) DecryptEncPart(key types.EncryptionKey) error
- func (k *TGSRep) Marshal() ([]byte, error)
- func (k *TGSRep) Unmarshal(b []byte) error
- func (k *TGSRep) Verify(cfg *config.Config, tgsReq TGSReq) (bool, error)
- type TGSReq
- func NewTGSReq(cname types.PrincipalName, kdcRealm string, c *config.Config, tgt Ticket, sessionKey types.EncryptionKey, sname types.PrincipalName, renewal bool) (TGSReq, error)
- func NewUser2UserTGSReq(cname types.PrincipalName, kdcRealm string, c *config.Config, clientTGT Ticket, sessionKey types.EncryptionKey, sname types.PrincipalName, renewal bool, verifyingTGT Ticket) (TGSReq, error)
- func (k *TGSReq) Marshal() ([]byte, error)
- func (k *TGSReq) Unmarshal(b []byte) error
- type Ticket
- func NewTicket(cname types.PrincipalName, crealm string, sname types.PrincipalName, srealm string, flags asn1.BitString, sktab *keytab.Keytab, eTypeID int32, kvno int, authTime, startTime, endTime, renewTill time.Time) (Ticket, types.EncryptionKey, error)
- func (t *Ticket) Decrypt(key types.EncryptionKey) error
- func (t *Ticket) DecryptEncPart(keytab *keytab.Keytab, sname *types.PrincipalName) error
- func (t *Ticket) GetPACType(keytab *keytab.Keytab, sname *types.PrincipalName, l *log.Logger) (bool, pac.PACType, error)
- func (t *Ticket) Marshal() ([]byte, error)
- func (t *Ticket) Unmarshal(b []byte) error
- func (t *Ticket) Valid(d time.Duration) (bool, error)
- type TransitedEncoding
Functions ¶
func MarshalTicketSequence ¶
MarshalTicketSequence marshals a slice of Tickets returning an ASN1 raw value containing the ticket sequence.
Types ¶
type APRep ¶
type APRep struct {
PVNO int `asn1:"explicit,tag:0"`
MsgType int `asn1:"explicit,tag:1"`
EncPart types.EncryptedData `asn1:"explicit,tag:2"`
}
APRep implements RFC 4120 KRB_AP_REP: https://tools.ietf.org/html/rfc4120#section-5.5.2.
func (*APRep) Unmarshal ¶
Unmarshal bytes b into the APRep struct.
type APReq ¶
type APReq struct {
PVNO int `asn1:"explicit,tag:0"`
MsgType int `asn1:"explicit,tag:1"`
APOptions asn1.BitString `asn1:"explicit,tag:2"`
Ticket Ticket `asn1:"explicit,tag:3"`
EncryptedAuthenticator types.EncryptedData `asn1:"explicit,tag:4"`
Authenticator types.Authenticator `asn1:"optional"`
}
APReq implements RFC 4120 KRB_AP_REQ: https://tools.ietf.org/html/rfc4120#section-5.5.1.
func NewAPReq ¶
func NewAPReq(tkt Ticket, sessionKey types.EncryptionKey, auth types.Authenticator) (APReq, error)
NewAPReq generates a new KRB_AP_REQ struct.
func (*APReq) DecryptAuthenticator ¶
func (a *APReq) DecryptAuthenticator(sessionKey types.EncryptionKey) error
DecryptAuthenticator decrypts the Authenticator within the AP_REQ. sessionKey may simply be the key within the decrypted EncPart of the ticket within the AP_REQ.
func (*APReq) Marshal ¶
Marshal APReq struct.
func (*APReq) Unmarshal ¶
Unmarshal bytes b into the APReq struct.
func (*APReq) Verify ¶
func (a *APReq) Verify(kt *keytab.Keytab, d time.Duration, cAddr types.HostAddress, snameOverride *types.PrincipalName) (bool, error)
Verify an AP_REQ using service's keytab, spn and max acceptable clock skew duration. The service ticket encrypted part and authenticator will be decrypted as part of this operation.
type ASRep ¶
type ASRep struct {
KDCRepFields
}
ASRep implements RFC 4120 KRB_AS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
func (*ASRep) DecryptEncPart ¶
func (k *ASRep) DecryptEncPart(c *credentials.Credentials) (types.EncryptionKey, error)
DecryptEncPart decrypts the encrypted part of an AS_REP.
func (*ASRep) Marshal ¶
Marshal ASRep struct.
func (*ASRep) Unmarshal ¶
Unmarshal bytes b into the ASRep struct.
func (*ASRep) Verify ¶
func (k *ASRep) Verify(cfg *config.Config, creds *credentials.Credentials, asReq ASReq) (bool, error)
Verify checks the validity of AS_REP message.
type ASReq ¶
type ASReq struct {
KDCReqFields
}
ASReq implements RFC 4120 KRB_AS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
func NewASReq ¶
NewASReq generates a new KRB_AS_REQ struct for a given SNAME.
func NewASReqForChgPasswd ¶
NewASReqForChgPasswd generates a new KRB_AS_REQ struct for a change password request.
func NewASReqForTGT ¶
NewASReqForTGT generates a new KRB_AS_REQ struct for a TGT request.
func (*ASReq) Marshal ¶
Marshal ASReq struct.
func (*ASReq) Unmarshal ¶
Unmarshal bytes b into the ASReq struct.
type EncAPRepPart ¶
type EncAPRepPart struct {
CTime time.Time `asn1:"generalized,explicit,tag:0"`
Cusec int `asn1:"explicit,tag:1"`
Subkey types.EncryptionKey `asn1:"optional,explicit,tag:2"`
SequenceNumber int64 `asn1:"optional,explicit,tag:3"`
}
EncAPRepPart is the encrypted part of KRB_AP_REP.
func (*EncAPRepPart) Unmarshal ¶
func (a *EncAPRepPart) Unmarshal(b []byte) error
Unmarshal bytes b into the APRep encrypted part struct.
type EncKDCRepPart ¶
type EncKDCRepPart struct {
Key types.EncryptionKey `asn1:"explicit,tag:0"`
LastReqs []LastReq `asn1:"explicit,tag:1"`
Nonce int `asn1:"explicit,tag:2"`
KeyExpiration time.Time `asn1:"generalized,explicit,optional,tag:3"`
Flags asn1.BitString `asn1:"explicit,tag:4"`
AuthTime time.Time `asn1:"generalized,explicit,tag:5"`
StartTime time.Time `asn1:"generalized,explicit,optional,tag:6"`
EndTime time.Time `asn1:"generalized,explicit,tag:7"`
RenewTill time.Time `asn1:"generalized,explicit,optional,tag:8"`
SRealm string `asn1:"generalstring,explicit,tag:9"`
SName types.PrincipalName `asn1:"explicit,tag:10"`
CAddr []types.HostAddress `asn1:"explicit,optional,tag:11"`
EncPAData types.PADataSequence `asn1:"explicit,optional,tag:12"`
}
EncKDCRepPart is the encrypted part of KRB_KDC_REP.
func (*EncKDCRepPart) Marshal ¶
func (e *EncKDCRepPart) Marshal() ([]byte, error)
Marshal encrypted part of KRB_KDC_REP.
func (*EncKDCRepPart) Unmarshal ¶
func (e *EncKDCRepPart) Unmarshal(b []byte) error
Unmarshal bytes b into encrypted part of KRB_KDC_REP.
type EncKrbCredPart ¶
type EncKrbCredPart struct {
TicketInfo []KrbCredInfo `asn1:"explicit,tag:0"`
Nouce int `asn1:"optional,explicit,tag:1"`
Timestamp time.Time `asn1:"generalized,optional,explicit,tag:2"`
Usec int `asn1:"optional,explicit,tag:3"`
SAddress types.HostAddress `asn1:"optional,explicit,tag:4"`
RAddress types.HostAddress `asn1:"optional,explicit,tag:5"`
}
EncKrbCredPart is the encrypted part of KRB_CRED.
func (*EncKrbCredPart) Unmarshal ¶
func (k *EncKrbCredPart) Unmarshal(b []byte) error
Unmarshal bytes b into the encrypted part of KRB_CRED.
type EncKrbPrivPart ¶
type EncKrbPrivPart struct {
UserData []byte `asn1:"explicit,tag:0"`
Timestamp time.Time `asn1:"generalized,optional,explicit,tag:1"`
Usec int `asn1:"optional,explicit,tag:2"`
SequenceNumber int64 `asn1:"optional,explicit,tag:3"`
SAddress types.HostAddress `asn1:"explicit,tag:4"`
RAddress types.HostAddress `asn1:"optional,explicit,tag:5"`
}
EncKrbPrivPart is the encrypted part of KRB_PRIV.
func (*EncKrbPrivPart) Unmarshal ¶
func (k *EncKrbPrivPart) Unmarshal(b []byte) error
Unmarshal bytes b into the EncKrbPrivPart struct.
type EncTicketPart ¶
type EncTicketPart struct {
Flags asn1.BitString `asn1:"explicit,tag:0"`
Key types.EncryptionKey `asn1:"explicit,tag:1"`
CRealm string `asn1:"generalstring,explicit,tag:2"`
CName types.PrincipalName `asn1:"explicit,tag:3"`
Transited TransitedEncoding `asn1:"explicit,tag:4"`
AuthTime time.Time `asn1:"generalized,explicit,tag:5"`
StartTime time.Time `asn1:"generalized,explicit,optional,tag:6"`
EndTime time.Time `asn1:"generalized,explicit,tag:7"`
RenewTill time.Time `asn1:"generalized,explicit,optional,tag:8"`
CAddr types.HostAddresses `asn1:"explicit,optional,tag:9"`
AuthorizationData types.AuthorizationData `asn1:"explicit,optional,tag:10"`
}
EncTicketPart is the encrypted part of the Ticket.
func (*EncTicketPart) Unmarshal ¶
func (t *EncTicketPart) Unmarshal(b []byte) error
Unmarshal bytes b into the EncTicketPart struct.
type KDCRepFields ¶
type KDCRepFields struct {
PVNO int
MsgType int
PAData []types.PAData
CRealm string
CName types.PrincipalName
Ticket Ticket
EncPart types.EncryptedData
DecryptedEncPart EncKDCRepPart
}
KDCRepFields represents the KRB_KDC_REP fields.
type KDCReqBody ¶
type KDCReqBody struct {
KDCOptions asn1.BitString `asn1:"explicit,tag:0"`
CName types.PrincipalName `asn1:"explicit,optional,tag:1"`
Realm string `asn1:"generalstring,explicit,tag:2"`
SName types.PrincipalName `asn1:"explicit,optional,tag:3"`
From time.Time `asn1:"generalized,explicit,optional,tag:4"`
Till time.Time `asn1:"generalized,explicit,tag:5"`
RTime time.Time `asn1:"generalized,explicit,optional,tag:6"`
Nonce int `asn1:"explicit,tag:7"`
EType []int32 `asn1:"explicit,tag:8"`
Addresses []types.HostAddress `asn1:"explicit,optional,tag:9"`
EncAuthData types.EncryptedData `asn1:"explicit,optional,tag:10"`
AdditionalTickets []Ticket `asn1:"explicit,optional,tag:11"`
}
KDCReqBody implements the KRB_KDC_REQ request body.
func (*KDCReqBody) Marshal ¶
func (k *KDCReqBody) Marshal() ([]byte, error)
Marshal KRB_KDC_REQ body struct.
func (*KDCReqBody) Unmarshal ¶
func (k *KDCReqBody) Unmarshal(b []byte) error
Unmarshal bytes b into the KRB_KDC_REQ body struct.
type KDCReqFields ¶
type KDCReqFields struct {
PVNO int
MsgType int
PAData types.PADataSequence
ReqBody KDCReqBody
Renewal bool
}
KDCReqFields represents the KRB_KDC_REQ fields.
type KRBCred ¶
type KRBCred struct {
PVNO int
MsgType int
Tickets []Ticket
EncPart types.EncryptedData
DecryptedEncPart EncKrbCredPart
}
KRBCred implements RFC 4120 KRB_CRED: https://tools.ietf.org/html/rfc4120#section-5.8.1.
func (*KRBCred) DecryptEncPart ¶
func (k *KRBCred) DecryptEncPart(key types.EncryptionKey) error
DecryptEncPart decrypts the encrypted part of a KRB_CRED.
func (*KRBCred) Unmarshal ¶
Unmarshal bytes b into the KRBCred struct.
type KRBError ¶
type KRBError struct {
PVNO int `asn1:"explicit,tag:0"`
MsgType int `asn1:"explicit,tag:1"`
CTime time.Time `asn1:"generalized,optional,explicit,tag:2"`
Cusec int `asn1:"optional,explicit,tag:3"`
STime time.Time `asn1:"generalized,explicit,tag:4"`
Susec int `asn1:"explicit,tag:5"`
ErrorCode int32 `asn1:"explicit,tag:6"`
CRealm string `asn1:"generalstring,optional,explicit,tag:7"`
CName types.PrincipalName `asn1:"optional,explicit,tag:8"`
Realm string `asn1:"generalstring,explicit,tag:9"`
SName types.PrincipalName `asn1:"explicit,tag:10"`
EText string `asn1:"generalstring,optional,explicit,tag:11"`
EData []byte `asn1:"optional,explicit,tag:12"`
}
KRBError implements RFC 4120 KRB_ERROR: https://tools.ietf.org/html/rfc4120#section-5.9.1.
func NewKRBError ¶
NewKRBError creates a new KRBError.
func (KRBError) Error ¶
Error method implementing error interface on KRBError struct.
func (*KRBError) Marshal ¶
Marshal a KRBError into bytes.
func (*KRBError) Unmarshal ¶
Unmarshal bytes b into the KRBError struct.
type KRBPriv ¶
type KRBPriv struct {
PVNO int `asn1:"explicit,tag:0"`
MsgType int `asn1:"explicit,tag:1"`
EncPart types.EncryptedData `asn1:"explicit,tag:3"`
DecryptedEncPart EncKrbPrivPart `asn1:"optional,omitempty"` // Not part of ASN1 bytes so marked as optional so unmarshalling works
}
KRBPriv implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.7.1.
func NewKRBPriv ¶
func NewKRBPriv(part EncKrbPrivPart) KRBPriv
NewKRBPriv returns a new KRBPriv type.
func (*KRBPriv) DecryptEncPart ¶
func (k *KRBPriv) DecryptEncPart(key types.EncryptionKey) error
DecryptEncPart decrypts the encrypted part of the KRBPriv message.
func (*KRBPriv) EncryptEncPart ¶
func (k *KRBPriv) EncryptEncPart(key types.EncryptionKey) error
EncryptEncPart encrypts the DecryptedEncPart within the KRBPriv. Use to prepare for marshaling.
func (*KRBPriv) Marshal ¶
Marshal the KRBPriv.
func (*KRBPriv) Unmarshal ¶
Unmarshal bytes b into the KRBPriv struct.
type KRBSafe ¶
type KRBSafe struct {
PVNO int `asn1:"explicit,tag:0"`
MsgType int `asn1:"explicit,tag:1"`
SafeBody KRBSafeBody `asn1:"explicit,tag:2"`
Cksum types.Checksum `asn1:"explicit,tag:3"`
}
KRBSafe implements RFC 4120 KRB_SAFE: https://tools.ietf.org/html/rfc4120#section-5.6.1.
func (*KRBSafe) Unmarshal ¶
Unmarshal bytes b into the KRBSafe struct.
type KRBSafeBody ¶
type KRBSafeBody struct {
UserData []byte `asn1:"explicit,tag:0"`
Timestamp time.Time `asn1:"generalized,optional,explicit,tag:1"`
Usec int `asn1:"optional,explicit,tag:2"`
SequenceNumber int64 `asn1:"optional,explicit,tag:3"`
SAddress types.HostAddress `asn1:"explicit,tag:4"`
RAddress types.HostAddress `asn1:"optional,explicit,tag:5"`
}
KRBSafeBody implements the KRB_SAFE_BODY of KRB_SAFE.
type KrbCredInfo ¶
type KrbCredInfo struct {
Key types.EncryptionKey `asn1:"explicit,tag:0"`
PRealm string `asn1:"generalstring,optional,explicit,tag:1"`
PName types.PrincipalName `asn1:"optional,explicit,tag:2"`
Flags asn1.BitString `asn1:"optional,explicit,tag:3"`
AuthTime time.Time `asn1:"generalized,optional,explicit,tag:4"`
StartTime time.Time `asn1:"generalized,optional,explicit,tag:5"`
EndTime time.Time `asn1:"generalized,optional,explicit,tag:6"`
RenewTill time.Time `asn1:"generalized,optional,explicit,tag:7"`
SRealm string `asn1:"optional,explicit,ia5,tag:8"`
SName types.PrincipalName `asn1:"optional,explicit,tag:9"`
CAddr types.HostAddresses `asn1:"optional,explicit,tag:10"`
}
KrbCredInfo is the KRB_CRED_INFO part of KRB_CRED.
type LastReq ¶
type LastReq struct {
LRType int32 `asn1:"explicit,tag:0"`
LRValue time.Time `asn1:"generalized,explicit,tag:1"`
}
LastReq part of KRB_KDC_REP.
type TGSRep ¶
type TGSRep struct {
KDCRepFields
}
TGSRep implements RFC 4120 KRB_TGS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
func (*TGSRep) DecryptEncPart ¶
func (k *TGSRep) DecryptEncPart(key types.EncryptionKey) error
DecryptEncPart decrypts the encrypted part of an TGS_REP.
func (*TGSRep) Marshal ¶
Marshal TGSRep struct.
func (*TGSRep) Unmarshal ¶
Unmarshal bytes b into the TGSRep struct.
func (*TGSRep) Verify ¶
Verify checks the validity of the TGS_REP message.
type TGSReq ¶
type TGSReq struct {
KDCReqFields
}
TGSReq implements RFC 4120 KRB_TGS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
func NewTGSReq ¶
func NewTGSReq(cname types.PrincipalName, kdcRealm string, c *config.Config, tgt Ticket, sessionKey types.EncryptionKey, sname types.PrincipalName, renewal bool) (TGSReq, error)
NewTGSReq generates a new KRB_TGS_REQ struct.
func NewUser2UserTGSReq ¶
func NewUser2UserTGSReq(cname types.PrincipalName, kdcRealm string, c *config.Config, clientTGT Ticket, sessionKey types.EncryptionKey, sname types.PrincipalName, renewal bool, verifyingTGT Ticket) (TGSReq, error)
NewUser2UserTGSReq returns a TGS-REQ suitable for user-to-user authentication (https://tools.ietf.org/html/rfc4120#section-3.7)
func (*TGSReq) Marshal ¶
Marshal TGSReq struct.
func (*TGSReq) Unmarshal ¶
Unmarshal bytes b into the TGSReq struct.
type Ticket ¶
type Ticket struct {
TktVNO int `asn1:"explicit,tag:0"`
Realm string `asn1:"generalstring,explicit,tag:1"`
SName types.PrincipalName `asn1:"explicit,tag:2"`
EncPart types.EncryptedData `asn1:"explicit,tag:3"`
DecryptedEncPart EncTicketPart `asn1:"optional"` // Not part of ASN1 bytes so marked as optional so unmarshalling works
}
Ticket implements the Kerberos ticket.
func NewTicket ¶
func NewTicket(cname types.PrincipalName, crealm string, sname types.PrincipalName, srealm string, flags asn1.BitString, sktab *keytab.Keytab, eTypeID int32, kvno int, authTime, startTime, endTime, renewTill time.Time) (Ticket, types.EncryptionKey, error)
NewTicket creates a new Ticket instance.
func (*Ticket) Decrypt ¶
func (t *Ticket) Decrypt(key types.EncryptionKey) error
Decrypt decrypts the encrypted part of the ticket using the key provided.
func (*Ticket) DecryptEncPart ¶
DecryptEncPart decrypts the encrypted part of the ticket. The sname argument can be used to specify which service principal's key should be used to decrypt the ticket. If nil is passed as the sname then the service principal specified within the ticket it used.
func (*Ticket) GetPACType ¶
func (t *Ticket) GetPACType(keytab *keytab.Keytab, sname *types.PrincipalName, l *log.Logger) (bool, pac.PACType, error)
GetPACType returns a Microsoft PAC that has been extracted from the ticket and processed.
func (*Ticket) Marshal ¶
Marshal the Ticket.
func (*Ticket) Unmarshal ¶
Unmarshal bytes b into a Ticket struct.
func (*Ticket) Valid ¶
Valid checks it the ticket is currently valid. Max duration passed endtime passed in as argument.
type TransitedEncoding ¶
type TransitedEncoding struct {
TRType int32 `asn1:"explicit,tag:0"`
Contents []byte `asn1:"explicit,tag:1"`
}
TransitedEncoding part of the ticket's encrypted part.
Source Files ¶
APRep.go APReq.go KDCRep.go KDCReq.go KRBCred.go KRBError.go KRBPriv.go KRBSafe.go Ticket.go
- Version
- v8.4.0
- Published
- Jun 14, 2020
- Platform
- linux/amd64
- Imports
- 24 packages
- Last checked
- 5 hours ago –
Tools for package owners.