package integratedauth

go-mssqldb – github.com/microsoft/go-mssqldb/integratedauth Index | Files | Directories

import "github.com/microsoft/go-mssqldb/integratedauth"

Index ¶

Constants
Variables
func SetIntegratedAuthenticationProvider(providerName string, p Provider) error
type AuthenticatorWithEPA
type ChannelBindings

func GenerateCBTFromServerCert(cert *x509.Certificate) *ChannelBindings
func GenerateCBTFromTLSConnState(state tls.ConnectionState) (*ChannelBindings, error)
func GenerateCBTFromTLSExporter(exporterKey []byte) (*ChannelBindings, error)
func GenerateCBTFromTLSUnique(tlsUnique []byte) (*ChannelBindings, error)
func (cb *ChannelBindings) AsSSPI_SEC_CHANNEL_BINDINGS() *SEC_CHANNEL_BINDINGS
func (cb *ChannelBindings) Md5Hash() []byte
func (cb *ChannelBindings) ToBytes() []byte

type ChannelBindingsType
type IntegratedAuthenticator

func GetIntegratedAuthenticator(config msdsn.Config) (IntegratedAuthenticator, error)

type Provider
type ProviderFunc

func (f ProviderFunc) GetIntegratedAuthenticator(config msdsn.Config) (IntegratedAuthenticator, error)

type SEC_CHANNEL_BINDINGS

func (cb *SEC_CHANNEL_BINDINGS) ToBytes() []byte

Constants ¶

const (
	ChannelBindingsTypeTLSExporter       = 0
	ChannelBindingsTypeTLSUnique         = 1
	ChannelBindingsTypeTLSServerEndPoint = 2
	ChannelBindingsTypeEmpty             = 3
)

const (
	// https://datatracker.ietf.org/doc/rfc9266/
	TLS_EXPORTER_PREFIX     = "tls-exporter:"
	TLS_EXPORTER_EKM_LABEL  = "EXPORTER-Channel-Binding"
	TLS_EXPORTER_EKM_LENGTH = 32
	// https://www.rfc-editor.org/rfc/rfc5801.html#section-5.2
	TLS_UNIQUE_PREFIX           = "tls-unique:"
	TLS_SERVER_END_POINT_PREFIX = "tls-server-end-point:"
)

Variables ¶

var (
	DefaultProviderName string

	ErrProviderCannotBeNil         = errors.New("provider cannot be nil")
	ErrProviderNameMustBePopulated = errors.New("provider name must be populated")
)

var EmptyChannelBindings = &ChannelBindings{
	Type:              ChannelBindingsTypeEmpty,
	InitiatorAddrType: 0,
	InitiatorAddress:  nil,
	AcceptorAddrType:  0,
	AcceptorAddress:   nil,
	ApplicationData:   nil,
}

Functions ¶

func SetIntegratedAuthenticationProvider ¶

func SetIntegratedAuthenticationProvider(providerName string, p Provider) error

SetIntegratedAuthenticationProvider stores a named authentication provider. It should be called before any connections are created.

Types ¶

type AuthenticatorWithEPA ¶

type AuthenticatorWithEPA interface {
	SetChannelBinding(*ChannelBindings)
}

type ChannelBindings ¶

type ChannelBindings struct {
	Type              ChannelBindingsType
	InitiatorAddrType uint32
	InitiatorAddress  []byte
	AcceptorAddrType  uint32
	AcceptorAddress   []byte
	ApplicationData   []byte
}

gss_channel_bindings_struct: https://docs.oracle.com/cd/E19683-01/816-1331/overview-52/index.html gss_buffer_desc: https://docs.oracle.com/cd/E19683-01/816-1331/reference-21/index.html

func GenerateCBTFromServerCert ¶

func GenerateCBTFromServerCert(cert *x509.Certificate) *ChannelBindings

GenerateCBTFromServerCert generates a ChannelBindings struct from a server certificate Calculates the hash of the server certificate as described in 4.2 section of RFC5056. Parameters: - cert: the server certificate Returns: - a ChannelBindings struct

func GenerateCBTFromTLSConnState ¶

func GenerateCBTFromTLSConnState(state tls.ConnectionState) (*ChannelBindings, error)

GenerateCBTFromTLSConnState generates a ChannelBindings struct from a TLS connection state If the TLS version is TLS 1.3, it generates a ChannelBindings struct from the TLS exporter key. If the TLS version is not TLS 1.3, it generates a ChannelBindings struct from the TLS unique value. Parameters: - state: the TLS connection state Returns: - a ChannelBindings struct

func GenerateCBTFromTLSExporter ¶

func GenerateCBTFromTLSExporter(exporterKey []byte) (*ChannelBindings, error)

GenerateCBTFromTLSExporter generates a ChannelBindings struct from a TLS exporter key Parameters: - exporterKey: the TLS exporter key Returns: - a ChannelBindings struct

func GenerateCBTFromTLSUnique ¶

func GenerateCBTFromTLSUnique(tlsUnique []byte) (*ChannelBindings, error)

GenerateCBTFromTLSUnique generates a ChannelBindings struct from a TLS unique value Adds tls-unique: prefix to the TLS unique value. Parameters: - tlsUnique: the TLS unique value Returns: - a ChannelBindings struct

func (*ChannelBindings) AsSSPI_SEC_CHANNEL_BINDINGS ¶

func (cb *ChannelBindings) AsSSPI_SEC_CHANNEL_BINDINGS() *SEC_CHANNEL_BINDINGS

AsSSPI_SEC_CHANNEL_BINDINGS converts a ChannelBindings struct to a SEC_CHANNEL_BINDINGS struct Returns: - a SEC_CHANNEL_BINDINGS struct

func (*ChannelBindings) Md5Hash ¶

func (cb *ChannelBindings) Md5Hash() []byte

Md5Hash calculates the MD5 hash of the ChannelBindings struct Returns: - a byte slice

func (*ChannelBindings) ToBytes ¶

func (cb *ChannelBindings) ToBytes() []byte

ToBytes converts a ChannelBindings struct to a byte slice as it would be gss_channel_bindings_struct structure in GSSAPI. Returns: - a byte slice

type ChannelBindingsType ¶

type ChannelBindingsType uint32

type IntegratedAuthenticator ¶

type IntegratedAuthenticator interface {
	InitialBytes() ([]byte, error)
	NextBytes([]byte) ([]byte, error)
	Free()
}

IntegratedAuthenticator is the interface for SSPI Login Authentication providers

func GetIntegratedAuthenticator ¶

func GetIntegratedAuthenticator(config msdsn.Config) (IntegratedAuthenticator, error)

GetIntegratedAuthenticator calls the authProvider specified in the 'authenticator' connection string parameter, if supplied. Otherwise fails back to the DefaultProviderName implementation for the platform.

type Provider ¶

type Provider interface {
	// GetIntegratedAuthenticator is responsible for returning an instance of the required IntegratedAuthenticator interface
	GetIntegratedAuthenticator(config msdsn.Config) (IntegratedAuthenticator, error)
}

Provider returns an SSPI compatible authentication provider

type ProviderFunc ¶

type ProviderFunc func(config msdsn.Config) (IntegratedAuthenticator, error)

ProviderFunc is an adapter to convert a GetIntegratedAuthenticator func into a Provider

func (ProviderFunc) GetIntegratedAuthenticator ¶

func (f ProviderFunc) GetIntegratedAuthenticator(config msdsn.Config) (IntegratedAuthenticator, error)

type SEC_CHANNEL_BINDINGS ¶

type SEC_CHANNEL_BINDINGS struct {
	DwInitiatorAddrType     uint32
	CbInitiatorLength       uint32
	DwInitiatorOffset       uint32
	DwAcceptorAddrType      uint32
	CbAcceptorLength        uint32
	DwAcceptorOffset        uint32
	CbApplicationDataLength uint32
	DwApplicationDataOffset uint32
	Data                    []byte
}

SEC_CHANNEL_BINDINGS: https://learn.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-sec_channel_bindings

func (*SEC_CHANNEL_BINDINGS) ToBytes ¶

func (cb *SEC_CHANNEL_BINDINGS) ToBytes() []byte

ToBytes converts a SEC_CHANNEL_BINDINGS struct to a byte slice, that can be use in SSPI InitializeSecurityContext function. Returns: - a byte slice

Source Files ¶

auth.go channel_binding.go integratedauthenticator.go

Directories ¶

Path	Synopsis
integratedauth/krb5	Package krb5 implements the integratedauth.IntegratedAuthenticator interface in order to provide kerberos/active directory (Windows) based authentication.
integratedauth/ntlm

Version: v1.10.0 (latest)
Published: Apr 30, 2026
Platform: darwin/amd64
Imports: 8 packages
Last checked: 1 hour ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples