Documentation
¶
Overview ¶
Package messages implements Kerberos 5 message types and methods.
Index ¶
- func MarshalTicketSequence(tkts []Ticket) (asn1.RawValue, error)
- type APRep
- type APReq
- type ASRep
- type ASReq
- type EncAPRepPart
- type EncKDCRepPart
- type EncKrbCredPart
- type EncKrbPrivPart
- type EncTicketPart
- type KDCRepFields
- type KDCReqBody
- type KDCReqFields
- type KRBCred
- type KRBError
- type KRBPriv
- type KRBSafe
- type KRBSafeBody
- type KrbCredInfo
- type LastReq
- type TGSRep
- type TGSReq
- type Ticket
- type TransitedEncoding
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type APRep ¶
type APRep struct {
PVNO int `asn1:"explicit,tag:0"`
MsgType int `asn1:"explicit,tag:1"`
EncPart types.EncryptedData `asn1:"explicit,tag:2"`
}
APRep implements RFC 4120 KRB_AP_REP: https://tools.ietf.org/html/rfc4120#section-5.5.2.
type APReq ¶
type APReq struct {
PVNO int `asn1:"explicit,tag:0"`
MsgType int `asn1:"explicit,tag:1"`
APOptions asn1.BitString `asn1:"explicit,tag:2"`
Ticket Ticket `asn1:"explicit,tag:3"`
Authenticator types.EncryptedData `asn1:"explicit,tag:4"`
}
APReq implements RFC 4120 KRB_AP_REQ: https://tools.ietf.org/html/rfc4120#section-5.5.1.
func NewAPReq ¶
func NewAPReq(tkt Ticket, sessionKey types.EncryptionKey, auth types.Authenticator) (APReq, error)
NewAPReq generates a new KRB_AP_REQ struct.
type ASRep ¶
type ASRep struct {
KDCRepFields
}
ASRep implements RFC 4120 KRB_AS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
func (*ASRep) DecryptEncPart ¶
func (k *ASRep) DecryptEncPart(c *credentials.Credentials) (types.EncryptionKey, error)
DecryptEncPart decrypts the encrypted part of an AS_REP.
func (*ASRep) IsValid ¶
func (k *ASRep) IsValid(cfg *config.Config, creds *credentials.Credentials, asReq ASReq) (bool, error)
IsValid checks the validity of AS_REP message.
type ASReq ¶
type ASReq struct {
KDCReqFields
}
ASReq implements RFC 4120 KRB_AS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
type EncAPRepPart ¶
type EncAPRepPart struct {
CTime time.Time `asn1:"generalized,explicit,tag:0"`
Cusec int `asn1:"explicit,tag:1"`
Subkey types.EncryptionKey `asn1:"optional,explicit,tag:2"`
SequenceNumber int64 `asn1:"optional,explicit,tag:3"`
}
EncAPRepPart is the encrypted part of KRB_AP_REP.
func (*EncAPRepPart) Unmarshal ¶
func (a *EncAPRepPart) Unmarshal(b []byte) error
Unmarshal bytes b into the APRep encrypted part struct.
type EncKDCRepPart ¶
type EncKDCRepPart struct {
Key types.EncryptionKey `asn1:"explicit,tag:0"`
LastReqs []LastReq `asn1:"explicit,tag:1"`
Nonce int `asn1:"explicit,tag:2"`
KeyExpiration time.Time `asn1:"generalized,explicit,optional,tag:3"`
Flags asn1.BitString `asn1:"explicit,tag:4"`
AuthTime time.Time `asn1:"generalized,explicit,tag:5"`
StartTime time.Time `asn1:"generalized,explicit,optional,tag:6"`
EndTime time.Time `asn1:"generalized,explicit,tag:7"`
RenewTill time.Time `asn1:"generalized,explicit,optional,tag:8"`
SRealm string `asn1:"generalstring,explicit,tag:9"`
SName types.PrincipalName `asn1:"explicit,tag:10"`
CAddr []types.HostAddress `asn1:"explicit,optional,tag:11"`
EncPAData types.PADataSequence `asn1:"explicit,optional,tag:12"`
}
EncKDCRepPart is the encrypted part of KRB_KDC_REP.
func (*EncKDCRepPart) Unmarshal ¶
func (e *EncKDCRepPart) Unmarshal(b []byte) error
Unmarshal bytes b into encrypted part of KRB_KDC_REP.
type EncKrbCredPart ¶
type EncKrbCredPart struct {
TicketInfo []KrbCredInfo `asn1:"explicit,tag:0"`
Nouce int `asn1:"optional,explicit,tag:1"`
Timestamp time.Time `asn1:"generalized,optional,explicit,tag:2"`
Usec int `asn1:"optional,explicit,tag:3"`
SAddress types.HostAddress `asn1:"optional,explicit,tag:4"`
RAddress types.HostAddress `asn1:"optional,explicit,tag:5"`
}
EncKrbCredPart is the encrypted part of KRB_CRED.
func (*EncKrbCredPart) Unmarshal ¶
func (k *EncKrbCredPart) Unmarshal(b []byte) error
Unmarshal bytes b into the encrypted part of KRB_CRED.
type EncKrbPrivPart ¶
type EncKrbPrivPart struct {
UserData []byte `asn1:"explicit,tag:0"`
Timestamp time.Time `asn1:"generalized,optional,explicit,tag:1"`
Usec int `asn1:"optional,explicit,tag:2"`
SequenceNumber int64 `asn1:"optional,explicit,tag:3"`
SAddress types.HostAddress `asn1:"explicit,tag:4"`
RAddress types.HostAddress `asn1:"optional,explicit,tag:5"`
}
EncKrbPrivPart is the encrypted part of KRB_PRIV.
func (*EncKrbPrivPart) Unmarshal ¶
func (k *EncKrbPrivPart) Unmarshal(b []byte) error
Unmarshal bytes b into the EncKrbPrivPart struct.
type EncTicketPart ¶
type EncTicketPart struct {
Flags asn1.BitString `asn1:"explicit,tag:0"`
Key types.EncryptionKey `asn1:"explicit,tag:1"`
CRealm string `asn1:"generalstring,explicit,tag:2"`
CName types.PrincipalName `asn1:"explicit,tag:3"`
Transited TransitedEncoding `asn1:"explicit,tag:4"`
AuthTime time.Time `asn1:"generalized,explicit,tag:5"`
StartTime time.Time `asn1:"generalized,explicit,optional,tag:6"`
EndTime time.Time `asn1:"generalized,explicit,tag:7"`
RenewTill time.Time `asn1:"generalized,explicit,optional,tag:8"`
CAddr types.HostAddresses `asn1:"explicit,optional,tag:9"`
AuthorizationData types.AuthorizationData `asn1:"explicit,optional,tag:10"`
}
EncTicketPart is the encrypted part of the Ticket.
func (*EncTicketPart) Unmarshal ¶
func (t *EncTicketPart) Unmarshal(b []byte) error
Unmarshal bytes b into the EncTicketPart struct.
type KDCRepFields ¶
type KDCRepFields struct {
PVNO int
MsgType int
PAData []types.PAData
CRealm string
CName types.PrincipalName
Ticket Ticket
EncPart types.EncryptedData
DecryptedEncPart EncKDCRepPart
}
KDCRepFields represents the KRB_KDC_REP fields.
type KDCReqBody ¶
type KDCReqBody struct {
KDCOptions asn1.BitString `asn1:"explicit,tag:0"`
CName types.PrincipalName `asn1:"explicit,optional,tag:1"`
Realm string `asn1:"generalstring,explicit,tag:2"`
SName types.PrincipalName `asn1:"explicit,optional,tag:3"`
From time.Time `asn1:"generalized,explicit,optional,tag:4"`
Till time.Time `asn1:"generalized,explicit,tag:5"`
RTime time.Time `asn1:"generalized,explicit,optional,tag:6"`
Nonce int `asn1:"explicit,tag:7"`
EType []int32 `asn1:"explicit,tag:8"`
Addresses []types.HostAddress `asn1:"explicit,optional,tag:9"`
EncAuthData types.EncryptedData `asn1:"explicit,optional,tag:10"`
AdditionalTickets []Ticket `asn1:"explicit,optional,tag:11"`
}
KDCReqBody implements the KRB_KDC_REQ request body.
func (*KDCReqBody) Marshal ¶
func (k *KDCReqBody) Marshal() ([]byte, error)
Marshal KRB_KDC_REQ body struct.
func (*KDCReqBody) Unmarshal ¶
func (k *KDCReqBody) Unmarshal(b []byte) error
Unmarshal bytes b into the KRB_KDC_REQ body struct.
type KDCReqFields ¶
type KDCReqFields struct {
PVNO int
MsgType int
PAData types.PADataSequence
ReqBody KDCReqBody
Renewal bool
}
KDCReqFields represents the KRB_KDC_REQ fields.
type KRBCred ¶
type KRBCred struct {
PVNO int
MsgType int
Tickets []Ticket
EncPart types.EncryptedData
DecryptedEncPart EncKrbCredPart
}
KRBCred implements RFC 4120 KRB_CRED: https://tools.ietf.org/html/rfc4120#section-5.8.1.
func (*KRBCred) DecryptEncPart ¶
func (k *KRBCred) DecryptEncPart(key types.EncryptionKey) error
DecryptEncPart decrypts the encrypted part of a KRB_CRED.
type KRBError ¶
type KRBError struct {
PVNO int `asn1:"explicit,tag:0"`
MsgType int `asn1:"explicit,tag:1"`
CTime time.Time `asn1:"generalized,optional,explicit,tag:2"`
Cusec int `asn1:"optional,explicit,tag:3"`
STime time.Time `asn1:"generalized,explicit,tag:4"`
Susec int `asn1:"explicit,tag:5"`
ErrorCode int32 `asn1:"explicit,tag:6"`
CRealm string `asn1:"generalstring,optional,explicit,tag:7"`
CName types.PrincipalName `asn1:"optional,explicit,tag:8"`
Realm string `asn1:"generalstring,explicit,tag:9"`
SName types.PrincipalName `asn1:"explicit,tag:10"`
EText string `asn1:"generalstring,optional,explicit,tag:11"`
EData []byte `asn1:"optional,explicit,tag:12"`
}
KRBError implements RFC 4120 KRB_ERROR: https://tools.ietf.org/html/rfc4120#section-5.9.1.
func NewKRBError ¶
NewKRBError creates a new KRBError.
type KRBPriv ¶
type KRBPriv struct {
PVNO int `asn1:"explicit,tag:0"`
MsgType int `asn1:"explicit,tag:1"`
EncPart types.EncryptedData `asn1:"explicit,tag:3"`
}
KRBPriv implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.7.1.
type KRBSafe ¶
type KRBSafe struct {
PVNO int `asn1:"explicit,tag:0"`
MsgType int `asn1:"explicit,tag:1"`
SafeBody KRBSafeBody `asn1:"explicit,tag:2"`
Cksum types.Checksum `asn1:"explicit,tag:3"`
}
KRBSafe implements RFC 4120 KRB_SAFE: https://tools.ietf.org/html/rfc4120#section-5.6.1.
type KRBSafeBody ¶
type KRBSafeBody struct {
UserData []byte `asn1:"explicit,tag:0"`
Timestamp time.Time `asn1:"generalized,optional,explicit,tag:1"`
Usec int `asn1:"optional,explicit,tag:2"`
SequenceNumber int64 `asn1:"optional,explicit,tag:3"`
SAddress types.HostAddress `asn1:"explicit,tag:4"`
RAddress types.HostAddress `asn1:"optional,explicit,tag:5"`
}
KRBSafeBody implements the KRB_SAFE_BODY of KRB_SAFE.
type KrbCredInfo ¶
type KrbCredInfo struct {
Key types.EncryptionKey `asn1:"explicit,tag:0"`
PRealm string `asn1:"generalstring,optional,explicit,tag:1"`
PName types.PrincipalName `asn1:"optional,explicit,tag:2"`
Flags asn1.BitString `asn1:"optional,explicit,tag:3"`
AuthTime time.Time `asn1:"generalized,optional,explicit,tag:4"`
StartTime time.Time `asn1:"generalized,optional,explicit,tag:5"`
EndTime time.Time `asn1:"generalized,optional,explicit,tag:6"`
RenewTill time.Time `asn1:"generalized,optional,explicit,tag:7"`
SRealm string `asn1:"optional,explicit,ia5,tag:8"`
SName types.PrincipalName `asn1:"optional,explicit,tag:9"`
CAddr types.HostAddresses `asn1:"optional,explicit,tag:10"`
}
KrbCredInfo is the KRB_CRED_INFO part of KRB_CRED.
type LastReq ¶
type LastReq struct {
LRType int32 `asn1:"explicit,tag:0"`
LRValue time.Time `asn1:"generalized,explicit,tag:1"`
}
LastReq part of KRB_KDC_REP.
type TGSRep ¶
type TGSRep struct {
KDCRepFields
}
TGSRep implements RFC 4120 KRB_TGS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
func (*TGSRep) DecryptEncPart ¶
func (k *TGSRep) DecryptEncPart(key types.EncryptionKey) error
DecryptEncPart decrypts the encrypted part of an TGS_REP.
type TGSReq ¶
type TGSReq struct {
KDCReqFields
}
TGSReq implements RFC 4120 KRB_TGS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
func NewTGSReq ¶
func NewTGSReq(cname types.PrincipalName, kdcRealm string, c *config.Config, tkt Ticket, sessionKey types.EncryptionKey, spn types.PrincipalName, renewal bool) (TGSReq, error)
NewTGSReq generates a new KRB_TGS_REQ struct.
type Ticket ¶
type Ticket struct {
TktVNO int `asn1:"explicit,tag:0"`
Realm string `asn1:"generalstring,explicit,tag:1"`
SName types.PrincipalName `asn1:"explicit,tag:2"`
EncPart types.EncryptedData `asn1:"explicit,tag:3"`
DecryptedEncPart EncTicketPart `asn1:"optional"` // Not part of ASN1 bytes so marked as optional so unmarshalling works
}
Ticket implements the Kerberos ticket.
func NewTicket ¶
func NewTicket(cname types.PrincipalName, crealm string, sname types.PrincipalName, srealm string, flags asn1.BitString, sktab keytab.Keytab, eTypeID int32, kvno int, authTime, startTime, endTime, renewTill time.Time) (Ticket, types.EncryptionKey, error)
NewTicket creates a new Ticket instance.
func UnmarshalTicket ¶
UnmarshalTicket returns a ticket from the bytes provided.
func UnmarshalTicketsSequence ¶
UnmarshalTicketsSequence returns a slice of Tickets from a raw ASN1 value.
func (*Ticket) DecryptEncPart ¶
DecryptEncPart decrypts the encrypted part of the ticket.
func (*Ticket) GetPACType ¶
GetPACType returns a Microsoft PAC that has been extracted from the ticket and processed.
type TransitedEncoding ¶
type TransitedEncoding struct {
TRType int32 `asn1:"explicit,tag:0"`
Contents []byte `asn1:"explicit,tag:1"`
}
TransitedEncoding part of the ticket's encrypted part.
Source Files