spnego

package

v1.2.14 Latest Latest Go to latest Published: Jan 19, 2026 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/oiweiwei/go-msrpc

Links

Open Source Insights

Documentation ¶

Overview ¶

spnego package implements the SPNEGO security service client.

This package also contains client-side GSSAPI bindings (InitSecurityContext, Wrap, Unwrap and so on).

Index ¶

Constants
Variables
type Authentifier
type Config
- func (c *Config) Copy() gssapi.MechanismConfig
- func (Config) Type() gssapi.OID
type Mechanism
type NegTokenInit
- func (tok *NegTokenInit) Marshal(ctx context.Context) ([]byte, error)
- func (tok *NegTokenInit) Unmarshal(ctx context.Context, b []byte) error
type NegTokenResp
- func (tok *NegTokenResp) Marshal(ctx context.Context) ([]byte, error)
- func (tok *NegTokenResp) Unmarshal(ctx context.Context, b []byte) error
type State

Constants ¶

View Source

const Application = 1 << 6

View Source

const (
	HintName = "not_defined_in_RFC4178@please_ignore"
)

Variables ¶

View Source

var (
	ErrReject = errors.New("spnego: rejected")
)

View Source

var (
	MechanismTypeSPNEGO = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 2}
)

Functions ¶

This section is empty.

Types ¶

type Authentifier ¶

type Authentifier struct {
	// The authentifier configuration.
	*Config
	// The selected mechanism.
	Mechanism gssapi.Mechanism
	// The retrieved Mechanism List.
	RetrievedMechanismList []asn1.ObjectIdentifier
}

func (*Authentifier) IsNegTokenInit ¶

func (a *Authentifier) IsNegTokenInit(ctx context.Context, b []byte) bool

func (*Authentifier) MakeMechanismList ¶

func (a *Authentifier) MakeMechanismList(ctx context.Context) []asn1.ObjectIdentifier

func (*Authentifier) Negotiate ¶

func (a *Authentifier) Negotiate(ctx context.Context) ([]byte, error)

func (*Authentifier) Respond ¶

func (a *Authentifier) Respond(ctx context.Context, b []byte) ([]byte, error)

func (*Authentifier) SelectMechanism ¶

func (a *Authentifier) SelectMechanism(ctx context.Context, oid gssapi.OID) gssapi.Mechanism

type Config ¶

type Config struct {
	// The services available.
	Capabilities gssapi.Cap
	// The list of negotiated mechanisms.
	MechanismsList []gssapi.MechanismFactory
	// Require mechanism list MIC.
	RequireMechanismListMIC bool
}

func (*Config) Copy ¶ added in v1.1.1

func (c *Config) Copy() gssapi.MechanismConfig

func (Config) Type ¶

func (Config) Type() gssapi.OID

The configuration type.

type Mechanism ¶

type Mechanism struct {
	*Authentifier
}

func (*Mechanism) Accept ¶

func (m *Mechanism) Accept(ctx context.Context, tok *gssapi.Token) (*gssapi.Token, error)

func (Mechanism) DefaultConfig ¶

func (Mechanism) DefaultConfig(ctx context.Context) (gssapi.MechanismConfig, error)

func (*Mechanism) Init ¶

func (m *Mechanism) Init(ctx context.Context, tok *gssapi.Token) (*gssapi.Token, error)

func (*Mechanism) MakeSignature ¶

func (m *Mechanism) MakeSignature(ctx context.Context, tok *gssapi.MessageToken) (*gssapi.MessageToken, error)

MakeSignature function.

func (*Mechanism) MakeSignatureEx ¶

func (m *Mechanism) MakeSignatureEx(ctx context.Context, tok *gssapi.MessageTokenEx) (*gssapi.MessageTokenEx, error)

MakeSignatureEx function.

func (Mechanism) New ¶

func (Mechanism) New(ctx context.Context) (gssapi.Mechanism, error)

func (Mechanism) Type ¶

func (Mechanism) Type() gssapi.OID

func (*Mechanism) Unwrap ¶

func (m *Mechanism) Unwrap(ctx context.Context, tok *gssapi.MessageToken) (*gssapi.MessageToken, error)

Unwrap function.

func (*Mechanism) UnwrapEx ¶

func (m *Mechanism) UnwrapEx(ctx context.Context, tok *gssapi.MessageTokenEx) (*gssapi.MessageTokenEx, error)

UnwrapEx function.

func (*Mechanism) VerifySignature ¶

func (m *Mechanism) VerifySignature(ctx context.Context, tok *gssapi.MessageToken) error

VerifySignature function.

func (*Mechanism) VerifySignatureEx ¶

func (m *Mechanism) VerifySignatureEx(ctx context.Context, tok *gssapi.MessageTokenEx) error

VerifySignatureEx function.

func (*Mechanism) Wrap ¶

func (m *Mechanism) Wrap(ctx context.Context, tok *gssapi.MessageToken) (*gssapi.MessageToken, error)

Wrap function.

func (*Mechanism) WrapEx ¶

func (m *Mechanism) WrapEx(ctx context.Context, tok *gssapi.MessageTokenEx) (*gssapi.MessageTokenEx, error)

WrapEx function.

func (*Mechanism) WrapSizeLimit ¶

func (m *Mechanism) WrapSizeLimit(ctx context.Context, sz int, conf bool) int

type NegTokenInit ¶

type NegTokenInit struct {
	// This field contains one or more security mechanisms
	// available for the initiator, in decreasing preference order
	// (favorite choice first).
	MechTypes []asn1.ObjectIdentifier
	// This field, if present, contains the service options that are
	// requested to establish the context.
	ReqFlags asn1.BitString
	// This field, if present, contains the optimistic mechanism token.
	MechToken []byte
	// This field, if present, contains an MIC token for the mechanism
	// list in the initial negotiation message.
	MechTokenMIC []byte
	// Negotiate hints.
	HintName string
	// Hint address.
	HintAddress []byte
}

The negotiate token initialization message.

func (*NegTokenInit) Marshal ¶

func (tok *NegTokenInit) Marshal(ctx context.Context) ([]byte, error)

Marshal function marshals the negotiate token initialization.

func (*NegTokenInit) Unmarshal ¶

func (tok *NegTokenInit) Unmarshal(ctx context.Context, b []byte) error

Unmarshal function unmarshals the negotiate token initialization.

type NegTokenResp ¶

type NegTokenResp struct {
	// This field, if present, contains the state of the negotiation.
	State State
	// This field SHALL only be present in the first reply from the
	// target. It MUST be one of the mechanism(s) offered by the initiator.
	SupportedMech asn1.ObjectIdentifier
	// This field, if present, contains tokens specific to the mechanism
	// selected.
	ResponseToken []byte
	// This field, if present, contains an MIC token for the mechanism
	// list in the initial negotiation message.
	MechListMIC []byte
}

The negotiate token response.

func (*NegTokenResp) Marshal ¶

func (tok *NegTokenResp) Marshal(ctx context.Context) ([]byte, error)

Marshal function marshals the negotiate token response.

func (*NegTokenResp) Unmarshal ¶

func (tok *NegTokenResp) Unmarshal(ctx context.Context, b []byte) error

Unmarshal function unmarshals the negotiate token response.

type State ¶

type State int

The negotiation state.

var (
	// No further negotiation message from the peer is expected,
	// and the security context is established for the sender.
	AcceptCompleted State = 0
	// At least one additional negotiation message from the peer is
	// needed to establish the security context.
	AcceptIncomplete State = 1
	// The sender terminates the negotiation.
	Reject State = 2
	// The sender indicates that the exchange of MIC tokens will be
	// REQUIRED if per-message integrity services are available on the
	// mechanism context to be established.
	//
	// This value SHALL only be present in the first reply from the target.
	RequestMIC State = 3
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL