gssapi

package module
v0.0.0-...-6661f19 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 23, 2021 License: Apache-2.0 Imports: 10 Imported by: 1

README

gssapi

License ReportCard Build Coverage GoDoc

The gssapi package is a Golang wrapper around RFC 2743, the Generic Security Services Application Programming Interface. (GSSAPI)

Uses

We use it to authenticate clients with our authentication server. Clients talk to a Kerberos or Active Directory Domain Controller to retrieve a Kerberos service ticket, which we verify with a keytab on our authentication server.

When a user logs into Kerberos using kinit, they get a Kerberos TGT. During Kerberos authentication, that TGT is used to retrieve a Service Ticket from the Domain Controller. GSSAPI lets us authenticate without having to know where or in what form the TGT is stored. Because each operating system vendor might move that, this package wraps your system GSSAPI implementation.

What do you use it for? Let us know!

Building

This library is go get compatible. However, it also requires header files to build against the GSSAPI C library on your platform.

Golang needs to be able to find a gcc compiler (and one which is recent enough to support gccgo). If the system compiler isn't gcc, then use CC in environ to point the Golang build tools at your gcc. (LLVM's clang does not work and Golang's diagnostics if it encounters clang are to spew a lot of apparently-unrelated errors from trying to use it anyway).

On MacOS, the default headers are too old; you can use newer headers for building but still use the normal system libraries.

  • FreeBSD: export CC=gcc48; go install
  • MacOS: brew install homebrew/dupes/heimdal --without-x11
  • Ubuntu: see apt-get in test/docker/client/Dockerfile

Testing

Tests in the main gssapi repository can be run using the built-in go test.

To run an integrated test against a live Heimdal Kerberos Domain Controller, cd test and bring up Docker, (or boot2docker). Then, run ./run-heimdal.sh. This will run some go tests using three Docker images: a client, a service, and a domain controller. The service will receive a generated keytab file, and the client will point to the domain controller for authentication.

NOTE: to run Docker tests, your GOROOT environment variable MUST be set.

TODO

See our TODO doc on stuff you can do to help. We welcome contributions!

Verified platforms

We've tested that we can authenticate against:

  • Heimdal Kerberos
  • Active Directory

We suspect we can authenticate against:

  • MIT Kerberos

We definitely cannot authenticate with:

  • Windows clients (because Windows uses SSPI instead of GSSAPI as the library interface)

Documentation

Overview

This is a GSSAPI provider for Go, which expects to be initialized with the name of a dynamically loadable module which can be dlopen'd to get at a C language binding GSSAPI library.

The GSSAPI concepts are explained in RFC 2743, "Generic Security Service Application Program Interface Version 2, Update 1".

The API calls for C, together with a number of values for constants, come from RFC 2744, "Generic Security Service API Version 2 : C-bindings".

Note that the basic GSSAPI bindings for C use the Latin-1 character set. UTF-8 interfaces are specified in RFC 5178, "Generic Security Service Application Program Interface (GSS-API) Internationalization and Domain-Based Service Names and Name Type", in 2008. Looking in 2013, this API does not appear to be provided by either MIT or Heimdal. This API applies solely to hostnames though, which can also be supplied in ACE encoding, bypassing the issue.

For now, we assume that hostnames and usercodes are all ASCII-ish and pass UTF-8 into the library. Patches for more comprehensive support welcome.

Index

Constants

View Source 
const (
	GSS_C_DELEG_FLAG      uint32 = 1
	GSS_C_MUTUAL_FLAG            = 2
	GSS_C_REPLAY_FLAG            = 4
	GSS_C_SEQUENCE_FLAG          = 8
	GSS_C_CONF_FLAG              = 16
	GSS_C_INTEG_FLAG             = 32
	GSS_C_ANON_FLAG              = 64
	GSS_C_PROT_READY_FLAG        = 128
	GSS_C_TRANS_FLAG             = 256
)

Flag bits for context-level services

View Source 
const (
	GSS_C_BOTH     CredUsage = 0
	GSS_C_INITIATE           = 1
	GSS_C_ACCEPT             = 2
)

Credential usage options

View Source 
const (
	GSS_C_GSS_CODE  int = 1
	GSS_C_MECH_CODE     = 2
)

Status code types for gss_display_status

View Source 
const (
	GSS_C_AF_UNSPEC    ChannelBindingAddressFamily = 0
	GSS_C_AF_LOCAL                                 = 1
	GSS_C_AF_INET                                  = 2
	GSS_C_AF_IMPLINK                               = 3
	GSS_C_AF_PUP                                   = 4
	GSS_C_AF_CHAOS                                 = 5
	GSS_C_AF_NS                                    = 6
	GSS_C_AF_NBS                                   = 7
	GSS_C_AF_ECMA                                  = 8
	GSS_C_AF_DATAKIT                               = 9
	GSS_C_AF_CCITT                                 = 10
	GSS_C_AF_SNA                                   = 11
	GSS_C_AF_DECnet                                = 12
	GSS_C_AF_DLI                                   = 13
	GSS_C_AF_LAT                                   = 14
	GSS_C_AF_HYLINK                                = 15
	GSS_C_AF_APPLETALK                             = 16
	GSS_C_AF_BSC                                   = 17
	GSS_C_AF_DSS                                   = 18
	GSS_C_AF_OSI                                   = 19
	GSS_C_AF_X25                                   = 21
	GSS_C_AF_INET6                                 = 24
	GSS_C_AF_NULLADDR                              = 255
)

The constant definitions for channel-bindings address families

View Source 
const (
	// Quality Of Protection
	GSS_C_QOP_DEFAULT = 0

	// Infinite Lifetime, defined as 2^32-1
	GSS_C_INDEFINITE = 0xffffffff * time.Second
)
View Source 
const (
	MIT = iota
	Heimdal
)

Values for Options.LoadDefault

View Source 
const (
	Emerg = Severity(iota)
	Alert
	Crit
	Err
	Warn
	Notice
	Info
	Debug
	MaxSeverity
)

Values for Options.Log severity indices

View Source 
const (
	GSS_S_COMPLETE MajorStatus = 0

	GSS_S_CALL_INACCESSIBLE_READ  MajorStatus = 1 << shiftCALLING
	GSS_S_CALL_INACCESSIBLE_WRITE             = 2 << shiftCALLING
	GSS_S_CALL_BAD_STRUCTURE                  = 3 << shiftCALLING

	GSS_S_BAD_MECH             MajorStatus = 1 << shiftROUTINE
	GSS_S_BAD_NAME                         = 2 << shiftROUTINE
	GSS_S_BAD_NAMETYPE                     = 3 << shiftROUTINE
	GSS_S_BAD_BINDINGS                     = 4 << shiftROUTINE
	GSS_S_BAD_STATUS                       = 5 << shiftROUTINE
	GSS_S_BAD_MIC                          = 6 << shiftROUTINE
	GSS_S_BAD_SIG                          = 6 << shiftROUTINE // duplication deliberate
	GSS_S_NO_CRED                          = 7 << shiftROUTINE
	GSS_S_NO_CONTEXT                       = 8 << shiftROUTINE
	GSS_S_DEFECTIVE_TOKEN                  = 9 << shiftROUTINE
	GSS_S_DEFECTIVE_CREDENTIAL             = 10 << shiftROUTINE
	GSS_S_CREDENTIALS_EXPIRED              = 11 << shiftROUTINE
	GSS_S_CONTEXT_EXPIRED                  = 12 << shiftROUTINE
	GSS_S_FAILURE                          = 13 << shiftROUTINE
	GSS_S_BAD_QOP                          = 14 << shiftROUTINE
	GSS_S_UNAUTHORIZED                     = 15 << shiftROUTINE
	GSS_S_UNAVAILABLE                      = 16 << shiftROUTINE
	GSS_S_DUPLICATE_ELEMENT                = 17 << shiftROUTINE
	GSS_S_NAME_NOT_MN                      = 18 << shiftROUTINE
)

Status values are returned by gssapi calls to indicate the result of a call. Declared according to: https://tools.ietf.org/html/rfc2743#page-17

Variables

View Source 
var ErrContinueNeeded = errors.New("continue needed")

ErrContinueNeeded may be returned by InitSecContext or AcceptSecContext to indicate that another iteration is needed

View Source 
var ErrMallocFailed = errors.New("malloc failed, out of memory?")

ErrMallocFailed is returned when the malloc call has failed.

Functions

This section is empty.

Types

type Buffer 

type Buffer struct {
	*Lib
	C_gss_buffer_t C.gss_buffer_t
	// contains filtered or unexported fields
}

A Buffer is an underlying C buffer represented in Golang. Must be .Release'd.

func (*Buffer) Bytes 

func (b *Buffer) Bytes() []byte

Bytes returns the contents of a Buffer as a byte slice.

func (*Buffer) Equal 

func (b *Buffer) Equal(other *Buffer) bool

Equal determines if a Buffer receiver is equivalent to the supplied Buffer.

func (*Buffer) Length 

func (b *Buffer) Length() int

Length returns the number of bytes in the Buffer.

func (Buffer) Name 

func (b Buffer) Name(nametype *OID) (*Name, error)

Name converts a Buffer representing a name into a Name (internal opaque representation) using the specified nametype.

func (*Buffer) Release 

func (b *Buffer) Release() error

Release safely frees the contents of a Buffer.

func (*Buffer) String 

func (b *Buffer) String() string

String returns the contents of a Buffer as a string.

type ChannelBindingAddressFamily 

type ChannelBindingAddressFamily uint32

type ChannelBindings 

type ChannelBindings C.gss_channel_bindings_t

A struct pointer technically, but not really used yet, and it's a static, non-releaseable struct so an alias will suffice

type CredId 

type CredId struct {
	*Lib
	C_gss_cred_id_t C.gss_cred_id_t
}

A CredId represents information like a cryptographic secret. In Kerberos, this likely represents a keytab.

func (*CredId) Release 

func (c *CredId) Release() error

Release frees a credential.

type CredUsage 

type CredUsage C.gss_cred_usage_t // C.int

Aliases for the simple types

type CtxId 

type CtxId struct {
	*Lib
	C_gss_ctx_id_t C.gss_ctx_id_t
}

A CtxId represents a security context. Contexts maintain the state of one end of an authentication protocol.

func (*CtxId) DeleteSecContext 

func (ctx *CtxId) DeleteSecContext() error

DeleteSecContext frees a security context. NB: I decided not to implement the outputToken parameter since its use is no longer recommended, and it would have to be Released by the caller

func (*CtxId) GetMIC 

func (ctx *CtxId) GetMIC(qopReq QOP, messageBuffer *Buffer) (
	messageToken *Buffer, err error)

GetMIC implements gss_GetMIC API, as per https://tools.ietf.org/html/rfc2743#page-63. messageToken must be .Release()-ed by the caller.

func (*CtxId) InquireContext 

func (ctx *CtxId) InquireContext() (
	srcName *Name, targetName *Name, lifetimeRec time.Duration, mechType *OID,
	ctxFlags uint64, locallyInitiated bool, open bool, err error)

InquireContext returns fields about a security context.

func (*CtxId) Release 

func (ctx *CtxId) Release() error

Release is an alias for DeleteSecContext.

func (*CtxId) Unwrap 

func (ctx *CtxId) Unwrap(
	inputMessageBuffer *Buffer) (
	outputMessageBuffer *Buffer, confState bool, qopState QOP, err error)

Unwrap implements gss_unwrap API, as per https://tools.ietf.org/html/rfc2743#page-66. outputMessageBuffer must be .Release()-ed by the caller

func (*CtxId) VerifyMIC 

func (ctx *CtxId) VerifyMIC(messageBuffer *Buffer, tokenBuffer *Buffer) (
	qopState QOP, err error)

VerifyMIC implements gss_VerifyMIC API, as per https://tools.ietf.org/html/rfc2743#page-64.

func (*CtxId) Wrap 

func (ctx *CtxId) Wrap(
	confReq bool, qopReq QOP, inputMessageBuffer *Buffer) (
	confState bool, outputMessageBuffer *Buffer, err error)

Wrap implements gss_wrap API, as per https://tools.ietf.org/html/rfc2743#page-65. outputMessageBuffer must be .Release()-ed by the caller

type Error 

type Error struct {
	// gssapi lib binding, so that we can convert the results of an
	// operation to a string for diagnosis.
	*Lib

	// Specified by gssapi
	Major MajorStatus

	// Mechanism-specific:
	Minor C.OM_uint32
}

Error is designed to serve both as an error, and as a general gssapi status container. If Major is GSS_S_FAILURE, then information will be in Minor. The GoError method will return a nil if it doesn't represent a real error.

func (*Error) Error 

func (e *Error) Error() string

Error returns a string representation of an Error object.

func (*Error) GoError 

func (e *Error) GoError() error

GoError returns an untyped error interface object.

type Lib 

type Lib struct {
	LastStatus *Error

	// Should contain a gssapi.Printer for each severity level to be
	// logged, up to gssapi.MaxSeverity items
	Printers []Printer
	// contains filtered or unexported fields
}

Lib encapsulates both the GSSAPI and the library dlopen()'d for it. The handle represents the dynamically-linked gssapi library handle.

func Load 

func Load(o *Options) (*Lib, error)

Load attempts to load a dynamically-linked gssapi library from the path specified by the supplied Options.

func (*Lib) AcceptSecContext 

func (lib *Lib) AcceptSecContext(
	ctxIn *CtxId, acceptorCredHandle *CredId, inputToken *Buffer,
	inputChanBindings ChannelBindings) (
	ctxOut *CtxId, srcName *Name, actualMechType *OID, outputToken *Buffer,
	retFlags uint32, timeRec time.Duration, delegatedCredHandle *CredId,
	err error)

AcceptSecContext accepts an initialized security context. Usually called by the server. May return ErrContinueNeeded if the client is to make another iteration of exchanging token with the service

func (*Lib) AcquireCred 

func (lib *Lib) AcquireCred(desiredName *Name, timeReq time.Duration,
	desiredMechs *OIDSet, credUsage CredUsage) (outputCredHandle *CredId,
	actualMechs *OIDSet, timeRec time.Duration, err error)

AcquireCred implements gss_acquire_cred API, as per https://tools.ietf.org/html/rfc2743#page-31. outputCredHandle, actualMechs must be .Release()-ed by the caller

func (*Lib) AddCred 

func (lib *Lib) AddCred(inputCredHandle *CredId,
	desiredName *Name, desiredMech *OID, credUsage CredUsage,
	initiatorTimeReq time.Duration, acceptorTimeReq time.Duration) (
	outputCredHandle *CredId, actualMechs *OIDSet,
	initiatorTimeRec time.Duration, acceptorTimeRec time.Duration,
	err error)

AddCred implements gss_add_cred API, as per https://tools.ietf.org/html/rfc2743#page-36. outputCredHandle, actualMechs must be .Release()-ed by the caller

func (*Lib) Alert 

func (lib *Lib) Alert(a ...interface{})

func (*Lib) Crit 

func (lib *Lib) Crit(a ...interface{})

func (*Lib) Debug 

func (lib *Lib) Debug(a ...interface{})

func (*Lib) Emerg 

func (lib *Lib) Emerg(a ...interface{})

func (*Lib) Err 

func (lib *Lib) Err(a ...interface{})

func (*Lib) GSS_C_NO_NAME 

func (lib *Lib) GSS_C_NO_NAME() *Name

GSS_C_NO_NAME is a Name where the value is NULL, used to request special behavior in some GSSAPI calls.

func (*Lib) IndicateMechs 

func (lib *Lib) IndicateMechs() (*OIDSet, error)

IndicateMechs implements the gss_Indicate_mechs call, according to https://tools.ietf.org/html/rfc2743#page-69. This returns an OIDSet of the Mechs supported on the current OS.

func (*Lib) Info 

func (lib *Lib) Info(a ...interface{})

func (*Lib) InitSecContext 

func (lib *Lib) InitSecContext(initiatorCredHandle *CredId, ctxIn *CtxId,
	targetName *Name, mechType *OID, reqFlags uint32, timeReq time.Duration,
	inputChanBindings ChannelBindings, inputToken *Buffer) (
	ctxOut *CtxId, actualMechType *OID, outputToken *Buffer, retFlags uint32,
	timeRec time.Duration, err error)

InitSecContext initiates a security context. Usually invoked by the client. A Context (CtxId) describes the state at one end of an authentication protocol. May return ErrContinueNeeded if the client is to make another iteration of exchanging token with the service

func (*Lib) InquireCred 

func (lib *Lib) InquireCred(credHandle *CredId) (
	name *Name, lifetime time.Duration, credUsage CredUsage, mechanisms *OIDSet,
	err error)

InquireCred implements gss_inquire_cred API, as per https://tools.ietf.org/html/rfc2743#page-34. name and mechanisms must be .Release()-ed by the caller

func (*Lib) InquireCredByMech 

func (lib *Lib) InquireCredByMech(credHandle *CredId, mechType *OID) (
	name *Name, initiatorLifetime time.Duration, acceptorLifetime time.Duration,
	credUsage CredUsage, err error)

InquireCredByMech implements gss_inquire_cred_by_mech API, as per https://tools.ietf.org/html/rfc2743#page-39. name must be .Release()-ed by the caller

func (*Lib) InquireNamesForMechs 

func (lib *Lib) InquireNamesForMechs(mech *OID) (name_types *OIDSet, err error)

InquireNameForMech returns the set of name types supported by the specified mechanism

func (*Lib) MakeBuffer 

func (lib *Lib) MakeBuffer(alloc int) (*Buffer, error)

MakeBuffer returns a Buffer with an empty malloc-ed gss_buffer_desc in it. The return value must be .Release()-ed

func (*Lib) MakeBufferBytes 

func (lib *Lib) MakeBufferBytes(data []byte) (*Buffer, error)

MakeBufferBytes makes a Buffer encapsulating a byte slice.

func (*Lib) MakeBufferString 

func (lib *Lib) MakeBufferString(content string) (*Buffer, error)

MakeBufferString makes a Buffer encapsulating the contents of a string.

func (*Lib) MakeError 

func (lib *Lib) MakeError(major, minor C.OM_uint32) *Error

MakeError creates a golang Error object from a gssapi major & minor status.

func (*Lib) MakeOIDBytes 

func (lib *Lib) MakeOIDBytes(data []byte) (*OID, error)

MakeOIDBytes makes an OID encapsulating a byte slice. Note that it does not duplicate the data, but rather it points to it directly.

func (*Lib) MakeOIDSet 

func (lib *Lib) MakeOIDSet(oids ...*OID) (s *OIDSet, err error)

MakeOIDSet makes an OIDSet prepopulated with the given OIDs.

func (*Lib) MakeOIDString 

func (lib *Lib) MakeOIDString(data string) (*OID, error)

MakeOIDString makes an OID from a string.

func (*Lib) NewCredId 

func (lib *Lib) NewCredId() *CredId

NewCredId instantiates a new credential.

func (*Lib) NewCtxId 

func (lib *Lib) NewCtxId() *CtxId

func (*Lib) NewName 

func (lib *Lib) NewName() *Name

NewName initializes a new principal name.

func (*Lib) NewOID 

func (lib *Lib) NewOID() *OID

NewOID initializes a new OID. (Object Identifier)

func (*Lib) NewOIDSet 

func (lib *Lib) NewOIDSet() *OIDSet

NewOIDSet constructs a new empty OID set.

func (*Lib) Notice 

func (lib *Lib) Notice(a ...interface{})

func (*Lib) Print 

func (lib *Lib) Print(level Severity, a ...interface{})

Print outputs a log line to the specified severity.

func (*Lib) Unload 

func (lib *Lib) Unload() error

Unload closes the handle to the dynamically-linked gssapi library.

func (*Lib) Warn 

func (lib *Lib) Warn(a ...interface{})

type MajorStatus 

type MajorStatus uint32

These are GSSAPI-defined: TODO: should MajorStatus be defined as C.OM_uint32?

func (MajorStatus) CallingError 

func (st MajorStatus) CallingError() MajorStatus

CallingError is equivalent to C GSS_CALLING_ERROR() macro.

func (MajorStatus) ContinueNeeded 

func (st MajorStatus) ContinueNeeded() bool

ContinueNeeded is equivalent to a C bitfield set test against the GSS_S_CONTINUE_NEEDED macro.

func (MajorStatus) DuplicateToken 

func (st MajorStatus) DuplicateToken() bool

DuplicateToken is equivalent to a C bitfield set test against the GSS_S_DUPLICATE_TOKEN macro.

func (MajorStatus) GapToken 

func (st MajorStatus) GapToken() bool

GapToken is equivalent to a C bitfield set test against the GSS_S_GAP_TOKEN macro.

func (MajorStatus) IsError 

func (st MajorStatus) IsError() bool

IsError is equivalent to C GSS_ERROR() macro. Not written as 'Error' because that's special in Go conventions. (i.e. conforming to error interface)

func (MajorStatus) OldToken 

func (st MajorStatus) OldToken() bool

OldToken is equivalent to a C bitfield set test against the GSS_S_OLD_TOKEN macro.

func (MajorStatus) RoutineError 

func (st MajorStatus) RoutineError() MajorStatus

RoutineError is equivalent to C GSS_ROUTINE_ERROR() macro.

func (MajorStatus) SupplementaryInfo 

func (st MajorStatus) SupplementaryInfo() MajorStatus

SupplementaryInfo is equivalent to C GSS_SUPPLEMENTARY_INFO() macro.

func (MajorStatus) UnseqToken 

func (st MajorStatus) UnseqToken() bool

UnseqToken is equivalent to a C bitfield set test against the GSS_S_UNSEQ_TOKEN macro.

type Name 

type Name struct {
	*Lib
	C_gss_name_t C.gss_name_t
}

A Name represents a binary string labeling a security principal. In the case of Kerberos, this could be a name like '[email protected]'.

func (Name) Canonicalize 

func (n Name) Canonicalize(mech_type *OID) (canonical *Name, err error)

Canonicalize returns a copy of this name, canonicalized for the specified mechanism

func (Name) Display 

func (n Name) Display() (name string, oid *OID, err error)

Display "allows an application to obtain a textual representation of an opaque internal-form name for display purposes"

func (*Name) Duplicate 

func (n *Name) Duplicate() (duplicate *Name, err error)

Duplicate creates a new independent imported name; after this, both the original and the duplicate will need to be .Released().

func (Name) Equal 

func (n Name) Equal(other Name) (equal bool, err error)

Equal tests 2 names for semantic equality (refer to the same entity)

func (*Name) Export 

func (n *Name) Export() (b *Buffer, err error)

Export makes a text (Buffer) version from an internal representation

func (*Name) InquireMechs 

func (n *Name) InquireMechs() (oids *OIDSet, err error)

InquireMechs returns the set of mechanisms supported by the GSS-API implementation that may be able to process the specified name

func (*Name) Release 

func (n *Name) Release() error

Release frees the memory associated with an internal representation of the name.

func (Name) String 

func (n Name) String() string

String displays a Go-friendly version of a name. ("" on error)

type OID 

type OID struct {
	*Lib
	C_gss_OID C.gss_OID
	// contains filtered or unexported fields
}

An OID is the wrapper for gss_OID_desc type. IMPORTANT: In gssapi, OIDs are not released explicitly, only as part of an OIDSet. However we malloc the OID bytes ourselves, so need to free them. To keep it simple, assume that OIDs obtained from gssapi must be Release()-ed. It will be safely ignored on those allocated by gssapi

func (OID) Bytes 

func (oid OID) Bytes() []byte

Bytes displays the bytes of an OID.

func (*OID) DebugString 

func (oid *OID) DebugString() string

Returns a symbolic name for a known OID, or the string. Note that this function is intended for debugging and is not at all performant.

func (*OID) Release 

func (oid *OID) Release() error

Release safely frees the contents of an OID if it's allocated with malloc by MakeOIDBytes.

func (*OID) String 

func (oid *OID) String() string

String displays a string representation of an OID.

type OIDSet 

type OIDSet struct {
	*Lib
	C_gss_OID_set C.gss_OID_set
}

An OIDSet is a set of OIDs.

func (*OIDSet) Add 

func (s *OIDSet) Add(oids ...*OID) (err error)

Add adds OIDs to an OIDSet.

func (*OIDSet) Contains 

func (s *OIDSet) Contains(oid *OID) bool

Contains (gss_test_oid_set_member) checks if an OID is present OIDSet.

func (*OIDSet) DebugString 

func (s *OIDSet) DebugString() string

func (*OIDSet) Get 

func (s *OIDSet) Get(index int) (*OID, error)

Get returns a specific OID from the set. The memory will be released when the set itself is released.

func (*OIDSet) Length 

func (s *OIDSet) Length() int

Length returns the number of OIDs in a set.

func (*OIDSet) Release 

func (s *OIDSet) Release() (err error)

Release frees all C memory associated with an OIDSet.

func (*OIDSet) TestOIDSetMember 

func (s *OIDSet) TestOIDSetMember(oid *OID) (contains bool, err error)

TestOIDSetMember a wrapper to determine if an OIDSet contains an OID.

type Options 

type Options struct {
	LibPath     string
	Krb5Config  string
	Krb5Ktname  string
	LoadDefault int

	Printers []Printer `json:"-"`
}

Options denote the options used to load a GSSAPI library. If a user supplies a LibPath, we use that. Otherwise, based upon the default and the current OS, we try to construct the library path.

func (*Options) Path 

func (o *Options) Path() string

Path returns the chosen gssapi library path that we're looking for.

type Printer 

type Printer interface {
	Print(a ...interface{})
}

Printer matches the log package, not fmt

type QOP 

type QOP C.OM_uint32

type Severity 

type Severity uint

func (Severity) String 

func (s Severity) String() string

String returns the string name of a log Severity.

Source Files

View all Source files

Directories

Path Synopsis
This is intended to give an interface for Kerberized servers to negotiate with clients using SPNEGO.
 This is intended to give an interface for Kerberized servers to negotiate with clients using SPNEGO.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳