integratedauth

package

v1.9.8 Latest Latest Go to latest Published: Mar 2, 2026 License: BSD-3-Clause Imports: 8 Imported by: 9

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/microsoft/go-mssqldb

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func SetIntegratedAuthenticationProvider(providerName string, p Provider) error
type AuthenticatorWithEPA
type ChannelBindings
type ChannelBindingsType
type IntegratedAuthenticator
- func GetIntegratedAuthenticator(config msdsn.Config) (IntegratedAuthenticator, error)
type Provider
type ProviderFunc
- func (f ProviderFunc) GetIntegratedAuthenticator(config msdsn.Config) (IntegratedAuthenticator, error)
type SEC_CHANNEL_BINDINGS
- func (cb *SEC_CHANNEL_BINDINGS) ToBytes() []byte

Constants ¶

View Source

const (
	ChannelBindingsTypeTLSExporter       = 0
	ChannelBindingsTypeTLSUnique         = 1
	ChannelBindingsTypeTLSServerEndPoint = 2
	ChannelBindingsTypeEmpty             = 3
)

View Source

const (
	// https://datatracker.ietf.org/doc/rfc9266/
	TLS_EXPORTER_PREFIX     = "tls-exporter:"
	TLS_EXPORTER_EKM_LABEL  = "EXPORTER-Channel-Binding"
	TLS_EXPORTER_EKM_LENGTH = 32
	// https://www.rfc-editor.org/rfc/rfc5801.html#section-5.2
	TLS_UNIQUE_PREFIX           = "tls-unique:"
	TLS_SERVER_END_POINT_PREFIX = "tls-server-end-point:"
)

Variables ¶

View Source

var (
	DefaultProviderName string

	ErrProviderCannotBeNil         = errors.New("provider cannot be nil")
	ErrProviderNameMustBePopulated = errors.New("provider name must be populated")
)

View Source

var EmptyChannelBindings = &ChannelBindings{
	Type:              ChannelBindingsTypeEmpty,
	InitiatorAddrType: 0,
	InitiatorAddress:  nil,
	AcceptorAddrType:  0,
	AcceptorAddress:   nil,
	ApplicationData:   nil,
}

Functions ¶

func SetIntegratedAuthenticationProvider ¶

func SetIntegratedAuthenticationProvider(providerName string, p Provider) error

SetIntegratedAuthenticationProvider stores a named authentication provider. It should be called before any connections are created.

Types ¶

type AuthenticatorWithEPA ¶ added in v1.9.7

type AuthenticatorWithEPA interface {
	SetChannelBinding(*ChannelBindings)
}

type ChannelBindings ¶ added in v1.9.7

type ChannelBindings struct {
	Type              ChannelBindingsType
	InitiatorAddrType uint32
	InitiatorAddress  []byte
	AcceptorAddrType  uint32
	AcceptorAddress   []byte
	ApplicationData   []byte
}

gss_channel_bindings_struct: https://docs.oracle.com/cd/E19683-01/816-1331/overview-52/index.html gss_buffer_desc: https://docs.oracle.com/cd/E19683-01/816-1331/reference-21/index.html

func GenerateCBTFromServerCert ¶ added in v1.9.7

func GenerateCBTFromServerCert(cert *x509.Certificate) *ChannelBindings

GenerateCBTFromServerCert generates a ChannelBindings struct from a server certificate Calculates the hash of the server certificate as described in 4.2 section of RFC5056. Parameters: - cert: the server certificate Returns: - a ChannelBindings struct

func GenerateCBTFromTLSConnState ¶ added in v1.9.7

func GenerateCBTFromTLSConnState(state tls.ConnectionState) (*ChannelBindings, error)

GenerateCBTFromTLSConnState generates a ChannelBindings struct from a TLS connection state If the TLS version is TLS 1.3, it generates a ChannelBindings struct from the TLS exporter key. If the TLS version is not TLS 1.3, it generates a ChannelBindings struct from the TLS unique value. Parameters: - state: the TLS connection state Returns: - a ChannelBindings struct

func GenerateCBTFromTLSExporter ¶ added in v1.9.7

func GenerateCBTFromTLSExporter(exporterKey []byte) (*ChannelBindings, error)

GenerateCBTFromTLSExporter generates a ChannelBindings struct from a TLS exporter key Parameters: - exporterKey: the TLS exporter key Returns: - a ChannelBindings struct

func GenerateCBTFromTLSUnique ¶ added in v1.9.7

func GenerateCBTFromTLSUnique(tlsUnique []byte) (*ChannelBindings, error)

GenerateCBTFromTLSUnique generates a ChannelBindings struct from a TLS unique value Adds tls-unique: prefix to the TLS unique value. Parameters: - tlsUnique: the TLS unique value Returns: - a ChannelBindings struct

func (*ChannelBindings) AsSSPI_SEC_CHANNEL_BINDINGS ¶ added in v1.9.7

func (cb *ChannelBindings) AsSSPI_SEC_CHANNEL_BINDINGS() *SEC_CHANNEL_BINDINGS

AsSSPI_SEC_CHANNEL_BINDINGS converts a ChannelBindings struct to a SEC_CHANNEL_BINDINGS struct Returns: - a SEC_CHANNEL_BINDINGS struct

func (*ChannelBindings) Md5Hash ¶ added in v1.9.7

func (cb *ChannelBindings) Md5Hash() []byte

Md5Hash calculates the MD5 hash of the ChannelBindings struct Returns: - a byte slice

func (*ChannelBindings) ToBytes ¶ added in v1.9.7

func (cb *ChannelBindings) ToBytes() []byte

ToBytes converts a ChannelBindings struct to a byte slice as it would be gss_channel_bindings_struct structure in GSSAPI. Returns: - a byte slice

type ChannelBindingsType ¶ added in v1.9.7

type ChannelBindingsType uint32

type IntegratedAuthenticator ¶

type IntegratedAuthenticator interface {
	InitialBytes() ([]byte, error)
	NextBytes([]byte) ([]byte, error)
	Free()
}

IntegratedAuthenticator is the interface for SSPI Login Authentication providers

func GetIntegratedAuthenticator ¶

func GetIntegratedAuthenticator(config msdsn.Config) (IntegratedAuthenticator, error)

GetIntegratedAuthenticator calls the authProvider specified in the 'authenticator' connection string parameter, if supplied. Otherwise fails back to the DefaultProviderName implementation for the platform.

type Provider ¶

type Provider interface {
	// GetIntegratedAuthenticator is responsible for returning an instance of the required IntegratedAuthenticator interface
	GetIntegratedAuthenticator(config msdsn.Config) (IntegratedAuthenticator, error)
}

Provider returns an SSPI compatible authentication provider

type ProviderFunc ¶

type ProviderFunc func(config msdsn.Config) (IntegratedAuthenticator, error)

ProviderFunc is an adapter to convert a GetIntegratedAuthenticator func into a Provider

func (ProviderFunc) GetIntegratedAuthenticator ¶

func (f ProviderFunc) GetIntegratedAuthenticator(config msdsn.Config) (IntegratedAuthenticator, error)

type SEC_CHANNEL_BINDINGS ¶ added in v1.9.7

type SEC_CHANNEL_BINDINGS struct {
	DwInitiatorAddrType     uint32
	CbInitiatorLength       uint32
	DwInitiatorOffset       uint32
	DwAcceptorAddrType      uint32
	CbAcceptorLength        uint32
	DwAcceptorOffset        uint32
	CbApplicationDataLength uint32
	DwApplicationDataOffset uint32
	Data                    []byte
}

SEC_CHANNEL_BINDINGS: https://learn.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-sec_channel_bindings

func (*SEC_CHANNEL_BINDINGS) ToBytes ¶ added in v1.9.7

func (cb *SEC_CHANNEL_BINDINGS) ToBytes() []byte

ToBytes converts a SEC_CHANNEL_BINDINGS struct to a byte slice, that can be use in SSPI InitializeSecurityContext function. Returns: - a byte slice

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
krb5 Package krb5 implements the integratedauth.IntegratedAuthenticator interface in order to provide kerberos/active directory (Windows) based authentication.	Package krb5 implements the integratedauth.IntegratedAuthenticator interface in order to provide kerberos/active directory (Windows) based authentication.
ntlm
winsspi

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL