golint fixes

README.md

@@ -196,6 +196,7 @@ if ok, creds, err := serivce.ValidateAPREQ(mt.APReq, kt, r.RemoteAddr); ok {
 * [HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol - Part 2](https://msdn.microsoft.com/en-us/library/ms995330.aspx)
 * [Microsoft PAC Validation](https://blogs.msdn.microsoft.com/openspecification/2009/04/24/understanding-microsoft-kerberos-pac-validation/)
 * [Microsoft Kerberos Protocol Extensions](https://msdn.microsoft.com/en-us/library/cc233855.aspx)
+* [Windows Data Types](https://msdn.microsoft.com/en-us/library/cc230273.aspx)
 
 ### Useful Links
 * https://en.wikipedia.org/wiki/Ciphertext_stealing#CBC_ciphertext_stealing

client/ASExchange.go

@@ -57,7 +57,7 @@ func (cl *Client) ASExchange() error {
 	if ok, err := ASRep.IsValid(cl.Config, cl.Credentials, ASReq); !ok {
 		return krberror.Errorf(err, krberror.KRBMSG_ERROR, "AS Exchange Error: AS_REP is not valid")
 	}
-	cl.Session = &Session{
+	cl.session = &session{
 		AuthTime:             ASRep.DecryptedEncPart.AuthTime,
 		EndTime:              ASRep.DecryptedEncPart.EndTime,
 		RenewTill:            ASRep.DecryptedEncPart.RenewTill,

client/TGSExchange.go

@@ -13,7 +13,7 @@ import (
 // TGSExchange performs a TGS exchange to retrieve a ticket to the specified SPN.
 // The ticket retrieved is added to the client's cache.
 func (cl *Client) TGSExchange(spn types.PrincipalName, tkt messages.Ticket, sessionKey types.EncryptionKey, renewal bool) (tgsReq messages.TGSReq, tgsRep messages.TGSRep, err error) {
-	if cl.Session == nil {
+	if cl.session == nil {
 		return tgsReq, tgsRep, errors.New("TGS Exchange Error: client does not have a session. Client needs to login first")
 	}
 	tgsReq, err = messages.NewTGSReq(cl.Credentials.CName, cl.Config, tkt, sessionKey, spn, renewal)
@@ -53,7 +53,7 @@ func (cl *Client) GetServiceTicket(spn string) (messages.Ticket, types.Encryptio
 		return tkt, skey, nil
 	}
 	// Ensure TGT still valid
-	if time.Now().UTC().After(cl.Session.EndTime) {
+	if time.Now().UTC().After(cl.session.EndTime) {
 		err := cl.updateTGT()
 		if err != nil {
 			return tkt, skey, err
@@ -64,11 +64,11 @@ func (cl *Client) GetServiceTicket(spn string) (messages.Ticket, types.Encryptio
 		NameType:   nametype.KRB_NT_PRINCIPAL,
 		NameString: s,
 	}
-	_, tgsRep, err := cl.TGSExchange(princ, cl.Session.TGT, cl.Session.SessionKey, false)
+	_, tgsRep, err := cl.TGSExchange(princ, cl.session.TGT, cl.session.SessionKey, false)
 	if err != nil {
 		return tkt, skey, err
 	}
-	cl.Cache.AddEntry(
+	cl.Cache.addEntry(
 		tgsRep.Ticket,
 		tgsRep.DecryptedEncPart.AuthTime,
 		tgsRep.DecryptedEncPart.StartTime,

client/cache.go

@@ -7,12 +7,12 @@ import (
 	"time"
 )
 
-// Client ticket cache.
+// Cache for client tickets.
 type Cache struct {
 	Entries map[string]CacheEntry
 }
 
-// Ticket cache entry.
+// CacheEntry holds details for a client cache entry.
 type CacheEntry struct {
 	Ticket     messages.Ticket
 	AuthTime   time.Time
@@ -30,13 +30,13 @@ func NewCache() *Cache {
 }
 
 // GetEntry returns a cache entry that matches the SPN.
-func (c *Cache) GetEntry(spn string) (CacheEntry, bool) {
+func (c *Cache) getEntry(spn string) (CacheEntry, bool) {
 	e, ok := (*c).Entries[spn]
 	return e, ok
 }
 
 // AddEntry adds a ticket to the cache.
-func (c *Cache) AddEntry(tkt messages.Ticket, authTime, startTime, endTime, renewTill time.Time, sessionKey types.EncryptionKey) CacheEntry {
+func (c *Cache) addEntry(tkt messages.Ticket, authTime, startTime, endTime, renewTill time.Time, sessionKey types.EncryptionKey) CacheEntry {
 	spn := strings.Join(tkt.SName.NameString, "/")
 	(*c).Entries[spn] = CacheEntry{
 		Ticket:     tkt,
@@ -57,7 +57,7 @@ func (c *Cache) RemoveEntry(spn string) {
 // GetCachedTicket returns a ticket from the cache for the SPN.
 // Only a ticket that is currently valid will be returned.
 func (cl *Client) GetCachedTicket(spn string) (messages.Ticket, types.EncryptionKey, bool) {
-	if e, ok := cl.Cache.GetEntry(spn); ok {
+	if e, ok := cl.Cache.getEntry(spn); ok {
 		//If within time window of ticket return it
 		if time.Now().UTC().After(e.StartTime) && time.Now().UTC().Before(e.EndTime) {
 			return e.Ticket, e.SessionKey, true
@@ -81,7 +81,7 @@ func (cl *Client) RenewTicket(e CacheEntry) (CacheEntry, error) {
 	if err != nil {
 		return e, err
 	}
-	e = cl.Cache.AddEntry(
+	e = cl.Cache.addEntry(
 		tgsRep.Ticket,
 		tgsRep.DecryptedEncPart.AuthTime,
 		tgsRep.DecryptedEncPart.StartTime,

client/client.go

@@ -7,16 +7,18 @@ import (
 	"github.com/jcmturner/gokrb5/keytab"
 )
 
-// Client struct.
+// Client side configuration and state.
 type Client struct {
 	Credentials *credentials.Credentials
 	Config      *config.Config
 	GoKrb5Conf  *Config
-	Session     *Session
+	session     *session
 	Cache       *Cache
 }
 
-// GoKRB5 specific client configurations.
+// Config struct holds GoKRB5 specific client configurations.
+// Set Disable_PA_FX_FAST to true to force this behaviour off.
+// Set Assume_PA_ENC_TIMESTAMP_Required to send the PA_ENC_TIMESTAMP pro-actively rather than waiting for a KRB_ERROR response from the KDC indicating it is required.
 type Config struct {
 	Disable_PA_FX_FAST               bool
 	Assume_PA_ENC_TIMESTAMP_Required bool
@@ -29,7 +31,7 @@ func NewClientWithPassword(username, realm, password string) Client {
 		Credentials: creds.WithPassword(password),
 		Config:      config.NewConfig(),
 		GoKrb5Conf:  &Config{},
-		Session:     &Session{},
+		session:     &session{},
 		Cache:       NewCache(),
 	}
 }
@@ -41,7 +43,7 @@ func NewClientWithKeytab(username, realm string, kt keytab.Keytab) Client {
 		Credentials: creds.WithKeytab(kt),
 		Config:      config.NewConfig(),
 		GoKrb5Conf:  &Config{},
-		Session:     &Session{},
+		session:     &session{},
 		Cache:       NewCache(),
 	}
 }

client/session.go

@@ -9,7 +9,7 @@ import (
 )
 
 // Client session struct.
-type Session struct {
+type session struct {
 	AuthTime             time.Time
 	EndTime              time.Time
 	RenewTill            time.Time
@@ -24,7 +24,7 @@ func (cl *Client) EnableAutoSessionRenewal() {
 	go func() {
 		for {
 			//Wait until one minute before endtime
-			w := (cl.Session.EndTime.Sub(time.Now().UTC()) * 5) / 6
+			w := (cl.session.EndTime.Sub(time.Now().UTC()) * 5) / 6
 			if w < 0 {
 				return
 			}
@@ -38,13 +38,13 @@ func (cl *Client) EnableAutoSessionRenewal() {
 func (cl *Client) RenewTGT() error {
 	spn := types.PrincipalName{
 		NameType:   nametype.KRB_NT_SRV_INST,
-		NameString: []string{"krbtgt", cl.Session.TGT.Realm},
+		NameString: []string{"krbtgt", cl.session.TGT.Realm},
 	}
-	_, tgsRep, err := cl.TGSExchange(spn, cl.Session.TGT, cl.Session.SessionKey, true)
+	_, tgsRep, err := cl.TGSExchange(spn, cl.session.TGT, cl.session.SessionKey, true)
 	if err != nil {
 		return krberror.Errorf(err, krberror.KRBMSG_ERROR, "Error renewing TGT")
 	}
-	cl.Session = &Session{
+	cl.session = &session{
 		AuthTime:             tgsRep.DecryptedEncPart.AuthTime,
 		EndTime:              tgsRep.DecryptedEncPart.EndTime,
 		RenewTill:            tgsRep.DecryptedEncPart.RenewTill,
@@ -56,7 +56,7 @@ func (cl *Client) RenewTGT() error {
 }
 
 func (cl *Client) updateTGT() error {
-	if time.Now().UTC().Before(cl.Session.RenewTill) {
+	if time.Now().UTC().Before(cl.session.RenewTill) {
 		err := cl.RenewTGT()
 		if err != nil {
 			return err

config/krb5conf.go

@@ -1,4 +1,4 @@
-// Implements KRB5 client and service configuration as described at https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html
+// Package config implements KRB5 client and service configuration as described at https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html
 package config
 
 import (
@@ -17,7 +17,7 @@ import (
 	"time"
 )
 
-// Struct representing the KRB5 configuration.
+// Config represents the KRB5 configuration.
 type Config struct {
 	LibDefaults *LibDefaults
 	Realms      []Realm
@@ -39,7 +39,7 @@ func NewConfig() *Config {
 	}
 }
 
-// Struct representing the [libdefaults] section of the configuration.
+// LibDefaults represents the [libdefaults] section of the configuration.
 type LibDefaults struct {
 	Allow_weak_crypto bool //default false
 	// ap_req_checksum_type int //unlikely to support this
@@ -295,7 +295,7 @@ func (l *LibDefaults) parseLines(lines []string) error {
 	return nil
 }
 
-// Struct representing an entry in the [realms] section of the configuration.
+// Realm represents an entry in the [realms] section of the configuration.
 type Realm struct {
 	Realm        string
 	Admin_server []string
@@ -389,7 +389,7 @@ func parseRealms(lines []string) ([]Realm, error) {
 	return realms, nil
 }
 
-// Mapping of domains to realms representing the [domain_realm] section of the configuration.
+// DomainRealm maps the domains to realms representing the [domain_realm] section of the configuration.
 type DomainRealm map[string]string
 
 // Parse the lines of the [domain_realm] section of the configuration and add to the mapping.

credentials/credentials.go

@@ -1,4 +1,4 @@
-// Credentials for Kerberos 5 authentication.
+// Package credentials provides credentials management for Kerberos 5 authentication.
 package credentials
 
 import (
@@ -20,6 +20,7 @@ type Credentials struct {
 	Attributes map[string]interface{}
 }
 
+// ADCredentials contains information obtained from the PAC.
 type ADCredentials struct {
 	EffectiveName       string
 	FullName            string

crypto/aes128-cts-hmac-sha1-96.go

@@ -58,6 +58,7 @@ import (
 //|    hmac-sha1-96-aes256                16                   96      |
 //+--------------------------------------------------------------------+
 
+// Aes128CtsHmacSha96 implements Kerberos encryption type aes128-cts-hmac-sha1-96
 type Aes128CtsHmacSha96 struct {
 }
 

crypto/aes128-cts-hmac-sha1-96_test.go

@@ -33,7 +33,7 @@ func TestAes128CtsHmacSha196_StringToKey(t *testing.T) {
 	for i, test := range tests {
 
 		assert.Equal(t, test.pbkdf2, hex.EncodeToString(rfc3962.StringToPBKDF2(test.phrase, test.salt, test.iterations, e)), "PBKDF2 not as expected")
-		k, err := e.StringToKey(test.phrase, test.salt, common.IterationsToS2kparams(test.iterations))
+		k, err := e.StringToKey(test.phrase, test.salt, common.IterationsToS2Kparams(test.iterations))
 		if err != nil {
 			t.Errorf("Error in processing string to key for test %d: %v", i, err)
 		}

crypto/aes128-cts-hmac-sha256-128.go

@@ -13,6 +13,7 @@ import (
 
 // RFC https://tools.ietf.org/html/rfc8009
 
+// Aes128CtsHmacSha256128 implements Kerberos encryption type aes128-cts-hmac-sha256-128
 type Aes128CtsHmacSha256128 struct {
 }
 

crypto/aes128-cts-hmac-sha256-128_test.go

@@ -27,7 +27,7 @@ func TestAes128CtsHmacSha256128_StringToKey(t *testing.T) {
 		saltp := rfc8009.GetSaltP(test.salt, "aes128-cts-hmac-sha256-128")
 		assert.Equal(t, test.saltp, hex.EncodeToString(([]byte(saltp))), "SaltP not as expected")
 
-		k, _ := e.StringToKey(test.phrase, test.salt, common.IterationsToS2kparams(test.iterations))
+		k, _ := e.StringToKey(test.phrase, test.salt, common.IterationsToS2Kparams(test.iterations))
 		assert.Equal(t, test.key, hex.EncodeToString(k), "String to Key not as expected")
 
 	}

crypto/aes256-cts-hmac-sha1-96.go

@@ -58,6 +58,7 @@ import (
 //|    hmac-sha1-96-aes256                16                   96      |
 //+--------------------------------------------------------------------+
 
+// Aes256CtsHmacSha96 implements Kerberos encryption type aes256-cts-hmac-sha1-96
 type Aes256CtsHmacSha96 struct {
 }
 

crypto/aes256-cts-hmac-sha1-96_test.go

@@ -33,7 +33,7 @@ func TestAes256CtsHmacSha196_StringToKey(t *testing.T) {
 	for i, test := range tests {
 
 		assert.Equal(t, test.pbkdf2, hex.EncodeToString(rfc3962.StringToPBKDF2(test.phrase, test.salt, test.iterations, e)), "PBKDF2 not as expected")
-		k, err := e.StringToKey(test.phrase, test.salt, common.IterationsToS2kparams(test.iterations))
+		k, err := e.StringToKey(test.phrase, test.salt, common.IterationsToS2Kparams(test.iterations))
 		if err != nil {
 			t.Errorf("Error in processing string to key for test %d: %v", i, err)
 		}

crypto/aes256-cts-hmac-sha384-192.go

@@ -13,6 +13,7 @@ import (
 
 // RFC https://tools.ietf.org/html/rfc8009
 
+// Aes256CtsHmacSha384192 implements Kerberos encryption type aes256-cts-hmac-sha384-192
 type Aes256CtsHmacSha384192 struct {
 }
 

crypto/aes256-cts-hmac-sha384-192_test.go

@@ -27,7 +27,7 @@ func TestAes256CtsHmacSha384192_StringToKey(t *testing.T) {
 		saltp := rfc8009.GetSaltP(test.salt, "aes256-cts-hmac-sha384-192")
 		assert.Equal(t, test.saltp, hex.EncodeToString(([]byte(saltp))), "SaltP not as expected")
 
-		k, _ := e.StringToKey(test.phrase, test.salt, common.IterationsToS2kparams(test.iterations))
+		k, _ := e.StringToKey(test.phrase, test.salt, common.IterationsToS2Kparams(test.iterations))
 		assert.Equal(t, test.key, hex.EncodeToString(k), "String to Key not as expected")
 	}
 }

crypto/common/common.go

@@ -139,7 +139,7 @@ func getUsage(un uint32, o byte) []byte {
 }
 
 // IterationsToS2Kparams converts the number of iterations as an integer to a string representation.
-func IterationsToS2kparams(i int) string {
+func IterationsToS2Kparams(i int) string {
 	b := make([]byte, 4, 4)
 	binary.BigEndian.PutUint32(b, uint32(i))
 	return hex.EncodeToString(b)

crypto/crypto.go

@@ -1,4 +1,4 @@
-// Cryptographic packages for Kerberos 5 implementation.
+// Package crypto implements cryptographic functions for Kerberos 5 implementation.
 package crypto
 
 import (
@@ -11,6 +11,7 @@ import (
 	"github.com/jcmturner/gokrb5/types"
 )
 
+// GetEtype returns an instances of the required etype struct for the etype ID.
 func GetEtype(id int) (etype.EType, error) {
 	switch id {
 	case etypeID.AES128_CTS_HMAC_SHA1_96:
@@ -33,6 +34,7 @@ func GetEtype(id int) (etype.EType, error) {
 	}
 }
 
+// GetChksumEtype returns an instances of the required etype struct for the checksum ID.
 func GetChksumEtype(id int) (etype.EType, error) {
 	switch id {
 	case chksumtype.HMAC_SHA1_96_AES128:
@@ -55,6 +57,7 @@ func GetChksumEtype(id int) (etype.EType, error) {
 	}
 }
 
+// GetKeyFromPassword generates an encryption key from the principal's password.
 func GetKeyFromPassword(passwd string, cname types.PrincipalName, realm string, etypeID int, pas types.PADataSequence) (types.EncryptionKey, etype.EType, error) {
 	var key types.EncryptionKey
 	et, err := GetEtype(etypeID)
@@ -122,7 +125,8 @@ func GetKeyFromPassword(passwd string, cname types.PrincipalName, realm string,
 	return key, et, nil
 }
 
-// Pass a usage value of zero to use the key provided directly rather than deriving one
+// GetEncryptedData encrypts the data provided and returns and EncryptedData type.
+// Pass a usage value of zero to use the key provided directly rather than deriving one.
 func GetEncryptedData(plainBytes []byte, key types.EncryptionKey, usage uint32, kvno int) (types.EncryptedData, error) {
 	var ed types.EncryptedData
 	et, err := GetEtype(key.KeyType)
@@ -142,10 +146,12 @@ func GetEncryptedData(plainBytes []byte, key types.EncryptionKey, usage uint32,
 	return ed, nil
 }
 
+// DecryptEncPart decrypts the EncryptedData.
 func DecryptEncPart(ed types.EncryptedData, key types.EncryptionKey, usage uint32) ([]byte, error) {
 	return DecryptMessage(ed.Cipher, key, usage)
 }
 
+// DecryptMessage decrypts the ciphertext and verifies the integrity.
 func DecryptMessage(ciphertext []byte, key types.EncryptionKey, usage uint32) ([]byte, error) {
 	et, err := GetEtype(key.KeyType)
 	if err != nil {

crypto/des3-cbc-sha1-kd.go

@@ -49,6 +49,7 @@ import (
    sixteen (16).  The hmac-sha1-des3-kd checksum algorithm is assigned a
    checksum type number of twelve (12)*/
 
+// Des3CbcSha1Kd implements Kerberos encryption type des3-cbc-hmac-sha1-kd
 type Des3CbcSha1Kd struct {
 }
 

crypto/etype/etype.go

@@ -3,7 +3,7 @@ package etype
 
 import "hash"
 
-// Interface defining the Encryption Type.
+// EType is the interface defining the Encryption Type.
 type EType interface {
 	GetETypeID() int
 	GetHashID() int

crypto/rfc8009/keyDerivation.go

@@ -14,11 +14,14 @@ const (
 	s2kParamsZero = 32768
 )
 
+// DeriveRandom for key derivation as defined in RFC 8009
 func DeriveRandom(protocolKey, usage []byte, e etype.EType) ([]byte, error) {
 	h := e.GetHashFunc()()
 	return KDF_HMAC_SHA2(protocolKey, []byte("prf"), usage, h.Size(), e), nil
 }
 
+// DeriveKey derives a key from the protocol key based on the usage and the etype's specific methods.
+//
 // https://tools.ietf.org/html/rfc8009#section-5
 //
 // If the enctype is aes128-cts-hmac-sha256-128:
@@ -63,10 +66,12 @@ func DeriveKey(protocolKey, label []byte, e etype.EType) []byte {
 	return e.RandomToKey(KDF_HMAC_SHA2(protocolKey, label, context, kl, e))
 }
 
+// RandomToKey returns a key from the bytes provided according to the definition in RFC 8009.
 func RandomToKey(b []byte) []byte {
 	return b
 }
 
+// StringToKey returns a key derived from the string provided according to the definition in RFC 8009.
 func StringToKey(secret, salt, s2kparams string, e etype.EType) ([]byte, error) {
 	i, err := S2KparamsToItertions(s2kparams)
 	if err != nil {
@@ -75,11 +80,13 @@ func StringToKey(secret, salt, s2kparams string, e etype.EType) ([]byte, error)
 	return StringToKeyIter(secret, salt, int(i), e)
 }
 
+// StringToKeyIter returns a key derived from the string provided according to the definition in RFC 8009.
 func StringToKeyIter(secret, salt string, iterations int, e etype.EType) ([]byte, error) {
 	tkey := e.RandomToKey(StringToPBKDF2(secret, salt, iterations, e))
 	return e.DeriveKey(tkey, []byte("kerberos"))
 }
 
+// StringToPBKDF2 generates an encryption key from a pass phrase and salt string using the PBKDF2 function from PKCS #5 v2.0
 func StringToPBKDF2(secret, salt string, iterations int, e etype.EType) []byte {
 	kl := e.GetKeyByteSize()
 	if e.GetETypeID() == etypeID.AES256_CTS_HMAC_SHA384_192 {
@@ -88,7 +95,7 @@ func StringToPBKDF2(secret, salt string, iterations int, e etype.EType) []byte {
 	return pbkdf2.Key([]byte(secret), []byte(salt), iterations, kl, e.GetHashFunc())
 }
 
-// https://tools.ietf.org/html/rfc8009#section-3
+// KDF_HMAC_SHA2 key derivation: https://tools.ietf.org/html/rfc8009#section-3
 func KDF_HMAC_SHA2(protocolKey, label, context []byte, kl int, e etype.EType) []byte {
 	//k: Length in bits of the key to be outputted, expressed in big-endian binary representation in 4 bytes.
 	k := make([]byte, 4, 4)
@@ -108,6 +115,7 @@ func KDF_HMAC_SHA2(protocolKey, label, context []byte, kl int, e etype.EType) []
 	return mac.Sum(nil)[:(kl / 8)]
 }
 
+// GetSaltP returns the salt value based on the etype name: https://tools.ietf.org/html/rfc8009#section-4
 func GetSaltP(salt, ename string) string {
 	b := []byte(ename)
 	b = append(b, byte(uint8(0)))
@@ -115,12 +123,8 @@ func GetSaltP(salt, ename string) string {
 	return string(b)
 }
 
+// S2KparamsToItertions converts the string representation of iterations to an integer for RFC 8009.
 func S2KparamsToItertions(s2kparams string) (int, error) {
-	//process s2kparams string
-	//The parameter string is four octets indicating an unsigned
-	//number in big-endian order.  This is the number of iterations to be
-	//performed.  If the value is 00 00 00 00, the number of iterations to
-	//be performed is 4,294,967,296 (2**32).
 	var i uint32
 	if len(s2kparams) != 8 {
 		return s2kParamsZero, errors.New("Invalid s2kparams length")

gssapi/ContextFlags.go

@@ -24,6 +24,7 @@ const (
 	integFlag    = 6
 )
 
+// ContextFlags flags for GSSAPI
 type ContextFlags asn1.BitString
 
 // NewContextFlags creates a new ContextFlags instance.

gssapi/MechType.go

@@ -2,8 +2,8 @@ package gssapi
 
 import "github.com/jcmturner/asn1"
 
-// MechType OID for Kerberos 5
+// MechTypeOID_Krb5 is the MechType OID for Kerberos 5
 var MechTypeOID_Krb5 = asn1.ObjectIdentifier{1, 2, 840, 113554, 1, 2, 2}
 
-// MechType OID for MS legacy Kerberos 5
+// MechTypeOID_MSLegacyKrb5 is the MechType OID for MS legacy Kerberos 5
 var MechTypeOID_MSLegacyKrb5 = asn1.ObjectIdentifier{1, 2, 840, 48018, 1, 2, 2}

gssapi/NegotiationToken.go

@@ -43,7 +43,7 @@ NegTokenResp ::= SEQUENCE {
 }
 */
 
-// Negotiation Token - Init
+// NegTokenInit implements Negotiation Token of type Init
 type NegTokenInit struct {
 	MechTypes    []asn1.ObjectIdentifier `asn1:"explicit,tag:0"`
 	ReqFlags     ContextFlags            `asn1:"explicit,optional,tag:1"`
@@ -51,7 +51,7 @@ type NegTokenInit struct {
 	MechTokenMIC []byte                  `asn1:"explicit,optional,tag:3"`
 }
 
-// Negotiation Token - Resp/Targ
+// NegTokenResp implements Negotiation Token of type Resp/Targ
 type NegTokenResp struct {
 	NegState      asn1.Enumerated       `asn1:"explicit,tag:0"`
 	SupportedMech asn1.ObjectIdentifier `asn1:"explicit,optional,tag:1"`
@@ -59,6 +59,7 @@ type NegTokenResp struct {
 	MechListMIC   []byte                `asn1:"explicit,optional,tag:3"`
 }
 
+// NegTokenTarg implements Negotiation Token of type Resp/Targ
 type NegTokenTarg NegTokenResp
 
 // UnmarshalNegToken umarshals and returns either a NegTokenInit or a NegTokenResp.

gssapi/gssapi.go

@@ -11,8 +11,10 @@ import (
 	"github.com/jcmturner/gokrb5/types"
 )
 
+// SPNEGO_OID is the OID for SPNEGO header type.
 var SPNEGO_OID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 2}
 
+// SPNEGO header struct
 type SPNEGO struct {
 	Init         bool
 	Resp         bool

gssapi/krb5Token.go

@@ -26,6 +26,7 @@ const (
 	GSS_C_INTEG_FLAG    = 32
 )
 
+// MechToken implementation for GSSAPI
 type MechToken struct {
 	OID      asn1.ObjectIdentifier
 	TokID    []byte

keytab/keytab.go

@@ -15,12 +15,12 @@ import (
 // Keytab struct.
 type Keytab struct {
 	Version uint16
-	Entries []Entry
+	Entries []entry
 }
 
 // Keytab entry struct.
-type Entry struct {
-	Principal Principal
+type entry struct {
+	Principal principal
 	Timestamp time.Time
 	KVNO8     uint8
 	Key       types.EncryptionKey
@@ -28,7 +28,7 @@ type Entry struct {
 }
 
 // Keytab entry principal struct.
-type Principal struct {
+type principal struct {
 	NumComponents int16
 	Realm         string
 	Components    []string
@@ -37,7 +37,7 @@ type Principal struct {
 
 // NewKeytab creates new, empty Keytab type.
 func NewKeytab() Keytab {
-	var e []Entry
+	var e []entry
 	return Keytab{
 		Version: 0,
 		Entries: e,
@@ -69,9 +69,9 @@ func (kt *Keytab) GetEncryptionKey(nameString []string, realm string, kvno, etyp
 }
 
 // Create a new Keytab entry.
-func newKeytabEntry() Entry {
+func newKeytabEntry() entry {
 	var b []byte
-	return Entry{
+	return entry{
 		Principal: newPrincipal(),
 		Timestamp: time.Time{},
 		KVNO8:     0,
@@ -84,9 +84,9 @@ func newKeytabEntry() Entry {
 }
 
 // Create a new principal.
-func newPrincipal() Principal {
+func newPrincipal() principal {
 	var c []string
-	return Principal{
+	return principal{
 		NumComponents: 0,
 		Realm:         "",
 		Components:    c,
@@ -176,7 +176,7 @@ func Parse(b []byte) (kt Keytab, err error) {
 }
 
 // Parse the Keytab bytes of a principal into a Keytab entry's principal.
-func parse_principal(b []byte, p *int, kt *Keytab, ke *Entry, e *binary.ByteOrder) (err error) {
+func parse_principal(b []byte, p *int, kt *Keytab, ke *entry, e *binary.ByteOrder) (err error) {
 	ke.Principal.NumComponents = read_int16(b, p, e)
 	if kt.Version == 1 {
 		//In version 1 the number of components includes the realm. Minus 1 to make consistent with version 2

krberror/error.go

@@ -1,4 +1,4 @@
-// Error handling.
+// Package krberror provides error type and functions for gokrb5.
 package krberror
 
 import (
@@ -16,6 +16,7 @@ const (
 	KRBMSG_ERROR     = "KRBMessage_Handling_Error"
 )
 
+// Krberror is an error type for gokrb5
 type Krberror struct {
 	RootCause string
 	EText     []string

messages/APRep.go

@@ -25,14 +25,14 @@ EncAPRepPart    ::= [APPLICATION 27] SEQUENCE {
 }
 */
 
-// RFC 4120 KRB_AP_REP: https://tools.ietf.org/html/rfc4120#section-5.5.2.
+// APRep implements RFC 4120 KRB_AP_REP: https://tools.ietf.org/html/rfc4120#section-5.5.2.
 type APRep struct {
 	PVNO    int                 `asn1:"explicit,tag:0"`
 	MsgType int                 `asn1:"explicit,tag:1"`
 	EncPart types.EncryptedData `asn1:"explicit,tag:2"`
 }
 
-// Encrypted part of KRB_AP_REP.
+// EncAPRepPart is the encrypted part of KRB_AP_REP.
 type EncAPRepPart struct {
 	CTime          time.Time           `asn1:"generalized,explicit,tag:0"`
 	Cusec          int                 `asn1:"explicit,tag:1"`

messages/APReq.go

@@ -36,7 +36,7 @@ type marshalAPReq struct {
 	Authenticator types.EncryptedData `asn1:"explicit,tag:4"`
 }
 
-// RFC 4120 KRB_AP_REQ: https://tools.ietf.org/html/rfc4120#section-5.5.1.
+// APReq implements RFC 4120 KRB_AP_REQ: https://tools.ietf.org/html/rfc4120#section-5.5.1.
 type APReq struct {
 	PVNO          int                 `asn1:"explicit,tag:0"`
 	MsgType       int                 `asn1:"explicit,tag:1"`

messages/KDCRep.go

@@ -30,7 +30,7 @@ type marshalKDCRep struct {
 	EncPart types.EncryptedData `asn1:"explicit,tag:6"`
 }
 
-// KRB_KDC_REP struct fields.
+// KDCRepFields represents the KRB_KDC_REP fields.
 type KDCRepFields struct {
 	PVNO             int
 	MsgType          int
@@ -42,17 +42,17 @@ type KDCRepFields struct {
 	DecryptedEncPart EncKDCRepPart
 }
 
-// RFC 4120 KRB_AS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
+// ASRep implements RFC 4120 KRB_AS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
 type ASRep struct {
 	KDCRepFields
 }
 
-// RFC 4120 KRB_TGS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
+// TGSRep implements RFC 4120 KRB_TGS_REP: https://tools.ietf.org/html/rfc4120#section-5.4.2.
 type TGSRep struct {
 	KDCRepFields
 }
 
-// Encrypted part of KRB_KDC_REP.
+// EncKDCRepPart is the encrypted part of KRB_KDC_REP.
 type EncKDCRepPart struct {
 	Key           types.EncryptionKey  `asn1:"explicit,tag:0"`
 	LastReqs      []LastReq            `asn1:"explicit,tag:1"`

messages/KDCReq.go

@@ -29,7 +29,7 @@ type marshalKDCReq struct {
 	ReqBody asn1.RawValue        `asn1:"explicit,tag:4"`
 }
 
-// KRB_KDC_REQ struct fields.
+// KDCReqFields represents the KRB_KDC_REQ fields.
 type KDCReqFields struct {
 	PVNO    int
 	MsgType int
@@ -38,12 +38,12 @@ type KDCReqFields struct {
 	Renewal bool
 }
 
-// RFC 4120 KRB_AS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
+// ASReq implements RFC 4120 KRB_AS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
 type ASReq struct {
 	KDCReqFields
 }
 
-// RFC 4120 KRB_TGS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
+// TGSReq implements RFC 4120 KRB_TGS_REQ: https://tools.ietf.org/html/rfc4120#section-5.4.1.
 type TGSReq struct {
 	KDCReqFields
 }
@@ -64,7 +64,7 @@ type marshalKDCReqBody struct {
 	AdditionalTickets asn1.RawValue `asn1:"explicit,optional,tag:11"`
 }
 
-// KRB_KDC_REQ request body.
+// KDCReqBody implements the KRB_KDC_REQ request body.
 type KDCReqBody struct {
 	KDCOptions        asn1.BitString      `asn1:"explicit,tag:0"`
 	CName             types.PrincipalName `asn1:"explicit,optional,tag:1"`

messages/KRBCred.go

@@ -19,7 +19,7 @@ type marshalKRBCred struct {
 	EncPart types.EncryptedData `asn1:"explicit,tag:3"`
 }
 
-// RFC 4120 KRB_CRED: https://tools.ietf.org/html/rfc4120#section-5.8.1.
+// KRBCred implements RFC 4120 KRB_CRED: https://tools.ietf.org/html/rfc4120#section-5.8.1.
 type KRBCred struct {
 	PVNO             int
 	MsgType          int
@@ -28,7 +28,7 @@ type KRBCred struct {
 	DecryptedEncPart EncKrbCredPart
 }
 
-// Encrypted part of KRB_CRED.
+// EncKrbCredPart is the encrypted part of KRB_CRED.
 type EncKrbCredPart struct {
 	TicketInfo []KrbCredInfo     `asn1:"explicit,tag:0"`
 	Nouce      int               `asn1:"optional,explicit,tag:1"`
@@ -38,7 +38,7 @@ type EncKrbCredPart struct {
 	RAddress   types.HostAddress `asn1:"optional,explicit,tag:5"`
 }
 
-// KRB_CRED_INFO part of KRB_CRED.
+// KrbCredInfo is the KRB_CRED_INFO part of KRB_CRED.
 type KrbCredInfo struct {
 	Key       types.EncryptionKey `asn1:"explicit,tag:0"`
 	PRealm    string              `asn1:"generalstring,optional,explicit,tag:1"`

messages/KRBError.go

@@ -1,4 +1,4 @@
-// Package message implements Kerberos 5 message types and methods.
+// Package messages implements Kerberos 5 message types and methods.
 package messages
 
 import (
@@ -13,7 +13,7 @@ import (
 	"time"
 )
 
-// RFC 4120 KRB_ERROR: https://tools.ietf.org/html/rfc4120#section-5.9.1.
+// KRBError implements RFC 4120 KRB_ERROR: https://tools.ietf.org/html/rfc4120#section-5.9.1.
 type KRBError struct {
 	PVNO      int                 `asn1:"explicit,tag:0"`
 	MsgType   int                 `asn1:"explicit,tag:1"`

messages/KRBPriv.go

@@ -10,14 +10,14 @@ import (
 	"time"
 )
 
-// RFC 4120 KRB_PRIV: https://tools.ietf.org/html/rfc4120#section-5.7.1.
+// KRBPriv implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.7.1.
 type KRBPriv struct {
 	PVNO    int                 `asn1:"explicit,tag:0"`
 	MsgType int                 `asn1:"explicit,tag:1"`
 	EncPart types.EncryptedData `asn1:"explicit,tag:3"`
 }
 
-// Encrypted part of KRB_PRIV.
+// EncKrbPrivPart is the encrypted part of KRB_PRIV.
 type EncKrbPrivPart struct {
 	UserData       []byte            `asn1:"explicit,tag:0"`
 	Timestamp      time.Time         `asn1:"generalized,optional,explicit,tag:1"`

messages/KRBSafe.go

@@ -28,7 +28,7 @@ KRB-SAFE-BODY   ::= SEQUENCE {
 }
 */
 
-// RFC 4120 KRB_SAFE: https://tools.ietf.org/html/rfc4120#section-5.6.1.
+// KRBSafe implements RFC 4120 KRB_SAFE: https://tools.ietf.org/html/rfc4120#section-5.6.1.
 type KRBSafe struct {
 	PVNO     int            `asn1:"explicit,tag:0"`
 	MsgType  int            `asn1:"explicit,tag:1"`
@@ -36,7 +36,7 @@ type KRBSafe struct {
 	Cksum    types.Checksum `asn1:"explicit,tag:3"`
 }
 
-// KRB_SAFE_BODY of KRB_SAFE.
+// KRBSafeBody implements the KRB_SAFE_BODY of KRB_SAFE.
 type KRBSafeBody struct {
 	UserData       []byte            `asn1:"explicit,tag:0"`
 	Timestamp      time.Time         `asn1:"generalized,optional,explicit,tag:1"`

messages/Ticket.go

@@ -21,6 +21,7 @@ import (
 // Reference: https://www.ietf.org/rfc/rfc4120.txt
 // Section: 5.3
 
+// Ticket implements the Kerberos ticket.
 type Ticket struct {
 	TktVNO           int                 `asn1:"explicit,tag:0"`
 	Realm            string              `asn1:"generalstring,explicit,tag:1"`
@@ -29,6 +30,7 @@ type Ticket struct {
 	DecryptedEncPart EncTicketPart       `asn1:"optional"` // Not part of ASN1 bytes so marked as optional so unmarshalling works
 }
 
+// EncTicketPart is the encrypted part of the Ticket.
 type EncTicketPart struct {
 	Flags             asn1.BitString          `asn1:"explicit,tag:0"`
 	Key               types.EncryptionKey     `asn1:"explicit,tag:1"`
@@ -43,6 +45,7 @@ type EncTicketPart struct {
 	AuthorizationData types.AuthorizationData `asn1:"explicit,optional,tag:10"`
 }
 
+// TransitedEncoding part of the ticket's encrypted part.
 type TransitedEncoding struct {
 	TRType   int    `asn1:"explicit,tag:0"`
 	Contents []byte `asn1:"explicit,tag:1"`

mstypes/claims_set_metadata.go

@@ -5,7 +5,7 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
-// https://msdn.microsoft.com/en-us/library/hh554073.aspx
+// ClaimsSetMetadata implements https://msdn.microsoft.com/en-us/library/hh554073.aspx
 type ClaimsSetMetadata struct {
 	ULClaimsSetSize             uint32
 	ClaimsSet                   []byte

mstypes/filetime.go

@@ -19,6 +19,7 @@ This gives the number of 100 nano second period from January 1, 1601, Coordinate
 
 const UNIX_EPOCH_DIFF = 116444736000000000
 
+// FileTime implements the Microsoft FILETIME type https://msdn.microsoft.com/en-us/library/cc230324.aspx
 type FileTime struct {
 	LowDateTime  uint32
 	HighDateTime uint32

mstypes/group_membership.go

@@ -5,7 +5,7 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
-// https://msdn.microsoft.com/en-us/library/cc237945.aspx
+// GroupMembership implements https://msdn.microsoft.com/en-us/library/cc237945.aspx
 // RelativeID : A 32-bit unsigned integer that contains the RID of a particular group.
 // The possible values for the Attributes flags are identical to those specified in KERB_SID_AND_ATTRIBUTES
 type GroupMembership struct {
@@ -23,7 +23,7 @@ func Read_GroupMembership(b *[]byte, p *int, e *binary.ByteOrder) GroupMembershi
 	}
 }
 
-// https://msdn.microsoft.com/en-us/library/hh536344.aspx
+// DomainGroupMembership implements https://msdn.microsoft.com/en-us/library/hh536344.aspx
 // DomainId: A SID structure that contains the SID for the domain.This member is used in conjunction with the GroupIds members to create group SIDs for the device.
 // GroupCount: A 32-bit unsigned integer that contains the number of groups within the domain to which the account belongs.
 // GroupIds: A pointer to a list of GROUP_MEMBERSHIP structures that contain the groups to which the account belongs in the domain. The number of groups in this list MUST be equal to GroupCount.

mstypes/kerb_sid_and_attributes.go

@@ -14,7 +14,7 @@ const (
 	//All other bits MUST be set to zero and MUST be  ignored on receipt.
 )
 
-// https://msdn.microsoft.com/en-us/library/cc237947.aspx
+// KerbSidAndAttributes implements https://msdn.microsoft.com/en-us/library/cc237947.aspx
 type KerbSidAndAttributes struct {
 	SID        RPC_SID // A pointer to an RPC_SID structure.
 	Attributes uint32

mstypes/rpc_unicode_string.go

@@ -5,7 +5,7 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
-// https://msdn.microsoft.com/en-us/library/cc230365.aspx
+// RPC_UnicodeString implements https://msdn.microsoft.com/en-us/library/cc230365.aspx
 type RPC_UnicodeString struct {
 	Length        uint16 // The length, in bytes, of the string pointed to by the Buffer member, not including the terminating null character if any. The length MUST be a multiple of 2. The length SHOULD equal the entire size of the Buffer, in which case there is no terminating null character. Any method that accesses this structure MUST use the Length specified instead of relying on the presence or absence of a null character.
 	MaximumLength uint16 // The maximum size, in bytes, of the string pointed to by Buffer. The size MUST be a multiple of 2. If not, the size MUST be decremented by 1 prior to use. This value MUST not be less than Length.

mstypes/sid.go

@@ -7,7 +7,7 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
-// https://msdn.microsoft.com/en-us/library/cc230364.aspx
+// RPC_SID implements https://msdn.microsoft.com/en-us/library/cc230364.aspx
 type RPC_SID struct {
 	Revision            uint8                      // An 8-bit unsigned integer that specifies the revision level of the SID. This value MUST be set to 0x01.
 	SubAuthorityCount   uint8                      // An 8-bit unsigned integer that specifies the number of elements in the SubAuthority array. The maximum number of elements allowed is 15.
@@ -15,7 +15,7 @@ type RPC_SID struct {
 	SubAuthority        []uint32                   // A variable length array of unsigned 32-bit integers that uniquely identifies a principal relative to the IdentifierAuthority. Its length is determined by SubAuthorityCount.
 }
 
-// https://msdn.microsoft.com/en-us/library/cc230372.aspx
+// RPC_SIDIdentifierAuthority implements https://msdn.microsoft.com/en-us/library/cc230372.aspx
 type RPC_SIDIdentifierAuthority struct {
 	Value []byte // 6 bytes
 }

mstypes/user_session_key.go

@@ -5,10 +5,12 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
+// CypherBlock implements https://msdn.microsoft.com/en-us/library/cc237040.aspx
 type CypherBlock struct {
 	Data []byte // size = 8
 }
 
+// UserSessionKey implements https://msdn.microsoft.com/en-us/library/cc237080.aspx
 type UserSessionKey struct {
 	Data []CypherBlock // size = 2
 }

ndr/error.go

@@ -2,6 +2,7 @@ package ndr
 
 import "fmt"
 
+// Malformed implements the error interface for malformed NDR encoding errors.
 type Malformed struct {
 	EText string
 }

ndr/ndr.go

@@ -40,6 +40,7 @@ const (
 	IBM                  = 3
 )
 
+// CommonHeader implements the NDR common header: https://msdn.microsoft.com/en-us/library/cc243889.aspx
 type CommonHeader struct {
 	Version           uint8
 	Endianness        binary.ByteOrder
@@ -49,6 +50,7 @@ type CommonHeader struct {
 	Filler       []byte
 }
 
+// PrivateHeader implements the NDR private header: https://msdn.microsoft.com/en-us/library/cc243919.aspx
 type PrivateHeader struct {
 	ObjectBufferLength uint32
 	Filler             []byte

pac/client_claims.go

@@ -6,7 +6,7 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
-// https://msdn.microsoft.com/en-us/library/hh536365.aspx
+// ClientClaimsInfo implements https://msdn.microsoft.com/en-us/library/hh536365.aspx
 type ClientClaimsInfo struct {
 	Claims mstypes.ClaimsSetMetadata
 }

pac/client_info.go

@@ -6,7 +6,7 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
-// https://msdn.microsoft.com/en-us/library/cc237951.aspx
+// ClientInfo implements https://msdn.microsoft.com/en-us/library/cc237951.aspx
 type ClientInfo struct {
 	ClientID   mstypes.FileTime // A FILETIME structure in little-endian format that contains the Kerberos initial ticket-granting ticket TGT authentication time
 	NameLength uint16           // An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the Name field.

pac/credentials_info.go

@@ -12,7 +12,7 @@ import (
 
 // https://msdn.microsoft.com/en-us/library/cc237931.aspx
 
-// https://msdn.microsoft.com/en-us/library/cc237953.aspx
+// CredentialsInfo implements https://msdn.microsoft.com/en-us/library/cc237953.aspx
 type CredentialsInfo struct {
 	Version                      uint32 // A 32-bit unsigned integer in little-endian format that defines the version. MUST be 0x00000000.
 	EType                        uint32
@@ -56,7 +56,7 @@ func (c *CredentialsInfo) DecryptEncPart(k types.EncryptionKey, e *binary.ByteOr
 	return nil
 }
 
-// https://msdn.microsoft.com/en-us/library/cc237952.aspx
+// CredentialData implements https://msdn.microsoft.com/en-us/library/cc237952.aspx
 // This structure is encrypted prior to being encoded in any other structures.
 // Encryption is performed by first serializing the data structure via Network Data Representation (NDR) encoding, as specified in [MS-RPCE].
 // Once serialized, the data is encrypted using the key and cryptographic system selected through the AS protocol and the KRB_AS_REP message
@@ -79,7 +79,7 @@ func Read_PAC_CredentialData(b *[]byte, p *int, e *binary.ByteOrder) CredentialD
 	}
 }
 
-// https://msdn.microsoft.com/en-us/library/cc237956.aspx
+// SECPKG_SupplementalCred implements https://msdn.microsoft.com/en-us/library/cc237956.aspx
 type SECPKG_SupplementalCred struct {
 	PackageName    mstypes.RPC_UnicodeString
 	CredentialSize uint32
@@ -101,7 +101,7 @@ func Read_SECPKG_SupplementalCred(b *[]byte, p *int, e *binary.ByteOrder) SECPKG
 	}
 }
 
-// https://msdn.microsoft.com/en-us/library/cc237949.aspx
+// NTLM_SupplementalCred implements https://msdn.microsoft.com/en-us/library/cc237949.aspx
 type NTLM_SupplementalCred struct {
 	Version    uint32 // A 32-bit unsigned integer that defines the credential version.This field MUST be 0x00000000.
 	Flags      uint32

pac/device_claims.go

@@ -6,7 +6,7 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
-// https://msdn.microsoft.com/en-us/library/hh554226.aspx
+// DeviceClaimsInfo implements https://msdn.microsoft.com/en-us/library/hh554226.aspx
 type DeviceClaimsInfo struct {
 	Claims mstypes.ClaimsSetMetadata
 }

pac/device_info.go

@@ -6,7 +6,7 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
-// https://msdn.microsoft.com/en-us/library/hh536402.aspx
+// DeviceInfo implements https://msdn.microsoft.com/en-us/library/hh536402.aspx
 type DeviceInfo struct {
 	UserID            uint32                          // A 32-bit unsigned integer that contains the RID of the account. If the UserId member equals 0x00000000, the first group SID in this member is the SID for this account.
 	PrimaryGroupID    uint32                          // A 32-bit unsigned integer that contains the RID for the primary group to which this account belongs.

pac/kerb_validation_info.go

@@ -1,4 +1,4 @@
-// Microsoft Privilege Attribute Certificate (PAC) processing.
+// Package pac implements Microsoft Privilege Attribute Certificate (PAC) processing.
 package pac
 
 import (
@@ -23,7 +23,7 @@ const (
 	USERFLAG_AUTH_LMCHALLENGERESP_KEY_NTCHALLENGERESP = 18 // The LMv2 response from the LmChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used for authentication and the NTLMv2 response from the NtChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used session key generation.
 )
 
-// https://msdn.microsoft.com/en-us/library/cc237948.aspx
+// KerbValidationInfo implement https://msdn.microsoft.com/en-us/library/cc237948.aspx
 // The KERB_VALIDATION_INFO structure defines the user's logon and authorization information
 // provided by the DC. The KERB_VALIDATION_INFO structure is a subset of the
 // NETLOGON_VALIDATION_SAM_INFO4 structure ([MS-NRPC] section 2.2.1.4.13).

pac/pac_info_buffer.go

@@ -18,7 +18,7 @@ const (
 	ULTYPE_PAC_DEVICE_CLAIMS_INFO    = 15
 )
 
-// https://msdn.microsoft.com/en-us/library/cc237954.aspx
+// InfoBuffer implements the PAC Info Buffer: https://msdn.microsoft.com/en-us/library/cc237954.aspx
 type InfoBuffer struct {
 	ULType       uint32 // A 32-bit unsigned integer in little-endian format that describes the type of data present in the buffer contained at Offset.
 	CBBufferSize uint32 // A 32-bit unsigned integer in little-endian format that contains the size, in bytes, of the buffer in the PAC located at Offset.

pac/pac_type.go

@@ -10,7 +10,7 @@ import (
 	"github.com/jcmturner/gokrb5/types"
 )
 
-// https://msdn.microsoft.com/en-us/library/cc237950.aspx
+// PACType implements: https://msdn.microsoft.com/en-us/library/cc237950.aspx
 type PACType struct {
 	CBuffers           uint32
 	Version            uint32

pac/s4u_delegation_info.go

@@ -6,7 +6,7 @@ import (
 	"github.com/jcmturner/gokrb5/ndr"
 )
 
-// https://msdn.microsoft.com/en-us/library/cc237944.aspx
+// S4U_DelegationInfo implements https://msdn.microsoft.com/en-us/library/cc237944.aspx
 type S4U_DelegationInfo struct {
 	S4U2proxyTarget      mstypes.RPC_UnicodeString // The name of the principal to whom the application can forward the ticket.
 	TransitedListSize    uint32

pac/signature_data.go

@@ -30,6 +30,7 @@ The cryptographic system that is used to calculate the checksum depends on which
 - Does not support RC4-HMAC, AES128-CTS-HMAC-SHA1-96 or AES256-CTS-HMAC-SHA1-96 -->  None. The checksum operation will fail.
 */
 
+// SignatureData implements https://msdn.microsoft.com/en-us/library/cc237955.aspx
 type SignatureData struct {
 	SignatureType  uint32 // A 32-bit unsigned integer value in little-endian format that defines the cryptographic system used to calculate the checksum. This MUST be one of the following checksum types: KERB_CHECKSUM_HMAC_MD5 (signature size = 16), HMAC_SHA1_96_AES128 (signature size = 12), HMAC_SHA1_96_AES256 (signature size = 12).
 	Signature      []byte // Size depends on the type. See comment above.

pac/upn_dns_info.go

@@ -6,7 +6,7 @@ import (
 	"sort"
 )
 
-// https://msdn.microsoft.com/en-us/library/dd240468.aspx
+// UPN_DNSInfo implements https://msdn.microsoft.com/en-us/library/dd240468.aspx
 type UPN_DNSInfo struct {
 	UPNLength           uint16 // An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the UPN field.
 	UPNOffset           uint16 // An unsigned 16-bit integer in little-endian format that contains the offset to the beginning of the buffer, in bytes, from the beginning of the UPN_DNS_INFO structure.

service/cache.go

@@ -32,7 +32,7 @@ recently seen authenticators.*/
 // Cache for tickets received from clients keyed by fully qualified client name. Used to track replay of tickets.
 type Cache map[string]clientEntries
 
-// Entries for client details sent to the service.
+// clientEntries holds entries of client details sent to the service.
 type clientEntries struct {
 	ReplayMap map[time.Time]replayCacheEntry
 	SeqNumber int

service/http.go

@@ -14,12 +14,12 @@ import (
 type ctxKey int
 
 const (
-	// The response on successful authentication always has this header. Capturing as const so we don't have marshaling and encoding overhead.
+	// SPNEGO_NegTokenResp_Krb_Accept_Completed - The response on successful authentication always has this header. Capturing as const so we don't have marshaling and encoding overhead.
 	SPNEGO_NegTokenResp_Krb_Accept_Completed = "Negotiate oRQwEqADCgEAoQsGCSqGSIb3EgECAg=="
-	// The response on a failed authentication always has this rejection header. Capturing as const so we don't have marshaling and encoding overhead.
+	// SPNEGO_NegTokenResp_Reject - The response on a failed authentication always has this rejection header. Capturing as const so we don't have marshaling and encoding overhead.
 	SPNEGO_NegTokenResp_Reject        = "Negotiate oQcwBaADCgEC"
-	CREDENTIALS_CTXKEY         ctxKey = 0
-	AUTHENTICATED_CTXKEY       ctxKey = 1
+	CTXKey_Credentials         ctxKey = 0
+	CTXKey_Authenticated       ctxKey = 1
 )
 
 // SPNEGOKRB5Authenticate is a Kerberos SPNEGO authentication HTTP handler wrapper.
@@ -66,8 +66,8 @@ func SPNEGOKRB5Authenticate(f http.Handler, kt keytab.Keytab, sa string, l *log.
 
 		if ok, creds, err := ValidateAPREQ(mt.APReq, kt, sa, r.RemoteAddr); ok {
 			ctx := r.Context()
-			ctx = context.WithValue(ctx, CREDENTIALS_CTXKEY, creds)
-			ctx = context.WithValue(ctx, AUTHENTICATED_CTXKEY, true)
+			ctx = context.WithValue(ctx, CTXKey_Credentials, creds)
+			ctx = context.WithValue(ctx, CTXKey_Authenticated, true)
 			if l != nil {
 				l.Printf("%v %s@%s - SPNEGO authentication succeeded", r.RemoteAddr, creds.Username, creds.Realm)
 			}

service/http_test.go

@@ -129,6 +129,6 @@ func httpServer() *httptest.Server {
 func testAppHandler(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 	ctx := r.Context()
-	fmt.Fprintf(w, "<html>\nTEST.GOKRB5 Handler\nAuthenticed user: %s\nUser's realm: %s\n</html>", ctx.Value(CREDENTIALS_CTXKEY).(credentials.Credentials).Username, ctx.Value(CREDENTIALS_CTXKEY).(credentials.Credentials).Realm)
+	fmt.Fprintf(w, "<html>\nTEST.GOKRB5 Handler\nAuthenticed user: %s\nUser's realm: %s\n</html>", ctx.Value(CTXKey_Credentials).(credentials.Credentials).Username, ctx.Value(CTXKey_Credentials).(credentials.Credentials).Realm)
 	return
 }

types/Authenticator.go

@@ -1,4 +1,4 @@
-// Kerberos 5 data types.
+// Package types provides Kerberos 5 data types.
 package types
 
 import (
@@ -31,6 +31,8 @@ authorization-data      [8] AuthorizationData OPTIONAL
 
 */
 
+// Authenticator - A record containing information that can be shown to have been recently generated using the session key known only by the client and server.
+// https://tools.ietf.org/html/rfc4120#section-5.5.1
 type Authenticator struct {
 	AVNO              int               `asn1:"explicit,tag:0"`
 	CRealm            string            `asn1:"generalstring,explicit,tag:1"`

types/AuthorizationData.go

@@ -75,20 +75,19 @@ the ASN.1 structure that follows the subsection heading.
 
 */
 
+// AuthorizationData implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.6
 type AuthorizationData []AuthorizationDataEntry
 
+// AuthorizationDataEntry implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.6
 type AuthorizationDataEntry struct {
 	ADType int    `asn1:"explicit,tag:0"`
 	ADData []byte `asn1:"explicit,tag:1"`
 }
 
+// ADIfRelevant implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.6.1
 type ADIfRelevant AuthorizationData
 
-type ADAndOr struct {
-	ConditionCount int               `asn1:"explicit,tag:0"`
-	Elements       AuthorizationData `asn1:"explicit,tag:1"`
-}
-
+// ADKDCIssued implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.6.2
 type ADKDCIssued struct {
 	ADChecksum Checksum          `asn1:"explicit,tag:0"`
 	IRealm     string            `asn1:"optional,generalstring,explicit,tag:1"`
@@ -96,6 +95,13 @@ type ADKDCIssued struct {
 	Elements   AuthorizationData `asn1:"explicit,tag:3"`
 }
 
+// ADAndOr implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.6.3
+type ADAndOr struct {
+	ConditionCount int               `asn1:"explicit,tag:0"`
+	Elements       AuthorizationData `asn1:"explicit,tag:1"`
+}
+
+// ADMandatoryForKDC implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.6.4
 type ADMandatoryForKDC AuthorizationData
 
 // Unmarshal bytes into the ADKDCIssued.

types/Cryptosystem.go

@@ -7,20 +7,21 @@ import (
 // Reference: https://www.ietf.org/rfc/rfc4120.txt
 // Section: 5.2.9
 
-// Reference: https://www.ietf.org/rfc/rfc3961.txt
-
+// EncryptedData implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.9
 type EncryptedData struct {
 	EType  int    `asn1:"explicit,tag:0"`
 	KVNO   int    `asn1:"explicit,optional,tag:1"`
 	Cipher []byte `asn1:"explicit,tag:2"`
 }
 
-//AKA KeyBlock
+// EncryptionKey implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.9
+// AKA KeyBlock
 type EncryptionKey struct {
 	KeyType  int    `asn1:"explicit,tag:0"`
 	KeyValue []byte `asn1:"explicit,tag:1"`
 }
 
+// Checksum implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.9
 type Checksum struct {
 	CksumType int    `asn1:"explicit,tag:0"`
 	Checksum  []byte `asn1:"explicit,tag:1"`

types/HostAddress.go

@@ -46,8 +46,10 @@ const (
 	AddrType_IPv6            = 24
 )
 
+// HostAddresses implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.5
 type HostAddresses []HostAddress
 
+// HostAddress implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.5
 type HostAddress struct {
 	AddrType int    `asn1:"explicit,tag:0"`
 	Address  []byte `asn1:"explicit,tag:1"`

types/PAData.go

@@ -9,17 +9,22 @@ import (
 	"time"
 )
 
+// PAData implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7
 type PAData struct {
 	PADataType  int    `asn1:"explicit,tag:1"`
 	PADataValue []byte `asn1:"explicit,tag:2"`
 }
 
+// PADataSequence implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7
 type PADataSequence []PAData
 
+// MethodData implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.9.1
 type MethodData []PAData
 
+// PAEncTimestamp implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7.2
 type PAEncTimestamp EncryptedData
 
+// PAEncTSEnc implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7.2
 type PAEncTSEnc struct {
 	PATimestamp time.Time `asn1:"generalized,explicit,tag:0"`
 	PAUSec      int       `asn1:"explicit,optional,tag:1"`
@@ -49,21 +54,26 @@ func GetPAEncTSEncAsnMarshalled() ([]byte, error) {
 	return b, nil
 }
 
+// ETypeInfoEntry implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7.4
 type ETypeInfoEntry struct {
 	EType int    `asn1:"explicit,tag:0"`
 	Salt  []byte `asn1:"explicit,optional,tag:1"`
 }
 
+// ETypeInfo implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7.4
 type ETypeInfo []ETypeInfoEntry
 
+// ETypeInfo2Entry implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7.5
 type ETypeInfo2Entry struct {
 	EType     int    `asn1:"explicit,tag:0"`
 	Salt      string `asn1:"explicit,optional,generalstring,tag:1"`
 	S2KParams []byte `asn1:"explicit,optional,tag:2"`
 }
 
+// ETypeInfo2 implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7.5
 type ETypeInfo2 []ETypeInfo2Entry
 
+// PAReqEncPARep PA Data Type
 type PAReqEncPARep struct {
 	ChksumType int    `asn1:"explicit,tag:0"`
 	Chksum     []byte `asn1:"explicit,tag:1"`

types/PrincipalName.go

@@ -5,6 +5,7 @@ import "strings"
 // Reference: https://www.ietf.org/rfc/rfc4120.txt
 // Section: 5.2.2
 
+// PrincipalName implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.2
 type PrincipalName struct {
 	NameType   int      `asn1:"explicit,tag:0"`
 	NameString []string `asn1:"generalstring,explicit,tag:1"`

types/TypedData.go

@@ -2,11 +2,13 @@ package types
 
 import "github.com/jcmturner/asn1"
 
+// TypedData implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.9.1
 type TypedData struct {
 	DataType  int    `asn1:"explicit,tag:0"`
 	DataValue []byte `asn1:"optional,explicit,tag:1"`
 }
 
+// TypedDataSequence implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.9.1
 type TypedDataSequence []TypedData
 
 // Unmarshal bytes into the TypedDataSequence.