comments

GSSAPI/MechType.go

@@ -2,5 +2,8 @@ package GSSAPI
 
 import "github.com/jcmturner/asn1"
 
+// MechType OID for Kerberos 5
 var MechTypeOID_Krb5 = asn1.ObjectIdentifier{1, 2, 840, 113554, 1, 2, 2}
+
+// MechType OID for MS legacy Kerberos 5
 var MechTypeOID_MSLegacyKrb5 = asn1.ObjectIdentifier{1, 2, 840, 48018, 1, 2, 2}

GSSAPI/NegotiationToken.go

@@ -42,6 +42,7 @@ NegTokenResp ::= SEQUENCE {
 }
 */
 
+// Negotiation Token - Init
 type NegTokenInit struct {
 	MechTypes    []asn1.ObjectIdentifier `asn1:"explicit,tag:0"`
 	ReqFlags     ContextFlags            `asn1:"explicit,optional,tag:1"`
@@ -49,6 +50,7 @@ type NegTokenInit struct {
 	MechTokenMIC []byte                  `asn1:"explicit,optional,tag:3"`
 }
 
+// Negotiation Token - Resp/Targ
 type NegTokenResp struct {
 	NegState      asn1.Enumerated       `asn1:"explicit,tag:0"`
 	SupportedMech asn1.ObjectIdentifier `asn1:"explicit,optional,tag:1"`
@@ -89,6 +91,7 @@ func UnmarshalNegToken(b []byte) (bool, interface{}, error) {
 
 }
 
+// Marshal an Init negotiation token
 func (n *NegTokenInit) Marshal() ([]byte, error) {
 	b, err := asn1.Marshal(*n)
 	if err != nil {
@@ -107,7 +110,7 @@ func (n *NegTokenInit) Marshal() ([]byte, error) {
 	return nb, nil
 }
 
-// Returns marshalled bytes of a NegotiationToken rather than the NegTokenResp
+// Marshal a Resp/Targ negotiation token
 func (n *NegTokenResp) Marshal() ([]byte, error) {
 	b, err := asn1.Marshal(*n)
 	if err != nil {
@@ -126,6 +129,7 @@ func (n *NegTokenResp) Marshal() ([]byte, error) {
 	return nb, nil
 }
 
+// Create new Init negotiation token for Kerberos 5
 func NewNegTokenInitKrb5(c config.Config, cname types.PrincipalName, tkt types.Ticket, sessionKey types.EncryptionKey) (NegTokenInit, error) {
 	mt, err := NewKRB5APREQMechToken(c, cname, tkt, sessionKey)
 	if err != nil {

GSSAPI/gssapi.go

@@ -1,3 +1,4 @@
+// Generic Security Services Application Program Interface implementation required for SPNEGO kerberos authentication
 package GSSAPI
 
 import (
@@ -7,10 +8,6 @@ import (
 	"github.com/jcmturner/gokrb5/asn1tools"
 )
 
-const (
-	SPNEGO_OIDHex = "2b0601050502" //1.3.6.1.5.5.2
-)
-
 var SPNEGO_OID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 2}
 
 type SPNEGO struct {
@@ -20,6 +17,7 @@ type SPNEGO struct {
 	NegTokenResp NegTokenResp
 }
 
+// Unmarshal SPNEGO negotiation token
 func (s *SPNEGO) Unmarshal(b []byte) error {
 	var r []byte
 	var err error
@@ -63,6 +61,7 @@ func (s *SPNEGO) Unmarshal(b []byte) error {
 	return nil
 }
 
+// Marshal SPNEGO negotiation token
 func (s *SPNEGO) Marshal() ([]byte, error) {
 	var b []byte
 	if !s.Init && !s.Resp {

GSSAPI/krb5Token.go

@@ -27,6 +27,7 @@ const (
 	GSS_C_INTEG_FLAG    = 32
 )
 
+// Create new kerberos AP_REQ MechToken
 func NewKRB5APREQMechToken(c config.Config, cname types.PrincipalName, tkt types.Ticket, sessionKey types.EncryptionKey) ([]byte, error) {
 	// Create the header
 	tb, _ := hex.DecodeString(TOK_ID_KRB_AP_REQ)
@@ -46,6 +47,7 @@ func NewKRB5APREQMechToken(c config.Config, cname types.PrincipalName, tkt types
 	return asn1tools.AddASNAppTag(b, 0), nil
 }
 
+// Create new kerberos authenticator for kerberos MechToken
 func newAuthenticator(c config.Config, username types.PrincipalName, keyType int) types.Authenticator {
 	//RFC 4121 Section 4.1.1
 	auth := types.NewAuthenticator(c.LibDefaults.Default_realm, username)
@@ -65,6 +67,7 @@ func newAuthenticator(c config.Config, username types.PrincipalName, keyType int
 	return auth
 }
 
+// Create new authenticator checksum for kerberos MechToken
 func newAuthenticatorChksum(flags []int) []byte {
 	a := make([]byte, 24)
 	binary.LittleEndian.PutUint32(a[:4], 16)

client/http.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 )
 
+// Get service ticket and set as the SPNEGO authorization header on HTTP request object
 func (cl *Client) SetSPNEGOHeader(HTTPReq *http.Request) error {
 	tkt, skey, err := cl.GetServiceTicket("HTTP/" + HTTPReq.Host)
 	if err != nil {