VOL-1967 move api-server to separate repository
Change-Id: I21b85be74205805be15f8a85e53a903d16785671
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/addrtype/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/addrtype/constants.go
new file mode 100644
index 0000000..457b89d
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/addrtype/constants.go
@@ -0,0 +1,15 @@
+// Package addrtype provides Address type assigned numbers.
+package addrtype
+
+// Address type IDs.
+const (
+ IPv4 int32 = 2
+ Directional int32 = 3
+ ChaosNet int32 = 5
+ XNS int32 = 6
+ ISO int32 = 7
+ DECNETPhaseIV int32 = 12
+ AppleTalkDDP int32 = 16
+ NetBios int32 = 20
+ IPv6 int32 = 24
+)
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/adtype/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/adtype/constants.go
new file mode 100644
index 0000000..e805b74
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/adtype/constants.go
@@ -0,0 +1,23 @@
+// Package adtype provides Authenticator type assigned numbers.
+package adtype
+
+// Authenticator type IDs.
+const (
+ ADIfRelevant int32 = 1
+ ADIntendedForServer int32 = 2
+ ADIntendedForApplicationClass int32 = 3
+ ADKDCIssued int32 = 4
+ ADAndOr int32 = 5
+ ADMandatoryTicketExtensions int32 = 6
+ ADInTicketExtensions int32 = 7
+ ADMandatoryForKDC int32 = 8
+ OSFDCE int32 = 64
+ SESAME int32 = 65
+ ADOSFDCEPKICertID int32 = 66
+ ADAuthenticationStrength int32 = 70
+ ADFXFastArmor int32 = 71
+ ADFXFastUsed int32 = 72
+ ADWin2KPAC int32 = 128
+ ADEtypeNegotiation int32 = 129
+ //Reserved values 9-63
+)
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/asnAppTag/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/asnAppTag/constants.go
new file mode 100644
index 0000000..d74cd60
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/asnAppTag/constants.go
@@ -0,0 +1,24 @@
+// Package asnAppTag provides ASN1 application tag numbers.
+package asnAppTag
+
+// ASN1 application tag numbers.
+const (
+ Ticket = 1
+ Authenticator = 2
+ EncTicketPart = 3
+ ASREQ = 10
+ TGSREQ = 12
+ ASREP = 11
+ TGSREP = 13
+ APREQ = 14
+ APREP = 15
+ KRBSafe = 20
+ KRBPriv = 21
+ KRBCred = 22
+ EncASRepPart = 25
+ EncTGSRepPart = 26
+ EncAPRepPart = 27
+ EncKrbPrivPart = 28
+ EncKrbCredPart = 29
+ KRBError = 30
+)
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype/constants.go
new file mode 100644
index 0000000..93db952
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype/constants.go
@@ -0,0 +1,32 @@
+// Package chksumtype provides Kerberos 5 checksum type assigned numbers.
+package chksumtype
+
+// Checksum type IDs.
+const (
+ //RESERVED : 0
+ CRC32 int32 = 1
+ RSA_MD4 int32 = 2
+ RSA_MD4_DES int32 = 3
+ DES_MAC int32 = 4
+ DES_MAC_K int32 = 5
+ RSA_MD4_DES_K int32 = 6
+ RSA_MD5 int32 = 7
+ RSA_MD5_DES int32 = 8
+ RSA_MD5_DES3 int32 = 9
+ SHA1_ID10 int32 = 10
+ //UNASSIGNED : 11
+ HMAC_SHA1_DES3_KD int32 = 12
+ HMAC_SHA1_DES3 int32 = 13
+ SHA1_ID14 int32 = 14
+ HMAC_SHA1_96_AES128 int32 = 15
+ HMAC_SHA1_96_AES256 int32 = 16
+ CMAC_CAMELLIA128 int32 = 17
+ CMAC_CAMELLIA256 int32 = 18
+ HMAC_SHA256_128_AES128 int32 = 19
+ HMAC_SHA384_192_AES256 int32 = 20
+ //UNASSIGNED : 21-32770
+ GSSAPI int32 = 32771
+ //UNASSIGNED : 32772-2147483647
+ KERB_CHECKSUM_HMAC_MD5_UNSIGNED uint32 = 4294967158 // 0xFFFFFF76 documentation says this is -138 but in an unsigned int this is 4294967158
+ KERB_CHECKSUM_HMAC_MD5 int32 = -138
+)
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/constants.go
new file mode 100644
index 0000000..0b8e916
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/constants.go
@@ -0,0 +1,5 @@
+// Package iana provides Kerberos 5 assigned numbers.
+package iana
+
+// PVNO is the Protocol Version Number.
+const PVNO = 5
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/errorcode/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/errorcode/constants.go
new file mode 100644
index 0000000..fd756bc
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/errorcode/constants.go
@@ -0,0 +1,155 @@
+// Package errorcode provides Kerberos 5 assigned error codes.
+package errorcode
+
+import "fmt"
+
+// Kerberos error codes.
+const (
+ KDC_ERR_NONE int32 = 0 //No error
+ KDC_ERR_NAME_EXP int32 = 1 //Client's entry in database has expired
+ KDC_ERR_SERVICE_EXP int32 = 2 //Server's entry in database has expired
+ KDC_ERR_BAD_PVNO int32 = 3 //Requested protocol version number not supported
+ KDC_ERR_C_OLD_MAST_KVNO int32 = 4 //Client's key encrypted in old master key
+ KDC_ERR_S_OLD_MAST_KVNO int32 = 5 //Server's key encrypted in old master key
+ KDC_ERR_C_PRINCIPAL_UNKNOWN int32 = 6 //Client not found in Kerberos database
+ KDC_ERR_S_PRINCIPAL_UNKNOWN int32 = 7 //Server not found in Kerberos database
+ KDC_ERR_PRINCIPAL_NOT_UNIQUE int32 = 8 //Multiple principal entries in database
+ KDC_ERR_NULL_KEY int32 = 9 //The client or server has a null key
+ KDC_ERR_CANNOT_POSTDATE int32 = 10 //Ticket not eligible for postdating
+ KDC_ERR_NEVER_VALID int32 = 11 //Requested starttime is later than end time
+ KDC_ERR_POLICY int32 = 12 //KDC policy rejects request
+ KDC_ERR_BADOPTION int32 = 13 //KDC cannot accommodate requested option
+ KDC_ERR_ETYPE_NOSUPP int32 = 14 //KDC has no support for encryption type
+ KDC_ERR_SUMTYPE_NOSUPP int32 = 15 //KDC has no support for checksum type
+ KDC_ERR_PADATA_TYPE_NOSUPP int32 = 16 //KDC has no support for padata type
+ KDC_ERR_TRTYPE_NOSUPP int32 = 17 //KDC has no support for transited type
+ KDC_ERR_CLIENT_REVOKED int32 = 18 //Clients credentials have been revoked
+ KDC_ERR_SERVICE_REVOKED int32 = 19 //Credentials for server have been revoked
+ KDC_ERR_TGT_REVOKED int32 = 20 //TGT has been revoked
+ KDC_ERR_CLIENT_NOTYET int32 = 21 //Client not yet valid; try again later
+ KDC_ERR_SERVICE_NOTYET int32 = 22 //Server not yet valid; try again later
+ KDC_ERR_KEY_EXPIRED int32 = 23 //Password has expired; change password to reset
+ KDC_ERR_PREAUTH_FAILED int32 = 24 //Pre-authentication information was invalid
+ KDC_ERR_PREAUTH_REQUIRED int32 = 25 //Additional pre-authentication required
+ KDC_ERR_SERVER_NOMATCH int32 = 26 //Requested server and ticket don't match
+ KDC_ERR_MUST_USE_USER2USER int32 = 27 //Server principal valid for user2user only
+ KDC_ERR_PATH_NOT_ACCEPTED int32 = 28 //KDC Policy rejects transited path
+ KDC_ERR_SVC_UNAVAILABLE int32 = 29 //A service is not available
+ KRB_AP_ERR_BAD_INTEGRITY int32 = 31 //Integrity check on decrypted field failed
+ KRB_AP_ERR_TKT_EXPIRED int32 = 32 //Ticket expired
+ KRB_AP_ERR_TKT_NYV int32 = 33 //Ticket not yet valid
+ KRB_AP_ERR_REPEAT int32 = 34 //Request is a replay
+ KRB_AP_ERR_NOT_US int32 = 35 //The ticket isn't for us
+ KRB_AP_ERR_BADMATCH int32 = 36 //Ticket and authenticator don't match
+ KRB_AP_ERR_SKEW int32 = 37 //Clock skew too great
+ KRB_AP_ERR_BADADDR int32 = 38 //Incorrect net address
+ KRB_AP_ERR_BADVERSION int32 = 39 //Protocol version mismatch
+ KRB_AP_ERR_MSG_TYPE int32 = 40 //Invalid msg type
+ KRB_AP_ERR_MODIFIED int32 = 41 //Message stream modified
+ KRB_AP_ERR_BADORDER int32 = 42 //Message out of order
+ KRB_AP_ERR_BADKEYVER int32 = 44 //Specified version of key is not available
+ KRB_AP_ERR_NOKEY int32 = 45 //Service key not available
+ KRB_AP_ERR_MUT_FAIL int32 = 46 //Mutual authentication failed
+ KRB_AP_ERR_BADDIRECTION int32 = 47 //Incorrect message direction
+ KRB_AP_ERR_METHOD int32 = 48 //Alternative authentication method required
+ KRB_AP_ERR_BADSEQ int32 = 49 //Incorrect sequence number in message
+ KRB_AP_ERR_INAPP_CKSUM int32 = 50 //Inappropriate type of checksum in message
+ KRB_AP_PATH_NOT_ACCEPTED int32 = 51 //Policy rejects transited path
+ KRB_ERR_RESPONSE_TOO_BIG int32 = 52 //Response too big for UDP; retry with TCP
+ KRB_ERR_GENERIC int32 = 60 //Generic error (description in e-text)
+ KRB_ERR_FIELD_TOOLONG int32 = 61 //Field is too long for this implementation
+ KDC_ERROR_CLIENT_NOT_TRUSTED int32 = 62 //Reserved for PKINIT
+ KDC_ERROR_KDC_NOT_TRUSTED int32 = 63 //Reserved for PKINIT
+ KDC_ERROR_INVALID_SIG int32 = 64 //Reserved for PKINIT
+ KDC_ERR_KEY_TOO_WEAK int32 = 65 //Reserved for PKINIT
+ KDC_ERR_CERTIFICATE_MISMATCH int32 = 66 //Reserved for PKINIT
+ KRB_AP_ERR_NO_TGT int32 = 67 //No TGT available to validate USER-TO-USER
+ KDC_ERR_WRONG_REALM int32 = 68 //Reserved for future use
+ KRB_AP_ERR_USER_TO_USER_REQUIRED int32 = 69 //Ticket must be for USER-TO-USER
+ KDC_ERR_CANT_VERIFY_CERTIFICATE int32 = 70 //Reserved for PKINIT
+ KDC_ERR_INVALID_CERTIFICATE int32 = 71 //Reserved for PKINIT
+ KDC_ERR_REVOKED_CERTIFICATE int32 = 72 //Reserved for PKINIT
+ KDC_ERR_REVOCATION_STATUS_UNKNOWN int32 = 73 //Reserved for PKINIT
+ KDC_ERR_REVOCATION_STATUS_UNAVAILABLE int32 = 74 //Reserved for PKINIT
+ KDC_ERR_CLIENT_NAME_MISMATCH int32 = 75 //Reserved for PKINIT
+ KDC_ERR_KDC_NAME_MISMATCH int32 = 76 //Reserved for PKINIT
+)
+
+// Lookup an error code description.
+func Lookup(i int32) string {
+ if s, ok := errorcodeLookup[i]; ok {
+ return fmt.Sprintf("(%d) %s", i, s)
+ }
+ return fmt.Sprintf("Unknown ErrorCode %d", i)
+}
+
+var errorcodeLookup = map[int32]string{
+ KDC_ERR_NONE: "KDC_ERR_NONE No error",
+ KDC_ERR_NAME_EXP: "KDC_ERR_NAME_EXP Client's entry in database has expired",
+ KDC_ERR_SERVICE_EXP: "KDC_ERR_SERVICE_EXP Server's entry in database has expired",
+ KDC_ERR_BAD_PVNO: "KDC_ERR_BAD_PVNO Requested protocol version number not supported",
+ KDC_ERR_C_OLD_MAST_KVNO: "KDC_ERR_C_OLD_MAST_KVNO Client's key encrypted in old master key",
+ KDC_ERR_S_OLD_MAST_KVNO: "KDC_ERR_S_OLD_MAST_KVNO Server's key encrypted in old master key",
+ KDC_ERR_C_PRINCIPAL_UNKNOWN: "KDC_ERR_C_PRINCIPAL_UNKNOWN Client not found in Kerberos database",
+ KDC_ERR_S_PRINCIPAL_UNKNOWN: "KDC_ERR_S_PRINCIPAL_UNKNOWN Server not found in Kerberos database",
+ KDC_ERR_PRINCIPAL_NOT_UNIQUE: "KDC_ERR_PRINCIPAL_NOT_UNIQUE Multiple principal entries in database",
+ KDC_ERR_NULL_KEY: "KDC_ERR_NULL_KEY The client or server has a null key",
+ KDC_ERR_CANNOT_POSTDATE: "KDC_ERR_CANNOT_POSTDATE Ticket not eligible for postdating",
+ KDC_ERR_NEVER_VALID: "KDC_ERR_NEVER_VALID Requested starttime is later than end time",
+ KDC_ERR_POLICY: "KDC_ERR_POLICY KDC policy rejects request",
+ KDC_ERR_BADOPTION: "KDC_ERR_BADOPTION KDC cannot accommodate requested option",
+ KDC_ERR_ETYPE_NOSUPP: "KDC_ERR_ETYPE_NOSUPP KDC has no support for encryption type",
+ KDC_ERR_SUMTYPE_NOSUPP: "KDC_ERR_SUMTYPE_NOSUPP KDC has no support for checksum type",
+ KDC_ERR_PADATA_TYPE_NOSUPP: "KDC_ERR_PADATA_TYPE_NOSUPP KDC has no support for padata type",
+ KDC_ERR_TRTYPE_NOSUPP: "KDC_ERR_TRTYPE_NOSUPP KDC has no support for transited type",
+ KDC_ERR_CLIENT_REVOKED: "KDC_ERR_CLIENT_REVOKED Clients credentials have been revoked",
+ KDC_ERR_SERVICE_REVOKED: "KDC_ERR_SERVICE_REVOKED Credentials for server have been revoked",
+ KDC_ERR_TGT_REVOKED: "KDC_ERR_TGT_REVOKED TGT has been revoked",
+ KDC_ERR_CLIENT_NOTYET: "KDC_ERR_CLIENT_NOTYET Client not yet valid; try again later",
+ KDC_ERR_SERVICE_NOTYET: "KDC_ERR_SERVICE_NOTYET Server not yet valid; try again later",
+ KDC_ERR_KEY_EXPIRED: "KDC_ERR_KEY_EXPIRED Password has expired; change password to reset",
+ KDC_ERR_PREAUTH_FAILED: "KDC_ERR_PREAUTH_FAILED Pre-authentication information was invalid",
+ KDC_ERR_PREAUTH_REQUIRED: "KDC_ERR_PREAUTH_REQUIRED Additional pre-authentication required",
+ KDC_ERR_SERVER_NOMATCH: "KDC_ERR_SERVER_NOMATCH Requested server and ticket don't match",
+ KDC_ERR_MUST_USE_USER2USER: "KDC_ERR_MUST_USE_USER2USER Server principal valid for user2user only",
+ KDC_ERR_PATH_NOT_ACCEPTED: "KDC_ERR_PATH_NOT_ACCEPTED KDC Policy rejects transited path",
+ KDC_ERR_SVC_UNAVAILABLE: "KDC_ERR_SVC_UNAVAILABLE A service is not available",
+ KRB_AP_ERR_BAD_INTEGRITY: "KRB_AP_ERR_BAD_INTEGRITY Integrity check on decrypted field failed",
+ KRB_AP_ERR_TKT_EXPIRED: "KRB_AP_ERR_TKT_EXPIRED Ticket expired",
+ KRB_AP_ERR_TKT_NYV: "KRB_AP_ERR_TKT_NYV Ticket not yet valid",
+ KRB_AP_ERR_REPEAT: "KRB_AP_ERR_REPEAT Request is a replay",
+ KRB_AP_ERR_NOT_US: "KRB_AP_ERR_NOT_US The ticket isn't for us",
+ KRB_AP_ERR_BADMATCH: "KRB_AP_ERR_BADMATCH Ticket and authenticator don't match",
+ KRB_AP_ERR_SKEW: "KRB_AP_ERR_SKEW Clock skew too great",
+ KRB_AP_ERR_BADADDR: "KRB_AP_ERR_BADADDR Incorrect net address",
+ KRB_AP_ERR_BADVERSION: "KRB_AP_ERR_BADVERSION Protocol version mismatch",
+ KRB_AP_ERR_MSG_TYPE: "KRB_AP_ERR_MSG_TYPE Invalid msg type",
+ KRB_AP_ERR_MODIFIED: "KRB_AP_ERR_MODIFIED Message stream modified",
+ KRB_AP_ERR_BADORDER: "KRB_AP_ERR_BADORDER Message out of order",
+ KRB_AP_ERR_BADKEYVER: "KRB_AP_ERR_BADKEYVER Specified version of key is not available",
+ KRB_AP_ERR_NOKEY: "KRB_AP_ERR_NOKEY Service key not available",
+ KRB_AP_ERR_MUT_FAIL: "KRB_AP_ERR_MUT_FAIL Mutual authentication failed",
+ KRB_AP_ERR_BADDIRECTION: "KRB_AP_ERR_BADDIRECTION Incorrect message direction",
+ KRB_AP_ERR_METHOD: "KRB_AP_ERR_METHOD Alternative authentication method required",
+ KRB_AP_ERR_BADSEQ: "KRB_AP_ERR_BADSEQ Incorrect sequence number in message",
+ KRB_AP_ERR_INAPP_CKSUM: "KRB_AP_ERR_INAPP_CKSUM Inappropriate type of checksum in message",
+ KRB_AP_PATH_NOT_ACCEPTED: "KRB_AP_PATH_NOT_ACCEPTED Policy rejects transited path",
+ KRB_ERR_RESPONSE_TOO_BIG: "KRB_ERR_RESPONSE_TOO_BIG Response too big for UDP; retry with TCP",
+ KRB_ERR_GENERIC: "KRB_ERR_GENERIC Generic error (description in e-text)",
+ KRB_ERR_FIELD_TOOLONG: "KRB_ERR_FIELD_TOOLONG Field is too long for this implementation",
+ KDC_ERROR_CLIENT_NOT_TRUSTED: "KDC_ERROR_CLIENT_NOT_TRUSTED Reserved for PKINIT",
+ KDC_ERROR_KDC_NOT_TRUSTED: "KDC_ERROR_KDC_NOT_TRUSTED Reserved for PKINIT",
+ KDC_ERROR_INVALID_SIG: "KDC_ERROR_INVALID_SIG Reserved for PKINIT",
+ KDC_ERR_KEY_TOO_WEAK: "KDC_ERR_KEY_TOO_WEAK Reserved for PKINIT",
+ KDC_ERR_CERTIFICATE_MISMATCH: "KDC_ERR_CERTIFICATE_MISMATCH Reserved for PKINIT",
+ KRB_AP_ERR_NO_TGT: "KRB_AP_ERR_NO_TGT No TGT available to validate USER-TO-USER",
+ KDC_ERR_WRONG_REALM: "KDC_ERR_WRONG_REALM Reserved for future use",
+ KRB_AP_ERR_USER_TO_USER_REQUIRED: "KRB_AP_ERR_USER_TO_USER_REQUIRED Ticket must be for USER-TO-USER",
+ KDC_ERR_CANT_VERIFY_CERTIFICATE: "KDC_ERR_CANT_VERIFY_CERTIFICATE Reserved for PKINIT",
+ KDC_ERR_INVALID_CERTIFICATE: "KDC_ERR_INVALID_CERTIFICATE Reserved for PKINIT",
+ KDC_ERR_REVOKED_CERTIFICATE: "KDC_ERR_REVOKED_CERTIFICATE Reserved for PKINIT",
+ KDC_ERR_REVOCATION_STATUS_UNKNOWN: "KDC_ERR_REVOCATION_STATUS_UNKNOWN Reserved for PKINIT",
+ KDC_ERR_REVOCATION_STATUS_UNAVAILABLE: "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE Reserved for PKINIT",
+ KDC_ERR_CLIENT_NAME_MISMATCH: "KDC_ERR_CLIENT_NAME_MISMATCH Reserved for PKINIT",
+ KDC_ERR_KDC_NAME_MISMATCH: "KDC_ERR_KDC_NAME_MISMATCH Reserved for PKINIT",
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/etypeID/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/etypeID/constants.go
new file mode 100644
index 0000000..46a0d74
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/etypeID/constants.go
@@ -0,0 +1,101 @@
+// Package etypeID provides Kerberos 5 encryption type assigned numbers.
+package etypeID
+
+// Kerberos encryption type assigned numbers.
+const (
+ //RESERVED : 0
+ DES_CBC_CRC int32 = 1
+ DES_CBC_MD4 int32 = 2
+ DES_CBC_MD5 int32 = 3
+ DES_CBC_RAW int32 = 4
+ DES3_CBC_MD5 int32 = 5
+ DES3_CBC_RAW int32 = 6
+ DES3_CBC_SHA1 int32 = 7
+ DES_HMAC_SHA1 int32 = 8
+ DSAWITHSHA1_CMSOID int32 = 9
+ MD5WITHRSAENCRYPTION_CMSOID int32 = 10
+ SHA1WITHRSAENCRYPTION_CMSOID int32 = 11
+ RC2CBC_ENVOID int32 = 12
+ RSAENCRYPTION_ENVOID int32 = 13
+ RSAES_OAEP_ENV_OID int32 = 14
+ DES_EDE3_CBC_ENV_OID int32 = 15
+ DES3_CBC_SHA1_KD int32 = 16
+ AES128_CTS_HMAC_SHA1_96 int32 = 17
+ AES256_CTS_HMAC_SHA1_96 int32 = 18
+ AES128_CTS_HMAC_SHA256_128 int32 = 19
+ AES256_CTS_HMAC_SHA384_192 int32 = 20
+ //UNASSIGNED : 21-22
+ RC4_HMAC int32 = 23
+ RC4_HMAC_EXP int32 = 24
+ CAMELLIA128_CTS_CMAC int32 = 25
+ CAMELLIA256_CTS_CMAC int32 = 26
+ //UNASSIGNED : 27-64
+ SUBKEY_KEYMATERIAL int32 = 65
+ //UNASSIGNED : 66-2147483647
+)
+
+// ETypesByName is a map of EncType names to their assigned EncType number.
+var ETypesByName = map[string]int32{
+ "des-cbc-crc": DES_CBC_CRC,
+ "des-cbc-md4": DES_CBC_MD4,
+ "des-cbc-md5": DES_CBC_MD5,
+ "des-cbc-raw": DES_CBC_RAW,
+ "des3-cbc-md5": DES3_CBC_MD5,
+ "des3-cbc-raw": DES3_CBC_RAW,
+ "des3-cbc-sha1": DES3_CBC_SHA1,
+ "des3-hmac-sha1": DES_HMAC_SHA1,
+ "des3-cbc-sha1-kd": DES3_CBC_SHA1_KD,
+ "des-hmac-sha1": DES_HMAC_SHA1,
+ "dsaWithSHA1-CmsOID": DSAWITHSHA1_CMSOID,
+ "md5WithRSAEncryption-CmsOID": MD5WITHRSAENCRYPTION_CMSOID,
+ "sha1WithRSAEncryption-CmsOID": SHA1WITHRSAENCRYPTION_CMSOID,
+ "rc2CBC-EnvOID": RC2CBC_ENVOID,
+ "rsaEncryption-EnvOID": RSAENCRYPTION_ENVOID,
+ "rsaES-OAEP-ENV-OID": RSAES_OAEP_ENV_OID,
+ "des-ede3-cbc-Env-OID": DES_EDE3_CBC_ENV_OID,
+ "aes128-cts-hmac-sha1-96": AES128_CTS_HMAC_SHA1_96,
+ "aes128-cts": AES128_CTS_HMAC_SHA1_96,
+ "aes128-sha1": AES128_CTS_HMAC_SHA1_96,
+ "aes256-cts-hmac-sha1-96": AES256_CTS_HMAC_SHA1_96,
+ "aes256-cts": AES256_CTS_HMAC_SHA1_96,
+ "aes256-sha1": AES256_CTS_HMAC_SHA1_96,
+ "aes128-cts-hmac-sha256-128": AES128_CTS_HMAC_SHA256_128,
+ "aes128-sha2": AES128_CTS_HMAC_SHA256_128,
+ "aes256-cts-hmac-sha384-192": AES256_CTS_HMAC_SHA384_192,
+ "aes256-sha2": AES256_CTS_HMAC_SHA384_192,
+ "arcfour-hmac": RC4_HMAC,
+ "rc4-hmac": RC4_HMAC,
+ "arcfour-hmac-md5": RC4_HMAC,
+ "arcfour-hmac-exp": RC4_HMAC_EXP,
+ "rc4-hmac-exp": RC4_HMAC_EXP,
+ "arcfour-hmac-md5-exp": RC4_HMAC_EXP,
+ "camellia128-cts-cmac": CAMELLIA128_CTS_CMAC,
+ "camellia128-cts": CAMELLIA128_CTS_CMAC,
+ "camellia256-cts-cmac": CAMELLIA256_CTS_CMAC,
+ "camellia256-cts": CAMELLIA256_CTS_CMAC,
+ "subkey-keymaterial": SUBKEY_KEYMATERIAL,
+}
+
+// EtypeSupported resolves the etype name string to the etype ID.
+// If zero is returned the etype is not supported by gokrb5.
+func EtypeSupported(etype string) int32 {
+ // Slice of supported enctype IDs
+ s := []int32{
+ AES128_CTS_HMAC_SHA1_96,
+ AES256_CTS_HMAC_SHA1_96,
+ AES128_CTS_HMAC_SHA256_128,
+ AES256_CTS_HMAC_SHA384_192,
+ DES3_CBC_SHA1_KD,
+ RC4_HMAC,
+ }
+ id := ETypesByName[etype]
+ if id == 0 {
+ return id
+ }
+ for _, sid := range s {
+ if id == sid {
+ return id
+ }
+ }
+ return 0
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/flags/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/flags/constants.go
new file mode 100644
index 0000000..787801f
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/flags/constants.go
@@ -0,0 +1,36 @@
+// Package flags provides Kerberos 5 flag assigned numbers.
+package flags
+
+// Flag values for KRB5 messages and tickets.
+const (
+ Reserved = 0
+ Forwardable = 1
+ Forwarded = 2
+ Proxiable = 3
+ Proxy = 4
+ AllowPostDate = 5
+ MayPostDate = 5
+ PostDated = 6
+ Invalid = 7
+ Renewable = 8
+ Initial = 9
+ PreAuthent = 10
+ HWAuthent = 11
+ OptHardwareAuth = 11
+ RequestAnonymous = 12
+ TransitedPolicyChecked = 12
+ OKAsDelegate = 13
+ EncPARep = 15
+ Canonicalize = 15
+ DisableTransitedCheck = 26
+ RenewableOK = 27
+ EncTktInSkey = 28
+ Renew = 30
+ Validate = 31
+
+ // AP Option Flags
+ // 0 Reserved for future use.
+ APOptionUseSessionKey = 1
+ APOptionMutualRequired = 2
+ // 3-31 Reserved for future use.
+)
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/keyusage/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/keyusage/constants.go
new file mode 100644
index 0000000..5b232d1
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/keyusage/constants.go
@@ -0,0 +1,42 @@
+// Package keyusage provides Kerberos 5 key usage assigned numbers.
+package keyusage
+
+// Key usage numbers.
+const (
+ AS_REQ_PA_ENC_TIMESTAMP = 1
+ KDC_REP_TICKET = 2
+ AS_REP_ENCPART = 3
+ TGS_REQ_KDC_REQ_BODY_AUTHDATA_SESSION_KEY = 4
+ TGS_REQ_KDC_REQ_BODY_AUTHDATA_SUB_KEY = 5
+ TGS_REQ_PA_TGS_REQ_AP_REQ_AUTHENTICATOR_CHKSUM = 6
+ TGS_REQ_PA_TGS_REQ_AP_REQ_AUTHENTICATOR = 7
+ TGS_REP_ENCPART_SESSION_KEY = 8
+ TGS_REP_ENCPART_AUTHENTICATOR_SUB_KEY = 9
+ AP_REQ_AUTHENTICATOR_CHKSUM = 10
+ AP_REQ_AUTHENTICATOR = 11
+ AP_REP_ENCPART = 12
+ KRB_PRIV_ENCPART = 13
+ KRB_CRED_ENCPART = 14
+ KRB_SAFE_CHKSUM = 15
+ KERB_NON_KERB_SALT = 16
+ KERB_NON_KERB_CKSUM_SALT = 17
+ //18. Reserved for future use in Kerberos and related protocols.
+ AD_KDC_ISSUED_CHKSUM = 19
+ //20-21. Reserved for future use in Kerberos and related protocols.
+ GSSAPI_ACCEPTOR_SEAL = 22
+ GSSAPI_ACCEPTOR_SIGN = 23
+ GSSAPI_INITIATOR_SEAL = 24
+ GSSAPI_INITIATOR_SIGN = 25
+ KEY_USAGE_FAST_REQ_CHKSUM = 50
+ KEY_USAGE_FAST_ENC = 51
+ KEY_USAGE_FAST_REP = 52
+ KEY_USAGE_FAST_FINISHED = 53
+ KEY_USAGE_ENC_CHALLENGE_CLIENT = 54
+ KEY_USAGE_ENC_CHALLENGE_KDC = 55
+ KEY_USAGE_AS_REQ = 56
+ //26-511. Reserved for future use in Kerberos and related protocols.
+ //512-1023. Reserved for uses internal to a Kerberos implementation.
+ //1024. Encryption for application use in protocols that do not specify key usage values
+ //1025. Checksums for application use in protocols that do not specify key usage values
+ //1026-2047. Reserved for application use.
+)
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/msgtype/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/msgtype/constants.go
new file mode 100644
index 0000000..ad21810
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/msgtype/constants.go
@@ -0,0 +1,18 @@
+// Package msgtype provides Kerberos 5 message type assigned numbers.
+package msgtype
+
+// KRB message type IDs.
+const (
+ KRB_AS_REQ = 10 //Request for initial authentication
+ KRB_AS_REP = 11 //Response to KRB_AS_REQ request
+ KRB_TGS_REQ = 12 //Request for authentication based on TGT
+ KRB_TGS_REP = 13 //Response to KRB_TGS_REQ request
+ KRB_AP_REQ = 14 //Application request to server
+ KRB_AP_REP = 15 //Response to KRB_AP_REQ_MUTUAL
+ KRB_RESERVED16 = 16 //Reserved for user-to-user krb_tgt_request
+ KRB_RESERVED17 = 17 //Reserved for user-to-user krb_tgt_reply
+ KRB_SAFE = 20 // Safe (checksummed) application message
+ KRB_PRIV = 21 // Private (encrypted) application message
+ KRB_CRED = 22 //Private (encrypted) message to forward credentials
+ KRB_ERROR = 30 //Error response
+)
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/nametype/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/nametype/constants.go
new file mode 100644
index 0000000..c111a05
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/nametype/constants.go
@@ -0,0 +1,15 @@
+// Package nametype provides Kerberos 5 principal name type numbers.
+package nametype
+
+// Kerberos name type IDs.
+const (
+ KRB_NT_UNKNOWN int32 = 0 //Name type not known
+ KRB_NT_PRINCIPAL int32 = 1 //Just the name of the principal as in DCE, or for users
+ KRB_NT_SRV_INST int32 = 2 //Service and other unique instance (krbtgt)
+ KRB_NT_SRV_HST int32 = 3 //Service with host name as instance (telnet, rcommands)
+ KRB_NT_SRV_XHST int32 = 4 //Service with host as remaining components
+ KRB_NT_UID int32 = 5 //Unique ID
+ KRB_NT_X500_PRINCIPAL int32 = 6 //Encoded X.509 Distinguished name [RFC2253]
+ KRB_NT_SMTP_NAME int32 = 7 //Name in form of SMTP email name (e.g., user@example.com)
+ KRB_NT_ENTERPRISE int32 = 10 //Enterprise name; may be mapped to principal name
+)
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/patype/constants.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/patype/constants.go
new file mode 100644
index 0000000..aa04f63
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/iana/patype/constants.go
@@ -0,0 +1,77 @@
+// Package patype provides Kerberos 5 pre-authentication type assigned numbers.
+package patype
+
+// Kerberos pre-authentication type assigned numbers.
+const (
+ PA_TGS_REQ int32 = 1
+ PA_ENC_TIMESTAMP int32 = 2
+ PA_PW_SALT int32 = 3
+ //RESERVED : 4
+ PA_ENC_UNIX_TIME int32 = 5
+ PA_SANDIA_SECUREID int32 = 6
+ PA_SESAME int32 = 7
+ PA_OSF_DCE int32 = 8
+ PA_CYBERSAFE_SECUREID int32 = 9
+ PA_AFS3_SALT int32 = 10
+ PA_ETYPE_INFO int32 = 11
+ PA_SAM_CHALLENGE int32 = 12
+ PA_SAM_RESPONSE int32 = 13
+ PA_PK_AS_REQ_OLD int32 = 14
+ PA_PK_AS_REP_OLD int32 = 15
+ PA_PK_AS_REQ int32 = 16
+ PA_PK_AS_REP int32 = 17
+ PA_PK_OCSP_RESPONSE int32 = 18
+ PA_ETYPE_INFO2 int32 = 19
+ PA_USE_SPECIFIED_KVNO int32 = 20
+ PA_SVR_REFERRAL_INFO int32 = 20
+ PA_SAM_REDIRECT int32 = 21
+ PA_GET_FROM_TYPED_DATA int32 = 22
+ TD_PADATA int32 = 22
+ PA_SAM_ETYPE_INFO int32 = 23
+ PA_ALT_PRINC int32 = 24
+ PA_SERVER_REFERRAL int32 = 25
+ //UNASSIGNED : 26-29
+ PA_SAM_CHALLENGE2 int32 = 30
+ PA_SAM_RESPONSE2 int32 = 31
+ //UNASSIGNED : 32-40
+ PA_EXTRA_TGT int32 = 41
+ //UNASSIGNED : 42-100
+ TD_PKINIT_CMS_CERTIFICATES int32 = 101
+ TD_KRB_PRINCIPAL int32 = 102
+ TD_KRB_REALM int32 = 103
+ TD_TRUSTED_CERTIFIERS int32 = 104
+ TD_CERTIFICATE_INDEX int32 = 105
+ TD_APP_DEFINED_ERROR int32 = 106
+ TD_REQ_NONCE int32 = 107
+ TD_REQ_SEQ int32 = 108
+ TD_DH_PARAMETERS int32 = 109
+ //UNASSIGNED : 110
+ TD_CMS_DIGEST_ALGORITHMS int32 = 111
+ TD_CERT_DIGEST_ALGORITHMS int32 = 112
+ //UNASSIGNED : 113-127
+ PA_PAC_REQUEST int32 = 128
+ PA_FOR_USER int32 = 129
+ PA_FOR_X509_USER int32 = 130
+ PA_FOR_CHECK_DUPS int32 = 131
+ PA_AS_CHECKSUM int32 = 132
+ PA_FX_COOKIE int32 = 133
+ PA_AUTHENTICATION_SET int32 = 134
+ PA_AUTH_SET_SELECTED int32 = 135
+ PA_FX_FAST int32 = 136
+ PA_FX_ERROR int32 = 137
+ PA_ENCRYPTED_CHALLENGE int32 = 138
+ //UNASSIGNED : 139-140
+ PA_OTP_CHALLENGE int32 = 141
+ PA_OTP_REQUEST int32 = 142
+ PA_OTP_CONFIRM int32 = 143
+ PA_OTP_PIN_CHANGE int32 = 144
+ PA_EPAK_AS_REQ int32 = 145
+ PA_EPAK_AS_REP int32 = 146
+ PA_PKINIT_KX int32 = 147
+ PA_PKU2U_NAME int32 = 148
+ PA_REQ_ENC_PA_REP int32 = 149
+ PA_AS_FRESHNESS int32 = 150
+ //UNASSIGNED : 151-164
+ PA_SUPPORTED_ETYPES int32 = 165
+ PA_EXTENDED_ERROR int32 = 166
+)