VOL-1967 move api-server to separate repository
Change-Id: I21b85be74205805be15f8a85e53a903d16785671
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/kadmin/changepasswddata.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/kadmin/changepasswddata.go
new file mode 100644
index 0000000..a3e2efd
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/kadmin/changepasswddata.go
@@ -0,0 +1,23 @@
+package kadmin
+
+import (
+ "github.com/jcmturner/gofork/encoding/asn1"
+ "gopkg.in/jcmturner/gokrb5.v7/types"
+)
+
+// ChangePasswdData is the payload to a password change message.
+type ChangePasswdData struct {
+ NewPasswd []byte `asn1:"explicit,tag:0"`
+ TargName types.PrincipalName `asn1:"explicit,optional,tag:1"`
+ TargRealm string `asn1:"generalstring,optional,explicit,tag:2"`
+}
+
+// Marshal ChangePasswdData into a byte slice.
+func (c *ChangePasswdData) Marshal() ([]byte, error) {
+ b, err := asn1.Marshal(*c)
+ if err != nil {
+ return []byte{}, err
+ }
+ //b = asn1tools.AddASNAppTag(b, asnAppTag.)
+ return b, nil
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/kadmin/message.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/kadmin/message.go
new file mode 100644
index 0000000..157fcad
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/kadmin/message.go
@@ -0,0 +1,114 @@
+package kadmin
+
+import (
+ "bytes"
+ "encoding/binary"
+ "errors"
+ "fmt"
+ "math"
+
+ "gopkg.in/jcmturner/gokrb5.v7/messages"
+ "gopkg.in/jcmturner/gokrb5.v7/types"
+)
+
+const (
+ verisonHex = "ff80"
+)
+
+// Request message for changing password.
+type Request struct {
+ APREQ messages.APReq
+ KRBPriv messages.KRBPriv
+}
+
+// Reply message for a password change.
+type Reply struct {
+ MessageLength int
+ Version int
+ APREPLength int
+ APREP messages.APRep
+ KRBPriv messages.KRBPriv
+ KRBError messages.KRBError
+ IsKRBError bool
+ ResultCode uint16
+ Result string
+}
+
+// Marshal a Request into a byte slice.
+func (m *Request) Marshal() (b []byte, err error) {
+ b = []byte{255, 128} // protocol version number: contains the hex constant 0xff80 (big-endian integer).
+ ab, e := m.APREQ.Marshal()
+ if e != nil {
+ err = fmt.Errorf("error marshaling AP_REQ: %v", e)
+ return
+ }
+ if len(ab) > math.MaxUint16 {
+ err = errors.New("length of AP_REQ greater then max Uint16 size")
+ return
+ }
+ al := make([]byte, 2)
+ binary.BigEndian.PutUint16(al, uint16(len(ab)))
+ b = append(b, al...)
+ b = append(b, ab...)
+ pb, e := m.KRBPriv.Marshal()
+ if e != nil {
+ err = fmt.Errorf("error marshaling KRB_Priv: %v", e)
+ return
+ }
+ b = append(b, pb...)
+ if len(b)+2 > math.MaxUint16 {
+ err = errors.New("length of message greater then max Uint16 size")
+ return
+ }
+ ml := make([]byte, 2)
+ binary.BigEndian.PutUint16(ml, uint16(len(b)+2))
+ b = append(ml, b...)
+ return
+}
+
+// Unmarshal a byte slice into a Reply.
+func (m *Reply) Unmarshal(b []byte) error {
+ m.MessageLength = int(binary.BigEndian.Uint16(b[0:2]))
+ m.Version = int(binary.BigEndian.Uint16(b[2:4]))
+ if m.Version != 1 {
+ return fmt.Errorf("kadmin reply has incorrect protocol version number: %d", m.Version)
+ }
+ m.APREPLength = int(binary.BigEndian.Uint16(b[4:6]))
+ if m.APREPLength != 0 {
+ err := m.APREP.Unmarshal(b[6 : 6+m.APREPLength])
+ if err != nil {
+ return err
+ }
+ err = m.KRBPriv.Unmarshal(b[6+m.APREPLength : m.MessageLength])
+ if err != nil {
+ return err
+ }
+ } else {
+ m.IsKRBError = true
+ m.KRBError.Unmarshal(b[6:m.MessageLength])
+ m.ResultCode, m.Result = parseResponse(m.KRBError.EData)
+ }
+ return nil
+}
+
+func parseResponse(b []byte) (c uint16, s string) {
+ c = binary.BigEndian.Uint16(b[0:2])
+ buf := bytes.NewBuffer(b[2:])
+ m := make([]byte, len(b)-2)
+ binary.Read(buf, binary.BigEndian, &m)
+ s = string(m)
+ return
+}
+
+// Decrypt the encrypted part of the KRBError within the change password Reply.
+func (m *Reply) Decrypt(key types.EncryptionKey) error {
+ if m.IsKRBError {
+ return m.KRBError
+ }
+ err := m.KRBPriv.DecryptEncPart(key)
+ if err != nil {
+ return err
+ }
+ m.ResultCode, m.Result = parseResponse(m.KRBPriv.DecryptedEncPart.UserData)
+ return nil
+}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/kadmin/passwd.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/kadmin/passwd.go
new file mode 100644
index 0000000..2a7491a
--- /dev/null
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/kadmin/passwd.go
@@ -0,0 +1,68 @@
+// Package kadmin provides Kerberos administration capabilities.
+package kadmin
+
+import (
+ "gopkg.in/jcmturner/gokrb5.v7/crypto"
+ "gopkg.in/jcmturner/gokrb5.v7/krberror"
+ "gopkg.in/jcmturner/gokrb5.v7/messages"
+ "gopkg.in/jcmturner/gokrb5.v7/types"
+)
+
+// ChangePasswdMsg generate a change password request and also return the key needed to decrypt the reply.
+func ChangePasswdMsg(cname types.PrincipalName, realm, password string, tkt messages.Ticket, sessionKey types.EncryptionKey) (r Request, k types.EncryptionKey, err error) {
+ // Create change password data struct and marshal to bytes
+ chgpasswd := ChangePasswdData{
+ NewPasswd: []byte(password),
+ TargName: cname,
+ TargRealm: realm,
+ }
+ chpwdb, err := chgpasswd.Marshal()
+ if err != nil {
+ err = krberror.Errorf(err, krberror.KRBMsgError, "error marshaling change passwd data")
+ return
+ }
+
+ // Generate authenticator
+ auth, err := types.NewAuthenticator(realm, cname)
+ if err != nil {
+ err = krberror.Errorf(err, krberror.KRBMsgError, "error generating new authenticator")
+ return
+ }
+ etype, err := crypto.GetEtype(sessionKey.KeyType)
+ if err != nil {
+ err = krberror.Errorf(err, krberror.KRBMsgError, "error generating subkey etype")
+ return
+ }
+ err = auth.GenerateSeqNumberAndSubKey(etype.GetETypeID(), etype.GetKeyByteSize())
+ if err != nil {
+ err = krberror.Errorf(err, krberror.KRBMsgError, "error generating subkey")
+ return
+ }
+ k = auth.SubKey
+
+ // Generate AP_REQ
+ APreq, err := messages.NewAPReq(tkt, sessionKey, auth)
+ if err != nil {
+ return
+ }
+
+ // Form the KRBPriv encpart data
+ kp := messages.EncKrbPrivPart{
+ UserData: chpwdb,
+ Timestamp: auth.CTime,
+ Usec: auth.Cusec,
+ SequenceNumber: auth.SeqNumber,
+ }
+ kpriv := messages.NewKRBPriv(kp)
+ err = kpriv.EncryptEncPart(k)
+ if err != nil {
+ err = krberror.Errorf(err, krberror.EncryptingError, "error encrypting change passwd data")
+ return
+ }
+
+ r = Request{
+ APREQ: APreq,
+ KRBPriv: kpriv,
+ }
+ return
+}