client

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2026 License: MIT Imports: 24 Imported by: 1

Documentation

Overview

Package client provides a high-level API for PowerShell Remoting over WSMan.

Package client provides a high-level convenience API for PowerShell remoting.

This is the recommended entry point for most users. It handles:

  • Connection management
  • RunspacePool lifecycle
  • Simple command execution

Quick Start 

c, err := client.New(ctx, client.Config{
    Endpoint: "https://server:5986/wsman",
    Username: "administrator",
    Password: "password",
    AuthType: client.AuthNTLM,
})
if err != nil {
    log.Fatal(err)
}
defer c.Close(ctx)

result, err := c.Execute(ctx, "Get-Process")

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrQueueFull is returned when the semaphore queue limit is reached.
	ErrQueueFull = errors.New("client: execution queue is full")

	// ErrAcquireTimeout is returned when waiting for a runspace slot times out.
	ErrAcquireTimeout = errors.New("client: timeout waiting for available runspace")
)

Functions

This section is empty.

Types

type AuthType 

type AuthType int

AuthType specifies the authentication mechanism. 

const (
	// AuthNegotiate uses SPNEGO - tries Kerberos first, falls back to NTLM.
	// This is the recommended default for most Windows environments.
	AuthNegotiate AuthType = iota
	// AuthBasic uses HTTP Basic authentication.
	AuthBasic
	// AuthNTLM uses NTLM authentication (direct, not via SPNEGO).
	AuthNTLM
	// AuthKerberos uses Kerberos authentication only (no NTLM fallback).
	AuthKerberos
)

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is a high-level PSRP client for executing PowerShell commands.

func New 

func New(hostname string, cfg Config) (*Client, error)

New creates a new PSRP client.

func (*Client) Close 

func (c *Client) Close(ctx context.Context) error

Close closes the connection to the remote server using the Graceful strategy.

func (*Client) CloseWithStrategy 

func (c *Client) CloseWithStrategy(ctx context.Context, strategy CloseStrategy) error

CloseWithStrategy closes the connection using the specified strategy.

func (*Client) Connect 

func (c *Client) Connect(ctx context.Context) error

Connect establishes a connection to the remote server.

func (*Client) Disconnect 

func (c *Client) Disconnect(ctx context.Context) error

Disconnect disconnects from the remote session without closing it. The session remains running on the server and can be reconnected to later. Note: This only works if the backend supports it (WSMan) or via dirty PSRP disconnect (HvSocket).

func (*Client) Endpoint 

func (c *Client) Endpoint() string

Endpoint returns the WinRM endpoint URL.

func (*Client) Execute 

func (c *Client) Execute(ctx context.Context, script string) (*Result, error)

Execute runs a PowerShell script on the remote server. The script can be any valid PowerShell code. Returns the output and any errors from execution. Execute runs a PowerShell script on the remote server. The script can be any valid PowerShell code. Returns the output and any errors from execution.

func (*Client) ExecuteAsync 

func (c *Client) ExecuteAsync(ctx context.Context, script string) (string, error)

ExecuteAsync starts a PowerShell script execution but returns immediately without waiting for output. Returns the CommandID (PipelineID) for later recovery of output. This is useful for starting long-running commands and then disconnecting.

func (*Client) ExecuteStream 

func (c *Client) ExecuteStream(ctx context.Context, script string) (*StreamResult, error)

ExecuteStream runs a PowerShell script asynchronously and returns a StreamResult that provides access to output as it is produced. The caller is responsible for consuming the output channels and calling Wait().

func (*Client) IsConnected 

func (c *Client) IsConnected() bool

IsConnected returns true if the client is connected.

func (*Client) ListDisconnectedSessions 

func (c *Client) ListDisconnectedSessions(ctx context.Context) ([]DisconnectedSession, error)

ListDisconnectedSessions queries the server for disconnected shells and their pipelines.

func (*Client) PoolID 

func (c *Client) PoolID() string

PoolID returns the PSRP RunspacePool ID.

func (*Client) Reconnect 

func (c *Client) Reconnect(ctx context.Context, shellID string) error

Reconnect connects to an existing disconnected shell. usage: client.Reconnect(ctx, shellID)

func (*Client) ReconnectSession 

func (c *Client) ReconnectSession(ctx context.Context, state *SessionState) error

ReconnectSession connects to an existing disconnected session using the provided state. This is the transport-agnostic version of Reconnect.

func (*Client) RecoverPipelineOutput 

func (c *Client) RecoverPipelineOutput(ctx context.Context, shellID, commandID string) (*Result, error)

RecoverPipelineOutput retrieves buffered output from a disconnected pipeline. This reconnects to the shell and receives any output that was buffered before disconnect.

func (*Client) RemoveDisconnectedSession 

func (c *Client) RemoveDisconnectedSession(ctx context.Context, session DisconnectedSession) error

RemoveDisconnectedSession deletes a disconnected session on the server.

func (*Client) SaveState 

func (c *Client) SaveState(path string) error

SaveState saves the current session state to a file.

func (*Client) SetPoolID 

func (c *Client) SetPoolID(poolID string) error

SetPoolID sets the PSRP RunspacePool ID (must be called before Connect/Reconnect).

func (*Client) SetSessionID 

func (c *Client) SetSessionID(sessionID string)

SetSessionID sets the WSMan SessionID (useful for testing session persistence).

func (*Client) SetSlogLogger 

func (c *Client) SetSlogLogger(logger *slog.Logger)

SetSlogLogger sets the structured logger for the client and underlying components.

func (*Client) ShellID 

func (c *Client) ShellID() string

ShellID returns the identifier of the underlying shell. Returns empty string if not connected.

type CloseStrategy 

type CloseStrategy int

CloseStrategy specifies how the client should be closed. 

const (
	// CloseStrategyGraceful attempts to close the remote session cleanly.
	// It sends PSRP and WSMan close messages.
	CloseStrategyGraceful CloseStrategy = iota

	// CloseStrategyForce closes the client immediately without sending network messages.
	// Use this when the connection is known to be broken or responsiveness is required.
	CloseStrategyForce
)

type Config 

type Config struct {
	// Port is the WinRM port (default: 5985 for HTTP, 5986 for HTTPS).
	Port int

	// UseTLS enables HTTPS transport.
	UseTLS bool

	// InsecureSkipVerify skips TLS certificate verification.
	// WARNING: Only use for testing.
	InsecureSkipVerify bool

	// Timeout is the operation timeout.
	Timeout time.Duration

	// AuthType specifies the authentication type (Basic, NTLM, or Kerberos).
	AuthType AuthType

	// Username for authentication.
	Username string

	// Password for authentication.
	Password string

	// Domain for NTLM authentication.
	Domain string

	// Kerberos specific settings
	// Realm is the Kerberos realm (optional, auto-detected from config if empty).
	Realm string
	// Krb5ConfPath is the path to krb5.conf (optional, defaults to /etc/krb5.conf).
	Krb5ConfPath string
	// KeytabPath is the path to the keytab file (optional).
	KeytabPath string
	// CCachePath is the path to the credential cache (optional).
	CCachePath string

	// Transport specifies the transport mechanism (WSMan or HvSocket).
	Transport TransportType

	// VMID is the Hyper-V VM GUID (Required for TransportHvSocket).
	VMID string

	// ConfigurationName is the PowerShell configuration name (Optional, for HvSocket).
	ConfigurationName string

	// MaxRunspaces limits the number of concurrent pipeline executions.
	// Default: 1 (safe). Set to > 1 to enable concurrent execution if server supports it.
	// This replaces legacy MaxConcurrentCommands.
	MaxRunspaces int

	// MaxConcurrentCommands is deprecated. Use MaxRunspaces instead.
	MaxConcurrentCommands int

	// MaxQueueSize limits the number of commands waiting for a runspace.
	// If 0, queue is unbounded. If > 0, Execute() returns ErrQueueFull if queue is full.
	MaxQueueSize int

	// KeepAliveInterval specifies the interval for sending PSRP keepalive messages
	// (GET_AVAILABLE_RUNSPACES) to maintain session health and prevent timeouts.
	// If 0, keepalive is disabled.
	KeepAliveInterval time.Duration

	// IdleTimeout specifies the WSMan shell idle timeout as an ISO8601 duration string (e.g., "PT1H").
	// If empty, defaults to "PT30M" (30 minutes).
	// Only applies to WSMan transport.
	IdleTimeout string

	// RunspaceOpenTimeout specifies the maximum time to wait for a runspace to open.
	// If 0, defaults to 60 seconds.
	RunspaceOpenTimeout time.Duration
}

Config holds configuration for a PSRP client.

func DefaultConfig 

func DefaultConfig() Config

DefaultConfig returns a Config with sensible defaults.

func (*Config) Validate 

func (c *Config) Validate() error

Validate checks that the configuration is valid.

type DisconnectedPipeline 

type DisconnectedPipeline struct {
	CommandID string
}

DisconnectedPipeline represents a pipeline within a disconnected session.

type DisconnectedSession 

type DisconnectedSession struct {
	ShellID   string
	Name      string
	State     string
	Owner     string
	Pipelines []DisconnectedPipeline
}

DisconnectedSession represents a disconnected PowerShell session that can be reconnected.

type Result 

type Result struct {
	// Output contains deserialized objects from the pipeline output stream.
	// Each element is a Go type: string, int32, int64, bool, float64,
	// *serialization.PSObject, []interface{}, map[string]interface{}, etc.
	Output []interface{}

	// Errors contains deserialized ErrorRecord objects from the error stream.
	// Populated when PowerShell writes to the error stream (non-terminating errors).
	Errors []interface{}

	// Warnings contains deserialized warning messages from Write-Warning.
	Warnings []interface{}

	// Verbose contains deserialized verbose messages from Write-Verbose.
	Verbose []interface{}

	// Debug contains deserialized debug messages from Write-Debug.
	Debug []interface{}

	// Progress contains deserialized progress records from Write-Progress.
	Progress []interface{}

	// Information contains deserialized information records from Write-Information.
	Information []interface{}

	// HadErrors is true if any error records were received or the pipeline failed.
	HadErrors bool
}

Result represents the result of a PowerShell command execution. All PowerShell output streams are supported.

type SessionState 

type SessionState struct {
	Transport   string   `json:"transport"`              // "wsman" or "hvsocket"
	PoolID      string   `json:"pool_uuid"`              // RunspacePool UUID
	SessionID   string   `json:"session_id"`             // PSRP Session ID (often same as PoolID)
	MessageID   int64    `json:"message_id"`             // Last used message ID
	RunspaceID  string   `json:"runspace_id,omitempty"`  // Connected Runspace ID (if any)
	PipelineIDs []string `json:"pipeline_ids,omitempty"` // Active pipeline IDs

	// WSMan specific
	ShellID string `json:"shell_id,omitempty"`

	// HvSocket specific
	VMID        string            `json:"vm_id,omitempty"`
	ServiceID   string            `json:"service_id,omitempty"`
	OutputPaths map[string]string `json:"output_paths,omitempty"` // HvSocket file recovery paths
}

SessionState represents the serialized state of a client session needed for persistence and reconnection.

func LoadState 

func LoadState(path string) (*SessionState, error)

LoadState loads a session state from a file.

type StreamResult 

type StreamResult struct {

	// Output streams - consume these channels to get output as it arrives
	Output      <-chan *messages.Message
	Errors      <-chan *messages.Message
	Warnings    <-chan *messages.Message
	Verbose     <-chan *messages.Message
	Debug       <-chan *messages.Message
	Progress    <-chan *messages.Message
	Information <-chan *messages.Message
	// contains filtered or unexported fields
}

StreamResult represents the streaming result of a PowerShell command execution. Use Wait() to block until completion or consume channels directly.

func (*StreamResult) Cancel 

func (sr *StreamResult) Cancel()

Cancel cancels the pipeline execution.

func (*StreamResult) Wait 

func (sr *StreamResult) Wait() error

Wait blocks until the pipeline completes and returns the final error (if any). After Wait returns, all channels are closed.

type TransportType 

type TransportType int

TransportType specifies the transport mechanism. 

const (
	// TransportWSMan uses WSMan (HTTP/HTTPS) transport.
	TransportWSMan TransportType = iota
	// TransportHvSocket uses Hyper-V Socket (PowerShell Direct) transport.
	TransportHvSocket
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.