userdb

package

v1.13.0 Latest Latest Go to latest Published: Dec 24, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

blitiri.com.ar/git/r/chasquid

Links

Open Source Insights

Documentation ¶

Overview ¶

Package userdb implements a simple user database.

Format ¶

The user database is a file containing a list of users and their passwords, encrypted with some scheme. We use a text-encoded protobuf, the structure can be found in userdb.proto.

We write text instead of binary to make it easier for administrators to troubleshoot, and since performance is not an issue for our expected usage.

Users must be UTF-8 and NOT contain whitespace; the library will enforce this.

Schemes ¶

The default scheme is SCRYPT, with hard-coded parameters. The API does not allow the user to change this, at least for now. A PLAIN scheme is also supported for debugging purposes.

Writing ¶

The functions that write a database file will not preserve ordering, invalid lines, empty lines, or any formatting.

It is also not safe for concurrent use from different processes.

Index ¶

Variables
type DB
- func Load(fname string) (*DB, error)
- func New(fname string) *DB
type Denied
type Password
type Password_Denied
type Password_Plain
type Password_Scrypt
type Plain
type ProtoDB
type Scrypt

Constants ¶

This section is empty.

Variables ¶

View Source

var File_userdb_proto protoreflect.FileDescriptor

Functions ¶

This section is empty.

Types ¶

type DB ¶

type DB struct {
	// contains filtered or unexported fields
}

DB represents a single user database.

func Load ¶

func Load(fname string) (*DB, error)

Load the database from the given file. Return the database, and a fatal error if the database could not be loaded.

func New ¶

func New(fname string) *DB

New returns a new user database, on the given file name.

func (*DB) AddDeniedUser ¶ added in v1.13.0

func (db *DB) AddDeniedUser(name string) error

AddDenied to the database. If the user is already present, override it. Note we enforce that the name has been normalized previously.

func (*DB) AddUser ¶

func (db *DB) AddUser(name, plainPassword string) error

AddUser to the database. If the user is already present, override it. Note we enforce that the name has been normalized previously.

func (*DB) Authenticate ¶

func (db *DB) Authenticate(name, plainPassword string) bool

Authenticate returns true if the password is valid for the user, false otherwise.

func (*DB) Exists ¶

func (db *DB) Exists(name string) bool

Exists returns true if the user is present, false otherwise.

func (*DB) Reload ¶

func (db *DB) Reload() error

Reload the database, refreshing its contents from the current file on disk. If there are errors reading from the file, they are returned and the database is not changed.

func (*DB) RemoveUser ¶

func (db *DB) RemoveUser(name string) bool

RemoveUser from the database. Returns True if the user was there, False otherwise.

func (*DB) Write ¶

func (db *DB) Write() error

Write the database to disk. It will do a complete rewrite each time, and is not safe to call it from different processes in parallel.

type Denied ¶ added in v1.13.0

type Denied struct {
	// contains filtered or unexported fields
}

func (*Denied) Descriptor deprecated added in v1.13.0

func (*Denied) Descriptor() ([]byte, []int)

Deprecated: Use Denied.ProtoReflect.Descriptor instead.

func (*Denied) ProtoMessage ¶ added in v1.13.0

func (*Denied) ProtoMessage()

func (*Denied) ProtoReflect ¶ added in v1.13.0

func (x *Denied) ProtoReflect() protoreflect.Message

func (*Denied) Reset ¶ added in v1.13.0

func (x *Denied) Reset()

func (*Denied) String ¶ added in v1.13.0

func (x *Denied) String() string

type Password ¶

type Password struct {

	// Types that are assignable to Scheme:
	//
	//	*Password_Scrypt
	//	*Password_Plain
	//	*Password_Denied
	Scheme isPassword_Scheme `protobuf_oneof:"scheme"`
	// contains filtered or unexported fields
}

func (*Password) Descriptor deprecated

func (*Password) Descriptor() ([]byte, []int)

Deprecated: Use Password.ProtoReflect.Descriptor instead.

func (*Password) GetDenied ¶ added in v1.13.0

func (x *Password) GetDenied() *Denied

func (*Password) GetPlain ¶

func (x *Password) GetPlain() *Plain

func (*Password) GetScheme ¶

func (m *Password) GetScheme() isPassword_Scheme

func (*Password) GetScrypt ¶

func (x *Password) GetScrypt() *Scrypt

func (*Password) PasswordMatches ¶

func (p *Password) PasswordMatches(plain string) bool

PasswordMatches returns true if the given password is a match.

func (*Password) ProtoMessage ¶

func (*Password) ProtoMessage()

func (*Password) ProtoReflect ¶

func (x *Password) ProtoReflect() protoreflect.Message

func (*Password) Reset ¶

func (x *Password) Reset()

func (*Password) String ¶

func (x *Password) String() string

type Password_Denied ¶ added in v1.13.0

type Password_Denied struct {
	Denied *Denied `protobuf:"bytes,4,opt,name=denied,proto3,oneof"`
}

type Password_Plain ¶

type Password_Plain struct {
	Plain *Plain `protobuf:"bytes,3,opt,name=plain,proto3,oneof"`
}

type Password_Scrypt ¶

type Password_Scrypt struct {
	Scrypt *Scrypt `protobuf:"bytes,2,opt,name=scrypt,proto3,oneof"`
}

type Plain ¶

type Plain struct {
	Password []byte `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
	// contains filtered or unexported fields
}

func (*Plain) Descriptor deprecated

func (*Plain) Descriptor() ([]byte, []int)

Deprecated: Use Plain.ProtoReflect.Descriptor instead.

func (*Plain) GetPassword ¶

func (x *Plain) GetPassword() []byte

func (*Plain) PasswordMatches ¶

func (p *Plain) PasswordMatches(plain string) bool

PasswordMatches implementation for the plain text scheme. Useful mostly for testing and debugging. TODO: Do we really need this? Removing it would make accidents less likely to happen. Consider doing so when we add another scheme, so we a least have two and multi-scheme support does not bit-rot.

func (*Plain) ProtoMessage ¶

func (*Plain) ProtoMessage()

func (*Plain) ProtoReflect ¶

func (x *Plain) ProtoReflect() protoreflect.Message

func (*Plain) Reset ¶

func (x *Plain) Reset()

func (*Plain) String ¶

func (x *Plain) String() string

type ProtoDB ¶

type ProtoDB struct {
	Users map[string]*Password `` /* 151-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*ProtoDB) Descriptor deprecated

func (*ProtoDB) Descriptor() ([]byte, []int)

Deprecated: Use ProtoDB.ProtoReflect.Descriptor instead.

func (*ProtoDB) GetUsers ¶

func (x *ProtoDB) GetUsers() map[string]*Password

func (*ProtoDB) ProtoMessage ¶

func (*ProtoDB) ProtoMessage()

func (*ProtoDB) ProtoReflect ¶

func (x *ProtoDB) ProtoReflect() protoreflect.Message

func (*ProtoDB) Reset ¶

func (x *ProtoDB) Reset()

func (*ProtoDB) String ¶

func (x *ProtoDB) String() string

type Scrypt ¶

type Scrypt struct {
	LogN      uint64 `protobuf:"varint,1,opt,name=logN,proto3" json:"logN,omitempty"`
	R         int32  `protobuf:"varint,2,opt,name=r,proto3" json:"r,omitempty"`
	P         int32  `protobuf:"varint,3,opt,name=p,proto3" json:"p,omitempty"`
	KeyLen    int32  `protobuf:"varint,4,opt,name=keyLen,proto3" json:"keyLen,omitempty"`
	Salt      []byte `protobuf:"bytes,5,opt,name=salt,proto3" json:"salt,omitempty"`
	Encrypted []byte `protobuf:"bytes,6,opt,name=encrypted,proto3" json:"encrypted,omitempty"`
	// contains filtered or unexported fields
}

func (*Scrypt) Descriptor deprecated

func (*Scrypt) Descriptor() ([]byte, []int)

Deprecated: Use Scrypt.ProtoReflect.Descriptor instead.

func (*Scrypt) GetEncrypted ¶

func (x *Scrypt) GetEncrypted() []byte

func (*Scrypt) GetKeyLen ¶

func (x *Scrypt) GetKeyLen() int32

func (*Scrypt) GetLogN ¶

func (x *Scrypt) GetLogN() uint64

func (*Scrypt) GetP ¶

func (x *Scrypt) GetP() int32

func (*Scrypt) GetR ¶

func (x *Scrypt) GetR() int32

func (*Scrypt) GetSalt ¶

func (x *Scrypt) GetSalt() []byte

func (*Scrypt) PasswordMatches ¶

func (s *Scrypt) PasswordMatches(plain string) bool

PasswordMatches implementation for the scrypt scheme, which we use by default.

func (*Scrypt) ProtoMessage ¶

func (*Scrypt) ProtoMessage()

func (*Scrypt) ProtoReflect ¶

func (x *Scrypt) ProtoReflect() protoreflect.Message

func (*Scrypt) Reset ¶

func (x *Scrypt) Reset()

func (*Scrypt) String ¶

func (x *Scrypt) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL