teams

package
v0.0.0-...-66acf6f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 18, 2024 License: BSD-3-Clause Imports: 52 Imported by: 0

Documentation

Overview

Similar to libkb/kbsigs.go, but for teams sigs.

Index

Constants

View Source
const (
	SeitanScryptCost   = 1 << 10
	SeitanScryptR      = 8
	SeitanScryptP      = 1
	SeitanScryptKeylen = 32
)
View Source
const AuditCurrentVersion = keybase1.AuditVersion_V4

AuditCurrentVersion is the version that works with this code. Older stored versions will be discarded on load from level DB.

View Source
const BoxAuditIDLen = 16
View Source
const BoxAuditTag = "BOXAUD"
View Source
const CurrentBoxAuditVersion boxAuditVersion = 6
View Source
const FTLVersion = 1
View Source
const JailLRUSize = 100
View Source
const KBase30EncodeStd = "abcdefghjkmnpqrsuvwxyz23456789"

Key-Base 30 encoding. lower case letters except "ilot", and digits except for '0' and '1'. See TestSeitanParams for a test to make sure these two parameters match up.

View Source
const MaxBoxAuditLogSize = 10
View Source
const MaxBoxAuditQueueSize = 100
View Source
const MaxBoxAuditRetryAttempts = 6
View Source
const SeitanEncodedIKeyInvitelinkLength = 28

documented in go/teams/seitan.go

View Source
const SeitanEncodedIKeyLength = 18

This is expected seitan token length, the secret "Invite Key" that is generated on one client and distributed to another via face-to- face meeting, use of a trusted courier etc.

Seitan tokens have a '+' as the fifth character. We use this to distinguish from email invite tokens (and team names). See `IsSeitany`

View Source
const SkipBoxAuditCheckContextKey contextKey = "skip-box-audit-check"
View Source
const TeamSigChainPlayerSupportedLinkVersion = 2

Variables

This section is empty.

Functions

func AcceptServerTrustInvite

func AcceptServerTrustInvite(ctx context.Context, g *libkb.GlobalContext, token string) error

func AddEmailsBulk

func AddEmailsBulk(ctx context.Context, g *libkb.GlobalContext, teamname, emails string, role keybase1.TeamRole) (res keybase1.BulkRes, err error)

func AddMember

func AddMember(ctx context.Context, g *libkb.GlobalContext, teamname, username string, role keybase1.TeamRole,
	botSettings *keybase1.TeamBotSettings) (res keybase1.TeamAddMemberResult, err error)

func AddMemberByID

func AddMemberByID(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, username string,
	role keybase1.TeamRole, botSettings *keybase1.TeamBotSettings, emailInviteMsg *string) (res keybase1.TeamAddMemberResult, err error)

func AllApplicationKeys

func AllApplicationKeys(mctx libkb.MetaContext, team Teamer,
	application keybase1.TeamApplication, latestGen keybase1.PerTeamKeyGeneration) (res []keybase1.TeamApplicationKey, err error)

func AllApplicationKeysWithKBFS

func AllApplicationKeysWithKBFS(mctx libkb.MetaContext, team Teamer,
	application keybase1.TeamApplication, latestGen keybase1.PerTeamKeyGeneration) (res []keybase1.TeamApplicationKey, err error)

func ApplicationKeyAtGeneration

func ApplicationKeyAtGeneration(mctx libkb.MetaContext, team Teamer,
	application keybase1.TeamApplication, generation keybase1.PerTeamKeyGeneration) (res keybase1.TeamApplicationKey, err error)

func ApplicationKeyAtGenerationWithKBFS

func ApplicationKeyAtGenerationWithKBFS(mctx libkb.MetaContext, team Teamer,
	application keybase1.TeamApplication, generation keybase1.PerTeamKeyGeneration) (res keybase1.TeamApplicationKey, err error)

func BackgroundPinTLFLoop

func BackgroundPinTLFLoop(m libkb.MetaContext)

func BoxAuditJailDbKey

func BoxAuditJailDbKey(mctx libkb.MetaContext) libkb.DbKey

func BoxAuditLogDbKey

func BoxAuditLogDbKey(mctx libkb.MetaContext, teamID keybase1.TeamID) libkb.DbKey

func BoxAuditQueueDbKey

func BoxAuditQueueDbKey(mctx libkb.MetaContext) libkb.DbKey

func CanUserPerform

func CanUserPerform(ctx context.Context, g *libkb.GlobalContext, teamname string) (ret keybase1.TeamOperation, err error)

func CancelEmailInvite

func CancelEmailInvite(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, email string) (err error)

func CancelInviteByID

func CancelInviteByID(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, inviteID keybase1.TeamInviteID) (err error)

func ChangeRoles

func ChangeRoles(ctx context.Context, g *libkb.GlobalContext, teamname string, req keybase1.TeamChangeReq) error

func ChangeSig

func ChangeSig(g *libkb.GlobalContext, me libkb.UserForSignatures, prev libkb.LinkID, seqno keybase1.Seqno, key libkb.GenericKey, teamSection SCTeamSection,
	linkType libkb.LinkType, merkleRoot *libkb.MerkleRoot) (*jsonw.Wrapper, error)

func ChangeTeamAvatar

func ChangeTeamAvatar(mctx libkb.MetaContext, arg keybase1.UploadTeamAvatarArg) error

func ChangeTeamSettings

func ChangeTeamSettings(ctx context.Context, g *libkb.GlobalContext, teamName string, settings keybase1.TeamSettings) error

func ChangeTeamSettingsByID

func ChangeTeamSettingsByID(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID,
	settings keybase1.TeamSettings) error

func ComputeInvitelinkDisplayName

func ComputeInvitelinkDisplayName(mctx libkb.MetaContext, team *Team, invite keybase1.TeamInvite) (name keybase1.TeamInviteDisplayName, err error)

func ComputeSeitanInviteDisplayName

func ComputeSeitanInviteDisplayName(ctx context.Context, team *Team, invite keybase1.TeamInvite) (name keybase1.TeamInviteDisplayName, err error)

func CreateImplicitTeam

func CreateImplicitTeam(ctx context.Context, g *libkb.GlobalContext, impTeam keybase1.ImplicitTeamDisplayName) (res keybase1.TeamID, teamName keybase1.TeamName, err error)
func CreateInvitelink(mctx libkb.MetaContext, teamname string,
	role keybase1.TeamRole, maxUses keybase1.TeamInviteMaxUses,
	etime *keybase1.UnixTime) (invitelink keybase1.Invitelink, err error)

func CreateRootTeam

func CreateRootTeam(ctx context.Context, g *libkb.GlobalContext, nameString string, settings keybase1.TeamSettings) (res *keybase1.TeamID, err error)

func CreateSubteam

func CreateSubteam(ctx context.Context, g *libkb.GlobalContext, subteamBasename string,
	parentName keybase1.TeamName, addSelfAs keybase1.TeamRole) (ret *keybase1.TeamID, err error)

func CreateTLF

func CreateTLF(ctx context.Context, g *libkb.GlobalContext, arg keybase1.CreateTLFArg) (err error)

CreateTLF is called by KBFS when a TLF ID is associated with an implicit team. Should work on either named or implicit teams.

func Details

func Details(ctx context.Context, g *libkb.GlobalContext, name string) (res keybase1.TeamDetails, err error)

func EditMember

func EditMember(ctx context.Context, g *libkb.GlobalContext, teamname, username string,
	role keybase1.TeamRole, botSettings *keybase1.TeamBotSettings) error

func EditMemberByID

func EditMemberByID(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID,
	username string, role keybase1.TeamRole, botSettings *keybase1.TeamBotSettings) error

func FindAssertionsInTeamNoResolve

func FindAssertionsInTeamNoResolve(mctx libkb.MetaContext, teamID keybase1.TeamID, assertions []string) (ret []string, err error)

func FixupTeamGetError

func FixupTeamGetError(ctx context.Context, g *libkb.GlobalContext, e error, teamDescriptor string, publicTeam bool) error

func ForceMerkleRootUpdateByTeamID

func ForceMerkleRootUpdateByTeamID(mctx libkb.MetaContext, teamID keybase1.TeamID) error

func FormatImplicitTeamDisplayName

func FormatImplicitTeamDisplayName(ctx context.Context, g *libkb.GlobalContext, impTeamName keybase1.ImplicitTeamDisplayName) (string, error)

func FormatImplicitTeamDisplayNameWithUserFront

func FormatImplicitTeamDisplayNameWithUserFront(ctx context.Context, g *libkb.GlobalContext, impTeamName keybase1.ImplicitTeamDisplayName, frontName libkb.NormalizedUsername) (string, error)

Format an implicit display name, but order the specified username first in each of the writer and reader lists if it appears.

func FreezeTeam

func FreezeTeam(mctx libkb.MetaContext, teamID keybase1.TeamID) error
func GenerateSeitanIKeyInvitelink() (ikey keybase1.SeitanIKeyInvitelink, err error)

func GenerateSeitanSignatureMessage

func GenerateSeitanSignatureMessage(uid keybase1.UID, eldestSeqno keybase1.Seqno, inviteID SCTeamInviteID, time keybase1.Time) (payload []byte, err error)

func GetAndVerifyPerTeamKey

func GetAndVerifyPerTeamKey(mctx libkb.MetaContext, team Teamer, gen keybase1.PerTeamKeyGeneration) (ret keybase1.PerTeamKeySeedItem, err error)

Get a PTK seed and verify against the sigchain that is the correct key.

func GetAnnotatedInvitesAndMembersForUI

func GetAnnotatedInvitesAndMembersForUI(mctx libkb.MetaContext, team *Team,
) (members []keybase1.TeamMemberDetails, annotatedInvites []keybase1.AnnotatedTeamInvite, err error)

GetAnnotatedInvitesAndMembersForUI returns annotated invites and members lists from the sigchain, except that Keybase-type invites are treated as team members. This is for the purpose of collecting them together in the UI.

func GetAnnotatedTeam

func GetAnnotatedTeam(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID) (res keybase1.AnnotatedTeam, err error)

GetAnnotatedTeam bundles up various data, both on and off chain, about a specific team for consumption by the UI. In particular, it supplies almost all of the information on a team's subpage in the Teams tab. It always repolls to ensure latest version of a team, but member infos (username, full name, if they reset or not) are subject to UIDMapper caching.

func GetAnnotatedTeamByName

func GetAnnotatedTeamByName(ctx context.Context, g *libkb.GlobalContext, teamName string) (res keybase1.AnnotatedTeam, err error)

func GetBotSettings

func GetBotSettings(ctx context.Context, g *libkb.GlobalContext,
	teamname, username string) (res keybase1.TeamBotSettings, err error)

func GetBotSettingsByID

func GetBotSettingsByID(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID,
	username string) (res keybase1.TeamBotSettings, err error)

func GetInviteLinkDetails

func GetInviteLinkDetails(mctx libkb.MetaContext, inviteID keybase1.TeamInviteID) (info keybase1.InviteLinkDetails, err error)

func GetKBFSTeamSettings

func GetKBFSTeamSettings(ctx context.Context, g *libkb.GlobalContext, isPublic bool, teamID keybase1.TeamID) (res keybase1.KBFSTeamSettings, err error)

func GetTarsDisabled

func GetTarsDisabled(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID) (bool, error)

func GetTeamAndMemberShowcase

func GetTeamAndMemberShowcase(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID) (ret keybase1.TeamAndMemberShowcase,
	err error)

func GetTeamIDByNameRPC

func GetTeamIDByNameRPC(mctx libkb.MetaContext, teamName string) (res keybase1.TeamID, err error)

func GetTeamShowcase

func GetTeamShowcase(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID) (ret keybase1.TeamShowcase, err error)

func GetUntrustedTeamExists

func GetUntrustedTeamExists(mctx libkb.MetaContext, name keybase1.TeamName) (teamExistsResult keybase1.UntrustedTeamExistsResult, err error)

func GetUntrustedTeamInfo

func GetUntrustedTeamInfo(mctx libkb.MetaContext, name keybase1.TeamName) (info keybase1.UntrustedTeamInfo, err error)

func HandleChangeNotification

func HandleChangeNotification(ctx context.Context, g *libkb.GlobalContext, rows []keybase1.TeamChangeRow, changes keybase1.TeamChangeSet) (err error)

func HandleDeleteNotification

func HandleDeleteNotification(ctx context.Context, g *libkb.GlobalContext, rows []keybase1.TeamChangeRow) (err error)

func HandleExitNotification

func HandleExitNotification(ctx context.Context, g *libkb.GlobalContext, rows []keybase1.TeamExitRow) (err error)

func HandleForceRepollNotification

func HandleForceRepollNotification(ctx context.Context, g *libkb.GlobalContext, dtime gregor.TimeOrOffset) error

func HandleNewlyAddedToTeamNotification

func HandleNewlyAddedToTeamNotification(ctx context.Context, g *libkb.GlobalContext, rows []keybase1.TeamNewlyAddedRow) (err error)

func HandleOpenTeamAccessRequest

func HandleOpenTeamAccessRequest(ctx context.Context, g *libkb.GlobalContext, msg keybase1.TeamOpenReqMsg) (err error)

func HandleOpenTeamSweepRequest

func HandleOpenTeamSweepRequest(ctx context.Context, g *libkb.GlobalContext, msg keybase1.TeamOpenSweepMsg) (err error)

func HandleRotateRequest

func HandleRotateRequest(ctx context.Context, g *libkb.GlobalContext, msg keybase1.TeamCLKRMsg) (err error)

func HandleSBSRequest

func HandleSBSRequest(ctx context.Context, g *libkb.GlobalContext, msg keybase1.TeamSBSMsg) (err error)

func HandleTeamMemberShowcaseChange

func HandleTeamMemberShowcaseChange(ctx context.Context, g *libkb.GlobalContext) (err error)

func HandleTeamSeitan

func HandleTeamSeitan(ctx context.Context, g *libkb.GlobalContext, msg keybase1.TeamSeitanMsg) (err error)

func HintLatestHiddenSeqno

func HintLatestHiddenSeqno(m libkb.MetaContext, id keybase1.TeamID, n keybase1.Seqno) error

func HintLatestSeqno

func HintLatestSeqno(m libkb.MetaContext, id keybase1.TeamID, n keybase1.Seqno) error

func IgnoreRequest

func IgnoreRequest(ctx context.Context, g *libkb.GlobalContext, teamName, username string) error

func InviteEmailPhoneMember

func InviteEmailPhoneMember(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, name string, typ string, role keybase1.TeamRole) error

func IsNewStyleInvite

func IsNewStyleInvite(invite keybase1.TeamInvite) (bool, error)

NewStyle invites are completed in the `used_invites` field in the change membership link, can optionally specify an expiration time, and a maximum number of uses (potentially infinite).

func IsSeitany

func IsSeitany(s string) bool

IsSeitany is a very conservative check of whether a given string looks like a Seitan token. We want to err on the side of considering strings Seitan tokens, since we don't mistakenly want to send botched Seitan tokens to the server.

func IsTeamReadError

func IsTeamReadError(err error) bool

func KeySummary

func KeySummary(t Teamer) string

func KnownTeamIDs

func KnownTeamIDs(mctx libkb.MetaContext) (teamIDs []keybase1.TeamID, err error)

func Leave

func Leave(ctx context.Context, g *libkb.GlobalContext, teamname string, permanent bool) error

func LeaveByID

func LeaveByID(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, permanent bool) error

func ListMyAccessRequests

func ListMyAccessRequests(ctx context.Context, g *libkb.GlobalContext, teamName *string) (res []keybase1.TeamName, err error)

func ListRequests

func ListRequests(ctx context.Context, g *libkb.GlobalContext, teamName *string) ([]keybase1.TeamJoinRequest, error)

Lists all requests in all of user-owned teams or a single team and tries to resolve their full names.

Full names are not guaranteed to be present in the response. Given a large enough volume of access requests by unknown (to us) users, it's possible to run into a scenario where resolving thousands of username bundles would take longer than the 10s.

func ListSubteamsRecursive

func ListSubteamsRecursive(ctx context.Context, g *libkb.GlobalContext,
	parentTeamName string, forceRepoll bool) (res []keybase1.TeamIDAndName, err error)

func ListSubteamsUnverified

func ListSubteamsUnverified(mctx libkb.MetaContext, name keybase1.TeamName) (res keybase1.SubteamListResult, err error)

func LoadTeamPlusApplicationKeys

func LoadTeamPlusApplicationKeys(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID,
	application keybase1.TeamApplication, refreshers keybase1.TeamRefreshers, includeKBFSKeys bool) (res keybase1.TeamPlusApplicationKeys, err error)

func LookupImplicitTeamIDUntrusted

func LookupImplicitTeamIDUntrusted(ctx context.Context, g *libkb.GlobalContext, displayName string,
	public bool) (res keybase1.TeamID, err error)

func MapImplicitTeamIDToDisplayName

func MapImplicitTeamIDToDisplayName(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID, isPublic bool) (folder keybase1.Folder, err error)

func MemberRole

func MemberRole(ctx context.Context, g *libkb.GlobalContext, teamname, username string) (role keybase1.TeamRole, err error)

func MemberRoleFromID

func MemberRoleFromID(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, username string) (role keybase1.TeamRole, err error)

func MembersDetails

func MembersDetails(ctx context.Context, g *libkb.GlobalContext, t *Team) (ret []keybase1.TeamMemberDetails, err error)

func NewAdminPermissionRequiredError

func NewAdminPermissionRequiredError() error

func NewAttemptedInviteSocialOwnerError

func NewAttemptedInviteSocialOwnerError(assertion string) error

func NewAuditError

func NewAuditError(format string, args ...interface{}) error

func NewAuditorAndInstall

func NewAuditorAndInstall(g *libkb.GlobalContext)

NewAuditorAndInstall makes a new Auditor and dangles it off of the given GlobalContext.

func NewBadPublicError

func NewBadPublicError(id keybase1.TeamID, isPublic bool) error

func NewBoxAuditorAndInstall

func NewBoxAuditorAndInstall(g *libkb.GlobalContext)

func NewCompoundInviteError

func NewCompoundInviteError(s string) error

func NewExplicitTeamOperationError

func NewExplicitTeamOperationError(m string) error

func NewFTLMissingSeedError

func NewFTLMissingSeedError(g keybase1.PerTeamKeyGeneration) error

func NewFastLoadError

func NewFastLoadError(format string, args ...interface{}) error

func NewGreenLinkError

func NewGreenLinkError(seqno keybase1.Seqno) error

func NewImplicitAdminCannotLeaveError

func NewImplicitAdminCannotLeaveError() error

func NewImplicitTeamCacheAndInstall

func NewImplicitTeamCacheAndInstall(g *libkb.GlobalContext)

func NewImplicitTeamConflictInfoCache

func NewImplicitTeamConflictInfoCache(g *libkb.GlobalContext) *lru.Cache

func NewImplicitTeamConflictInfoCacheAndInstall

func NewImplicitTeamConflictInfoCacheAndInstall(g *libkb.GlobalContext)

func NewImplicitTeamName

func NewImplicitTeamName() (res keybase1.TeamName, err error)

func NewImplicitTeamOperationError

func NewImplicitTeamOperationError(format string, args ...interface{}) error

func NewKeyMaskNotFoundErrorForApplication

func NewKeyMaskNotFoundErrorForApplication(a keybase1.TeamApplication) libkb.KeyMaskNotFoundError

func NewMapAncestorsError

func NewMapAncestorsError(err error, failedLoadingAtAncestorIdx int) error

func NewMemberNotFoundInChainError

func NewMemberNotFoundInChainError(err error) error

func NewMixedServerTrustAssertionError

func NewMixedServerTrustAssertionError() error

func NewNotExplicitMemberOfSubteamError

func NewNotExplicitMemberOfSubteamError() error

func NewPrecheckAppendError

func NewPrecheckAppendError(inner error) error

func NewPrecheckStructuralError

func NewPrecheckStructuralError(message string, inner error) error

func NewPrevError

func NewPrevError(format string, args ...interface{}) error

func NewSubteamID

func NewSubteamID(public bool) keybase1.TeamID

15 random bytes, followed by the byte 0x25, encoded as hex

func NewSubteamOwnersError

func NewSubteamOwnersError() error

func NewSubteamSig

func NewSubteamSig(mctx libkb.MetaContext, me libkb.UserForSignatures, key libkb.GenericKey, parentTeam *TeamSigChainState, subteamName keybase1.TeamName, subteamID keybase1.TeamID, admin *SCTeamAdmin) (*jsonw.Wrapper, *hidden.Ratchet, error)

func NewTeamDeletedError

func NewTeamDeletedError() error

func NewTeamDoesNotExistError

func NewTeamDoesNotExistError(public bool, format string, args ...interface{}) error

func NewTeamRoleMapManagerAndInstall

func NewTeamRoleMapManagerAndInstall(g *libkb.GlobalContext)

func NewTeamTombstonedError

func NewTeamTombstonedError() error

func NewUnsupportedLinkTypeError

func NewUnsupportedLinkTypeError(outerType libkb.SigchainV2Type, innerType string) error

func NewUserHasNotResetError

func NewUserHasNotResetError(format string, args ...interface{}) error

func NewUserVersion

func NewUserVersion(uid keybase1.UID, eldestSeqno keybase1.Seqno) keybase1.UserVersion

Create a new user/version pair.

func ParseAndAcceptSeitanToken

func ParseAndAcceptSeitanToken(mctx libkb.MetaContext, ui keybase1.TeamsUiInterface,
	tok string) (wasSeitan bool, err error)

func ParseIKeyInvitelinkFromString

func ParseIKeyInvitelinkFromString(token string) (ikey keybase1.SeitanIKeyInvitelink, err error)

func ParseSeitanTokenFromPaste

func ParseSeitanTokenFromPaste(token string) (parsed string, isSeitany bool)

Returns the string that might be the token, and whether the content looked like a token paste.

func ProfileTeamLoad

func ProfileTeamLoad(mctx libkb.MetaContext, arg keybase1.LoadTeamArg) (res keybase1.ProfileTeamLoadRes, err error)

func PurgeResolverTeamID

func PurgeResolverTeamID(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID) error

func ReAddMemberAfterReset

func ReAddMemberAfterReset(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID,
	username string) (err error)

func RemoveMember

func RemoveMember(ctx context.Context, g *libkb.GlobalContext, teamName string, username string) error

RemoveMember removes members by username or assertions. For a function that can handle removal from subteams and inviteIDs, see RemoveMemberSingle and RemoveMembers.

func RemoveMemberByID

func RemoveMemberByID(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, username string) error

func RemoveMemberSingle

func RemoveMemberSingle(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID,
	member keybase1.TeamMemberToRemove) (err error)

func RemoveMembers

func RemoveMembers(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID,
	members []keybase1.TeamMemberToRemove, shouldNotErrorOnPartialFailure bool,
) (res keybase1.TeamRemoveMembersResult, err error)

func RenameSubteam

func RenameSubteam(ctx context.Context, g *libkb.GlobalContext, prevName keybase1.TeamName, newName keybase1.TeamName) error

func RenameSubteamSig

func RenameSubteamSig(g *libkb.GlobalContext, me libkb.UserForSignatures, key libkb.GenericKey, parentTeam *TeamSigChainState, teamSection SCTeamSection) (*jsonw.Wrapper, error)

func RenameUpPointerSig

func RenameUpPointerSig(g *libkb.GlobalContext, me libkb.UserForSignatures, key libkb.GenericKey, subteam *TeamSigChainState, teamSection SCTeamSection) (*jsonw.Wrapper, error)

func ResolveIDToName

func ResolveIDToName(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID) (name keybase1.TeamName, err error)

ResolveIDToName takes a team ID and resolves it to a name. It can use server-assist but always cryptographically checks the result.

func ResolveIDToNameForceRefresh

func ResolveIDToNameForceRefresh(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID) (name keybase1.TeamName, err error)

ResolveIDToNameForceRefresh is like ResolveIDToName but forces a refresh of the FTL cache.

func ResolveImplicitTeamDisplayName

func ResolveImplicitTeamDisplayName(ctx context.Context, g *libkb.GlobalContext,
	name string, public bool) (res keybase1.ImplicitTeamDisplayName, err error)

Resolve assertions in an implicit team display name and verify the result. Resolve an implicit team name with assertions like "alice,bob+bob@twitter#char (conflicted copy 2017-03-04 #1)" Into "alice,bob#char (conflicted copy 2017-03-04 #1)" The input can contain compound assertions, but if compound assertions are left unresolved, an error will be returned.

func ResolveImplicitTeamSetUntrusted

func ResolveImplicitTeamSetUntrusted(ctx context.Context, g *libkb.GlobalContext,
	sourceAssertions []libkb.AssertionExpression, resSet *keybase1.ImplicitTeamUserSet, resolvedAssertions *[]libkb.ResolvedAssertion) error

Try to resolve implicit team members. Modifies the arguments `resSet` and appends to `resolvedAssertions`. For each assertion in `sourceAssertions`, try to resolve them.

If they resolve, add the username to `resSet` and the assertion to `resolvedAssertions`.
If they don't resolve, add the SocialAssertion to `resSet`, but nothing to `resolvedAssertions`.

func ResolveNameToID

func ResolveNameToID(ctx context.Context, g *libkb.GlobalContext, name keybase1.TeamName) (id keybase1.TeamID, err error)

ResolveNameToID takes a team name and resolves it to a team ID. It can use server-assist but always cryptographically checks the result.

func ResolveNameToIDForceRefresh

func ResolveNameToIDForceRefresh(ctx context.Context, g *libkb.GlobalContext, name keybase1.TeamName) (id keybase1.TeamID, err error)

ResolveNameToIDForceRefresh is just like ResolveNameToID but it forces a refresh.

func RetryIfPossible

func RetryIfPossible(ctx context.Context, g *libkb.GlobalContext, post func(ctx context.Context, attempt int) error) (err error)

Try to run `post` (expected to post new team sigchain links). Retry it several times if it fails due to being behind the latest team sigchain state or due to other retryable errors. Passes the attempt number (initially 0) to `post`.

func RotateKey

func RotateKey(ctx context.Context, g *libkb.GlobalContext, arg keybase1.TeamRotateKeyArg) (err error)

func RotateKeyVisible

func RotateKeyVisible(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID) error

func SendChatInviteWelcomeMessage

func SendChatInviteWelcomeMessage(ctx context.Context, g *libkb.GlobalContext, team string,
	category keybase1.TeamInviteCategory, inviter, invitee keybase1.UID, role keybase1.TeamRole) (res bool)

func SendChatSBSResolutionMessage

func SendChatSBSResolutionMessage(ctx context.Context, g *libkb.GlobalContext,
	team, assertionUser, assertionService string,
	prover keybase1.UID) (res bool)

func SendTeamChatChangeAvatar

func SendTeamChatChangeAvatar(mctx libkb.MetaContext, team, username string) bool

func SendTeamChatCreateMessage

func SendTeamChatCreateMessage(ctx context.Context, g *libkb.GlobalContext, team, creator string) bool

func SendTeamChatWelcomeMessage

func SendTeamChatWelcomeMessage(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, team,
	user string, membersType chat1.ConversationMembersType, role keybase1.TeamRole) (err error)

func ServiceInit

func ServiceInit(g *libkb.GlobalContext)

func SetBotSettings

func SetBotSettings(ctx context.Context, g *libkb.GlobalContext, teamname, username string,
	botSettings keybase1.TeamBotSettings) error

func SetBotSettingsByID

func SetBotSettingsByID(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID,
	username string, botSettings keybase1.TeamBotSettings) error

func SetRoleAdmin

func SetRoleAdmin(ctx context.Context, g *libkb.GlobalContext, teamname, username string) error

func SetRoleBot

func SetRoleBot(ctx context.Context, g *libkb.GlobalContext, teamname, username string) error

func SetRoleOwner

func SetRoleOwner(ctx context.Context, g *libkb.GlobalContext, teamname, username string) error

func SetRoleReader

func SetRoleReader(ctx context.Context, g *libkb.GlobalContext, teamname, username string) error

func SetRoleRestrictedBot

func SetRoleRestrictedBot(ctx context.Context, g *libkb.GlobalContext, teamname, username string,
	botSettings keybase1.TeamBotSettings) error

func SetRoleWriter

func SetRoleWriter(ctx context.Context, g *libkb.GlobalContext, teamname, username string) error

func SetTarsDisabled

func SetTarsDisabled(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID, disabled bool) error

func SetTeamMemberShowcase

func SetTeamMemberShowcase(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, isShowcased bool) error

func SetTeamShowcase

func SetTeamShowcase(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, isShowcased *bool,
	description *string, anyMemberShowcase *bool) error

func ShouldRunBoxAudit

func ShouldRunBoxAudit(mctx libkb.MetaContext) bool

func ShouldSuppressLogging

func ShouldSuppressLogging(ctx context.Context) bool

func SubteamHeadSig

func SubteamHeadSig(g *libkb.GlobalContext, me libkb.UserForSignatures, key libkb.GenericKey, subteamTeamSection SCTeamSection, merkleRoot libkb.MerkleRoot) (*jsonw.Wrapper, error)

func TeamDebug

func TeamDebug(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID) (res keybase1.TeamDebugRes, err error)

func TeamInviteTypeFromString

func TeamInviteTypeFromString(mctx libkb.MetaContext, inviteTypeStr string) (keybase1.TeamInviteType, error)

func TeamProfileAddList

func TeamProfileAddList(ctx context.Context, g *libkb.GlobalContext, username string) (res []keybase1.TeamProfileAddEntry, err error)

func TeamRootSig

func TeamRootSig(g *libkb.GlobalContext, me libkb.UserForSignatures, key libkb.GenericKey, teamSection SCTeamSection, merkleRoot libkb.MerkleRoot) (*jsonw.Wrapper, error)

func TombstoneTeam

func TombstoneTeam(mctx libkb.MetaContext, teamID keybase1.TeamID) error

func TryDecryptWithTeamKey

func TryDecryptWithTeamKey(mctx libkb.MetaContext, arg keybase1.TryDecryptWithTeamKeyArg) (ret []byte, err error)

func UpgradeTLFIDToImpteam

func UpgradeTLFIDToImpteam(ctx context.Context, g *libkb.GlobalContext, tlfName string, tlfID keybase1.TLFID,
	public bool, appType keybase1.TeamApplication, cryptKeys []keybase1.CryptKey) (err error)

func UseRKMForApp

func UseRKMForApp(application keybase1.TeamApplication) bool

func VerifyBoxAudit

func VerifyBoxAudit(mctx libkb.MetaContext, teamID keybase1.TeamID) (newMctx libkb.MetaContext, shouldReload bool)

func VerifySeitanSignatureMessage

func VerifySeitanSignatureMessage(pubKey SeitanPubKey, msg []byte, sig SeitanSig) error

func WithSuppressLogging

func WithSuppressLogging(ctx context.Context, suppress bool) context.Context

Types

type AddMemberCandidate

type AddMemberCandidate struct {
	SourceAssertion string

	// Assertion parsing results:
	Full   libkb.AssertionExpression // always set
	Single libkb.AssertionURL        // not nil if assertion was a single (not compound)

	// If resolved to a Keybase user, KeybaseUser is non-nil.
	KeybaseUser *keybase1.UserPlusKeysV2
}

AddMemberCandidate is created by ResolveUPKV2FromAssertion and should be passed to AddOrInviteMemberCandidate.

func (AddMemberCandidate) DebugString

func (a AddMemberCandidate) DebugString() string

type AddMemberTx

type AddMemberTx struct {

	// Allow adding users who do not have active Per User Key. Users without
	// PUK will be added using a 'team.invite' link with type='keybase'
	// invites.
	//
	// If this setting is 'false' (which is the default), it forces AddMemberTx
	// to never add type='keybase' invites, and only `team.change_membership`
	// is allowed for adding Keybase users as members. Calls to AddMember*
	// functions that with a user that does not have a PUK result in an error.
	AllowPUKless bool

	// Do not return an error when trying to "add a member" who is already
	// member of the team but has a different role.
	//
	// This does not affect team invites (including PUK-less users). For
	// simplicity, their role can't be changed using AddMemberTx right now.
	AllowRoleChanges bool

	// Override whether the team key is rotated.
	SkipKeyRotation *bool

	// EmailInviteMsg is used for sending a welcome message in email invites
	EmailInviteMsg *string
	// contains filtered or unexported fields
}

AddMemberTx helps build a transaction that may contain multiple team sigchain links. The caller can use the transaction to add users to a team whether they be PUKful or PUKless users, social or server-trust assertions.

Behind the scenes cryptomembers and invites may be removed if they are for stale versions of the addees.

Not thread-safe.

func CreateAddMemberTx

func CreateAddMemberTx(t *Team) *AddMemberTx

func (*AddMemberTx) AddMemberBySBS

func (tx *AddMemberTx) AddMemberBySBS(ctx context.Context, invitee keybase1.TeamInvitee, role keybase1.TeamRole) (err error)

AddMemberBySBS is very similar in what it does to addMemberByUPKV2 (or AddMemberBy* family of functions), but it has easier job because it only adds cryptomembers and fails on PUKless users. It also sets invite referenced by `invitee.InviteID` as Completed by UserVersion from `invitee` in the same ChangeMembership link that adds the user to the team.

AddMemberBySBS assumes that member role is already checked by the caller, so it might generate invalid signature if invitee is already a member with same role.

func (*AddMemberTx) AddMemberByUV

func (tx *AddMemberTx) AddMemberByUV(ctx context.Context, uv keybase1.UserVersion, role keybase1.TeamRole,
	botSettings *keybase1.TeamBotSettings) (err error)

AddMemberByUV will add member by UV and role. It checks if given UV is valid (that we don't have outdated EldestSeqno), and if user has PUK, and if not, it properly handles that by adding Keybase-type invite. It also cleans up old invites and memberships.

func (*AddMemberTx) AddMemberByUsername

func (tx *AddMemberTx) AddMemberByUsername(ctx context.Context, username string, role keybase1.TeamRole,
	botSettings *keybase1.TeamBotSettings) (err error)

AddMemberByUsername will add member by username and role. It checks if given username can become crypto member or a PUKless member. It will also clean up old invites and memberships if necessary.

func (*AddMemberTx) AddOrInviteMemberByAssertion

func (tx *AddMemberTx) AddOrInviteMemberByAssertion(ctx context.Context, assertion string, role keybase1.TeamRole, botSettings *keybase1.TeamBotSettings) (
	username libkb.NormalizedUsername, uv keybase1.UserVersion, invite bool, err error)

AddOrInviteMemberByAssertion adds an assertion to the team. It can handle three major cases:

  1. joe OR joe+foo@reddit WHERE joe is already a keybase user, or the assertions map to a unique Keybase user
  2. joe@reddit WHERE joe isn't a keybase user, and this is a social invitations
  3. [bob@gmail.com]@email WHERE server-trust resolution is performed and either TOFU invite is created or resolved member is added. Same works with `@phone`.

**Does** attempt to resolve the assertion, to distinguish between case (1), case (2) and an error The return values (uv, username) can both be zero-valued if the assertion is not a Keybase user.

func (*AddMemberTx) AddOrInviteMemberCandidate

func (tx *AddMemberTx) AddOrInviteMemberCandidate(ctx context.Context, candidate AddMemberCandidate, role keybase1.TeamRole, botSettings *keybase1.TeamBotSettings) (
	username libkb.NormalizedUsername, uv keybase1.UserVersion, invite bool, err error)

AddOrInviteMemberCandidate adds a member using AddMemberCandidate struct that can be obtained by calling ResolveUPKV2FromAssertion with assertion string.

func (*AddMemberTx) CanConsumeInvite

func (tx *AddMemberTx) CanConsumeInvite(ctx context.Context, inviteID keybase1.TeamInviteID) error

CanConsumeInvite checks if invite can be used. Has to be called before calling `ConsumeInviteByID` with that invite ID. Does not modify the transaction. When handling team invites, it should be called before `ConsumeInviteByID` to assert that invite is still usable (new-style invites may be expired or exceeded).

func (*AddMemberTx) CancelInvite

func (tx *AddMemberTx) CancelInvite(id keybase1.TeamInviteID, forUID keybase1.UID)

func (*AddMemberTx) CompleteSocialInvitesFor

func (tx *AddMemberTx) CompleteSocialInvitesFor(ctx context.Context, uv keybase1.UserVersion, username string) (err error)

CompleteSocialInvitesFor finds all proofs for `uv` and tries to match them with active social invites in the team. Any invite that matches the proofs and can therefore be "completed" by adding `uv` to the team is marked as completed.

The purpose of this function is to complete social invites when user is being added outside of SBS handling. There are two cases in which this function completes an invite:

  1. An admin is racing SBS handler by adding a user after they add a proof but before server sends out SBS notifications.
  2. There was more than one social invite that resolved to the same user
  3. ...or other cases (or bugs) when there are outstanding invites that resolve to a user but they were not added through SBS handler.

Note that (2) is likely still not handled correctly if there are social invites that someone who is already in the team adds proofs for.

func (*AddMemberTx) ConsumeInviteByID

func (tx *AddMemberTx) ConsumeInviteByID(ctx context.Context, inviteID keybase1.TeamInviteID, uv keybase1.UserVersion) error

ConsumeInviteByID finds a change membership payload and either sets "completed invite" or adds am "used invite". `CanConsumeInvite` has to be called before this function.

func (*AddMemberTx) DebugPayloads

func (tx *AddMemberTx) DebugPayloads() (res []interface{})

func (*AddMemberTx) IsEmpty

func (tx *AddMemberTx) IsEmpty() bool

func (*AddMemberTx) Post

func (tx *AddMemberTx) Post(mctx libkb.MetaContext) (err error)

func (*AddMemberTx) ReAddMemberToImplicitTeam

func (tx *AddMemberTx) ReAddMemberToImplicitTeam(ctx context.Context, uv keybase1.UserVersion, hasPUK bool, role keybase1.TeamRole,
	botSettings *keybase1.TeamBotSettings) error

func (*AddMemberTx) ResolveUPKV2FromAssertion

func (tx *AddMemberTx) ResolveUPKV2FromAssertion(m libkb.MetaContext, assertion string) (ret AddMemberCandidate, err error)

ResolveUPKV2FromAssertion creates an AddMemberCandidate struct by parsing and attempting to resolve an assertion. This result can be then passed to AddOrInviteMemberCandidate to queue adding that person in the transaction. ResolveUPKV2FromAssertion itself does not modify the transaction.

If your use case is:

  • you have an assertion,
  • that should be resolved,
  • and based on the resolution it should either add it to the transaction or not,

this is the way to go.

See documentation of AddOrInviteMemberByAssertion to find out what assertion types are supported.

AddOrInviteMemberByAssertion does the same thing internally, but you don't get to check resolution result until after transaction is modified.

type AddMembersError

type AddMembersError struct {
	Assertion libkb.AssertionExpression
	Err       error
}

func (AddMembersError) Error

func (a AddMembersError) Error() string

type AddMembersRes

type AddMembersRes struct {
	Invite   bool                     // Whether the membership addition was an invite.
	Username libkb.NormalizedUsername // Resolved username. May be nil for social assertions.
}

func AddMembers

func AddMembers(ctx context.Context, g *libkb.GlobalContext, teamID keybase1.TeamID, users []keybase1.UserRolePair,
	emailInviteMsg *string) (added []AddMembersRes, notAdded []keybase1.User, err error)

AddMembers adds a bunch of people to a team. Assertions can contain usernames or social assertions. Adds them all in a transaction so it's all or nothing. If the first transaction fails due to TeamContactSettingsBlock error, it will remove restricted users returned by the error, and retry once. On success, returns a list where len(added) + len(noAdded) = len(assertions) and in corresponding order, with restricted users having an empty AddMembersRes.

@emailInviteMsg *string is an argument used as a welcome message in email invitations sent from the server

type AdminNotFoundError

type AdminNotFoundError struct {
	Admin SCTeamAdmin
}

func NewAdminNotFoundError

func NewAdminNotFoundError(a SCTeamAdmin) AdminNotFoundError

func (AdminNotFoundError) Error

func (e AdminNotFoundError) Error() string

type AdminPermissionError

type AdminPermissionError struct {
	TeamID      keybase1.TeamID
	UserVersion keybase1.UserVersion
	Desc        string
}

func (AdminPermissionError) Error

func (e AdminPermissionError) Error() string

type AdminPermissionRequiredError

type AdminPermissionRequiredError struct{}

func (*AdminPermissionRequiredError) Error

type AppendLinkError

type AppendLinkError struct {
	// contains filtered or unexported fields
}

func NewAppendLinkError

func NewAppendLinkError(l *ChainLinkUnpacked, prevSeqno keybase1.Seqno, inner error) AppendLinkError

func (AppendLinkError) Error

func (e AppendLinkError) Error() string

func (AppendLinkError) Unwrap

func (e AppendLinkError) Unwrap() error

type AttemptedInviteSocialOwnerError

type AttemptedInviteSocialOwnerError struct{ Msg string }

func (AttemptedInviteSocialOwnerError) Error

type AuditError

type AuditError struct {
	Msg string
}

func (AuditError) Error

func (e AuditError) Error() string

type Auditor

type Auditor struct {
	// contains filtered or unexported fields
}

func NewAuditor

func NewAuditor(g *libkb.GlobalContext) *Auditor

NewAuditor makes a new auditor

func (*Auditor) AuditTeam

func (a *Auditor) AuditTeam(m libkb.MetaContext, id keybase1.TeamID, isPublic bool, headMerkleSeqno keybase1.Seqno, chain map[keybase1.Seqno]keybase1.LinkID,
	hiddenChain map[keybase1.Seqno]keybase1.LinkID, maxSeqno keybase1.Seqno, maxHiddenSeqno keybase1.Seqno,
	lastMerkleRoot *libkb.MerkleRoot, auditMode keybase1.AuditMode) (err error)

AuditTeam runs an audit on the links of the given team chain (or team chain suffix). The security factor of the audit is a function of the hardcoded parameters above, and the amount of time since the last audit. This method should use some sort of long-lived cache (via local DB) so that previous audits can be combined with the current one. headMerkleSeqno is is the Merkle Root claimed in the head of the team. maxSeqno is the maximum seqno of the chainLinks passed; that is, the highest Seqno for which chain[s] is defined.

func (*Auditor) OnDbNuke

func (a *Auditor) OnDbNuke(mctx libkb.MetaContext) error

func (*Auditor) OnLogout

func (a *Auditor) OnLogout(mctx libkb.MetaContext) error

type BadNameError

type BadNameError struct {
	Msg string
}

func NewBadNameError

func NewBadNameError(s string) BadNameError

func (BadNameError) Error

func (b BadNameError) Error() string

type BadPublicError

type BadPublicError struct {
	// contains filtered or unexported fields
}

func (BadPublicError) Error

func (e BadPublicError) Error() string

type BoxAudit

type BoxAudit struct {
	ID       BoxAuditID
	Attempts []keybase1.BoxAuditAttempt
}

BoxAudit is a single sequence of audit attempts for a single team.

type BoxAuditID

type BoxAuditID = []byte

func NewBoxAuditID

func NewBoxAuditID() (BoxAuditID, error)

type BoxAuditJail

type BoxAuditJail struct {
	TeamIDs map[keybase1.TeamID]bool
	Version boxAuditVersion
}

BoxAuditJail contains TeamIDs that have hit a fatal audit failure or the max number of retryable audit failures. Teams in jail will not be reaudited unless they are explicitly loaded by the fast or slow team loaders.

func NewBoxAuditJail

func NewBoxAuditJail(version boxAuditVersion) *BoxAuditJail

type BoxAuditLog

type BoxAuditLog struct {
	// The last entry of Audits is the latest one.
	Audits []BoxAudit

	// Whether the last Audit is still in progress; false initially.
	InProgress bool

	Version boxAuditVersion
}

BoxAuditLog is a log of audits for a particular team.

func NewBoxAuditLog

func NewBoxAuditLog(version boxAuditVersion) *BoxAuditLog

func (*BoxAuditLog) Last

func (l *BoxAuditLog) Last() *BoxAudit

type BoxAuditQueue

type BoxAuditQueue struct {
	Items   []BoxAuditQueueItem
	Version boxAuditVersion
}

BoxAuditQueue holds a list of teams that need to be reaudited, because the previously failed an audit. When a team does pass an audit, it is removed from the queue.

func NewBoxAuditQueue

func NewBoxAuditQueue(version boxAuditVersion) *BoxAuditQueue

type BoxAuditQueueItem

type BoxAuditQueueItem struct {
	Ctime      time.Time
	TeamID     keybase1.TeamID
	BoxAuditID BoxAuditID
}

type BoxAuditor

type BoxAuditor struct {
	Version boxAuditVersion
	// contains filtered or unexported fields
}

BoxAuditor ensures all of a team's secret boxes are encrypted for the right people, and that the server has not neglected to notify a team to rotate their keys in the event of a user revoking a device or resetting their account. Security depends on the security of the Merkle tree so we know the current status of all the team's members. BoxAuditor operations are thread-safe and can be run concurrently for many teams. Security also relies on team members and the Keybase server not colluding together to sign box summary hashes into the sigchain that don't match what was actually encrypted (which is somewhat trivial, since members can leak the secret if they want regardless of server cooperation).

func NewBoxAuditor

func NewBoxAuditor(g *libkb.GlobalContext) *BoxAuditor

func (*BoxAuditor) AssertUnjailedOrReaudit

func (a *BoxAuditor) AssertUnjailedOrReaudit(mctx libkb.MetaContext, teamID keybase1.TeamID) (didReaudit bool, err error)

func (*BoxAuditor) Attempt

func (a *BoxAuditor) Attempt(mctx libkb.MetaContext, teamID keybase1.TeamID, rotateBeforeAudit bool) (attempt keybase1.BoxAuditAttempt)

Attempt tries one time to box audit a Team ID. It does not store any persistent state to disk related to the box audit, but it may, e.g., refresh the team cache.

func (*BoxAuditor) BoxAuditRandomTeam

func (a *BoxAuditor) BoxAuditRandomTeam(mctx libkb.MetaContext) (attempt *keybase1.BoxAuditAttempt, err error)

BoxAuditRandomTeam selects a random known team from the slow team or FTL cache, including implicit teams, and audits it. It may succeed trivially because, for example, user is a reader and so does not have permissions to do a box audit or the team is an open team.

func (*BoxAuditor) BoxAuditTeam

func (a *BoxAuditor) BoxAuditTeam(mctx libkb.MetaContext, teamID keybase1.TeamID) (attempt *keybase1.BoxAuditAttempt, err error)

BoxAuditTeam performs one attempt of a BoxAudit. If one is in progress for the teamid, make a new attempt. If exceeded max tries or hit a malicious error, return a fatal error. Otherwise, make a new audit and fill it with one attempt. If the attempt failed nonfatally, enqueue it in the retry queue. If it failed fatally, add it to the jail. If it failed for reasons that are purely client-side, like a disk write error, we retry it as well but distinguish it from a failure the server could have possibly maliciously caused.

func (*BoxAuditor) IsInJail

func (a *BoxAuditor) IsInJail(mctx libkb.MetaContext, teamID keybase1.TeamID) (inJail bool, err error)

func (*BoxAuditor) MaybeScheduleDelayedBoxAuditTeam

func (a *BoxAuditor) MaybeScheduleDelayedBoxAuditTeam(mctx libkb.MetaContext, teamID keybase1.TeamID)

func (*BoxAuditor) OnDbNuke

func (a *BoxAuditor) OnDbNuke(mctx libkb.MetaContext) error

func (*BoxAuditor) OnLogout

func (a *BoxAuditor) OnLogout(mctx libkb.MetaContext) error

func (*BoxAuditor) RetryNextBoxAudit

func (a *BoxAuditor) RetryNextBoxAudit(mctx libkb.MetaContext) (attempt *keybase1.BoxAuditAttempt, err error)

RetryNextBoxAudit selects a teamID from the box audit retry queue and performs another box audit.

type BoxRaceError

type BoxRaceError struct {
	// contains filtered or unexported fields
}

func (BoxRaceError) Error

func (e BoxRaceError) Error() string

func (BoxRaceError) IsStaleBoxError

func (e BoxRaceError) IsStaleBoxError()

type ChainLinkUnpacked

type ChainLinkUnpacked struct {
	// contains filtered or unexported fields
}
func UnpackChainLink(link *SCChainLink) (*ChainLinkUnpacked, error)

func (*ChainLinkUnpacked) AssertInnerOuterMatch

func (l *ChainLinkUnpacked) AssertInnerOuterMatch() (err error)

func (*ChainLinkUnpacked) LinkID

func (l *ChainLinkUnpacked) LinkID() libkb.LinkID

func (ChainLinkUnpacked) LinkTriple

func (l ChainLinkUnpacked) LinkTriple() keybase1.LinkTriple

func (*ChainLinkUnpacked) LinkType

func (l *ChainLinkUnpacked) LinkType() libkb.SigchainV2Type

func (*ChainLinkUnpacked) PTKGeneration

func (l *ChainLinkUnpacked) PTKGeneration() (ret keybase1.PerTeamKeyGeneration)

func (*ChainLinkUnpacked) Prev

func (l *ChainLinkUnpacked) Prev() libkb.LinkID

func (*ChainLinkUnpacked) SeqType

func (l *ChainLinkUnpacked) SeqType() keybase1.SeqType

func (*ChainLinkUnpacked) Seqno

func (l *ChainLinkUnpacked) Seqno() keybase1.Seqno

func (ChainLinkUnpacked) SigChainLocation

func (l ChainLinkUnpacked) SigChainLocation() keybase1.SigChainLocation

func (*ChainLinkUnpacked) SigID

func (l *ChainLinkUnpacked) SigID() keybase1.SigID

func (ChainLinkUnpacked) SignatureMetadata

func (l ChainLinkUnpacked) SignatureMetadata() keybase1.SignatureMetadata

func (ChainLinkUnpacked) TeamAdmin

func (l ChainLinkUnpacked) TeamAdmin() *SCTeamAdmin

type ChangeMembershipOptions

type ChangeMembershipOptions struct {
	// Pass "permanent" flag, user will not be able to request access
	// to the team again, admin will have to add them back.
	Permanent bool

	// Do not rotate team key, even on member removals. Server will
	// queue CLKR if client sends removals without rotation.
	SkipKeyRotation bool
}

type ClientBoxAuditError

type ClientBoxAuditError struct {
	// contains filtered or unexported fields
}

func (ClientBoxAuditError) Error

func (e ClientBoxAuditError) Error() string

type CompoundInviteError

type CompoundInviteError struct {
	Assertion string
}

func (CompoundInviteError) Error

func (e CompoundInviteError) Error() string

type DummyBoxAuditor

type DummyBoxAuditor struct{}

func (DummyBoxAuditor) AssertUnjailedOrReaudit

func (d DummyBoxAuditor) AssertUnjailedOrReaudit(mctx libkb.MetaContext, _ keybase1.TeamID) (bool, error)

func (DummyBoxAuditor) Attempt

func (DummyBoxAuditor) BoxAuditRandomTeam

func (d DummyBoxAuditor) BoxAuditRandomTeam(mctx libkb.MetaContext) (*keybase1.BoxAuditAttempt, error)

func (DummyBoxAuditor) BoxAuditTeam

func (DummyBoxAuditor) IsInJail

func (d DummyBoxAuditor) IsInJail(mctx libkb.MetaContext, _ keybase1.TeamID) (bool, error)

func (DummyBoxAuditor) MaybeScheduleDelayedBoxAuditTeam

func (d DummyBoxAuditor) MaybeScheduleDelayedBoxAuditTeam(mctx libkb.MetaContext, teamID keybase1.TeamID)

func (DummyBoxAuditor) RetryNextBoxAudit

func (d DummyBoxAuditor) RetryNextBoxAudit(mctx libkb.MetaContext) (*keybase1.BoxAuditAttempt, error)

type ExplicitTeamOperationError

type ExplicitTeamOperationError struct {
	// contains filtered or unexported fields
}

func (ExplicitTeamOperationError) Error

type FTLMissingSeedError

type FTLMissingSeedError struct {
	// contains filtered or unexported fields
}

func (FTLMissingSeedError) Error

func (e FTLMissingSeedError) Error() string

type FastLoadError

type FastLoadError struct {
	Msg string
}

func (FastLoadError) Error

func (f FastLoadError) Error() string

type FastTeamChainLoader

type FastTeamChainLoader struct {
	// contains filtered or unexported fields
}

FastTeamChainLoader loads teams using the "fast approach." It doesn't compute membership or check any signatures. It just checks for consistency against the merkle tree, and audits that the merkle tree is being faithfully constructed.

func NewFastTeamLoader

func NewFastTeamLoader(g *libkb.GlobalContext) *FastTeamChainLoader

NewFastLoader makes a new fast loader and initializes it.

func NewFastTeamLoaderAndInstall

func NewFastTeamLoaderAndInstall(g *libkb.GlobalContext) *FastTeamChainLoader

NewFastTeamLoaderAndInstall creates a new loader and installs it into G.

func (*FastTeamChainLoader) ForceRepollUntil

func (f *FastTeamChainLoader) ForceRepollUntil(m libkb.MetaContext, dtime gregor.TimeOrOffset) error

func (*FastTeamChainLoader) Freeze

func (f *FastTeamChainLoader) Freeze(mctx libkb.MetaContext, teamID keybase1.TeamID) (err error)

func (*FastTeamChainLoader) HintLatestSeqno

func (f *FastTeamChainLoader) HintLatestSeqno(m libkb.MetaContext, id keybase1.TeamID, seqno keybase1.Seqno) (err error)

func (*FastTeamChainLoader) InForceRepollMode

func (f *FastTeamChainLoader) InForceRepollMode(m libkb.MetaContext) bool

func (*FastTeamChainLoader) Load

Load fast-loads the given team. Provide some hints as to how to load it. You can specify an application and key generations needed, if you are entering chat. Those links will be returned unstubbed from the server, and then the keys can be output in the result.

func (*FastTeamChainLoader) OnDbNuke

func (f *FastTeamChainLoader) OnDbNuke(mctx libkb.MetaContext) error

OnDbNuke is called when the disk cache is cleared, which purges the LRU.

func (*FastTeamChainLoader) OnLogout

func (f *FastTeamChainLoader) OnLogout(mctx libkb.MetaContext) error

OnLogout is called when the user logs out, which purges the LRU.

func (*FastTeamChainLoader) Tombstone

func (f *FastTeamChainLoader) Tombstone(mctx libkb.MetaContext, teamID keybase1.TeamID) (err error)

func (*FastTeamChainLoader) VerifyTeamName

func (f *FastTeamChainLoader) VerifyTeamName(m libkb.MetaContext, id keybase1.TeamID, name keybase1.TeamName, forceRefresh bool) (err error)

VerifyTeamName verifies that the given ID aligns with the given name, using the Merkle tree only (and not verifying sigs along the way).

type FatalBoxAuditError

type FatalBoxAuditError struct {
	// contains filtered or unexported fields
}

func (FatalBoxAuditError) Error

func (e FatalBoxAuditError) Error() string

type GreenLinkError

type GreenLinkError struct {
	// contains filtered or unexported fields
}

The sigchain link is problematically new.

func (GreenLinkError) Error

func (e GreenLinkError) Error() string

type ImplicitAdminCannotLeaveError

type ImplicitAdminCannotLeaveError struct{}

func (ImplicitAdminCannotLeaveError) Error

type ImplicitTeamOperationError

type ImplicitTeamOperationError struct {
	// contains filtered or unexported fields
}

func (ImplicitTeamOperationError) Error

type ImplicitTeamOptions

type ImplicitTeamOptions struct {
	NoForceRepoll bool
}

type InflateError

type InflateError struct {
	// contains filtered or unexported fields
}

func NewInflateError

func NewInflateError(l *ChainLinkUnpacked) InflateError

func NewInflateErrorWithNote

func NewInflateErrorWithNote(l *ChainLinkUnpacked, note string) InflateError

func (InflateError) Error

func (e InflateError) Error() string
type InvalidLink struct {
	// contains filtered or unexported fields
}
func NewInvalidLink(l *ChainLinkUnpacked, format string, args ...interface{}) InvalidLink

func (InvalidLink) Error

func (e InvalidLink) Error() string

type InviteError

type InviteError struct {
	// contains filtered or unexported fields
}

func NewInviteError

func NewInviteError(id keybase1.TeamInviteID, err error) InviteError

func (InviteError) Error

func (i InviteError) Error() string

func (InviteError) Unwrap

func (i InviteError) Unwrap() error

type InviteLinkAcceptanceError

type InviteLinkAcceptanceError struct {
	Cause error
}

func NewInviteLinkAcceptanceError

func NewInviteLinkAcceptanceError(format string, args ...interface{}) InviteLinkAcceptanceError

func (InviteLinkAcceptanceError) Error

type InvitelinkBadRoleError

type InvitelinkBadRoleError struct {
	// contains filtered or unexported fields
}

func NewInvitelinkBadRoleError

func NewInvitelinkBadRoleError(role keybase1.TeamRole) InvitelinkBadRoleError

func (InvitelinkBadRoleError) Error

func (i InvitelinkBadRoleError) Error() string

type KBFSKeyGenerationError

type KBFSKeyGenerationError struct {
	Required, Exists int
}

func NewKBFSKeyGenerationError

func NewKBFSKeyGenerationError(required, exists int) KBFSKeyGenerationError

func (KBFSKeyGenerationError) Error

func (e KBFSKeyGenerationError) Error() string

type LinkRules

type LinkRules struct {
	// Sections
	Name             Tristate
	Members          Tristate
	Parent           Tristate
	Subteam          Tristate
	PerTeamKey       Tristate
	Admin            Tristate
	Invites          Tristate
	CompletedInvites Tristate
	Settings         Tristate
	KBFS             Tristate
	BoxSummaryHash   Tristate
	BotSettings      Tristate

	AllowInImplicitTeam bool // whether this link is allowed in implicit team chains
	AllowInflate        bool // whether this link is allowed to be filled later
	FirstInChain        bool // whether this link must be the beginning of the chain
}

LinkRules describes what fields and properties are required for a link type. Default values are the strictest. Keep this in sync with `func enforce`.

type LoaderContext

type LoaderContext interface {
	// contains filtered or unexported methods
}

Things TeamLoader uses that are mocked out for tests.

func NewLoaderContextFromG

func NewLoaderContextFromG(g *libkb.GlobalContext) LoaderContext

type LoaderContextG

type LoaderContextG struct {
	libkb.Contextified
	// contains filtered or unexported fields
}

The main LoaderContext is G.

type MapAncestorsError

type MapAncestorsError struct {
	// contains filtered or unexported fields
}

func (*MapAncestorsError) Error

func (e *MapAncestorsError) Error() string

func (*MapAncestorsError) Unwrap

func (e *MapAncestorsError) Unwrap() error

type MemberChecker

type MemberChecker interface {
	IsMember(context.Context, keybase1.UserVersion) bool
	MemberRole(context.Context, keybase1.UserVersion) (keybase1.TeamRole, error)
}

type MemberMap

func (MemberMap) Eq

func (m MemberMap) Eq(n MemberMap) bool

type MemberNotFoundInChainError

type MemberNotFoundInChainError struct {
	// contains filtered or unexported fields
}

MemberNotFoundInChainError is an error that is returned when a member is not in a team, and this fact is verified in the sigchain (i.e., not servertrust).

func (*MemberNotFoundInChainError) Error

func (*MemberNotFoundInChainError) Unwrap

func (e *MemberNotFoundInChainError) Unwrap() error

type MissingReaderKeyMaskError

type MissingReaderKeyMaskError struct {
	// contains filtered or unexported fields
}

func (MissingReaderKeyMaskError) Error

type MixedServerTrustAssertionError

type MixedServerTrustAssertionError struct{}

func (MixedServerTrustAssertionError) Error

type NeedHiddenChainRotationError

type NeedHiddenChainRotationError struct{}

func (NeedHiddenChainRotationError) Error

type NonfatalBoxAuditError

type NonfatalBoxAuditError struct {
	// contains filtered or unexported fields
}

func (NonfatalBoxAuditError) Error

func (e NonfatalBoxAuditError) Error() string

type NotExplicitMemberOfSubteamError

type NotExplicitMemberOfSubteamError struct{}

func (NotExplicitMemberOfSubteamError) Error

func (NotExplicitMemberOfSubteamError) HumanError

func (e NotExplicitMemberOfSubteamError) HumanError() error

type PerTeamSharedSecretBox

type PerTeamSharedSecretBox struct {
	Version         uint
	PerUserKeySeqno keybase1.Seqno
	NonceCounter    uint32
	Ctext           []byte
	// contains filtered or unexported fields
}

type PerTeamSharedSecretBoxes

type PerTeamSharedSecretBoxes struct {
	Generation     keybase1.PerTeamKeyGeneration `json:"generation"`
	EncryptingKid  keybase1.KID                  `json:"encrypting_kid"`
	Nonce          string                        `json:"nonce"`
	PrevKey        *prevKeySealedEncoded         `json:"prev"`
	Boxes          map[keybase1.UID]string       `json:"boxes"`
	BoxSummaryHash string                        `json:"public_summary"` // encoded hash of the packed box public summary
	// contains filtered or unexported fields
}

type PermissionError

type PermissionError struct {
	TeamID      keybase1.TeamID
	UserVersion keybase1.UserVersion
	Desc        string
}

func (PermissionError) Error

func (e PermissionError) Error() string

type PrecheckAppendError

type PrecheckAppendError struct {
	Inner error
}

func (PrecheckAppendError) Error

func (e PrecheckAppendError) Error() string

func (PrecheckAppendError) Unwrap

func (e PrecheckAppendError) Unwrap() error

type PrecheckStructuralError

type PrecheckStructuralError struct {
	Inner error
	Msg   string
}

func (PrecheckStructuralError) Error

func (e PrecheckStructuralError) Error() string

type PrevError

type PrevError struct {
	Msg string
}

func (PrevError) Error

func (e PrevError) Error() string

type ProofError

type ProofError struct {
	// contains filtered or unexported fields
}

func NewProofError

func NewProofError(p proof, s string) ProofError

func (ProofError) Error

func (p ProofError) Error() string

type ResolveError

type ResolveError struct {
	// contains filtered or unexported fields
}

func NewResolveError

func NewResolveError(name keybase1.TeamName, id keybase1.TeamID) ResolveError

func (ResolveError) Error

func (e ResolveError) Error() string
type SCChainLink struct {
	Seqno        keybase1.Seqno   `json:"seqno"`
	Sig          string           `json:"sig"`
	SigV2Payload string           `json:"s2"`
	Payload      string           `json:"payload_json"` // String containing json of a SCChainLinkPayload
	UID          keybase1.UID     `json:"uid"`          // UID of the signer
	EldestSeqno  keybase1.Seqno   `json:"eldest_seqno"` // Eldest seqn of the signer
	Version      libkb.SigVersion `json:"version"`
}
func ParseTeamChainLink(link string) (res SCChainLink, err error)

Parse a chain link from a string. Just parses, does not validate.

func (*SCChainLink) UnmarshalPayload

func (link *SCChainLink) UnmarshalPayload() (res SCChainLinkPayload, err error)

type SCChainLinkPayload

type SCChainLinkPayload struct {
	Body                SCPayloadBody                `json:"body,omitempty"`
	Ctime               int                          `json:"ctime,omitempty"` // UnixTime
	ExpireIn            int                          `json:"expire_in,omitempty"`
	Prev                *string                      `json:"prev,omitempty"`
	SeqType             keybase1.SeqType             `json:"seq_type,omitempty"`
	Seqno               keybase1.Seqno               `json:"seqno,omitempty"`
	Tag                 string                       `json:"tag,omitempty"`
	IgnoreIfUnsupported libkb.SigIgnoreIfUnsupported `json:"ignore_if_unsupported,omitempty"`
}

func (SCChainLinkPayload) Ratchets

func (s SCChainLinkPayload) Ratchets() []hidden.SCTeamRatchet

func (SCChainLinkPayload) SigChainLocation

func (s SCChainLinkPayload) SigChainLocation() keybase1.SigChainLocation

func (*SCChainLinkPayload) SignatureMetadata

func (i *SCChainLinkPayload) SignatureMetadata() keybase1.SignatureMetadata

func (SCChainLinkPayload) TeamAdmin

func (s SCChainLinkPayload) TeamAdmin() *SCTeamAdmin

func (SCChainLinkPayload) TeamID

func (s SCChainLinkPayload) TeamID() (keybase1.TeamID, error)

type SCKeySection

type SCKeySection struct {
	KID       keybase1.KID `json:"kid"`
	UID       keybase1.UID `json:"uid"`
	Username  string       `json:"username,omitempty"`
	EldestKID keybase1.KID `json:"eldest_kid"`
	Host      string       `json:"host,omitempty"`
}

type SCMapInviteIDUVPair

type SCMapInviteIDUVPair struct {
	InviteID SCTeamInviteID                  `json:"id"`
	UV       keybase1.UserVersionPercentForm `json:"uv"`
}

type SCMerkleRootSection

type SCMerkleRootSection struct {
	Ctime    int               `json:"ctime"` // UnixTime
	Seqno    keybase1.Seqno    `json:"seqno"`
	HashMeta keybase1.HashMeta `json:"hash_meta"`
}

func (SCMerkleRootSection) ToMerkleRootV2

func (sr SCMerkleRootSection) ToMerkleRootV2() keybase1.MerkleRootV2

type SCPayloadBody

type SCPayloadBody struct {
	Key        *SCKeySection       `json:"key,omitempty"`
	Type       string              `json:"type,omitempty"`
	MerkleRoot SCMerkleRootSection `json:"merkle_root"`
	Version    libkb.SigVersion    `json:"version"`

	Team *SCTeamSection `json:"team,omitempty"`
}

type SCPerTeamKey

type SCPerTeamKey struct {
	Generation keybase1.PerTeamKeyGeneration `json:"generation"`
	EncKID     keybase1.KID                  `json:"encryption_kid"`
	SigKID     keybase1.KID                  `json:"signing_kid"`
	ReverseSig string                        `json:"reverse_sig"`
	SeedCheck  string                        `json:"seed_check,omitempty"`
}

type SCSubteam

type SCSubteam struct {
	ID   SCTeamID   `json:"id"`
	Name SCTeamName `json:"name"`
}

type SCTeamAdmin

type SCTeamAdmin struct {
	TeamID  SCTeamID         `json:"team_id"`
	Seqno   keybase1.Seqno   `json:"seqno"`
	SeqType keybase1.SeqType `json:"seq_type"`
}

func (SCTeamAdmin) SigChainLocation

func (a SCTeamAdmin) SigChainLocation() keybase1.SigChainLocation

type SCTeamBot

type SCTeamBot struct {
	Bot SCTeamBotUV `json:"bot"`
	// Should the bot be summoned for !-commands
	Cmds bool `json:"cmds"`
	// Should the bot be summoned for @-mentions
	Mentions bool `json:"mentions"`
	// Phrases that should trigger the bot to be keyed for content. Will be
	// check as a valid regex.
	Triggers *[]string `json:"triggers,omitempty"`
	// Conversations the bot can participate in, `nil` indicates all
	Convs *[]string `json:"convs,omitempty"`
}

func CreateTeamBotSettings

func CreateTeamBotSettings(bots map[keybase1.UserVersion]keybase1.TeamBotSettings) ([]SCTeamBot, error)

type SCTeamBotUV

type SCTeamBotUV struct {
	UID         keybase1.UID   `json:"uid"`
	EldestSeqno keybase1.Seqno `json:"eldest_seqno"`
}

func ToSCTeamBotUV

func ToSCTeamBotUV(uv keybase1.UserVersion) SCTeamBotUV

func (SCTeamBotUV) ToUserVersion

func (u SCTeamBotUV) ToUserVersion() keybase1.UserVersion

type SCTeamBoxSummaryHash

type SCTeamBoxSummaryHash string

func (SCTeamBoxSummaryHash) BoxSummaryHash

func (h SCTeamBoxSummaryHash) BoxSummaryHash() keybase1.BoxSummaryHash

type SCTeamEntropy

type SCTeamEntropy string

SCTeamEntropy is used to render stubbed out links unguessable. Basically, we shove a random 18-byte string into sensitive links.

type SCTeamID

type SCTeamID string

func (SCTeamID) ToTeamID

func (s SCTeamID) ToTeamID() (keybase1.TeamID, error)

type SCTeamInvite

type SCTeamInvite struct {
	Type    string                      `json:"type"`
	Name    keybase1.TeamInviteName     `json:"name"`
	ID      SCTeamInviteID              `json:"id"`
	Etime   *keybase1.UnixTime          `json:"etime,omitempty"` // UnixTime
	MaxUses *keybase1.TeamInviteMaxUses `json:"max_uses,omitempty"`
}

func (SCTeamInvite) TeamInvite

type SCTeamInviteID

type SCTeamInviteID string

func NewInviteID

func NewInviteID() SCTeamInviteID

func (SCTeamInviteID) Eq

func (SCTeamInviteID) TeamInviteID

func (i SCTeamInviteID) TeamInviteID() (keybase1.TeamInviteID, error)

func (SCTeamInviteID) ToShortInviteID

func (i SCTeamInviteID) ToShortInviteID() (SCTeamInviteIDShort, error)

type SCTeamInviteIDShort

type SCTeamInviteIDShort string

func (SCTeamInviteIDShort) ToInviteID

func (i SCTeamInviteIDShort) ToInviteID() (SCTeamInviteID, error)

type SCTeamInvites

type SCTeamInvites struct {
	Owners  *[]SCTeamInvite   `json:"owner,omitempty"`
	Admins  *[]SCTeamInvite   `json:"admin,omitempty"`
	Writers *[]SCTeamInvite   `json:"writer,omitempty"`
	Readers *[]SCTeamInvite   `json:"reader,omitempty"`
	Cancel  *[]SCTeamInviteID `json:"cancel,omitempty"`
}

func (SCTeamInvites) CanceledInviteCount

func (i SCTeamInvites) CanceledInviteCount() int

CanceledInviteCount returns count of canceled invites.

func (SCTeamInvites) HasNewInvites

func (i SCTeamInvites) HasNewInvites() bool

HasNewInvites returns true if SCTeamInvites creates any invites.

func (SCTeamInvites) Len

func (i SCTeamInvites) Len() int

Len returns total count of all created invites and all canceled invites.

func (SCTeamInvites) NewInviteCount

func (i SCTeamInvites) NewInviteCount() int

NewInviteCount returns count of all created invites.

type SCTeamKBFS

type SCTeamKBFS struct {
	TLF    *SCTeamKBFSTLF           `json:"tlf,omitempty"`
	Keyset *SCTeamKBFSLegacyUpgrade `json:"legacy_tlf_upgrade,omitempty"`
}

type SCTeamKBFSLegacyUpgrade

type SCTeamKBFSLegacyUpgrade struct {
	AppType          keybase1.TeamApplication             `json:"app_type"`
	TeamGeneration   keybase1.PerTeamKeyGeneration        `json:"team_generation"`
	LegacyGeneration int                                  `json:"legacy_generation"`
	KeysetHash       keybase1.TeamEncryptedKBFSKeysetHash `json:"encrypted_keyset_hash"`
}

type SCTeamKBFSTLF

type SCTeamKBFSTLF struct {
	ID keybase1.TLFID `json:"id"`
}

type SCTeamMember

type SCTeamMember keybase1.UserVersion

An (uid%eldest_seqno) pair. The uid is adorned with "%n" at the end where n is the eldest seqno. Just UID is fine as well (implicit %1), but marshaling will always add %1.

func (*SCTeamMember) MarshalJSON

func (s *SCTeamMember) MarshalJSON() (b []byte, err error)

func (*SCTeamMember) UnmarshalJSON

func (s *SCTeamMember) UnmarshalJSON(b []byte) (err error)

type SCTeamMembers

type SCTeamMembers struct {
	Owners         *[]SCTeamMember `json:"owner,omitempty"`
	Admins         *[]SCTeamMember `json:"admin,omitempty"`
	Writers        *[]SCTeamMember `json:"writer,omitempty"`
	Readers        *[]SCTeamMember `json:"reader,omitempty"`
	Bots           *[]SCTeamMember `json:"bot,omitempty"`
	RestrictedBots *[]SCTeamMember `json:"restricted_bot,omitempty"`
	None           *[]SCTeamMember `json:"none,omitempty"`
}

type SCTeamName

type SCTeamName string

func (SCTeamName) LastPart

func (n SCTeamName) LastPart() (string, error)

type SCTeamParent

type SCTeamParent struct {
	ID      SCTeamID         `json:"id"`
	Seqno   keybase1.Seqno   `json:"seqno"`
	SeqType keybase1.SeqType `json:"seq_type"`
}

type SCTeamSection

type SCTeamSection struct {
	ID               SCTeamID               `json:"id"`
	Name             *SCTeamName            `json:"name,omitempty"`
	Members          *SCTeamMembers         `json:"members,omitempty"`
	Parent           *SCTeamParent          `json:"parent,omitempty"`
	Subteam          *SCSubteam             `json:"subteam,omitempty"`
	PerTeamKey       *SCPerTeamKey          `json:"per_team_key,omitempty"`
	Admin            *SCTeamAdmin           `json:"admin,omitempty"`
	Invites          *SCTeamInvites         `json:"invites,omitempty"`
	CompletedInvites SCMapInviteIDToUV      `json:"completed_invites,omitempty"`
	UsedInvites      []SCMapInviteIDUVPair  `json:"used_invites,omitempty"`
	Implicit         bool                   `json:"is_implicit,omitempty"`
	Public           bool                   `json:"is_public,omitempty"`
	Entropy          SCTeamEntropy          `json:"entropy,omitempty"`
	Settings         *SCTeamSettings        `json:"settings,omitempty"`
	KBFS             *SCTeamKBFS            `json:"kbfs,omitempty"`
	BoxSummaryHash   *SCTeamBoxSummaryHash  `json:"box_summary_hash,omitempty"`
	Ratchets         []hidden.SCTeamRatchet `json:"ratchets,omitempty"`
	BotSettings      *[]SCTeamBot           `json:"bot_settings,omitempty"`
}

type SCTeamSettings

type SCTeamSettings struct {
	Open *SCTeamSettingsOpen `json:"open,omitempty"`
}

func CreateTeamSettings

func CreateTeamSettings(open bool, joinAs keybase1.TeamRole) (SCTeamSettings, error)

type SCTeamSettingsOpen

type SCTeamSettingsOpen struct {
	Enabled bool                       `json:"enabled"`
	Options *SCTeamSettingsOpenOptions `json:"options,omitempty"`
}

type SCTeamSettingsOpenOptions

type SCTeamSettingsOpenOptions struct {
	JoinAs string `json:"join_as"`
}

type SeitanAKey

type SeitanAKey []byte

"Acceptance Key"

func GenerateSeitanInvitelinkAcceptanceKey

func GenerateSeitanInvitelinkAcceptanceKey(sikey []byte, uid keybase1.UID, eldestSeqno keybase1.Seqno, unixTimestampSeconds int64) (akey SeitanAKey, encoded string, err error)

type SeitanIKey

type SeitanIKey string

"Invite Key"

func GenerateIKey

func GenerateIKey() (ikey SeitanIKey, err error)

func ParseIKeyFromString

func ParseIKeyFromString(token string) (ikey SeitanIKey, err error)

ParseIKeyFromString safely creates SeitanIKey value from plaintext string. Only format is checked - any 18-character token with '+' character at position 5 can be "Invite Key". Alphabet is not checked, as it is only a hint for token generation and it can change over time, but we assume that token length stays the same.

func (SeitanIKey) GeneratePackedEncryptedKey

func (ikey SeitanIKey) GeneratePackedEncryptedKey(ctx context.Context, team *Team, label keybase1.SeitanKeyLabel) (pkey SeitanPKey, encoded string, err error)

func (SeitanIKey) GenerateSIKey

func (ikey SeitanIKey) GenerateSIKey() (sikey SeitanSIKey, err error)

func (SeitanIKey) String

func (ikey SeitanIKey) String() string

type SeitanIKeyV2

type SeitanIKeyV2 string

"Invite Key Version 2"

func GenerateIKeyV2

func GenerateIKeyV2() (ikey SeitanIKeyV2, err error)

func ParseIKeyV2FromString

func ParseIKeyV2FromString(token string) (ikey SeitanIKeyV2, err error)

ParseIKeyV2FromString safely creates SeitanIKey value from plaintext string. Only format is checked - any 18-character token with '+' character at position 6 can be "Invite Key". Alphabet is not checked, as it is only a hint for token generation and it can change over time, but we assume that token length stays the same.

func (SeitanIKeyV2) GenerateSIKey

func (ikey SeitanIKeyV2) GenerateSIKey() (sikey SeitanSIKeyV2, err error)

func (SeitanIKeyV2) String

func (ikey SeitanIKeyV2) String() string

type SeitanPKey

type SeitanPKey struct {
	Version              SeitanVersion
	TeamKeyGeneration    keybase1.PerTeamKeyGeneration
	RandomNonce          keybase1.BoxNonce
	EncryptedKeyAndLabel []byte // keybase1.SeitanKeyAndLabel MsgPacked and encrypted
	// contains filtered or unexported fields
}

"Seitan Packed Encrypted Key" All following 3 structs should be considered one. When any changes, version has to be bumped up.

func GeneratePackedEncryptedKeyInvitelink(ctx context.Context, ikey keybase1.SeitanIKeyInvitelink,
	team *Team, label keybase1.SeitanKeyLabel) (pkey SeitanPKey, encoded string, err error)

func SeitanDecodePKey

func SeitanDecodePKey(base64Buffer string) (pkey SeitanPKey, err error)

func (SeitanPKey) DecryptKeyAndLabel

func (pkey SeitanPKey) DecryptKeyAndLabel(ctx context.Context, team *Team) (ret keybase1.SeitanKeyAndLabel, err error)

type SeitanPubKey

type SeitanPubKey kbcrypto.NaclSigningKeyPublic

func ImportSeitanPubKey

func ImportSeitanPubKey(keyString keybase1.SeitanPubKey) (pubKey SeitanPubKey, err error)

type SeitanSIKey

type SeitanSIKey [SeitanScryptKeylen]byte

"Stretched Invite Key"

func (SeitanSIKey) GenerateAcceptanceKey

func (sikey SeitanSIKey) GenerateAcceptanceKey(uid keybase1.UID, eldestSeqno keybase1.Seqno, unixTime int64) (akey SeitanAKey, encoded string, err error)

func (SeitanSIKey) GenerateTeamInviteID

func (sikey SeitanSIKey) GenerateTeamInviteID() (id SCTeamInviteID, err error)
type SeitanSIKeyInvitelink [SeitanScryptKeylen]byte
func GenerateSIKeyInvitelink(ikey keybase1.SeitanIKeyInvitelink) (sikey SeitanSIKeyInvitelink, err error)

func (SeitanSIKeyInvitelink) GenerateShortTeamInviteID

func (sikey SeitanSIKeyInvitelink) GenerateShortTeamInviteID() (id SCTeamInviteIDShort, err error)

func (SeitanSIKeyInvitelink) GenerateTeamInviteID

func (sikey SeitanSIKeyInvitelink) GenerateTeamInviteID() (id SCTeamInviteID, err error)

type SeitanSIKeyV2

type SeitanSIKeyV2 [SeitanScryptKeylen]byte

"Stretched Invite Key"

func (SeitanSIKeyV2) GeneratePackedEncryptedKey

func (sikey SeitanSIKeyV2) GeneratePackedEncryptedKey(ctx context.Context, team *Team, label keybase1.SeitanKeyLabel) (pkey SeitanPKey, encoded string, err error)

func (SeitanSIKeyV2) GenerateSignature

func (sikey SeitanSIKeyV2) GenerateSignature(uid keybase1.UID, eldestSeqno keybase1.Seqno, inviteID SCTeamInviteID, time keybase1.Time) (sig SeitanSig, encoded string, err error)

func (SeitanSIKeyV2) GenerateTeamInviteID

func (sikey SeitanSIKeyV2) GenerateTeamInviteID() (id SCTeamInviteID, err error)

type SeitanSig

type SeitanSig kbcrypto.NaclSignature

"Signature"

type SeitanVersion

type SeitanVersion uint
const (
	SeitanVersion1          SeitanVersion = 1
	SeitanVersion2          SeitanVersion = 2
	SeitanVersionInvitelink SeitanVersion = 3
)

func DeriveSeitanVersionFromToken

func DeriveSeitanVersionFromToken(token string) (version SeitanVersion, err error)

DeriveSeitanVersionFromToken returns possible seitan version based on the token. Different seitan versions have '+' characters at different position signifying version number. This function returning successfully does not mean that token is correct, valid, seitan. But returning an error means that token is definitely not a correct seitan token.

type SeitanVersionedInviteStagePayload

type SeitanVersionedInviteStagePayload struct {
	Stage   string        `codec:"stage" json:"stage"`
	Version SeitanVersion `codec:"version" json:"version"`
}

func NewSeitanInviteIDPayload

func NewSeitanInviteIDPayload(version SeitanVersion) SeitanVersionedInviteStagePayload

type SignerX

type SignerX struct {
	// contains filtered or unexported fields
}

func NewSignerX

func NewSignerX(signer keybase1.UserVersion, implicitAdmin bool) SignerX

type StaleBoxError

type StaleBoxError interface {
	IsStaleBoxError()
}

type StubbedError

type StubbedError struct {
	// contains filtered or unexported fields
}

func NewStubbedError

func NewStubbedError(l *ChainLinkUnpacked) StubbedError

func NewStubbedErrorWithNote

func NewStubbedErrorWithNote(l *ChainLinkUnpacked, note string) StubbedError

func (StubbedError) Error

func (e StubbedError) Error() string

type SubteamOwnersError

type SubteamOwnersError struct{}

func (SubteamOwnersError) Error

func (e SubteamOwnersError) Error() string

type Team

type Team struct {
	libkb.Contextified

	ID     keybase1.TeamID
	Data   *keybase1.TeamData
	Hidden *keybase1.HiddenTeamChain
	// contains filtered or unexported fields
}

A snapshot of a team's state. Not threadsafe.

func GetForTeamManagementByStringName

func GetForTeamManagementByStringName(ctx context.Context, g *libkb.GlobalContext, name string, needAdmin bool) (*Team, error)

needAdmin must be set when interacting with links that have a possibility of being stubbed.

func GetForTeamManagementByTeamID

func GetForTeamManagementByTeamID(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID, needAdmin bool) (*Team, error)

func GetMaybeAdminByID

func GetMaybeAdminByID(ctx context.Context, g *libkb.GlobalContext, id keybase1.TeamID, public bool) (*Team, error)

func GetMaybeAdminByStringName

func GetMaybeAdminByStringName(ctx context.Context, g *libkb.GlobalContext, name string, public bool) (*Team, error)

Get a team with no stubbed links if we are an admin. Use this instead of NeedAdmin when you don't know whether you are an admin. This always causes roundtrips. Doesn't work for implicit admins.

func GetTeamByNameForTest

func GetTeamByNameForTest(ctx context.Context, g *libkb.GlobalContext, name string, public bool, needAdmin bool) (*Team, error)

func Load

Load a Team from the TeamLoader. Can be called from inside the teams package.

func LookupImplicitTeam

func LookupImplicitTeam(ctx context.Context, g *libkb.GlobalContext, displayName string, public bool, opts ImplicitTeamOptions) (
	team *Team, teamName keybase1.TeamName, impTeamName keybase1.ImplicitTeamDisplayName, err error)

Lookup an implicit team by name like "alice,bob+bob@twitter (conflicted copy 2017-03-04 #1)" Resolves social assertions.

func LookupImplicitTeamAndConflicts

func LookupImplicitTeamAndConflicts(ctx context.Context, g *libkb.GlobalContext, displayName string, public bool, opts ImplicitTeamOptions) (
	team *Team, teamName keybase1.TeamName, impTeamName keybase1.ImplicitTeamDisplayName, conflicts []keybase1.ImplicitTeamConflictInfo, err error)

Lookup an implicit team by name like "alice,bob+bob@twitter (conflicted copy 2017-03-04 #1)" Resolves social assertions.

func LookupOrCreateImplicitTeam

func LookupOrCreateImplicitTeam(ctx context.Context, g *libkb.GlobalContext, displayName string, public bool) (res *Team, teamName keybase1.TeamName, impTeamName keybase1.ImplicitTeamDisplayName, err error)

LookupOrCreateImplicitTeam by name like "alice,bob+bob@twitter (conflicted copy 2017-03-04 #1)" Resolves social assertions.

func NewTeam

func NewTeam(ctx context.Context, g *libkb.GlobalContext, teamData *keybase1.TeamData, hidden *keybase1.HiddenTeamChain) *Team

func (*Team) AllAdmins

func (t *Team) AllAdmins(ctx context.Context) ([]keybase1.UserVersion, error)

All admins, owners, and implicit admins of this team.

func (*Team) AllApplicationKeys

func (t *Team) AllApplicationKeys(ctx context.Context, application keybase1.TeamApplication) (res []keybase1.TeamApplicationKey, err error)

func (*Team) AllApplicationKeysWithKBFS

func (t *Team) AllApplicationKeysWithKBFS(ctx context.Context, application keybase1.TeamApplication) (res []keybase1.TeamApplicationKey, err error)

func (*Team) AllUserVersions

func (t *Team) AllUserVersions(ctx context.Context) []keybase1.UserVersion

func (*Team) AllUserVersionsByUID

func (t *Team) AllUserVersionsByUID(ctx context.Context, uid keybase1.UID) []keybase1.UserVersion

func (*Team) ApplicationKey

func (t *Team) ApplicationKey(ctx context.Context, application keybase1.TeamApplication) (keybase1.TeamApplicationKey, error)

ApplicationKey returns the most recent key for an application.

func (*Team) ApplicationKeyAtGeneration

func (t *Team) ApplicationKeyAtGeneration(ctx context.Context,
	application keybase1.TeamApplication, generation keybase1.PerTeamKeyGeneration) (res keybase1.TeamApplicationKey, err error)

func (*Team) ApplicationKeyAtGenerationWithKBFS

func (t *Team) ApplicationKeyAtGenerationWithKBFS(ctx context.Context,
	application keybase1.TeamApplication, generation keybase1.PerTeamKeyGeneration) (res keybase1.TeamApplicationKey, err error)

func (*Team) AssociateWithTLFID

func (t *Team) AssociateWithTLFID(ctx context.Context, tlfID keybase1.TLFID) (err error)

func (*Team) AssociateWithTLFKeyset

func (t *Team) AssociateWithTLFKeyset(ctx context.Context, tlfID keybase1.TLFID,
	cryptKeys []keybase1.CryptKey, appType keybase1.TeamApplication) (err error)

func (*Team) CanSkipKeyRotation

func (t *Team) CanSkipKeyRotation() bool

func (*Team) ChangeMembership

func (t *Team) ChangeMembership(ctx context.Context, req keybase1.TeamChangeReq) error

func (*Team) ChangeMembershipWithOptions

func (t *Team) ChangeMembershipWithOptions(ctx context.Context, req keybase1.TeamChangeReq, opts ChangeMembershipOptions) (err error)

func (*Team) ChatKey

func (t *Team) ChatKey(ctx context.Context) (keybase1.TeamApplicationKey, error)

func (*Team) ChatKeyAtGeneration

func (t *Team) ChatKeyAtGeneration(ctx context.Context, generation keybase1.PerTeamKeyGeneration) (keybase1.TeamApplicationKey, error)

func (*Team) CurrentSeqno

func (t *Team) CurrentSeqno() keybase1.Seqno

func (*Team) EncryptionKey

func (t *Team) EncryptionKey(ctx context.Context) (key libkb.NaclDHKeyPair, err error)

func (*Team) ExportToTeamPlusApplicationKeys

func (t *Team) ExportToTeamPlusApplicationKeys(ctx context.Context, idTime keybase1.Time,
	application keybase1.TeamApplication, includeKBFSKeys bool) (ret keybase1.TeamPlusApplicationKeys, err error)

func (*Team) FindActiveKeybaseInvite

func (t *Team) FindActiveKeybaseInvite(uid keybase1.UID) (keybase1.TeamInvite, keybase1.UserVersion, bool)

func (*Team) ForceMerkleRootUpdate

func (t *Team) ForceMerkleRootUpdate(ctx context.Context) error

ForceMerkleRootUpdate will call LookupTeam on MerkleClient to update cached merkle root to include latest team sigs. Needed if client wants to create a signature that refers to an adminship, signature's merkle_root has to be more fresh than adminship's.

func (*Team) Generation

func (t *Team) Generation() keybase1.PerTeamKeyGeneration

func (*Team) GetActiveAndObsoleteInvites

func (t *Team) GetActiveAndObsoleteInvites() (ret map[keybase1.TeamInviteID]keybase1.TeamInvite)

func (*Team) GitMetadataKey

func (t *Team) GitMetadataKey(ctx context.Context) (keybase1.TeamApplicationKey, error)

func (*Team) HasActiveInvite

func (t *Team) HasActiveInvite(mctx libkb.MetaContext, name keybase1.TeamInviteName, typ string) (bool, error)

func (*Team) HiddenChain

func (t *Team) HiddenChain() *keybase1.HiddenTeamChain

func (*Team) HintLatestSeqno

func (t *Team) HintLatestSeqno(m libkb.MetaContext, n keybase1.Seqno) error

func (*Team) ImplicitTeamDisplayName

func (t *Team) ImplicitTeamDisplayName(ctx context.Context) (res keybase1.ImplicitTeamDisplayName, err error)

func (*Team) ImplicitTeamDisplayNameNoConflicts

func (t *Team) ImplicitTeamDisplayNameNoConflicts(ctx context.Context) (res keybase1.ImplicitTeamDisplayName, err error)

func (*Team) ImplicitTeamDisplayNameString

func (t *Team) ImplicitTeamDisplayNameString(ctx context.Context) (string, error)

func (*Team) InviteEmailPhoneMember

func (t *Team) InviteEmailPhoneMember(ctx context.Context, name string, role keybase1.TeamRole, typ string) error
func (t *Team) InviteInvitelink(
	ctx context.Context,
	role keybase1.TeamRole,
	maxUses keybase1.TeamInviteMaxUses,
	etime *keybase1.UnixTime,
) (ikey keybase1.SeitanIKeyInvitelink, inviteID SCTeamInviteID, err error)

func (*Team) InviteMember

func (t *Team) InviteMember(ctx context.Context, username string, role keybase1.TeamRole, resolvedUsername libkb.NormalizedUsername, uv keybase1.UserVersion) (keybase1.TeamAddMemberResult, error)

If uv.Uid is set, then username is ignored. Otherwise resolvedUsername and uv are ignored.

func (*Team) InviteSeitan

func (t *Team) InviteSeitan(ctx context.Context, role keybase1.TeamRole, label keybase1.SeitanKeyLabel) (ikey SeitanIKey, err error)

func (*Team) InviteSeitanV2

func (t *Team) InviteSeitanV2(ctx context.Context, role keybase1.TeamRole, label keybase1.SeitanKeyLabel) (ikey SeitanIKeyV2, err error)

func (*Team) IsImplicit

func (t *Team) IsImplicit() bool

func (*Team) IsMember

func (t *Team) IsMember(ctx context.Context, uv keybase1.UserVersion) bool

func (*Team) IsOpen

func (t *Team) IsOpen() bool

func (*Team) IsPublic

func (t *Team) IsPublic() bool

func (*Team) IsSubteam

func (t *Team) IsSubteam() bool

func (*Team) KBFSCryptKeys

func (t *Team) KBFSCryptKeys(ctx context.Context, appType keybase1.TeamApplication) []keybase1.CryptKey

func (*Team) KBFSKey

func (t *Team) KBFSKey(ctx context.Context) (keybase1.TeamApplicationKey, error)

func (*Team) KBFSTLFIDs

func (t *Team) KBFSTLFIDs() []keybase1.TLFID

func (*Team) LatestKBFSTLFID

func (t *Team) LatestKBFSTLFID() (res keybase1.TLFID)

func (*Team) Leave

func (t *Team) Leave(ctx context.Context, permanent bool) error

func (*Team) MainChain

func (t *Team) MainChain() *keybase1.TeamData

func (*Team) MemberCtime

func (t *Team) MemberCtime(ctx context.Context, uv keybase1.UserVersion) *keybase1.Time

func (*Team) MemberRole

func (t *Team) MemberRole(ctx context.Context, uv keybase1.UserVersion) (keybase1.TeamRole, error)

func (*Team) Members

func (t *Team) Members() (keybase1.TeamMembers, error)

func (*Team) Name

func (t *Team) Name() keybase1.TeamName

func (*Team) NextSeqno

func (t *Team) NextSeqno() keybase1.Seqno

func (*Team) NumActiveInvites

func (t *Team) NumActiveInvites() int

func (*Team) OpenTeamJoinAs

func (t *Team) OpenTeamJoinAs() keybase1.TeamRole

func (*Team) PostTeamBotSettings

func (t *Team) PostTeamBotSettings(ctx context.Context, bots map[keybase1.UserVersion]keybase1.TeamBotSettings) error

func (*Team) PostTeamSettings

func (t *Team) PostTeamSettings(ctx context.Context, settings keybase1.TeamSettings, rotate bool) error

func (*Team) Rotate

func (t *Team) Rotate(ctx context.Context, rt keybase1.RotationType) (err error)

func (*Team) SaltpackEncryptionKeyAtGeneration

func (t *Team) SaltpackEncryptionKeyAtGeneration(ctx context.Context, generation keybase1.PerTeamKeyGeneration) (keybase1.TeamApplicationKey, error)

func (*Team) SaltpackEncryptionKeyLatest

func (t *Team) SaltpackEncryptionKeyLatest(ctx context.Context) (keybase1.TeamApplicationKey, error)

func (*Team) SeitanInviteTokenKeyAtGeneration

func (t *Team) SeitanInviteTokenKeyAtGeneration(ctx context.Context, generation keybase1.PerTeamKeyGeneration) (keybase1.TeamApplicationKey, error)

func (*Team) SeitanInviteTokenKeyLatest

func (t *Team) SeitanInviteTokenKeyLatest(ctx context.Context) (keybase1.TeamApplicationKey, error)

func (*Team) Settings

func (t *Team) Settings() keybase1.TeamSettings

func (*Team) SharedSecret

func (t *Team) SharedSecret(ctx context.Context) (ret keybase1.PerTeamKeySeed, err error)

func (*Team) SigningKID

func (t *Team) SigningKID(ctx context.Context) (kid keybase1.KID, err error)

func (*Team) SigningKey

func (t *Team) SigningKey(ctx context.Context) (key libkb.NaclSigningKeyPair, err error)

func (*Team) TeamBotSettings

func (t *Team) TeamBotSettings() (map[keybase1.UserVersion]keybase1.TeamBotSettings, error)

func (*Team) UserLastJoinTime

func (t *Team) UserLastJoinTime(u keybase1.UserVersion) (time keybase1.Time, err error)

func (*Team) UserLastRoleChangeTime

func (t *Team) UserLastRoleChangeTime(u keybase1.UserVersion) (time keybase1.Time, wasMember bool)

UserLastRoleChangeTime returns the time of the last role change for user in team. If the user left the team as a last change, the time of such leave event is returned. If the user was never in the team, then this function returns time=0 and wasMember=false.

func (*Team) UserVersionByUID

func (t *Team) UserVersionByUID(ctx context.Context, uid keybase1.UID) (keybase1.UserVersion, error)

func (*Team) UsersWithRole

func (t *Team) UsersWithRole(role keybase1.TeamRole) ([]keybase1.UserVersion, error)

func (*Team) UsersWithRoleOrAbove

func (t *Team) UsersWithRoleOrAbove(role keybase1.TeamRole) ([]keybase1.UserVersion, error)
func (t *Team) WasMostRecentlyAddedByInvitelink(uv keybase1.UserVersion) bool

type TeamBox

type TeamBox struct {
	Nonce           string
	SenderKID       keybase1.KID `json:"sender_kid"`
	Generation      keybase1.PerTeamKeyGeneration
	Ctext           string
	PerUserKeySeqno keybase1.Seqno `json:"per_user_key_seqno"`
}

TeamBox comes from api server team/get endpoint.

func (*TeamBox) Open

Open decrypts Ctext using encKey.

type TeamDeletedError

type TeamDeletedError struct{}

func (TeamDeletedError) Error

func (e TeamDeletedError) Error() string

type TeamDoesNotExistError

type TeamDoesNotExistError struct {
	// contains filtered or unexported fields
}

func (TeamDoesNotExistError) Error

func (e TeamDoesNotExistError) Error() string

type TeamInfo

type TeamInfo struct {
	libkb.AppStatusEmbed
	Name          string
	InTeam        bool `json:"in_team"`
	Open          bool
	Description   string
	PublicAdmins  []string `json:"public_admins"`
	NumMembers    int      `json:"num_members"`
	PublicMembers []struct {
		Role     keybase1.TeamRole
		UID      keybase1.UID
		Username string
		FullName string `json:"full_name"`
	} `json:"public_members"`
}

type TeamInviteLinkDetails

type TeamInviteLinkDetails struct {
	libkb.AppStatusEmbed
	InviterResetOrDel bool                                         `json:"inviter_reset_or_del"`
	InviterUID        keybase1.UID                                 `json:"inviter_uid"`
	InviterUsername   string                                       `json:"inviter_username"`
	IsMember          bool                                         `json:"is_member"`
	TeamAvatars       map[keybase1.AvatarFormat]keybase1.AvatarUrl `json:"team_avatars"`
	TeamDescription   string                                       `json:"team_desc"`
	TeamID            keybase1.TeamID                              `json:"team_id"`
	TeamIsOpen        bool                                         `json:"team_is_open"`
	TeamName          string                                       `json:"team_name"`
	TeamNumMembers    int                                          `json:"team_num_members"`
}

type TeamKeyManager

type TeamKeyManager struct {
	// contains filtered or unexported fields
}

func NewTeamKeyManager

func NewTeamKeyManager(g *libkb.GlobalContext, id keybase1.TeamID) (*TeamKeyManager, error)

func NewTeamKeyManagerWithSeedItem

func NewTeamKeyManagerWithSeedItem(id keybase1.TeamID, si keybase1.PerTeamKeySeedItem) (*TeamKeyManager, error)

func (*TeamKeyManager) Check

func (*TeamKeyManager) EncryptionKey

func (t *TeamKeyManager) EncryptionKey() (libkb.NaclDHKeyPair, error)

EncryptionKey returns the derived NaclDHKeyPair from the team's shared secret.

func (*TeamKeyManager) Generation

func (*TeamKeyManager) RotateSharedSecretBoxes

func (t *TeamKeyManager) RotateSharedSecretBoxes(mctx libkb.MetaContext, senderKey libkb.GenericKey, recipients map[keybase1.UserVersion]keybase1.PerUserKey) (boxes *PerTeamSharedSecretBoxes, keySection *SCPerTeamKey, err error)

RotateSharedSecretBoxes creates a new shared secret for the team and the required PerTeamKey section.

func (*TeamKeyManager) SharedSecret

func (t *TeamKeyManager) SharedSecret() keybase1.PerTeamKeySeed

SharedSecret returns the team's shared secret.

func (*TeamKeyManager) SharedSecretBoxes

func (t *TeamKeyManager) SharedSecretBoxes(mctx libkb.MetaContext, senderKey libkb.GenericKey, recipients map[keybase1.UserVersion]keybase1.PerUserKey) (boxes *PerTeamSharedSecretBoxes, err error)

SharedSecretBoxes creates the PerTeamSharedSecretBoxes for recipients with the existing team shared secret.

func (*TeamKeyManager) SigningKey

func (t *TeamKeyManager) SigningKey() (libkb.NaclSigningKeyPair, error)

EncryptionKey returns the derived NaclSigningKeyPair from the team's shared secret.

type TeamLoader

type TeamLoader struct {
	libkb.Contextified
	// contains filtered or unexported fields
}

Loader of keybase1.TeamData objects. Handles caching. Because there is one of this global object and it is attached to G, its Load interface must return a keybase1.TeamData not a teams.Team. To load a teams.Team use the package-level function Load. Threadsafe.

func NewTeamLoader

func NewTeamLoader(g *libkb.GlobalContext, world LoaderContext, storage *storage.Storage, merkleStorage *storage.Merkle) *TeamLoader

func NewTeamLoaderAndInstall

func NewTeamLoaderAndInstall(g *libkb.GlobalContext) *TeamLoader

NewTeamLoaderAndInstall creates a new loader and installs it into G.

func (*TeamLoader) ClearMem

func (l *TeamLoader) ClearMem()

Clear the in-memory cache.

func (*TeamLoader) ForceRepollUntil

func (l *TeamLoader) ForceRepollUntil(ctx context.Context, dtime gregor.TimeOrOffset) error

func (*TeamLoader) Freeze

func (l *TeamLoader) Freeze(ctx context.Context, teamID keybase1.TeamID) (err error)

func (*TeamLoader) HintLatestSeqno

func (l *TeamLoader) HintLatestSeqno(ctx context.Context, teamID keybase1.TeamID, seqno keybase1.Seqno) error

func (*TeamLoader) ImplicitAdmins

func (l *TeamLoader) ImplicitAdmins(ctx context.Context, teamID keybase1.TeamID) (impAdmins []keybase1.UserVersion, err error)

List all the admins of ancestor teams. Includes admins of the specified team only if they are also admins of ancestor teams. The specified team must be a subteam, or an error is returned. Always sends a flurry of RPCs to get the most up to date info.

func (*TeamLoader) InForceRepollMode

func (l *TeamLoader) InForceRepollMode(mctx libkb.MetaContext) bool

func (*TeamLoader) IsOpenCached

func (l *TeamLoader) IsOpenCached(ctx context.Context, teamID keybase1.TeamID) (bool, error)

Get whether a team is open. Returns an arbitrarily stale answer.

func (*TeamLoader) Load

func (l *TeamLoader) Load(ctx context.Context, lArg keybase1.LoadTeamArg) (res *keybase1.TeamData, hidden *keybase1.HiddenTeamChain, err error)

func (*TeamLoader) MapTeamAncestors

func (l *TeamLoader) MapTeamAncestors(
	ctx context.Context,
	f func(keybase1.TeamSigChainState, keybase1.TeamName) error,
	teamID keybase1.TeamID,
	reason string,
	forceFullReloadOnceToAssert func(t keybase1.TeamSigChainState) bool,
) (err error)

MapTeamAncestors does NOT map over the team itself.

func (*TeamLoader) NotifyTeamRename

func (l *TeamLoader) NotifyTeamRename(ctx context.Context, id keybase1.TeamID, newName string) error

func (*TeamLoader) OnDbNuke

func (l *TeamLoader) OnDbNuke(mctx libkb.MetaContext) error

func (*TeamLoader) OnLogout

func (l *TeamLoader) OnLogout(mctx libkb.MetaContext) error

func (*TeamLoader) ResolveNameToIDUntrusted

func (l *TeamLoader) ResolveNameToIDUntrusted(ctx context.Context, teamName keybase1.TeamName, public bool, allowCache bool) (id keybase1.TeamID, err error)

Resolve a team name to a team ID. Will always hit the server for subteams. The server can lie in this return value.

func (*TeamLoader) Tombstone

func (l *TeamLoader) Tombstone(ctx context.Context, teamID keybase1.TeamID) (err error)

func (*TeamLoader) VerifyTeamName

func (l *TeamLoader) VerifyTeamName(ctx context.Context, id keybase1.TeamID, name keybase1.TeamName) error

type TeamRoleMapManager

type TeamRoleMapManager struct {
	libkb.NoopNotifyListener
	sync.Mutex
	// contains filtered or unexported fields
}

func NewTeamRoleMapManager

func NewTeamRoleMapManager() *TeamRoleMapManager

func (*TeamRoleMapManager) FlushCache

func (t *TeamRoleMapManager) FlushCache()

func (*TeamRoleMapManager) Get

func (t *TeamRoleMapManager) Get(mctx libkb.MetaContext, retryOnFail bool) (res keybase1.TeamRoleMapAndVersion, err error)

Get is called from the frontend to refresh its view of the TeamRoleMap state. The unfortunate case is when the

func (*TeamRoleMapManager) Query

Query the state of the team role list manager -- only should be used in testing, as it's not exposed in the geenric libkb.TeamRoleMapManager interface. For testing, we want to see if the update path is actually updating the team, so we want to be able to query what's in the manager without going to disk or network if it's stale.

func (*TeamRoleMapManager) Reachability

func (t *TeamRoleMapManager) Reachability(r keybase1.Reachability)

Reachability should be called whenever the reachability status of the app changes (via NotifyRouter). If we happen to be waiting on a timer to do a refresh, then break out and refresh it.

func (*TeamRoleMapManager) Update

func (t *TeamRoleMapManager) Update(mctx libkb.MetaContext, version keybase1.UserTeamVersion) (err error)

type TeamShim

type TeamShim struct {
	Data   *keybase1.TeamData
	Hidden *keybase1.HiddenTeamChain
}

func (*TeamShim) HiddenChain

func (t *TeamShim) HiddenChain() *keybase1.HiddenTeamChain

func (*TeamShim) MainChain

func (t *TeamShim) MainChain() *keybase1.TeamData

type TeamSigChainState

type TeamSigChainState struct {
	// contains filtered or unexported fields
}

Accessor wrapper for keybase1.TeamSigChainState

func AppendChainLink(ctx context.Context, g *libkb.GlobalContext, reader keybase1.UserVersion, state *TeamSigChainState,
	link *ChainLinkUnpacked, signer *SignerX) (res TeamSigChainState, err error)

AppendChainLink process a chain link. It must have already been partially verified by TeamLoader. `reader` is the user who is processing the chain. `state` is moved into this function. There must exist no live references into it from now on. If `state` is nil this is the first link of the chain. `signer` may be nil iff link is stubbed.

func InflateLink(ctx context.Context, g *libkb.GlobalContext, reader keybase1.UserVersion, state TeamSigChainState,
	link *ChainLinkUnpacked, signer SignerX) (res TeamSigChainState, err error)

InflateLink adds the full inner link for a link that has already been added in stubbed form. `state` is moved into this function. There must exist no live references into it from now on.

func (*TeamSigChainState) ActiveInvites

func (t *TeamSigChainState) ActiveInvites() (ret []keybase1.TeamInviteMetadata)

func (TeamSigChainState) AssertWasAdminAt

func (t TeamSigChainState) AssertWasAdminAt(uv keybase1.UserVersion, scl keybase1.SigChainLocation) (err error)

func (TeamSigChainState) AssertWasRoleOrAboveAt

func (t TeamSigChainState) AssertWasRoleOrAboveAt(uv keybase1.UserVersion,
	role keybase1.TeamRole, scl keybase1.SigChainLocation) (err error)

AssertWasRoleOrAboveAt asserts that user `uv` had `role` or above on the team just after the given SigChainLocation `scl`. We start at the point given, go backwards until we find a promotion, then go forwards to make sure there wasn't a demotion before the specified time. If there was, return a PermissionError. If no adminship was found at all, return a PermissionError.

func (TeamSigChainState) AssertWasWriterAt

func (t TeamSigChainState) AssertWasWriterAt(uv keybase1.UserVersion, scl keybase1.SigChainLocation) (err error)

func (TeamSigChainState) DeepCopy

func (t TeamSigChainState) DeepCopy() TeamSigChainState

func (TeamSigChainState) DeepCopyToPtr

func (t TeamSigChainState) DeepCopyToPtr() *TeamSigChainState

func (*TeamSigChainState) FindActiveInvite

func (*TeamSigChainState) FindActiveInviteMDByID

func (t *TeamSigChainState) FindActiveInviteMDByID(
	id keybase1.TeamInviteID) (inviteMD keybase1.TeamInviteMetadata, found bool)

FindActiveInviteMDByID returns potentially expired invites that have not been explicitly cancelled, since the sigchain player is agnostic to the concept of time. We treat invite expiration times as advisory for admin clients completing invites, but do not check them in the sigchain player.

func (*TeamSigChainState) FindActiveInviteString

func (t *TeamSigChainState) FindActiveInviteString(mctx libkb.MetaContext, name string, typ string) (ret keybase1.TeamInvite, err error)

func (*TeamSigChainState) FindActiveKeybaseInvite

func (t *TeamSigChainState) FindActiveKeybaseInvite(uid keybase1.UID) (keybase1.TeamInvite, keybase1.UserVersion, bool)

FindActiveKeybaseInvite finds and returns a Keybase-type invite for given UID. Ordering here is not guaranteed, caller shouldn't assume that returned invite will be the oldest/newest one for the UID.

func (TeamSigChainState) GetAdminUserLogPoint

func (t TeamSigChainState) GetAdminUserLogPoint(user keybase1.UserVersion) *keybase1.UserLogPoint

func (TeamSigChainState) GetAllUVs

func (t TeamSigChainState) GetAllUVs() (res []keybase1.UserVersion)

func (TeamSigChainState) GetAllUVsWithUID

func (t TeamSigChainState) GetAllUVsWithUID(uid keybase1.UID) (res []keybase1.UserVersion)

func (TeamSigChainState) GetID

func (t TeamSigChainState) GetID() keybase1.TeamID

func (TeamSigChainState) GetLatestGeneration

func (t TeamSigChainState) GetLatestGeneration() keybase1.PerTeamKeyGeneration

func (TeamSigChainState) GetLatestHiddenSeqno

func (t TeamSigChainState) GetLatestHiddenSeqno() keybase1.Seqno

func (TeamSigChainState) GetLatestHighLinkID

func (t TeamSigChainState) GetLatestHighLinkID() keybase1.LinkID

func (TeamSigChainState) GetLatestHighSeqno

func (t TeamSigChainState) GetLatestHighSeqno() keybase1.Seqno

func (TeamSigChainState) GetLatestKBFSGeneration

func (t TeamSigChainState) GetLatestKBFSGeneration(appType keybase1.TeamApplication) (int, error)

func (TeamSigChainState) GetLatestLibkbLinkID

func (t TeamSigChainState) GetLatestLibkbLinkID() (libkb.LinkID, error)

func (TeamSigChainState) GetLatestLinkID

func (t TeamSigChainState) GetLatestLinkID() keybase1.LinkID

func (TeamSigChainState) GetLatestPerTeamKey

func (t TeamSigChainState) GetLatestPerTeamKey(mctx libkb.MetaContext) (res keybase1.PerTeamKey, err error)

func (*TeamSigChainState) GetLatestPerTeamKeyCTime

func (t *TeamSigChainState) GetLatestPerTeamKeyCTime() keybase1.UnixTime

func (TeamSigChainState) GetLatestSeqno

func (t TeamSigChainState) GetLatestSeqno() keybase1.Seqno

func (TeamSigChainState) GetLatestUVWithUID

func (t TeamSigChainState) GetLatestUVWithUID(uid keybase1.UID) (res keybase1.UserVersion, err error)

func (TeamSigChainState) GetLibkbLinkIDBySeqno

func (t TeamSigChainState) GetLibkbLinkIDBySeqno(seqno keybase1.Seqno) (l2 libkb.LinkID, err error)

func (TeamSigChainState) GetLinkIDBySeqno

func (t TeamSigChainState) GetLinkIDBySeqno(seqno keybase1.Seqno) (keybase1.LinkID, error)

func (*TeamSigChainState) GetMerkleRoots

func (t *TeamSigChainState) GetMerkleRoots() map[keybase1.Seqno]keybase1.MerkleRootV2

func (TeamSigChainState) GetParentID

func (t TeamSigChainState) GetParentID() *keybase1.TeamID

Only non-nil if this is a subteam.

func (TeamSigChainState) GetPerTeamKeyAtGeneration

func (t TeamSigChainState) GetPerTeamKeyAtGeneration(gen keybase1.PerTeamKeyGeneration) (keybase1.PerTeamKey, error)

func (TeamSigChainState) GetSubteamName

func (t TeamSigChainState) GetSubteamName(id keybase1.TeamID) (*keybase1.TeamName, error)

func (TeamSigChainState) GetUserLastJoinTime

func (t TeamSigChainState) GetUserLastJoinTime(user keybase1.UserVersion) (time keybase1.Time, err error)

func (TeamSigChainState) GetUserLastRoleChangeTime

func (t TeamSigChainState) GetUserLastRoleChangeTime(user keybase1.UserVersion) (time keybase1.Time, wasMember bool)

GetUserLastRoleChangeTime returns the time of the last role change for user in team. If the user left the team as a last change, the time of such leave event is returned. If the user was never in the team, then this function returns time=0 and wasMember=false.

func (TeamSigChainState) GetUserLogPoint

func (t TeamSigChainState) GetUserLogPoint(user keybase1.UserVersion) *keybase1.UserLogPoint

func (TeamSigChainState) GetUserRole

func (TeamSigChainState) GetUserRoleAtSeqno

func (t TeamSigChainState) GetUserRoleAtSeqno(user keybase1.UserVersion, seqno keybase1.Seqno) (keybase1.TeamRole, error)

Get the user's role right after link at seqno was processed.

func (TeamSigChainState) GetUsersWithRole

func (t TeamSigChainState) GetUsersWithRole(role keybase1.TeamRole) (res []keybase1.UserVersion, err error)

func (TeamSigChainState) GetUsersWithRoleOrAbove

func (t TeamSigChainState) GetUsersWithRoleOrAbove(role keybase1.TeamRole) (res []keybase1.UserVersion, err error)

func (*TeamSigChainState) HasActiveInvite

func (t *TeamSigChainState) HasActiveInvite(name keybase1.TeamInviteName, typ keybase1.TeamInviteType) (bool, error)
func (t TeamSigChainState) HasAnyStubbedLinks() bool

func (TeamSigChainState) HasStubbedSeqno

func (t TeamSigChainState) HasStubbedSeqno(seqno keybase1.Seqno) bool

func (TeamSigChainState) IsImplicit

func (t TeamSigChainState) IsImplicit() bool

func (*TeamSigChainState) IsInviteObsolete

func (t *TeamSigChainState) IsInviteObsolete(id keybase1.TeamInviteID) bool

func (TeamSigChainState) IsLinkFilled

func (t TeamSigChainState) IsLinkFilled(seqno keybase1.Seqno) bool

Whether the link has been processed and is not stubbed.

func (TeamSigChainState) IsOpen

func (t TeamSigChainState) IsOpen() bool

func (TeamSigChainState) IsPublic

func (t TeamSigChainState) IsPublic() bool

func (TeamSigChainState) IsSubteam

func (t TeamSigChainState) IsSubteam() bool

func (TeamSigChainState) LatestLastNamePart

func (t TeamSigChainState) LatestLastNamePart() keybase1.TeamNamePart

func (*TeamSigChainState) ListSubteams

func (t *TeamSigChainState) ListSubteams() (res []keybase1.TeamIDAndName)

Only call this on a Team that has been loaded with NeedAdmin. Otherwise, you might get incoherent answers due to links that were stubbed over the life of the cached object.

For subteams that you were removed from, this list may still include them because your removal was stubbed. The list will not contain duplicate names. Since this should only be called when you are an admin, none of that should really come up, but it's here just to be less fragile.

func (TeamSigChainState) MemberCtime

func (t TeamSigChainState) MemberCtime(user keybase1.UserVersion) *keybase1.Time

func (*TeamSigChainState) NumActiveInvites

func (t *TeamSigChainState) NumActiveInvites() int

func (*TeamSigChainState) SubteamRenameOccurred

func (t *TeamSigChainState) SubteamRenameOccurred(
	subteamID keybase1.TeamID, newName keybase1.TeamName, seqno keybase1.Seqno) error

Check that a subteam rename occurred just so. That the subteam `subteamID` got a new name `newName` at exactly `seqno` in this, the parent, chain. Note this only checks against the last part of `newName` because mid-team renames are such a pain. This is currently linear in the number of times that subteam has been renamed. It should be easy to add an index if need be.

func (TeamSigChainState) TeamBotSettings

type TeamTombstonedError

type TeamTombstonedError struct{}

func (TeamTombstonedError) Error

func (e TeamTombstonedError) Error() string

type Teamer

type Teamer interface {
	MainChain() *keybase1.TeamData
	HiddenChain() *keybase1.HiddenTeamChain
}

Teamer is an interface that can fit a materialized Team (just below) or intermediary temporary products that are available during the team load process. It has access to both the main and hidden chain data so that we can ask questions like "what is the maximal on-chain PTK generation."

type TransactionTaintedError

type TransactionTaintedError struct {
	// contains filtered or unexported fields
}

TransactionTaintedError is used for unrecoverable error where we fail to add a member and irreversibly break the transaction while doing so.

func (TransactionTaintedError) Error

func (e TransactionTaintedError) Error() string

type Treeloader

type Treeloader struct {

	// mock for error testing
	Converter TreeloaderStateConverter
	// contains filtered or unexported fields
}

Treeloader is an ephemeral struct for loading the memberships of `targetUsername` in the partial team tree surrounding `targetTeamID`. Its behavior is described at protocol/avdl/keybase1/teams.avdl:loadTeamTreeMemberships.

func NewTreeloader

func NewTreeloader(mctx libkb.MetaContext, targetUsername string,
	targetTeamID keybase1.TeamID, guid int, includeAncestors bool) (*Treeloader, error)

func (*Treeloader) LoadAsync

func (l *Treeloader) LoadAsync(mctx libkb.MetaContext) (err error)

func (*Treeloader) LoadSync

func (l *Treeloader) LoadSync(mctx libkb.MetaContext) (res []keybase1.TeamTreeMembership,
	err error)

LoadSync requires all loads to succeed, or errors out.

func (*Treeloader) NewErrorResult

func (l *Treeloader) NewErrorResult(err error,
	teamName keybase1.TeamName) keybase1.TeamTreeMembershipResult

func (*Treeloader) ProcessSigchainState

type TreeloaderStateConverter

type TreeloaderStateConverter interface {
	ProcessSigchainState(libkb.MetaContext, keybase1.TeamName,
		*keybase1.TeamSigChainState) keybase1.TeamTreeMembershipResult
}

type Tristate

type Tristate int
const (
	TristateDisallow Tristate = 0 // default
	TristateRequire  Tristate = 1
	TristateOptional Tristate = 2
)

type UnexpectedSeqnoError

type UnexpectedSeqnoError struct {
	// contains filtered or unexported fields
}

func NewUnexpectedSeqnoError

func NewUnexpectedSeqnoError(expected, actual keybase1.Seqno) UnexpectedSeqnoError

func (UnexpectedSeqnoError) Error

func (e UnexpectedSeqnoError) Error() string

type UnsupportedLinkTypeError

type UnsupportedLinkTypeError struct {
	// contains filtered or unexported fields
}

func (UnsupportedLinkTypeError) Error

func (e UnsupportedLinkTypeError) Error() string

type Upgrader

type Upgrader struct{}

func NewUpgrader

func NewUpgrader() *Upgrader

func (*Upgrader) Run

func (u *Upgrader) Run(m libkb.MetaContext)

type UserHasNotResetError

type UserHasNotResetError struct{ Msg string }

func (UserHasNotResetError) Error

func (e UserHasNotResetError) Error() string

type UserPUKlessError

type UserPUKlessError struct {
	// contains filtered or unexported fields
}

UserPUKlessError is returned when an attempt is made to add a PUKless user to a transaction that has AllowPUKless=false.

func (UserPUKlessError) Error

func (e UserPUKlessError) Error() string

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL