Documentation ¶
Index ¶
- Constants
- Variables
- func CheckRequests(actual, exp TestAutherRequests) error
- func NewTestAuther(rules ...testRule) *testAuther
- func NewTestRule(action testAction, perm int, absPath string) testRule
- func TestAutherAllowAll() *testAuther
- func TestAutherAllowOrDenyAll(allow bool) *testAuther
- func TestAutherDenyAll() *testAuther
- func TestAutherRequestEquals(a, b TestAutherRequest) bool
- type AaaAuther
- func (a *AaaAuther) AccountCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs)
- func (a *AaaAuther) AuthorizeCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *AaaAuther) AuthorizeCreate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *AaaAuther) AuthorizeDelete(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *AaaAuther) AuthorizePath(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, ...) bool
- func (a *AaaAuther) AuthorizeRead(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *AaaAuther) AuthorizeUpdate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *AaaAuther) GetPerms(groups []string) map[string]string
- func (a *AaaAuther) NewTaskAccounter(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs) TaskAccounter
- type AcmAuther
- func (a *AcmAuther) AuthorizeCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *AcmAuther) AuthorizeCreate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *AcmAuther) AuthorizeDelete(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *AcmAuther) AuthorizePath(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, ...) bool
- func (a *AcmAuther) AuthorizeRead(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *AcmAuther) AuthorizeUpdate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *AcmAuther) GetPerms(groups []string) map[string]string
- type AuditAccounter
- type Auth
- func (a *Auth) AccountCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs)
- func (a *Auth) AuditLog(msg string)
- func (a *Auth) AuthorizeCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *Auth) AuthorizeCreate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *Auth) AuthorizeDelete(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *Auth) AuthorizeFn(uid uint32, groups []string, fn string) bool
- func (a *Auth) AuthorizePath(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, ...) bool
- func (a *Auth) AuthorizeRPC(uid uint32, group []string, module, rpcName string) bool
- func (a *Auth) AuthorizeRead(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *Auth) AuthorizeSession(uid uint32, sid string) bool
- func (a *Auth) AuthorizeUpdate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *Auth) GetPerms(groups []string) map[string]string
- func (a *Auth) Log(uid uint32, rule *AuthRule, result bool)
- func (a *Auth) LogReqFn(uid uint32, fn string, result bool)
- func (a *Auth) LogReqPath(uid uint32, path []string, pathAttrs *pathutil.PathAttrs, perm AuthPerm, ...)
- func (a *Auth) NewTaskAccounter(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs) TaskAccounter
- type AuthAction
- type AuthEnv
- type AuthGlobal
- type AuthPerm
- type AuthRule
- type AuthRuleType
- type AuthType
- type Authdb
- type Auther
- type CommandAccounter
- type CommandAuther
- type DataAuther
- type TaskAccounter
- type TestAuther
- type TestAutherRequest
- type TestAutherRequestType
- type TestAutherRequests
- type TestCommandAccounter
- type TestCommandAuther
- type TestDataAuther
- func (a *TestDataAuther) AuthorizeCreate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *TestDataAuther) AuthorizeDelete(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *TestDataAuther) AuthorizePath(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, ...) bool
- func (a *TestDataAuther) AuthorizeRead(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *TestDataAuther) AuthorizeUpdate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
- func (a *TestDataAuther) GetPerms(groups []string) map[string]string
Constants ¶
View Source
const ( P_CREATE = 1 << iota P_READ P_UPDATE P_DELETE P_EXECUTE )
View Source
const ( AUTH_T_DATA = 1 << iota AUTH_T_PROTO AUTH_T_SESSION AUTH_T_PERMS AUTH_T_RPC )
View Source
const ( AUTH_DENY = 1 << iota AUTH_ALLOW AUTH_LOG )
View Source
const ( Allow testAction = true Deny = false )
View Source
const ( T_REQ_AUTH = 1 << iota T_REQ_ACCT_START T_REQ_ACCT_STOP )
View Source
const Authrulefile = "/opt/vyatta/etc/configruleset.txt"
Variables ¶
View Source
var AllOps = P_CREATE | P_READ | P_UPDATE | P_DELETE
Functions ¶
func CheckRequests ¶
func CheckRequests(actual, exp TestAutherRequests) error
func NewTestAuther ¶
func NewTestAuther(rules ...testRule) *testAuther
See example usage in top of file comment.
func NewTestRule ¶
func TestAutherAllowAll ¶
func TestAutherAllowAll() *testAuther
func TestAutherAllowOrDenyAll ¶
func TestAutherAllowOrDenyAll(allow bool) *testAuther
func TestAutherDenyAll ¶
func TestAutherDenyAll() *testAuther
func TestAutherRequestEquals ¶
func TestAutherRequestEquals(a, b TestAutherRequest) bool
Types ¶
type AaaAuther ¶
type AaaAuther struct { CommandAccounter CommandAuther DataAuther // contains filtered or unexported fields }
func NewAaaAuther ¶
func NewAaaAuther(auth *Auth, proto *aaa.AAAProtocol) *AaaAuther
func (*AaaAuther) AccountCommand ¶
func (*AaaAuther) AuthorizeCommand ¶
func (*AaaAuther) AuthorizeCreate ¶
func (*AaaAuther) AuthorizeDelete ¶
func (*AaaAuther) AuthorizePath ¶
func (*AaaAuther) AuthorizeRead ¶
func (*AaaAuther) AuthorizeUpdate ¶
func (*AaaAuther) NewTaskAccounter ¶
type AcmAuther ¶
type AcmAuther struct { CommandAuther DataAuther // contains filtered or unexported fields }
func NewAcmAuther ¶
func (*AcmAuther) AuthorizeCommand ¶
func (*AcmAuther) AuthorizeCreate ¶
func (*AcmAuther) AuthorizeDelete ¶
func (*AcmAuther) AuthorizePath ¶
func (*AcmAuther) AuthorizeRead ¶
func (*AcmAuther) AuthorizeUpdate ¶
type AuditAccounter ¶
type AuditAccounter struct { CommandAccounter // contains filtered or unexported fields }
func NewAuditAccounter ¶
func NewAuditAccounter(a *Auth) *AuditAccounter
func (*AuditAccounter) AccountCommand ¶
func (*AuditAccounter) NewTaskAccounter ¶
func (a *AuditAccounter) NewTaskAccounter( uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs, ) TaskAccounter
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
func NewAuth ¶
func NewAuth(global *AuthGlobal) *Auth
func NewAuthForUser ¶
func NewAuthForUser(global *AuthGlobal, uid uint32, groups []string, env *AuthEnv) *Auth
func (*Auth) AccountCommand ¶
func (*Auth) AuthorizeCommand ¶
func (*Auth) AuthorizeCreate ¶
func (*Auth) AuthorizeDelete ¶
func (*Auth) AuthorizePath ¶
func (*Auth) AuthorizeRPC ¶
func (*Auth) AuthorizeRead ¶
func (*Auth) AuthorizeUpdate ¶
func (*Auth) LogReqPath ¶
func (*Auth) NewTaskAccounter ¶
type AuthAction ¶
type AuthAction int
func (AuthAction) String ¶
func (a AuthAction) String() string
type AuthGlobal ¶
type AuthGlobal struct { Dlog *log.Logger Elog *log.Logger // contains filtered or unexported fields }
func NewAuthGlobal ¶
func NewAuthGlobal(username string, dlog, elog *log.Logger) *AuthGlobal
func (*AuthGlobal) FsListener ¶
func (a *AuthGlobal) FsListener()
type AuthRuleType ¶
func (*AuthRuleType) String ¶
func (r *AuthRuleType) String() string
type Authdb ¶
type Authdb struct { Uid uint32 `json:"-"` Enabled bool `json:"enabled"` LogReq bool `json:"log-requests"` CreateDefault AuthAction `json:"create-default"` ReadDefault AuthAction `json:"read-default"` UpdateDefault AuthAction `json:"update-default"` DeleteDefault AuthAction `json:"delete-default"` ExecDefault AuthAction `json:"exec-default"` RpcDefault AuthAction `json:"rpc-default"` Rules []*AuthRuleType `json:"rules"` RpcRules []*AuthRuleType `json:"rpc-rules"` }
type Auther ¶
type Auther interface { CommandAccounter CommandAuther DataAuther AuditLog(msg string) AuthorizeFn(uid uint32, groups []string, fn string) bool AuthorizeRPC(uid uint32, groups []string, module, rpcName string) bool }
type CommandAccounter ¶
type CommandAuther ¶
type DataAuther ¶
type DataAuther interface { AuthorizePath(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, perm AuthPerm) bool AuthorizeRead(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool AuthorizeCreate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool AuthorizeUpdate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool AuthorizeDelete(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool GetPerms(groups []string) map[string]string }
type TaskAccounter ¶
type TestAuther ¶
type TestAuther interface { Auther GetCmdRequests() TestAutherRequests ClearCmdRequests() GetCmdAcctRequests() TestAutherRequests ClearCmdAcctRequests() GetAuditer() *audit.TestAudit }
type TestAutherRequest ¶
type TestAutherRequest struct {
// contains filtered or unexported fields
}
func NewTestAutherCommandRequest ¶
func NewTestAutherCommandRequest( reqType TestAutherRequestType, cmd []string, pathAttrs *pathutil.PathAttrs, ) TestAutherRequest
func NewTestAutherRequest ¶
func NewTestAutherRequest( reqType TestAutherRequestType, perm AuthPerm, path []string, pathAttrs *pathutil.PathAttrs, ) TestAutherRequest
type TestAutherRequestType ¶
type TestAutherRequestType int
type TestAutherRequests ¶
type TestAutherRequests struct {
Reqs []TestAutherRequest
}
func NewTestAutherRequests ¶
func NewTestAutherRequests(req ...TestAutherRequest) TestAutherRequests
func (TestAutherRequests) GetRequestsForPerm ¶
func (r TestAutherRequests) GetRequestsForPerm(perm AuthPerm) TestAutherRequests
func (TestAutherRequests) Len ¶
func (r TestAutherRequests) Len() int
func (TestAutherRequests) Less ¶
func (r TestAutherRequests) Less(i, j int) bool
func (TestAutherRequests) Swap ¶
func (r TestAutherRequests) Swap(i, j int)
type TestCommandAccounter ¶
type TestCommandAccounter struct { CommandAccounter // contains filtered or unexported fields }
func (*TestCommandAccounter) AccountCommand ¶
func (*TestCommandAccounter) NewTaskAccounter ¶
func (a *TestCommandAccounter) NewTaskAccounter( uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs, ) TaskAccounter
type TestCommandAuther ¶
type TestCommandAuther struct { CommandAuther // contains filtered or unexported fields }
func (*TestCommandAuther) AddBlockedCommand ¶
func (a *TestCommandAuther) AddBlockedCommand(command []string)
func (*TestCommandAuther) AuthorizeCommand ¶
func (*TestCommandAuther) CommandIsBlocked ¶
func (a *TestCommandAuther) CommandIsBlocked(command []string) bool
type TestDataAuther ¶
type TestDataAuther struct { DataAuther // contains filtered or unexported fields }
func (*TestDataAuther) AuthorizeCreate ¶
func (*TestDataAuther) AuthorizeDelete ¶
func (*TestDataAuther) AuthorizePath ¶
func (*TestDataAuther) AuthorizeRead ¶
func (*TestDataAuther) AuthorizeUpdate ¶
Source Files ¶
Click to show internal directories.
Click to hide internal directories.