auth

package
v0.0.0-...-fc2a63e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2021 License: BSD-3-Clause, MPL-2.0 Imports: 16 Imported by: 4

README

README for golang-brocade-vyattta-configd-auth repo

Created from configd/auth initially ...

Documentation

Index

Constants

View Source 
const (
	P_CREATE = 1 << iota
	P_READ
	P_UPDATE
	P_DELETE
	P_EXECUTE
)
View Source 
const (
	AUTH_T_DATA = 1 << iota
	AUTH_T_PROTO
	AUTH_T_SESSION
	AUTH_T_PERMS
	AUTH_T_RPC
)
View Source 
const (
	AUTH_DENY = 1 << iota
	AUTH_ALLOW
	AUTH_LOG
)
View Source 
const (
	Allow testAction = true
	Deny             = false
)
View Source 
const (
	T_REQ_AUTH = 1 << iota
	T_REQ_ACCT_START
	T_REQ_ACCT_STOP
)
View Source 
const Authrulefile = "/opt/vyatta/etc/configruleset.txt"

Variables

View Source 
var AllOps = P_CREATE | P_READ | P_UPDATE | P_DELETE

Functions

func CheckRequests 

func CheckRequests(actual, exp TestAutherRequests) error

func NewTestAuther 

func NewTestAuther(rules ...testRule) *testAuther

See example usage in top of file comment.

func NewTestRule 

func NewTestRule(action testAction, perm int, absPath string) testRule

func TestAutherAllowAll 

func TestAutherAllowAll() *testAuther

func TestAutherAllowOrDenyAll 

func TestAutherAllowOrDenyAll(allow bool) *testAuther

func TestAutherDenyAll 

func TestAutherDenyAll() *testAuther

func TestAutherRequestEquals 

func TestAutherRequestEquals(a, b TestAutherRequest) bool

Types

type AaaAuther 

type AaaAuther struct {
	CommandAccounter
	CommandAuther
	DataAuther
	// contains filtered or unexported fields
}

func NewAaaAuther 

func NewAaaAuther(auth *Auth, proto *aaa.AAAProtocol) *AaaAuther

func (*AaaAuther) AccountCommand 

func (a *AaaAuther) AccountCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs)

func (*AaaAuther) AuthorizeCommand 

func (a *AaaAuther) AuthorizeCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs) bool

func (*AaaAuther) AuthorizeCreate 

func (a *AaaAuther) AuthorizeCreate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*AaaAuther) AuthorizeDelete 

func (a *AaaAuther) AuthorizeDelete(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*AaaAuther) AuthorizePath 

func (a *AaaAuther) AuthorizePath(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, perm AuthPerm) bool

func (*AaaAuther) AuthorizeRead 

func (a *AaaAuther) AuthorizeRead(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*AaaAuther) AuthorizeUpdate 

func (a *AaaAuther) AuthorizeUpdate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*AaaAuther) GetPerms 

func (a *AaaAuther) GetPerms(groups []string) map[string]string

func (*AaaAuther) NewTaskAccounter 

func (a *AaaAuther) NewTaskAccounter(
	uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs,
) TaskAccounter

type AcmAuther 

type AcmAuther struct {
	CommandAuther
	DataAuther
	// contains filtered or unexported fields
}

func NewAcmAuther 

func NewAcmAuther(auth *Auth) *AcmAuther

func (*AcmAuther) AuthorizeCommand 

func (a *AcmAuther) AuthorizeCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs) bool

func (*AcmAuther) AuthorizeCreate 

func (a *AcmAuther) AuthorizeCreate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*AcmAuther) AuthorizeDelete 

func (a *AcmAuther) AuthorizeDelete(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*AcmAuther) AuthorizePath 

func (a *AcmAuther) AuthorizePath(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, perm AuthPerm) bool

func (*AcmAuther) AuthorizeRead 

func (a *AcmAuther) AuthorizeRead(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*AcmAuther) AuthorizeUpdate 

func (a *AcmAuther) AuthorizeUpdate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*AcmAuther) GetPerms 

func (a *AcmAuther) GetPerms(groups []string) map[string]string

type AuditAccounter 

type AuditAccounter struct {
	CommandAccounter
	// contains filtered or unexported fields
}

func NewAuditAccounter 

func NewAuditAccounter(a *Auth) *AuditAccounter

func (*AuditAccounter) AccountCommand 

func (a *AuditAccounter) AccountCommand(
	uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs,
)

func (*AuditAccounter) NewTaskAccounter 

func (a *AuditAccounter) NewTaskAccounter(
	uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs,
) TaskAccounter

type Auth 

type Auth struct {
	// contains filtered or unexported fields
}

func NewAuth 

func NewAuth(global *AuthGlobal) *Auth

func NewAuthForUser 

func NewAuthForUser(global *AuthGlobal, uid uint32, groups []string, env *AuthEnv) *Auth

func (*Auth) AccountCommand 

func (a *Auth) AccountCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs)

func (*Auth) AuditLog 

func (a *Auth) AuditLog(msg string)

func (*Auth) AuthorizeCommand 

func (a *Auth) AuthorizeCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs) bool

func (*Auth) AuthorizeCreate 

func (a *Auth) AuthorizeCreate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*Auth) AuthorizeDelete 

func (a *Auth) AuthorizeDelete(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*Auth) AuthorizeFn 

func (a *Auth) AuthorizeFn(uid uint32, groups []string, fn string) bool

func (*Auth) AuthorizePath 

func (a *Auth) AuthorizePath(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, perm AuthPerm) bool

func (*Auth) AuthorizeRPC 

func (a *Auth) AuthorizeRPC(uid uint32, group []string, module, rpcName string) bool

func (*Auth) AuthorizeRead 

func (a *Auth) AuthorizeRead(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*Auth) AuthorizeSession 

func (a *Auth) AuthorizeSession(uid uint32, sid string) bool

func (*Auth) AuthorizeUpdate 

func (a *Auth) AuthorizeUpdate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool

func (*Auth) GetPerms 

func (a *Auth) GetPerms(groups []string) map[string]string

func (*Auth) Log 

func (a *Auth) Log(uid uint32, rule *AuthRule, result bool)

func (*Auth) LogReqFn 

func (a *Auth) LogReqFn(uid uint32, fn string, result bool)

func (*Auth) LogReqPath 

func (a *Auth) LogReqPath(uid uint32, path []string, pathAttrs *pathutil.PathAttrs, perm AuthPerm, result bool)

func (*Auth) NewTaskAccounter 

func (a *Auth) NewTaskAccounter(
	uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs,
) TaskAccounter

type AuthAction 

type AuthAction int

func (AuthAction) String 

func (a AuthAction) String() string

type AuthEnv 

type AuthEnv struct {
	Tty string
}

type AuthGlobal 

type AuthGlobal struct {
	Dlog *log.Logger
	Elog *log.Logger
	// contains filtered or unexported fields
}

func NewAuthGlobal 

func NewAuthGlobal(username string, dlog, elog *log.Logger) *AuthGlobal

func (*AuthGlobal) FsListener 

func (a *AuthGlobal) FsListener()

type AuthPerm 

type AuthPerm int

func (AuthPerm) String 

func (p AuthPerm) String() string

type AuthRule 

type AuthRule struct {
	Action AuthAction `json:"action"`
	Groups []string   `json:"groups"`
	Perm   AuthPerm   `json:"perm"`
	Path   string     `json:"path,omitempty"`
	Rpc    string     `json:"rpc-name,omitempty"`
	Module string     `json:"module-name,omitempty"`
	Fn     string     `json:"fn,omitempty"`
}

type AuthRuleType 

type AuthRuleType struct {
	Type AuthType  `json:"type"`
	Rule *AuthRule `json:"rule"`
}

func (*AuthRuleType) String 

func (r *AuthRuleType) String() string

type AuthType 

type AuthType int

func (AuthType) String 

func (t AuthType) String() string

type Authdb 

type Authdb struct {
	Uid           uint32          `json:"-"`
	Enabled       bool            `json:"enabled"`
	LogReq        bool            `json:"log-requests"`
	CreateDefault AuthAction      `json:"create-default"`
	ReadDefault   AuthAction      `json:"read-default"`
	UpdateDefault AuthAction      `json:"update-default"`
	DeleteDefault AuthAction      `json:"delete-default"`
	ExecDefault   AuthAction      `json:"exec-default"`
	RpcDefault    AuthAction      `json:"rpc-default"`
	Rules         []*AuthRuleType `json:"rules"`
	RpcRules      []*AuthRuleType `json:"rpc-rules"`
}

func LoadAdb 

func LoadAdb(filename string, logger *log.Logger) *Authdb

type Auther 

type Auther interface {
	CommandAccounter
	CommandAuther
	DataAuther

	AuditLog(msg string)
	AuthorizeFn(uid uint32, groups []string, fn string) bool
	AuthorizeRPC(uid uint32, groups []string, module, rpcName string) bool
}

type CommandAccounter 

type CommandAccounter interface {
	NewTaskAccounter(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs) TaskAccounter
	AccountCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs)
}

type CommandAuther 

type CommandAuther interface {
	AuthorizeCommand(uid uint32, groups []string, cmd []string, pathAttrs *pathutil.PathAttrs) bool
}

type DataAuther 

type DataAuther interface {
	AuthorizePath(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, perm AuthPerm) bool
	AuthorizeRead(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
	AuthorizeCreate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
	AuthorizeUpdate(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
	AuthorizeDelete(uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) bool
	GetPerms(groups []string) map[string]string
}

type TaskAccounter 

type TaskAccounter interface {
	AccountStart() error
	AccountStop(*error) error
}

type TestAuther 

type TestAuther interface {
	Auther
	GetCmdRequests() TestAutherRequests
	ClearCmdRequests()
	GetCmdAcctRequests() TestAutherRequests
	ClearCmdAcctRequests()
	GetAuditer() *audit.TestAudit
}

type TestAutherRequest 

type TestAutherRequest struct {
	// contains filtered or unexported fields
}

func NewTestAutherCommandRequest 

func NewTestAutherCommandRequest(
	reqType TestAutherRequestType,
	cmd []string,
	pathAttrs *pathutil.PathAttrs,
) TestAutherRequest

func NewTestAutherRequest 

func NewTestAutherRequest(
	reqType TestAutherRequestType,
	perm AuthPerm,
	path []string,
	pathAttrs *pathutil.PathAttrs,
) TestAutherRequest

type TestAutherRequestType 

type TestAutherRequestType int

type TestAutherRequests 

type TestAutherRequests struct {
	Reqs []TestAutherRequest
}

func NewTestAutherRequests 

func NewTestAutherRequests(req ...TestAutherRequest) TestAutherRequests

func (TestAutherRequests) GetRequestsForPerm 

func (r TestAutherRequests) GetRequestsForPerm(perm AuthPerm) TestAutherRequests

func (TestAutherRequests) Len 

func (r TestAutherRequests) Len() int

func (TestAutherRequests) Less 

func (r TestAutherRequests) Less(i, j int) bool

func (TestAutherRequests) Swap 

func (r TestAutherRequests) Swap(i, j int)

type TestCommandAccounter 

type TestCommandAccounter struct {
	CommandAccounter
	// contains filtered or unexported fields
}

func (*TestCommandAccounter) AccountCommand 

func (a *TestCommandAccounter) AccountCommand(
	uid uint32,
	groups []string,
	cmd []string,
	pathAttrs *pathutil.PathAttrs,
)

func (*TestCommandAccounter) NewTaskAccounter 

func (a *TestCommandAccounter) NewTaskAccounter(
	uid uint32,
	groups []string,
	cmd []string,
	pathAttrs *pathutil.PathAttrs,
) TaskAccounter

type TestCommandAuther 

type TestCommandAuther struct {
	CommandAuther
	// contains filtered or unexported fields
}

func (*TestCommandAuther) AddBlockedCommand 

func (a *TestCommandAuther) AddBlockedCommand(command []string)

func (*TestCommandAuther) AuthorizeCommand 

func (a *TestCommandAuther) AuthorizeCommand(
	uid uint32,
	groups []string,
	cmd []string,
	pathAttrs *pathutil.PathAttrs,
) bool

func (*TestCommandAuther) CommandIsBlocked 

func (a *TestCommandAuther) CommandIsBlocked(command []string) bool

type TestDataAuther 

type TestDataAuther struct {
	DataAuther
	// contains filtered or unexported fields
}

func (*TestDataAuther) AuthorizeCreate 

func (a *TestDataAuther) AuthorizeCreate(
	uid uint32,
	groups []string,
	path []string,
	pathAttrs *pathutil.PathAttrs,
) bool

func (*TestDataAuther) AuthorizeDelete 

func (a *TestDataAuther) AuthorizeDelete(
	uid uint32,
	groups []string,
	path []string,
	pathAttrs *pathutil.PathAttrs,
) bool

func (*TestDataAuther) AuthorizePath 

func (a *TestDataAuther) AuthorizePath(
	uid uint32,
	groups []string,
	path []string,
	pathAttrs *pathutil.PathAttrs,
	perm AuthPerm,
) bool

func (*TestDataAuther) AuthorizeRead 

func (a *TestDataAuther) AuthorizeRead(
	uid uint32,
	groups []string,
	path []string,
	pathAttrs *pathutil.PathAttrs,
) bool

func (*TestDataAuther) AuthorizeUpdate 

func (a *TestDataAuther) AuthorizeUpdate(
	uid uint32,
	groups []string,
	path []string,
	pathAttrs *pathutil.PathAttrs,
) bool

func (*TestDataAuther) GetPerms 

func (a *TestDataAuther) GetPerms(groups []string) map[string]string

Not yet implemented so just return nil for now.

Source Files

View all Source files

Directories

Path Synopsis
cmd
acmd

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.