auth

package
v0.0.0-...-d7e8318 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 25, 2024 License: BSD-2-Clause-Patent Imports: 13 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	Flavor_name = map[int32]string{
		0: "AUTH_NONE",
		1: "AUTH_SYS",
	}
	Flavor_value = map[string]int32{
		"AUTH_NONE": 0,
		"AUTH_SYS":  1,
	}
)

Enum value maps for Flavor.

View Source 
var File_auth_proto protoreflect.FileDescriptor

Functions

func GetMachineName 

func GetMachineName() (string, error)

GetMachineName returns the "short" hostname by stripping the domain from the FQDN.

func VerifierFromToken 

func VerifierFromToken(key crypto.PublicKey, token *Token) ([]byte, error)

VerifierFromToken will return a SHA512 hash of the token data. If a signing key is passed in it will additionally sign the hash of the token.

func VerifyToken 

func VerifyToken(key crypto.PublicKey, token *Token, sig []byte) error

VerifyToken takes the auth token and the signature bytes in the verifier and verifies it against the public key provided for the agent who claims to have provided the token.

Types

type Credential 

type Credential struct {
	Token    *Token `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`       // authentication token
	Verifier *Token `protobuf:"bytes,2,opt,name=verifier,proto3" json:"verifier,omitempty"` // to verify integrity of the token
	Origin   string `protobuf:"bytes,3,opt,name=origin,proto3" json:"origin,omitempty"`     // the agent that created this credential
	// contains filtered or unexported fields
}

Token and verifier are expected to have the same flavor type.

func AuthSysRequestFromCreds 

func AuthSysRequestFromCreds(ext UserExt, creds *security.DomainInfo, signing crypto.PrivateKey) (*Credential, error)

AuthSysRequestFromCreds takes the domain info credentials gathered during the dRPC request and creates an AuthSys security request to obtain a handle from the management service.

func (*Credential) Descriptor deprecated 

func (*Credential) Descriptor() ([]byte, []int)

Deprecated: Use Credential.ProtoReflect.Descriptor instead.

func (*Credential) GetOrigin 

func (x *Credential) GetOrigin() string

func (*Credential) GetToken 

func (x *Credential) GetToken() *Token

func (*Credential) GetVerifier 

func (x *Credential) GetVerifier() *Token

func (*Credential) ProtoMessage 

func (*Credential) ProtoMessage()

func (*Credential) ProtoReflect 

func (x *Credential) ProtoReflect() protoreflect.Message

func (*Credential) Reset 

func (x *Credential) Reset()

func (*Credential) String 

func (x *Credential) String() string

type External 

type External struct{}

External is an exported implementation of the UserExt interface.

func (*External) Current 

func (e *External) Current() (User, error)

Current is a wrapper for user.Current.

func (*External) LookupGroupID 

func (e *External) LookupGroupID(gid uint32) (*user.Group, error)

LookupGroupId is a wrapper for user.LookupGroupId.

func (*External) LookupUserID 

func (e *External) LookupUserID(uid uint32) (User, error)

LookupUserId is a wrapper for user.LookupId.

type Flavor 

type Flavor int32

Types of authentication token 

const (
	Flavor_AUTH_NONE Flavor = 0
	Flavor_AUTH_SYS  Flavor = 1
)

func (Flavor) Descriptor 

func (Flavor) Descriptor() protoreflect.EnumDescriptor

func (Flavor) Enum 

func (x Flavor) Enum() *Flavor

func (Flavor) EnumDescriptor deprecated 

func (Flavor) EnumDescriptor() ([]byte, []int)

Deprecated: Use Flavor.Descriptor instead.

func (Flavor) Number 

func (x Flavor) Number() protoreflect.EnumNumber

func (Flavor) String 

func (x Flavor) String() string

func (Flavor) Type 

func (Flavor) Type() protoreflect.EnumType

type GetCredResp 

type GetCredResp struct {
	Status int32       `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"` // Status of the request
	Cred   *Credential `protobuf:"bytes,2,opt,name=cred,proto3" json:"cred,omitempty"`      // Caller's authentication credential
	// contains filtered or unexported fields
}

GetCredResp represents the result of a request to fetch authentication credentials.

func (*GetCredResp) Descriptor deprecated 

func (*GetCredResp) Descriptor() ([]byte, []int)

Deprecated: Use GetCredResp.ProtoReflect.Descriptor instead.

func (*GetCredResp) GetCred 

func (x *GetCredResp) GetCred() *Credential

func (*GetCredResp) GetStatus 

func (x *GetCredResp) GetStatus() int32

func (*GetCredResp) ProtoMessage 

func (*GetCredResp) ProtoMessage()

func (*GetCredResp) ProtoReflect 

func (x *GetCredResp) ProtoReflect() protoreflect.Message

func (*GetCredResp) Reset 

func (x *GetCredResp) Reset()

func (*GetCredResp) String 

func (x *GetCredResp) String() string

type MockExt 

type MockExt struct {
	LookupUserIDUid        uint32
	LookupUserIDResult     User
	LookupUserIDErr        error
	LookupGroupIDGid       uint32
	LookupGroupIDResults   []*user.Group
	LookupGroupIDCallCount uint32
	LookupGroupIDErr       error
}

func NewMockExtWithUser 

func NewMockExtWithUser(name string, uid uint32, gids ...uint32) *MockExt

func (*MockExt) Current 

func (e *MockExt) Current() (User, error)

func (*MockExt) LookupGroupID 

func (e *MockExt) LookupGroupID(gid uint32) (*user.Group, error)

func (*MockExt) LookupUserID 

func (e *MockExt) LookupUserID(uid uint32) (User, error)

type MockUser 

type MockUser struct {
	// contains filtered or unexported fields
}

func (*MockUser) Gid 

func (u *MockUser) Gid() (uint32, error)

func (*MockUser) GroupIDs 

func (u *MockUser) GroupIDs() ([]uint32, error)

func (*MockUser) Username 

func (u *MockUser) Username() string

type Sys 

type Sys struct {
	Stamp       uint64   `protobuf:"varint,1,opt,name=stamp,proto3" json:"stamp,omitempty"`            // timestamp
	Machinename string   `protobuf:"bytes,2,opt,name=machinename,proto3" json:"machinename,omitempty"` // machine name
	User        string   `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"`               // user name
	Group       string   `protobuf:"bytes,4,opt,name=group,proto3" json:"group,omitempty"`             // primary group name
	Groups      []string `protobuf:"bytes,5,rep,name=groups,proto3" json:"groups,omitempty"`           // secondary group names
	Secctx      string   `protobuf:"bytes,6,opt,name=secctx,proto3" json:"secctx,omitempty"`           // Additional field for MAC label
	// contains filtered or unexported fields
}

Token structure for AUTH_SYS flavor cred

func AuthSysFromAuthToken 

func AuthSysFromAuthToken(authToken *Token) (*Sys, error)

AuthSysFromAuthToken takes an opaque AuthToken and turns it into a concrete AuthSys data structure.

func (*Sys) Descriptor deprecated 

func (*Sys) Descriptor() ([]byte, []int)

Deprecated: Use Sys.ProtoReflect.Descriptor instead.

func (*Sys) GetGroup 

func (x *Sys) GetGroup() string

func (*Sys) GetGroups 

func (x *Sys) GetGroups() []string

func (*Sys) GetMachinename 

func (x *Sys) GetMachinename() string

func (*Sys) GetSecctx 

func (x *Sys) GetSecctx() string

func (*Sys) GetStamp 

func (x *Sys) GetStamp() uint64

func (*Sys) GetUser 

func (x *Sys) GetUser() string

func (*Sys) ProtoMessage 

func (*Sys) ProtoMessage()

func (*Sys) ProtoReflect 

func (x *Sys) ProtoReflect() protoreflect.Message

func (*Sys) Reset 

func (x *Sys) Reset()

func (*Sys) String 

func (x *Sys) String() string

type Token 

type Token struct {
	Flavor Flavor `protobuf:"varint,1,opt,name=flavor,proto3,enum=auth.Flavor" json:"flavor,omitempty"` // flavor of this authentication token
	Data   []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`                       // packed structure of the specified flavor
	// contains filtered or unexported fields
}

func (*Token) Descriptor deprecated 

func (*Token) Descriptor() ([]byte, []int)

Deprecated: Use Token.ProtoReflect.Descriptor instead.

func (*Token) GetData 

func (x *Token) GetData() []byte

func (*Token) GetFlavor 

func (x *Token) GetFlavor() Flavor

func (*Token) ProtoMessage 

func (*Token) ProtoMessage()

func (*Token) ProtoReflect 

func (x *Token) ProtoReflect() protoreflect.Message

func (*Token) Reset 

func (x *Token) Reset()

func (*Token) String 

func (x *Token) String() string

type User 

type User interface {
	Username() string
	GroupIDs() ([]uint32, error)
	Gid() (uint32, error)
}

User is an interface wrapping a representation of a specific system user.

type UserExt 

type UserExt interface {
	Current() (User, error)
	LookupUserID(uid uint32) (User, error)
	LookupGroupID(gid uint32) (*user.Group, error)
}

UserExt is an interface that wraps system user-related external functions.

type UserInfo 

type UserInfo struct {
	Info *user.User
}

UserInfo is an exported implementation of the security.User interface.

func (*UserInfo) Gid 

func (u *UserInfo) Gid() (uint32, error)

Gid is a wrapper for user.Gid.

func (*UserInfo) GroupIDs 

func (u *UserInfo) GroupIDs() ([]uint32, error)

GroupIDs is a wrapper for user.GroupIds.

func (*UserInfo) Username 

func (u *UserInfo) Username() string

Username is a wrapper for user.Username.

type ValidateCredReq 

type ValidateCredReq struct {
	Cred *Credential `protobuf:"bytes,1,opt,name=cred,proto3" json:"cred,omitempty"` // Credential to be validated
	// contains filtered or unexported fields
}

ValidateCredReq represents a request to verify a set of authentication credentials.

func (*ValidateCredReq) Descriptor deprecated 

func (*ValidateCredReq) Descriptor() ([]byte, []int)

Deprecated: Use ValidateCredReq.ProtoReflect.Descriptor instead.

func (*ValidateCredReq) GetCred 

func (x *ValidateCredReq) GetCred() *Credential

func (*ValidateCredReq) ProtoMessage 

func (*ValidateCredReq) ProtoMessage()

func (*ValidateCredReq) ProtoReflect 

func (x *ValidateCredReq) ProtoReflect() protoreflect.Message

func (*ValidateCredReq) Reset 

func (x *ValidateCredReq) Reset()

func (*ValidateCredReq) String 

func (x *ValidateCredReq) String() string

type ValidateCredResp 

type ValidateCredResp struct {
	Status int32  `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"` // Status of the request
	Token  *Token `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`    // Validated authentication token from the credential
	// contains filtered or unexported fields
}

ValidateCredResp represents the result of a request to validate authentication credentials.

func (*ValidateCredResp) Descriptor deprecated 

func (*ValidateCredResp) Descriptor() ([]byte, []int)

Deprecated: Use ValidateCredResp.ProtoReflect.Descriptor instead.

func (*ValidateCredResp) GetStatus 

func (x *ValidateCredResp) GetStatus() int32

func (*ValidateCredResp) GetToken 

func (x *ValidateCredResp) GetToken() *Token

func (*ValidateCredResp) ProtoMessage 

func (*ValidateCredResp) ProtoMessage()

func (*ValidateCredResp) ProtoReflect 

func (x *ValidateCredResp) ProtoReflect() protoreflect.Message

func (*ValidateCredResp) Reset 

func (x *ValidateCredResp) Reset()

func (*ValidateCredResp) String 

func (x *ValidateCredResp) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.