Documentation ¶
Index ¶
- func CheckPasswordHash(password, passwordHash string) bool
- func DatabaseInitializer(d *DatabaseSeed) func() Database
- func HashPasswordForLDAP(password string) string
- func MustBeAbsolutePath(val string) error
- func MustBePosixAccountName(val string) error
- func MustBePosixUIDorGID(val string) error
- func MustBeSSHPublicKey(val string) error
- func MustBeSSHPublicKeys(val string) error
- func MustNotBeEmpty(val string) error
- func MustNotHaveSurroundingSpaces(val string) error
- func SplitSSHPublicKeys(val string) (result []string)
- type Database
- type DatabaseSeed
- type Engine
- type FileStore
- type FileStoreAPI
- type Group
- type GroupMemberNames
- type GroupSeed
- type LDAPObject
- type LDAPPermissions
- type Permissions
- type PortunusPermissions
- type PosixID
- type StringSeed
- type User
- type UserPosixAttributes
- type UserSeed
- type UserWithPerms
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckPasswordHash ¶
CheckPasswordHash verifies the given password in nearly constant time.
func DatabaseInitializer ¶ added in v1.1.0
func DatabaseInitializer(d *DatabaseSeed) func() Database
DatabaseInitializer returns a function that initalizes the Database from the given seed on first use. If the seed is nil, the default initialization behavior is used.
func HashPasswordForLDAP ¶
HashPasswordForLDAP produces a password hash in the format expected by LDAP, like the libc function crypt(3).
func MustBeAbsolutePath ¶ added in v1.1.0
MustBeAbsolutePath is a h.ValidationRule.
func MustBePosixAccountName ¶ added in v1.1.0
MustBePosixAccountName is a h.ValidationRule.
func MustBePosixUIDorGID ¶ added in v1.1.0
MustBePosixUIDorGID is a h.ValidationRule.
func MustBeSSHPublicKey ¶ added in v1.1.0
MustBeSSHPublicKey is a h.ValidationRule.
func MustBeSSHPublicKeys ¶ added in v1.1.0
MustBeSSHPublicKeys is a h.ValidationRule.
func MustNotBeEmpty ¶ added in v1.1.0
MustNotBeEmpty is a h.ValidationRule.
func MustNotHaveSurroundingSpaces ¶ added in v1.1.0
MustNotHaveSurroundingSpaces is a h.ValidationRule.
func SplitSSHPublicKeys ¶ added in v1.1.0
SplitSSHPublicKeys preprocesses the content of a submitted <textarea> where a list of SSH public keys is expected. The result will have one public key per array entry.
Types ¶
type Database ¶
type Database struct { Users []User `json:"users,keepempty"` Groups []Group `json:"groups,keepempty"` SchemaVersion uint `json:"schema_version,keepempty"` }
Database contains the contents of Portunus' database. This is what gets persisted into the database file.
type DatabaseSeed ¶ added in v1.1.0
DatabaseSeed contains the contents of the seed file, if there is one.
func ReadDatabaseSeedFromEnvironment ¶ added in v1.1.0
func ReadDatabaseSeedFromEnvironment() (*DatabaseSeed, error)
ReadDatabaseSeedFromEnvironment reads and validates the file at PORTUNUS_SEED_PATH. If that environment variable was not provided, nil is returned instead.
func (DatabaseSeed) Validate ¶ added in v1.1.0
func (d DatabaseSeed) Validate() error
Validate returns an error if the seed contains any invalid or missing values.
type Engine ¶
type Engine interface { FindGroup(name string) *Group FindUser(loginName string) *UserWithPerms FindUserByEMail(emailAddress string) *UserWithPerms ListGroups() []Group ListUsers() []User //The ChangeX() methods are used to create, modify and delete entities. //When creating a new entity, the action is invoked with a //default-constructed argument. To delete an entity, return nil from the //action. If a non-nil error is returned, it's the one returned by the //action. ChangeUser(loginName string, action func(User) (*User, error)) error ChangeGroup(name string, action func(Group) (*Group, error)) error }
Engine is the core engine of portunus-server.
func RunEngineAsync ¶
func RunEngineAsync(fsAPI *FileStoreAPI, ldapSuffix string, seed *DatabaseSeed) (Engine, <-chan []LDAPObject)
RunEngineAsync runs the main engine of portunus-server. It consumes the FileStoreAPI and returns an Engine interface for the HTTP server to use, and a stream of events for the LDAP worker.
type FileStore ¶
type FileStore struct { Path string Initializer func() Database // contains filtered or unexported fields }
FileStore is responsible for loading Portunus' database from PORTUNUS_SERVER_STATE_DIR, and persisting it when changes are made to it.
The Initializer function is called at most once, only when there is no existing database file at the given Path.
func (*FileStore) RunAsync ¶
func (s *FileStore) RunAsync() *FileStoreAPI
RunAsync spawns the goroutine for the FileStore, and returns the API that the engine uses to interact with it.
type FileStoreAPI ¶
type FileStoreAPI struct { //Whenever the FileStore reads an updated version of the config file, it //sends the database contents into this channel. LoadEvents <-chan Database //Whenever the FileStore reads an updated version of the database from this //channel, it will persist that state into the database file. SaveRequests chan<- Database }
FileStoreAPI is the interface that the engine uses to interact with the FileStore.
type Group ¶
type Group struct { Name string `json:"name"` LongName string `json:"long_name"` MemberLoginNames GroupMemberNames `json:"members"` Permissions Permissions `json:"permissions"` PosixGID *PosixID `json:"posix_gid,omitempty"` }
Group represents a single group of users. Membership in a group implicitly grants its Permissions to all users in that group.
func (Group) ContainsUser ¶
ContainsUser checks whether this group contains the given user.
func (Group) RenderToLDAP ¶
func (g Group) RenderToLDAP(suffix string) []LDAPObject
RenderToLDAP produces the LDAPObject representing this group.
type GroupMemberNames ¶
GroupMemberNames is the type of Group.MemberLoginNames.
func (GroupMemberNames) MarshalJSON ¶
func (g GroupMemberNames) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface.
func (*GroupMemberNames) UnmarshalJSON ¶
func (g *GroupMemberNames) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
type GroupSeed ¶ added in v1.1.0
type GroupSeed struct { Name StringSeed `json:"name"` LongName StringSeed `json:"long_name"` MemberLoginNames []StringSeed `json:"members"` Permissions struct { Portunus struct { IsAdmin *bool `json:"is_admin"` } `json:"portunus"` LDAP struct { CanRead *bool `json:"can_read"` } `json:"ldap"` } `json:"permissions"` PosixGID *PosixID `json:"posix_gid"` }
GroupSeed contains the seeded configuration for a single group.
type LDAPObject ¶
LDAPObject describes an object that can be stored in the LDAP directory.
type LDAPPermissions ¶
type LDAPPermissions struct {
CanRead bool `json:"can_read"`
}
LDAPPermissions appears in type Permissions.
type Permissions ¶
type Permissions struct { Portunus PortunusPermissions `json:"portunus"` LDAP LDAPPermissions `json:"ldap"` }
Permissions represents the permissions that membership in a certain group gives its members.
func (Permissions) Includes ¶
func (p Permissions) Includes(other Permissions) bool
Includes returns true when all the permissions are included in this Permissions instance.
func (Permissions) Union ¶
func (p Permissions) Union(other Permissions) Permissions
Union returns the union of the given permission sets.
type PortunusPermissions ¶
type PortunusPermissions struct {
IsAdmin bool `json:"is_admin"`
}
PortunusPermissions appears in type Permissions.
type StringSeed ¶ added in v1.1.0
type StringSeed string
StringSeed contains a single string value coming from the seed file.
func (*StringSeed) UnmarshalJSON ¶ added in v1.1.0
func (s *StringSeed) UnmarshalJSON(buf []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
type User ¶
type User struct { LoginName string `json:"login_name"` GivenName string `json:"given_name"` FamilyName string `json:"family_name"` EMailAddress string `json:"email,omitempty"` SSHPublicKeys []string `json:"ssh_public_keys,omitempty"` //PasswordHash must be in the format generated by crypt(3). PasswordHash string `json:"password"` POSIX *UserPosixAttributes `json:"posix,omitempty"` }
User represents a single user account.
func (User) RenderToLDAP ¶
func (u User) RenderToLDAP(suffix string, allGroups map[string]Group) LDAPObject
RenderToLDAP produces the LDAPObject representing this group.
type UserPosixAttributes ¶
type UserPosixAttributes struct { UID PosixID `json:"uid"` GID PosixID `json:"gid"` HomeDirectory string `json:"home"` LoginShell string `json:"shell"` //optional GECOS string `json:"gecos"` //optional }
UserPosixAttributes appears in type User.
type UserSeed ¶ added in v1.1.0
type UserSeed struct { LoginName StringSeed `json:"login_name"` GivenName StringSeed `json:"given_name"` FamilyName StringSeed `json:"family_name"` EMailAddress StringSeed `json:"email"` SSHPublicKeys []StringSeed `json:"ssh_public_keys"` Password StringSeed `json:"password"` POSIX *struct { UID *PosixID `json:"uid"` GID *PosixID `json:"gid"` HomeDirectory StringSeed `json:"home"` LoginShell StringSeed `json:"shell"` GECOS StringSeed `json:"gecos"` } `json:"posix"` }
UserSeed contains the seeded configuration for a single user.
type UserWithPerms ¶
type UserWithPerms struct { User Perms Permissions GroupMemberships []Group }
UserWithPerms is a User that carries its computed set of permissions.