core

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 19, 2022 License: GPL-3.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckPasswordHash 

func CheckPasswordHash(password, passwordHash string) bool

CheckPasswordHash verifies the given password in nearly constant time.

func DatabaseInitializer added in v1.1.0 

func DatabaseInitializer(d *DatabaseSeed) func() Database

DatabaseInitializer returns a function that initalizes the Database from the given seed on first use. If the seed is nil, the default initialization behavior is used.

func HashPasswordForLDAP 

func HashPasswordForLDAP(password string) string

HashPasswordForLDAP produces a password hash in the format expected by LDAP, like the libc function crypt(3).

func MustBeAbsolutePath added in v1.1.0 

func MustBeAbsolutePath(val string) error

MustBeAbsolutePath is a h.ValidationRule.

func MustBePosixAccountName added in v1.1.0 

func MustBePosixAccountName(val string) error

MustBePosixAccountName is a h.ValidationRule.

func MustBePosixUIDorGID added in v1.1.0 

func MustBePosixUIDorGID(val string) error

MustBePosixUIDorGID is a h.ValidationRule.

func MustBeSSHPublicKey added in v1.1.0 

func MustBeSSHPublicKey(val string) error

MustBeSSHPublicKey is a h.ValidationRule.

func MustBeSSHPublicKeys added in v1.1.0 

func MustBeSSHPublicKeys(val string) error

MustBeSSHPublicKeys is a h.ValidationRule.

func MustNotBeEmpty added in v1.1.0 

func MustNotBeEmpty(val string) error

MustNotBeEmpty is a h.ValidationRule.

func MustNotHaveSurroundingSpaces added in v1.1.0 

func MustNotHaveSurroundingSpaces(val string) error

MustNotHaveSurroundingSpaces is a h.ValidationRule.

func SplitSSHPublicKeys added in v1.1.0 

func SplitSSHPublicKeys(val string) (result []string)

SplitSSHPublicKeys preprocesses the content of a submitted <textarea> where a list of SSH public keys is expected. The result will have one public key per array entry.

Types

type Database 

type Database struct {
	Users         []User  `json:"users,keepempty"`
	Groups        []Group `json:"groups,keepempty"`
	SchemaVersion uint    `json:"schema_version,keepempty"`
}

Database contains the contents of Portunus' database. This is what gets persisted into the database file.

type DatabaseSeed added in v1.1.0 

type DatabaseSeed struct {
	Groups []GroupSeed `json:"groups"`
	Users  []UserSeed  `json:"users"`
}

DatabaseSeed contains the contents of the seed file, if there is one.

func ReadDatabaseSeedFromEnvironment added in v1.1.0 

func ReadDatabaseSeedFromEnvironment() (*DatabaseSeed, error)

ReadDatabaseSeedFromEnvironment reads and validates the file at PORTUNUS_SEED_PATH. If that environment variable was not provided, nil is returned instead.

func (DatabaseSeed) Validate added in v1.1.0 

func (d DatabaseSeed) Validate() error

Validate returns an error if the seed contains any invalid or missing values.

type Engine 

type Engine interface {
	FindGroup(name string) *Group
	FindUser(loginName string) *UserWithPerms
	FindUserByEMail(emailAddress string) *UserWithPerms
	ListGroups() []Group
	ListUsers() []User
	//The ChangeX() methods are used to create, modify and delete entities.
	//When creating a new entity, the action is invoked with a
	//default-constructed argument. To delete an entity, return nil from the
	//action. If a non-nil error is returned, it's the one returned by the
	//action.
	ChangeUser(loginName string, action func(User) (*User, error)) error
	ChangeGroup(name string, action func(Group) (*Group, error)) error
}

Engine is the core engine of portunus-server.

func RunEngineAsync 

func RunEngineAsync(fsAPI *FileStoreAPI, ldapSuffix string, seed *DatabaseSeed) (Engine, <-chan []LDAPObject)

RunEngineAsync runs the main engine of portunus-server. It consumes the FileStoreAPI and returns an Engine interface for the HTTP server to use, and a stream of events for the LDAP worker.

type FileStore 

type FileStore struct {
	Path        string
	Initializer func() Database
	// contains filtered or unexported fields
}

FileStore is responsible for loading Portunus' database from PORTUNUS_SERVER_STATE_DIR, and persisting it when changes are made to it.

The Initializer function is called at most once, only when there is no existing database file at the given Path.

func (*FileStore) RunAsync 

func (s *FileStore) RunAsync() *FileStoreAPI

RunAsync spawns the goroutine for the FileStore, and returns the API that the engine uses to interact with it.

type FileStoreAPI 

type FileStoreAPI struct {
	//Whenever the FileStore reads an updated version of the config file, it
	//sends the database contents into this channel.
	LoadEvents <-chan Database
	//Whenever the FileStore reads an updated version of the database from this
	//channel, it will persist that state into the database file.
	SaveRequests chan<- Database
}

FileStoreAPI is the interface that the engine uses to interact with the FileStore.

type Group 

type Group struct {
	Name             string           `json:"name"`
	LongName         string           `json:"long_name"`
	MemberLoginNames GroupMemberNames `json:"members"`
	Permissions      Permissions      `json:"permissions"`
	PosixGID         *PosixID         `json:"posix_gid,omitempty"`
}

Group represents a single group of users. Membership in a group implicitly grants its Permissions to all users in that group.

func (Group) Cloned 

func (g Group) Cloned() Group

Cloned returns a deep copy of this user.

func (Group) ContainsUser 

func (g Group) ContainsUser(u User) bool

ContainsUser checks whether this group contains the given user.

func (Group) IsEqualTo 

func (g Group) IsEqualTo(other Group) bool

IsEqualTo is a type-safe wrapper around reflect.DeepEqual().

func (Group) RenderToLDAP 

func (g Group) RenderToLDAP(suffix string) []LDAPObject

RenderToLDAP produces the LDAPObject representing this group.

type GroupMemberNames 

type GroupMemberNames map[string]bool

GroupMemberNames is the type of Group.MemberLoginNames.

func (GroupMemberNames) MarshalJSON 

func (g GroupMemberNames) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (*GroupMemberNames) UnmarshalJSON 

func (g *GroupMemberNames) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

type GroupSeed added in v1.1.0 

type GroupSeed struct {
	Name             StringSeed   `json:"name"`
	LongName         StringSeed   `json:"long_name"`
	MemberLoginNames []StringSeed `json:"members"`
	Permissions      struct {
		Portunus struct {
			IsAdmin *bool `json:"is_admin"`
		} `json:"portunus"`
		LDAP struct {
			CanRead *bool `json:"can_read"`
		} `json:"ldap"`
	} `json:"permissions"`
	PosixGID *PosixID `json:"posix_gid"`
}

GroupSeed contains the seeded configuration for a single group.

func (GroupSeed) ApplyTo added in v1.1.0 

func (g GroupSeed) ApplyTo(target *Group)

ApplyTo changes the attributes of this group to conform to the given seed.

type LDAPObject 

type LDAPObject struct {
	DN         string
	Attributes map[string][]string
}

LDAPObject describes an object that can be stored in the LDAP directory.

type LDAPPermissions 

type LDAPPermissions struct {
	CanRead bool `json:"can_read"`
}

LDAPPermissions appears in type Permissions.

type Permissions 

type Permissions struct {
	Portunus PortunusPermissions `json:"portunus"`
	LDAP     LDAPPermissions     `json:"ldap"`
}

Permissions represents the permissions that membership in a certain group gives its members.

func (Permissions) Includes 

func (p Permissions) Includes(other Permissions) bool

Includes returns true when all the permissions are included in this Permissions instance.

func (Permissions) Union 

func (p Permissions) Union(other Permissions) Permissions

Union returns the union of the given permission sets.

type PortunusPermissions 

type PortunusPermissions struct {
	IsAdmin bool `json:"is_admin"`
}

PortunusPermissions appears in type Permissions.

type PosixID 

type PosixID uint16

PosixID represents a POSIX user or group ID.

func (PosixID) String 

func (id PosixID) String() string

type StringSeed added in v1.1.0 

type StringSeed string

StringSeed contains a single string value coming from the seed file.

func (*StringSeed) UnmarshalJSON added in v1.1.0 

func (s *StringSeed) UnmarshalJSON(buf []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

type User 

type User struct {
	LoginName     string   `json:"login_name"`
	GivenName     string   `json:"given_name"`
	FamilyName    string   `json:"family_name"`
	EMailAddress  string   `json:"email,omitempty"`
	SSHPublicKeys []string `json:"ssh_public_keys,omitempty"`
	//PasswordHash must be in the format generated by crypt(3).
	PasswordHash string               `json:"password"`
	POSIX        *UserPosixAttributes `json:"posix,omitempty"`
}

User represents a single user account.

func (User) Cloned 

func (u User) Cloned() User

Cloned returns a deep copy of this user.

func (User) FullName 

func (u User) FullName() string

FullName returns the user's full name.

func (User) RenderToLDAP 

func (u User) RenderToLDAP(suffix string, allGroups map[string]Group) LDAPObject

RenderToLDAP produces the LDAPObject representing this group.

type UserPosixAttributes 

type UserPosixAttributes struct {
	UID           PosixID `json:"uid"`
	GID           PosixID `json:"gid"`
	HomeDirectory string  `json:"home"`
	LoginShell    string  `json:"shell"` //optional
	GECOS         string  `json:"gecos"` //optional
}

UserPosixAttributes appears in type User.

type UserSeed added in v1.1.0 

type UserSeed struct {
	LoginName     StringSeed   `json:"login_name"`
	GivenName     StringSeed   `json:"given_name"`
	FamilyName    StringSeed   `json:"family_name"`
	EMailAddress  StringSeed   `json:"email"`
	SSHPublicKeys []StringSeed `json:"ssh_public_keys"`
	Password      StringSeed   `json:"password"`
	POSIX         *struct {
		UID           *PosixID   `json:"uid"`
		GID           *PosixID   `json:"gid"`
		HomeDirectory StringSeed `json:"home"`
		LoginShell    StringSeed `json:"shell"`
		GECOS         StringSeed `json:"gecos"`
	} `json:"posix"`
}

UserSeed contains the seeded configuration for a single user.

func (UserSeed) ApplyTo added in v1.1.0 

func (u UserSeed) ApplyTo(target *User)

ApplyTo changes the attributes of this group to conform to the given seed.

type UserWithPerms 

type UserWithPerms struct {
	User
	Perms            Permissions
	GroupMemberships []Group
}

UserWithPerms is a User that carries its computed set of permissions.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.