local

package

v1.3.2 Latest Latest Go to latest Published: Jan 4, 2017 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package local implements services interfaces using abstract key value backend provided by lib/backend, what makes it possible for teleport to run using boltdb or etcd

Index ¶

type CA
- func NewCAService(backend backend.Backend) *CA
type IdentityService
- func NewIdentityService(backend backend.Backend, lockAfter byte, lockDuration time.Duration) *IdentityService
type Lock
- func NewLockService(backend backend.Backend) *Lock
- func (s *Lock) AcquireLock(token string, ttl time.Duration) error
- func (s *Lock) ReleaseLock(token string) error
type MarshallableU2FRegistration
type PresenceService
- func NewPresenceService(backend backend.Backend) *PresenceService
type ProvisioningService
- func NewProvisioningService(backend backend.Backend) *ProvisioningService
type U2FRegistrationCounter

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	// contains filtered or unexported fields
}

CA is local implementation of Trust service that is using local backend

func NewCAService ¶

func NewCAService(backend backend.Backend) *CA

NewCAService returns new instance of CAService

func (*CA) DeleteCertAuthority ¶

func (s *CA) DeleteCertAuthority(id services.CertAuthID) error

DeleteCertAuthority deletes particular certificate authority

func (*CA) GetCertAuthorities ¶

func (s *CA) GetCertAuthorities(caType services.CertAuthType, loadSigningKeys bool) ([]*services.CertAuthority, error)

GetCertAuthorities returns a list of authorities of a given type loadSigningKeys controls whether signing keys should be loaded or not

func (*CA) GetCertAuthority ¶

func (s *CA) GetCertAuthority(id services.CertAuthID, loadSigningKeys bool) (*services.CertAuthority, error)

GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys controls if signing keys are loaded

func (*CA) UpsertCertAuthority ¶

func (s *CA) UpsertCertAuthority(ca services.CertAuthority, ttl time.Duration) error

UpsertCertAuthority updates or inserts a new certificate authority

type IdentityService ¶

type IdentityService struct {
	// contains filtered or unexported fields
}

IdentityService is responsible for managing web users and currently user accounts as well

func NewIdentityService ¶

func NewIdentityService(
	backend backend.Backend,
	lockAfter byte,
	lockDuration time.Duration) *IdentityService

NewIdentityService returns a new instance of IdentityService object

func (*IdentityService) CheckPassword ¶

func (s *IdentityService) CheckPassword(user string, password []byte, hotpToken string) error

CheckPassword is called on web user or tsh user login

func (*IdentityService) CheckPasswordWOToken ¶

func (s *IdentityService) CheckPasswordWOToken(user string, password []byte) error

CheckPasswordWOToken checks just password without checking HOTP tokens used in case of SSH authentication, when token has been validated

func (*IdentityService) CreateOIDCAuthRequest ¶

func (s *IdentityService) CreateOIDCAuthRequest(req services.OIDCAuthRequest, ttl time.Duration) error

CreateOIDCAuthRequest creates new auth request

func (*IdentityService) DeleteOIDCConnector ¶

func (s *IdentityService) DeleteOIDCConnector(connectorID string) error

DeleteOIDCConnector deletes OIDC Connector

func (*IdentityService) DeleteSignupToken ¶

func (s *IdentityService) DeleteSignupToken(token string) error

DeleteSignupToken deletes signup token from the storage

func (*IdentityService) DeleteUser ¶

func (s *IdentityService) DeleteUser(user string) error

DeleteUser deletes a user with all the keys from the backend

func (*IdentityService) DeleteWebSession ¶

func (s *IdentityService) DeleteWebSession(user, sid string) error

DeleteWebSession deletes web session from the storage

func (*IdentityService) GetHOTP ¶

func (s *IdentityService) GetHOTP(user string) (*hotp.HOTP, error)

GetHOTP gets HOTP token state for a user

func (*IdentityService) GetOIDCAuthRequest ¶

func (s *IdentityService) GetOIDCAuthRequest(stateToken string) (*services.OIDCAuthRequest, error)

GetOIDCAuthRequest returns OIDC auth request if found

func (*IdentityService) GetOIDCConnector ¶

func (s *IdentityService) GetOIDCConnector(id string, withSecrets bool) (*services.OIDCConnector, error)

GetOIDCConnector returns OIDC connector data, , withSecrets adds or removes client secret from return results

func (*IdentityService) GetOIDCConnectors ¶

func (s *IdentityService) GetOIDCConnectors(withSecrets bool) ([]services.OIDCConnector, error)

GetOIDCConnectors returns registered connectors, withSecrets adds or removes client secret from return results

func (*IdentityService) GetPasswordHash ¶

func (s *IdentityService) GetPasswordHash(user string) ([]byte, error)

GetPasswordHash returns the password hash for a given user

func (*IdentityService) GetSignupToken ¶

func (s *IdentityService) GetSignupToken(token string) (*services.SignupToken, error)

GetSignupToken returns signup token data

func (*IdentityService) GetSignupTokens ¶

func (s *IdentityService) GetSignupTokens() (tokens []services.SignupToken, err error)

GetSignupTokens returns all non-expired user tokens

func (*IdentityService) GetU2FRegisterChallenge ¶ added in v1.3.0

func (s *IdentityService) GetU2FRegisterChallenge(token string) (*u2f.Challenge, error)

func (*IdentityService) GetU2FRegistration ¶ added in v1.3.0

func (s *IdentityService) GetU2FRegistration(user string) (*u2f.Registration, error)

func (*IdentityService) GetU2FRegistrationCounter ¶ added in v1.3.0

func (s *IdentityService) GetU2FRegistrationCounter(user string) (counter uint32, e error)

func (*IdentityService) GetU2FSignChallenge ¶ added in v1.3.0

func (s *IdentityService) GetU2FSignChallenge(user string) (*u2f.Challenge, error)

func (*IdentityService) GetUser ¶

func (s *IdentityService) GetUser(user string) (services.User, error)

GetUser returns a user by name

func (*IdentityService) GetUserByOIDCIdentity ¶

func (s *IdentityService) GetUserByOIDCIdentity(id services.OIDCIdentity) (services.User, error)

GetUserByOIDCIdentity returns a user by it's specified OIDC Identity, returns first user specified with this identity

func (*IdentityService) GetUsers ¶

func (s *IdentityService) GetUsers() ([]services.User, error)

GetUsers returns a list of users registered with the local auth server

func (*IdentityService) GetWebSession ¶

func (s *IdentityService) GetWebSession(user, sid string) (*services.WebSession, error)

GetWebSession returns a web session state for a given user and session id

func (*IdentityService) IncreaseLoginAttempts ¶

func (s *IdentityService) IncreaseLoginAttempts(user string) error

IncreaseLoginAttempts bumps "login attempt" counter for the given user. If the counter reaches 'lockAfter' value, it locks the account and returns access denied error.

func (*IdentityService) ResetLoginAttempts ¶

func (s *IdentityService) ResetLoginAttempts(user string) error

ResetLoginAttempts resets the "login attempt" counter to zero.

func (*IdentityService) UpsertHOTP ¶

func (s *IdentityService) UpsertHOTP(user string, otp *hotp.HOTP) error

UpsertHOTP upserts HOTP state for user

func (*IdentityService) UpsertOIDCConnector ¶

func (s *IdentityService) UpsertOIDCConnector(connector services.OIDCConnector, ttl time.Duration) error

UpsertOIDCConnector upserts OIDC Connector

func (*IdentityService) UpsertPassword ¶

func (s *IdentityService) UpsertPassword(user string,
	password []byte) (hotpURL string, hotpQR []byte, err error)

UpsertPassword upserts new password and HOTP token

func (*IdentityService) UpsertPasswordHash ¶

func (s *IdentityService) UpsertPasswordHash(user string, hash []byte) error

UpsertPasswordHash upserts user password hash

func (*IdentityService) UpsertSignupToken ¶

func (s *IdentityService) UpsertSignupToken(token string, tokenData services.SignupToken, ttl time.Duration) error

UpsertSignupToken upserts signup token - one time token that lets user to create a user account

func (*IdentityService) UpsertU2FRegisterChallenge ¶ added in v1.3.0

func (s *IdentityService) UpsertU2FRegisterChallenge(token string, u2fChallenge *u2f.Challenge) error

func (*IdentityService) UpsertU2FRegistration ¶ added in v1.3.0

func (s *IdentityService) UpsertU2FRegistration(user string, u2fReg *u2f.Registration) error

func (*IdentityService) UpsertU2FRegistrationCounter ¶ added in v1.3.0

func (s *IdentityService) UpsertU2FRegistrationCounter(user string, counter uint32) error

func (*IdentityService) UpsertU2FSignChallenge ¶ added in v1.3.0

func (s *IdentityService) UpsertU2FSignChallenge(user string, u2fChallenge *u2f.Challenge) error

func (*IdentityService) UpsertUser ¶

func (s *IdentityService) UpsertUser(user services.User) error

UpsertUser updates parameters about user

func (*IdentityService) UpsertWebSession ¶

func (s *IdentityService) UpsertWebSession(user, sid string, session services.WebSession, ttl time.Duration) error

UpsertWebSession updates or inserts a web session for a user and session id

type Lock ¶

type Lock struct {
	// contains filtered or unexported fields
}

Lock is lock service using local lock backend

func NewLockService ¶

func NewLockService(backend backend.Backend) *Lock

func (*Lock) AcquireLock ¶

func (s *Lock) AcquireLock(token string, ttl time.Duration) error

func (*Lock) ReleaseLock ¶

func (s *Lock) ReleaseLock(token string) error

type MarshallableU2FRegistration ¶ added in v1.3.0

type MarshallableU2FRegistration struct {
	Raw              []byte `json:"raw"`
	KeyHandle        []byte `json:"keyhandle"`
	MarshalledPubKey []byte `json:"marshalled_pubkey"`
}

u2f.Registration cannot be json marshalled due to the pointer in the public key so we have this marshallable version

type PresenceService ¶

type PresenceService struct {
	// contains filtered or unexported fields
}

PresenceService records and reports the presence of all components of the cluster - Nodes, Proxies and SSH nodes

func NewPresenceService ¶

func NewPresenceService(backend backend.Backend) *PresenceService

NewPresenceService returns new presence service instance

func (*PresenceService) DeleteReverseTunnel ¶

func (s *PresenceService) DeleteReverseTunnel(domainName string) error

DeleteReverseTunnel deletes reverse tunnel by it's domain name

func (*PresenceService) GetAuthServers ¶

func (s *PresenceService) GetAuthServers() ([]services.Server, error)

GetAuthServers returns a list of registered servers

func (*PresenceService) GetNodes ¶

func (s *PresenceService) GetNodes() ([]services.Server, error)

GetNodes returns a list of registered servers

func (*PresenceService) GetProxies ¶

func (s *PresenceService) GetProxies() ([]services.Server, error)

GetProxies returns a list of registered proxies

func (*PresenceService) GetReverseTunnels ¶

func (s *PresenceService) GetReverseTunnels() ([]services.ReverseTunnel, error)

GetReverseTunnels returns a list of registered servers

func (*PresenceService) UpsertAuthServer ¶

func (s *PresenceService) UpsertAuthServer(server services.Server, ttl time.Duration) error

UpsertAuthServer registers auth server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*PresenceService) UpsertNode ¶

func (s *PresenceService) UpsertNode(server services.Server, ttl time.Duration) error

UpsertNode registers node presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*PresenceService) UpsertProxy ¶

func (s *PresenceService) UpsertProxy(server services.Server, ttl time.Duration) error

UpsertProxy registers proxy server presence, permanently if ttl is 0 or for the specified duration with second resolution if it's >= 1 second

func (*PresenceService) UpsertReverseTunnel ¶

func (s *PresenceService) UpsertReverseTunnel(tunnel services.ReverseTunnel, ttl time.Duration) error

UpsertReverseTunnel upserts reverse tunnel entry temporarily or permanently

type ProvisioningService ¶

type ProvisioningService struct {
	// contains filtered or unexported fields
}

ProvisioningService governs adding new nodes to the cluster

func NewProvisioningService ¶

func NewProvisioningService(backend backend.Backend) *ProvisioningService

NewProvisioningService returns a new instance of provisioning service

func (*ProvisioningService) DeleteToken ¶

func (s *ProvisioningService) DeleteToken(token string) error

func (*ProvisioningService) GetToken ¶

func (s *ProvisioningService) GetToken(token string) (*services.ProvisionToken, error)

GetToken finds and returns token by id

func (*ProvisioningService) GetTokens ¶

func (s *ProvisioningService) GetTokens() (tokens []services.ProvisionToken, err error)

GetTokens returns all active (non-expired) provisioning tokens

func (*ProvisioningService) UpsertToken ¶

func (s *ProvisioningService) UpsertToken(token string, roles teleport.Roles, ttl time.Duration) error

UpsertToken adds provisioning tokens for the auth server

type U2FRegistrationCounter ¶ added in v1.3.0

type U2FRegistrationCounter struct {
	Counter uint32 `json:"counter"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL