Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

auth

package

Go to main page

Versions in this module

v1

v1.0.1

Apr 30, 2024

Changes in this version

+ const CtxCredentials

+ const CtxThreadGroupID

+ const MaxKeyDescSize

+ const NoID

+ const NobodyKGID

+ const NobodyKUID

+ const OverflowGID

+ const OverflowUID

+ const RootGID

+ const RootKGID

+ const RootKUID

+ const RootUID

+ var AllCapabilities = CapabilitySetOf(linux.CAP_LAST_CAP+1) - 1

+ func ContextWithCredentials(ctx context.Context, creds *Credentials) context.Context

+ func ThreadGroupIDFromContext(ctx context.Context) (tgid int32, ok bool)

+ type CapabilitySet uint64

+ func CapabilitySetOf(cp linux.Capability) CapabilitySet

+ func CapabilitySetOfMany(cps []linux.Capability) CapabilitySet

+ type Credentials struct

+ BoundingCaps CapabilitySet

+ EffectiveCaps CapabilitySet

+ EffectiveKGID KGID

+ EffectiveKUID KUID

+ ExtraKGIDs []KGID

+ InheritableCaps CapabilitySet

+ KeepCaps bool

+ PermittedCaps CapabilitySet

+ RealKGID KGID

+ RealKUID KUID

+ SavedKGID KGID

+ SavedKUID KUID

+ UserNamespace *UserNamespace

+ func CapsFromVfsCaps(capData VfsCapData, creds *Credentials) (*Credentials, error)

+ func CredentialsFromContext(ctx context.Context) *Credentials

+ func NewAnonymousCredentials() *Credentials

+ func NewRootCredentials(ns *UserNamespace) *Credentials

+ func NewUserCredentials(kuid KUID, kgid KGID, extraKGIDs []KGID, capabilities *TaskCapabilities, ...) *Credentials

+ func (c *Credentials) Fork() *Credentials

+ func (c *Credentials) HasCapability(cp linux.Capability) bool

+ func (c *Credentials) HasCapabilityIn(cp linux.Capability, ns *UserNamespace) bool

+ func (c *Credentials) HasKeyPermission(k *Key, possessed *PossessedKeys, permission KeyPermission) bool

+ func (c *Credentials) InGroup(kgid KGID) bool

+ func (c *Credentials) LoadSeccheckData(mask seccheck.FieldMask, info *pb.ContextData)

+ func (c *Credentials) NewChildUserNamespace() (*UserNamespace, error)

+ func (c *Credentials) PossessedKeys(sessionKeyring, processKeyring, threadKeyring *Key) *PossessedKeys

+ func (c *Credentials) SetGID(gid GID) error

+ func (c *Credentials) SetUID(uid UID) error

+ func (c *Credentials) UseGID(gid GID) (KGID, error)

+ func (c *Credentials) UseUID(uid UID) (KUID, error)

+ type GID uint32

+ func (gid GID) Ok() bool

+ func (gid GID) OrOverflow() GID

+ type IDMapEntry struct

+ FirstID uint32

+ FirstParentID uint32

+ Length uint32

+ type KGID uint32

+ func (kgid KGID) In(ns *UserNamespace) GID

+ func (kgid KGID) Ok() bool

+ type KUID uint32

+ func (kuid KUID) In(ns *UserNamespace) UID

+ func (kuid KUID) Ok() bool

+ type Key struct

+ Description string

+ ID KeySerial

+ func (*Key) Type() KeyType

+ func (k *Key) KGID() KGID

+ func (k *Key) KUID() KUID

+ func (k *Key) Permissions() KeyPermissions

+ func (k *Key) String() string

+ type KeyPermission int

+ const KeyLink

+ const KeyRead

+ const KeySearch

+ const KeySetAttr

+ const KeyView

+ const KeyWrite

+ type KeyPermissions uint64

+ const DefaultNamedSessionKeyringPermissions

+ const DefaultSessionKeyringName

+ const DefaultUnnamedSessionKeyringPermissions

+ func (p KeyPermissions) String() string

+ type KeySerial int32

+ type KeySet struct

+ func (s *KeySet) Do(fn func(*LockedKeySet) error) error

+ func (s *KeySet) ForEach(fn func(*Key) bool)

+ func (s *KeySet) Lookup(keyID KeySerial) (*Key, error)

+ type KeyType string

+ const KeyTypeKeyring

+ type LockedKeySet struct

+ func (s *LockedKeySet) Add(description string, creds *Credentials, perms KeyPermissions) (*Key, error)

+ func (s *LockedKeySet) SetPerms(key *Key, newPerms KeyPermissions)

+ type PossessedKeys struct

+ type TaskCapabilities struct

+ AmbientCaps CapabilitySet

+ BoundingCaps CapabilitySet

+ EffectiveCaps CapabilitySet

+ InheritableCaps CapabilitySet

+ PermittedCaps CapabilitySet

+ type UID uint32

+ func (uid UID) Ok() bool

+ func (uid UID) OrOverflow() UID

+ type UserNamespace struct

+ Keys KeySet

+ func NewRootUserNamespace() *UserNamespace

+ func (ns *UserNamespace) GIDMap() []IDMapEntry

+ func (ns *UserNamespace) MapFromKGID(kgid KGID) GID

+ func (ns *UserNamespace) MapFromKUID(kuid KUID) UID

+ func (ns *UserNamespace) MapToKGID(gid GID) KGID

+ func (ns *UserNamespace) MapToKUID(uid UID) KUID

+ func (ns *UserNamespace) Root() *UserNamespace

+ func (ns *UserNamespace) SetGIDMap(ctx context.Context, entries []IDMapEntry) error

+ func (ns *UserNamespace) SetUIDMap(ctx context.Context, entries []IDMapEntry) error

+ func (ns *UserNamespace) UIDMap() []IDMapEntry

+ type VfsCapData struct

+ Inheritable CapabilitySet

+ MagicEtc uint32

+ Permitted CapabilitySet

+ RootID uint32

+ func VfsCapDataOf(data []byte) (VfsCapData, error)