auth

package

v6.1.0+incompatible Latest Latest Go to latest Published: Feb 4, 2022 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 1 more Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zrhoffman/trafficcontrol

Documentation ¶

Index ¶

Constants
Variables
func AuthenticateUserDN(userDN string, password string, cfg *config.ConfigLDAP) (bool, error)
func CheckLDAPUser(form PasswordForm, cfg *config.ConfigLDAP) (bool, error)
func CheckLocalUserIsAllowed(form PasswordForm, db *sqlx.DB, ctx context.Context) (bool, error, error)
func CheckLocalUserPassword(form PasswordForm, db *sqlx.DB, ctx context.Context) (bool, error, error)
func CheckLocalUserToken(token string, db *sqlx.DB, timeout time.Duration) (bool, string, error)
func ConnectToLDAP(cfg *config.ConfigLDAP) (*ldap.Conn, error)
func DerivePassword(password string) (string, error)
func IsCommonPassword(pw string) bool
func IsGoodLoginPair(username string, password string) (bool, error)
func IsGoodPassword(password string) (bool, error)
func LoadPasswordBlacklist(filePath string) error
func LookupUserDN(username string, cfg *config.ConfigLDAP) (string, bool, error)
func VerifySCRYPTPassword(password string, scryptPassword string) error
type CurrentUser
- func GetCurrentUser(ctx context.Context) (*CurrentUser, error)
- func GetCurrentUserFromDB(DB *sqlx.DB, user string, timeout time.Duration) (CurrentUser, error, error, int)
- func (cu CurrentUser) Can(permission string) bool
- func (cu CurrentUser) MissingPermissions(permissions ...string) []string
type PasswordForm
type SCRYPTComponents

Constants ¶

View Source

const (
	LDAPWithTLS = "ldaps://"
	LDAPNoTLS   = "ldap://"
)

View Source

const CurrentUserKey key = iota

View Source

const KEY_DELIM = ":"

View Source

const PrivLevelAdmin = 30

View Source

const PrivLevelFederation = 15

View Source

const PrivLevelInvalid = -1

PrivLevelInvalid - The Default Priv level

View Source

const PrivLevelORT = 11

View Source

const PrivLevelOperations = 20

View Source

const PrivLevelPortal = 15

View Source

const PrivLevelReadOnly = 10

View Source

const PrivLevelSteering = 15

View Source

const TenantIDInvalid = -1

TenantIDInvalid - The default Tenant ID

Variables ¶

View Source

var DefaultParams = SCRYPTComponents{
	Algorithm: "SCRYPT",
	N:         16384,
	R:         8,
	P:         1,
	SaltLen:   16,
	DKLen:     64}

The SCRYPT functionality defined in this package is derived based upon the following references: https://pkg.go.dev/golang.org/x/crypto/scrypt https://www.tarsnap.com/scrypt/scrypt.pdf

Functions ¶

func AuthenticateUserDN ¶

func AuthenticateUserDN(userDN string, password string, cfg *config.ConfigLDAP) (bool, error)

func CheckLDAPUser ¶

func CheckLDAPUser(form PasswordForm, cfg *config.ConfigLDAP) (bool, error)

func CheckLocalUserIsAllowed ¶

func CheckLocalUserIsAllowed(form PasswordForm, db *sqlx.DB, ctx context.Context) (bool, error, error)

func CheckLocalUserPassword ¶

func CheckLocalUserPassword(form PasswordForm, db *sqlx.DB, ctx context.Context) (bool, error, error)

func CheckLocalUserToken ¶

func CheckLocalUserToken(token string, db *sqlx.DB, timeout time.Duration) (bool, string, error)

CheckLocalUserToken checks the passed token against the records in the db for a match, up to a maximum duration of timeout.

func ConnectToLDAP ¶

func ConnectToLDAP(cfg *config.ConfigLDAP) (*ldap.Conn, error)

func DerivePassword ¶

func DerivePassword(password string) (string, error)

DerivePassword uses the https://pkg.go.dev/golang.org/x/crypto/scrypt package to return an encrypted password that is compatible with the Perl CPAN library Crypt::ScryptKDF for backward compatibility to authenticate through the Perl API the same way. See: http://cpansearch.perl.org/src/MIK/Crypt-ScryptKDF-0.010/lib/Crypt/ScryptKDF.pm

func IsCommonPassword ¶

func IsCommonPassword(pw string) bool

func IsGoodLoginPair ¶

func IsGoodLoginPair(username string, password string) (bool, error)

func IsGoodPassword ¶

func IsGoodPassword(password string) (bool, error)

func LoadPasswordBlacklist ¶

func LoadPasswordBlacklist(filePath string) error

Expects a relative path from the traffic_ops directory

func LookupUserDN ¶

func LookupUserDN(username string, cfg *config.ConfigLDAP) (string, bool, error)

func VerifySCRYPTPassword ¶

func VerifySCRYPTPassword(password string, scryptPassword string) error

VerifySCRYPTPassword parses the original Derived Key (DK) from the SCRYPT password so that it can compare that with the password/scriptPassword param

Types ¶

type CurrentUser ¶

type CurrentUser struct {
	UserName     string         `json:"userName" db:"username"`
	ID           int            `json:"id" db:"id"`
	PrivLevel    int            `json:"privLevel" db:"priv_level"`
	TenantID     int            `json:"tenantId" db:"tenant_id"`
	Role         int            `json:"role" db:"role"`
	RoleName     string         `json:"roleName" db:"role_name"`
	Capabilities pq.StringArray `json:"capabilities" db:"capabilities"`
	// contains filtered or unexported fields
}

func GetCurrentUser ¶

func GetCurrentUser(ctx context.Context) (*CurrentUser, error)

func GetCurrentUserFromDB ¶

func GetCurrentUserFromDB(DB *sqlx.DB, user string, timeout time.Duration) (CurrentUser, error, error, int)

GetCurrentUserFromDB - returns the id and privilege level of the given user along with the username, or -1 as the id, - as the userName and PrivLevelInvalid if the user doesn't exist, along with a user facing error, a system error to log, and an error code to return

func (CurrentUser) Can ¶

func (cu CurrentUser) Can(permission string) bool

Can returns whether or not the user has the specified Permission, i.e. whether or not they "can" do something.

Example ¶

cu := CurrentUser{}
fmt.Println(cu.Can("anything"))

Output:

false

func (CurrentUser) MissingPermissions ¶

func (cu CurrentUser) MissingPermissions(permissions ...string) []string

MissingPermissions returns all of the passed Permissions that the user does not have.

Example ¶

cu := CurrentUser{}
missingPerms := cu.MissingPermissions("do something", "do anything")
fmt.Println(strings.Join(missingPerms, ", "))

Output:

do something, do anything

type PasswordForm ¶

type PasswordForm struct {
	Username string `json:"u"`
	Password string `json:"p"`
}

type SCRYPTComponents ¶

type SCRYPTComponents struct {
	Algorithm string // The SCRYPT algorithm prefix
	N         int    // CPU/memory cost parameter (logN)
	R         int    // block size parameter (octets)
	P         int    // parallelization parameter (positive int)
	Salt      []byte // salt value
	SaltLen   int    // bytes to use as salt (octets)
	DK        []byte // derived key value
	DKLen     int    // length of the derived key (octets)
}

SCRYPTComponents the input parameters to the Scrypt encryption key format

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL