 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
- Constants
- Variables
- func AuthenticateUserDN(userDN string, password string, cfg *config.ConfigLDAP) (bool, error)
- func CheckLDAPUser(form PasswordForm, cfg *config.ConfigLDAP) (bool, error)
- func CheckLocalUserIsAllowed(form PasswordForm, db *sqlx.DB, timeout time.Duration) (bool, error, error)
- func CheckLocalUserPassword(form PasswordForm, db *sqlx.DB, timeout time.Duration) (bool, error, error)
- func CheckLocalUserToken(token string, db *sqlx.DB, timeout time.Duration) (bool, string, error)
- func ConnectToLDAP(cfg *config.ConfigLDAP) (*ldap.Conn, error)
- func DerivePassword(password string) (string, error)
- func IsCommonPassword(pw string) bool
- func IsGoodLoginPair(username string, password string) (bool, error)
- func IsGoodPassword(password string) (bool, error)
- func LoadPasswordBlacklist(filePath string) error
- func LookupUserDN(username string, cfg *config.ConfigLDAP) (string, bool, error)
- func VerifySCRYPTPassword(password string, scryptPassword string) error
- type CurrentUser
- type PasswordForm
- type SCRYPTComponents
Constants ¶
const ( LDAPWithTLS = "ldaps://" LDAPNoTLS = "ldap://" )
const CurrentUserKey key = iota
    const KEY_DELIM = ":"
    const PrivLevelAdmin = 30
    const PrivLevelFederation = 15
    const PrivLevelInvalid = -1
    PrivLevelInvalid - The Default Priv level
const PrivLevelORT = 11
    const PrivLevelOperations = 20
    const PrivLevelPortal = 15
    const PrivLevelReadOnly = 10
    const PrivLevelSteering = 15
    const TenantIDInvalid = -1
    TenantIDInvalid - The default Tenant ID
Variables ¶
var DefaultParams = SCRYPTComponents{
	Algorithm: "SCRYPT",
	N:         16384,
	R:         8,
	P:         1,
	SaltLen:   16,
	DKLen:     64}
    The SCRYPT functionality defined in this package is derived based upon the following references: https://godoc.org/golang.org/x/crypto/scrypt https://www.tarsnap.com/scrypt/scrypt.pdf
Functions ¶
func AuthenticateUserDN ¶
func CheckLDAPUser ¶
func CheckLDAPUser(form PasswordForm, cfg *config.ConfigLDAP) (bool, error)
func CheckLocalUserIsAllowed ¶
func CheckLocalUserPassword ¶
func CheckLocalUserToken ¶
CheckLocalUserToken checks the passed token against the records in the db for a match, up to a maximum duration of timeout.
func ConnectToLDAP ¶
func ConnectToLDAP(cfg *config.ConfigLDAP) (*ldap.Conn, error)
func DerivePassword ¶
DerivePassword uses the https://godoc.org/golang.org/x/crypto/scrypt package to return an encrypted password that is compatible with the Perl CPAN library Crypt::ScryptKDF for backward compatibility to authenticate through the Perl API the same way. See: http://cpansearch.perl.org/src/MIK/Crypt-ScryptKDF-0.010/lib/Crypt/ScryptKDF.pm
func IsCommonPassword ¶
func IsGoodPassword ¶
func LoadPasswordBlacklist ¶
Expects a relative path from the traffic_ops directory
func LookupUserDN ¶
func VerifySCRYPTPassword ¶
VerifySCRYPTPassword parses the original Derived Key (DK) from the SCRYPT password so that it can compare that with the password/scriptPassword param
Types ¶
type CurrentUser ¶
type CurrentUser struct {
	UserName     string         `json:"userName" db:"username"`
	ID           int            `json:"id" db:"id"`
	PrivLevel    int            `json:"privLevel" db:"priv_level"`
	TenantID     int            `json:"tenantId" db:"tenant_id"`
	Role         int            `json:"role" db:"role"`
	Capabilities pq.StringArray `json:"capabilities" db:"capabilities"`
}
    func GetCurrentUser ¶
func GetCurrentUser(ctx context.Context) (*CurrentUser, error)
func GetCurrentUserFromDB ¶
func GetCurrentUserFromDB(DB *sqlx.DB, user string, timeout time.Duration) (CurrentUser, error, error, int)
GetCurrentUserFromDB - returns the id and privilege level of the given user along with the username, or -1 as the id, - as the userName and PrivLevelInvalid if the user doesn't exist, along with a user facing error, a system error to log, and an error code to return
type PasswordForm ¶
type SCRYPTComponents ¶
type SCRYPTComponents struct {
	Algorithm string // The SCRYPT algorithm prefix
	N         int    // CPU/memory cost parameter (logN)
	R         int    // block size parameter (octets)
	P         int    // parallelization parameter (positive int)
	Salt      []byte // salt value
	SaltLen   int    // bytes to use as salt (octets)
	DK        []byte // derived key value
	DKLen     int    // length of the derived key (octets)
}
    SCRYPTComponents the input parameters to the Scrypt encryption key format