backend

package
v1.12.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2026 License: GPL-3.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetCacheNames 

func GetCacheNames(cfg config.File, channel Channel, requestedProtocol string, backends definitions.CacheNameBackend) (cacheNames config.StringSet)

GetCacheNames retrieves cache names for the specified protocol from either LDAP, Lua, or both backends as per the input. If no cache names are found, a default cache name "__default__" is returned.

func GetUserAccountFromCache added in v1.5.2 

func GetUserAccountFromCache(ctx context.Context, cfg config.File, logger *slog.Logger, redisClient rediscli.Client, accountCache *accountcache.Manager, username, protocol, oidcClientID, guid string) (accountName string)

GetUserAccountFromCache fetches the user account name from Redis cache using the provided username. Logs errors and increments Redis read counter. Returns an empty string if the account name is not found or an error occurs.

func LDAPAuthWorker 

func LDAPAuthWorker(ctx context.Context, cfg config.File, logger *slog.Logger, channel Channel, poolName string)

LDAPAuthWorker is responsible for handling LDAP authentication requests using a connection pool and concurrency control. It initializes the authentication connection pool, starts a resource management process, and handles requests or exits gracefully. It now uses a priority queue instead of channels for better request handling.

func LDAPEndpointWithCtx added in v1.11.5 

func LDAPEndpointWithCtx(cfg config.File) lua.LGFunction

LDAPEndpointWithCtx is a WithCtx-factory alias returning the same function as LuaLDAPEndpoint(cfg).

func LDAPMainWorker 

func LDAPMainWorker(ctx context.Context, cfg config.File, logger *slog.Logger, channel Channel, poolName string)

LDAPMainWorker orchestrates LDAP lookup operations, manages a connection pool, and processes incoming requests in a loop. It now uses a priority queue instead of channels for better request handling.

func LDAPModifyWithCtx added in v1.11.0 

func LDAPModifyWithCtx(ctx context.Context) lua.LGFunction

LDAPModifyWithCtx is a WithCtx-factory alias returning the same function as LuaLDAPModify(ctx).

func LDAPSearchWithCtx added in v1.11.0 

func LDAPSearchWithCtx(ctx context.Context) lua.LGFunction

LDAPSearchWithCtx is a WithCtx-factory alias returning the same function as LuaLDAPSearch(ctx).

func LoadCacheFromRedis 

func LoadCacheFromRedis(ctx context.Context, cfg config.File, logger *slog.Logger, redisClient rediscli.Client, key string, ucp *bktype.PositivePasswordCache) (isRedisErr bool, err error)

LoadCacheFromRedis retrieves cache data from Redis Hash based on a provided key and populates the given structure. It increments Redis read metrics and logs errors or debug information appropriately during the operation. Returns whether the error originated from Redis and any encountered error during retrieval or unmarshaling.

func LoadCacheFromRedisWithSF added in v1.12.0 

func LoadCacheFromRedisWithSF(ctx context.Context, cfg config.File, logger *slog.Logger, redisClient rediscli.Client, key string, ucp *bktype.PositivePasswordCache) (isRedisErr bool, err error)

LoadCacheFromRedisWithSF is a wrapper around LoadCacheFromRedis that uses singleflight to avoid redundant Redis lookups.

func LoaderLDAPStateless added in v1.11.0 

func LoaderLDAPStateless() lua.LGFunction

LoaderLDAPStateless returns an empty, stateless module table for nauthilus_ldap. It is intended to be preloaded once per VM (base environment). Per-request bindings will later clone this table and inject bound functions via WithCtx factories.

func LoaderModLDAP added in v1.2.2 

func LoaderModLDAP(ctx context.Context, cfg config.File) lua.LGFunction

LoaderModLDAP initializes and loads the LDAP module into the Lua state with predefined functions for LDAP operations.

func LookupUserAccountFromRedis 

func LookupUserAccountFromRedis(ctx context.Context, cfg config.File, redisClient rediscli.Client, username, protocol, oidcClientID string) (accountName string, err error)

LookupUserAccountFromRedis returns the user account value from the user Redis hash.

func LuaLDAPEndpoint added in v1.11.5 

func LuaLDAPEndpoint(cfg config.File) lua.LGFunction

func LuaLDAPModify added in v1.5.5 

func LuaLDAPModify(ctx context.Context) lua.LGFunction

LuaLDAPModify is a function that modifies LDAP entries based on the given Lua table input. It validates the input table, creates an LDAP modification request, and sends it via priority queue. The function returns results via Lua stack, "OK" on success, or an error message if the operation fails.

func LuaLDAPSearch 

func LuaLDAPSearch(ctx context.Context) lua.LGFunction

LuaLDAPSearch initializes and registers an LDAP search function for Lua, handling inputs, validation, and processing.

func LuaMainWorker 

func LuaMainWorker(ctx context.Context, cfg config.File, logger *slog.Logger, redisClient rediscli.Client, channel Channel, backendName string) (err error)

LuaMainWorker processes Lua script requests in a loop until the context is canceled. It compiles the Lua script and handles requests using a dedicated goroutine for each. It now uses a priority queue instead of channels for better request handling.

func ResolveAccountIdentifier added in v1.8.1 

func ResolveAccountIdentifier(ctx context.Context, cfg config.File, logger *slog.Logger, redisClient rediscli.Client, identifier, protocol, oidcClientID, guid string) (accountName string)

ResolveAccountIdentifier resolves an identifier that may be either a username or an account name. It first tries to look up a mapping in the USER hash; if not found, it treats the identifier as an account name.

func SaveUserDataToRedis 

func SaveUserDataToRedis(ctx context.Context, cfg config.File, logger *slog.Logger, redisClient rediscli.Client, guid string, key string, ttl time.Duration, cache *bktype.PositivePasswordCache)

SaveUserDataToRedis is a generic routine to store a cache object on Redis using Redis Hash for better memory efficiency. It stores each field of the PositivePasswordCache structure as a separate hash field, with complex fields serialized as JSON.

func SaveWebAuthnToRedis 

func SaveWebAuthnToRedis(ctx context.Context, logger *slog.Logger, cfg config.File, redisClient rediscli.Client, user *User, ttl time.Duration) error

SaveWebAuthnToRedis saves a user's WebAuthn credentials to Redis with a specified TTL using Redis Hash. Returns an error if serialization or Redis storage operation fails.

func SetDefaultRedisClient added in v1.12.0 

func SetDefaultRedisClient(c rediscli.Client)

SetDefaultRedisClient sets the backend-wide default Redis client.

func SetUserAccountMapping added in v1.12.0 

func SetUserAccountMapping(ctx context.Context, cfg config.File, redisClient rediscli.Client, username, protocol, oidcClientID, account string) error

SetUserAccountMapping writes/updates the username → account mapping in Redis.

func TrySignalDone added in v1.12.0 

func TrySignalDone(ch chan bktype.Done)

Types

type Channel added in v1.5.0 

type Channel interface {
	// GetLdapChannel retrieves and returns the LDAPChannel instance associated with the implementation of the Channel interface.
	GetLdapChannel() LDAPChannel

	// GetLuaChannel retrieves and returns the LuaChannel instance associated with the Channel interface implementation.
	GetLuaChannel() LuaChannel
}

Channel is an interface comprising methods to retrieve LDAPChannel and LuaChannel instances.

func NewChannel added in v1.5.0 

func NewChannel(cfg config.File) Channel

NewChannel initializes and returns a new instance of the Channel interface implementation.

type LDAPChannel added in v1.5.0 

type LDAPChannel interface {
	// GetLookupEndChan returns a channel that signals the completion of lookup operations.
	GetLookupEndChan(poolName string) chan bktype.Done

	// GetAuthEndChan returns the channel used to signal the completion of authentication operations.
	GetAuthEndChan(poolName string) chan bktype.Done

	// GetPoolNames retrieves and returns a list of names for all configured LDAP connection pools.
	GetPoolNames() []string

	// AddChannel creates and initializes all necessary channels for the specified LDAP connection pool by poolName.
	AddChannel(poolName string) error
}

LDAPChannel defines an interface for managing LDAP-related channels for communication and operation handling.

func NewLDAPChannel added in v1.5.0 

func NewLDAPChannel(poolName string) LDAPChannel

type LuaChannel added in v1.5.0 

type LuaChannel interface {
	// GetLookupEndChan returns a channel used to signal the completion of lookup operations.
	GetLookupEndChan(backendName string) chan bktype.Done

	// GetBackendNames returns a list of all available backend names configured in the LuaChannel implementation.
	GetBackendNames() []string

	// AddChannel adds a new channel for the specified backend identified by the backendName.
	// Returns an error if the backendName is invalid or the channel could not be created.
	AddChannel(backendName string) error
}

LuaChannel defines an interface for managing Lua-related channels used for communication and request handling.

func NewLuaChannel added in v1.5.0 

func NewLuaChannel(backendName string) LuaChannel

NewLuaChannel creates and returns a new instance of LuaChannel, initialized as a LuaChannelImpl.

type LuaChannelImpl added in v1.5.0 

type LuaChannelImpl struct {
	// contains filtered or unexported fields
}

func (*LuaChannelImpl) AddChannel added in v1.5.0 

func (c *LuaChannelImpl) AddChannel(backendName string) error

AddChannel initializes channels for request and completion handling for a specified backend name. Returns an error if the backend name is invalid.

func (*LuaChannelImpl) GetBackendNames added in v1.5.0 

func (c *LuaChannelImpl) GetBackendNames() []string

GetBackendNames retrieves a list of backend names from the LuaChannelImpl's lookupEndChan map.

func (*LuaChannelImpl) GetLookupEndChan added in v1.5.0 

func (c *LuaChannelImpl) GetLookupEndChan(backendName string) chan bktype.Done

GetLookupEndChan returns a channel of type Done that signals the end of a lookup operation.

type User 

type User struct {
	Id          string `redis:"Id"`
	Name        string `redis:"name"`
	DisplayName string `redis:"display_name"`

	Credentials []webauthn.Credential `redis:"credentials"`
}

User represents the user model

func GetWebAuthnFromRedis 

func GetWebAuthnFromRedis(ctx context.Context, cfg config.File, logger *slog.Logger, redisClient rediscli.Client, uniqueUserId string) (user *User, err error)

GetWebAuthnFromRedis retrieves a User object from Redis Hash using the provided unique user ID. Returns the User object or an error if retrieval or unmarshaling fails.

func NewUser 

func NewUser(name string, displayName string, id string) *User

NewUser creates and returns a new User

func (*User) AddCredential 

func (u *User) AddCredential(cred webauthn.Credential)

AddCredential associates the credential to the user

func (*User) WebAuthnCredentials 

func (u *User) WebAuthnCredentials() []webauthn.Credential

WebAuthnCredentials returns credentials owned by the user

func (*User) WebAuthnDisplayName 

func (u *User) WebAuthnDisplayName() string

WebAuthnDisplayName returns the user's display name

func (*User) WebAuthnID 

func (u *User) WebAuthnID() []byte

WebAuthnID returns the user's ID

func (*User) WebAuthnIcon 

func (u *User) WebAuthnIcon() string

WebAuthnIcon is not (yet) implemented

func (*User) WebAuthnName 

func (u *User) WebAuthnName() string

WebAuthnName returns the user's username

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.