auth

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2019 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Flavor_name = map[int32]string{
	0: "AUTH_NONE",
	1: "AUTH_SYS",
}
View Source 
var Flavor_value = map[string]int32{
	"AUTH_NONE": 0,
	"AUTH_SYS":  1,
}

Functions

func VerifierFromToken 

func VerifierFromToken(key crypto.PublicKey, token *Token) ([]byte, error)

VerifierFromToken will return a SHA512 hash of the token data. If a signing key is passed in it will additionally sign the hash of the token.

func VerifyToken 

func VerifyToken(key crypto.PublicKey, token *Token, sig []byte) error

VerifyToken takes the auth token and the signature bytes in the verifier and verifies it against the public key provided for the agent who claims to have provided the token.

Types

type Credential 

type Credential struct {
	Token                *Token   `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	Verifier             *Token   `protobuf:"bytes,2,opt,name=verifier,proto3" json:"verifier,omitempty"`
	Origin               string   `protobuf:"bytes,3,opt,name=origin,proto3" json:"origin,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SecurityCredential includes the auth token and a verifier that can be used by the server to verify the integrity of the token. Token and verifier are expected to have the same flavor type.

func AuthSysRequestFromCreds 

func AuthSysRequestFromCreds(ext UserExt, creds *security.DomainInfo, signing crypto.PrivateKey) (*Credential, error)

AuthSysRequestFromCreds takes the domain info credentials gathered during the dRPC request and creates an AuthSys security request to obtain a handle from the management service.

func (*Credential) Descriptor 

func (*Credential) Descriptor() ([]byte, []int)

func (*Credential) GetOrigin 

func (m *Credential) GetOrigin() string

func (*Credential) GetToken 

func (m *Credential) GetToken() *Token

func (*Credential) GetVerifier 

func (m *Credential) GetVerifier() *Token

func (*Credential) ProtoMessage 

func (*Credential) ProtoMessage()

func (*Credential) Reset 

func (m *Credential) Reset()

func (*Credential) String 

func (m *Credential) String() string

func (*Credential) XXX_DiscardUnknown 

func (m *Credential) XXX_DiscardUnknown()

func (*Credential) XXX_Marshal 

func (m *Credential) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Credential) XXX_Merge 

func (dst *Credential) XXX_Merge(src proto.Message)

func (*Credential) XXX_Size 

func (m *Credential) XXX_Size() int

func (*Credential) XXX_Unmarshal 

func (m *Credential) XXX_Unmarshal(b []byte) error

type Flavor 

type Flavor int32

Authentication token includes a packed structure of the specified flavor 

const (
	Flavor_AUTH_NONE Flavor = 0
	Flavor_AUTH_SYS  Flavor = 1
)

func (Flavor) EnumDescriptor 

func (Flavor) EnumDescriptor() ([]byte, []int)

func (Flavor) String 

func (x Flavor) String() string

type Sys 

type Sys struct {
	Stamp                uint64   `protobuf:"varint,1,opt,name=stamp,proto3" json:"stamp,omitempty"`
	Machinename          string   `protobuf:"bytes,2,opt,name=machinename,proto3" json:"machinename,omitempty"`
	User                 string   `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"`
	Group                string   `protobuf:"bytes,4,opt,name=group,proto3" json:"group,omitempty"`
	Groups               []string `protobuf:"bytes,5,rep,name=groups,proto3" json:"groups,omitempty"`
	Secctx               string   `protobuf:"bytes,6,opt,name=secctx,proto3" json:"secctx,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Token structure for AUTH_SYS flavor

func AuthSysFromAuthToken 

func AuthSysFromAuthToken(authToken *Token) (*Sys, error)

AuthSysFromAuthToken takes an opaque AuthToken and turns it into a concrete AuthSys data structure.

func (*Sys) Descriptor 

func (*Sys) Descriptor() ([]byte, []int)

func (*Sys) GetGroup 

func (m *Sys) GetGroup() string

func (*Sys) GetGroups 

func (m *Sys) GetGroups() []string

func (*Sys) GetMachinename 

func (m *Sys) GetMachinename() string

func (*Sys) GetSecctx 

func (m *Sys) GetSecctx() string

func (*Sys) GetStamp 

func (m *Sys) GetStamp() uint64

func (*Sys) GetUser 

func (m *Sys) GetUser() string

func (*Sys) ProtoMessage 

func (*Sys) ProtoMessage()

func (*Sys) Reset 

func (m *Sys) Reset()

func (*Sys) String 

func (m *Sys) String() string

func (*Sys) XXX_DiscardUnknown 

func (m *Sys) XXX_DiscardUnknown()

func (*Sys) XXX_Marshal 

func (m *Sys) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Sys) XXX_Merge 

func (dst *Sys) XXX_Merge(src proto.Message)

func (*Sys) XXX_Size 

func (m *Sys) XXX_Size() int

func (*Sys) XXX_Unmarshal 

func (m *Sys) XXX_Unmarshal(b []byte) error

type SysVerifier 

type SysVerifier struct {
	Signature            []byte   `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*SysVerifier) Descriptor 

func (*SysVerifier) Descriptor() ([]byte, []int)

func (*SysVerifier) GetSignature 

func (m *SysVerifier) GetSignature() []byte

func (*SysVerifier) ProtoMessage 

func (*SysVerifier) ProtoMessage()

func (*SysVerifier) Reset 

func (m *SysVerifier) Reset()

func (*SysVerifier) String 

func (m *SysVerifier) String() string

func (*SysVerifier) XXX_DiscardUnknown 

func (m *SysVerifier) XXX_DiscardUnknown()

func (*SysVerifier) XXX_Marshal 

func (m *SysVerifier) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SysVerifier) XXX_Merge 

func (dst *SysVerifier) XXX_Merge(src proto.Message)

func (*SysVerifier) XXX_Size 

func (m *SysVerifier) XXX_Size() int

func (*SysVerifier) XXX_Unmarshal 

func (m *SysVerifier) XXX_Unmarshal(b []byte) error

type Token 

type Token struct {
	Flavor               Flavor   `protobuf:"varint,1,opt,name=flavor,proto3,enum=auth.Flavor" json:"flavor,omitempty"`
	Data                 []byte   `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Token) Descriptor 

func (*Token) Descriptor() ([]byte, []int)

func (*Token) GetData 

func (m *Token) GetData() []byte

func (*Token) GetFlavor 

func (m *Token) GetFlavor() Flavor

func (*Token) ProtoMessage 

func (*Token) ProtoMessage()

func (*Token) Reset 

func (m *Token) Reset()

func (*Token) String 

func (m *Token) String() string

func (*Token) XXX_DiscardUnknown 

func (m *Token) XXX_DiscardUnknown()

func (*Token) XXX_Marshal 

func (m *Token) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Token) XXX_Merge 

func (dst *Token) XXX_Merge(src proto.Message)

func (*Token) XXX_Size 

func (m *Token) XXX_Size() int

func (*Token) XXX_Unmarshal 

func (m *Token) XXX_Unmarshal(b []byte) error

type User 

type User interface {
	Username() string
	GroupIDs() ([]uint32, error)
}

User is an interface wrapping a representation of a specific system user

type UserExt 

type UserExt interface {
	LookupUserID(uid uint32) (User, error)
	LookupGroupID(gid uint32) (*user.Group, error)
}

UserExt is an interface that wraps system user-related external functions

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.