pam_issuer_server

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 13, 2026 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrInvalidSyncDirs = errors.New("userdbDir and etcDir are required")

ErrInvalidSyncDirs is returned when userdbDir or etcDir is empty.

View Source 
var ErrUserDBDirInvalid = errors.New("userdb dir missing or not a directory")

ErrUserDBDirInvalid is returned when userdbDir is missing or not a directory.

Functions

func RunUserDBSync added in v1.1.0 

func RunUserDBSync(ctx context.Context, log logrus.FieldLogger, userdbDir, etcDir string) (<-chan SyncEvent, error)

RunUserDBSync copies userdb from userdbDir into etcDir on start, then watches etcDir and copies the four userdb files back to userdbDir whenever they change (so changes from groupadd/useradd/usermod/chpasswd persist). Run until ctx is done. Initial validation (empty dirs, userdbDir missing or not a directory) is done synchronously and returns an error; runtime failures (e.g. watcher) are sent as SyncError on the channel. On success returns (events, nil); the sync runs in a goroutine and the channel is closed when it stops.

Types

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler implements the PAM issuer API handlers

func NewHandler 

func NewHandler(
	log logrus.FieldLogger,
	cfg *config.Config,
	ca *crypto.CAClient,
) (*Handler, error)

NewHandler creates a new PAM issuer handler

func (*Handler) AuthAuthorize 

func (h *Handler) AuthAuthorize(w http.ResponseWriter, r *http.Request, params pamapi.AuthAuthorizeParams)

AuthAuthorize handles OAuth2 authorization endpoint (GET /api/v1/auth/authorize)

func (*Handler) AuthJWKS 

func (h *Handler) AuthJWKS(w http.ResponseWriter, r *http.Request)

AuthJWKS handles JWKS endpoint (GET /api/v1/auth/jwks)

func (*Handler) AuthLogin 

func (h *Handler) AuthLogin(w http.ResponseWriter, r *http.Request, params pamapi.AuthLoginParams)

AuthLogin handles GET request to login form (GET /api/v1/auth/login)

func (*Handler) AuthLoginPost 

func (h *Handler) AuthLoginPost(w http.ResponseWriter, r *http.Request)

AuthLoginPost handles POST request to login form (POST /api/v1/auth/login)

func (*Handler) AuthLogout added in v1.1.0 

func (h *Handler) AuthLogout(w http.ResponseWriter, r *http.Request, params pamapi.AuthLogoutParams)

AuthLogout handles OIDC RP-Initiated Logout (GET /api/v1/auth/logout).

func (*Handler) AuthOpenIDConfiguration 

func (h *Handler) AuthOpenIDConfiguration(w http.ResponseWriter, r *http.Request)

AuthOpenIDConfiguration handles OpenID Connect discovery endpoint (GET /api/v1/auth/.well-known/openid-configuration)

func (*Handler) AuthToken 

func (h *Handler) AuthToken(w http.ResponseWriter, r *http.Request)

AuthToken handles OAuth2 token endpoint (POST /api/v1/auth/token)

func (*Handler) AuthUserInfo 

func (h *Handler) AuthUserInfo(w http.ResponseWriter, r *http.Request)

AuthUserInfo handles OIDC UserInfo endpoint (GET /api/v1/auth/userinfo)

func (*Handler) Close 

func (h *Handler) Close()

Close cleans up resources. It is safe to call multiple times (idempotent).

func (*Handler) Run 

func (h *Handler) Run(ctx context.Context) error

Run starts the background cleanup goroutine

func (*Handler) ServeFavicon added in v1.1.0 

func (h *Handler) ServeFavicon(w http.ResponseWriter, r *http.Request)

ServeFavicon serves the embedded Flight Control favicon PNG 

func (h *Handler) ServeFlightControlLogo(w http.ResponseWriter, r *http.Request)

ServeFlightControlLogo serves the embedded Flight Control logo SVG

func (*Handler) ServeLoginCSS added in v1.1.0 

func (h *Handler) ServeLoginCSS(w http.ResponseWriter, r *http.Request)

ServeLoginCSS renders and serves the login page CSS with branding overrides applied.

func (*Handler) ServeLoginJS added in v1.1.0 

func (h *Handler) ServeLoginJS(w http.ResponseWriter, r *http.Request)

ServeLoginJS serves the embedded login page JavaScript

func (*Handler) ServePatternFlyCSS added in v1.1.0 

func (h *Handler) ServePatternFlyCSS(w http.ResponseWriter, r *http.Request)

ServePatternFlyCSS serves the embedded PatternFly CSS stylesheet. When the client supports gzip, the pre-compressed version is served (~145 KB vs ~1.6 MB).

type Server 

type Server struct {
	// contains filtered or unexported fields
}

func New 

func New(
	log logrus.FieldLogger,
	cfg *config.Config,
	ca *crypto.CAClient,
	listener net.Listener,
) *Server

New returns a new instance of a PAM issuer server.

func (*Server) Run 

func (s *Server) Run(ctx context.Context) error

type SyncEvent added in v1.1.0 

type SyncEvent struct {
	Kind SyncEventKind
	Err  error
	File string
}

SyncEvent is emitted on the returned channel for observability and testing. For SyncError, Err is set. For SyncCopyBackDone, File is the base name of the file copied.

type SyncEventKind added in v1.1.0 

type SyncEventKind string

SyncEventKind is the type of a userdb sync event. 

const (
	SyncSkipped        SyncEventKind = "skipped"         // empty dirs or userdb dir missing/not a dir
	SyncCopyInDone     SyncEventKind = "copy_in_done"    // copy from userdb to etc finished
	SyncWatcherStarted SyncEventKind = "watcher_started" // fsnotify watch on etcDir active
	SyncCopyBackDone   SyncEventKind = "copy_back_done"  // copy from etc to userdb finished (after a change)
	SyncError          SyncEventKind = "error"           // runtime failure (e.g. watcher); Err is set
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.