authdaemon

package
v1.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 27, 2026 License: AGPL-3.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetPrincipals 

func GetPrincipals(path, user string) ([]string, error)

GetPrincipals reads the principals data file at path, looks up the given user, and returns that user's principals as a string slice. The file format is JSON: object with username keys and array-of-principals values, e.g. {"alice":["alice","usr-123"],"bob":["bob","usr-456"]}. If the user is not found or the file is missing, returns nil and nil.

Types

type Config 

type Config struct {
	// DisableHTTPS: when true, Run() does not start the HTTPS server (for embedded use inside Newt). Call ProcessConnection directly for connection events.
	DisableHTTPS           bool
	Port                   int    // Required when DisableHTTPS is false. Listen port for the HTTPS server. No default.
	PresharedKey           string // Required when DisableHTTPS is false. HTTP auth (Authorization: Bearer <key> or X-Preshared-Key: <key>). No default.
	CACertPath             string // Required. Where to write the CA cert (e.g. /etc/ssh/ca.pem). No default.
	Force                  bool   // If true, overwrite existing CA cert (and other items) when content differs. Default false.
	PrincipalsFilePath     string // Required. Path to the principals data file (JSON: username -> array of principals). No default.
	GenerateRandomPassword bool   // If true, set a random password on users when they are provisioned (for SSH PermitEmptyPasswords no).
}

type ConnectionMetadata 

type ConnectionMetadata struct {
	SudoMode     string   `json:"sudoMode"`     // "none" | "full" | "commands"
	SudoCommands []string `json:"sudoCommands"` // used when sudoMode is "commands"
	Homedir      bool     `json:"homedir"`
	Groups       []string `json:"groups"` // system groups to add the user to
}

ConnectionMetadata is the metadata object in POST /connection.

type ConnectionRequest 

type ConnectionRequest struct {
	CaCert   string             `json:"caCert"`
	NiceId   string             `json:"niceId"`
	Username string             `json:"username"`
	Metadata ConnectionMetadata `json:"metadata"`
}

ConnectionRequest is the JSON body for POST /connection.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

func NewServer 

func NewServer(cfg Config) (*Server, error)

NewServer builds a new auth-daemon server from cfg. Port, PresharedKey, CACertPath, and PrincipalsFilePath are required (no defaults).

func (*Server) ProcessConnection 

func (s *Server) ProcessConnection(req ConnectionRequest)

ProcessConnection runs the same logic as POST /connection: CA cert, user create/reconcile, principals. Use this when DisableHTTPS is true (e.g. embedded in Newt) instead of calling the API.

func (*Server) Run 

func (s *Server) Run(ctx context.Context) error

Run starts the HTTPS server (unless DisableHTTPS) and blocks until ctx is cancelled or the server errors. When DisableHTTPS is true, Run() blocks on ctx only and does not listen; use ProcessConnection for connection events.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.