files

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source
const ModeHomePerms = fs.FileMode(0o600)

ModeHomePerms is the expected permission bits that should be set for opkssh user home policy files `~/.opk/auth_id`.

View Source
const ModeSystemPerms = fs.FileMode(0o640)

ModeSystemPerms is the expected permission bits that should be set for opkssh system policy files (on Unix: /etc/opk/auth_id, /etc/opk/providers; on Windows: %ProgramData%\opk\auth_id, %ProgramData%\opk\providers). This mode means that only the owner of the file can write/read to the file, but the group which should be opksshuser can read the file.

Variables

View Source
var RequiredPerms = struct {
	// SystemPolicy is the system-wide policy file
	// (e.g. /etc/opk/auth_id).
	SystemPolicy PermInfo
	// HomePolicy is the per-user policy file
	// (e.g. ~/.opk/auth_id).
	HomePolicy PermInfo
	// Providers is the provider configuration file
	// (e.g. /etc/opk/providers).
	Providers PermInfo
	// Config is the server configuration file
	// (e.g. /etc/opk/config.yml).
	Config PermInfo
	// PluginsDir is the directory containing policy plugin definitions
	// (e.g. /etc/opk/policy.d).
	PluginsDir PermInfo
	// PluginFile is an individual plugin YAML file inside the plugins
	// directory.
	PluginFile PermInfo
}{
	SystemPolicy: PermInfo{
		Mode:      ModeSystemPerms,
		Owner:     "root",
		Group:     "opksshuser",
		MustExist: true,
	},
	HomePolicy: PermInfo{
		Mode:      ModeHomePerms,
		Owner:     "",
		Group:     "",
		MustExist: false,
	},
	Providers: PermInfo{
		Mode:      ModeSystemPerms,
		Owner:     "root",
		Group:     "opksshuser",
		MustExist: false,
	},
	Config: PermInfo{
		Mode:      ModeSystemPerms,
		Owner:     "root",
		Group:     "opksshuser",
		MustExist: false,
	},
	PluginsDir: PermInfo{
		Mode:      0o750,
		Owner:     "root",
		Group:     "",
		MustExist: false,
	},
	PluginFile: PermInfo{
		Mode:      ModeSystemPerms,
		Owner:     "root",
		Group:     "",
		MustExist: false,
	},
}

RequiredPerms defines the expected permissions for each opkssh resource type on Unix/Linux systems.

Functions

func CleanRow

func CleanRow(row string) string

func ConvertSidToString added in v0.14.0

func ConvertSidToString(sid []byte) (string, error)

ConvertSidToString stub for non-Windows platforms.

func ExecCmd added in v0.7.0

func ExecCmd(name string, arg ...string) ([]byte, error)

func ResolveAccountToSID added in v0.14.0

func ResolveAccountToSID(name string) ([]byte, uint32, error)

ResolveAccountToSID is a stub on non-Windows platforms.

Types

type ACE added in v0.14.0

type ACE struct {
	Principal string
	// PrincipalSID if present contains the raw SID bytes to use when applying
	// the ACE on Windows. When non-nil, implementations should prefer the SID
	// form of TRUSTEE to avoid name-resolution ambiguity.
	PrincipalSID []byte
	Rights       string
	// PrincipalSIDStr contains the textual SID (S-1-5-...) when available.
	PrincipalSIDStr string
	Type            string // Allow or Deny
	Inherited       bool
}

ACE represents an access control entry (platform-agnostic minimal view)

type ACLReport added in v0.14.0

type ACLReport struct {
	Path   string
	Exists bool
	Owner  string
	// OwnerSID contains the raw owner SID bytes on Windows when available.
	// On non-Windows platforms this will be nil.
	OwnerSID []byte
	// OwnerSIDStr is the textual SID value (S-1-5-...) when available.
	OwnerSIDStr string
	Mode        fs.FileMode
	ACEs        []ACE
	Problems    []string
}

ACLReport is the structured result from verifying ACLs/ownership for a path

type ACLVerifier added in v0.14.0

type ACLVerifier interface {
	VerifyACL(path string, expected ExpectedACL) (ACLReport, error)
}

ACLVerifier verifies ACLs and ownership for a given path against expectations. Implementations are platform-specific (Unix uses syscalls; Windows uses Win32 APIs).

func NewDefaultACLVerifier added in v0.14.0

func NewDefaultACLVerifier(fs afero.Fs) ACLVerifier

type ConfigLog

type ConfigLog struct {
	// contains filtered or unexported fields
}

func ConfigProblems

func ConfigProblems() *ConfigLog

func (*ConfigLog) Clear

func (c *ConfigLog) Clear()

func (*ConfigLog) GetProblems

func (c *ConfigLog) GetProblems() []ConfigProblem

func (*ConfigLog) NoProblems

func (c *ConfigLog) NoProblems() bool

func (*ConfigLog) RecordProblem

func (c *ConfigLog) RecordProblem(entry ConfigProblem)

func (*ConfigLog) String

func (c *ConfigLog) String() string

type ConfigProblem

type ConfigProblem struct {
	Filepath      string
	OffendingLine string
	ErrorMessage  string
	Source        string
}

func (ConfigProblem) String

func (e ConfigProblem) String() string

type ExpectedACE added in v0.14.0

type ExpectedACE struct {
	Principal string // e.g. "Administrators", "SYSTEM", "opksshuser"
	Rights    string // e.g. "GENERIC_ALL", "GENERIC_READ"
	Type      string // "allow"
}

ExpectedACE describes a single required ACE.

type ExpectedACL added in v0.14.0

type ExpectedACL struct {
	Owner string
	Mode  fs.FileMode // expected mode bits; 0 means ignore

	// RequiredACEs lists ACE expectations that must be present.
	// Used on Windows to verify that opksshuser has been granted read access.
	RequiredACEs []ExpectedACE
}

ExpectedACL contains the expectations for a path's ownership/ACL

func ExpectedACLFromPerm added in v0.14.0

func ExpectedACLFromPerm(pi PermInfo) ExpectedACL

ExpectedACLFromPerm builds an ExpectedACL from a PermInfo.

type FileLoader

type FileLoader struct {
	Fs           afero.Fs
	RequiredPerm fs.FileMode
}

UserPolicyLoader contains methods to read/write the opkssh policy file from/to an arbitrary filesystem. All methods that read policy from the filesystem fail and return an error immediately if the permission bits are invalid.

func (FileLoader) CreateIfDoesNotExist

func (l FileLoader) CreateIfDoesNotExist(path string) error

CreateIfDoesNotExist creates a file at the given path if it does not exist.

func (*FileLoader) Dump

func (l *FileLoader) Dump(fileBytes []byte, path string) error

Dump writes the bytes in fileBytes to the filepath

func (*FileLoader) LoadFileAtPath

func (l *FileLoader) LoadFileAtPath(path string) ([]byte, error)

LoadFileAtPath validates that the file at path exists, can be read by the current process, and has the correct permission bits set. Parses the contents and returns the bytes if file permissions are valid and reading is successful; otherwise returns an error.

type FilePermsOps added in v0.14.0

type FilePermsOps interface {
	MkdirAllWithPerm(path string, perm fs.FileMode) error
	CreateFileWithPerm(path string) (afero.File, error)
	WriteFileWithPerm(path string, data []byte, perm fs.FileMode) error
	Chmod(path string, perm fs.FileMode) error
	Stat(path string) (fs.FileInfo, error)
	Chown(path string, owner string, group string) error
	// ApplyACE applies a single ACE to the target path. On platforms that
	// don't support ACE modifications, this may be a no-op or return nil.
	ApplyACE(path string, ace ACE) error
}

FilePermsOps provides an abstraction for creating files/directories and setting permissions in a platform-aware way.

func NewDefaultFilePermsOps added in v0.14.0

func NewDefaultFilePermsOps(fs afero.Fs) FilePermsOps

func NewWindowsACLFilePermsOps added in v0.14.0

func NewWindowsACLFilePermsOps(fs afero.Fs) FilePermsOps

NewWindowsACLFilePermsOps is a stub for non-Windows platforms and returns the default OsFilePermsOps so code that references this symbol compiles on all platforms.

type FileSystem added in v0.14.0

type FileSystem interface {
	// Stat returns file info for the given path.
	Stat(path string) (fs.FileInfo, error)
	// Exists reports whether the path exists.
	Exists(path string) (bool, error)
	// Open opens a file for reading (e.g. directory listing via Readdir).
	Open(path string) (afero.File, error)
	// ReadFile reads the entire contents of a file.
	ReadFile(path string) ([]byte, error)

	// MkdirAll creates a directory and all parents with the given permission.
	MkdirAll(path string, perm fs.FileMode) error
	// CreateFile creates an empty file, creating parent directories as needed.
	CreateFile(path string) (afero.File, error)
	// WriteFile writes data to a file with the given permission.
	WriteFile(path string, data []byte, perm fs.FileMode) error

	// Chmod sets the permission mode bits on a path.
	Chmod(path string, perm fs.FileMode) error
	// Chown sets the owner and group on a path.
	Chown(path string, owner string, group string) error
	// ApplyACE applies a single access control entry to a path.
	ApplyACE(path string, ace ACE) error

	// CheckPerm verifies that the file at path has one of the required
	// permission modes and, optionally, the expected owner and group.
	CheckPerm(path string, requirePerm []fs.FileMode, requiredOwner string, requiredGroup string) error
	// VerifyACL checks ACLs and ownership against expectations.
	VerifyACL(path string, expected ExpectedACL) (ACLReport, error)
}

FileSystem abstracts all filesystem and permission operations needed by the permissions and audit commands. It combines file I/O, permission mutations, ownership management, and ACL verification into a single mockable interface that hides platform-specific details.

func NewFileSystem added in v0.14.0

func NewFileSystem(afs afero.Fs, opts ...FileSystemOption) FileSystem

NewFileSystem creates a FileSystem backed by an afero.Fs. It wires up the appropriate platform-specific implementations for permission operations, permission checking, and ACL verification.

type FileSystemOption added in v0.14.0

type FileSystemOption func(*defaultFileSystem)

FileSystemOption configures a FileSystem created by NewFileSystem.

func WithCmdRunner added in v0.14.0

func WithCmdRunner(runner func(string, ...string) ([]byte, error)) FileSystemOption

WithCmdRunner overrides the command runner used by the permission checker. This is useful in tests where the real "stat" command cannot be used against an in-memory filesystem.

type OsFilePermsOps added in v0.14.0

type OsFilePermsOps struct {
	Fs afero.Fs
}

OsFilePermsOps is a default implementation that delegates to an afero.Fs for filesystem operations and uses os.Chown when required.

func (*OsFilePermsOps) ApplyACE added in v0.14.0

func (o *OsFilePermsOps) ApplyACE(path string, ace ACE) error

func (*OsFilePermsOps) Chmod added in v0.14.0

func (o *OsFilePermsOps) Chmod(path string, perm fs.FileMode) error

func (*OsFilePermsOps) Chown added in v0.14.0

func (o *OsFilePermsOps) Chown(path string, owner string, group string) error

func (*OsFilePermsOps) CreateFileWithPerm added in v0.14.0

func (o *OsFilePermsOps) CreateFileWithPerm(path string) (afero.File, error)

func (*OsFilePermsOps) MkdirAllWithPerm added in v0.14.0

func (o *OsFilePermsOps) MkdirAllWithPerm(path string, perm fs.FileMode) error

func (*OsFilePermsOps) Stat added in v0.14.0

func (o *OsFilePermsOps) Stat(path string) (fs.FileInfo, error)

func (*OsFilePermsOps) WriteFileWithPerm added in v0.14.0

func (o *OsFilePermsOps) WriteFileWithPerm(path string, data []byte, perm fs.FileMode) error

type PermInfo added in v0.14.0

type PermInfo struct {
	// Mode is the expected Unix permission bits (e.g. 0o640, 0o600, 0o750).
	Mode fs.FileMode
	// Owner is the expected owner of the file/directory (e.g. "root" on
	// Linux, "Administrators" on Windows). An empty string means ownership
	// is not checked/enforced.
	Owner string
	// Group is the expected group owner (e.g. "opksshuser"). An empty
	// string means group ownership is not checked/enforced.
	Group string
	// MustExist indicates whether the resource is required to exist for the
	// system to function correctly.
	MustExist bool
}

PermInfo describes the expected filesystem permissions for a given resource type used by opkssh. It centralises mode, ownership, and existence requirements so that they are defined once and consumed by permission checking, fixing and auditing code.

func (PermInfo) String added in v0.14.0

func (p PermInfo) String() string

String returns a human-readable summary of the permission info.

type PermsChecker

type PermsChecker struct {
	Fs        afero.Fs
	CmdRunner func(string, ...string) ([]byte, error)
}

PermsChecker contains methods to check the ownership, group and file permissions of a file on a Unix-like system (or Windows).

func NewPermsChecker

func NewPermsChecker(fs afero.Fs) *PermsChecker

func (*PermsChecker) CheckPerm

func (u *PermsChecker) CheckPerm(path string, requirePerm []fs.FileMode, requiredOwner string, requiredGroup string) error

CheckPerm checks the file at the given path if it has the desired permissions. The argument requirePerm is a list to enable the caller to specify multiple permissions only one of which needs to match the permissions on the file. If the requiredOwner or requiredGroup are not empty then the function will also that the owner and group of the file match the requiredOwner and requiredGroup specified and fail if they do not.

type RowDetails added in v0.12.0

type RowDetails struct {
	Columns []string
	Content string
	Empty   bool
	Error   error
}

func ReadRowsWithDetails added in v0.12.0

func ReadRowsWithDetails(content []byte) []RowDetails

ReadRowsWithDetails reads rows from content, returning any parsing errors. Useful for auditing and finding configuration problems.

type Table

type Table struct {
	// contains filtered or unexported fields
}

func NewTable

func NewTable(content []byte) *Table

NewTable creates a new Table from the given content.

func (*Table) AddRow

func (t *Table) AddRow(row ...string)

func (Table) GetRows

func (t Table) GetRows() [][]string

func (Table) ToBytes

func (t Table) ToBytes() []byte

func (Table) ToString

func (t Table) ToString() string

type UnixACLVerifier added in v0.14.0

type UnixACLVerifier struct {
	Fs afero.Fs
}

UnixACLVerifier implements ACLVerifier for Unix-like systems.

func (*UnixACLVerifier) VerifyACL added in v0.14.0

func (u *UnixACLVerifier) VerifyACL(path string, expected ExpectedACL) (ACLReport, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL