Documentation
¶
Index ¶
- Constants
- Variables
- func CleanRow(row string) string
- func ConvertSidToString(sid []byte) (string, error)
- func ExecCmd(name string, arg ...string) ([]byte, error)
- func ResolveAccountToSID(name string) ([]byte, uint32, error)
- type ACE
- type ACLReport
- type ACLVerifier
- type ConfigLog
- type ConfigProblem
- type ExpectedACE
- type ExpectedACL
- type FileLoader
- type FilePermsOps
- type FileSystem
- type FileSystemOption
- type OsFilePermsOps
- func (o *OsFilePermsOps) ApplyACE(path string, ace ACE) error
- func (o *OsFilePermsOps) Chmod(path string, perm fs.FileMode) error
- func (o *OsFilePermsOps) Chown(path string, owner string, group string) error
- func (o *OsFilePermsOps) CreateFileWithPerm(path string) (afero.File, error)
- func (o *OsFilePermsOps) MkdirAllWithPerm(path string, perm fs.FileMode) error
- func (o *OsFilePermsOps) Stat(path string) (fs.FileInfo, error)
- func (o *OsFilePermsOps) WriteFileWithPerm(path string, data []byte, perm fs.FileMode) error
- type PermInfo
- type PermsChecker
- type RowDetails
- type Table
- type UnixACLVerifier
Constants ¶
const ModeHomePerms = fs.FileMode(0o600)
ModeHomePerms is the expected permission bits that should be set for opkssh user home policy files `~/.opk/auth_id`.
const ModeSystemPerms = fs.FileMode(0o640)
ModeSystemPerms is the expected permission bits that should be set for opkssh system policy files (on Unix: /etc/opk/auth_id, /etc/opk/providers; on Windows: %ProgramData%\opk\auth_id, %ProgramData%\opk\providers). This mode means that only the owner of the file can write/read to the file, but the group which should be opksshuser can read the file.
Variables ¶
var RequiredPerms = struct { // SystemPolicy is the system-wide policy file // (e.g. /etc/opk/auth_id). SystemPolicy PermInfo // HomePolicy is the per-user policy file // (e.g. ~/.opk/auth_id). HomePolicy PermInfo // Providers is the provider configuration file // (e.g. /etc/opk/providers). Providers PermInfo // Config is the server configuration file // (e.g. /etc/opk/config.yml). Config PermInfo // PluginsDir is the directory containing policy plugin definitions // (e.g. /etc/opk/policy.d). PluginsDir PermInfo // PluginFile is an individual plugin YAML file inside the plugins // directory. PluginFile PermInfo }{ SystemPolicy: PermInfo{ Mode: ModeSystemPerms, Owner: "root", Group: "opksshuser", MustExist: true, }, HomePolicy: PermInfo{ Mode: ModeHomePerms, Owner: "", Group: "", MustExist: false, }, Providers: PermInfo{ Mode: ModeSystemPerms, Owner: "root", Group: "opksshuser", MustExist: false, }, Config: PermInfo{ Mode: ModeSystemPerms, Owner: "root", Group: "opksshuser", MustExist: false, }, PluginsDir: PermInfo{ Mode: 0o750, Owner: "root", Group: "", MustExist: false, }, PluginFile: PermInfo{ Mode: ModeSystemPerms, Owner: "root", Group: "", MustExist: false, }, }
RequiredPerms defines the expected permissions for each opkssh resource type on Unix/Linux systems.
Functions ¶
func ConvertSidToString ¶ added in v0.14.0
ConvertSidToString stub for non-Windows platforms.
Types ¶
type ACE ¶ added in v0.14.0
type ACE struct {
Principal string
// PrincipalSID if present contains the raw SID bytes to use when applying
// the ACE on Windows. When non-nil, implementations should prefer the SID
// form of TRUSTEE to avoid name-resolution ambiguity.
PrincipalSID []byte
Rights string
// PrincipalSIDStr contains the textual SID (S-1-5-...) when available.
PrincipalSIDStr string
Type string // Allow or Deny
Inherited bool
}
ACE represents an access control entry (platform-agnostic minimal view)
type ACLReport ¶ added in v0.14.0
type ACLReport struct {
Path string
Exists bool
Owner string
// OwnerSID contains the raw owner SID bytes on Windows when available.
// On non-Windows platforms this will be nil.
OwnerSID []byte
// OwnerSIDStr is the textual SID value (S-1-5-...) when available.
OwnerSIDStr string
Mode fs.FileMode
ACEs []ACE
Problems []string
}
ACLReport is the structured result from verifying ACLs/ownership for a path
type ACLVerifier ¶ added in v0.14.0
type ACLVerifier interface {
VerifyACL(path string, expected ExpectedACL) (ACLReport, error)
}
ACLVerifier verifies ACLs and ownership for a given path against expectations. Implementations are platform-specific (Unix uses syscalls; Windows uses Win32 APIs).
func NewDefaultACLVerifier ¶ added in v0.14.0
func NewDefaultACLVerifier(fs afero.Fs) ACLVerifier
type ConfigLog ¶
type ConfigLog struct {
// contains filtered or unexported fields
}
func ConfigProblems ¶
func ConfigProblems() *ConfigLog
func (*ConfigLog) GetProblems ¶
func (c *ConfigLog) GetProblems() []ConfigProblem
func (*ConfigLog) NoProblems ¶
func (*ConfigLog) RecordProblem ¶
func (c *ConfigLog) RecordProblem(entry ConfigProblem)
type ConfigProblem ¶
type ConfigProblem struct {
Filepath string
OffendingLine string
ErrorMessage string
Source string
}
func (ConfigProblem) String ¶
func (e ConfigProblem) String() string
type ExpectedACE ¶ added in v0.14.0
type ExpectedACE struct {
Principal string // e.g. "Administrators", "SYSTEM", "opksshuser"
Rights string // e.g. "GENERIC_ALL", "GENERIC_READ"
Type string // "allow"
}
ExpectedACE describes a single required ACE.
type ExpectedACL ¶ added in v0.14.0
type ExpectedACL struct {
Owner string
Mode fs.FileMode // expected mode bits; 0 means ignore
// RequiredACEs lists ACE expectations that must be present.
// Used on Windows to verify that opksshuser has been granted read access.
RequiredACEs []ExpectedACE
}
ExpectedACL contains the expectations for a path's ownership/ACL
func ExpectedACLFromPerm ¶ added in v0.14.0
func ExpectedACLFromPerm(pi PermInfo) ExpectedACL
ExpectedACLFromPerm builds an ExpectedACL from a PermInfo.
type FileLoader ¶
UserPolicyLoader contains methods to read/write the opkssh policy file from/to an arbitrary filesystem. All methods that read policy from the filesystem fail and return an error immediately if the permission bits are invalid.
func (FileLoader) CreateIfDoesNotExist ¶
func (l FileLoader) CreateIfDoesNotExist(path string) error
CreateIfDoesNotExist creates a file at the given path if it does not exist.
func (*FileLoader) Dump ¶
func (l *FileLoader) Dump(fileBytes []byte, path string) error
Dump writes the bytes in fileBytes to the filepath
func (*FileLoader) LoadFileAtPath ¶
func (l *FileLoader) LoadFileAtPath(path string) ([]byte, error)
LoadFileAtPath validates that the file at path exists, can be read by the current process, and has the correct permission bits set. Parses the contents and returns the bytes if file permissions are valid and reading is successful; otherwise returns an error.
type FilePermsOps ¶ added in v0.14.0
type FilePermsOps interface {
MkdirAllWithPerm(path string, perm fs.FileMode) error
CreateFileWithPerm(path string) (afero.File, error)
WriteFileWithPerm(path string, data []byte, perm fs.FileMode) error
Chmod(path string, perm fs.FileMode) error
Stat(path string) (fs.FileInfo, error)
Chown(path string, owner string, group string) error
// ApplyACE applies a single ACE to the target path. On platforms that
// don't support ACE modifications, this may be a no-op or return nil.
ApplyACE(path string, ace ACE) error
}
FilePermsOps provides an abstraction for creating files/directories and setting permissions in a platform-aware way.
func NewDefaultFilePermsOps ¶ added in v0.14.0
func NewDefaultFilePermsOps(fs afero.Fs) FilePermsOps
func NewWindowsACLFilePermsOps ¶ added in v0.14.0
func NewWindowsACLFilePermsOps(fs afero.Fs) FilePermsOps
NewWindowsACLFilePermsOps is a stub for non-Windows platforms and returns the default OsFilePermsOps so code that references this symbol compiles on all platforms.
type FileSystem ¶ added in v0.14.0
type FileSystem interface {
// Stat returns file info for the given path.
Stat(path string) (fs.FileInfo, error)
// Exists reports whether the path exists.
Exists(path string) (bool, error)
// Open opens a file for reading (e.g. directory listing via Readdir).
Open(path string) (afero.File, error)
// ReadFile reads the entire contents of a file.
ReadFile(path string) ([]byte, error)
// MkdirAll creates a directory and all parents with the given permission.
MkdirAll(path string, perm fs.FileMode) error
// CreateFile creates an empty file, creating parent directories as needed.
CreateFile(path string) (afero.File, error)
// WriteFile writes data to a file with the given permission.
WriteFile(path string, data []byte, perm fs.FileMode) error
// Chmod sets the permission mode bits on a path.
Chmod(path string, perm fs.FileMode) error
// Chown sets the owner and group on a path.
Chown(path string, owner string, group string) error
// ApplyACE applies a single access control entry to a path.
ApplyACE(path string, ace ACE) error
// CheckPerm verifies that the file at path has one of the required
// permission modes and, optionally, the expected owner and group.
CheckPerm(path string, requirePerm []fs.FileMode, requiredOwner string, requiredGroup string) error
// VerifyACL checks ACLs and ownership against expectations.
VerifyACL(path string, expected ExpectedACL) (ACLReport, error)
}
FileSystem abstracts all filesystem and permission operations needed by the permissions and audit commands. It combines file I/O, permission mutations, ownership management, and ACL verification into a single mockable interface that hides platform-specific details.
func NewFileSystem ¶ added in v0.14.0
func NewFileSystem(afs afero.Fs, opts ...FileSystemOption) FileSystem
NewFileSystem creates a FileSystem backed by an afero.Fs. It wires up the appropriate platform-specific implementations for permission operations, permission checking, and ACL verification.
type FileSystemOption ¶ added in v0.14.0
type FileSystemOption func(*defaultFileSystem)
FileSystemOption configures a FileSystem created by NewFileSystem.
func WithCmdRunner ¶ added in v0.14.0
func WithCmdRunner(runner func(string, ...string) ([]byte, error)) FileSystemOption
WithCmdRunner overrides the command runner used by the permission checker. This is useful in tests where the real "stat" command cannot be used against an in-memory filesystem.
type OsFilePermsOps ¶ added in v0.14.0
OsFilePermsOps is a default implementation that delegates to an afero.Fs for filesystem operations and uses os.Chown when required.
func (*OsFilePermsOps) ApplyACE ¶ added in v0.14.0
func (o *OsFilePermsOps) ApplyACE(path string, ace ACE) error
func (*OsFilePermsOps) Chmod ¶ added in v0.14.0
func (o *OsFilePermsOps) Chmod(path string, perm fs.FileMode) error
func (*OsFilePermsOps) Chown ¶ added in v0.14.0
func (o *OsFilePermsOps) Chown(path string, owner string, group string) error
func (*OsFilePermsOps) CreateFileWithPerm ¶ added in v0.14.0
func (o *OsFilePermsOps) CreateFileWithPerm(path string) (afero.File, error)
func (*OsFilePermsOps) MkdirAllWithPerm ¶ added in v0.14.0
func (o *OsFilePermsOps) MkdirAllWithPerm(path string, perm fs.FileMode) error
func (*OsFilePermsOps) Stat ¶ added in v0.14.0
func (o *OsFilePermsOps) Stat(path string) (fs.FileInfo, error)
func (*OsFilePermsOps) WriteFileWithPerm ¶ added in v0.14.0
type PermInfo ¶ added in v0.14.0
type PermInfo struct {
// Mode is the expected Unix permission bits (e.g. 0o640, 0o600, 0o750).
Mode fs.FileMode
// Owner is the expected owner of the file/directory (e.g. "root" on
// Linux, "Administrators" on Windows). An empty string means ownership
// is not checked/enforced.
Owner string
// Group is the expected group owner (e.g. "opksshuser"). An empty
// string means group ownership is not checked/enforced.
Group string
// MustExist indicates whether the resource is required to exist for the
// system to function correctly.
MustExist bool
}
PermInfo describes the expected filesystem permissions for a given resource type used by opkssh. It centralises mode, ownership, and existence requirements so that they are defined once and consumed by permission checking, fixing and auditing code.
type PermsChecker ¶
PermsChecker contains methods to check the ownership, group and file permissions of a file on a Unix-like system (or Windows).
func NewPermsChecker ¶
func NewPermsChecker(fs afero.Fs) *PermsChecker
func (*PermsChecker) CheckPerm ¶
func (u *PermsChecker) CheckPerm(path string, requirePerm []fs.FileMode, requiredOwner string, requiredGroup string) error
CheckPerm checks the file at the given path if it has the desired permissions. The argument requirePerm is a list to enable the caller to specify multiple permissions only one of which needs to match the permissions on the file. If the requiredOwner or requiredGroup are not empty then the function will also that the owner and group of the file match the requiredOwner and requiredGroup specified and fail if they do not.
type RowDetails ¶ added in v0.12.0
func ReadRowsWithDetails ¶ added in v0.12.0
func ReadRowsWithDetails(content []byte) []RowDetails
ReadRowsWithDetails reads rows from content, returning any parsing errors. Useful for auditing and finding configuration problems.
type Table ¶
type Table struct {
// contains filtered or unexported fields
}
type UnixACLVerifier ¶ added in v0.14.0
UnixACLVerifier implements ACLVerifier for Unix-like systems.
func (*UnixACLVerifier) VerifyACL ¶ added in v0.14.0
func (u *UnixACLVerifier) VerifyACL(path string, expected ExpectedACL) (ACLReport, error)