security

package

v0.0.0-...-fa57f66 Latest Latest Go to latest Published: Aug 1, 2021 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Repository URL not available.

Documentation ¶

Index ¶

Variables
func NewAuthorizationHandlerConfig(name string) (interface{}, error)
func NewKeychainHandlerConfig(name string) (interface{}, error)
func RegisterAuthorizationHandler(name string, f AuthorizationHandlerFactoryFunc, ...)
func RegisterKeychainHandler(name string, f KeychainHandlerFactoryFunc, cf KeychainHandlerConfigFactoryFunc)
type AuthPolicy
type AuthRequest
- func CreateAuthRequest(uid string, pid uint64, op OperationKind, file string) (*AuthRequest, error)
- func (r *AuthRequest) CreateKey(policy *AuthPolicy) string
- func (r *AuthRequest) FormatPrompt() string
type AuthorizationData
type AuthorizationHandler
- func NewAuthorizationHandler(name string, config interface{}) (AuthorizationHandler, error)
type AuthorizationHandlerConfigFactoryFunc
type AuthorizationHandlerFactoryFunc
type AuthorizationManager
- func NewAuthorizationManager(runningCtx context.Context, handler AuthorizationHandler, ...) *AuthorizationManager
- func (m *AuthorizationManager) RequestAuth(req *AuthRequest, permitDuration *time.Duration, ...) error
- func (m *AuthorizationManager) Start()
- func (m *AuthorizationManager) Stop() error
type GroupNameAndID
type KeychainHandler
- func NewKeychainHandler(name string, config interface{}) (KeychainHandler, error)
type KeychainHandlerConfigFactoryFunc
type KeychainHandlerFactoryFunc
type OperationKind
- func (k OperationKind) String() string
type ProcessNameAndID

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// login data not found, need to request user input
	ErrNotFound = errors.New("not found")

	// old login data invalid, need to request a new one
	ErrOldInvalid = errors.New("old invalid")

	// operation not supported
	ErrUnsupported = errors.New("not supported")
)

Errors require special handling nolint:revive

Functions ¶

func NewAuthorizationHandlerConfig ¶

func NewAuthorizationHandlerConfig(name string) (interface{}, error)

func NewKeychainHandlerConfig ¶

func NewKeychainHandlerConfig(name string) (interface{}, error)

func RegisterAuthorizationHandler ¶

func RegisterAuthorizationHandler(
	name string,
	f AuthorizationHandlerFactoryFunc,
	cf AuthorizationHandlerConfigFactoryFunc,
)

func RegisterKeychainHandler ¶

func RegisterKeychainHandler(
	name string,
	f KeychainHandlerFactoryFunc,
	cf KeychainHandlerConfigFactoryFunc,
)

Types ¶

type AuthPolicy ¶

type AuthPolicy struct {
}

AuthPolicy to automatically allow/deny certain access

type AuthRequest ¶

type AuthRequest struct {
	UserDisplayName string `json:"user_display_name" yaml:"user_display_name"`
	UserLoginName   string `json:"user_login_name" yaml:"user_login_name"`
	UserID          string `json:"user_id" yaml:"user_id"`

	PrimaryGroupName string           `json:"primary_group_name" yaml:"primary_group_name"`
	PrimaryGroupID   string           `json:"primary_group_id" yaml:"primary_group_id"`
	SupplementGIDs   []GroupNameAndID `json:"supplement_gids" yaml:"supplement_gids"`

	ProcessName string `json:"process_name" yaml:"process_name"`
	ProcessID   uint64 `json:"process_id" yaml:"process_id"`

	ParentProcessName string `json:"parent_process_name" yaml:"parent_process_name"`
	ParentProcseeID   uint64 `json:"parent_process_id" yaml:"parent_process_id"`

	ProcessCallingPath []ProcessNameAndID `json:"process_calling_path" yaml:"process_calling_path"`

	Operation string `json:"operation" yaml:"operation"`
	File      string `json:"file" yaml:"file"`
}

AuthRequest is the request containing request user and intension

func CreateAuthRequest ¶

func CreateAuthRequest(uid string, pid uint64, op OperationKind, file string) (*AuthRequest, error)

func (*AuthRequest) CreateKey ¶

func (r *AuthRequest) CreateKey(policy *AuthPolicy) string

func (*AuthRequest) FormatPrompt ¶

func (r *AuthRequest) FormatPrompt() string

type AuthorizationData ¶

type AuthorizationData interface{}

AuthorizationData returned by security service

type AuthorizationHandler ¶

type AuthorizationHandler interface {
	// Request explicit user authorization
	Authorize(req *AuthRequest) error
}

func NewAuthorizationHandler ¶

func NewAuthorizationHandler(name string, config interface{}) (AuthorizationHandler, error)

type AuthorizationHandlerConfigFactoryFunc ¶

type AuthorizationHandlerConfigFactoryFunc func() interface{}

type AuthorizationHandlerFactoryFunc ¶

type AuthorizationHandlerFactoryFunc func(config interface{}) (AuthorizationHandler, error)

type AuthorizationManager ¶

type AuthorizationManager struct {
	// contains filtered or unexported fields
}

func NewAuthorizationManager ¶

func NewAuthorizationManager(
	runningCtx context.Context,
	handler AuthorizationHandler,
	defaultPenaltyDuration time.Duration,
	defaultPermitDuration time.Duration,
) *AuthorizationManager

func (*AuthorizationManager) RequestAuth ¶

func (m *AuthorizationManager) RequestAuth(
	req *AuthRequest,
	permitDuration *time.Duration,
	penaltyDuration *time.Duration,
) error

RequestAuth checks if the authorization is still valid before actually request user authorization

func (*AuthorizationManager) Start ¶

func (m *AuthorizationManager) Start()

Start in background

func (*AuthorizationManager) Stop ¶

func (m *AuthorizationManager) Stop() error

type GroupNameAndID ¶

type GroupNameAndID struct {
	Name string `json:"name" yaml:"name"`
	GID  string `json:"gid" yaml:"gid"`
}

type KeychainHandler ¶

type KeychainHandler interface {
	// SaveLogin saves username and password to system keychain
	SaveLogin(pmDriver, configName, username, password string) error

	// DeleteLogin deletes stored username and password
	DeleteLogin(pmDriver, configName string) error

	// GetLogin retrieves previously stored username and password
	GetLogin(pmDriver, configName string) (username, password string, err error)
}

func NewKeychainHandler ¶

func NewKeychainHandler(name string, config interface{}) (KeychainHandler, error)

type KeychainHandlerConfigFactoryFunc ¶

type KeychainHandlerConfigFactoryFunc func() interface{}

type KeychainHandlerFactoryFunc ¶

type KeychainHandlerFactoryFunc func(config interface{}) (KeychainHandler, error)

type OperationKind ¶

type OperationKind int

const (
	OpRead OperationKind = iota + 1
	OpWrite
	OpAppend
	OpSeek
	OpRemove
)

func (OperationKind) String ¶

func (k OperationKind) String() string

type ProcessNameAndID ¶

type ProcessNameAndID struct {
	Name string `json:"name" yaml:"name"`
	PID  uint64 `json:"pid" yaml:"pid"`
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
system
webhook

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL