security

package
v0.0.0-...-fa57f66 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 1, 2021 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// login data not found, need to request user input
	ErrNotFound = errors.New("not found")

	// old login data invalid, need to request a new one
	ErrOldInvalid = errors.New("old invalid")

	// operation not supported
	ErrUnsupported = errors.New("not supported")
)

Errors require special handling nolint:revive

Functions

func NewAuthorizationHandlerConfig

func NewAuthorizationHandlerConfig(name string) (interface{}, error)

func NewKeychainHandlerConfig

func NewKeychainHandlerConfig(name string) (interface{}, error)

func RegisterAuthorizationHandler

func RegisterAuthorizationHandler(
	name string,
	f AuthorizationHandlerFactoryFunc,
	cf AuthorizationHandlerConfigFactoryFunc,
)

func RegisterKeychainHandler

func RegisterKeychainHandler(
	name string,
	f KeychainHandlerFactoryFunc,
	cf KeychainHandlerConfigFactoryFunc,
)

Types

type AuthPolicy

type AuthPolicy struct {
}

AuthPolicy to automatically allow/deny certain access

type AuthRequest

type AuthRequest struct {
	UserDisplayName string `json:"user_display_name" yaml:"user_display_name"`
	UserLoginName   string `json:"user_login_name" yaml:"user_login_name"`
	UserID          string `json:"user_id" yaml:"user_id"`

	PrimaryGroupName string           `json:"primary_group_name" yaml:"primary_group_name"`
	PrimaryGroupID   string           `json:"primary_group_id" yaml:"primary_group_id"`
	SupplementGIDs   []GroupNameAndID `json:"supplement_gids" yaml:"supplement_gids"`

	ProcessName string `json:"process_name" yaml:"process_name"`
	ProcessID   uint64 `json:"process_id" yaml:"process_id"`

	ParentProcessName string `json:"parent_process_name" yaml:"parent_process_name"`
	ParentProcseeID   uint64 `json:"parent_process_id" yaml:"parent_process_id"`

	ProcessCallingPath []ProcessNameAndID `json:"process_calling_path" yaml:"process_calling_path"`

	Operation string `json:"operation" yaml:"operation"`
	File      string `json:"file" yaml:"file"`
}

AuthRequest is the request containing request user and intension

func CreateAuthRequest

func CreateAuthRequest(uid string, pid uint64, op OperationKind, file string) (*AuthRequest, error)

func (*AuthRequest) CreateKey

func (r *AuthRequest) CreateKey(policy *AuthPolicy) string

func (*AuthRequest) FormatPrompt

func (r *AuthRequest) FormatPrompt() string

type AuthorizationData

type AuthorizationData interface{}

AuthorizationData returned by security service

type AuthorizationHandler

type AuthorizationHandler interface {
	// Request explicit user authorization
	Authorize(req *AuthRequest) error
}

func NewAuthorizationHandler

func NewAuthorizationHandler(name string, config interface{}) (AuthorizationHandler, error)

type AuthorizationHandlerConfigFactoryFunc

type AuthorizationHandlerConfigFactoryFunc func() interface{}

type AuthorizationHandlerFactoryFunc

type AuthorizationHandlerFactoryFunc func(config interface{}) (AuthorizationHandler, error)

type AuthorizationManager

type AuthorizationManager struct {
	// contains filtered or unexported fields
}

func NewAuthorizationManager

func NewAuthorizationManager(
	runningCtx context.Context,
	handler AuthorizationHandler,
	defaultPenaltyDuration time.Duration,
	defaultPermitDuration time.Duration,
) *AuthorizationManager

func (*AuthorizationManager) RequestAuth

func (m *AuthorizationManager) RequestAuth(
	req *AuthRequest,
	permitDuration *time.Duration,
	penaltyDuration *time.Duration,
) error

RequestAuth checks if the authorization is still valid before actually request user authorization

func (*AuthorizationManager) Start

func (m *AuthorizationManager) Start()

Start in background

func (*AuthorizationManager) Stop

func (m *AuthorizationManager) Stop() error

type GroupNameAndID

type GroupNameAndID struct {
	Name string `json:"name" yaml:"name"`
	GID  string `json:"gid" yaml:"gid"`
}

type KeychainHandler

type KeychainHandler interface {
	// SaveLogin saves username and password to system keychain
	SaveLogin(pmDriver, configName, username, password string) error

	// DeleteLogin deletes stored username and password
	DeleteLogin(pmDriver, configName string) error

	// GetLogin retrieves previously stored username and password
	GetLogin(pmDriver, configName string) (username, password string, err error)
}

func NewKeychainHandler

func NewKeychainHandler(name string, config interface{}) (KeychainHandler, error)

type KeychainHandlerConfigFactoryFunc

type KeychainHandlerConfigFactoryFunc func() interface{}

type KeychainHandlerFactoryFunc

type KeychainHandlerFactoryFunc func(config interface{}) (KeychainHandler, error)

type OperationKind

type OperationKind int
const (
	OpRead OperationKind = iota + 1
	OpWrite
	OpAppend
	OpSeek
	OpRemove
)

func (OperationKind) String

func (k OperationKind) String() string

type ProcessNameAndID

type ProcessNameAndID struct {
	Name string `json:"name" yaml:"name"`
	PID  uint64 `json:"pid" yaml:"pid"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL