userdb

package
v1.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 24, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package userdb implements a simple user database.

Format

The user database is a file containing a list of users and their passwords, encrypted with some scheme. We use a text-encoded protobuf, the structure can be found in userdb.proto.

We write text instead of binary to make it easier for administrators to troubleshoot, and since performance is not an issue for our expected usage.

Users must be UTF-8 and NOT contain whitespace; the library will enforce this.

Schemes

The default scheme is SCRYPT, with hard-coded parameters. The API does not allow the user to change this, at least for now. A PLAIN scheme is also supported for debugging purposes.

Writing

The functions that write a database file will not preserve ordering, invalid lines, empty lines, or any formatting.

It is also not safe for concurrent use from different processes.

Index

Constants

This section is empty.

Variables

View Source 
var File_userdb_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type DB 

type DB struct {
	// contains filtered or unexported fields
}

DB represents a single user database.

func Load 

func Load(fname string) (*DB, error)

Load the database from the given file. Return the database, and a fatal error if the database could not be loaded.

func New 

func New(fname string) *DB

New returns a new user database, on the given file name.

func (*DB) AddDeniedUser added in v1.13.0 

func (db *DB) AddDeniedUser(name string) error

AddDenied to the database. If the user is already present, override it. Note we enforce that the name has been normalized previously.

func (*DB) AddUser 

func (db *DB) AddUser(name, plainPassword string) error

AddUser to the database. If the user is already present, override it. Note we enforce that the name has been normalized previously.

func (*DB) Authenticate 

func (db *DB) Authenticate(name, plainPassword string) bool

Authenticate returns true if the password is valid for the user, false otherwise.

func (*DB) Exists 

func (db *DB) Exists(name string) bool

Exists returns true if the user is present, false otherwise.

func (*DB) Reload 

func (db *DB) Reload() error

Reload the database, refreshing its contents from the current file on disk. If there are errors reading from the file, they are returned and the database is not changed.

func (*DB) RemoveUser 

func (db *DB) RemoveUser(name string) bool

RemoveUser from the database. Returns True if the user was there, False otherwise.

func (*DB) Write 

func (db *DB) Write() error

Write the database to disk. It will do a complete rewrite each time, and is not safe to call it from different processes in parallel.

type Denied added in v1.13.0 

type Denied struct {
	// contains filtered or unexported fields
}

func (*Denied) Descriptor deprecated added in v1.13.0 

func (*Denied) Descriptor() ([]byte, []int)

Deprecated: Use Denied.ProtoReflect.Descriptor instead.

func (*Denied) ProtoMessage added in v1.13.0 

func (*Denied) ProtoMessage()

func (*Denied) ProtoReflect added in v1.13.0 

func (x *Denied) ProtoReflect() protoreflect.Message

func (*Denied) Reset added in v1.13.0 

func (x *Denied) Reset()

func (*Denied) String added in v1.13.0 

func (x *Denied) String() string

type Password 

type Password struct {

	// Types that are assignable to Scheme:
	//
	//	*Password_Scrypt
	//	*Password_Plain
	//	*Password_Denied
	Scheme isPassword_Scheme `protobuf_oneof:"scheme"`
	// contains filtered or unexported fields
}

func (*Password) Descriptor deprecated 

func (*Password) Descriptor() ([]byte, []int)

Deprecated: Use Password.ProtoReflect.Descriptor instead.

func (*Password) GetDenied added in v1.13.0 

func (x *Password) GetDenied() *Denied

func (*Password) GetPlain 

func (x *Password) GetPlain() *Plain

func (*Password) GetScheme 

func (m *Password) GetScheme() isPassword_Scheme

func (*Password) GetScrypt 

func (x *Password) GetScrypt() *Scrypt

func (*Password) PasswordMatches 

func (p *Password) PasswordMatches(plain string) bool

PasswordMatches returns true if the given password is a match.

func (*Password) ProtoMessage 

func (*Password) ProtoMessage()

func (*Password) ProtoReflect 

func (x *Password) ProtoReflect() protoreflect.Message

func (*Password) Reset 

func (x *Password) Reset()

func (*Password) String 

func (x *Password) String() string

type Password_Denied added in v1.13.0 

type Password_Denied struct {
	Denied *Denied `protobuf:"bytes,4,opt,name=denied,proto3,oneof"`
}

type Password_Plain 

type Password_Plain struct {
	Plain *Plain `protobuf:"bytes,3,opt,name=plain,proto3,oneof"`
}

type Password_Scrypt 

type Password_Scrypt struct {
	Scrypt *Scrypt `protobuf:"bytes,2,opt,name=scrypt,proto3,oneof"`
}

type Plain 

type Plain struct {
	Password []byte `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
	// contains filtered or unexported fields
}

func (*Plain) Descriptor deprecated 

func (*Plain) Descriptor() ([]byte, []int)

Deprecated: Use Plain.ProtoReflect.Descriptor instead.

func (*Plain) GetPassword 

func (x *Plain) GetPassword() []byte

func (*Plain) PasswordMatches 

func (p *Plain) PasswordMatches(plain string) bool

PasswordMatches implementation for the plain text scheme. Useful mostly for testing and debugging. TODO: Do we really need this? Removing it would make accidents less likely to happen. Consider doing so when we add another scheme, so we a least have two and multi-scheme support does not bit-rot.

func (*Plain) ProtoMessage 

func (*Plain) ProtoMessage()

func (*Plain) ProtoReflect 

func (x *Plain) ProtoReflect() protoreflect.Message

func (*Plain) Reset 

func (x *Plain) Reset()

func (*Plain) String 

func (x *Plain) String() string

type ProtoDB 

type ProtoDB struct {
	Users map[string]*Password `` /* 151-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*ProtoDB) Descriptor deprecated 

func (*ProtoDB) Descriptor() ([]byte, []int)

Deprecated: Use ProtoDB.ProtoReflect.Descriptor instead.

func (*ProtoDB) GetUsers 

func (x *ProtoDB) GetUsers() map[string]*Password

func (*ProtoDB) ProtoMessage 

func (*ProtoDB) ProtoMessage()

func (*ProtoDB) ProtoReflect 

func (x *ProtoDB) ProtoReflect() protoreflect.Message

func (*ProtoDB) Reset 

func (x *ProtoDB) Reset()

func (*ProtoDB) String 

func (x *ProtoDB) String() string

type Scrypt 

type Scrypt struct {
	LogN      uint64 `protobuf:"varint,1,opt,name=logN,proto3" json:"logN,omitempty"`
	R         int32  `protobuf:"varint,2,opt,name=r,proto3" json:"r,omitempty"`
	P         int32  `protobuf:"varint,3,opt,name=p,proto3" json:"p,omitempty"`
	KeyLen    int32  `protobuf:"varint,4,opt,name=keyLen,proto3" json:"keyLen,omitempty"`
	Salt      []byte `protobuf:"bytes,5,opt,name=salt,proto3" json:"salt,omitempty"`
	Encrypted []byte `protobuf:"bytes,6,opt,name=encrypted,proto3" json:"encrypted,omitempty"`
	// contains filtered or unexported fields
}

func (*Scrypt) Descriptor deprecated 

func (*Scrypt) Descriptor() ([]byte, []int)

Deprecated: Use Scrypt.ProtoReflect.Descriptor instead.

func (*Scrypt) GetEncrypted 

func (x *Scrypt) GetEncrypted() []byte

func (*Scrypt) GetKeyLen 

func (x *Scrypt) GetKeyLen() int32

func (*Scrypt) GetLogN 

func (x *Scrypt) GetLogN() uint64

func (*Scrypt) GetP 

func (x *Scrypt) GetP() int32

func (*Scrypt) GetR 

func (x *Scrypt) GetR() int32

func (*Scrypt) GetSalt 

func (x *Scrypt) GetSalt() []byte

func (*Scrypt) PasswordMatches 

func (s *Scrypt) PasswordMatches(plain string) bool

PasswordMatches implementation for the scrypt scheme, which we use by default.

func (*Scrypt) ProtoMessage 

func (*Scrypt) ProtoMessage()

func (*Scrypt) ProtoReflect 

func (x *Scrypt) ProtoReflect() protoreflect.Message

func (*Scrypt) Reset 

func (x *Scrypt) Reset()

func (*Scrypt) String 

func (x *Scrypt) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.