auth

package
v6.1.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 4, 2022 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 1 more Imports: 23 Imported by: 0

Documentation

Index

Examples

Constants

View Source
const (
	LDAPWithTLS = "ldaps://"
	LDAPNoTLS   = "ldap://"
)
View Source
const CurrentUserKey key = iota
View Source
const KEY_DELIM = ":"
View Source
const PrivLevelAdmin = 30
View Source
const PrivLevelFederation = 15
View Source
const PrivLevelInvalid = -1

PrivLevelInvalid - The Default Priv level

View Source
const PrivLevelORT = 11
View Source
const PrivLevelOperations = 20
View Source
const PrivLevelPortal = 15
View Source
const PrivLevelReadOnly = 10
View Source
const PrivLevelSteering = 15
View Source
const TenantIDInvalid = -1

TenantIDInvalid - The default Tenant ID

Variables

View Source
var DefaultParams = SCRYPTComponents{
	Algorithm: "SCRYPT",
	N:         16384,
	R:         8,
	P:         1,
	SaltLen:   16,
	DKLen:     64}

The SCRYPT functionality defined in this package is derived based upon the following references: https://pkg.go.dev/golang.org/x/crypto/scrypt https://www.tarsnap.com/scrypt/scrypt.pdf

Functions

func AuthenticateUserDN

func AuthenticateUserDN(userDN string, password string, cfg *config.ConfigLDAP) (bool, error)

func CheckLDAPUser

func CheckLDAPUser(form PasswordForm, cfg *config.ConfigLDAP) (bool, error)

func CheckLocalUserIsAllowed

func CheckLocalUserIsAllowed(form PasswordForm, db *sqlx.DB, ctx context.Context) (bool, error, error)

func CheckLocalUserPassword

func CheckLocalUserPassword(form PasswordForm, db *sqlx.DB, ctx context.Context) (bool, error, error)

func CheckLocalUserToken

func CheckLocalUserToken(token string, db *sqlx.DB, timeout time.Duration) (bool, string, error)

CheckLocalUserToken checks the passed token against the records in the db for a match, up to a maximum duration of timeout.

func ConnectToLDAP

func ConnectToLDAP(cfg *config.ConfigLDAP) (*ldap.Conn, error)

func DerivePassword

func DerivePassword(password string) (string, error)

DerivePassword uses the https://pkg.go.dev/golang.org/x/crypto/scrypt package to return an encrypted password that is compatible with the Perl CPAN library Crypt::ScryptKDF for backward compatibility to authenticate through the Perl API the same way. See: http://cpansearch.perl.org/src/MIK/Crypt-ScryptKDF-0.010/lib/Crypt/ScryptKDF.pm

func IsCommonPassword

func IsCommonPassword(pw string) bool

func IsGoodLoginPair

func IsGoodLoginPair(username string, password string) (bool, error)

func IsGoodPassword

func IsGoodPassword(password string) (bool, error)

func LoadPasswordBlacklist

func LoadPasswordBlacklist(filePath string) error

Expects a relative path from the traffic_ops directory

func LookupUserDN

func LookupUserDN(username string, cfg *config.ConfigLDAP) (string, bool, error)

func VerifySCRYPTPassword

func VerifySCRYPTPassword(password string, scryptPassword string) error

VerifySCRYPTPassword parses the original Derived Key (DK) from the SCRYPT password so that it can compare that with the password/scriptPassword param

Types

type CurrentUser

type CurrentUser struct {
	UserName     string         `json:"userName" db:"username"`
	ID           int            `json:"id" db:"id"`
	PrivLevel    int            `json:"privLevel" db:"priv_level"`
	TenantID     int            `json:"tenantId" db:"tenant_id"`
	Role         int            `json:"role" db:"role"`
	RoleName     string         `json:"roleName" db:"role_name"`
	Capabilities pq.StringArray `json:"capabilities" db:"capabilities"`
	// contains filtered or unexported fields
}

func GetCurrentUser

func GetCurrentUser(ctx context.Context) (*CurrentUser, error)

func GetCurrentUserFromDB

func GetCurrentUserFromDB(DB *sqlx.DB, user string, timeout time.Duration) (CurrentUser, error, error, int)

GetCurrentUserFromDB - returns the id and privilege level of the given user along with the username, or -1 as the id, - as the userName and PrivLevelInvalid if the user doesn't exist, along with a user facing error, a system error to log, and an error code to return

func (CurrentUser) Can

func (cu CurrentUser) Can(permission string) bool

Can returns whether or not the user has the specified Permission, i.e. whether or not they "can" do something.

Example
cu := CurrentUser{}
fmt.Println(cu.Can("anything"))
Output:

false

func (CurrentUser) MissingPermissions

func (cu CurrentUser) MissingPermissions(permissions ...string) []string

MissingPermissions returns all of the passed Permissions that the user does not have.

Example
cu := CurrentUser{}
missingPerms := cu.MissingPermissions("do something", "do anything")
fmt.Println(strings.Join(missingPerms, ", "))
Output:

do something, do anything

type PasswordForm

type PasswordForm struct {
	Username string `json:"u"`
	Password string `json:"p"`
}

type SCRYPTComponents

type SCRYPTComponents struct {
	Algorithm string // The SCRYPT algorithm prefix
	N         int    // CPU/memory cost parameter (logN)
	R         int    // block size parameter (octets)
	P         int    // parallelization parameter (positive int)
	Salt      []byte // salt value
	SaltLen   int    // bytes to use as salt (octets)
	DK        []byte // derived key value
	DKLen     int    // length of the derived key (octets)
}

SCRYPTComponents the input parameters to the Scrypt encryption key format

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL