Documentation ¶
Index ¶
- Constants
- Variables
- func AuthenticateUserDN(userDN string, password string, cfg *config.ConfigLDAP) (bool, error)
- func CheckLDAPUser(form PasswordForm, cfg *config.ConfigLDAP) (bool, error)
- func CheckLocalUserIsAllowed(form PasswordForm, db *sqlx.DB, ctx context.Context) (bool, error, error)
- func CheckLocalUserPassword(form PasswordForm, db *sqlx.DB, ctx context.Context) (bool, error, error)
- func CheckLocalUserToken(token string, db *sqlx.DB, timeout time.Duration) (bool, string, error)
- func ConnectToLDAP(cfg *config.ConfigLDAP) (*ldap.Conn, error)
- func DerivePassword(password string) (string, error)
- func IsCommonPassword(pw string) bool
- func IsGoodLoginPair(username string, password string) (bool, error)
- func IsGoodPassword(password string) (bool, error)
- func LoadPasswordBlacklist(filePath string) error
- func LookupUserDN(username string, cfg *config.ConfigLDAP) (string, bool, error)
- func VerifySCRYPTPassword(password string, scryptPassword string) error
- type CurrentUser
- type PasswordForm
- type SCRYPTComponents
Examples ¶
Constants ¶
const ( LDAPWithTLS = "ldaps://" LDAPNoTLS = "ldap://" )
const CurrentUserKey key = iota
const KEY_DELIM = ":"
const PrivLevelAdmin = 30
const PrivLevelFederation = 15
const PrivLevelInvalid = -1
PrivLevelInvalid - The Default Priv level
const PrivLevelORT = 11
const PrivLevelOperations = 20
const PrivLevelPortal = 15
const PrivLevelReadOnly = 10
const PrivLevelSteering = 15
const TenantIDInvalid = -1
TenantIDInvalid - The default Tenant ID
Variables ¶
var DefaultParams = SCRYPTComponents{
Algorithm: "SCRYPT",
N: 16384,
R: 8,
P: 1,
SaltLen: 16,
DKLen: 64}
The SCRYPT functionality defined in this package is derived based upon the following references: https://pkg.go.dev/golang.org/x/crypto/scrypt https://www.tarsnap.com/scrypt/scrypt.pdf
Functions ¶
func AuthenticateUserDN ¶
func CheckLDAPUser ¶
func CheckLDAPUser(form PasswordForm, cfg *config.ConfigLDAP) (bool, error)
func CheckLocalUserIsAllowed ¶
func CheckLocalUserPassword ¶
func CheckLocalUserToken ¶
CheckLocalUserToken checks the passed token against the records in the db for a match, up to a maximum duration of timeout.
func ConnectToLDAP ¶
func ConnectToLDAP(cfg *config.ConfigLDAP) (*ldap.Conn, error)
func DerivePassword ¶
DerivePassword uses the https://pkg.go.dev/golang.org/x/crypto/scrypt package to return an encrypted password that is compatible with the Perl CPAN library Crypt::ScryptKDF for backward compatibility to authenticate through the Perl API the same way. See: http://cpansearch.perl.org/src/MIK/Crypt-ScryptKDF-0.010/lib/Crypt/ScryptKDF.pm
func IsCommonPassword ¶
func IsGoodPassword ¶
func LoadPasswordBlacklist ¶
Expects a relative path from the traffic_ops directory
func LookupUserDN ¶
func VerifySCRYPTPassword ¶
VerifySCRYPTPassword parses the original Derived Key (DK) from the SCRYPT password so that it can compare that with the password/scriptPassword param
Types ¶
type CurrentUser ¶
type CurrentUser struct { UserName string `json:"userName" db:"username"` ID int `json:"id" db:"id"` PrivLevel int `json:"privLevel" db:"priv_level"` TenantID int `json:"tenantId" db:"tenant_id"` Role int `json:"role" db:"role"` RoleName string `json:"roleName" db:"role_name"` Capabilities pq.StringArray `json:"capabilities" db:"capabilities"` // contains filtered or unexported fields }
func GetCurrentUser ¶
func GetCurrentUser(ctx context.Context) (*CurrentUser, error)
func GetCurrentUserFromDB ¶
func GetCurrentUserFromDB(DB *sqlx.DB, user string, timeout time.Duration) (CurrentUser, error, error, int)
GetCurrentUserFromDB - returns the id and privilege level of the given user along with the username, or -1 as the id, - as the userName and PrivLevelInvalid if the user doesn't exist, along with a user facing error, a system error to log, and an error code to return
func (CurrentUser) Can ¶
func (cu CurrentUser) Can(permission string) bool
Can returns whether or not the user has the specified Permission, i.e. whether or not they "can" do something.
Example ¶
cu := CurrentUser{} fmt.Println(cu.Can("anything"))
Output: false
func (CurrentUser) MissingPermissions ¶
func (cu CurrentUser) MissingPermissions(permissions ...string) []string
MissingPermissions returns all of the passed Permissions that the user does not have.
Example ¶
cu := CurrentUser{} missingPerms := cu.MissingPermissions("do something", "do anything") fmt.Println(strings.Join(missingPerms, ", "))
Output: do something, do anything
type PasswordForm ¶
type SCRYPTComponents ¶
type SCRYPTComponents struct { Algorithm string // The SCRYPT algorithm prefix N int // CPU/memory cost parameter (logN) R int // block size parameter (octets) P int // parallelization parameter (positive int) Salt []byte // salt value SaltLen int // bytes to use as salt (octets) DK []byte // derived key value DKLen int // length of the derived key (octets) }
SCRYPTComponents the input parameters to the Scrypt encryption key format