auth

package
v5.1.6+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 19, 2022 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 1 more Imports: 22 Imported by: 111

Documentation

Index

Constants

View Source
const (
	LDAPWithTLS = "ldaps://"
	LDAPNoTLS   = "ldap://"
)
View Source
const CurrentUserKey key = iota
View Source
const KEY_DELIM = ":"
View Source
const PrivLevelAdmin = 30
View Source
const PrivLevelFederation = 15
View Source
const PrivLevelInvalid = -1

PrivLevelInvalid - The Default Priv level

View Source
const PrivLevelORT = 11
View Source
const PrivLevelOperations = 20
View Source
const PrivLevelPortal = 15
View Source
const PrivLevelReadOnly = 10
View Source
const PrivLevelSteering = 15
View Source
const TenantIDInvalid = -1

TenantIDInvalid - The default Tenant ID

Variables

View Source
var DefaultParams = SCRYPTComponents{
	Algorithm: "SCRYPT",
	N:         16384,
	R:         8,
	P:         1,
	SaltLen:   16,
	DKLen:     64}

The SCRYPT functionality defined in this package is derived based upon the following references: https://godoc.org/golang.org/x/crypto/scrypt https://www.tarsnap.com/scrypt/scrypt.pdf

Functions

func AuthenticateUserDN

func AuthenticateUserDN(userDN string, password string, cfg *config.ConfigLDAP) (bool, error)

func CheckLDAPUser

func CheckLDAPUser(form PasswordForm, cfg *config.ConfigLDAP) (bool, error)

func CheckLocalUserIsAllowed

func CheckLocalUserIsAllowed(form PasswordForm, db *sqlx.DB, timeout time.Duration) (bool, error, error)

func CheckLocalUserPassword

func CheckLocalUserPassword(form PasswordForm, db *sqlx.DB, timeout time.Duration) (bool, error, error)

func CheckLocalUserToken

func CheckLocalUserToken(token string, db *sqlx.DB, timeout time.Duration) (bool, string, error)

CheckLocalUserToken checks the passed token against the records in the db for a match, up to a maximum duration of timeout.

func ConnectToLDAP

func ConnectToLDAP(cfg *config.ConfigLDAP) (*ldap.Conn, error)

func DerivePassword

func DerivePassword(password string) (string, error)

DerivePassword uses the https://godoc.org/golang.org/x/crypto/scrypt package to return an encrypted password that is compatible with the Perl CPAN library Crypt::ScryptKDF for backward compatibility to authenticate through the Perl API the same way. See: http://cpansearch.perl.org/src/MIK/Crypt-ScryptKDF-0.010/lib/Crypt/ScryptKDF.pm

func IsCommonPassword

func IsCommonPassword(pw string) bool

func IsGoodLoginPair

func IsGoodLoginPair(username string, password string) (bool, error)

func IsGoodPassword

func IsGoodPassword(password string) (bool, error)

func LoadPasswordBlacklist

func LoadPasswordBlacklist(filePath string) error

Expects a relative path from the traffic_ops directory

func LookupUserDN

func LookupUserDN(username string, cfg *config.ConfigLDAP) (string, bool, error)

func VerifySCRYPTPassword

func VerifySCRYPTPassword(password string, scryptPassword string) error

VerifySCRYPTPassword parses the original Derived Key (DK) from the SCRYPT password so that it can compare that with the password/scriptPassword param

Types

type CurrentUser

type CurrentUser struct {
	UserName     string         `json:"userName" db:"username"`
	ID           int            `json:"id" db:"id"`
	PrivLevel    int            `json:"privLevel" db:"priv_level"`
	TenantID     int            `json:"tenantId" db:"tenant_id"`
	Role         int            `json:"role" db:"role"`
	Capabilities pq.StringArray `json:"capabilities" db:"capabilities"`
}

func GetCurrentUser

func GetCurrentUser(ctx context.Context) (*CurrentUser, error)

func GetCurrentUserFromDB

func GetCurrentUserFromDB(DB *sqlx.DB, user string, timeout time.Duration) (CurrentUser, error, error, int)

GetCurrentUserFromDB - returns the id and privilege level of the given user along with the username, or -1 as the id, - as the userName and PrivLevelInvalid if the user doesn't exist, along with a user facing error, a system error to log, and an error code to return

type PasswordForm

type PasswordForm struct {
	Username string `json:"u"`
	Password string `json:"p"`
}

type SCRYPTComponents

type SCRYPTComponents struct {
	Algorithm string // The SCRYPT algorithm prefix
	N         int    // CPU/memory cost parameter (logN)
	R         int    // block size parameter (octets)
	P         int    // parallelization parameter (positive int)
	Salt      []byte // salt value
	SaltLen   int    // bytes to use as salt (octets)
	DK        []byte // derived key value
	DKLen     int    // length of the derived key (octets)
}

SCRYPTComponents the input parameters to the Scrypt encryption key format

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL