auth

package
v0.0.0-...-bce3c08 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2025 License: BSD-2-Clause-Patent Imports: 15 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	Flavor_name = map[int32]string{
		0: "AUTH_NONE",
		1: "AUTH_SYS",
	}
	Flavor_value = map[string]int32{
		"AUTH_NONE": 0,
		"AUTH_SYS":  1,
	}
)

Enum value maps for Flavor.

View Source 
var File_auth_proto protoreflect.FileDescriptor

Functions

func GetMachineName 

func GetMachineName() (string, error)

GetMachineName returns the "short" hostname by stripping the domain from the FQDN.

func VerifierFromToken 

func VerifierFromToken(key crypto.PublicKey, token *Token) ([]byte, error)

VerifierFromToken will return a SHA512 hash of the token data. If a signing key is passed in it will additionally sign the hash of the token.

func VerifyToken 

func VerifyToken(key crypto.PublicKey, token *Token, sig []byte) error

VerifyToken takes the auth token and the signature bytes in the verifier and verifies it against the public key provided for the agent who claims to have provided the token.

Types

type Credential 

type Credential struct {
	Token    *Token `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`       // authentication token
	Verifier *Token `protobuf:"bytes,2,opt,name=verifier,proto3" json:"verifier,omitempty"` // to verify integrity of the token
	Origin   string `protobuf:"bytes,3,opt,name=origin,proto3" json:"origin,omitempty"`     // the agent that created this credential
	// contains filtered or unexported fields
}

Token and verifier are expected to have the same flavor type.

func GetSignedCredential 

func GetSignedCredential(ctx context.Context, req *CredentialRequest) (*Credential, error)

GetSignedCredential returns a credential based on the provided domain info and signing key.

func (*Credential) Descriptor deprecated 

func (*Credential) Descriptor() ([]byte, []int)

Deprecated: Use Credential.ProtoReflect.Descriptor instead.

func (*Credential) GetOrigin 

func (x *Credential) GetOrigin() string

func (*Credential) GetToken 

func (x *Credential) GetToken() *Token

func (*Credential) GetVerifier 

func (x *Credential) GetVerifier() *Token

func (*Credential) ProtoMessage 

func (*Credential) ProtoMessage()

func (*Credential) ProtoReflect 

func (x *Credential) ProtoReflect() protoreflect.Message

func (*Credential) Reset 

func (x *Credential) Reset()

func (*Credential) String 

func (x *Credential) String() string

type CredentialRequest 

type CredentialRequest struct {
	DomainInfo *security.DomainInfo
	SigningKey crypto.PrivateKey
	// contains filtered or unexported fields
}

CredentialRequest defines the request parameters for GetSignedCredential.

func NewCredentialRequest 

func NewCredentialRequest(info *security.DomainInfo, key crypto.PrivateKey) *CredentialRequest

NewCredentialRequest returns a properly initialized CredentialRequest.

func (*CredentialRequest) WithUserAndGroup 

func (r *CredentialRequest) WithUserAndGroup(userStr, groupStr string, groupStrs ...string)

WithUserAndGroup provides an override to set the user, group, and optional list of group names to be used for the request.

type Flavor 

type Flavor int32

Types of authentication token 

const (
	Flavor_AUTH_NONE Flavor = 0
	Flavor_AUTH_SYS  Flavor = 1
)

func (Flavor) Descriptor 

func (Flavor) Descriptor() protoreflect.EnumDescriptor

func (Flavor) Enum 

func (x Flavor) Enum() *Flavor

func (Flavor) EnumDescriptor deprecated 

func (Flavor) EnumDescriptor() ([]byte, []int)

Deprecated: Use Flavor.Descriptor instead.

func (Flavor) Number 

func (x Flavor) Number() protoreflect.EnumNumber

func (Flavor) String 

func (x Flavor) String() string

func (Flavor) Type 

func (Flavor) Type() protoreflect.EnumType

type GetCredResp 

type GetCredResp struct {
	Status int32       `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"` // Status of the request
	Cred   *Credential `protobuf:"bytes,2,opt,name=cred,proto3" json:"cred,omitempty"`      // Caller's authentication credential
	// contains filtered or unexported fields
}

GetCredResp represents the result of a request to fetch authentication credentials.

func (*GetCredResp) Descriptor deprecated 

func (*GetCredResp) Descriptor() ([]byte, []int)

Deprecated: Use GetCredResp.ProtoReflect.Descriptor instead.

func (*GetCredResp) GetCred 

func (x *GetCredResp) GetCred() *Credential

func (*GetCredResp) GetStatus 

func (x *GetCredResp) GetStatus() int32

func (*GetCredResp) ProtoMessage 

func (*GetCredResp) ProtoMessage()

func (*GetCredResp) ProtoReflect 

func (x *GetCredResp) ProtoReflect() protoreflect.Message

func (*GetCredResp) Reset 

func (x *GetCredResp) Reset()

func (*GetCredResp) String 

func (x *GetCredResp) String() string

type Sys 

type Sys struct {
	Stamp       uint64   `protobuf:"varint,1,opt,name=stamp,proto3" json:"stamp,omitempty"`            // timestamp
	Machinename string   `protobuf:"bytes,2,opt,name=machinename,proto3" json:"machinename,omitempty"` // machine name
	User        string   `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"`               // user name
	Group       string   `protobuf:"bytes,4,opt,name=group,proto3" json:"group,omitempty"`             // primary group name
	Groups      []string `protobuf:"bytes,5,rep,name=groups,proto3" json:"groups,omitempty"`           // secondary group names
	Secctx      string   `protobuf:"bytes,6,opt,name=secctx,proto3" json:"secctx,omitempty"`           // Additional field for MAC label
	// contains filtered or unexported fields
}

Token structure for AUTH_SYS flavor cred

func AuthSysFromAuthToken 

func AuthSysFromAuthToken(authToken *Token) (*Sys, error)

AuthSysFromAuthToken takes an opaque AuthToken and turns it into a concrete AuthSys data structure.

func (*Sys) Descriptor deprecated 

func (*Sys) Descriptor() ([]byte, []int)

Deprecated: Use Sys.ProtoReflect.Descriptor instead.

func (*Sys) GetGroup 

func (x *Sys) GetGroup() string

func (*Sys) GetGroups 

func (x *Sys) GetGroups() []string

func (*Sys) GetMachinename 

func (x *Sys) GetMachinename() string

func (*Sys) GetSecctx 

func (x *Sys) GetSecctx() string

func (*Sys) GetStamp 

func (x *Sys) GetStamp() uint64

func (*Sys) GetUser 

func (x *Sys) GetUser() string

func (*Sys) ProtoMessage 

func (*Sys) ProtoMessage()

func (*Sys) ProtoReflect 

func (x *Sys) ProtoReflect() protoreflect.Message

func (*Sys) Reset 

func (x *Sys) Reset()

func (*Sys) String 

func (x *Sys) String() string

type Token 

type Token struct {
	Flavor Flavor `protobuf:"varint,1,opt,name=flavor,proto3,enum=auth.Flavor" json:"flavor,omitempty"` // flavor of this authentication token
	Data   []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`                       // packed structure of the specified flavor
	// contains filtered or unexported fields
}

func (*Token) Descriptor deprecated 

func (*Token) Descriptor() ([]byte, []int)

Deprecated: Use Token.ProtoReflect.Descriptor instead.

func (*Token) GetData 

func (x *Token) GetData() []byte

func (*Token) GetFlavor 

func (x *Token) GetFlavor() Flavor

func (*Token) ProtoMessage 

func (*Token) ProtoMessage()

func (*Token) ProtoReflect 

func (x *Token) ProtoReflect() protoreflect.Message

func (*Token) Reset 

func (x *Token) Reset()

func (*Token) String 

func (x *Token) String() string

type ValidateCredReq 

type ValidateCredReq struct {
	Cred *Credential `protobuf:"bytes,1,opt,name=cred,proto3" json:"cred,omitempty"` // Credential to be validated
	// contains filtered or unexported fields
}

ValidateCredReq represents a request to verify a set of authentication credentials.

func (*ValidateCredReq) Descriptor deprecated 

func (*ValidateCredReq) Descriptor() ([]byte, []int)

Deprecated: Use ValidateCredReq.ProtoReflect.Descriptor instead.

func (*ValidateCredReq) GetCred 

func (x *ValidateCredReq) GetCred() *Credential

func (*ValidateCredReq) ProtoMessage 

func (*ValidateCredReq) ProtoMessage()

func (*ValidateCredReq) ProtoReflect 

func (x *ValidateCredReq) ProtoReflect() protoreflect.Message

func (*ValidateCredReq) Reset 

func (x *ValidateCredReq) Reset()

func (*ValidateCredReq) String 

func (x *ValidateCredReq) String() string

type ValidateCredResp 

type ValidateCredResp struct {
	Status int32  `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"` // Status of the request
	Token  *Token `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`    // Validated authentication token from the credential
	// contains filtered or unexported fields
}

ValidateCredResp represents the result of a request to validate authentication credentials.

func (*ValidateCredResp) Descriptor deprecated 

func (*ValidateCredResp) Descriptor() ([]byte, []int)

Deprecated: Use ValidateCredResp.ProtoReflect.Descriptor instead.

func (*ValidateCredResp) GetStatus 

func (x *ValidateCredResp) GetStatus() int32

func (*ValidateCredResp) GetToken 

func (x *ValidateCredResp) GetToken() *Token

func (*ValidateCredResp) ProtoMessage 

func (*ValidateCredResp) ProtoMessage()

func (*ValidateCredResp) ProtoReflect 

func (x *ValidateCredResp) ProtoReflect() protoreflect.Message

func (*ValidateCredResp) Reset 

func (x *ValidateCredResp) Reset()

func (*ValidateCredResp) String 

func (x *ValidateCredResp) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.