auth

package
v0.9.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 4, 2020 License: Apache-2.0 Imports: 9 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Flavor_name = map[int32]string{
	0: "AUTH_NONE",
	1: "AUTH_SYS",
}
View Source
var Flavor_value = map[string]int32{
	"AUTH_NONE": 0,
	"AUTH_SYS":  1,
}

Functions

func VerifierFromToken

func VerifierFromToken(key crypto.PublicKey, token *Token) ([]byte, error)

VerifierFromToken will return a SHA512 hash of the token data. If a signing key is passed in it will additionally sign the hash of the token.

func VerifyToken

func VerifyToken(key crypto.PublicKey, token *Token, sig []byte) error

VerifyToken takes the auth token and the signature bytes in the verifier and verifies it against the public key provided for the agent who claims to have provided the token.

Types

type Credential

type Credential struct {
	Token                *Token   `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	Verifier             *Token   `protobuf:"bytes,2,opt,name=verifier,proto3" json:"verifier,omitempty"`
	Origin               string   `protobuf:"bytes,3,opt,name=origin,proto3" json:"origin,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Token and verifier are expected to have the same flavor type.

func AuthSysRequestFromCreds

func AuthSysRequestFromCreds(ext UserExt, creds *security.DomainInfo, signing crypto.PrivateKey) (*Credential, error)

AuthSysRequestFromCreds takes the domain info credentials gathered during the dRPC request and creates an AuthSys security request to obtain a handle from the management service.

func (*Credential) Descriptor

func (*Credential) Descriptor() ([]byte, []int)

func (*Credential) GetOrigin

func (m *Credential) GetOrigin() string

func (*Credential) GetToken

func (m *Credential) GetToken() *Token

func (*Credential) GetVerifier

func (m *Credential) GetVerifier() *Token

func (*Credential) ProtoMessage

func (*Credential) ProtoMessage()

func (*Credential) Reset

func (m *Credential) Reset()

func (*Credential) String

func (m *Credential) String() string

func (*Credential) XXX_DiscardUnknown

func (m *Credential) XXX_DiscardUnknown()

func (*Credential) XXX_Marshal

func (m *Credential) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Credential) XXX_Merge

func (m *Credential) XXX_Merge(src proto.Message)

func (*Credential) XXX_Size

func (m *Credential) XXX_Size() int

func (*Credential) XXX_Unmarshal

func (m *Credential) XXX_Unmarshal(b []byte) error

type Flavor

type Flavor int32

Types of authentication token

const (
	Flavor_AUTH_NONE Flavor = 0
	Flavor_AUTH_SYS  Flavor = 1
)

func (Flavor) EnumDescriptor

func (Flavor) EnumDescriptor() ([]byte, []int)

func (Flavor) String

func (x Flavor) String() string

type GetCredResp added in v0.9.0

type GetCredResp struct {
	Status               int32       `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"`
	Cred                 *Credential `protobuf:"bytes,2,opt,name=cred,proto3" json:"cred,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

GetCredResp represents the result of a request to fetch authentication credentials.

func (*GetCredResp) Descriptor added in v0.9.0

func (*GetCredResp) Descriptor() ([]byte, []int)

func (*GetCredResp) GetCred added in v0.9.0

func (m *GetCredResp) GetCred() *Credential

func (*GetCredResp) GetStatus added in v0.9.0

func (m *GetCredResp) GetStatus() int32

func (*GetCredResp) ProtoMessage added in v0.9.0

func (*GetCredResp) ProtoMessage()

func (*GetCredResp) Reset added in v0.9.0

func (m *GetCredResp) Reset()

func (*GetCredResp) String added in v0.9.0

func (m *GetCredResp) String() string

func (*GetCredResp) XXX_DiscardUnknown added in v0.9.0

func (m *GetCredResp) XXX_DiscardUnknown()

func (*GetCredResp) XXX_Marshal added in v0.9.0

func (m *GetCredResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GetCredResp) XXX_Merge added in v0.9.0

func (m *GetCredResp) XXX_Merge(src proto.Message)

func (*GetCredResp) XXX_Size added in v0.9.0

func (m *GetCredResp) XXX_Size() int

func (*GetCredResp) XXX_Unmarshal added in v0.9.0

func (m *GetCredResp) XXX_Unmarshal(b []byte) error

type Sys

type Sys struct {
	Stamp                uint64   `protobuf:"varint,1,opt,name=stamp,proto3" json:"stamp,omitempty"`
	Machinename          string   `protobuf:"bytes,2,opt,name=machinename,proto3" json:"machinename,omitempty"`
	User                 string   `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"`
	Group                string   `protobuf:"bytes,4,opt,name=group,proto3" json:"group,omitempty"`
	Groups               []string `protobuf:"bytes,5,rep,name=groups,proto3" json:"groups,omitempty"`
	Secctx               string   `protobuf:"bytes,6,opt,name=secctx,proto3" json:"secctx,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Token structure for AUTH_SYS flavor cred

func AuthSysFromAuthToken

func AuthSysFromAuthToken(authToken *Token) (*Sys, error)

AuthSysFromAuthToken takes an opaque AuthToken and turns it into a concrete AuthSys data structure.

func (*Sys) Descriptor

func (*Sys) Descriptor() ([]byte, []int)

func (*Sys) GetGroup

func (m *Sys) GetGroup() string

func (*Sys) GetGroups

func (m *Sys) GetGroups() []string

func (*Sys) GetMachinename

func (m *Sys) GetMachinename() string

func (*Sys) GetSecctx

func (m *Sys) GetSecctx() string

func (*Sys) GetStamp

func (m *Sys) GetStamp() uint64

func (*Sys) GetUser

func (m *Sys) GetUser() string

func (*Sys) ProtoMessage

func (*Sys) ProtoMessage()

func (*Sys) Reset

func (m *Sys) Reset()

func (*Sys) String

func (m *Sys) String() string

func (*Sys) XXX_DiscardUnknown

func (m *Sys) XXX_DiscardUnknown()

func (*Sys) XXX_Marshal

func (m *Sys) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Sys) XXX_Merge

func (m *Sys) XXX_Merge(src proto.Message)

func (*Sys) XXX_Size

func (m *Sys) XXX_Size() int

func (*Sys) XXX_Unmarshal

func (m *Sys) XXX_Unmarshal(b []byte) error

type Token

type Token struct {
	Flavor               Flavor   `protobuf:"varint,1,opt,name=flavor,proto3,enum=auth.Flavor" json:"flavor,omitempty"`
	Data                 []byte   `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Token) Descriptor

func (*Token) Descriptor() ([]byte, []int)

func (*Token) GetData

func (m *Token) GetData() []byte

func (*Token) GetFlavor

func (m *Token) GetFlavor() Flavor

func (*Token) ProtoMessage

func (*Token) ProtoMessage()

func (*Token) Reset

func (m *Token) Reset()

func (*Token) String

func (m *Token) String() string

func (*Token) XXX_DiscardUnknown

func (m *Token) XXX_DiscardUnknown()

func (*Token) XXX_Marshal

func (m *Token) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Token) XXX_Merge

func (m *Token) XXX_Merge(src proto.Message)

func (*Token) XXX_Size

func (m *Token) XXX_Size() int

func (*Token) XXX_Unmarshal

func (m *Token) XXX_Unmarshal(b []byte) error

type User

type User interface {
	Username() string
	GroupIDs() ([]uint32, error)
}

User is an interface wrapping a representation of a specific system user

type UserExt

type UserExt interface {
	LookupUserID(uid uint32) (User, error)
	LookupGroupID(gid uint32) (*user.Group, error)
}

UserExt is an interface that wraps system user-related external functions

type ValidateCredReq added in v0.9.0

type ValidateCredReq struct {
	Cred                 *Credential `protobuf:"bytes,1,opt,name=cred,proto3" json:"cred,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

ValidateCredReq represents a request to verify a set of authentication credentials.

func (*ValidateCredReq) Descriptor added in v0.9.0

func (*ValidateCredReq) Descriptor() ([]byte, []int)

func (*ValidateCredReq) GetCred added in v0.9.0

func (m *ValidateCredReq) GetCred() *Credential

func (*ValidateCredReq) ProtoMessage added in v0.9.0

func (*ValidateCredReq) ProtoMessage()

func (*ValidateCredReq) Reset added in v0.9.0

func (m *ValidateCredReq) Reset()

func (*ValidateCredReq) String added in v0.9.0

func (m *ValidateCredReq) String() string

func (*ValidateCredReq) XXX_DiscardUnknown added in v0.9.0

func (m *ValidateCredReq) XXX_DiscardUnknown()

func (*ValidateCredReq) XXX_Marshal added in v0.9.0

func (m *ValidateCredReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ValidateCredReq) XXX_Merge added in v0.9.0

func (m *ValidateCredReq) XXX_Merge(src proto.Message)

func (*ValidateCredReq) XXX_Size added in v0.9.0

func (m *ValidateCredReq) XXX_Size() int

func (*ValidateCredReq) XXX_Unmarshal added in v0.9.0

func (m *ValidateCredReq) XXX_Unmarshal(b []byte) error

type ValidateCredResp added in v0.9.0

type ValidateCredResp struct {
	Status               int32    `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"`
	Token                *Token   `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ValidateCredResp represents the result of a request to validate authentication credentials.

func (*ValidateCredResp) Descriptor added in v0.9.0

func (*ValidateCredResp) Descriptor() ([]byte, []int)

func (*ValidateCredResp) GetStatus added in v0.9.0

func (m *ValidateCredResp) GetStatus() int32

func (*ValidateCredResp) GetToken added in v0.9.0

func (m *ValidateCredResp) GetToken() *Token

func (*ValidateCredResp) ProtoMessage added in v0.9.0

func (*ValidateCredResp) ProtoMessage()

func (*ValidateCredResp) Reset added in v0.9.0

func (m *ValidateCredResp) Reset()

func (*ValidateCredResp) String added in v0.9.0

func (m *ValidateCredResp) String() string

func (*ValidateCredResp) XXX_DiscardUnknown added in v0.9.0

func (m *ValidateCredResp) XXX_DiscardUnknown()

func (*ValidateCredResp) XXX_Marshal added in v0.9.0

func (m *ValidateCredResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ValidateCredResp) XXX_Merge added in v0.9.0

func (m *ValidateCredResp) XXX_Merge(src proto.Message)

func (*ValidateCredResp) XXX_Size added in v0.9.0

func (m *ValidateCredResp) XXX_Size() int

func (*ValidateCredResp) XXX_Unmarshal added in v0.9.0

func (m *ValidateCredResp) XXX_Unmarshal(b []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL