auth

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 9, 2020 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Flavor_name = map[int32]string{
	0: "AUTH_NONE",
	1: "AUTH_SYS",
}
View Source 
var Flavor_value = map[string]int32{
	"AUTH_NONE": 0,
	"AUTH_SYS":  1,
}

Functions

func VerifierFromToken 

func VerifierFromToken(key crypto.PublicKey, token *Token) ([]byte, error)

VerifierFromToken will return a SHA512 hash of the token data. If a signing key is passed in it will additionally sign the hash of the token.

func VerifyToken 

func VerifyToken(key crypto.PublicKey, token *Token, sig []byte) error

VerifyToken takes the auth token and the signature bytes in the verifier and verifies it against the public key provided for the agent who claims to have provided the token.

Types

type Credential 

type Credential struct {
	Token                *Token   `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	Verifier             *Token   `protobuf:"bytes,2,opt,name=verifier,proto3" json:"verifier,omitempty"`
	Origin               string   `protobuf:"bytes,3,opt,name=origin,proto3" json:"origin,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Token and verifier are expected to have the same flavor type.

func AuthSysRequestFromCreds 

func AuthSysRequestFromCreds(ext UserExt, creds *security.DomainInfo, signing crypto.PrivateKey) (*Credential, error)

AuthSysRequestFromCreds takes the domain info credentials gathered during the dRPC request and creates an AuthSys security request to obtain a handle from the management service.

func (*Credential) Descriptor 

func (*Credential) Descriptor() ([]byte, []int)

func (*Credential) GetOrigin 

func (m *Credential) GetOrigin() string

func (*Credential) GetToken 

func (m *Credential) GetToken() *Token

func (*Credential) GetVerifier 

func (m *Credential) GetVerifier() *Token

func (*Credential) ProtoMessage 

func (*Credential) ProtoMessage()

func (*Credential) Reset 

func (m *Credential) Reset()

func (*Credential) String 

func (m *Credential) String() string

func (*Credential) XXX_DiscardUnknown 

func (m *Credential) XXX_DiscardUnknown()

func (*Credential) XXX_Marshal 

func (m *Credential) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Credential) XXX_Merge 

func (m *Credential) XXX_Merge(src proto.Message)

func (*Credential) XXX_Size 

func (m *Credential) XXX_Size() int

func (*Credential) XXX_Unmarshal 

func (m *Credential) XXX_Unmarshal(b []byte) error

type Flavor 

type Flavor int32

Types of authentication token 

const (
	Flavor_AUTH_NONE Flavor = 0
	Flavor_AUTH_SYS  Flavor = 1
)

func (Flavor) EnumDescriptor 

func (Flavor) EnumDescriptor() ([]byte, []int)

func (Flavor) String 

func (x Flavor) String() string

type GetCredResp added in v0.9.0 

type GetCredResp struct {
	Status               int32       `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"`
	Cred                 *Credential `protobuf:"bytes,2,opt,name=cred,proto3" json:"cred,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

GetCredResp represents the result of a request to fetch authentication credentials.

func (*GetCredResp) Descriptor added in v0.9.0 

func (*GetCredResp) Descriptor() ([]byte, []int)

func (*GetCredResp) GetCred added in v0.9.0 

func (m *GetCredResp) GetCred() *Credential

func (*GetCredResp) GetStatus added in v0.9.0 

func (m *GetCredResp) GetStatus() int32

func (*GetCredResp) ProtoMessage added in v0.9.0 

func (*GetCredResp) ProtoMessage()

func (*GetCredResp) Reset added in v0.9.0 

func (m *GetCredResp) Reset()

func (*GetCredResp) String added in v0.9.0 

func (m *GetCredResp) String() string

func (*GetCredResp) XXX_DiscardUnknown added in v0.9.0 

func (m *GetCredResp) XXX_DiscardUnknown()

func (*GetCredResp) XXX_Marshal added in v0.9.0 

func (m *GetCredResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GetCredResp) XXX_Merge added in v0.9.0 

func (m *GetCredResp) XXX_Merge(src proto.Message)

func (*GetCredResp) XXX_Size added in v0.9.0 

func (m *GetCredResp) XXX_Size() int

func (*GetCredResp) XXX_Unmarshal added in v0.9.0 

func (m *GetCredResp) XXX_Unmarshal(b []byte) error

type Sys 

type Sys struct {
	Stamp                uint64   `protobuf:"varint,1,opt,name=stamp,proto3" json:"stamp,omitempty"`
	Machinename          string   `protobuf:"bytes,2,opt,name=machinename,proto3" json:"machinename,omitempty"`
	User                 string   `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"`
	Group                string   `protobuf:"bytes,4,opt,name=group,proto3" json:"group,omitempty"`
	Groups               []string `protobuf:"bytes,5,rep,name=groups,proto3" json:"groups,omitempty"`
	Secctx               string   `protobuf:"bytes,6,opt,name=secctx,proto3" json:"secctx,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Token structure for AUTH_SYS flavor cred

func AuthSysFromAuthToken 

func AuthSysFromAuthToken(authToken *Token) (*Sys, error)

AuthSysFromAuthToken takes an opaque AuthToken and turns it into a concrete AuthSys data structure.

func (*Sys) Descriptor 

func (*Sys) Descriptor() ([]byte, []int)

func (*Sys) GetGroup 

func (m *Sys) GetGroup() string

func (*Sys) GetGroups 

func (m *Sys) GetGroups() []string

func (*Sys) GetMachinename 

func (m *Sys) GetMachinename() string

func (*Sys) GetSecctx 

func (m *Sys) GetSecctx() string

func (*Sys) GetStamp 

func (m *Sys) GetStamp() uint64

func (*Sys) GetUser 

func (m *Sys) GetUser() string

func (*Sys) ProtoMessage 

func (*Sys) ProtoMessage()

func (*Sys) Reset 

func (m *Sys) Reset()

func (*Sys) String 

func (m *Sys) String() string

func (*Sys) XXX_DiscardUnknown 

func (m *Sys) XXX_DiscardUnknown()

func (*Sys) XXX_Marshal 

func (m *Sys) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Sys) XXX_Merge 

func (m *Sys) XXX_Merge(src proto.Message)

func (*Sys) XXX_Size 

func (m *Sys) XXX_Size() int

func (*Sys) XXX_Unmarshal 

func (m *Sys) XXX_Unmarshal(b []byte) error

type Token 

type Token struct {
	Flavor               Flavor   `protobuf:"varint,1,opt,name=flavor,proto3,enum=auth.Flavor" json:"flavor,omitempty"`
	Data                 []byte   `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Token) Descriptor 

func (*Token) Descriptor() ([]byte, []int)

func (*Token) GetData 

func (m *Token) GetData() []byte

func (*Token) GetFlavor 

func (m *Token) GetFlavor() Flavor

func (*Token) ProtoMessage 

func (*Token) ProtoMessage()

func (*Token) Reset 

func (m *Token) Reset()

func (*Token) String 

func (m *Token) String() string

func (*Token) XXX_DiscardUnknown 

func (m *Token) XXX_DiscardUnknown()

func (*Token) XXX_Marshal 

func (m *Token) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Token) XXX_Merge 

func (m *Token) XXX_Merge(src proto.Message)

func (*Token) XXX_Size 

func (m *Token) XXX_Size() int

func (*Token) XXX_Unmarshal 

func (m *Token) XXX_Unmarshal(b []byte) error

type User 

type User interface {
	Username() string
	GroupIDs() ([]uint32, error)
}

User is an interface wrapping a representation of a specific system user

type UserExt 

type UserExt interface {
	LookupUserID(uid uint32) (User, error)
	LookupGroupID(gid uint32) (*user.Group, error)
}

UserExt is an interface that wraps system user-related external functions

type ValidateCredReq added in v0.9.0 

type ValidateCredReq struct {
	Cred                 *Credential `protobuf:"bytes,1,opt,name=cred,proto3" json:"cred,omitempty"`
	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
	XXX_unrecognized     []byte      `json:"-"`
	XXX_sizecache        int32       `json:"-"`
}

ValidateCredReq represents a request to verify a set of authentication credentials.

func (*ValidateCredReq) Descriptor added in v0.9.0 

func (*ValidateCredReq) Descriptor() ([]byte, []int)

func (*ValidateCredReq) GetCred added in v0.9.0 

func (m *ValidateCredReq) GetCred() *Credential

func (*ValidateCredReq) ProtoMessage added in v0.9.0 

func (*ValidateCredReq) ProtoMessage()

func (*ValidateCredReq) Reset added in v0.9.0 

func (m *ValidateCredReq) Reset()

func (*ValidateCredReq) String added in v0.9.0 

func (m *ValidateCredReq) String() string

func (*ValidateCredReq) XXX_DiscardUnknown added in v0.9.0 

func (m *ValidateCredReq) XXX_DiscardUnknown()

func (*ValidateCredReq) XXX_Marshal added in v0.9.0 

func (m *ValidateCredReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ValidateCredReq) XXX_Merge added in v0.9.0 

func (m *ValidateCredReq) XXX_Merge(src proto.Message)

func (*ValidateCredReq) XXX_Size added in v0.9.0 

func (m *ValidateCredReq) XXX_Size() int

func (*ValidateCredReq) XXX_Unmarshal added in v0.9.0 

func (m *ValidateCredReq) XXX_Unmarshal(b []byte) error

type ValidateCredResp added in v0.9.0 

type ValidateCredResp struct {
	Status               int32    `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"`
	Token                *Token   `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ValidateCredResp represents the result of a request to validate authentication credentials.

func (*ValidateCredResp) Descriptor added in v0.9.0 

func (*ValidateCredResp) Descriptor() ([]byte, []int)

func (*ValidateCredResp) GetStatus added in v0.9.0 

func (m *ValidateCredResp) GetStatus() int32

func (*ValidateCredResp) GetToken added in v0.9.0 

func (m *ValidateCredResp) GetToken() *Token

func (*ValidateCredResp) ProtoMessage added in v0.9.0 

func (*ValidateCredResp) ProtoMessage()

func (*ValidateCredResp) Reset added in v0.9.0 

func (m *ValidateCredResp) Reset()

func (*ValidateCredResp) String added in v0.9.0 

func (m *ValidateCredResp) String() string

func (*ValidateCredResp) XXX_DiscardUnknown added in v0.9.0 

func (m *ValidateCredResp) XXX_DiscardUnknown()

func (*ValidateCredResp) XXX_Marshal added in v0.9.0 

func (m *ValidateCredResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ValidateCredResp) XXX_Merge added in v0.9.0 

func (m *ValidateCredResp) XXX_Merge(src proto.Message)

func (*ValidateCredResp) XXX_Size added in v0.9.0 

func (m *ValidateCredResp) XXX_Size() int

func (*ValidateCredResp) XXX_Unmarshal added in v0.9.0 

func (m *ValidateCredResp) XXX_Unmarshal(b []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.