keyserv

package
v0.0.0-...-6d2d128 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2017 License: GPL-3.0 Imports: 28 Imported by: 0

Documentation

Overview

cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.

cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.

cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.

cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.

cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.

Index

Constants

View Source 
const (
	KMIPTimeoutSec = 30 // timeout in seconds
	/*
		Both server and client refuse to accept a structure larger than this number. The number is
		reasonable and big enough for all three operations supported by server and client: create, get, and destroy.
	*/
	MaxKMIPStructLen   = 65536
	KMIPAESKeySizeBits = 256 // The only kind of AES encryption key the KMIP server and client will expect to use
	ClientMaxRetry     = 7   // Maximum number of times for client to retry failed KMIP connection.
)
View Source 
const (
	SRV_CONF_MAIL_RECIPIENTS     = "EMAIL_RECIPIENTS"
	SRV_CONF_MAIL_FROM_ADDR      = "EMAIL_FROM_ADDRESS"
	SRV_CONF_MAIL_AGENT_AND_PORT = "EMAIL_AGENT_AND_PORT"
	SRV_CONF_MAIL_AGENT_USERNAME = "EMAIL_AGENT_USERNAME"
	SRV_CONF_MAIL_AGENT_PASSWORD = "EMAIL_AGENT_PASSWORD"
)
View Source 
const (
	RPC_DIAL_TIMEOUT_SEC = 10
	CLIENT_CONF_HOST     = "KEY_SERVER_HOST"
	CLIENT_CONF_PORT     = "KEY_SERVER_PORT"
	CLIENT_CONF_CA       = "TLS_CA_PEM"
	CLIENT_CONF_CERT     = "TLS_CERT_PEM"
	CLIENT_CONF_CERT_KEY = "TLS_CERT_KEY_PEM"
	TEST_RPC_PASS        = "pass"
)
View Source 
const (
	LenAdminChallenge = 64   // length of the random challenge that must be verified in order to shutdown server
	LEN_PASS_SALT     = 64   // length of random salt to go with each password
	SRV_DEFAULT_PORT  = 3737 // default port for the key server to listen on

	SRV_CONF_PASS_HASH           = "AUTH_PASSWORD_HASH"
	SRV_CONF_PASS_SALT           = "AUTH_PASSWORD_SALT"
	SRV_CONF_TLS_CA              = "TLS_CA_PEM"
	SRV_CONF_TLS_CERT            = "TLS_CERT_PEM"
	SRV_CONF_TLS_KEY             = "TLS_CERT_KEY_PEM"
	SRV_CONF_TLS_VALIDATE_CLIENT = "TLS_VALIDATE_CLIENT"
	SRV_CONF_LISTEN_ADDR         = "LISTEN_ADDRESS"
	SRV_CONF_LISTEN_PORT         = "LISTEN_PORT"
	SRV_CONF_KEYDB_DIR           = "KEY_DB_DIR"
	SRV_CONF_MAIL_CREATION_SUBJ  = "EMAIL_KEY_CREATION_SUBJECT"
	SRV_CONF_MAIL_CREATION_TEXT  = "EMAIL_KEY_CREATION_GREETING"
	SRV_CONF_MAIL_RETRIEVAL_SUBJ = "EMAIL_KEY_RETRIEVAL_SUBJECT"
	SRV_CONF_MAIL_RETRIEVAL_TEXT = "EMAIL_KEY_RETRIEVAL_GREETING"

	SRV_CONF_KMIP_SERVER_ADDRS    = "KMIP_SERVER_ADDRESSES"
	SRV_CONF_KMIP_SERVER_USER     = "KMIP_SERVER_USER"
	SRV_CONF_KMIP_SERVER_PASS     = "KMIP_SERVER_PASS"
	SRV_CONF_KMIP_TLS_DO_VERIFY   = "KMIP_TLS_DO_VERIFY"
	SRV_CONF_KMIP_SERVER_TLS_CA   = "KMIP_CA_PEM"
	SRV_CONF_KMIP_SERVER_TLS_CERT = "KMIP_TLS_CERT_PEM"
	SRV_CONF_KMIP_SERVER_TLS_KEY  = "KMIP_TLS_CERT_KEY_PEM"

	KeyNamePrefix = "cryptctl-" // Prefix string prepended to KMIP keys

	DomainSocketFile = "/var/run/cryptctl-domainsocket" // DomainSocketFile is the file name of unix domain socket server
)
View Source 
const (
	LenKMIPRandomPass = 256 // length of random password validated by KMIP server
)

Variables

View Source 
var PkgInGopath = path.Join(path.Join(os.Getenv("GOPATH"), "/src/github.com/HouzuoGuo/cryptctl")) // this package in gopath
View Source 
var RPCObjNameFmt = reflect.TypeOf(CryptServiceConn{}).Name() + ".%s" // for constructing RPC function name in RPC call

Functions

func GetDefaultKeySvcConf 

func GetDefaultKeySvcConf() *sys.Sysconfig

func GetNewDiskEncryptionKeyBits 

func GetNewDiskEncryptionKeyBits() []byte

Create a new disk encryption key out of entropy from cryptographic random pool.

func IsMailAddressComplete 

func IsMailAddressComplete(addr string) bool

Return true only if both at-sign and full-stop are in the string.

func ReadFullTTLV 

func ReadFullTTLV(reader io.Reader) (ttlv.Item, error)

Read an entire TTLV structure from reader's input and return.

func ResponseItemToError 

func ResponseItemToError(resp structure.SResponseBatchItem) error

If KMIP response item contains an error, return the error, otherwise return nil.

func StartTestServer 

func StartTestServer(tb testing.TB) (*CryptClient, *CryptServer, func(testing.TB))

Start an RPC server in a testing configuration, return a client connected to the server and a teardown function.

Types

type AutoRetrieveKeyReq 

type AutoRetrieveKeyReq struct {
	UUIDs    []string // (locked) file system UUIDs
	Hostname string   // client's host name (for logging only)
}

A request to retrieve encryption keys without using password.

type AutoRetrieveKeyResp 

type AutoRetrieveKeyResp struct {
	Granted  map[string]keydb.Record // these keys are now granted to the requester
	Rejected []string                // these keys exist in database but are not allowed to be retrieved at the moment
	Missing  []string                // these keys cannot be found in database
}

A response to key retrieval (without using password) request.

type CreateKeyReq 

type CreateKeyReq struct {
	Password         HashedPassword // access is granted only after the correct password is given
	Hostname         string         // computer host name (for logging only)
	UUID             string         // file system uuid
	MountPoint       string         // mount point of the file system
	MountOptions     []string       // mount options of the file system
	MaxActive        int            // maximum allowed active key users (computers), set to <=0 to allow unlimited.
	AliveIntervalSec int            //interval in seconds at which all user of the file system holding this key must report they're online
	AliveCount       int            //a computer holding the file system is considered offline after missing so many alive messages
}

A request to create an encryption key on server.

func (CreateKeyReq) Validate 

func (req CreateKeyReq) Validate() error

Make sure that the request attributes are sane.

type CreateKeyResp 

type CreateKeyResp struct {
	KeyContent []byte // Disk encryption key
}

A response to a newly saved key

type CryptClient 

type CryptClient struct {
	Address string // Address is the server address string, IP:port for TCP and file name for domain socket.
	Type    string // Type is either "tcp" or "unix" depends on the connection address.
	TLSCert string // TLSCert is path to TLS certificate that is presented by client to server.
	TLSKey  string // TLSKey is path to TLS key corresponding to the certificate.
	// contains filtered or unexported fields
}

CryptClient implements an RPC client for CryptServer.

func NewCryptClient 

func NewCryptClient(connType, address string, caCertPEM []byte, certPath, certKeyPath string) (*CryptClient, error)

Initialise an RPC client. The function does not immediately establish a connection to server, connection is only made along with each RPC call.

func NewCryptClientFromSysconfig 

func NewCryptClientFromSysconfig(sysconf *sys.Sysconfig) (*CryptClient, error)

Initialise an RPC client by reading settings from sysconfig file.

func (*CryptClient) AutoRetrieveKey 

func (client *CryptClient) AutoRetrieveKey(req AutoRetrieveKeyReq) (resp AutoRetrieveKeyResp, err error)

Retrieve encryption keys without a password.

func (*CryptClient) CreateKey 

func (client *CryptClient) CreateKey(req CreateKeyReq) (resp CreateKeyResp, err error)

Create a new key record.

func (*CryptClient) DoRPC 

func (client *CryptClient) DoRPC(fun func(*rpc.Client) error) (err error)

Establish a new TLS connection to RPC server and then invoke an RPC on the connection. The function deliberately establishes a new connection on each RPC call, in order to reduce complexity in managing the client connections, especially in the area of keep-alive. The client is not expected to make high volume of calls hence there is absolutely no performance concern.

func (*CryptClient) EraseKey 

func (client *CryptClient) EraseKey(req EraseKeyReq) error

Tell server to delete an encryption key.

func (*CryptClient) GetSalt 

func (client *CryptClient) GetSalt() (salt PasswordSalt, err error)

Retrieve the salt that was used to hash server's access password.

func (*CryptClient) ManualRetrieveKey 

func (client *CryptClient) ManualRetrieveKey(req ManualRetrieveKeyReq) (resp ManualRetrieveKeyResp, err error)

Retrieve encryption keys using a password. All requested keys will be granted regardless of MaxActive restriction.

func (*CryptClient) Ping 

func (client *CryptClient) Ping(req PingRequest) error

Ping RPC server. Return an error if there is a communication mishap or server has not undergone the initial setup.

func (*CryptClient) PollCommand 

func (client *CryptClient) PollCommand(req PollCommandReq) (resp PollCommandResp, err error)

func (*CryptClient) ReloadRecord 

func (client *CryptClient) ReloadRecord(req ReloadRecordReq) error

ReloadRecord tells server to reload exactly one database record.

func (*CryptClient) ReportAlive 

func (client *CryptClient) ReportAlive(req ReportAliveReq) (rejectedUUIDs []string, err error)

Submit a report that says the requester is still alive and holding the encryption keys. Return UUID of keys that are rejected - which means they previously lost contact with this host and no longer consider it eligible to hold the keys.

func (*CryptClient) SaveCommandResult 

func (client *CryptClient) SaveCommandResult(req SaveCommandResultReq) error

func (*CryptClient) Shutdown 

func (client *CryptClient) Shutdown(req ShutdownReq) error

Shut down server's listener.

type CryptServer 

type CryptServer struct {
	Config            CryptServiceConfig // service configuration
	Mailer            *Mailer            // mail notification sender
	KeyDB             *keydb.DB          // encryption key database
	TLSConfig         *tls.Config        // TLS certificate chain and private key
	TCPListener       net.Listener       // TCPListener is the TCP server that serves all RPC functions
	UnixListener      net.Listener       // UnixListener is the Unix domain socket that serves all RPC functions
	BuiltInKMIPServer *KMIPServer        // Built-in KMIP server in case there's no external server
	KMIPClient        *KMIPClient        // KMIP client connected to either built-in KMIP server or external server
	AdminChallenge    []byte             // a random secret that must be verified for incoming shutdown/reload requests
}

RPC and KMIP server for accessing encryption keys.

func NewCryptServer 

func NewCryptServer(config CryptServiceConfig, mailer Mailer) (srv *CryptServer, err error)

Initialise an RPC server from sysconfig file text.

func (*CryptServer) CheckInitialSetup 

func (srv *CryptServer) CheckInitialSetup() error

Check that password parameters are present, which means the initial setup of the server has been completed. Return nil if all OK. Return an error with description text if password parameters are incomplete.

func (*CryptServer) HandleTCPConnections 

func (srv *CryptServer) HandleTCPConnections()

HandleTCPConnections accepts connections on TCP listener in a continuous loop. Blocks caller until listener closes.

func (*CryptServer) HandleUnixConnections 

func (srv *CryptServer) HandleUnixConnections()

HandleUnixConnections accepts connections on Unix domain socket in a continuous loop. Blocks caller until the listener closes.

func (*CryptServer) ListenTCP 

func (srv *CryptServer) ListenTCP() error

Start RPC server. If the RPC server does not have KMIP connectivity settings, start an incomplete implementation of KMIP server. Block caller until the listener quits.

func (*CryptServer) ListenUnix 

func (srv *CryptServer) ListenUnix() (err error)

ListenUnix starts an RPC server listener on unix domain socket.

func (*CryptServer) ServeConn 

func (srv *CryptServer) ServeConn(incoming net.Conn)

Create an RPC service object that handles requests from an incoming connection.

func (*CryptServer) Shutdown 

func (srv *CryptServer) Shutdown()

Shut down all RPC server listeners. If built-in KMIP server was started, shut that one down as well.

func (*CryptServer) ValidatePassword 

func (srv *CryptServer) ValidatePassword(pass HashedPassword) error

Validate a password against stored hash.

type CryptServiceConfig 

type CryptServiceConfig struct {
	PasswordHash         [sha512.Size]byte   // password hash (salted) that authenticates incoming requests
	PasswordSalt         [LEN_PASS_SALT]byte // password hash salt
	CertAuthorityPEM     string              // path to PEM-encoded CA certificate
	ValidateClientCert   bool                // whether the server will authenticate its client before accepting RPC request
	CertPEM              string              // path to PEM-encoded TLS certificate
	KeyPEM               string              // path to PEM-encoded TLS certificate key
	Address              string              // address of the network interface to listen on
	Port                 int                 // port to listen on
	KeyDBDir             string              // key database directory
	KeyCreationSubject   string              // subject of the notification email sent by key creation request
	KeyCreationGreeting  string              // greeting of the notification email sent by key creation request
	KeyRetrievalSubject  string              // subject of the notification email sent by key retrieval request
	KeyRetrievalGreeting string              // greeting of the notification email sent by key retrieval request
	KMIPAddresses        []string            // optional KMIP server addresses (server1:port1 server2:port2 ...)
	KMIPUser             string              // optional KMIP service access user
	KMIPPass             string              // optional KMIP service access password
	KMIPCertAuthorityPEM string              // optional KMIP server CA certificate
	KMIPTLSDoVerify      bool                // Enable verification on KMIP server's TLS certificate
	KMIPCertPEM          string              // optional KMIP client certificate
	KMIPKeyPEM           string              // optional KMIP client certificate key
}

Configuration for RPC server.

func (*CryptServiceConfig) ReadFromSysconfig 

func (conf *CryptServiceConfig) ReadFromSysconfig(sysconf *sys.Sysconfig) error

Read key server configuration from a sysconfig file.

func (*CryptServiceConfig) Validate 

func (conf *CryptServiceConfig) Validate() error

Preliminarily validate configuration and report error.

type CryptServiceConn 

type CryptServiceConn struct {
	RemoteHost string
	Svc        *CryptServer
}

Serve RPC routines for key creation/retrieval services.

func (*CryptServiceConn) AutoRetrieveKey 

func (rpcConn *CryptServiceConn) AutoRetrieveKey(req AutoRetrieveKeyReq, resp *AutoRetrieveKeyResp) error

Retrieve encryption keys without using a password. The request is usually sent automatically when disk comes online.

func (*CryptServiceConn) CreateKey 

func (rpcConn *CryptServiceConn) CreateKey(req CreateKeyReq, resp *CreateKeyResp) error

Save a new key record.

func (*CryptServiceConn) EraseKey 

func (rpcConn *CryptServiceConn) EraseKey(req EraseKeyReq, _ *DummyAttr) error

func (*CryptServiceConn) GetSalt 

func (rpcConn *CryptServiceConn) GetSalt(_ DummyAttr, salt *PasswordSalt) error

Hand over the salt that was used to hash server's access password.

func (*CryptServiceConn) ManualRetrieveKey 

func (rpcConn *CryptServiceConn) ManualRetrieveKey(req ManualRetrieveKeyReq, resp *ManualRetrieveKeyResp) error

Retrieve encryption keys using a password. All requested keys will be granted regardless of MaxActive restriction.

func (*CryptServiceConn) Ping 

func (rpcConn *CryptServiceConn) Ping(req PingRequest, _ *DummyAttr) error

If the server is ready to manage encryption keys, return nothing successfully. Return an error if otherwise.

func (*CryptServiceConn) PollCommand 

func (rpcConn *CryptServiceConn) PollCommand(req PollCommandReq, resp *PollCommandResp) error

PollCommand returns exactly one unseen pending command.

func (*CryptServiceConn) ReloadRecord 

func (rpcConn *CryptServiceConn) ReloadRecord(req ReloadRecordReq, _ *DummyAttr) error

ReloadRecord causes exactly one database record to be reloaded from disk.

func (*CryptServiceConn) ReportAlive 

func (rpcConn *CryptServiceConn) ReportAlive(req ReportAliveReq, rejectedUUIDs *[]string) error

Submit a report that says the requester is still alive and holding the encryption keys. No password required. Respond with UUID of keys that are rejected - which means they previously lost contact with the requester and no longer consider it eligible to hold the keys.

func (*CryptServiceConn) SaveCommandResult 

func (rpcConn *CryptServiceConn) SaveCommandResult(req SaveCommandResultReq, _ *DummyAttr) error

SaveCommandResult saves execution result of a pending command.

func (*CryptServiceConn) Shutdown 

func (rpcConn *CryptServiceConn) Shutdown(req ShutdownReq, _ *DummyAttr) error

Shut down the server's listener.

type DummyAttr 

type DummyAttr bool // dummy type for a placeholder receiver in an RPC function

type EraseKeyReq 

type EraseKeyReq struct {
	Password HashedPassword // access is granted only after the correct password is given
	Hostname string         // client's host name (for logging only)
	UUID     string         // UUID of the disk to delete key for
}

A request to erase an encryption key.

type HashedPassword 

type HashedPassword [sha512.Size]byte

func HashPassword 

func HashPassword(salt PasswordSalt, plainText string) HashedPassword

Compute a salted password hash using SHA512 method.

type KMIPClient 

type KMIPClient struct {
	ServerAddrs        []string
	Username, Password string
	TLSConfig          *tls.Config
}

Implement a KMIP client that supports three operations - create, get, destroy. The client is designed to interoperate not only with KMIPServer that comes with cryptctl, but also with KMIP servers implemented by other vendors.

func NewKMIPClient 

func NewKMIPClient(addrs []string, username, password string, caCertPEM []byte, certFilePath, certKeyPath string) (*KMIPClient, error)

Initialise a KMIP client. The function does not immediately establish a connection to server.

func (*KMIPClient) ConverseWithRetry 

func (client *KMIPClient) ConverseWithRetry(request structure.SerialisedItem) (ttlv.Item, error)

Establish a TLS connection to server, send exactly one request and expect exactly one response, then close the connection. Retry up to a certain number of times in case IO error occurs.

func (*KMIPClient) CreateKey 

func (client *KMIPClient) CreateKey(keyName string) (id string, err error)

Create a new disk encryption key and return its KMIP ID.

func (*KMIPClient) DestroyKey 

func (client *KMIPClient) DestroyKey(id string) (err error)

Erase a key record.

func (*KMIPClient) GetKey 

func (client *KMIPClient) GetKey(id string) (key []byte, err error)

Retrieve a disk encryption key by its ID.

func (*KMIPClient) GetRequestHeader 

func (client *KMIPClient) GetRequestHeader() structure.SRequestHeader

Return a SRequestHeader structure that has client's protocol version and user credentials.

func (*KMIPClient) MakeRequest 

func (client *KMIPClient) MakeRequest(request structure.SerialisedItem) (structure.SerialisedItem, error)

Establish a TLS connection to server, send exactly one request and expect exactly one response, then close the connection. TLS handshake is way more expensive than KMIP operations, so consider using the connection for more requests in the future.

type KMIPServer 

type KMIPServer struct {
	DB                *keydb.DB    // key content database
	Listener          net.Listener // listener for client connections
	TLSConfig         *tls.Config  // TLS certificate chain and private key
	PasswordChallenge []byte       // a random hex-encoded string secret that must be presented by KMIP client as authentication password
}

A partially implemented KMIP protocol server that creates and serves encryption keys upon request. The implementation is specifically tailored to the requirements of RPC server, hence it does not validate client certificate and only relies on a long random password for authentication.

func NewKMIPServer 

func NewKMIPServer(db *keydb.DB, certFilePath, certKeyPath string) (*KMIPServer, error)

func (*KMIPServer) CheckPassword 

func (srv *KMIPServer) CheckPassword(header structure.SRequestHeader) error

Try to match KMIP request's password with server's challenge. If there is a mismatch, return an error.

func (*KMIPServer) GetPort 

func (srv *KMIPServer) GetPort() int

Return the TCP port server is listening on.

func (*KMIPServer) HandleConnection 

func (srv *KMIPServer) HandleConnection(conn net.Conn)

Converse with KMIP client. This KMIP server is made only for cryptctl's own KMIP client, hence a lot of validation work are skipped intentionally. Normally KMIP service is capable of handling more than one requests per connection, but cryptctl's own KMIP client only submits one request per connection.

func (*KMIPServer) HandleConnections 

func (srv *KMIPServer) HandleConnections()

Process incoming KMIP requests, block caller until listener is told to shut down.

func (*KMIPServer) HandleCreateRequest 

func (srv *KMIPServer) HandleCreateRequest(req *structure.SCreateRequest) (*structure.SCreateResponse, error)

Handle a KMIP create key request by generating the key as requested and place the key in a database record.

func (*KMIPServer) HandleDestroyRequest 

func (srv *KMIPServer) HandleDestroyRequest(req *structure.SDestroyRequest) (*structure.SDestroyResponse, error)

Handle a KMIP destroy request by removing the key record entirely from memory and disk.

func (*KMIPServer) HandleGetRequest 

func (srv *KMIPServer) HandleGetRequest(req *structure.SGetRequest) (*structure.SGetResponse, error)

Handle a KMIP get request by responding with key content.

func (*KMIPServer) HandleRequest 

func (srv *KMIPServer) HandleRequest(req structure.SerialisedItem, conn net.Conn) (err error)

Handle a KMIP request, produce a response structure and send it back to client.

func (*KMIPServer) Listen 

func (srv *KMIPServer) Listen() error

Start KMIP server's listener.

func (*KMIPServer) Shutdown 

func (srv *KMIPServer) Shutdown()

Close listener and shutdown service.

type Mailer 

type Mailer struct {
	Recipients       []string // List of Email addresses that receive notifications
	FromAddress      string   // FROM address of the notifications
	AgentAddressPort string   // Address and port number of mail transportation agent for sending notifications
	AuthUsername     string   // (Optional) Username for plain authentication, if the SMTP server requires it.
	AuthPassword     string   // (Optional) Password for plain authentication, if the SMTP server requires it.
}

Parameters for sending notification emails.

func (*Mailer) ReadFromSysconfig 

func (mail *Mailer) ReadFromSysconfig(sysconf *sys.Sysconfig)

Read mail settings from keys in sysconfig file.

func (*Mailer) Send 

func (mail *Mailer) Send(subject, text string) error

Deliver an email to all recipients.

func (*Mailer) ValidateConfig 

func (mail *Mailer) ValidateConfig() error

Return true only if all mail parameters are present.

type ManualRetrieveKeyReq 

type ManualRetrieveKeyReq struct {
	Password HashedPassword // access to keys is granted only after the correct password is given.
	UUIDs    []string       // (locked) file system UUIDs
	Hostname string         // client's host name (for logging only)
}

A request to forcibly retrieve encryption keys using a password.

type ManualRetrieveKeyResp 

type ManualRetrieveKeyResp struct {
	Granted map[string]keydb.Record // these keys are now granted to the requester
	Missing []string                // these keys cannot be found in database
}

A response to forced key retrieval (with password) request.

type PasswordSalt 

type PasswordSalt [LEN_PASS_SALT]byte

func NewSalt 

func NewSalt() (ret PasswordSalt)

Return a newly generated salt for hasing passwords.

type PingRequest 

type PingRequest struct {
	Password HashedPassword // access is only granted after correct password is given
}

A request to ping server and test its readiness for key operations.

type PollCommandReq 

type PollCommandReq struct {
	UUIDs []string // UUIDs is an array of UUID to poll commands from.
}

PollCommandReq instructs server to return the oldest unseen pending command associated with requested UUIDs.

type PollCommandResp 

type PollCommandResp struct {
	Commands map[string][]keydb.PendingCommand
}

PollCommandResp contains the oldest unseen pending command from each of requested UUIDs.

type ReloadRecordReq 

type ReloadRecordReq struct {
	Password HashedPassword // Password is provided by client and validated to grant access to this function.
	UUID     string         // UUID is the UUID of record to be reloaded.
}

ReloadRecordReq instructs server to reload one record from disk into database.

type ReportAliveReq 

type ReportAliveReq struct {
	Hostname string   // client's host name (for logging only)
	UUIDs    []string // UUID of disks that are reportedly alive
}

A request to submit an alive report.

type SaveCommandResultReq 

type SaveCommandResultReq struct {
	UUID           string      // UUID is the UUID of record.
	CommandContent interface{} // CommandContent is the content of pending command as it was originally received.
	Result         string      // Result is a human readable text representation of execution result
}

SaveCommandResultReq saves execution result of a pending command that was previously polled by a client.

type ShutdownReq 

type ShutdownReq struct {
	Challenge []byte
}

A request to shut down the server so that it stops accepting connections.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.