message

package

v0.0.14 Latest Latest Go to latest Published: May 23, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/theparanoids/ysshra

Links

Open Source Insights

Documentation ¶

Overview ¶

Package message provides functionality for handling message that a client pass to an RA. The message contain attributes of SSH certificate that the client requests for. For example: "IFVer=6 SSHClientVersion=8.1 req=alice@host1 HardKey=true Touch2SSH=true github=false" means the requester is "alice" in host "host1", the certificate she requests has the corresponding private key in YubiKey, she needs to touch the YubiKey before login, and the certificate is not for GitHub. In particular, this package provides marshaling and unmarshaling between the standard message struct and its string format.

Index ¶

type Attributes
- func Unmarshal(attrsStr string) (*Attributes, error)
- func UnmarshalLegacy(attrsStr string) (*Attributes, error)
type TouchlessSudo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Attributes ¶

type Attributes struct {
	// IfVer is the version of the gensign attributes interface version.
	IfVer int `json:"ifVer"`
	// Username is the user name of client. Required.
	Username string `json:"username"`
	// Hostname is the host name of client. Required.
	Hostname string `json:"hostname"`
	// SSHClientVersion is the ssh version on the requester host. Required.
	SSHClientVersion string `json:"sshClientVersion"`
	// CAPubKeyAlgo is to specify the CA public key algorithm for the requested certificate.
	// It would be mapped to an identifier string of a key slot in CA.
	CAPubKeyAlgo x509.PublicKeyAlgorithm `json:"caPubKeyAlgo,omitempty"`
	// SignatureAlgo is the signing algorithm of the requested certificate. (Not implemented.)
	SignatureAlgo x509.SignatureAlgorithm `json:"signatureAlgo,omitempty"`
	// HardKey indicates whether the request is associated to a public key backed in a smartcard hardware.
	HardKey bool `json:"hardKey"`
	// Touch2SSH indicates whether the requested certificate requires a touch during SSH login challenge.
	Touch2SSH bool `json:"touch2SSH,omitempty"`
	// TouchlessSudo indicates whether the requested certificate is touchless during SUDO challenge.
	TouchlessSudo *TouchlessSudo `json:"touchlessSudo,omitempty"`
	// Exts contains the extended key value mappings. It is useful to add extra fields for specific handlers or modules.
	Exts map[string]interface{} `json:"exts,omitempty"`
}

Attributes stores information that client passes to RA, containing attributes of SSH certificate that the client request for.

func Unmarshal ¶

func Unmarshal(attrsStr string) (*Attributes, error)

Unmarshal converts an SSH arg string to an *Attributes. It guarantees the output fields are all valid in format when error is nil.

func UnmarshalLegacy ¶

func UnmarshalLegacy(attrsStr string) (*Attributes, error)

UnmarshalLegacy converts a legacy SSH arg string to an *Attributes. It guarantees the output fields are all valid in format when error is nil. TODO: cleanup UnmarshalLegacy once we upgrade the gensign IFVer to 7.

func (*Attributes) ExtendedAttr ¶

func (a *Attributes) ExtendedAttr(key string) (interface{}, error)

ExtendedAttr looks up the value of the key from the extended attributes.

func (*Attributes) ExtendedAttrBool ¶

func (a *Attributes) ExtendedAttrBool(key string) (bool, error)

ExtendedAttrBool looks up the value of the key from the extended attributes. Return the value in bool type.

func (*Attributes) ExtendedAttrStr ¶

func (a *Attributes) ExtendedAttrStr(key string) (string, error)

ExtendedAttrStr looks up the value of the key from the extended attributes. Return the value in string type.

func (*Attributes) Marshal ¶

func (a *Attributes) Marshal() (string, error)

Marshal converts an *Attributes to a json string. It guarantees the output fields are all valid in format when error is nil.

func (*Attributes) MarshalLegacy ¶

func (a *Attributes) MarshalLegacy() (string, error)

MarshalLegacy converts an *Attributes to a legacy SSH arg string that concatenated by space. It guarantees the output fields are all valid in format when error is nil. TODO: cleanup MarshalLegacy once we upgrade the gensign IFVer to 7.

type TouchlessSudo ¶

type TouchlessSudo struct {
	// IsFirefighter indicates whether the requested certificate should be a firefighter cert or not.
	IsFirefighter bool `json:"isFirefighter,omitempty"`
	// Hosts are the destination host list that accept the requested touchless certificate.
	Hosts string `json:"hosts,omitempty"`
	// Time indicates the valid time period of the touchless certificate (in minutes).
	Time int64 `json:"time,omitempty"`
}

TouchlessSudo stores information that client passes to RA about touchless sudo.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL