security

package
v0.0.0-...-fa57f66 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 1, 2021 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// login data not found, need to request user input
	ErrNotFound = errors.New("not found")

	// old login data invalid, need to request a new one
	ErrOldInvalid = errors.New("old invalid")

	// operation not supported
	ErrUnsupported = errors.New("not supported")
)

Errors require special handling nolint:revive

Functions

func NewAuthorizationHandlerConfig 

func NewAuthorizationHandlerConfig(name string) (interface{}, error)

func NewKeychainHandlerConfig 

func NewKeychainHandlerConfig(name string) (interface{}, error)

func RegisterAuthorizationHandler 

func RegisterAuthorizationHandler(
	name string,
	f AuthorizationHandlerFactoryFunc,
	cf AuthorizationHandlerConfigFactoryFunc,
)

func RegisterKeychainHandler 

func RegisterKeychainHandler(
	name string,
	f KeychainHandlerFactoryFunc,
	cf KeychainHandlerConfigFactoryFunc,
)

Types

type AuthPolicy 

type AuthPolicy struct {
}

AuthPolicy to automatically allow/deny certain access

type AuthRequest 

type AuthRequest struct {
	UserDisplayName string `json:"user_display_name" yaml:"user_display_name"`
	UserLoginName   string `json:"user_login_name" yaml:"user_login_name"`
	UserID          string `json:"user_id" yaml:"user_id"`

	PrimaryGroupName string           `json:"primary_group_name" yaml:"primary_group_name"`
	PrimaryGroupID   string           `json:"primary_group_id" yaml:"primary_group_id"`
	SupplementGIDs   []GroupNameAndID `json:"supplement_gids" yaml:"supplement_gids"`

	ProcessName string `json:"process_name" yaml:"process_name"`
	ProcessID   uint64 `json:"process_id" yaml:"process_id"`

	ParentProcessName string `json:"parent_process_name" yaml:"parent_process_name"`
	ParentProcseeID   uint64 `json:"parent_process_id" yaml:"parent_process_id"`

	ProcessCallingPath []ProcessNameAndID `json:"process_calling_path" yaml:"process_calling_path"`

	Operation string `json:"operation" yaml:"operation"`
	File      string `json:"file" yaml:"file"`
}

AuthRequest is the request containing request user and intension

func CreateAuthRequest 

func CreateAuthRequest(uid string, pid uint64, op OperationKind, file string) (*AuthRequest, error)

func (*AuthRequest) CreateKey 

func (r *AuthRequest) CreateKey(policy *AuthPolicy) string

func (*AuthRequest) FormatPrompt 

func (r *AuthRequest) FormatPrompt() string

type AuthorizationData 

type AuthorizationData interface{}

AuthorizationData returned by security service

type AuthorizationHandler 

type AuthorizationHandler interface {
	// Request explicit user authorization
	Authorize(req *AuthRequest) error
}

func NewAuthorizationHandler 

func NewAuthorizationHandler(name string, config interface{}) (AuthorizationHandler, error)

type AuthorizationHandlerConfigFactoryFunc 

type AuthorizationHandlerConfigFactoryFunc func() interface{}

type AuthorizationHandlerFactoryFunc 

type AuthorizationHandlerFactoryFunc func(config interface{}) (AuthorizationHandler, error)

type AuthorizationManager 

type AuthorizationManager struct {
	// contains filtered or unexported fields
}

func NewAuthorizationManager 

func NewAuthorizationManager(
	runningCtx context.Context,
	handler AuthorizationHandler,
	defaultPenaltyDuration time.Duration,
	defaultPermitDuration time.Duration,
) *AuthorizationManager

func (*AuthorizationManager) RequestAuth 

func (m *AuthorizationManager) RequestAuth(
	req *AuthRequest,
	permitDuration *time.Duration,
	penaltyDuration *time.Duration,
) error

RequestAuth checks if the authorization is still valid before actually request user authorization

func (*AuthorizationManager) Start 

func (m *AuthorizationManager) Start()

Start in background

func (*AuthorizationManager) Stop 

func (m *AuthorizationManager) Stop() error

type GroupNameAndID 

type GroupNameAndID struct {
	Name string `json:"name" yaml:"name"`
	GID  string `json:"gid" yaml:"gid"`
}

type KeychainHandler 

type KeychainHandler interface {
	// SaveLogin saves username and password to system keychain
	SaveLogin(pmDriver, configName, username, password string) error

	// DeleteLogin deletes stored username and password
	DeleteLogin(pmDriver, configName string) error

	// GetLogin retrieves previously stored username and password
	GetLogin(pmDriver, configName string) (username, password string, err error)
}

func NewKeychainHandler 

func NewKeychainHandler(name string, config interface{}) (KeychainHandler, error)

type KeychainHandlerConfigFactoryFunc 

type KeychainHandlerConfigFactoryFunc func() interface{}

type KeychainHandlerFactoryFunc 

type KeychainHandlerFactoryFunc func(config interface{}) (KeychainHandler, error)

type OperationKind 

type OperationKind int
const (
	OpRead OperationKind = iota + 1
	OpWrite
	OpAppend
	OpSeek
	OpRemove
)

func (OperationKind) String 

func (k OperationKind) String() string

type ProcessNameAndID 

type ProcessNameAndID struct {
	Name string `json:"name" yaml:"name"`
	PID  uint64 `json:"pid" yaml:"pid"`
}

Source Files

  • auth_handler_unsupported.go
  • auth_manager.go
  • keychain_handler_unsupported.go
  • registry.go
  • types.go

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.