Documentation
¶
Index ¶
- type Access
- type BasicIdentity
- type CertIdentity
- type Identity
- type LocalIdentity
- type Manager
- func (m *Manager) AddIdentities(identities map[string]*Identity) error
- func (m *Manager) Ensure() error
- func (m *Manager) Identities() map[string]*Identity
- func (m *Manager) IdentityFromInputs(userID *uint32, username, password string, clientCert *x509.Certificate) *Identity
- func (m *Manager) RemoveIdentities(identities map[string]struct{}) error
- func (m *Manager) ReplaceIdentities(identities map[string]*Identity) error
- func (m *Manager) UpdateIdentities(identities map[string]*Identity) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BasicIdentity ¶
type BasicIdentity struct {
// Password holds the user's sha512-crypt-hashed password.
Password string `json:"password"`
}
BasicIdentity holds identity configuration specific to the "basic" type (for HTTP basic authentication).
type CertIdentity ¶
type CertIdentity struct {
X509 *x509.Certificate
}
Certificate identity represents the client in an mTLS connection. We only support a self-signed x509 certificate without intermediaries.
func (*CertIdentity) MarshalJSON ¶
func (c *CertIdentity) MarshalJSON() ([]byte, error)
func (*CertIdentity) UnmarshalJSON ¶
func (c *CertIdentity) UnmarshalJSON(data []byte) error
type Identity ¶
type Identity struct {
Name string `json:"-"`
Access Access `json:"access"`
// One or more of the following type-specific configuration fields must be
// non-nil.
Local *LocalIdentity `json:"local,omitempty"`
Basic *BasicIdentity `json:"basic,omitempty"`
Cert *CertIdentity `json:"cert,omitempty"`
}
Identity holds the configuration of a single identity.
IMPORTANT: When adding a new identity type, if there's sensitive fields in it (like passwords), be sure to omit it from API marshalling in api_identities.go.
type LocalIdentity ¶
type LocalIdentity struct {
UserID uint32 `json:"user-id"`
}
LocalIdentity holds identity configuration specific to the "local" type (for ucrednet/UID authentication).
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func (*Manager) AddIdentities ¶
AddIdentities adds the given identities to the system. It's an error if any of the named identities already exist.
The state lock must be held for the duration of this call.
func (*Manager) Identities ¶
Identities returns all the identities in the system. The returned map is a shallow clone, so map mutations won't affect state.
The state lock must be held for the duration of this call.
func (*Manager) IdentityFromInputs ¶
func (m *Manager) IdentityFromInputs(userID *uint32, username, password string, clientCert *x509.Certificate) *Identity
IdentityFromInputs returns an identity matching the given inputs.
We prioritize clientCert and username/password if either is provided, because they are intentionally setup by the client.
If no matching identity is found for the given inputs, nil is returned.
The state lock must be held for the duration of this call.
func (*Manager) RemoveIdentities ¶
RemoveIdentities removes the named identities from the system. It's an error if any of the named identities do not exist.
The state lock must be held for the duration of this call.
func (*Manager) ReplaceIdentities ¶
ReplaceIdentities replaces the named identities in the system with the given identities (adding those that don't exist), or removes them if the map value is nil.
The state lock must be held for the duration of this call.
Source Files