Documentation ¶
Index ¶
Constants ¶
View Source
const (
AAAPluginAPIVersion = 2
)
View Source
const AAAPluginsCfgDir = "/etc/aaa-plugins/"
View Source
const AAAPluginsDir = "/usr/lib/aaa-plugins/"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AAA ¶
type AAA struct {
Protocols map[string]*AAAProtocol
}
type AAAPlugin ¶
type AAAPlugin interface { // Called on startup and reload, to setup the plugin. Should only return error // if the plugin is not usable and should be skipped. Setup() error // Check if the provided user is valid and required to use this AAA plugin. // Should only return an error if the check could not be performed. ValidUser(uid uint32, groups []string) (bool, error) // Instantiate a task to be subjected to AAA in a protocol specific way. // Parameters: // - context: provide context if this command is run in conf-mode or op-mode or any // other potential future mode. This should allow the protocol to see // the difference if e.g. "show interfaces" was called in op-mode or // conf-mode. // - uid: the UID of the user who originally executed this command/path // - groups: the groups the user is member of // - path: fully resolved (no abbreviations) path // - pathAttrs: metadata of the path // - env: map of available environment attributes. Supported mappings are: // tty : a TTY name eg. ttyS0 NewTask(context string, uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, env map[string]string) (AAATask, error) // Account a given path the AAA protocol specific way. // Legacy accounting method, use NewTask method instead. Account(context string, uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs, env map[string]string) error // Authorize a given path the AAA protocol specific way. // Parameters: // - context: provide context if this command is run in conf-mode or op-mode or any // other potential future mode. This should allow the protocol to see // the difference if e.g. "show interfaces" was called in op-mode or // conf-mode. // - uid: the UID of the user who originally executed this command/path // - groups: the groups the user is member of // - path: fully resolved (no abbreviations) path // - pathAttrs: metadata of the path // // Should only return error if the AAA protocol exhibited an error which prevented // the authorization request. In all other cases it should resolve false otherwise. // Returning an error will skip the authorization protocol and proceeds with the // next authorization protocol if configured and supported. Authorize(context string, uid uint32, groups []string, path []string, pathAttrs *pathutil.PathAttrs) (bool, error) }
type AAAPluginConfig ¶
type AAAProtocol ¶
type AAAProtocol struct { Cfg AAAPluginConfig Plugin AAAPlugin }
Click to show internal directories.
Click to hide internal directories.