aaa

package module
v0.0.0-...-ab768f6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 18, 2021 License: MPL-2.0 Imports: 8 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	AAAPluginAPIVersion = 2
)
View Source 
const AAAPluginsCfgDir = "/etc/aaa-plugins/"
View Source 
const AAAPluginsDir = "/usr/lib/aaa-plugins/"

Variables

This section is empty.

Functions

This section is empty.

Types

type AAA 

type AAA struct {
	Protocols map[string]*AAAProtocol
}

func LoadAAA 

func LoadAAA() (*AAA, error)

type AAAPlugin 

type AAAPlugin interface {
	// Called on startup and reload, to setup the plugin. Should only return error
	// if the plugin is not usable and should be skipped.
	Setup() error

	// Check if the provided user is valid and required to use this AAA plugin.
	// Should only return an error if the check could not be performed.
	ValidUser(uid uint32, groups []string) (bool, error)

	// Instantiate a task to be subjected to AAA in a protocol specific way.
	// Parameters:
	// - context: provide context if this command is run in conf-mode or op-mode or any
	//            other potential future mode. This should allow the protocol to see
	//            the difference if e.g. "show interfaces" was called in op-mode or
	//            conf-mode.
	// - uid: the UID of the user who originally executed this command/path
	// - groups: the groups the user is member of
	// - path: fully resolved (no abbreviations) path
	// - pathAttrs: metadata of the path
	// - env: map of available environment attributes. Supported mappings are:
	//		tty : a TTY name eg. ttyS0
	NewTask(context string, uid uint32, groups []string, path []string,
		pathAttrs *pathutil.PathAttrs, env map[string]string) (AAATask, error)

	// Account a given path the AAA protocol specific way.
	// Legacy accounting method, use NewTask method instead.
	Account(context string, uid uint32, groups []string, path []string,
		pathAttrs *pathutil.PathAttrs, env map[string]string) error

	// Authorize a given path the AAA protocol specific way.
	// Parameters:
	// - context: provide context if this command is run in conf-mode or op-mode or any
	//            other potential future mode. This should allow the protocol to see
	//            the difference if e.g. "show interfaces" was called in op-mode or
	//            conf-mode.
	// - uid: the UID of the user who originally executed this command/path
	// - groups: the groups the user is member of
	// - path: fully resolved (no abbreviations) path
	// - pathAttrs: metadata of the path
	//
	// Should only return error if the AAA protocol exhibited an error which prevented
	// the authorization request. In all other cases it should resolve false otherwise.
	// Returning an error will skip the authorization protocol and proceeds with the
	// next authorization protocol if configured and supported.
	Authorize(context string, uid uint32, groups []string, path []string,
		pathAttrs *pathutil.PathAttrs) (bool, error)
}

type AAAPluginConfig 

type AAAPluginConfig struct {
	CmdAcct   bool   `json:"command-accounting"`
	CmdAuthor bool   `json:"command-authorization"`
	Name      string `json:"name"`
}

type AAAProtocol 

type AAAProtocol struct {
	Cfg    AAAPluginConfig
	Plugin AAAPlugin
}

type AAATask 

type AAATask interface {
	// Account the start of the task
	AccountStart() error

	// Account the end of the task.
	// If provided, the error indicates the task failed with the given error.
	AccountStop(*error) error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.