Package styxauth provides authentication methods for 9P servers.
TLSSubjectCN authenticates a client using the underyling tls connection. The client must provide a valid certificate with a common name that matches the username field in the authentication request. For more control over cert-based authentication, use the TLSAuth type.
All combines multiple styx.AuthFunc values into a single styx.AuthFunc. When authenticating, the each AuthFunc is called in order. If all AuthFunc backends succeed, authentication is succesful. Otherwise, authentication fails.
Any combines multiple styx.AuthFunc values into a single styx.AuthFunc. Authentication completes succesfully on the first nil return value. If none of the AuthFunc parameters return nil, authentication fails.
SocketPeerID uses the underlying unix socket to authenticate users. The underlying connection must be a unix socket. The authentication method will obtain the user of the connecting process, and compare it to the user parameter in the authentication request. Authentication fails if the user name does not match, or the underlying transport is not a unix socket.
TLSAuth returns a styx.AuthFunc value that authenticates a user based on the status of the underlying TLS connection. After validating the client certificate, the callback function is called with the connection state as a parameter. The callback must return nil if authentication succeeds, and a non-nil error otherwise.
The return value of Whitelist will authenticate users successfully only if the tuple (user, access) is true in the rules map. The rules map should not be modified during authentication.
A TLSAuthFunc is called when validating an attach request based on the underlying TLS connection.