Documentation ¶
Overview ¶
Package authorizer deals client authorization based on a definite set of polkit actions. The client uid and pid are obtained via the unix socket (SO_PEERCRED) information, that are attached to the grpc request by the server.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var OnUserKey onUserKey = "UserName"
OnUserKey is the authorizer context key passing optional user name
Functions ¶
func WithUnixPeerCreds ¶
func WithUnixPeerCreds() grpc.ServerOption
WithUnixPeerCreds returns the credentials of the caller
Types ¶
type Action ¶
type Action string
Action is an polkit action
const ( // ActionAlwaysAllowed is a no-op bypassing any user or dbus checks. ActionAlwaysAllowed Action = "always-allowed" // ActionManageService is the action to perform read operations. ActionManageService Action = "com.ubuntu.zsys.manage-service" // ActionSystemList is the action to perform system list operations. ActionSystemList Action = "com.ubuntu.zsys.system-list" // ActionSystemWrite is the action to perform system write operations. ActionSystemWrite Action = "com.ubuntu.zsys.system-write" // ActionUserWrite is the action which will be transformed to Self or Others depending on the request and requester. ActionUserWrite Action = "internal-for-actionUserWriteSelf-or-actionUserWriteOthers-based-on-uid" )
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer is an abstraction of polkit authorization.
func New ¶
func New(options ...func(*Authorizer)) (*Authorizer, error)
New returns a new authorizer.
func (Authorizer) IsAllowedFromContext ¶
func (a Authorizer) IsAllowedFromContext(ctx context.Context, action Action) (err error)
IsAllowedFromContext returns nil if the user is allowed to perform an operation. The pid and uid are extracted from peerCredsInfo grpc context
Click to show internal directories.
Click to hide internal directories.