package styxauth

import "aqwari.net/net/styx/styxauth"

Package styxauth provides authentication methods for 9P servers.

Index ¶

• Variables
• func All(auth ...styx.AuthFunc) styx.AuthFunc
• func Any(auth ...styx.AuthFunc) styx.AuthFunc
• func SocketPeerID(rwc styx.Channel, user, _ string) error
• func TLSAuth(fn TLSAuthFunc) styx.AuthFunc
• func Whitelist(rules map[[2]string]bool) styx.AuthFunc
• type TLSAuthFunc

Variables ¶

var TLSSubjectCN = TLSAuth(checkSubjectCN)

TLSSubjectCN authenticates a client using the underyling tls connection. The client must provide a valid certificate with a common name that matches the username field in the authentication request. For more control over cert-based authentication, use the TLSAuth type.

Functions ¶

func All ¶

func All(auth ...styx.AuthFunc) styx.AuthFunc

All combines multiple styx.AuthFunc values into a single styx.AuthFunc. When authenticating, the each AuthFunc is called in order. If all AuthFunc backends succeed, authentication is succesful. Otherwise, authentication fails.

func Any ¶

func Any(auth ...styx.AuthFunc) styx.AuthFunc

Any combines multiple styx.AuthFunc values into a single styx.AuthFunc. Authentication completes succesfully on the first nil return value. If none of the AuthFunc parameters return nil, authentication fails.

func SocketPeerID ¶

func SocketPeerID(rwc styx.Channel, user, _ string) error

SocketPeerID uses the underlying unix socket to authenticate users. The underlying connection must be a unix socket. The authentication method will obtain the user of the connecting process, and compare it to the user parameter in the authentication request. Authentication fails if the user name does not match, or the underlying transport is not a unix socket.

func TLSAuth ¶

func TLSAuth(fn TLSAuthFunc) styx.AuthFunc

TLSAuth returns a styx.AuthFunc value that authenticates a user based on the status of the underlying TLS connection. After validating the client certificate, the callback function is called with the connection state as a parameter. The callback must return nil if authentication succeeds, and a non-nil error otherwise.

func Whitelist ¶

func Whitelist(rules map[[2]string]bool) styx.AuthFunc

The return value of Whitelist will authenticate users successfully only if the tuple (user, access) is true in the rules map. The rules map should not be modified during authentication.

Types ¶

type TLSAuthFunc ¶

type TLSAuthFunc func(user, access string, state tls.ConnectionState) error

A TLSAuthFunc is called when validating an attach request based on the underlying TLS connection.

Source Files ¶

auth.go doc.go socket.go tls.go