pamsocket

package
v0.0.0-...-2e4bb0b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 6, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ConsentInfo 

type ConsentInfo struct {
	// If set, Redirect contains the URL to redirect to
	// immediately. No consent screen needs to be shown.
	Redirect string
	//
	Target string
	//
	Scopes []*Scope
}

type LoginFlow 

type LoginFlow interface {
	// PreLogin is run before the sign-in flow. It may conclude
	// the sign-in flow is unnecessary, and return a URL to
	// redirect to. If an empty URL is returned, the login flow
	// should proceed.
	PreLogin(r *http.Request) (string, error)
	// Authenticated is run after the sign-in flow, to indicate
	// that the given user has been authenticated. This function
	// should return a URL to redirect to. This accepts a
	// `subject`, not a username, so it could be an anonymized
	// identifier (i.e., the UID) instead of the
	// username/email/etc. This must be a stable identifier.
	Authenticated(r *http.Request, subject string) (string, error)
	// RequestConsent is called after a user is authenticated to
	// determine if the target application should be permitted to
	// learn some information (such as username, or full name, or
	// email).
	RequestConsent(r *http.Request) (*ConsentInfo, error)
	// AcceptConsent is called after the user specifies they
	// accept the requested application learn some information.
	AcceptConsent(r *http.Request) (string, error)
	// SupportsOidc returns true if this login flow is OpenID
	// Connect capable, and false otherwise. This is primarily
	// used for testing, wher the NoopFlow indicates it does not
	// support OIDC so that the client-side app will not register
	// its URL handlers.
	SupportsOidc() bool
}

type NoopFlow 

type NoopFlow struct{}

func (*NoopFlow) AcceptConsent 

func (*NoopFlow) AcceptConsent(r *http.Request) (string, error)

func (*NoopFlow) Authenticated 

func (*NoopFlow) Authenticated(*http.Request, string) (string, error)

func (*NoopFlow) PreLogin 

func (*NoopFlow) PreLogin(*http.Request) (string, error)

func (*NoopFlow) RequestConsent 

func (*NoopFlow) RequestConsent(r *http.Request) (*ConsentInfo, error)

func (*NoopFlow) SupportsOidc 

func (*NoopFlow) SupportsOidc() bool

type PamSocket 

type PamSocket struct {
	// Service is the specific PAM profile to use. This
	// corresponds to a configuration file of the same name in the
	// configured ConfDir. Typically, this is something like
	// `passwd`, but note that that requires running this program
	// with privileges to read /etc/shadow, which is not
	// generally recommended.
	Service string
	// ConfDir is the directory where the PAM service
	// configurations live. By default, this is `/etc/pam.d/`.
	ConfDir string
	// Flow is a series of functions that are called as part of
	// the login process. If you do not need to customize the
	// login process, use NoopFlow.
	Flow LoginFlow
}

PamSocket implements a WebSocket-based PAM session. PAM is transactional, so running it over a WebSocket guarantees that all messages between the client (browser) and server are sent to the same task, without any additional session-based routing.

func (*PamSocket) ServeHTTP 

func (p *PamSocket) ServeHTTP(w http.ResponseWriter, r *http.Request)

type Scope 

type Scope struct {
	Name        string
	Description string
	Hidden      bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.