2015-09-04 20:58:12 +00:00
|
|
|
package vault
|
|
|
|
|
2016-01-07 20:10:05 +00:00
|
|
|
import (
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/hashicorp/vault/logical"
|
|
|
|
)
|
2015-09-04 20:58:12 +00:00
|
|
|
|
|
|
|
type dynamicSystemView struct {
|
2015-09-10 02:17:49 +00:00
|
|
|
core *Core
|
|
|
|
mountEntry *MountEntry
|
2015-09-04 20:58:12 +00:00
|
|
|
}
|
|
|
|
|
2015-09-10 19:09:34 +00:00
|
|
|
func (d dynamicSystemView) DefaultLeaseTTL() time.Duration {
|
|
|
|
def, _ := d.fetchTTLs()
|
|
|
|
return def
|
2015-09-04 20:58:12 +00:00
|
|
|
}
|
|
|
|
|
2015-09-10 19:09:34 +00:00
|
|
|
func (d dynamicSystemView) MaxLeaseTTL() time.Duration {
|
|
|
|
_, max := d.fetchTTLs()
|
|
|
|
return max
|
2015-09-04 20:58:12 +00:00
|
|
|
}
|
|
|
|
|
2015-09-21 14:04:03 +00:00
|
|
|
func (d dynamicSystemView) SudoPrivilege(path string, token string) bool {
|
|
|
|
// Resolve the token policy
|
|
|
|
te, err := d.core.tokenStore.Lookup(token)
|
2015-09-18 23:59:06 +00:00
|
|
|
if err != nil {
|
2015-09-21 14:04:03 +00:00
|
|
|
d.core.logger.Printf("[ERR] core: failed to lookup token: %v", err)
|
2015-09-18 23:59:06 +00:00
|
|
|
return false
|
|
|
|
}
|
2015-09-21 14:04:03 +00:00
|
|
|
|
|
|
|
// Ensure the token is valid
|
|
|
|
if te == nil {
|
|
|
|
d.core.logger.Printf("[ERR] entry not found for token: %s", token)
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
// Construct the corresponding ACL object
|
2015-11-06 16:52:26 +00:00
|
|
|
acl, err := d.core.policyStore.ACL(te.Policies...)
|
2015-09-21 14:04:03 +00:00
|
|
|
if err != nil {
|
|
|
|
d.core.logger.Printf("[ERR] failed to retrieve ACL for policies [%#v]: %s", te.Policies, err)
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2016-01-07 20:10:05 +00:00
|
|
|
// The operation type isn't important here as this is run from a path the
|
|
|
|
// user has already been given access to; we only care about whether they
|
|
|
|
// have sudo
|
|
|
|
_, rootPrivs := acl.AllowOperation(logical.ReadOperation, path)
|
|
|
|
return rootPrivs
|
2015-09-18 23:59:06 +00:00
|
|
|
}
|
|
|
|
|
2015-09-04 20:58:12 +00:00
|
|
|
// TTLsByPath returns the default and max TTLs corresponding to a particular
|
|
|
|
// mount point, or the system default
|
2015-09-10 19:09:34 +00:00
|
|
|
func (d dynamicSystemView) fetchTTLs() (def, max time.Duration) {
|
2015-09-04 20:58:12 +00:00
|
|
|
def = d.core.defaultLeaseTTL
|
|
|
|
max = d.core.maxLeaseTTL
|
|
|
|
|
2015-09-10 02:17:49 +00:00
|
|
|
if d.mountEntry.Config.DefaultLeaseTTL != 0 {
|
|
|
|
def = d.mountEntry.Config.DefaultLeaseTTL
|
2015-09-04 20:58:12 +00:00
|
|
|
}
|
2015-09-10 02:17:49 +00:00
|
|
|
if d.mountEntry.Config.MaxLeaseTTL != 0 {
|
|
|
|
max = d.mountEntry.Config.MaxLeaseTTL
|
2015-09-04 20:58:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
2016-01-22 22:01:22 +00:00
|
|
|
|
|
|
|
// Tainted indicates that the mount is in the process of being removed
|
|
|
|
func (d dynamicSystemView) Tainted() bool {
|
|
|
|
return d.mountEntry.Tainted
|
|
|
|
}
|
2016-04-21 13:52:42 +00:00
|
|
|
|
|
|
|
// CacheDisabled indicates whether to use caching behavior
|
|
|
|
func (d dynamicSystemView) CacheDisabled() bool {
|
|
|
|
return d.core.cacheDisabled
|
|
|
|
}
|