VaultAuthBackend

Trait VaultAuthBackend 

Source
pub trait VaultAuthBackend: Send + Sync {
    // Required methods
    fn factor_id(&self) -> AuthFactorId;
    fn name(&self) -> &str;
    fn backend_id(&self) -> &str;
    fn is_enrolled(&self, profile: &TrustProfileName, config_dir: &Path) -> bool;
    fn can_unlock<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        profile: &'life1 TrustProfileName,
        config_dir: &'life2 Path,
    ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
    fn requires_interaction(&self) -> AuthInteraction;
    fn unlock<'life0, 'life1, 'life2, 'life3, 'async_trait>(
        &'life0 self,
        profile: &'life1 TrustProfileName,
        config_dir: &'life2 Path,
        salt: &'life3 [u8],
    ) -> Pin<Box<dyn Future<Output = Result<UnlockOutcome, AuthError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             'life3: 'async_trait;
    fn enroll<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
        &'life0 self,
        profile: &'life1 TrustProfileName,
        master_key: &'life2 SecureBytes,
        config_dir: &'life3 Path,
        salt: &'life4 [u8],
        selected_key_index: Option<usize>,
    ) -> Pin<Box<dyn Future<Output = Result<(), AuthError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             'life3: 'async_trait,
             'life4: 'async_trait;
    fn revoke<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        profile: &'life1 TrustProfileName,
        config_dir: &'life2 Path,
    ) -> Pin<Box<dyn Future<Output = Result<(), AuthError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
}
Expand description

A pluggable authentication backend for vault unlock.

Required Methods§

Source

fn factor_id(&self) -> AuthFactorId

Which auth factor this backend provides.

Source

fn name(&self) -> &str

Human-readable name for audit logs and overlay display.

Source

fn backend_id(&self) -> &str

Short identifier for IPC messages and config.

Source

fn is_enrolled(&self, profile: &TrustProfileName, config_dir: &Path) -> bool

Check whether this backend has a valid enrollment for the profile.

Source

fn can_unlock<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, profile: &'life1 TrustProfileName, config_dir: &'life2 Path, ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Check whether this backend can currently perform an unlock. Must be fast (< 100ms).

Source

fn requires_interaction(&self) -> AuthInteraction

What kind of user interaction this backend requires.

Source

fn unlock<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, profile: &'life1 TrustProfileName, config_dir: &'life2 Path, salt: &'life3 [u8], ) -> Pin<Box<dyn Future<Output = Result<UnlockOutcome, AuthError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Attempt to derive/unwrap the master key for a profile.

Source

fn enroll<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>( &'life0 self, profile: &'life1 TrustProfileName, master_key: &'life2 SecureBytes, config_dir: &'life3 Path, salt: &'life4 [u8], selected_key_index: Option<usize>, ) -> Pin<Box<dyn Future<Output = Result<(), AuthError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait, 'life4: 'async_trait,

Enroll this backend for a profile. Requires the master key.

selected_key_index is an optional index into the list of eligible keys returned by the backend. If None, the backend picks the first eligible key.

Source

fn revoke<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, profile: &'life1 TrustProfileName, config_dir: &'life2 Path, ) -> Pin<Box<dyn Future<Output = Result<(), AuthError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Remove enrollment for this backend.

Implementors§