chserver

package
v0.0.0-...-b33ff70 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2023 License: MIT Imports: 94 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ErrCodeMissingRouteVar = "ERR_CODE_MISSING_ROUTE_VAR"
	ErrCodeInvalidRequest  = "ERR_CODE_INVALID_REQUEST"
	ErrCodeAlreadyExist    = "ERR_CODE_ALREADY_EXIST"
)
View Source 
const (
	URISchemeMaxLength = 15

	ErrCodeLocalPortInUse        = "ERR_CODE_LOCAL_PORT_IN_USE"
	ErrCodeRemotePortNotOpen     = "ERR_CODE_REMOTE_PORT_NOT_OPEN"
	ErrCodeTunnelExist           = "ERR_CODE_TUNNEL_EXIST"
	ErrCodeTunnelToPortExist     = "ERR_CODE_TUNNEL_TO_PORT_EXIST"
	ErrCodeURISchemeLengthExceed = "ERR_CODE_URI_SCHEME_LENGTH_EXCEED"
	ErrCodeInvalidACL            = "ERR_CODE_INVALID_ACL"
)
View Source 
const (
	MinCredentialsLength = 3

	ErrCodeClientAuthSingleClient = "ERR_CODE_CLIENT_AUTH_SINGLE"
	ErrCodeClientAuthRO           = "ERR_CODE_CLIENT_AUTH_RO"

	ErrCodeClientAuthHasClient = "ERR_CODE_CLIENT_AUTH_HAS_CLIENT"
	ErrCodeClientAuthNotFound  = "ERR_CODE_CLIENT_AUTH_NOT_FOUND"
)
View Source 
const (
	LogNumGoRoutinesInterval = time.Minute * 2

	DefaultMaxClientDBConnections = 50
)
View Source 
const (
	DefaultTotPQrImageWidth  = 200
	DefaultTotPQrImageHeight = 200
)
View Source 
const BuiltInAuthProviderName = "built-in"
View Source 
const ConnectionRequestTimeOut = 5 * 60 * time.Second
View Source 
const (
	DefaultDataDirectory = "/var/lib/rport"
)

Contains constants applicable only to non windows OS.

View Source 
const (
	DefaultMaxCheckPortTimeout = time.Minute
)
View Source 
const DefaultMaxWorkers = 100
View Source 
const WebSocketAccessTokenQueryParam = "access_token"

Variables

View Source 
var (
	ErrMissingUserIDParam    = errors.New("missing user id param")
	ErrMissingSessionIDParam = errors.New("missing session id param")
)
View Source 
var (
	ErrRequestIncludesMultipleTargetingParams = errors.New("multiple targeting options are not supported. Please specify only one")
	ErrRequestMissingTargetingParams          = errors.New("please specify targeting options, such as client ids, groups ids or tags")
	ErrMissingTagsInMultiJobRequest           = errors.New("please specify tags in the tags list")
)
View Source 
var (
	ErrPlusNotEnabled           = errors.New("rport-plus not enabled")
	ErrPlusLicenseNotConfigured = errors.New("rport-plus license not configured")
)
View Source 
var (
	ClientTagsOptionsSupportedFields = map[string]map[string]bool{
		"client_tags": {
			"tag":        true,
			"client_ids": true,
		},
	}
)
View Source 
var ErrCantLoadThatToken = errors.New("there was a problem accessing that token with the provided prefix")
View Source 
var ErrClientNotConnected = errors.New("client is not connected")
View Source 
var ErrInvalidScopeOfThatToken = errors.New("the scope of the provided token is not authorized for this operation")
View Source 
var ErrPrefixNotFound = errors.New("there is no token with that prefix")
View Source 
var ErrThatPasswordHasExpired = errors.New("password has expired, please change your password")
View Source 
var ErrThatTokenHasExpired = errors.New("the provided token has expired")
View Source 
var ErrTooManyRequests = errors.New("too many requests, please try later")

Functions

func CheckTotPCode 

func CheckTotPCode(code string, totP *TotP) bool

func EnablePlusIfLicensed 

func EnablePlusIfLicensed(ctx context.Context, cfg *chconfig.Config, filesAPI files.FileAPI) (plusManager rportplus.Manager, err error)

EnablePlusIfLicensed will initialize a new plus manager and request registration of the desired capabilities

func RegisterPlusCapabilities 

func RegisterPlusCapabilities(plusManager rportplus.Manager, cfg *chconfig.Config, logger *logger.Logger) (err error)

RegisterPluginCapabilitities registers the rport-plus additional capabilities. All plus capabilities must be added here.

func StoreTotPCodeInUser 

func StoreTotPCodeInUser(usr *users.User, totP *TotP)

Types

type APIListener 

type APIListener struct {
	*logger.Logger

	*Server
	// contains filtered or unexported fields
}

func NewAPIListener 

func NewAPIListener(
	server *Server,
	fingerprint string,
) (*APIListener, error)

func (*APIListener) Close 

func (al *APIListener) Close() error

func (*APIListener) Log 

func (al *APIListener) Log() (l *logger.Logger)

func (*APIListener) Start 

func (al *APIListener) Start(ctx context.Context, addr string) error

func (*APIListener) StartMultiClientJob 

func (al *APIListener) StartMultiClientJob(ctx context.Context, multiJobRequest *jobs.MultiJobRequest) (*models.MultiJob, error)

func (*APIListener) Wait 

func (al *APIListener) Wait() error

type AuthProviderInfo 

type AuthProviderInfo struct {
	AuthProvider      string `json:"auth_provider"`
	SettingsURI       string `json:"settings_uri"`
	DeviceSettingsURI string `json:"device_settings_uri"`
	MaxTokenLifetime  int    `json:"max_token_lifetime"`
}

AuthProviderInfo contains the provider name and the uris to be used for either regular or device flow based authorization

type AuthSettings 

type AuthSettings struct {
	AuthProvider string           `json:"auth_provider"`
	LoginInfo    *oauth.LoginInfo `json:"details"`
}

AuthSettings contains the auth info to be used by a regular web app type authorization

type ClientGroupPayload 

type ClientGroupPayload struct {
	ID                *string               `json:"id,omitempty"`
	Description       *string               `json:"description,omitempty"`
	Params            *cgroups.ClientParams `json:"params,omitempty" db:"params"`
	AllowedUserGroups *types.StringSlice    `json:"allowed_user_groups,omitempty"`
	ClientIDs         *[]string             `json:"client_ids,omitempty" db:"-"`
}

type ClientListener 

type ClientListener struct {
	// contains filtered or unexported fields
}

func NewClientListener 

func NewClientListener(server *Server, privateKey ssh.Signer) (*ClientListener, error)

func (*ClientListener) Close 

func (cl *ClientListener) Close() error

Close forcibly closes the http server

func (*ClientListener) Start 

func (cl *ClientListener) Start(ctx context.Context, listenAddr string) error

func (*ClientListener) Wait 

func (cl *ClientListener) Wait() error

Wait waits for the http server to close

type ClientTagPayload 

type ClientTagPayload struct {
	Tag       *string   `json:"tag,omitempty"`
	ClientIDs *[]string `json:"client_ids,omitempty"`
	// contains filtered or unexported fields
}

type ClientsStatusCheckTask 

type ClientsStatusCheckTask struct {
	// contains filtered or unexported fields
}

func NewClientsStatusCheckTask 

func NewClientsStatusCheckTask(log *logger.Logger, cr *clients.ClientRepository, th time.Duration, pingTimeout time.Duration) *ClientsStatusCheckTask

NewClientsStatusCheckTask pings all active clients and marks them disconnected on ping failure

func (*ClientsStatusCheckTask) PingClients 

func (t *ClientsStatusCheckTask) PingClients(ctx context.Context, workerNum int, clientsToPing <-chan *clients.Client, results chan<- bool)

func (*ClientsStatusCheckTask) Run 

func (t *ClientsStatusCheckTask) Run(ctx context.Context) error

type DeviceAuthSettings 

type DeviceAuthSettings struct {
	AuthProvider string                 `json:"auth_provider"`
	LoginInfo    *oauth.DeviceLoginInfo `json:"details"`
}

DeviceAuthSettings contains the auth info to be used by a CLI or similarly constrained app

type JobProvider 

type JobProvider interface {
	GetByJID(clientID, jid string) (*models.Job, error)
	List(ctx context.Context, options *query.ListOptions) ([]*models.Job, error)
	Count(ctx context.Context, options *query.ListOptions) (int, error)
	// SaveJob creates or updates a job
	SaveJob(job *models.Job) error
	// CreateJob creates a new job. If already exist with a given JID - do nothing and return nil
	CreateJob(job *models.Job) error
	GetMultiJob(ctx context.Context, jid string) (*models.MultiJob, error)
	GetMultiJobSummaries(ctx context.Context, options *query.ListOptions) ([]*models.MultiJobSummary, error)
	CountMultiJobs(ctx context.Context, options *query.ListOptions) (int, error)
	SaveMultiJob(multiJob *models.MultiJob) error
	CleanupJobsMultiJobs(context.Context, int) error
	Close() error
}

type Server 

type Server struct {
	*logger.Logger
	// contains filtered or unexported fields
}

Server represents a rport service

func NewServer 

func NewServer(ctx context.Context, config *chconfig.Config, opts *ServerOpts) (*Server, error)

NewServer creates and returns a new rport server

func (*Server) Close 

func (s *Server) Close() error

func (*Server) HandlePlusLicenseInfoAvailable 

func (s *Server) HandlePlusLicenseInfoAvailable()

func (*Server) Run 

func (s *Server) Run(ctx context.Context) error

Run is responsible for starting the rport service

func (*Server) Start 

func (s *Server) Start(ctx context.Context) error

Start is responsible for kicking off the http server

func (*Server) Wait 

func (s *Server) Wait() error

type ServerOpts 

type ServerOpts struct {
	FilesAPI    files.FileAPI
	PlusManager rportplus.Manager
}

type TargetingParams 

type TargetingParams interface {
	GetClientIDs() (ids []string)
	GetGroupIDs() (ids []string)
	GetClientTags() (clientTags *models.JobClientTags)
}

type TotP 

type TotP struct {
	Secret        string   `json:"secret"`
	QRImageBase64 string   `json:"qr"`
	TotPKey       *otp.Key `json:"-"`
	// contains filtered or unexported fields
}

func GenerateTotPSecretKey 

func GenerateTotPSecretKey(inpt *TotPInput) (*TotP, error)

func GetUsersTotPCode 

func GetUsersTotPCode(usr *users.User) (*TotP, error)

func NewTotP 

func NewTotP(key *otp.Key) (*TotP, error)

func (*TotP) Algorithm 

func (tp *TotP) Algorithm() (otp.Algorithm, error)

func (*TotP) Digits 

func (tp *TotP) Digits() (otp.Digits, error)

func (*TotP) Scheme 

func (tp *TotP) Scheme() string

func (*TotP) Serialize 

func (tp *TotP) Serialize() string

func (*TotP) Valid 

func (tp *TotP) Valid() error

type TotPInput 

type TotPInput struct {
	Issuer      string
	AccountName string
}

type TotPKeyStatus 

type TotPKeyStatus uint
const (
	TotPKeyPending TotPKeyStatus = iota + 1
	TotPKeyExists
)

func (TotPKeyStatus) String 

func (tks TotPKeyStatus) String() string

type TunnelPayload 

type TunnelPayload struct {
	models.Remote
	ID        string    `json:"id"`
	ClientID  string    `json:"client_id"`
	CreatedAt time.Time `json:"created_at"`
}

type TwoFAService 

type TwoFAService struct {
	TokenTTL    time.Duration
	MsgSrv      message.Service
	UserSrv     UserService
	SendTimeout time.Duration
	// contains filtered or unexported fields
}

func NewTwoFAService 

func NewTwoFAService(tokenTTLSeconds int, sendTimeout time.Duration, userSrv UserService, msgSrv message.Service) TwoFAService

func (*TwoFAService) SendToken 

func (srv *TwoFAService) SendToken(ctx context.Context, username string, userAgent string, remoteAddress string) (sendTo string, err error)

func (*TwoFAService) SetTotPLoginSession 

func (srv *TwoFAService) SetTotPLoginSession(username string, loginSessionTTL time.Duration)

func (*TwoFAService) ValidateToken 

func (srv *TwoFAService) ValidateToken(username, token string) error

func (*TwoFAService) ValidateTotPCode 

func (srv *TwoFAService) ValidateTotPCode(user *users.User, code string) error

type UploadOutput 

type UploadOutput struct {
	ClientID string `json:"client_id"`
	*models.UploadResponse
}

type UploadRequest 

type UploadRequest struct {
	File       multipart.File
	FileHeader *multipart.FileHeader
	ClientIDs  []string
	GroupIDs   []string
	ClientTags *models.JobClientTags

	Clients []*clients.Client
	*models.UploadedFile
	// contains filtered or unexported fields
}

func (UploadRequest) GetClientIDs 

func (ur UploadRequest) GetClientIDs() (ids []string)

func (UploadRequest) GetClientTags 

func (ur UploadRequest) GetClientTags() (clientTags *models.JobClientTags)

func (UploadRequest) GetGroupIDs 

func (ur UploadRequest) GetGroupIDs() (ids []string)

type UserPayload 

type UserPayload struct {
	Username                 string          `json:"username"`
	PasswordExpired          bool            `json:"password_expired"`
	Groups                   []string        `json:"groups"`
	TwoFASendTo              string          `json:"two_fa_send_to"`
	EffectiveUserPermissions map[string]bool `json:"effective_user_permissions"`
	GroupPermissionsEnabled  bool            `json:"group_permissions_enabled"`
}

type UserService 

type UserService interface {
	GetAll() ([]*users.User, error)
	GetByUsername(username string) (*users.User, error)
	Change(*users.User, string) error
	Delete(string) error
	ExistGroups([]string) error
	GetProviderType() enums.ProviderSource
	ListGroups() ([]users.Group, error)
	GetGroup(string) (users.Group, error)
	UpdateGroup(string, users.Group) (users.Group, error)
	DeleteGroup(string) error
	CheckPermission(*users.User, string) error
	SupportsGroupPermissions() bool
	GetEffectiveUserPermissions(*users.User) (map[string]bool, error)
}

Source Files

View all Source files

Directories

Path Synopsis
api
authorization
command
errors
jobs
jobs/schedule
message
middleware
session
users
config
Package contains everything related to Client Repository.
 Package contains everything related to Client Repository.
clienttunnel
storedtunnels
test
jb
Generating data for tests is always cumbersome.
 Generating data for tests is always cumbersome.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.