Documentation
¶
Index ¶
- Constants
- Variables
- func AddRole(role *Role) error
- func CheckRole(user, target string, twofactor bool) (bool, string)
- func ContextMiddleware(handler http.Handler) http.HandlerFunc
- func DeleteRole(role *Role) error
- func InitRoleManager(store *Store)
- func LoginRequired(handler http.Handler) http.HandlerFunc
- func NewAPIv1Router(router *mux.Router) (*mux.Router, error)
- func ResponseError(w http.ResponseWriter, status int, e error)
- func StackMiddleware(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc
- func StartAPIServer(root string, store *Store)
- func StartIndexerServer(store *Store) error
- func StartSSHServer(store *Store, twofa *TwoFactorAuth, hostkey string) error
- func StoreUnlockRequired(handler http.Handler) http.HandlerFunc
- type AuthenticationHandler
- type Cast
- type JSONRequest
- type JSONResponse
- type Role
- type RoleManager
- type Route
- type Routes
- type Secret
- type Store
- func (store *Store) Auth(username string, password []byte) bool
- func (store *Store) Close()
- func (store *Store) Create(bucket []string) error
- func (store *Store) Delete(bucket []string, key string) error
- func (store *Store) FTR()
- func (store *Store) Get(bucket []string, key string) ([]byte, error)
- func (store *Store) GetRaw(bucket []string, key string) ([]byte, error)
- func (store *Store) IsLocked() bool
- func (store *Store) Lock() error
- func (store *Store) Scan(bucket []string, q string, skip, limit int, decrypt, reverse bool) ([]*keyvalue, error)
- func (store *Store) Set(bucket []string, key string, value []byte) error
- func (store *Store) SetRaw(bucket []string, key string, value []byte) error
- func (store *Store) Unlock(password []byte) error
- type Target
- type TwoFactorAuth
- type TypeSecret
- type User
Constants ¶
View Source
const (
HashSHA256 int = 0
)
Variables ¶
View Source
var ( ErrNoHostKey = errors.New("no host key found") SSHBanner string = `` /* 239-byte string literal not displayed */ )
View Source
var ( BucketMeta = []string{"meta"} BucketMetaAdmins = []string{"meta", "admins"} BucketSecrets = []string{"secrets"} BucketTargets = []string{"targets"} BucketSessions = []string{"sessions"} BucketUsers = []string{"users"} BucketUsersConfig = []string{"users", "config"} BucketRoles = []string{"roles"} BucketCasts = []string{"casts"} ErrNoBucketGiven = errors.New("no bucket specified") ErrLocked = errors.New("store is locked") ErrUnknownHash = errors.New("unknown hash algorithm for key derivation") ErrUnsupportedCipher = errors.New("unknown cipher for store") DefaultRounds int = 20 )
View Source
var ( ErrWrongHeader = errors.New("unable to parse SCP header, may be corruped") ErrUnknownCommand = errors.New("unknown SCP header command") )
View Source
var ( ErrWrongKeyFormat = errors.New("wrong publickey format") ErrUnknownUser = errors.New("user unknown") )
View Source
var (
ConfigYubikeyAPI = "config:yubikey_api"
)
View Source
var (
DerivationIterations = 8192
)
View Source
var (
ErrNoSecret = errors.New("unable to locate secret for target")
)
View Source
var (
ErrNoSession = errors.New("unable to start cast recording: no session set")
)
View Source
var (
ErrUnknownSecretType = errors.New("unknown secret type")
)
View Source
var (
LimitRequest int64 = 4096
)
Functions ¶
func ContextMiddleware ¶
func ContextMiddleware(handler http.Handler) http.HandlerFunc
func DeleteRole ¶
func InitRoleManager ¶
func InitRoleManager(store *Store)
func LoginRequired ¶
func LoginRequired(handler http.Handler) http.HandlerFunc
func ResponseError ¶
func ResponseError(w http.ResponseWriter, status int, e error)
func StackMiddleware ¶
func StackMiddleware(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc
func StartAPIServer ¶
func StartIndexerServer ¶
func StartSSHServer ¶
func StartSSHServer(store *Store, twofa *TwoFactorAuth, hostkey string) error
func StoreUnlockRequired ¶
func StoreUnlockRequired(handler http.Handler) http.HandlerFunc
Types ¶
type AuthenticationHandler ¶
type Cast ¶
type Cast struct {
Session string `json:"session"`
Duration float64 `json:"duration"`
Records [][]interface{} `json:"stdout,omitempty"`
Width int `json:"width"`
Height int `json:"height"`
Version int `json:"version"`
User string `json:"user,omitempty"`
Target string `json:"target,omitempty"`
StartTime string `json:"start,omitempty"`
// contains filtered or unexported fields
}
type JSONRequest ¶
type JSONRequest struct {
// contains filtered or unexported fields
}
func ParseJsonRequest ¶
func ParseJsonRequest(r *http.Request, v interface{}) (*JSONRequest, error)
func (JSONRequest) Validate ¶
func (jr JSONRequest) Validate() error
type JSONResponse ¶
type JSONResponse struct {
Status int `json:"status"`
Content interface{} `json:"response,omitempty"`
}
func (JSONResponse) Write ¶
func (jr JSONResponse) Write(w http.ResponseWriter) error
type Role ¶
type RoleManager ¶
type RoleManager struct {
// contains filtered or unexported fields
}
type Route ¶
type Route struct {
Name string
Method string
Pattern string
HandlerFunc http.HandlerFunc
}
type Secret ¶
type Secret struct {
ID string
Type TypeSecret
Secret interface{}
}
func (*Secret) Fingerprint ¶
type Target ¶
type Target struct {
Username string
Hostname string
Port int
Secret *Secret
Cast *Cast
Session string
// contains filtered or unexported fields
}
func (*Target) LoadSecret ¶
type TwoFactorAuth ¶
type TwoFactorAuth struct {
// contains filtered or unexported fields
}
func StartTwoFactorAuthServer ¶
func StartTwoFactorAuthServer(store *Store) (*TwoFactorAuth, error)
func (*TwoFactorAuth) HasTwoFactor ¶
func (h *TwoFactorAuth) HasTwoFactor(username string) (string, bool)
func (*TwoFactorAuth) Setup ¶
func (h *TwoFactorAuth) Setup(username, kind string, tty *terminal.Terminal) error
func (*TwoFactorAuth) Verify ¶
func (h *TwoFactorAuth) Verify(username, token string) bool
Source Files
Click to show internal directories.
Click to hide internal directories.