models

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 1, 2024 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var SBGroupNameRegexp = regexp.MustCompile(`^bg_([^-]*)(-(.*))?$`)

SBGroupNameRegexp represents the regex that matches a sb group

Functions

func EncryptReplicationDataForTransport 

func EncryptReplicationDataForTransport(data ReplicationData) (encrypted string, err error)

func GetAccessGormDB 

func GetAccessGormDB(database string) (db *gorm.DB, err error)

GetAccessGormDB returns a DB handler

func GetAllSBGroups 

func GetAllSBGroups() (groups map[string]*Group, err error)

GetAllSBGroups lists all sb groups. Results can be provided with optional user's right and can be filtered on group's name

func GetAllSBUsers 

func GetAllSBUsers() (users []string, err error)

GetAllSBUsers returns all sb users

func GetLastSSHSessions 

func GetLastSSHSessions(database string, limit int) (sessions []*helpers.SSHSession, err error)

GetLastSSHSessions returns the last SSH sessions

func GetReplicationGormDB 

func GetReplicationGormDB(database string) (db *gorm.DB, err error)

GetReplicationGormDB returns a DB handler

func IsAValidSBAccessFromUserInput 

func IsAValidSBAccessFromUserInput(access string) bool

IsAValidSBAccessFromUserInput checks if the provided argument is of the form 'user@host[:port]' (or pretty much anything in case of an alias)

Types

type Access 

type Access struct {
	UniqID  string `gorm:"PRIMARY_KEY"`
	Host    string `gorm:"type:varchar(100);unique_index:host_user_prefix_port"`
	Prefix  string `gorm:"type:varchar(50);unique_index:host_user_prefix_port"`
	Alias   string `gorm:"type:varchar(100);unique_index:host_user_prefix_port"`
	User    string `gorm:"type:varchar(50);unique_index:host_user_prefix_port"`
	Port    int    `gorm:"type:varchar(5);unique_index:host_user_prefix_port"`
	Comment string `gorm:"type:text"`
	IP      net.IP `gorm:"-"`
}

Access descibes the basic properties of this struct

func BuildSBAccess 

func BuildSBAccess(host, user, port, alias string, strictHostCheck bool) (ba *Access, err error)

BuildSBAccess builds a new sb access to be stored It will resolve DNS on host and store prefix

func BuildSBAccessFromUserInput 

func BuildSBAccessFromUserInput(access string) (ba *Access, err error)

BuildSBAccessFromUserInput deserializes a 'user@host:port' string into a SBAccess struct

func GetAllAccesses 

func GetAllAccesses(db *gorm.DB) (accesses []*Access, err error)

GetAllAccesses returns all access in the database

func LoadSBAccess 

func LoadSBAccess(host, user, port string, db *gorm.DB) (ba *Access, err error)

LoadSBAccess loads a sb access stored in database from user input

func (*Access) BeforeCreate 

func (ba *Access) BeforeCreate(tx *gorm.DB) (err error)

BeforeCreate will set a UUID if not present

func (*Access) Delete 

func (ba *Access) Delete(db *gorm.DB) (err error)

Delete removes the access from the provided database

func (*Access) Equals 

func (ba *Access) Equals(a *Access) bool

Equals compares the properties of two accesses to determine if they're the same access

func (*Access) Save 

func (ba *Access) Save(db *gorm.DB) (err error)

Save saves the access in the provided database

func (*Access) ShortString 

func (ba *Access) ShortString() string

ShortString returns a pretty print short display of the access

func (*Access) String 

func (ba *Access) String() string

String returns a pretty print display of the access

type AccessesByKeys 

type AccessesByKeys struct {
	Keys     []*helpers.SSHKeyPair
	Accesses []*Access
	Type     string
	Group    string
}

AccessesByKeys describes the basic properties of the struct

type Group 

type Group struct {
	Name       string
	SystemName string
	ACLKeeper  bool
	GateKeeper bool
	Member     bool
	Owner      bool

	OverriddenDatabaseAccessFilePath string
	OverriddenKeyFilesRootDir        string
}

Group describes the basic properties of a sb group

func GetGroup 

func GetGroup(groupName string) (group *Group, err error)

GetGroup returns a group if it exists

func (*Group) AddAccess 

func (bg *Group) AddAccess(host, user, port, alias, comment string, db ...*gorm.DB) (ba *Access, err error)

AddAccess adds an access to the group

func (*Group) DeleteAccess 

func (bg *Group) DeleteAccess(host, user, port string, db ...*gorm.DB) (ba *Access, err error)

DeleteAccess deletes an access from the group

func (*Group) DisplayPubKeys 

func (bg *Group) DisplayPubKeys(keyType string) (str string, keys []helpers.PublicKey, err error)

DisplayPubKeys pretty displays the public key

func (*Group) GetAccesses 

func (bg *Group) GetAccesses(db ...*gorm.DB) (accesses *AccessesByKeys, err error)

GetAccesses returns the list of group's authorized accesses

func (*Group) GetMembers 

func (bg *Group) GetMembers(memberType string) (members []string, err error)

GetMembers pretty displays the members of a group

func (*Group) GetSSHKeyPairs 

func (bg *Group) GetSSHKeyPairs() (kp []*helpers.SSHKeyPair, err error)

GetSSHKeyPairs returns all the egress SSH key pairs of the user

func (*Group) OverrideDatabaseAccessFilePath 

func (bg *Group) OverrideDatabaseAccessFilePath(path string)

OverrideDatabaseAccessFilePath allows to override the database access file path of the group (mainly for tests purposes)

func (*Group) OverrideKeyFilesRootDir 

func (bg *Group) OverrideKeyFilesRootDir(path string)

OverrideKeyFilesRootDir allows to override the the keypairs file path of the group (mainly for tests purposes)

type Info 

type Info struct {
	KeyFilepathes []string
	Sources       []*Source
	Authorized    bool
	Accesses      []*Access
}

Info describes the basic properties of the struct

type Log 

type Log struct {
	UniqID           string    `gorm:"PRIMARY_KEY"`       // PK: uniq log ID (corresponding to the ttyrec filename)
	LocalUsername    string    `gorm:"type:varchar(50)"`  // The local user iniating the SSH session
	Arguments        string    `gorm:"type:text"`         // The arguments passed to SSH
	SessionStartDate time.Time `gorm:"type:datetime"`     // Session start time
	SessionEndDate   time.Time `gorm:"type:datetime"`     // Session end time
	IPFrom           string    `gorm:"type:varchar(45)"`  // The IP the connection is issued from
	PortFrom         string    `gorm:"type:varchar(5)"`   // The port the connection is issued from
	HostFrom         string    `gorm:"type:varchar(100)"` // The host the connection is issued from
	BastionIP        string    `gorm:"type:varchar(45)"`  // A bit about myself: my IP
	BastionPort      string    `gorm:"type:varchar(5)"`   // A bit about myself: my port
	BastionHost      string    `gorm:"type:varchar(100)"` // A bit about myself: my host

	Command string `gorm:"type:text"` // The command that was executed by this piece of software
	Comment string `gorm:"type:text"` // A comment, because why not?

	HostTo string `gorm:"type:varchar(100)"` // The host the user wanted to connect to
	PortTo string `gorm:"type:varchar(5)"`   // The port the user wanted to connect to
	UserTo string `gorm:"type:varchar(100)"` // The user to connect to the distant host

	Allowed bool `gorm:"type:varchar(1)"` // Did we allow the connection?

	// Ignored helpers: not saved to database
	Databases []string `gorm:"-"`
}

Log describes the basic properties of a log

func NewLog 

func NewLog(username string, databases []string, arguments []string) (log *Log)

NewLog initiates a new log entry

func (*Log) PushReplication 

func (l *Log) PushReplication(new bool) (err error)

func (*Log) Replicate 

func (l *Log) Replicate(new bool) (err error)

Save saves a log in a global access database

func (*Log) Save 

func (l *Log) Save() (err error)

Save saves a log in a global access database

func (*Log) SetAllowed 

func (l *Log) SetAllowed(allowed bool) error

SetAllowed sets whether or not the command was allowed by sb in the log and saves it

func (*Log) SetCommand 

func (l *Log) SetCommand(command string) error

SetCommand sets the command that was executed by sb in the log and saves it

func (*Log) SetTargetAccess 

func (l *Log) SetTargetAccess(ba *Access) error

SetTargetAccess sets the target access information in the log and saves it

type Replication 

type Replication struct {
	UniqID       string    `gorm:"PRIMARY_KEY"`
	CreationDate time.Time `gorm:"autoCreateTime"`
	Instance     string
	Action       string
	Data         string
}

func GetNextReplicationEntryToPush 

func GetNextReplicationEntryToPush(db *gorm.DB) (entry Replication, err error)

func NewReplicationEntry 

func NewReplicationEntry(action string, data ReplicationData) (repl *Replication, err error)

func (*Replication) BeforeCreate 

func (r *Replication) BeforeCreate(tx *gorm.DB) (err error)

func (*Replication) Delete 

func (r *Replication) Delete(db *gorm.DB) (err error)

Delete removes the access from the provided database

func (*Replication) Save 

func (r *Replication) Save(db *gorm.DB) (err error)

Save saves the replication entry in the provided database

type ReplicationData 

type ReplicationData map[string]string

func DecryptReplicationData 

func DecryptReplicationData(encryptedPayload string) (data ReplicationData, err error)
type Right uint32
const (
	Public Right = iota
	HasAccess
	GroupMember
	GroupACLKeeper
	GroupGateKeeper
	GroupOwner
	SBOwner
	Private
)

type Source 

type Source struct {
	Type  string
	Group string
}

Source describes the basic properties of the struct

func (*Source) String 

func (s *Source) String() (str string)

String returns a pretty print display of the source

type User 

type User struct {
	User   *osuser.User
	Groups map[string]*Group

	OverriddenDatabaseAccessFilePath string
	OverriddenAuthorizedKeysFilePath string
}

User descibes the basic properties of a sb user

func LoadCurrentUser 

func LoadCurrentUser() (bu *User, err error)

LoadCurrentUser loads the current user into a sbuser object by calling the LoadUser method

func LoadUser 

func LoadUser(username string) (bu *User, err error)

LoadUser loads a system user into a sbuser object

func (*User) AddAccess 

func (bu *User) AddAccess(host, user, port, alias, comment string, db ...*gorm.DB) (ba *Access, err error)

AddAccess adds an access to the group

func (*User) AddIngressKey 

func (bu *User) AddIngressKey(publicKey string) (err error)

AddIngressKey adds an ingress key to authorized_keys file

func (*User) BuildGroupsMembership 

func (bu *User) BuildGroupsMembership(groupNames []string)

BuildGroupsMembership builds the user's membership based on the groups that were given in input

func (*User) DeleteAccess 

func (bu *User) DeleteAccess(host, user, port string, db ...*gorm.DB) (ba *Access, err error)

DeleteAccess deletes an access from the personal access database

func (*User) DeletePubKey 

func (bu *User) DeletePubKey(keyType string, pk helpers.PublicKey) (err error)

DeletePubKey deletes a key

func (*User) DisplayPubKeys 

func (bu *User) DisplayPubKeys(keyType string) (str string, keys []helpers.PublicKey, err error)

DisplayPubKeys pretty displays the public key

func (*User) GetAccesses 

func (bu *User) GetAccesses(db ...*gorm.DB) (accesses []*AccessesByKeys, err error)

GetAccesses returns the list of user's authorized accesses

func (*User) GetAllGroups 

func (bu *User) GetAllGroups() (map[string]*Group, error)

GetAllGroups returns all user's groups

func (*User) GetKnownHostsFilepath 

func (bu *User) GetKnownHostsFilepath() string

GetKnownHostsFilepath returns the user's known_hosts file path

func (*User) GetLastSSHSessions 

func (bu *User) GetLastSSHSessions(limit int) ([]*helpers.SSHSession, error)

GetLastSSHSessions returns the user last SSH sessions

func (*User) GetLocalLogDatabasePath 

func (bu *User) GetLocalLogDatabasePath() string

GetLocalLogDatabasePath returns the path of the user private database

func (*User) GetSSHKeyPairs 

func (bu *User) GetSSHKeyPairs() (kp []*helpers.SSHKeyPair, err error)

GetSSHKeyPairs returns all the egress SSH key pairs of the user

func (*User) GetSelfAccesses 

func (bu *User) GetSelfAccesses(db ...*gorm.DB) (accesses *AccessesByKeys, err error)

GetSelfAccesses returns the list of user's authorized accesses

func (*User) GetTOTP 

func (bu *User) GetTOTP() (enabled bool, secret string, emergencyPasswords []string)

GetTOTP returnds info about user's TOTP

func (*User) GetTOTPFilepath 

func (bu *User) GetTOTPFilepath() string

GetTOTPFilepath returns the user's TOTP file path

func (*User) GetTtyrecDirectory 

func (bu *User) GetTtyrecDirectory() string

GetTtyrecDirectory returns the user's ttyrecs directory

func (*User) HasAccess 

func (bu *User) HasAccess(ba *Access, db ...*gorm.DB) (accessInfo *Info, err error)

HasAccess returns a boolean value of whether or not the user can access the specified access with the specified user

func (*User) IsACLKeeperOfGroup 

func (bu *User) IsACLKeeperOfGroup(groupName string) bool

IsACLKeeperOfGroup checks if the user is member of the group passed as parameter

func (*User) IsGateKeeperOfGroup 

func (bu *User) IsGateKeeperOfGroup(groupName string) bool

IsGateKeeperOfGroup checks if the user is member of the group passed as parameter

func (*User) IsMemberOfGroup 

func (bu *User) IsMemberOfGroup(groupName string) bool

IsMemberOfGroup checks if the user is member of the group passed as parameter

func (*User) IsOwnerOfGroup 

func (bu *User) IsOwnerOfGroup(groupName string) bool

IsOwnerOfGroup checks if the user is member of the group passed as parameter

func (*User) OverrideAuthorizedKeysFilePath 

func (bu *User) OverrideAuthorizedKeysFilePath(path string) error

OverrideAuthorizedKeysFilePath allows to override the authorized_keys file path of the user (mainly for tests purposes)

func (*User) OverrideDatabaseAccessFilePath 

func (bu *User) OverrideDatabaseAccessFilePath(path string) error

OverrideDatabaseAccessFilePath allows to override the database access file path of the user (mainly for tests purposes)

func (*User) RemoveTOTPSecret 

func (bu *User) RemoveTOTPSecret() (err error)

RemoveTOTPSecret disables TOTP on the account

func (*User) SetTOTPSecret 

func (bu *User) SetTOTPSecret(secret string, emergencyCodes []string) error

SetTOTPSecret sets TOTP on the current account

func (*User) ShortString 

func (bu *User) ShortString() string

ShortString returns a pretty print short display of the user

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.