Documentation ¶
Index ¶
- Constants
- Variables
- func AddRole(role *Role) error
- func CheckRole(user, target string, twofactor bool) (bool, string)
- func ContextMiddleware(handler http.Handler) http.HandlerFunc
- func DeleteRole(role *Role) error
- func InitRoleManager(store *Store)
- func LoginRequired(handler http.Handler) http.HandlerFunc
- func NewAPIv1Router(router *mux.Router) (*mux.Router, error)
- func ResponseError(w http.ResponseWriter, status int, e error)
- func StackMiddleware(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc
- func StartAPIServer(root string, store *Store)
- func StartIndexerServer(store *Store) error
- func StartSSHServer(store *Store, twofa *TwoFactorAuth, hostkey string) error
- func StoreUnlockRequired(handler http.Handler) http.HandlerFunc
- type AuthenticationHandler
- type Cast
- type JSONRequest
- type JSONResponse
- type Role
- type RoleManager
- type Route
- type Routes
- type Secret
- type Store
- func (store *Store) Auth(username string, password []byte) bool
- func (store *Store) Close()
- func (store *Store) Create(bucket []string) error
- func (store *Store) Delete(bucket []string, key string) error
- func (store *Store) FTR()
- func (store *Store) Get(bucket []string, key string) ([]byte, error)
- func (store *Store) GetRaw(bucket []string, key string) ([]byte, error)
- func (store *Store) IsLocked() bool
- func (store *Store) Lock() error
- func (store *Store) Scan(bucket []string, q string, skip, limit int, decrypt, reverse bool) ([]*keyvalue, error)
- func (store *Store) Set(bucket []string, key string, value []byte) error
- func (store *Store) SetRaw(bucket []string, key string, value []byte) error
- func (store *Store) Unlock(password []byte) error
- type Target
- type TwoFactorAuth
- type TypeSecret
- type User
Constants ¶
View Source
const (
HashSHA256 int = 0
)
Variables ¶
View Source
var ( ErrNoHostKey = errors.New("no host key found") SSHBanner string = `` /* 239-byte string literal not displayed */ )
View Source
var ( BucketMeta = []string{"meta"} BucketMetaAdmins = []string{"meta", "admins"} BucketSecrets = []string{"secrets"} BucketTargets = []string{"targets"} BucketSessions = []string{"sessions"} BucketUsers = []string{"users"} BucketUsersConfig = []string{"users", "config"} BucketRoles = []string{"roles"} BucketCasts = []string{"casts"} ErrNoBucketGiven = errors.New("no bucket specified") ErrLocked = errors.New("store is locked") ErrUnknownHash = errors.New("unknown hash algorithm for key derivation") ErrUnsupportedCipher = errors.New("unknown cipher for store") DefaultRounds int = 20 )
View Source
var ( ErrWrongHeader = errors.New("unable to parse SCP header, may be corruped") ErrUnknownCommand = errors.New("unknown SCP header command") )
View Source
var ( ErrWrongKeyFormat = errors.New("wrong publickey format") ErrUnknownUser = errors.New("user unknown") )
View Source
var (
ConfigYubikeyAPI = "config:yubikey_api"
)
View Source
var (
DerivationIterations = 8192
)
View Source
var (
ErrNoSecret = errors.New("unable to locate secret for target")
)
View Source
var (
ErrNoSession = errors.New("unable to start cast recording: no session set")
)
View Source
var (
ErrUnknownSecretType = errors.New("unknown secret type")
)
View Source
var (
LimitRequest int64 = 4096
)
Functions ¶
func ContextMiddleware ¶
func ContextMiddleware(handler http.Handler) http.HandlerFunc
func DeleteRole ¶
func InitRoleManager ¶
func InitRoleManager(store *Store)
func LoginRequired ¶
func LoginRequired(handler http.Handler) http.HandlerFunc
func ResponseError ¶
func ResponseError(w http.ResponseWriter, status int, e error)
func StackMiddleware ¶
func StackMiddleware(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc
func StartAPIServer ¶
func StartIndexerServer ¶
func StartSSHServer ¶
func StartSSHServer(store *Store, twofa *TwoFactorAuth, hostkey string) error
func StoreUnlockRequired ¶
func StoreUnlockRequired(handler http.Handler) http.HandlerFunc
Types ¶
type AuthenticationHandler ¶
type Cast ¶
type Cast struct { Session string `json:"session"` Duration float64 `json:"duration"` Records [][]interface{} `json:"stdout,omitempty"` Width int `json:"width"` Height int `json:"height"` Version int `json:"version"` User string `json:"user,omitempty"` Target string `json:"target,omitempty"` StartTime string `json:"start,omitempty"` // contains filtered or unexported fields }
type JSONRequest ¶
type JSONRequest struct {
// contains filtered or unexported fields
}
func ParseJsonRequest ¶
func ParseJsonRequest(r *http.Request, v interface{}) (*JSONRequest, error)
func (JSONRequest) Validate ¶
func (jr JSONRequest) Validate() error
type JSONResponse ¶
type JSONResponse struct { Status int `json:"status"` Content interface{} `json:"response,omitempty"` }
func (JSONResponse) Write ¶
func (jr JSONResponse) Write(w http.ResponseWriter) error
type Role ¶
type RoleManager ¶
type RoleManager struct {
// contains filtered or unexported fields
}
type Route ¶
type Route struct { Name string Method string Pattern string HandlerFunc http.HandlerFunc }
type Secret ¶
type Secret struct { ID string Type TypeSecret Secret interface{} }
func (*Secret) Fingerprint ¶
type Target ¶
type Target struct { Username string Hostname string Port int Secret *Secret Cast *Cast Session string // contains filtered or unexported fields }
func (*Target) LoadSecret ¶
type TwoFactorAuth ¶
type TwoFactorAuth struct {
// contains filtered or unexported fields
}
func StartTwoFactorAuthServer ¶
func StartTwoFactorAuthServer(store *Store) (*TwoFactorAuth, error)
func (*TwoFactorAuth) HasTwoFactor ¶
func (h *TwoFactorAuth) HasTwoFactor(username string) (string, bool)
func (*TwoFactorAuth) Setup ¶
func (h *TwoFactorAuth) Setup(username, kind string, tty *terminal.Terminal) error
func (*TwoFactorAuth) Verify ¶
func (h *TwoFactorAuth) Verify(username, token string) bool
Click to show internal directories.
Click to hide internal directories.