Documentation
¶
Index ¶
- Constants
- Variables
- func CheckTotPCode(code string, totP *TotP) bool
- func EnablePlusIfAvailable(ctx context.Context, cfg *chconfig.Config, filesAPI files.FileAPI) (plusManager *rportplus.ManagerProvider, err error)
- func RegisterPlusCapabilities(plusManager rportplus.Manager, cfg *chconfig.Config, logger *logger.Logger) (err error)
- func StoreTotPCodeInUser(usr *users.User, totP *TotP)
- type APIListener
- func (al *APIListener) Close() error
- func (al *APIListener) Log() (l *logger.Logger)
- func (al *APIListener) Start(ctx context.Context, addr string) error
- func (al *APIListener) StartMultiClientJob(ctx context.Context, multiJobRequest *jobs.MultiJobRequest) (*models.MultiJob, error)
- func (al *APIListener) Wait() error
- type AuthProviderInfo
- type AuthSettings
- type ClientGroupPayload
- type ClientListener
- type ClientTagPayload
- type ClientsStatusCheckTask
- type DeviceAuthSettings
- type EffectiveExtendedPermissions
- type JobProvider
- type Resp
- type Server
- func (s *Server) Close() error
- func (s *Server) HandlePlusLicenseInfoAvailable()
- func (s *Server) Run(ctx context.Context) error
- func (s *Server) Start(ctx context.Context) error
- func (s *Server) StartPlusAlertingService(alertingCap alertingcap.CapabilityEx, dataDir string) (as alertingcap.Service, err error)
- func (s *Server) Wait() error
- type ServerOpts
- type TargetingParams
- type TotP
- type TotPInput
- type TotPKeyStatus
- type TunnelPayload
- type TwoFAService
- func (srv *TwoFAService) SendToken(ctx context.Context, username string, userAgent string, remoteAddress string) (sendTo string, err error)
- func (srv *TwoFAService) SetTotPLoginSession(username string, loginSessionTTL time.Duration)
- func (srv *TwoFAService) ValidateToken(username, token string) error
- func (srv *TwoFAService) ValidateTotPCode(user *users.User, code string) error
- type UploadOutput
- type UploadRequest
- type UserPayload
- type UserService
Constants ¶
View Source
const ( ErrCodeMissingRouteVar = "ERR_CODE_MISSING_ROUTE_VAR" ErrCodeInvalidRequest = "ERR_CODE_INVALID_REQUEST" ErrCodeAlreadyExist = "ERR_CODE_ALREADY_EXIST" )
View Source
const ( URISchemeMaxLength = 15 ErrCodeLocalPortInUse = "ERR_CODE_LOCAL_PORT_IN_USE" ErrCodeRemotePortNotOpen = "ERR_CODE_REMOTE_PORT_NOT_OPEN" ErrCodeTunnelExist = "ERR_CODE_TUNNEL_EXIST" ErrCodeTunnelToPortExist = "ERR_CODE_TUNNEL_TO_PORT_EXIST" ErrCodeURISchemeLengthExceed = "ERR_CODE_URI_SCHEME_LENGTH_EXCEED" ErrCodeInvalidACL = "ERR_CODE_INVALID_ACL" )
View Source
const ( MinCredentialsLength = 3 ErrCodeClientAuthSingleClient = "ERR_CODE_CLIENT_AUTH_SINGLE" ErrCodeClientAuthRO = "ERR_CODE_CLIENT_AUTH_RO" ErrCodeClientAuthHasClient = "ERR_CODE_CLIENT_AUTH_HAS_CLIENT" ErrCodeClientAuthNotFound = "ERR_CODE_CLIENT_AUTH_NOT_FOUND" )
View Source
const ( ConnectionRequestTimeOut = 5 * 60 * time.Second ClientRequestsLog = "requests" ClientPingsLog = "ping" ClientMeasurementsLog = "measurements" )
View Source
const ( LogNumGoRoutinesInterval = time.Minute * 2 DefaultMaxClientDBConnections = 50 )
View Source
const ( DefaultTotPQrImageWidth = 200 DefaultTotPQrImageHeight = 200 )
View Source
const BuiltInAuthProviderName = "built-in"
View Source
const (
DefaultDataDirectory = "/var/lib/rport"
)
Contains constants applicable only to non windows OS.
View Source
const (
DefaultMaxCheckPortTimeout = time.Minute
)
View Source
const DefaultMaxWorkers = 100
View Source
const WebSocketAccessTokenQueryParam = "access_token"
Variables ¶
View Source
var ( ErrMissingUserIDParam = errors.New("missing user id param") ErrMissingSessionIDParam = errors.New("missing session id param") )
View Source
var ( ErrRequestIncludesMultipleTargetingParams = errors.New("multiple targeting options are not supported. Please specify only one") ErrRequestMissingTargetingParams = errors.New("please specify targeting options, such as client ids, groups ids or tags") ErrMissingTagsInMultiJobRequest = errors.New("please specify tags in the tags list") )
View Source
var ( ClientRequestsLogEnabled = true ClientPingsLogEnabled = false )
View Source
var ( ErrPlusNotEnabled = errors.New("rport-plus not enabled") ErrPlusLicenseNotConfigured = errors.New("rport-plus license not configured") )
View Source
var ( ClientTagsOptionsSupportedFields = map[string]map[string]bool{ "client_tags": { "tag": true, "client_ids": true, }, } )
View Source
var ErrCantLoadThatToken = errors.New("there was a problem accessing that token with the provided prefix")
View Source
var ErrClientNotConnected = errors.New("client is not connected")
View Source
var ErrInvalidScopeOfThatToken = errors.New("the scope of the provided token is not authorized for this operation")
View Source
var ErrPrefixNotFound = errors.New("there is no token with that prefix")
View Source
var ErrThatPasswordHasExpired = errors.New("password has expired, please change your password")
View Source
var ErrThatTokenHasExpired = errors.New("the provided token has expired")
View Source
var ErrTooManyRequests = errors.New("too many requests, please try later")
Functions ¶
func CheckTotPCode ¶
func EnablePlusIfAvailable ¶
func EnablePlusIfAvailable(ctx context.Context, cfg *chconfig.Config, filesAPI files.FileAPI) (plusManager *rportplus.ManagerProvider, err error)
EnablePlusIfAvailable will initialize a new plus manager and request registration of the desired capabilities
func RegisterPlusCapabilities ¶
func RegisterPlusCapabilities(plusManager rportplus.Manager, cfg *chconfig.Config, logger *logger.Logger) (err error)
RegisterPluginCapabilitities registers the rport-plus additional capabilities. All plus capabilities must be added here.
func StoreTotPCodeInUser ¶
Types ¶
type APIListener ¶
func NewAPIListener ¶
func NewAPIListener( server *Server, fingerprint string, ) (*APIListener, error)
func (*APIListener) Close ¶
func (al *APIListener) Close() error
func (*APIListener) Log ¶
func (al *APIListener) Log() (l *logger.Logger)
func (*APIListener) StartMultiClientJob ¶
func (al *APIListener) StartMultiClientJob(ctx context.Context, multiJobRequest *jobs.MultiJobRequest) (*models.MultiJob, error)
func (*APIListener) Wait ¶
func (al *APIListener) Wait() error
type AuthProviderInfo ¶
type AuthProviderInfo struct {
AuthProvider string `json:"auth_provider"`
SettingsURI string `json:"settings_uri"`
DeviceSettingsURI string `json:"device_settings_uri"`
MaxTokenLifetime int `json:"max_token_lifetime"`
}
AuthProviderInfo contains the provider name and the uris to be used for either regular or device flow based authorization
type AuthSettings ¶
type AuthSettings struct {
AuthProvider string `json:"auth_provider"`
LoginInfo *oauth.LoginInfo `json:"details"`
}
AuthSettings contains the auth info to be used by a regular web app type authorization
type ClientGroupPayload ¶
type ClientGroupPayload struct {
ID *string `json:"id,omitempty"`
Description *string `json:"description,omitempty"`
Params *cgroups.ClientParams `json:"params,omitempty" db:"params"`
AllowedUserGroups *types.StringSlice `json:"allowed_user_groups,omitempty"`
ClientIDs *[]string `json:"client_ids,omitempty" db:"-"`
NumClients *int `json:"num_clients,omitempty" db:"-"`
NumClientsConnected *int `json:"num_clients_connected,omitempty" db:"-"`
}
type ClientListener ¶
type ClientListener struct {
// contains filtered or unexported fields
}
func NewClientListener ¶
func NewClientListener(server *Server, privateKey ssh.Signer) (*ClientListener, error)
func (*ClientListener) Close ¶
func (cl *ClientListener) Close() error
Close forcibly closes the http server
func (*ClientListener) Start ¶
func (cl *ClientListener) Start(ctx context.Context, listenAddr string) error
func (*ClientListener) Wait ¶
func (cl *ClientListener) Wait() error
Wait waits for the http server to close
type ClientTagPayload ¶
type ClientsStatusCheckTask ¶
type ClientsStatusCheckTask struct {
// contains filtered or unexported fields
}
func NewClientsStatusCheckTask ¶
func NewClientsStatusCheckTask(log *logger.Logger, cr *clients.ClientRepository, th time.Duration, pingTimeout time.Duration) *ClientsStatusCheckTask
NewClientsStatusCheckTask pings all active clients and marks them disconnected on ping failure
func (*ClientsStatusCheckTask) PingClients ¶
func (t *ClientsStatusCheckTask) PingClients(ctx context.Context, workerNum int, clientsToPing <-chan *clientdata.Client, results chan<- bool)
type DeviceAuthSettings ¶
type DeviceAuthSettings struct {
AuthProvider string `json:"auth_provider"`
LoginInfo *oauth.DeviceLoginInfo `json:"details"`
}
DeviceAuthSettings contains the auth info to be used by a CLI or similarly constrained app
type EffectiveExtendedPermissions ¶
type EffectiveExtendedPermissions struct {
TunnelsRestricted []extperm.PermissionParams `json:"tunnels_restricted"`
CommandsRestricted []extperm.PermissionParams `json:"commands_restricted"`
}
type JobProvider ¶
type JobProvider interface {
GetByJID(clientID, jid string) (*models.Job, error)
List(ctx context.Context, options *query.ListOptions) ([]*models.Job, error)
Count(ctx context.Context, options *query.ListOptions) (int, error)
// SaveJob creates or updates a job
SaveJob(job *models.Job) error
// CreateJob creates a new job. If already exist with a given JID - do nothing and return nil
CreateJob(job *models.Job) error
GetMultiJob(ctx context.Context, jid string) (*models.MultiJob, error)
GetMultiJobSummaries(ctx context.Context, options *query.ListOptions) ([]*models.MultiJobSummary, error)
CountMultiJobs(ctx context.Context, options *query.ListOptions) (int, error)
SaveMultiJob(multiJob *models.MultiJob) error
CleanupJobsMultiJobs(context.Context, int) error
Close() error
}
type Server ¶
Server represents a rport service
func (*Server) HandlePlusLicenseInfoAvailable ¶
func (s *Server) HandlePlusLicenseInfoAvailable()
func (*Server) StartPlusAlertingService ¶
func (s *Server) StartPlusAlertingService(alertingCap alertingcap.CapabilityEx, dataDir string) (as alertingcap.Service, err error)
type TargetingParams ¶
type TargetingParams interface {
GetClientIDs() (ids []string)
GetGroupIDs() (ids []string)
GetClientTags() (clientTags *models.JobClientTags)
}
type TotP ¶
type TotP struct {
Secret string `json:"secret"`
QRImageBase64 string `json:"qr"`
TotPKey *otp.Key `json:"-"`
// contains filtered or unexported fields
}
func GenerateTotPSecretKey ¶
type TotPKeyStatus ¶
type TotPKeyStatus uint
const ( TotPKeyPending TotPKeyStatus = iota + 1 TotPKeyExists )
func (TotPKeyStatus) String ¶
func (tks TotPKeyStatus) String() string
type TunnelPayload ¶
type TwoFAService ¶
type TwoFAService struct {
TokenTTL time.Duration
MsgSrv message.Service
UserSrv UserService
SendTimeout time.Duration
// contains filtered or unexported fields
}
func NewTwoFAService ¶
func NewTwoFAService(tokenTTLSeconds int, sendTimeout time.Duration, userSrv UserService, msgSrv message.Service) TwoFAService
func (*TwoFAService) SetTotPLoginSession ¶
func (srv *TwoFAService) SetTotPLoginSession(username string, loginSessionTTL time.Duration)
func (*TwoFAService) ValidateToken ¶
func (srv *TwoFAService) ValidateToken(username, token string) error
func (*TwoFAService) ValidateTotPCode ¶
func (srv *TwoFAService) ValidateTotPCode(user *users.User, code string) error
type UploadOutput ¶
type UploadOutput struct {
ClientID string `json:"client_id"`
*models.UploadResponse
}
type UploadRequest ¶
type UploadRequest struct {
File multipart.File
FileHeader *multipart.FileHeader
ClientIDs []string
GroupIDs []string
ClientTags *models.JobClientTags
Clients []*clientdata.Client
*models.UploadedFile
// contains filtered or unexported fields
}
func (UploadRequest) GetClientIDs ¶
func (ur UploadRequest) GetClientIDs() (ids []string)
func (UploadRequest) GetClientTags ¶
func (ur UploadRequest) GetClientTags() (clientTags *models.JobClientTags)
func (UploadRequest) GetGroupIDs ¶
func (ur UploadRequest) GetGroupIDs() (ids []string)
type UserPayload ¶
type UserPayload struct {
Username string `json:"username"`
PasswordExpired bool `json:"password_expired"`
Groups []string `json:"groups"`
TwoFASendTo string `json:"two_fa_send_to"`
EffectiveUserPermissions map[string]bool `json:"effective_user_permissions"`
EffectiveExtendedPermissions EffectiveExtendedPermissions `json:"effective_extended_permissions"`
GroupPermissionsEnabled bool `json:"group_permissions_enabled"`
}
type UserService ¶
type UserService interface {
GetAll() ([]*users.User, error)
GetByUsername(username string) (*users.User, error)
Change(*users.User, string) error
Delete(string) error
ExistGroups([]string) error
GetProviderType() enums.ProviderSource
ListGroups() ([]users.Group, error)
GetGroup(string) (users.Group, error)
UpdateGroup(string, users.Group) (users.Group, error)
DeleteGroup(string) error
CheckPermission(*users.User, string) error
SupportsGroupPermissions() bool
GetEffectiveUserPermissions(*users.User) (map[string]bool, error)
GetEffectiveUserExtendedPermissions(*users.User) ([]extperm.PermissionParams, []extperm.PermissionParams)
}
Source Files
¶
- 2fa_auth.go
- api.go
- api_handler_auditlog.go
- api_handler_client_attributes.go
- api_handler_clientgroups.go
- api_handler_clients.go
- api_handler_clientsauth.go
- api_handler_clienttags.go
- api_handler_commands.go
- api_handler_library.go
- api_handler_login.go
- api_handler_logout.go
- api_handler_me.go
- api_handler_monitoring.go
- api_handler_notifications.go
- api_handler_plus.go
- api_handler_plus_alerting.go
- api_handler_plus_alerting_rules_runner.go
- api_handler_schedules.go
- api_handler_scripts.go
- api_handler_status.go
- api_handler_storedtunnels.go
- api_handler_tunnels.go
- api_handler_users.go
- api_handler_vault.go
- api_handler_verify2fa.go
- api_helper_authorization.go
- api_helper_clients.go
- api_helper_commands.go
- api_helper_jobs.go
- api_helper_usergroups.go
- api_helper_users.go
- api_listener.go
- api_login_auth_provider.go
- api_middleware.go
- api_parser.go
- api_responses.go
- api_router.go
- api_ws.go
- client_listener.go
- client_status_check.go
- const.go
- plus.go
- server.go
- totp.go
- upload.go
Directories
Click to show internal directories.
Click to hide internal directories.