Affected by GO-2022-0278 and 5 other vulnerabilities

GO-2022-0278: Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux in github.com/containerd/containerd

GO-2022-0344: containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd

GO-2022-0360: Ambiguous OCI manifest parsing in github.com/containerd/containerd

GO-2022-0482: containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd

GO-2022-0938: Insufficiently restricted permissions on plugin directories in github.com/containerd/containerd

GO-2022-1147: containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd

The highest tagged major version is v2.

auth

package

v1.5.5 Latest Latest Go to latest Published: Jul 29, 2021 License: Apache-2.0 Imports: 12 Imported by: 16

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/containerd/containerd

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type AuthenticationScheme
type Challenge
- func ParseAuthHeader(header http.Header) []Challenge
type FetchTokenResponse
- func FetchToken(ctx context.Context, client *http.Client, headers http.Header, to TokenOptions) (*FetchTokenResponse, error)
type OAuthTokenResponse
- func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http.Header, clientID string, ...) (*OAuthTokenResponse, error)
type TokenOptions
- func GenerateTokenOptions(ctx context.Context, host, username, secret string, c Challenge) (TokenOptions, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrNoToken is returned if a request is successful but the body does not
	// contain an authorization token.
	ErrNoToken = errors.New("authorization server did not include a token in the response")
)

Functions ¶

This section is empty.

Types ¶

type AuthenticationScheme ¶

type AuthenticationScheme byte

AuthenticationScheme defines scheme of the authentication method

const (
	// BasicAuth is scheme for Basic HTTP Authentication RFC 7617
	BasicAuth AuthenticationScheme = 1 << iota
	// DigestAuth is scheme for HTTP Digest Access Authentication RFC 7616
	DigestAuth
	// BearerAuth is scheme for OAuth 2.0 Bearer Tokens RFC 6750
	BearerAuth
)

type Challenge ¶

type Challenge struct {
	// scheme is the auth-scheme according to RFC 2617
	Scheme AuthenticationScheme

	// parameters are the auth-params according to RFC 2617
	Parameters map[string]string
}

Challenge carries information from a WWW-Authenticate response header. See RFC 2617.

func ParseAuthHeader ¶

func ParseAuthHeader(header http.Header) []Challenge

ParseAuthHeader parses challenges from WWW-Authenticate header

type FetchTokenResponse ¶

type FetchTokenResponse struct {
	Token        string    `json:"token"`
	AccessToken  string    `json:"access_token"`
	ExpiresIn    int       `json:"expires_in"`
	IssuedAt     time.Time `json:"issued_at"`
	RefreshToken string    `json:"refresh_token"`
}

FetchTokenResponse is response from fetching token with GET request

func FetchToken ¶

func FetchToken(ctx context.Context, client *http.Client, headers http.Header, to TokenOptions) (*FetchTokenResponse, error)

FetchToken fetches a token using a GET request

type OAuthTokenResponse ¶

type OAuthTokenResponse struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token"`
	ExpiresIn    int       `json:"expires_in"`
	IssuedAt     time.Time `json:"issued_at"`
	Scope        string    `json:"scope"`
}

OAuthTokenResponse is response from fetching token with a OAuth POST request

func FetchTokenWithOAuth ¶

func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http.Header, clientID string, to TokenOptions) (*OAuthTokenResponse, error)

FetchTokenWithOAuth fetches a token using a POST request

type TokenOptions ¶

type TokenOptions struct {
	Realm    string
	Service  string
	Scopes   []string
	Username string
	Secret   string
}

TokenOptions are options for requesting a token

func GenerateTokenOptions ¶

func GenerateTokenOptions(ctx context.Context, host, username, secret string, c Challenge) (TokenOptions, error)

GenerateTokenOptions generates options for fetching a token based on a challenge

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL