GO-2024-2532: Boundary vulnerable to session hijacking through TLS certificate tampering in github.com/hashicorp/boundary

static

package

v0.9.1 Latest Latest Go to latest Published: Jul 6, 2022 License: MPL-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/boundary

Links

Open Source Insights

Documentation ¶

Overview ¶

Package static implements a credential store for static credentials.

Index ¶

Constants
type CredentialStore
- func (cs *CredentialStore) SetTableName(n string)
- func (cs *CredentialStore) TableName() string
type Option
type Repository
- func NewRepository(ctx context.Context, r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*Repository, error)
type UsernamePasswordCredential
- func (c *UsernamePasswordCredential) SetTableName(n string)
- func (c *UsernamePasswordCredential) TableName() string

Constants ¶

View Source

const (
	CredentialStorePrefix = "cs"
	CredentialPrefix      = "cred"

	Subtype                 = subtypes.Subtype("static")
	UsernamePasswordSubtype = subtypes.Subtype("username_password")
)

PublicId prefixes for the resources in the static package.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CredentialStore ¶

type CredentialStore struct {
	*store.CredentialStore
	// contains filtered or unexported fields
}

A CredentialStore contains credentials. It is owned by a scope.

func NewCredentialStore ¶

func NewCredentialStore(scopeId string, opt ...Option) (*CredentialStore, error)

NewCredentialStore creates a new in memory static CredentialStore assigned to scopeId. Name and description are the only valid options. All other options are ignored.

func TestCredentialStore ¶

func TestCredentialStore(t testing.TB, conn *db.DB, wrapper wrapping.Wrapper, scopeId string, opts ...Option) *CredentialStore

TestCredentialStore creates a static credential store in the provided DB with the provided scope and any values passed in through the Options vars. If any errors are encountered during the creation of the store, the test will fail.

func TestCredentialStores ¶

func TestCredentialStores(t testing.TB, conn *db.DB, wrapper wrapping.Wrapper, scopeId string, count int) []*CredentialStore

TestCredentialStores creates count number of static credential stores in the provided DB with the provided scope id. If any errors are encountered during the creation of the credential stores, the test will fail.

func (*CredentialStore) SetTableName ¶

func (cs *CredentialStore) SetTableName(n string)

SetTableName sets the table name.

func (*CredentialStore) TableName ¶

func (cs *CredentialStore) TableName() string

TableName returns the table name.

type Option ¶

type Option func(*options)

Option - how Options are passed as arguments.

func WithDescription ¶

func WithDescription(desc string) Option

WithDescription provides an optional description.

func WithLimit ¶

func WithLimit(l int) Option

WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

func WithName ¶

func WithName(name string) Option

WithName provides an optional name.

type Repository ¶

type Repository struct {
	// contains filtered or unexported fields
}

A Repository stores and retrieves the persistent types in the static package. It is not safe to use a repository concurrently.

func NewRepository ¶

func NewRepository(ctx context.Context, r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*Repository, error)

NewRepository creates a new Repository. The returned repository should only be used for one transaction and it is not safe for concurrent go routines to access it. WithLimit option is used as a repo wide default limit applied to all ListX methods.

func (*Repository) CreateCredentialStore ¶

func (r *Repository) CreateCredentialStore(ctx context.Context, cs *CredentialStore, _ ...Option) (*CredentialStore, error)

CreateCredentialStore inserts cs into the repository and returns a new CredentialStore containing the credential store's PublicId. cs is not changed. cs must not contain a PublicId. The PublicId is generated and assigned by this method. cs must contain a valid ScopeId.

Both cs.Name and cs.Description are optional. If cs.Name is set, it must be unique within cs.ScopeId. Both cs.CreateTime and cs.UpdateTime are ignored.

func (*Repository) CreateUsernamePasswordCredential ¶

func (r *Repository) CreateUsernamePasswordCredential(
	ctx context.Context,
	scopeId string,
	c *UsernamePasswordCredential,
	_ ...Option,
) (*UsernamePasswordCredential, error)

CreateUsernamePasswordCredential inserts c into the repository and returns a new UsernamePasswordCredential containing the credential's PublicId. c is not changed. c must not contain a PublicId. The PublicId is generated and assigned by this method. c must contain a valid StoreId.

The password is encrypted and a HmacSha256 of the password is calculated. Only the PasswordHmac is returned, the plain-text and encrypted password is not returned.

Both c.Name and c.Description are optional. If c.Name is set, it must be unique within c.ScopeId. Both c.CreateTime and c.UpdateTime are ignored.

func (*Repository) DeleteCredential ¶

func (r *Repository) DeleteCredential(ctx context.Context, scopeId, id string, _ ...Option) (int, error)

DeleteCredential deletes publicId from the repository and returns the number of records deleted. All options are ignored. TODO: This should hit a view...

func (*Repository) DeleteCredentialStore ¶

func (r *Repository) DeleteCredentialStore(ctx context.Context, publicId string, _ ...Option) (int, error)

DeleteCredentialStore deletes publicId from the repository and returns the number of records deleted. All options are ignored.

func (*Repository) ListCredentialStores ¶

func (r *Repository) ListCredentialStores(ctx context.Context, scopeIds []string, opt ...Option) ([]*CredentialStore, error)

ListCredentialStores returns a slice of CredentialStores for the scopeIds. WithLimit is the only option supported.

func (*Repository) ListCredentials ¶

func (r *Repository) ListCredentials(ctx context.Context, storeId string, opt ...Option) ([]*UsernamePasswordCredential, error)

ListCredentials returns a slice of UsernamePasswordCredentials for the scopeIds. WithLimit is the only option supported. TODO: This should hit a view and return the interface type...

func (*Repository) LookupCredential ¶

func (r *Repository) LookupCredential(ctx context.Context, publicId string, _ ...Option) (*UsernamePasswordCredential, error)

LookupCredential returns the Credential for the publicId. Returns nil, nil if no Credential is found for the publicId. TODO: This should hit a view and return the interface type...

func (*Repository) LookupCredentialStore ¶

func (r *Repository) LookupCredentialStore(ctx context.Context, publicId string, _ ...Option) (*CredentialStore, error)

LookupCredentialStore returns the CredentialStore for publicId. Returns nil, nil if no CredentialStore is found for publicId.

func (*Repository) Retrieve ¶

func (r *Repository) Retrieve(ctx context.Context, scopeId string, ids []string) ([]credential.Static, error)

Retrieve retrieves and returns static credentials from Boundary for all the provided ids. All the returned static credentials will have their secret fields decrypted.

func (*Repository) UpdateCredentialStore ¶

func (r *Repository) UpdateCredentialStore(ctx context.Context, cs *CredentialStore, version uint32, fieldMaskPaths []string, _ ...Option) (*CredentialStore, int, error)

UpdateCredentialStore updates the repository entry for cs.PublicId with the values in cs for the fields listed in fieldMaskPaths. It returns a new CredentialStore containing the updated values and a count of the number of records updated. cs is not changed.

cs must contain a valid PublicId. Only Name and Description can be changed. If cs.Name is set to a non-empty string, it must be unique within cs.ScopeId.

An attribute of cs will be set to NULL in the database if the attribute in cs is the zero value and it is included in fieldMaskPaths.

func (*Repository) UpdateUsernamePasswordCredential ¶

func (r *Repository) UpdateUsernamePasswordCredential(ctx context.Context,
	scopeId string,
	c *UsernamePasswordCredential,
	version uint32,
	fieldMaskPaths []string,
	_ ...Option,
) (*UsernamePasswordCredential, int, error)

UpdateUsernamePasswordCredential updates the repository entry for c.PublicId with the values in c for the fields listed in fieldMaskPaths. It returns a new UsernamePasswordCredential containing the updated values and a count of the number of records updated. c is not changed.

c must contain a valid PublicId. Only Name, Description, Username and Password can be changed. If c.Name is set to a non-empty string, it must be unique within c.ScopeId.

An attribute of c will be set to NULL in the database if the attribute in c is the zero value and it is included in fieldMaskPaths.

type UsernamePasswordCredential ¶

type UsernamePasswordCredential struct {
	*store.UsernamePasswordCredential
	// contains filtered or unexported fields
}

A UsernamePasswordCredential contains the credential with a username and password. It is owned by a credential store.

func NewUsernamePasswordCredential ¶

func NewUsernamePasswordCredential(
	storeId string,
	username string,
	password credential.Password,
	opt ...Option,
) (*UsernamePasswordCredential, error)

NewUsernamePasswordCredential creates a new in memory static Credential containing a username and password that is assigned to storeId. Name and description are the only valid options. All other options are ignored.

func TestUsernamePasswordCredential ¶

func TestUsernamePasswordCredential(
	t testing.TB,
	conn *db.DB,
	wrapper wrapping.Wrapper,
	username, password, storeId, scopeId string,
	opts ...Option,
) *UsernamePasswordCredential

TestUsernamePasswordCredential creates a username password credential in the provided DB with the provided scope and any values passed in through. If any errors are encountered during the creation of the store, the test will fail.

func TestUsernamePasswordCredentials ¶

func TestUsernamePasswordCredentials(
	t testing.TB,
	conn *db.DB,
	wrapper wrapping.Wrapper,
	username, password, storeId, scopeId string,
	count int,
) []*UsernamePasswordCredential

TestUsernamePasswordCredentials creates count number of username password credentials in the provided DB with the provided scope id. If any errors are encountered during the creation of the credentials, the test will fail.

func (*UsernamePasswordCredential) SetTableName ¶

func (c *UsernamePasswordCredential) SetTableName(n string)

SetTableName sets the table name.

func (*UsernamePasswordCredential) TableName ¶

func (c *UsernamePasswordCredential) TableName() string

TableName returns the table name.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
store

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL