Affected by GO-2022-1021 and 16 other vulnerabilities

GO-2022-1021: HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2063: HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-2982: Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault

GO-2024-3162: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

GO-2024-3246: Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault

cluster

package

v1.10.4 Latest Latest Go to latest Published: Jun 6, 2022 License: MPL-2.0 Imports: 20 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Client
type ClusterHook
type ConnectionInfo
type Handler
type InmemLayer
- func NewInmemLayer(addr string, logger log.Logger) *InmemLayer
- func (l *InmemLayer) Addrs() []net.Addr
- func (l *InmemLayer) Close() error
- func (l *InmemLayer) Connect(remote *InmemLayer)
- func (l *InmemLayer) Dial(addr string, timeout time.Duration, tlsConfig *tls.Config) (*tls.Conn, error)
- func (l *InmemLayer) Disconnect(peer string)
- func (l *InmemLayer) DisconnectAll()
- func (l *InmemLayer) Listeners() []NetworkListener
- func (l *InmemLayer) SetConnectionCh(ch chan *ConnectionInfo)
- func (l *InmemLayer) SetReaderDelay(delay time.Duration)
type InmemLayerCluster
- func NewInmemLayerCluster(clusterName string, nodes int, logger log.Logger) (*InmemLayerCluster, error)
- func (ic *InmemLayerCluster) ConnectCluster(remote *InmemLayerCluster)
- func (ic *InmemLayerCluster) Layers() []NetworkLayer
- func (ic *InmemLayerCluster) SetConnectionCh(ch chan *ConnectionInfo)
- func (ic *InmemLayerCluster) SetReaderDelay(delay time.Duration)
type Listener
- func NewListener(networkLayer NetworkLayer, cipherSuites []uint16, logger log.Logger, ...) *Listener
- func (cl *Listener) AddClient(alpn string, client Client)
- func (cl *Listener) AddHandler(alpn string, handler Handler)
- func (cl *Listener) Addr() net.Addr
- func (cl *Listener) Addrs() []net.Addr
- func (cl *Listener) GetDialerFunc(ctx context.Context, alpn string) func(string, time.Duration) (net.Conn, error)
- func (cl *Listener) Handler(alpn string) (Handler, bool)
- func (cl *Listener) RemoveClient(alpn string)
- func (cl *Listener) Run(ctx context.Context) error
- func (cl *Listener) Server() *http2.Server
- func (cl *Listener) SetAdvertiseAddr(addr string) error
- func (cl *Listener) Stop()
- func (cl *Listener) StopHandler(alpn string)
- func (cl *Listener) TLSConfig(ctx context.Context) (*tls.Config, error)
type NetAddr
- func (*NetAddr) Network() string
- func (c *NetAddr) String() string
type NetworkLayer
type NetworkLayerSet
type NetworkListener
type TCPLayer
- func NewTCPLayer(addrs []*net.TCPAddr, logger log.Logger) *TCPLayer
- func (l *TCPLayer) Addrs() []net.Addr
- func (l *TCPLayer) Close() error
- func (l *TCPLayer) Dial(address string, timeout time.Duration, tlsConfig *tls.Config) (*tls.Conn, error)
- func (l *TCPLayer) Listeners() []NetworkListener

Constants ¶

View Source

const (
	ListenerAcceptDeadline = 500 * time.Millisecond
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client interface {
	ClientLookup(context.Context, *tls.CertificateRequestInfo) (*tls.Certificate, error)
	ServerName() string
	CACert(ctx context.Context) *x509.Certificate
}

Client is used to lookup a client certificate.

type ClusterHook ¶

type ClusterHook interface {
	AddClient(alpn string, client Client)
	RemoveClient(alpn string)
	AddHandler(alpn string, handler Handler)
	StopHandler(alpn string)
	TLSConfig(ctx context.Context) (*tls.Config, error)
	Addr() net.Addr
	GetDialerFunc(ctx context.Context, alpnProto string) func(string, time.Duration) (net.Conn, error)
}

type ConnectionInfo ¶ added in v1.4.0

type ConnectionInfo struct {
	Node     string
	Remote   string
	IsServer bool
	ALPN     string
}

type Handler ¶

type Handler interface {
	ServerLookup(context.Context, *tls.ClientHelloInfo) (*tls.Certificate, error)
	CALookup(context.Context) ([]*x509.Certificate, error)

	// Handoff is used to pass the connection lifetime off to
	// the handler
	Handoff(context.Context, *sync.WaitGroup, chan struct{}, *tls.Conn) error
	Stop() error
}

Handler exposes functions for looking up TLS configuration and handing off a connection for a cluster listener application.

type InmemLayer ¶ added in v1.4.0

type InmemLayer struct {
	// contains filtered or unexported fields
}

InmemLayer is an in-memory implementation of NetworkLayer. This is primarially useful for tests.

func NewInmemLayer ¶ added in v1.4.0

func NewInmemLayer(addr string, logger log.Logger) *InmemLayer

NewInmemLayer returns a new in-memory layer configured to listen on the provided address.

func (*InmemLayer) Addrs ¶ added in v1.4.0

func (l *InmemLayer) Addrs() []net.Addr

Addrs implements NetworkLayer.

func (*InmemLayer) Close ¶ added in v1.4.0

func (l *InmemLayer) Close() error

Close is used to permanently disable the transport

func (*InmemLayer) Connect ¶ added in v1.4.0

func (l *InmemLayer) Connect(remote *InmemLayer)

Connect is used to connect this transport to another transport for a given peer name. This allows for local routing.

func (*InmemLayer) Dial ¶ added in v1.4.0

func (l *InmemLayer) Dial(addr string, timeout time.Duration, tlsConfig *tls.Config) (*tls.Conn, error)

Dial implements NetworkLayer.

func (*InmemLayer) Disconnect ¶ added in v1.4.0

func (l *InmemLayer) Disconnect(peer string)

Disconnect is used to remove the ability to route to a given peer.

func (*InmemLayer) DisconnectAll ¶ added in v1.4.0

func (l *InmemLayer) DisconnectAll()

DisconnectAll is used to remove all routes to peers.

func (*InmemLayer) Listeners ¶ added in v1.4.0

func (l *InmemLayer) Listeners() []NetworkListener

Listeners implements NetworkLayer.

func (*InmemLayer) SetConnectionCh ¶ added in v1.4.0

func (l *InmemLayer) SetConnectionCh(ch chan *ConnectionInfo)

func (*InmemLayer) SetReaderDelay ¶ added in v1.5.4

func (l *InmemLayer) SetReaderDelay(delay time.Duration)

type InmemLayerCluster ¶ added in v1.4.0

type InmemLayerCluster struct {
	// contains filtered or unexported fields
}

InmemLayerCluster composes a set of layers and handles connecting them all together. It also satisfies the NetworkLayerSet interface.

func NewInmemLayerCluster ¶ added in v1.4.0

func NewInmemLayerCluster(clusterName string, nodes int, logger log.Logger) (*InmemLayerCluster, error)

NewInmemLayerCluster returns a new in-memory layer set that builds n nodes and connects them all together.

func (*InmemLayerCluster) ConnectCluster ¶ added in v1.4.0

func (ic *InmemLayerCluster) ConnectCluster(remote *InmemLayerCluster)

ConnectCluster connects this cluster with the provided remote cluster, connecting all nodes to each other.

func (*InmemLayerCluster) Layers ¶ added in v1.4.0

func (ic *InmemLayerCluster) Layers() []NetworkLayer

Layers implements the NetworkLayerSet interface.

func (*InmemLayerCluster) SetConnectionCh ¶ added in v1.4.0

func (ic *InmemLayerCluster) SetConnectionCh(ch chan *ConnectionInfo)

func (*InmemLayerCluster) SetReaderDelay ¶ added in v1.5.4

func (ic *InmemLayerCluster) SetReaderDelay(delay time.Duration)

type Listener ¶

type Listener struct {
	// contains filtered or unexported fields
}

Listener is the source of truth for cluster handlers and connection clients. It dynamically builds the cluster TLS information. It's also responsible for starting tcp listeners and accepting new cluster connections.

func NewListener ¶

func NewListener(networkLayer NetworkLayer, cipherSuites []uint16, logger log.Logger, idleTimeout time.Duration) *Listener

func (*Listener) AddClient ¶

func (cl *Listener) AddClient(alpn string, client Client)

AddClient adds a new client for an ALPN name

func (*Listener) AddHandler ¶

func (cl *Listener) AddHandler(alpn string, handler Handler)

AddHandler registers a new cluster handler for the provided ALPN name.

func (*Listener) Addr ¶

func (cl *Listener) Addr() net.Addr

func (*Listener) Addrs ¶

func (cl *Listener) Addrs() []net.Addr

func (*Listener) GetDialerFunc ¶ added in v1.4.0

func (cl *Listener) GetDialerFunc(ctx context.Context, alpn string) func(string, time.Duration) (net.Conn, error)

GetDialerFunc returns a function that looks up the TLS information for the provided alpn name and calls the network layer's dial function.

func (*Listener) Handler ¶

func (cl *Listener) Handler(alpn string) (Handler, bool)

Handler returns the handler for the provided ALPN name

func (*Listener) RemoveClient ¶

func (cl *Listener) RemoveClient(alpn string)

RemoveClient removes the client for the specified ALPN name

func (*Listener) Run ¶

func (cl *Listener) Run(ctx context.Context) error

Run starts the tcp listeners and will accept connections until stop is called. This function blocks so should be called in a goroutine.

func (*Listener) Server ¶

func (cl *Listener) Server() *http2.Server

Server returns the http2 server that the cluster listener is using

func (*Listener) SetAdvertiseAddr ¶ added in v1.4.2

func (cl *Listener) SetAdvertiseAddr(addr string) error

func (*Listener) Stop ¶

func (cl *Listener) Stop()

Stop stops the cluster listener

func (*Listener) StopHandler ¶

func (cl *Listener) StopHandler(alpn string)

StopHandler stops the cluster handler for the provided ALPN name, it also calls stop on the handler.

func (*Listener) TLSConfig ¶

func (cl *Listener) TLSConfig(ctx context.Context) (*tls.Config, error)

TLSConfig returns a tls config object that uses dynamic lookups to correctly authenticate registered handlers/clients

type NetAddr ¶ added in v1.4.2

type NetAddr struct {
	Host string
}

func (*NetAddr) Network ¶ added in v1.4.2

func (*NetAddr) Network() string

func (*NetAddr) String ¶ added in v1.4.2

func (c *NetAddr) String() string

type NetworkLayer ¶ added in v1.4.0

type NetworkLayer interface {
	Addrs() []net.Addr
	Listeners() []NetworkListener
	Dial(address string, timeout time.Duration, tlsConfig *tls.Config) (*tls.Conn, error)
	Close() error
}

NetworkLayer is the network abstraction used in the cluster listener. Abstracting the network layer out allows us to swap the underlying implementations for tests.

type NetworkLayerSet ¶ added in v1.4.0

type NetworkLayerSet interface {
	Layers() []NetworkLayer
}

NetworkLayerSet is used for returning a slice of layers to a caller.

type NetworkListener ¶ added in v1.4.0

type NetworkListener interface {
	net.Listener

	SetDeadline(t time.Time) error
}

NetworkListener is used by the network layer to define a net.Listener for use in the cluster listener.

type TCPLayer ¶ added in v1.4.0

type TCPLayer struct {
	// contains filtered or unexported fields
}

TCPLayer implements the NetworkLayer interface and uses TCP as the underlying network.

func NewTCPLayer ¶ added in v1.4.0

func NewTCPLayer(addrs []*net.TCPAddr, logger log.Logger) *TCPLayer

NewTCPLayer returns a TCPLayer.

func (*TCPLayer) Addrs ¶ added in v1.4.0

func (l *TCPLayer) Addrs() []net.Addr

Addrs implements NetworkLayer.

func (*TCPLayer) Close ¶ added in v1.4.0

func (l *TCPLayer) Close() error

Close implements the NetworkLayer interface.

func (*TCPLayer) Dial ¶ added in v1.4.0

func (l *TCPLayer) Dial(address string, timeout time.Duration, tlsConfig *tls.Config) (*tls.Conn, error)

Dial implements the NetworkLayer interface.

func (*TCPLayer) Listeners ¶ added in v1.4.0

func (l *TCPLayer) Listeners() []NetworkListener

Listeners implements NetworkLayer. It starts a new TCP listener for each configured address.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL