peertracker

package
v1.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2022 License: Apache-2.0 Imports: 17 Imported by: 5

Documentation

Overview

Package peertracker handles attestation security for the SPIFFE Workload API. It does so in part by implementing the `net.Listener` interface and the gRPC credential interface, the functions of which are dependent on the underlying platform. Currently, UNIX domain sockets are supported on Linux, Darwin and the BSDs. TCP is supported on Windows.

To accomplish the attestation security required by SPIFFE and SPIRE, this package provides process tracking - namely, exit detection. By using the included listener, `net.Conn`s can be cast back into the *peertracker.Conn type which allows access to caller information and liveness checks. By further utilizing the included gRPC credentials, this information can be extracted directly from the context by dependent handlers.

Consumers that wish to use the included PID information for additional process interrogation should call IsAlive() following its use to ensure that the original caller is still alive and that the PID has not been reused.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidConnection    = errors.New("invalid connection")
	ErrUnsupportedPlatform  = errors.New("unsupported platform")
	ErrUnsupportedTransport = errors.New("unsupported transport")
)

Functions

func NewCredentials 

func NewCredentials() credentials.TransportCredentials

Types

type AuthInfo 

type AuthInfo struct {
	Caller  CallerInfo
	Watcher Watcher
}

func AuthInfoFromContext 

func AuthInfoFromContext(ctx context.Context) (AuthInfo, bool)

func (AuthInfo) AuthType 

func (AuthInfo) AuthType() string

AuthType returns the authentication type and allows us to conform to the gRPC AuthInfo interface

type CallerInfo 

type CallerInfo struct {
	Addr net.Addr
	PID  int32
	UID  uint32
	GID  uint32
}

func CallerFromContext 

func CallerFromContext(ctx context.Context) (CallerInfo, bool)

func CallerFromTCPConn added in v1.2.1 

func CallerFromTCPConn(conn net.Conn) (CallerInfo, error)

func CallerFromUDSConn 

func CallerFromUDSConn(conn net.Conn) (CallerInfo, error)

type Conn 

type Conn struct {
	net.Conn
	Info AuthInfo
}

func (*Conn) Close 

func (c *Conn) Close() error

type Listener 

type Listener struct {
	Tracker PeerTracker
	// contains filtered or unexported fields
}

func (*Listener) Accept 

func (l *Listener) Accept() (net.Conn, error)

func (*Listener) Addr 

func (l *Listener) Addr() net.Addr

func (*Listener) Close 

func (l *Listener) Close() error

type ListenerFactory 

type ListenerFactory struct {
	Log             logrus.FieldLogger
	NewTracker      func(log logrus.FieldLogger) (PeerTracker, error)
	NewUnixListener func(network string, laddr *net.UnixAddr) (*net.UnixListener, error)
	NewTCPListener  func(network string, laddr *net.TCPAddr) (*net.TCPListener, error)
}

func (*ListenerFactory) ListenTCP added in v1.2.1 

func (lf *ListenerFactory) ListenTCP(network string, laddr *net.TCPAddr) (*Listener, error)

func (*ListenerFactory) ListenUnix 

func (lf *ListenerFactory) ListenUnix(network string, laddr *net.UnixAddr) (*Listener, error)

type PeerTracker 

type PeerTracker interface {
	Close()
	NewWatcher(CallerInfo) (Watcher, error)
}

func NewTracker 

func NewTracker(log logrus.FieldLogger) (PeerTracker, error)

NewTracker creates a new platform-specific peer tracker. Close() must be called when done to release associated resources.

type Watcher 

type Watcher interface {
	Close()
	IsAlive() error
	PID() int32
}

func WatcherFromContext 

func WatcherFromContext(ctx context.Context) (Watcher, bool)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.