Documentation
¶
Overview ¶
Package insecureserverbind validates listen addresses for insecure, unauthenticated Kopia servers.
Index ¶
- Constants
- Variables
- func ParseListenHost(address string) (host string, isUnix bool, err error)
- func RestrictionApplies(insecure, withoutPassword, allowDangerousNetwork bool) bool
- func ValidateListenAddressFlag(address string) error
- func ValidateListenAddressIfRestricted(insecure, withoutPassword, allowDangerousNetwork bool, address string) error
- func ValidateListenerAddr(addr net.Addr) error
- func ValidateListenerAddrIfRestricted(insecure, withoutPassword, allowDangerousNetwork bool, addr net.Addr) error
Constants ¶
const AllowDangerousUnauthenticatedNetworkFlag = "allow-extremely-dangerous-unauthenticated-server-on-the-network"
AllowDangerousUnauthenticatedNetworkFlag is the CLI flag that disables bind restrictions.
const AllowDangerousUnauthenticatedNetworkFlagHelp = "Allow unauthenticated server to listen on non-loopback addresses; " +
"exposes full repository and control API to the network without authentication which allows any external attacker to take full control of the server host (extremely dangerous)"
AllowDangerousUnauthenticatedNetworkFlagHelp is the kingpin description for that flag.
Variables ¶
var ErrDisallowedPublicBind = errors.New("refusing to expose unauthenticated server on non-loopback network bind")
ErrDisallowedPublicBind is returned when the address would expose an unauthenticated server beyond loopback.
Functions ¶
func ParseListenHost ¶
ParseListenHost extracts the host part of a server listen address flag value. If isUnix is true, host is empty and the address refers to a Unix domain socket.
Unix detection runs after stripping a leading http:// or https:// (same as the server’s stripProtocol). Any form that becomes unix:… is treated as a Unix socket, including:
- unix:/path/to/socket
- http://unix:/path/to/socket
- https://unix:/path/to/socket
func RestrictionApplies ¶
RestrictionApplies reports whether insecure unauthenticated bind checks must run.
func ValidateListenAddressFlag ¶
ValidateListenAddressFlag checks that --address is safe for an insecure server without a UI password.
func ValidateListenAddressIfRestricted ¶
func ValidateListenAddressIfRestricted(insecure, withoutPassword, allowDangerousNetwork bool, address string) error
ValidateListenAddressIfRestricted runs ValidateListenAddressFlag only when RestrictionApplies is true.
func ValidateListenerAddr ¶
ValidateListenerAddr checks the bound listener address after Listen (covers socket activation).
func ValidateListenerAddrIfRestricted ¶
func ValidateListenerAddrIfRestricted(insecure, withoutPassword, allowDangerousNetwork bool, addr net.Addr) error
ValidateListenerAddrIfRestricted runs ValidateListenerAddr only when RestrictionApplies is true.
Types ¶
This section is empty.
Source Files