Affected by GO-2025-3917 and 2 other vulnerabilities

GO-2025-3917: NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector

GO-2025-3918: NeuVector admin account has insecure default password in github.com/neuvector/neuvector

GO-2025-3919: NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector

auth

package

v0.0.0-test Latest Latest Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 22 Imported by: 8

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/neuvector/neuvector

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GenerateSamlSP(csaml *share.CLUSServerSAML, spissuer string, redirurl string, ...) (*saml2.SAMLServiceProvider, error)
type LDAPClient
type RemoteAuthInterface
- func NewRemoteAuther(fakeTime *time.Time) RemoteAuthInterface

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultOIDCScopes []string = []string{oidc.ScopeOpenID, "profile", "email"}

View Source

var MandateOIDCScopes []string = []string{oidc.ScopeOpenID}

Functions ¶

func GenerateSamlSP ¶

func GenerateSamlSP(csaml *share.CLUSServerSAML, spissuer string, redirurl string, timeOverride *time.Time) (*saml2.SAMLServiceProvider, error)

Types ¶

type LDAPClient ¶

type LDAPClient struct {
	Conn               *ldap.Conn
	Attributes         []string
	BaseDN             string
	GroupDN            string
	BindDN             string
	BindPassword       string
	GroupFilter        string
	Host               string
	ServerName         string
	UserFilter         string
	Port               int
	InsecureSkipVerify bool // Skip TLS authentication
	UseSSL             bool // Use SSL/TLS to connect to LDAP server
	SkipTLS            bool // Do not fallback to TLS
	Timeout            time.Duration
}

func (*LDAPClient) Authenticate ¶

func (lc *LDAPClient) Authenticate(password string) (string, map[string]string, error)

Authenticate authenticates the user against the ldap backend.

func (*LDAPClient) Close ¶

func (lc *LDAPClient) Close()

Close closes the ldap backend connection.

func (*LDAPClient) Connect ¶

func (lc *LDAPClient) Connect() error

Connect connects to the ldap backend.

func (*LDAPClient) GetGroupsOfUser ¶

func (lc *LDAPClient) GetGroupsOfUser() ([]string, error)

GetGroupsOfUser returns the group for a user.

type RemoteAuthInterface ¶

type RemoteAuthInterface interface {
	LDAPAuth(ldap *share.CLUSServerLDAP, username, password string) (map[string]string, []string, error)

	SAMLSPGetLogoutURL(csaml *share.CLUSServerSAML, redir *api.RESTTokenRedirect, nameid string, sessionIndex string, overrides map[string]string) (string, error)
	SAMLSPGetRedirectURL(csaml *share.CLUSServerSAML, redir *api.RESTTokenRedirect, overrides map[string]string) (string, error)
	// Return Name ID, session index, and attributes.
	SAMLSPAuth(csaml *share.CLUSServerSAML, tokenData *api.RESTAuthToken) (string, string, map[string][]string, error)
	OIDCDiscover(issuer string, proxy string) (string, string, string, string, error)
	OIDCGetRedirectURL(csaml *share.CLUSServerOIDC, redir *api.RESTTokenRedirect) (string, error)
	OIDCAuth(coidc *share.CLUSServerOIDC, tokenData *api.RESTAuthToken) (map[string]interface{}, error)
}

func NewRemoteAuther ¶

func NewRemoteAuther(fakeTime *time.Time) RemoteAuthInterface

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
oidc Package oidc implements OpenID Connect client logic for the golang.org/x/oauth2 package.	Package oidc implements OpenID Connect client logic for the golang.org/x/oauth2 package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL