Copyright 2017 Gravitational, Inc.

package socks implements a SOCKS5 handshake.

AsBool converts string to bool, in case of the value is empty or unknown, defaults to false.

CalculateSKPI the hash value of the SPKI header in a certificate.

CheckCertificateFormatFlag checks if the certificate format is valid.

CheckSKPI the passed in pin against the calculated value from a certificate.

CheckVersions compares client and server versions and makes sure that the client version is greater than or equal to the minimum version supported by the server.

CipherSuiteMapping transforms Teleport formatted cipher suites strings into uint16 IDs.

ClickableURL fixes address in url to make sure it's clickable, e.g.

Consolef prints the same message to a 'ui console' (if defined) and also to the logger with INFO priority.

ContainsExpansion returns true if value contains expansion syntax, e.g.

CopyByteSlice returns a copy of the byte slice.

CopyByteSlices returns a copy of the byte slices.

CopyStringMap makes a deep copy of a map[string]string and returns the copy.

CopyStringMapInterface makes a deep copy of the passed in map[string]interface{} and returns the copy.

CopyStringMapSlices makes a deep copy of the passed in map[string][]string and returns the copy.

CopyStrings makes a deep copy of the passed in string slice and returns the copy.

CreateTLSConfiguration sets up default TLS configuration.

CryptoRandomHex returns hex encoded random string generated with crypto-strong pseudo random generator of the given bytes.

Deduplicate deduplicates list of strings.

DefaultCipherSuites returns the default list of cipher suites that Teleport supports.

DialAddrFromListenAddr returns dial address from listen address.

DualPipeAddrConn creates a net.Pipe to connect a client and a server.

EnsureLocalPath makes sure the path exists, or, if omitted results in the subpath in default gravity config directory, e.g.

EscapeControl escapes all ANSI escape sequences from string and returns a string that is safe to print on the CLI.

Extract extracts the contents of the specified tarball under dir.

FastMarshal uses the json-iterator library for fast JSON marshalling.

FastUnmarshal uses the json-iterator library for fast JSON unmarshalling.

FatalError is for CLI front-ends: it detects gravitational/trace debugging information, sends it to the logger, strips it off and prints a clean message to stderr.

FromAddr returns NetAddr from golang standard net.Addr.

FSReadLock grabs Flock-style filesystem lock on an open file in read (shared) mode.

FSTryWriteLock tries to grab write lock, returns CompareFailed if lock is already grabbed.

FSUnlock unlcocks Flock-style filesystem lock.

FSWriteLock grabs Flock-style filesystem lock on an open file in exclusive mode.

GenerateOTPURL returns a OTP Key URL that can be used to construct a HOTP or TOTP key.

GenerateQRCode takes in a OTP Key URL and returns a PNG-encoded QR code.

GenerateSelfSignedCert generates a self signed certificate that is valid for given domain names and ips, returns PEM-encoded bytes with key and cert.

GenerateSelfSignedSigningCert generates self-signed certificate used for digital signatures.

GetFreeTCPPorts returns n ports starting from port 20000.

GetListenerFile returns file associated with listener.

GlobToRegexp replaces glob-style standalone wildcard values with real .* regexp-friendly values, does not modify regexp-compatible values, quotes non-wildcard values.

GuessIP tries to guess an IP address this machine is reachable at on the internal network, always picking IPv4 from the internal address space If no internal IPs are found, it returns 127.0.0.1 but it never returns an address from the public IP space.

Host extracts host from host:port string.

HumanTimeFormat formats time as recognized by humans.

InitCLIParser configures kingpin command line args parser with some defaults common for all Teleport CLI tools.

InitLogger configures the global logger for a given purpose / verbosity level.

InterfaceMapsEqual returns true if two interface maps are equal.

IsDir is a helper function to quickly check if a given path is a valid directory.

IsFile returns true if a given file path points to an existing file.

IsGroupMember returns whether currently logged user is a member of a group.

IsHandshakeFailedError specifies whether this error indicates failed handshake.

IsLocalhost returns true if this is a local hostname or ip.

IsLoopback returns 'true' if a given hostname resolves to local host's loopback interface.

IsSelfSigned checks if the certificate is a self-signed certificate.

IsShellFailedError specifies whether this error indicates failed attempt to start shell.

JoinAddrSlices joins two addr slices and returns a resulting slice.

JoinStringSlices joins two string slices and returns a resulting slice.

ListenTLS sets up TLS listener for the http handler, starts listening on a TCP socket and returns the socket which is ready to be used for http.Serve.

MinTTL finds min non 0 TTL duration, if both durations are 0, fails.

MkdirAll creates directory and subdirectories.

MultiCloser implements io.Close, it sequentially calls Close() on each object.

MustParseAddr parses the provided string into NetAddr or panics on an error.

NewBroadcastWriter returns new broadcast writer.

NewCloseBroadcaster returns new instance of close broadcaster.

NewCloserConn returns new connection wrapper that when closed will also close passed closers.

NewFakeUID returns a new fake UID generator used in tests.

NewFileAddrStorage returns new instance of file-based address storage.

NewHMACAnonymizer returns a new HMAC-based anonymizer.

NewLoadBalancer returns new load balancer listening on frontend and redirecting requests to backends using round robin algo.

NewRealUID returns a new real UID generator.

NewSyncBuffer returns new in memory buffer.

NormalizePath normalises path, evaluating symlinks and converting local paths to absolute.

ObeyIdleTimeout wraps an existing network connection with timeout-obeying Write() and Read() - it will drop the connection after 'timeout' on idle Example: ObeyIdletimeout(conn, time.Second * 60, "api server").

ObjectToStruct is converts any structure into JSON and then unmarshalls it into another structure.

OpenFile opens file and returns file handle.

ParseAddr takes strings like "tcp://host:port/path" and returns *NetAddr or an error.

ParseAdvertiseAddress validates advertise address, makes sure it's not an unreachable or multicast address returns address split into host and port, port could be empty if not specified.

ParseBool parses string as boolean value, returns error in case if value is not recognized.

ParseCertificatePEM parses PEM-encoded certificate.

ParseCertificateRequestPEM parses PEM-encoded certificate signing request.

ParseHostPortAddr takes strings like "host:port" and returns *NetAddr or an error If defaultPort == -1 it expects 'hostport' string to have it.

ParseOnOff parses whether value is "on" or "off", parameterName is passed for error reporting purposes, defaultValue is returned when no value is set.

ParsePrivateKeyDER parses unencrypted DER-encoded private key.

ParsePrivateKeyPEM parses PEM-encoded private key.

ParseSessionsURI parses uri per convention of session upload URIs file is a default scheme.

ParseSigningKeyStore parses signing key store from PEM encoded key pair.

ParseWebLinks partially implements RFC 8288 parsing, enough to support GitHub pagination links.

PrintVersion prints human readable version.

RandomDuration returns a duration in a range [0, max).

ReadAll is similarl to ioutil.ReadAll, except it doesn't use ever-increasing internal buffer, instead asking for the exact buffer size.

ReadCertificateChain parses PEM encoded bytes that can contain one or multiple certificates and returns a slice of x509.Certificate.

ReadEnvironmentFile will read environment variables from a passed in location.

ReadHostUUID reads host UUID from the file in the data dir.

ReadOrMakeHostUUID looks for a hostid file in the data dir.

ReadYAML can unmarshal a stream of documents, used in tests.

RemoveFromSlice makes a copy of the slice and removes the passed in values from the copy.

ReplaceLocalhost checks if a given address is link-local (like 0.0.0.0 or 127.0.0.1) and replaces it with the IP taken from replaceWith, preserving the original port Both addresses are in "host:port" format The function returns the original value if it encounters any problems with parsing.

ReplaceRegexp replaces value in string, accepts regular expression and simplified wildcard syntax, it has several important differeneces with standard lib regexp replacer: * Wildcard globs '*' are treated as regular expression .* expression * Expression is treated as regular expression if it starts with ^ and ends with $ * Full match is expected, partial replacements ignored * If there is no match, returns not found error.

Roundtrip is a single connection simplistic HTTP client that allows us to bypass a connection pool to test load balancing used in tests, as it only supports GET request on /.

RoundtripWithConn uses HTTP GET on the existing connection, used in tests as it only performs GET request on /.

SliceContainsStr returns 'true' if the slice contains the given value.

SliceMatchesRegex checks if input matches any of the expressions.

SplitHostPort splits host and port and checks that host is not empty.

StatDir stats directory, returns error if file exists, but not a directory.

StringMapsEqual returns true if two strings maps are equal.

StringMapSlicesEqual returns true if two maps of string slices are equal.

StringSlicesEqual returns true if string slices equal.

StringsSet creates set of string (map[string]struct{}) from a list of strings.

SwitchLoggingtoSyslog tells the logger to send the output to syslog.

TLSConfig returns default TLS configuration strong defaults.

TLSDial dials and establishes TLS connection using custom dialer is similar to tls.DialWithDialer.

ToJSON converts a single YAML document into a JSON document or returns an error.

ToTTL converts expiration time to TTL duration relative to current time as provided by clock.

UnmarshalWithSchema processes YAML or JSON encoded object with JSON schema, sets defaults and unmarshals resulting object into given struct.

UserMessageFromError returns user friendly error message from error.

UTC converts time to UTC timezone.

VerifyCertificateChain reads in chain of certificates and makes sure the chain from leaf to root is valid.

WriteHostUUID writes host UUID into a file.

WriteYAML detects whether value is a list and marshals multiple documents delimited by `---`, otherwise, marshals a single value.

CertExtensionAuthority specifies teleport authority's name that signed this domain.

CertExtensionRole specifies teleport role.

CertTeleportClusterName is a name of the teleport cluster.

CertTeleportUser specifies teleport user.

CertTeleportUserCA specifies teleport certificate authority.

CertTeleportUserCertificate is the certificate of the authenticated in user.

DefaultCertTTL sets the TTL of the self-signed certificate (1 year).

DefaultLRUCapacity is a capacity for LRU session cache.

HostUUIDFile is the file name where the host UUID file is stored.

HumanTimeFormatString is a human readable date formatting.

PortStartingNumber is a starting port number for tests.

BroadcastWriter broadcasts all writes to all writers.

CloseBroadcaster is a helper struct that implements io.Closer and uses channel to broadcast it's closed state once called.

CloserConn wraps connection and attaches additional closers to it.

FileAddrStorage is a file based address storage.

LoadBalancer implements naive round robin TCP load balancer used in tests.

NetAddr is network address that includes network, optional path and host port.

PipeNetConn implemetns net.Conn from io.Reader,io.Writer and io.Closer.

RemoveDirCloser removes directory and all it's contents when Close is called.

SigningKeyStore is used to sign using X509 digital signatures.

SyncBuffer is in memory bytes buffer that is safe for concurrent writes.

SyncString is a string value that can be concurrently accessed.

TimeoutConn wraps an existing net.Conn and adds read/write timeouts for it, allowing to implement "disconnect after XX of idle time" policy Usage example: tc := utils.ObeyIdleTimeout(conn, time.Second * 30, "ssh connection") io.Copy(tc, xxx) .

TLSCredentials keeps the typical 3 components of a proper HTTPS configuration.

WebLinks holds the pagination links parsed out of a request header conforming to RFC 8288.

WebSockWrapper wraps the raw websocket and converts Write() calls to proper websocket.Send() working in binary or text mode.

AddrStorage is used to store information locally for every client that connects in the cluster, so it can always have up-to-date info about auth servers.

Anonymizer defines an interface for anonymizing data.

UID provides an interface for generating unique identifiers.

DialWithContext dials with context.

NetAddrList is a list of NetAddrs that supports helper methods for parsing from CLI tools.

NetAddrVal can be used with flag package.

PortList is a list of TCP port.

Strings is a list of string that can unmarshal from list of strings or a scalar string from scalar yaml or json property.

WebSocketMode allows to create WebSocket wrappers working in text or binary mode.