From 023e32de0565ca3fdfa971b3af91c3f70c80840f Mon Sep 17 00:00:00 2001 From: Nolan Woods Date: Tue, 12 Oct 2021 10:32:46 -0700 Subject: [PATCH] lib/http: Factor password hash salt into options with default --- lib/http/auth/auth.go | 10 ++++++++-- lib/http/auth/basic.go | 4 ++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/http/auth/auth.go b/lib/http/auth/auth.go index f7e7143ba..59883bfdd 100644 --- a/lib/http/auth/auth.go +++ b/lib/http/auth/auth.go @@ -29,6 +29,8 @@ To create an htpasswd file: The password file can be updated while rclone is running. Use --realm to set the authentication realm. + +Use --salt to change the password hashing salt from the default. ` // CustomAuthFn if used will be used to authenticate user, pass. If an error @@ -43,6 +45,7 @@ type Options struct { Realm string // realm for authentication BasicUser string // single username for basic auth if not using Htpasswd BasicPass string // password for BasicUser + Salt string // password hashing salt Auth CustomAuthFn `json:"-"` // custom Auth (not set by command line flags) } @@ -53,14 +56,16 @@ func Auth(opt Options) http.Middleware { } else if opt.HtPasswd != "" { return HtPasswdAuth(opt.HtPasswd, opt.Realm) } else if opt.BasicUser != "" { - return SingleAuth(opt.BasicUser, opt.BasicPass, opt.Realm) + return SingleAuth(opt.BasicUser, opt.BasicPass, opt.Realm, opt.Salt) } return nil } // Options set by command line flags var ( - Opt = Options{} + Opt = Options{ + Salt: "dlPL2MqE", + } ) // AddFlagsPrefix adds flags for http/auth @@ -69,6 +74,7 @@ func AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string, Opt *Options) { flags.StringVarP(flagSet, &Opt.Realm, prefix+"realm", "", Opt.Realm, "realm for authentication") flags.StringVarP(flagSet, &Opt.BasicUser, prefix+"user", "", Opt.BasicUser, "User name for authentication.") flags.StringVarP(flagSet, &Opt.BasicPass, prefix+"pass", "", Opt.BasicPass, "Password for authentication.") + flags.StringVarP(flagSet, &Opt.Salt, prefix+"salt", "", Opt.Salt, "Password hashing salt") } // AddFlags adds flags for the http/auth diff --git a/lib/http/auth/basic.go b/lib/http/auth/basic.go index 17685e9a3..b2a2c658b 100644 --- a/lib/http/auth/basic.go +++ b/lib/http/auth/basic.go @@ -85,9 +85,9 @@ func HtPasswdAuth(path, realm string) httplib.Middleware { } // SingleAuth instantiates middleware that authenticates for a single user -func SingleAuth(user, pass, realm string) httplib.Middleware { +func SingleAuth(user, pass, realm, salt string) httplib.Middleware { fs.Infof(nil, "Using --user %s --pass XXXX as authenticated user", user) - pass = string(auth.MD5Crypt([]byte(pass), []byte("dlPL2MqE"), []byte("$1$"))) + pass = string(auth.MD5Crypt([]byte(pass), []byte(salt), []byte("$1$"))) secretProvider := func(u, r string) string { if user == u { return pass