forked from TrueCloudLab/rclone
lib/http: Factor password hash salt into options with default
This commit is contained in:
parent
b1cb41f8da
commit
023e32de05
2 changed files with 10 additions and 4 deletions
|
@ -29,6 +29,8 @@ To create an htpasswd file:
|
||||||
The password file can be updated while rclone is running.
|
The password file can be updated while rclone is running.
|
||||||
|
|
||||||
Use --realm to set the authentication realm.
|
Use --realm to set the authentication realm.
|
||||||
|
|
||||||
|
Use --salt to change the password hashing salt from the default.
|
||||||
`
|
`
|
||||||
|
|
||||||
// CustomAuthFn if used will be used to authenticate user, pass. If an error
|
// CustomAuthFn if used will be used to authenticate user, pass. If an error
|
||||||
|
@ -43,6 +45,7 @@ type Options struct {
|
||||||
Realm string // realm for authentication
|
Realm string // realm for authentication
|
||||||
BasicUser string // single username for basic auth if not using Htpasswd
|
BasicUser string // single username for basic auth if not using Htpasswd
|
||||||
BasicPass string // password for BasicUser
|
BasicPass string // password for BasicUser
|
||||||
|
Salt string // password hashing salt
|
||||||
Auth CustomAuthFn `json:"-"` // custom Auth (not set by command line flags)
|
Auth CustomAuthFn `json:"-"` // custom Auth (not set by command line flags)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -53,14 +56,16 @@ func Auth(opt Options) http.Middleware {
|
||||||
} else if opt.HtPasswd != "" {
|
} else if opt.HtPasswd != "" {
|
||||||
return HtPasswdAuth(opt.HtPasswd, opt.Realm)
|
return HtPasswdAuth(opt.HtPasswd, opt.Realm)
|
||||||
} else if opt.BasicUser != "" {
|
} else if opt.BasicUser != "" {
|
||||||
return SingleAuth(opt.BasicUser, opt.BasicPass, opt.Realm)
|
return SingleAuth(opt.BasicUser, opt.BasicPass, opt.Realm, opt.Salt)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Options set by command line flags
|
// Options set by command line flags
|
||||||
var (
|
var (
|
||||||
Opt = Options{}
|
Opt = Options{
|
||||||
|
Salt: "dlPL2MqE",
|
||||||
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
// AddFlagsPrefix adds flags for http/auth
|
// AddFlagsPrefix adds flags for http/auth
|
||||||
|
@ -69,6 +74,7 @@ func AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string, Opt *Options) {
|
||||||
flags.StringVarP(flagSet, &Opt.Realm, prefix+"realm", "", Opt.Realm, "realm for authentication")
|
flags.StringVarP(flagSet, &Opt.Realm, prefix+"realm", "", Opt.Realm, "realm for authentication")
|
||||||
flags.StringVarP(flagSet, &Opt.BasicUser, prefix+"user", "", Opt.BasicUser, "User name for authentication.")
|
flags.StringVarP(flagSet, &Opt.BasicUser, prefix+"user", "", Opt.BasicUser, "User name for authentication.")
|
||||||
flags.StringVarP(flagSet, &Opt.BasicPass, prefix+"pass", "", Opt.BasicPass, "Password for authentication.")
|
flags.StringVarP(flagSet, &Opt.BasicPass, prefix+"pass", "", Opt.BasicPass, "Password for authentication.")
|
||||||
|
flags.StringVarP(flagSet, &Opt.Salt, prefix+"salt", "", Opt.Salt, "Password hashing salt")
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddFlags adds flags for the http/auth
|
// AddFlags adds flags for the http/auth
|
||||||
|
|
|
@ -85,9 +85,9 @@ func HtPasswdAuth(path, realm string) httplib.Middleware {
|
||||||
}
|
}
|
||||||
|
|
||||||
// SingleAuth instantiates middleware that authenticates for a single user
|
// SingleAuth instantiates middleware that authenticates for a single user
|
||||||
func SingleAuth(user, pass, realm string) httplib.Middleware {
|
func SingleAuth(user, pass, realm, salt string) httplib.Middleware {
|
||||||
fs.Infof(nil, "Using --user %s --pass XXXX as authenticated user", user)
|
fs.Infof(nil, "Using --user %s --pass XXXX as authenticated user", user)
|
||||||
pass = string(auth.MD5Crypt([]byte(pass), []byte("dlPL2MqE"), []byte("$1$")))
|
pass = string(auth.MD5Crypt([]byte(pass), []byte(salt), []byte("$1$")))
|
||||||
secretProvider := func(u, r string) string {
|
secretProvider := func(u, r string) string {
|
||||||
if user == u {
|
if user == u {
|
||||||
return pass
|
return pass
|
||||||
|
|
Loading…
Reference in a new issue