forked from TrueCloudLab/distribution
Removed dashes from comments, unexported htpasswd struct
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
This commit is contained in:
Dave Trombley
Stephen J Day
parent
15bbde99c1
commit
fe9ca88946
2 changed files with 19 additions and 22 deletions
|
|
@ -2,9 +2,6 @@
|
||||||
// user credential hash in an htpasswd formatted file in a configuration-determined
|
// user credential hash in an htpasswd formatted file in a configuration-determined
|
||||||
// location.
|
// location.
|
||||||
//
|
//
|
||||||
// The use of SHA hashes (htpasswd -s) is enforced since MD5 is insecure and simple
|
|
||||||
// system crypt() may be as well.
|
|
||||||
//
|
|
||||||
// This authentication method MUST be used under TLS, as simple token-replay attack is possible.
|
// This authentication method MUST be used under TLS, as simple token-replay attack is possible.
|
||||||
package basic
|
package basic
|
||||||
|
|
||||||
|
|
@ -20,7 +17,7 @@ import (
|
||||||
|
|
||||||
type accessController struct {
|
type accessController struct {
|
||||||
realm string
|
realm string
|
||||||
htpasswd *HTPasswd
|
htpasswd *htpasswd
|
||||||
}
|
}
|
||||||
|
|
||||||
type challenge struct {
|
type challenge struct {
|
||||||
|
|
@ -30,9 +27,9 @@ type challenge struct {
|
||||||
|
|
||||||
var _ auth.AccessController = &accessController{}
|
var _ auth.AccessController = &accessController{}
|
||||||
var (
|
var (
|
||||||
// ErrPasswordRequired - returned when no auth token is given.
|
// ErrPasswordRequired Returned when no auth token is given.
|
||||||
ErrPasswordRequired = errors.New("authorization credential required")
|
ErrPasswordRequired = errors.New("authorization credential required")
|
||||||
// ErrInvalidCredential - returned when the auth token does not authenticate correctly.
|
// ErrInvalidCredential is returned when the auth token does not authenticate correctly.
|
||||||
ErrInvalidCredential = errors.New("invalid authorization credential")
|
ErrInvalidCredential = errors.New("invalid authorization credential")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,32 +12,32 @@ import (
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
)
|
)
|
||||||
|
|
||||||
// AuthenticationFailureErr - a generic error message for authentication failure to be presented to agent.
|
// ErrAuthenticationFailure A generic error message for authentication failure to be presented to agent.
|
||||||
var ErrAuthenticationFailure = errors.New("Bad username or password")
|
var ErrAuthenticationFailure = errors.New("Bad username or password")
|
||||||
|
|
||||||
// HTPasswd - holds a path to a system .htpasswd file and the machinery to parse it.
|
// htpasswd Holds a path to a system .htpasswd file and the machinery to parse it.
|
||||||
type HTPasswd struct {
|
type htpasswd struct {
|
||||||
path string
|
path string
|
||||||
reader *csv.Reader
|
reader *csv.Reader
|
||||||
}
|
}
|
||||||
|
|
||||||
// AuthType represents a particular hash function used in the htpasswd file.
|
// AuthType Represents a particular hash function used in the htpasswd file.
|
||||||
type AuthType int
|
type AuthType int
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// PlainText - Plain-text password storage (htpasswd -p)
|
// PlainText Plain-text password storage (htpasswd -p)
|
||||||
PlainText AuthType = iota
|
PlainText AuthType = iota
|
||||||
// SHA1 - sha hashed password storage (htpasswd -s)
|
// SHA1 sha hashed password storage (htpasswd -s)
|
||||||
SHA1
|
SHA1
|
||||||
// ApacheMD5 - apr iterated md5 hashing (htpasswd -m)
|
// ApacheMD5 apr iterated md5 hashing (htpasswd -m)
|
||||||
ApacheMD5
|
ApacheMD5
|
||||||
// BCrypt - BCrypt adapative password hashing (htpasswd -B)
|
// BCrypt BCrypt adapative password hashing (htpasswd -B)
|
||||||
BCrypt
|
BCrypt
|
||||||
// Crypt - System crypt() hashes. (htpasswd -d)
|
// Crypt System crypt() hashes. (htpasswd -d)
|
||||||
Crypt
|
Crypt
|
||||||
)
|
)
|
||||||
|
|
||||||
// String returns a text representation of the AuthType
|
// String Returns a text representation of the AuthType
|
||||||
func (at AuthType) String() string {
|
func (at AuthType) String() string {
|
||||||
switch at {
|
switch at {
|
||||||
case PlainText:
|
case PlainText:
|
||||||
|
|
@ -54,14 +54,14 @@ func (at AuthType) String() string {
|
||||||
return "unknown"
|
return "unknown"
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewHTPasswd - Create a new HTPasswd with the given path to .htpasswd file.
|
// NewHTPasswd Create a new HTPasswd with the given path to .htpasswd file.
|
||||||
func NewHTPasswd(htpath string) *HTPasswd {
|
func NewHTPasswd(htpath string) *htpasswd {
|
||||||
return &HTPasswd{path: htpath}
|
return &htpasswd{path: htpath}
|
||||||
}
|
}
|
||||||
|
|
||||||
var bcryptPrefixRegexp = regexp.MustCompile(`^\$2[ab]?y\$`)
|
var bcryptPrefixRegexp = regexp.MustCompile(`^\$2[ab]?y\$`)
|
||||||
|
|
||||||
// GetAuthCredentialType - Inspect an htpasswd file credential and guess the encryption algorithm used.
|
// GetAuthCredentialType Inspect an htpasswd file credential and guess the encryption algorithm used.
|
||||||
func GetAuthCredentialType(cred string) AuthType {
|
func GetAuthCredentialType(cred string) AuthType {
|
||||||
if strings.HasPrefix(cred, "{SHA}") {
|
if strings.HasPrefix(cred, "{SHA}") {
|
||||||
return SHA1
|
return SHA1
|
||||||
|
|
@ -79,8 +79,8 @@ func GetAuthCredentialType(cred string) AuthType {
|
||||||
return PlainText
|
return PlainText
|
||||||
}
|
}
|
||||||
|
|
||||||
// AuthenticateUser - Check a given user:password credential against the receiving HTPasswd's file.
|
// AuthenticateUser Check a given user:password credential against the receiving HTPasswd's file.
|
||||||
func (htpasswd *HTPasswd) AuthenticateUser(user string, pwd string) (bool, error) {
|
func (htpasswd *htpasswd) AuthenticateUser(user string, pwd string) (bool, error) {
|
||||||
|
|
||||||
// Open the file.
|
// Open the file.
|
||||||
in, err := os.Open(htpasswd.path)
|
in, err := os.Open(htpasswd.path)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue