mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-13 07:29:30 +01:00
Split passwd into its' own subpackage
This commit is contained in:
parent
207c1074df
commit
68b1dc9e72
@ -14,6 +14,7 @@ import (
|
||||
|
||||
"github.com/goshuirc/irc-go/ircfmt"
|
||||
"github.com/goshuirc/irc-go/ircmsg"
|
||||
"github.com/oragono/oragono/irc/passwd"
|
||||
"github.com/oragono/oragono/irc/sno"
|
||||
"github.com/tidwall/buntdb"
|
||||
)
|
||||
@ -224,7 +225,7 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage) b
|
||||
var creds AccountCredentials
|
||||
|
||||
// always set passphrase salt
|
||||
creds.PassphraseSalt, err = NewSalt()
|
||||
creds.PassphraseSalt, err = passwd.NewSalt()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Could not create passphrase salt: %s", err.Error())
|
||||
}
|
||||
|
@ -14,12 +14,11 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"code.cloudfoundry.org/bytefmt"
|
||||
"github.com/oragono/oragono/irc/custime"
|
||||
"github.com/oragono/oragono/irc/logger"
|
||||
"github.com/oragono/oragono/irc/passwd"
|
||||
"github.com/oragono/oragono/irc/utils"
|
||||
|
||||
"code.cloudfoundry.org/bytefmt"
|
||||
|
||||
"gopkg.in/yaml.v2"
|
||||
)
|
||||
|
||||
@ -48,7 +47,7 @@ func (conf *TLSListenConfig) Config() (*tls.Config, error) {
|
||||
|
||||
// PasswordBytes returns the bytes represented by the password hash.
|
||||
func (conf *PassConfig) PasswordBytes() []byte {
|
||||
bytes, err := DecodePasswordHash(conf.Password)
|
||||
bytes, err := passwd.DecodePasswordHash(conf.Password)
|
||||
if err != nil {
|
||||
log.Fatal("decode password error: ", err)
|
||||
}
|
||||
@ -102,7 +101,7 @@ type OperConfig struct {
|
||||
|
||||
// PasswordBytes returns the bytes represented by the password hash.
|
||||
func (conf *OperConfig) PasswordBytes() []byte {
|
||||
bytes, err := DecodePasswordHash(conf.Password)
|
||||
bytes, err := passwd.DecodePasswordHash(conf.Password)
|
||||
if err != nil {
|
||||
log.Fatal("decode password error: ", err)
|
||||
}
|
||||
|
@ -11,6 +11,8 @@ import (
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/oragono/oragono/irc/passwd"
|
||||
|
||||
"github.com/tidwall/buntdb"
|
||||
)
|
||||
|
||||
@ -36,7 +38,7 @@ func InitDB(path string) {
|
||||
|
||||
err = store.Update(func(tx *buntdb.Tx) error {
|
||||
// set base db salt
|
||||
salt, err := NewSalt()
|
||||
salt, err := passwd.NewSalt()
|
||||
encodedSalt := base64.StdEncoding.EncodeToString(salt)
|
||||
if err != nil {
|
||||
log.Fatal("Could not generate cryptographically-secure salt for the user:", err.Error())
|
||||
|
@ -1,7 +1,7 @@
|
||||
// Copyright (c) 2016 Daniel Oaks <daniel@danieloaks.net>
|
||||
// released under the MIT license
|
||||
|
||||
package irc
|
||||
package passwd
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
@ -9,8 +9,12 @@ import (
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
const newSaltLen = 30
|
||||
const defaultPasswordCost = 14
|
||||
const (
|
||||
// newSaltLen is how many bytes long newly-generated salts are.
|
||||
newSaltLen = 30
|
||||
// defaultPasswordCost is the bcrypt cost we use for passwords.
|
||||
defaultPasswordCost = 14
|
||||
)
|
||||
|
||||
// NewSalt returns a salt for crypto uses.
|
||||
func NewSalt() ([]byte, error) {
|
||||
@ -25,22 +29,22 @@ func NewSalt() ([]byte, error) {
|
||||
return salt, nil
|
||||
}
|
||||
|
||||
// PasswordManager supports the hashing and comparing of passwords with the given salt.
|
||||
type PasswordManager struct {
|
||||
// SaltedManager supports the hashing and comparing of passwords with the given salt.
|
||||
type SaltedManager struct {
|
||||
salt []byte
|
||||
}
|
||||
|
||||
// NewPasswordManager returns a new PasswordManager with the given salt.
|
||||
func NewPasswordManager(salt []byte) PasswordManager {
|
||||
var pwm PasswordManager
|
||||
pwm.salt = salt
|
||||
return pwm
|
||||
// NewSaltedManager returns a new SaltedManager with the given salt.
|
||||
func NewSaltedManager(salt []byte) SaltedManager {
|
||||
var sm SaltedManager
|
||||
sm.salt = salt
|
||||
return sm
|
||||
}
|
||||
|
||||
// assemblePassword returns an assembled slice of bytes for the given password details.
|
||||
func (pwm *PasswordManager) assemblePassword(specialSalt []byte, password string) []byte {
|
||||
func (sm *SaltedManager) assemblePassword(specialSalt []byte, password string) []byte {
|
||||
var assembledPasswordBytes []byte
|
||||
assembledPasswordBytes = append(assembledPasswordBytes, pwm.salt...)
|
||||
assembledPasswordBytes = append(assembledPasswordBytes, sm.salt...)
|
||||
assembledPasswordBytes = append(assembledPasswordBytes, '-')
|
||||
assembledPasswordBytes = append(assembledPasswordBytes, specialSalt...)
|
||||
assembledPasswordBytes = append(assembledPasswordBytes, '-')
|
||||
@ -49,14 +53,14 @@ func (pwm *PasswordManager) assemblePassword(specialSalt []byte, password string
|
||||
}
|
||||
|
||||
// GenerateFromPassword encrypts the given password.
|
||||
func (pwm *PasswordManager) GenerateFromPassword(specialSalt []byte, password string) ([]byte, error) {
|
||||
assembledPasswordBytes := pwm.assemblePassword(specialSalt, password)
|
||||
func (sm *SaltedManager) GenerateFromPassword(specialSalt []byte, password string) ([]byte, error) {
|
||||
assembledPasswordBytes := sm.assemblePassword(specialSalt, password)
|
||||
return bcrypt.GenerateFromPassword(assembledPasswordBytes, defaultPasswordCost)
|
||||
}
|
||||
|
||||
// CompareHashAndPassword compares a hashed password with its possible plaintext equivalent.
|
||||
// Returns nil on success, or an error on failure.
|
||||
func (pwm *PasswordManager) CompareHashAndPassword(hashedPassword []byte, specialSalt []byte, password string) error {
|
||||
assembledPasswordBytes := pwm.assemblePassword(specialSalt, password)
|
||||
func (sm *SaltedManager) CompareHashAndPassword(hashedPassword []byte, specialSalt []byte, password string) error {
|
||||
assembledPasswordBytes := sm.assemblePassword(specialSalt, password)
|
||||
return bcrypt.CompareHashAndPassword(hashedPassword, assembledPasswordBytes)
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
// Copyright (c) 2012-2014 Jeremy Latt
|
||||
// released under the MIT license
|
||||
|
||||
package irc
|
||||
package passwd
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
@ -26,6 +26,7 @@ import (
|
||||
"github.com/oragono/oragono/irc/caps"
|
||||
"github.com/oragono/oragono/irc/isupport"
|
||||
"github.com/oragono/oragono/irc/logger"
|
||||
"github.com/oragono/oragono/irc/passwd"
|
||||
"github.com/oragono/oragono/irc/sno"
|
||||
"github.com/oragono/oragono/irc/utils"
|
||||
"github.com/tidwall/buntdb"
|
||||
@ -108,7 +109,7 @@ type Server struct {
|
||||
operators map[string]Oper
|
||||
operclasses map[string]OperClass
|
||||
password []byte
|
||||
passwords *PasswordManager
|
||||
passwords *passwd.SaltedManager
|
||||
registeredChannels map[string]*RegisteredChannel
|
||||
registeredChannelsMutex sync.RWMutex
|
||||
rehashMutex sync.Mutex
|
||||
@ -474,7 +475,7 @@ func passHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
|
||||
|
||||
// check the provided password
|
||||
password := []byte(msg.Params[0])
|
||||
if ComparePassword(server.password, password) != nil {
|
||||
if passwd.ComparePassword(server.password, password) != nil {
|
||||
client.Send(nil, server.name, ERR_PASSWDMISMATCH, client.nick, "Password incorrect")
|
||||
client.Send(nil, server.name, "ERROR", "Password incorrect")
|
||||
return true
|
||||
@ -1140,7 +1141,7 @@ func operHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
|
||||
server.configurableStateMutex.RUnlock()
|
||||
|
||||
password := []byte(msg.Params[1])
|
||||
err = ComparePassword(oper.Pass, password)
|
||||
err = passwd.ComparePassword(oper.Pass, password)
|
||||
if (oper.Pass == nil) || (err != nil) {
|
||||
client.Send(nil, server.name, ERR_PASSWDMISMATCH, client.nick, "Password incorrect")
|
||||
return true
|
||||
@ -1523,7 +1524,7 @@ func (server *Server) loadDatastore(datastorePath string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
pwm := NewPasswordManager(salt)
|
||||
pwm := passwd.NewSaltedManager(salt)
|
||||
server.passwords = &pwm
|
||||
return nil
|
||||
})
|
||||
|
@ -16,6 +16,7 @@ import (
|
||||
"github.com/docopt/docopt-go"
|
||||
"github.com/oragono/oragono/irc"
|
||||
"github.com/oragono/oragono/irc/logger"
|
||||
"github.com/oragono/oragono/irc/passwd"
|
||||
"github.com/oragono/oragono/mkcerts"
|
||||
stackimpact "github.com/stackimpact/stackimpact-go"
|
||||
"golang.org/x/crypto/ssh/terminal"
|
||||
@ -58,7 +59,7 @@ Options:
|
||||
log.Fatal("Error reading password:", err.Error())
|
||||
}
|
||||
password := string(bytePassword)
|
||||
encoded, err := irc.GenerateEncodedPassword(password)
|
||||
encoded, err := passwd.GenerateEncodedPassword(password)
|
||||
if err != nil {
|
||||
log.Fatal("encoding error:", err.Error())
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user