3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-25 05:19:25 +01:00

Split passwd into its' own subpackage

This commit is contained in:
Daniel Oaks 2017-10-06 00:03:53 +10:00
parent 207c1074df
commit 68b1dc9e72
7 changed files with 37 additions and 29 deletions

View File

@ -14,6 +14,7 @@ import (
"github.com/goshuirc/irc-go/ircfmt"
"github.com/goshuirc/irc-go/ircmsg"
"github.com/oragono/oragono/irc/passwd"
"github.com/oragono/oragono/irc/sno"
"github.com/tidwall/buntdb"
)
@ -224,7 +225,7 @@ func accRegisterHandler(server *Server, client *Client, msg ircmsg.IrcMessage) b
var creds AccountCredentials
// always set passphrase salt
creds.PassphraseSalt, err = NewSalt()
creds.PassphraseSalt, err = passwd.NewSalt()
if err != nil {
return fmt.Errorf("Could not create passphrase salt: %s", err.Error())
}

View File

@ -14,12 +14,11 @@ import (
"strings"
"time"
"code.cloudfoundry.org/bytefmt"
"github.com/oragono/oragono/irc/custime"
"github.com/oragono/oragono/irc/logger"
"github.com/oragono/oragono/irc/passwd"
"github.com/oragono/oragono/irc/utils"
"code.cloudfoundry.org/bytefmt"
"gopkg.in/yaml.v2"
)
@ -48,7 +47,7 @@ func (conf *TLSListenConfig) Config() (*tls.Config, error) {
// PasswordBytes returns the bytes represented by the password hash.
func (conf *PassConfig) PasswordBytes() []byte {
bytes, err := DecodePasswordHash(conf.Password)
bytes, err := passwd.DecodePasswordHash(conf.Password)
if err != nil {
log.Fatal("decode password error: ", err)
}
@ -102,7 +101,7 @@ type OperConfig struct {
// PasswordBytes returns the bytes represented by the password hash.
func (conf *OperConfig) PasswordBytes() []byte {
bytes, err := DecodePasswordHash(conf.Password)
bytes, err := passwd.DecodePasswordHash(conf.Password)
if err != nil {
log.Fatal("decode password error: ", err)
}

View File

@ -11,6 +11,8 @@ import (
"os"
"strings"
"github.com/oragono/oragono/irc/passwd"
"github.com/tidwall/buntdb"
)
@ -36,7 +38,7 @@ func InitDB(path string) {
err = store.Update(func(tx *buntdb.Tx) error {
// set base db salt
salt, err := NewSalt()
salt, err := passwd.NewSalt()
encodedSalt := base64.StdEncoding.EncodeToString(salt)
if err != nil {
log.Fatal("Could not generate cryptographically-secure salt for the user:", err.Error())

View File

@ -1,7 +1,7 @@
// Copyright (c) 2016 Daniel Oaks <daniel@danieloaks.net>
// released under the MIT license
package irc
package passwd
import (
"crypto/rand"
@ -9,8 +9,12 @@ import (
"golang.org/x/crypto/bcrypt"
)
const newSaltLen = 30
const defaultPasswordCost = 14
const (
// newSaltLen is how many bytes long newly-generated salts are.
newSaltLen = 30
// defaultPasswordCost is the bcrypt cost we use for passwords.
defaultPasswordCost = 14
)
// NewSalt returns a salt for crypto uses.
func NewSalt() ([]byte, error) {
@ -25,22 +29,22 @@ func NewSalt() ([]byte, error) {
return salt, nil
}
// PasswordManager supports the hashing and comparing of passwords with the given salt.
type PasswordManager struct {
// SaltedManager supports the hashing and comparing of passwords with the given salt.
type SaltedManager struct {
salt []byte
}
// NewPasswordManager returns a new PasswordManager with the given salt.
func NewPasswordManager(salt []byte) PasswordManager {
var pwm PasswordManager
pwm.salt = salt
return pwm
// NewSaltedManager returns a new SaltedManager with the given salt.
func NewSaltedManager(salt []byte) SaltedManager {
var sm SaltedManager
sm.salt = salt
return sm
}
// assemblePassword returns an assembled slice of bytes for the given password details.
func (pwm *PasswordManager) assemblePassword(specialSalt []byte, password string) []byte {
func (sm *SaltedManager) assemblePassword(specialSalt []byte, password string) []byte {
var assembledPasswordBytes []byte
assembledPasswordBytes = append(assembledPasswordBytes, pwm.salt...)
assembledPasswordBytes = append(assembledPasswordBytes, sm.salt...)
assembledPasswordBytes = append(assembledPasswordBytes, '-')
assembledPasswordBytes = append(assembledPasswordBytes, specialSalt...)
assembledPasswordBytes = append(assembledPasswordBytes, '-')
@ -49,14 +53,14 @@ func (pwm *PasswordManager) assemblePassword(specialSalt []byte, password string
}
// GenerateFromPassword encrypts the given password.
func (pwm *PasswordManager) GenerateFromPassword(specialSalt []byte, password string) ([]byte, error) {
assembledPasswordBytes := pwm.assemblePassword(specialSalt, password)
func (sm *SaltedManager) GenerateFromPassword(specialSalt []byte, password string) ([]byte, error) {
assembledPasswordBytes := sm.assemblePassword(specialSalt, password)
return bcrypt.GenerateFromPassword(assembledPasswordBytes, defaultPasswordCost)
}
// CompareHashAndPassword compares a hashed password with its possible plaintext equivalent.
// Returns nil on success, or an error on failure.
func (pwm *PasswordManager) CompareHashAndPassword(hashedPassword []byte, specialSalt []byte, password string) error {
assembledPasswordBytes := pwm.assemblePassword(specialSalt, password)
func (sm *SaltedManager) CompareHashAndPassword(hashedPassword []byte, specialSalt []byte, password string) error {
assembledPasswordBytes := sm.assemblePassword(specialSalt, password)
return bcrypt.CompareHashAndPassword(hashedPassword, assembledPasswordBytes)
}

View File

@ -1,7 +1,7 @@
// Copyright (c) 2012-2014 Jeremy Latt
// released under the MIT license
package irc
package passwd
import (
"encoding/base64"

View File

@ -26,6 +26,7 @@ import (
"github.com/oragono/oragono/irc/caps"
"github.com/oragono/oragono/irc/isupport"
"github.com/oragono/oragono/irc/logger"
"github.com/oragono/oragono/irc/passwd"
"github.com/oragono/oragono/irc/sno"
"github.com/oragono/oragono/irc/utils"
"github.com/tidwall/buntdb"
@ -108,7 +109,7 @@ type Server struct {
operators map[string]Oper
operclasses map[string]OperClass
password []byte
passwords *PasswordManager
passwords *passwd.SaltedManager
registeredChannels map[string]*RegisteredChannel
registeredChannelsMutex sync.RWMutex
rehashMutex sync.Mutex
@ -474,7 +475,7 @@ func passHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
// check the provided password
password := []byte(msg.Params[0])
if ComparePassword(server.password, password) != nil {
if passwd.ComparePassword(server.password, password) != nil {
client.Send(nil, server.name, ERR_PASSWDMISMATCH, client.nick, "Password incorrect")
client.Send(nil, server.name, "ERROR", "Password incorrect")
return true
@ -1140,7 +1141,7 @@ func operHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
server.configurableStateMutex.RUnlock()
password := []byte(msg.Params[1])
err = ComparePassword(oper.Pass, password)
err = passwd.ComparePassword(oper.Pass, password)
if (oper.Pass == nil) || (err != nil) {
client.Send(nil, server.name, ERR_PASSWDMISMATCH, client.nick, "Password incorrect")
return true
@ -1523,7 +1524,7 @@ func (server *Server) loadDatastore(datastorePath string) error {
return err
}
pwm := NewPasswordManager(salt)
pwm := passwd.NewSaltedManager(salt)
server.passwords = &pwm
return nil
})

View File

@ -16,6 +16,7 @@ import (
"github.com/docopt/docopt-go"
"github.com/oragono/oragono/irc"
"github.com/oragono/oragono/irc/logger"
"github.com/oragono/oragono/irc/passwd"
"github.com/oragono/oragono/mkcerts"
stackimpact "github.com/stackimpact/stackimpact-go"
"golang.org/x/crypto/ssh/terminal"
@ -58,7 +59,7 @@ Options:
log.Fatal("Error reading password:", err.Error())
}
password := string(bytePassword)
encoded, err := irc.GenerateEncodedPassword(password)
encoded, err := passwd.GenerateEncodedPassword(password)
if err != nil {
log.Fatal("encoding error:", err.Error())
}