community
/
rclone
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lib/http: Factor password hash salt into options with default

This commit is contained in:
Nolan Woods 2021-10-12 10:32:46 -07:00 committed by Nick Craig-Wood
parent b1cb41f8da
commit 023e32de05
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/http/auth/auth.go
View File

@ -29,6 +29,8 @@ To create an htpasswd file:
The password file can be updated while rclone is running.
Use --realm to set the authentication realm.
Use --salt to change the password hashing salt from the default.
`
// CustomAuthFn if used will be used to authenticate user, pass. If an error
@ -43,6 +45,7 @@ type Options struct {
Realm string // realm for authentication
BasicUser string // single username for basic auth if not using Htpasswd
BasicPass string // password for BasicUser
Salt string // password hashing salt
Auth CustomAuthFn `json:"-"` // custom Auth (not set by command line flags)
}
@ -53,14 +56,16 @@ func Auth(opt Options) http.Middleware {
} else if opt.HtPasswd != "" {
return HtPasswdAuth(opt.HtPasswd, opt.Realm)
} else if opt.BasicUser != "" {
return SingleAuth(opt.BasicUser, opt.BasicPass, opt.Realm)
return SingleAuth(opt.BasicUser, opt.BasicPass, opt.Realm, opt.Salt)
}
return nil
}
// Options set by command line flags
var (
Opt = Options{}
Opt = Options{
Salt: "dlPL2MqE",
}
)
// AddFlagsPrefix adds flags for http/auth
@ -69,6 +74,7 @@ func AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string, Opt *Options) {
flags.StringVarP(flagSet, &Opt.Realm, prefix+"realm", "", Opt.Realm, "realm for authentication")
flags.StringVarP(flagSet, &Opt.BasicUser, prefix+"user", "", Opt.BasicUser, "User name for authentication.")
flags.StringVarP(flagSet, &Opt.BasicPass, prefix+"pass", "", Opt.BasicPass, "Password for authentication.")
flags.StringVarP(flagSet, &Opt.Salt, prefix+"salt", "", Opt.Salt, "Password hashing salt")
}
// AddFlags adds flags for the http/auth

4
lib/http/auth/basic.go
View File

@ -85,9 +85,9 @@ func HtPasswdAuth(path, realm string) httplib.Middleware {
}
// SingleAuth instantiates middleware that authenticates for a single user
func SingleAuth(user, pass, realm string) httplib.Middleware {
func SingleAuth(user, pass, realm, salt string) httplib.Middleware {
fs.Infof(nil, "Using --user %s --pass XXXX as authenticated user", user)
pass = string(auth.MD5Crypt([]byte(pass), []byte("dlPL2MqE"), []byte("$1$")))
pass = string(auth.MD5Crypt([]byte(pass), []byte(salt), []byte("$1$")))
secretProvider := func(u, r string) string {
if user == u {
return pass