lib/http: Factor password hash salt into options with default

This commit is contained in:
Nolan Woods 2021-10-12 10:32:46 -07:00 committed by Nick Craig-Wood
parent b1cb41f8da
commit 023e32de05
2 changed files with 10 additions and 4 deletions

View File

@ -29,6 +29,8 @@ To create an htpasswd file:
The password file can be updated while rclone is running. The password file can be updated while rclone is running.
Use --realm to set the authentication realm. Use --realm to set the authentication realm.
Use --salt to change the password hashing salt from the default.
` `
// CustomAuthFn if used will be used to authenticate user, pass. If an error // CustomAuthFn if used will be used to authenticate user, pass. If an error
@ -43,6 +45,7 @@ type Options struct {
Realm string // realm for authentication Realm string // realm for authentication
BasicUser string // single username for basic auth if not using Htpasswd BasicUser string // single username for basic auth if not using Htpasswd
BasicPass string // password for BasicUser BasicPass string // password for BasicUser
Salt string // password hashing salt
Auth CustomAuthFn `json:"-"` // custom Auth (not set by command line flags) Auth CustomAuthFn `json:"-"` // custom Auth (not set by command line flags)
} }
@ -53,14 +56,16 @@ func Auth(opt Options) http.Middleware {
} else if opt.HtPasswd != "" { } else if opt.HtPasswd != "" {
return HtPasswdAuth(opt.HtPasswd, opt.Realm) return HtPasswdAuth(opt.HtPasswd, opt.Realm)
} else if opt.BasicUser != "" { } else if opt.BasicUser != "" {
return SingleAuth(opt.BasicUser, opt.BasicPass, opt.Realm) return SingleAuth(opt.BasicUser, opt.BasicPass, opt.Realm, opt.Salt)
} }
return nil return nil
} }
// Options set by command line flags // Options set by command line flags
var ( var (
Opt = Options{} Opt = Options{
Salt: "dlPL2MqE",
}
) )
// AddFlagsPrefix adds flags for http/auth // AddFlagsPrefix adds flags for http/auth
@ -69,6 +74,7 @@ func AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string, Opt *Options) {
flags.StringVarP(flagSet, &Opt.Realm, prefix+"realm", "", Opt.Realm, "realm for authentication") flags.StringVarP(flagSet, &Opt.Realm, prefix+"realm", "", Opt.Realm, "realm for authentication")
flags.StringVarP(flagSet, &Opt.BasicUser, prefix+"user", "", Opt.BasicUser, "User name for authentication.") flags.StringVarP(flagSet, &Opt.BasicUser, prefix+"user", "", Opt.BasicUser, "User name for authentication.")
flags.StringVarP(flagSet, &Opt.BasicPass, prefix+"pass", "", Opt.BasicPass, "Password for authentication.") flags.StringVarP(flagSet, &Opt.BasicPass, prefix+"pass", "", Opt.BasicPass, "Password for authentication.")
flags.StringVarP(flagSet, &Opt.Salt, prefix+"salt", "", Opt.Salt, "Password hashing salt")
} }
// AddFlags adds flags for the http/auth // AddFlags adds flags for the http/auth

View File

@ -85,9 +85,9 @@ func HtPasswdAuth(path, realm string) httplib.Middleware {
} }
// SingleAuth instantiates middleware that authenticates for a single user // SingleAuth instantiates middleware that authenticates for a single user
func SingleAuth(user, pass, realm string) httplib.Middleware { func SingleAuth(user, pass, realm, salt string) httplib.Middleware {
fs.Infof(nil, "Using --user %s --pass XXXX as authenticated user", user) fs.Infof(nil, "Using --user %s --pass XXXX as authenticated user", user)
pass = string(auth.MD5Crypt([]byte(pass), []byte("dlPL2MqE"), []byte("$1$"))) pass = string(auth.MD5Crypt([]byte(pass), []byte(salt), []byte("$1$")))
secretProvider := func(u, r string) string { secretProvider := func(u, r string) string {
if user == u { if user == u {
return pass return pass