2018-01-22 06:13:35 +00:00
|
|
|
// Authentication routines for the HKExSh
|
2018-04-07 20:04:10 +00:00
|
|
|
//
|
|
|
|
|
// Copyright (c) 2017-2018 Russell Magee
|
|
|
|
|
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
|
|
|
|
// distribution)
|
|
|
|
|
//
|
|
|
|
|
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
2018-01-22 06:13:35 +00:00
|
|
|
|
2018-04-04 22:43:27 +00:00
|
|
|
package hkexsh
|
2018-01-22 06:13:35 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"encoding/csv"
|
|
|
|
|
"io"
|
|
|
|
|
"io/ioutil"
|
|
|
|
|
"log"
|
|
|
|
|
"runtime"
|
2018-01-23 21:53:05 +00:00
|
|
|
|
|
|
|
|
"github.com/jameskeane/bcrypt"
|
2018-01-22 06:13:35 +00:00
|
|
|
)
|
|
|
|
|
|
2018-01-23 21:53:05 +00:00
|
|
|
func AuthUser(username string, auth string, fname string) (valid bool, allowedCmds string) {
|
2018-01-25 02:14:21 +00:00
|
|
|
b, e := ioutil.ReadFile(fname)
|
|
|
|
|
if e != nil {
|
|
|
|
|
valid = false
|
2018-02-17 02:46:29 +00:00
|
|
|
log.Println("ERROR: Cannot read hkexsh.passwd file!")
|
2018-01-25 02:14:21 +00:00
|
|
|
log.Fatal(e)
|
|
|
|
|
}
|
2018-01-22 06:13:35 +00:00
|
|
|
r := csv.NewReader(bytes.NewReader(b))
|
|
|
|
|
|
|
|
|
|
b = nil
|
|
|
|
|
runtime.GC() // Paranoia and prob. not effective; kill authFile in b[]
|
|
|
|
|
|
|
|
|
|
r.Comma = ':'
|
|
|
|
|
r.Comment = '#'
|
2018-01-23 21:53:05 +00:00
|
|
|
r.FieldsPerRecord = 4 // username:salt:authCookie:disallowedCmdList (a,b,...)
|
2018-01-22 06:13:35 +00:00
|
|
|
for {
|
|
|
|
|
record, err := r.Read()
|
|
|
|
|
if err == io.EOF {
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-23 21:53:05 +00:00
|
|
|
if username == record[0] {
|
|
|
|
|
tmp, _ := bcrypt.Hash(auth, record[1])
|
|
|
|
|
if tmp == record[2] {
|
|
|
|
|
valid = true
|
|
|
|
|
}
|
2018-01-22 06:13:35 +00:00
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
