|
|
@ -2,7 +2,6 @@ |
|
|
|
package htpasswd |
|
|
|
package htpasswd |
|
|
|
|
|
|
|
|
|
|
|
import ( |
|
|
|
import ( |
|
|
|
"errors" |
|
|
|
|
|
|
|
"fmt" |
|
|
|
"fmt" |
|
|
|
"os" |
|
|
|
"os" |
|
|
|
"strings" |
|
|
|
"strings" |
|
|
@ -19,51 +18,53 @@ type Hasher interface { |
|
|
|
Prefix() string |
|
|
|
Prefix() string |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// ParseHtpasswdFile parses a .htpasswd file
|
|
|
|
// ParseFile parses a .htpasswd file
|
|
|
|
// and returns a Passwd type
|
|
|
|
// and returns a Passwd type
|
|
|
|
func ParseHtpasswdFile(file string) (Passwds, error) { |
|
|
|
func ParseFile(file string) (Passwds, error) { |
|
|
|
htpasswdBytes, err := os.ReadFile(file) |
|
|
|
htpasswdBytes, err := os.ReadFile(file) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return nil, err |
|
|
|
return nil, err |
|
|
|
} |
|
|
|
} |
|
|
|
return ParseHtpasswd(htpasswdBytes) |
|
|
|
return Parse(htpasswdBytes) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// ParseHtpasswd parses a slice of bytes in htpasswd style
|
|
|
|
// Parse parses a slice of bytes in htpasswd style
|
|
|
|
func ParseHtpasswd(htpasswdBytes []byte) (Passwds, error) { |
|
|
|
func Parse(htpasswdBytes []byte) (Passwds, error) { |
|
|
|
lines := strings.Split(string(htpasswdBytes), "\n") |
|
|
|
lines := strings.Split(string(htpasswdBytes), "\n") |
|
|
|
passwords := make(map[string]string) |
|
|
|
passwords := make(map[string]string) |
|
|
|
var err error |
|
|
|
var err error |
|
|
|
|
|
|
|
|
|
|
|
for lineNumber, line := range lines { |
|
|
|
for lineNumber, line := range lines { |
|
|
|
line = strings.Trim(line, " ") |
|
|
|
line = strings.TrimSpace(line) |
|
|
|
if len(line) == 0 { |
|
|
|
if len(line) == 0 { |
|
|
|
// skipping empty lines
|
|
|
|
// skipping empty lines
|
|
|
|
continue |
|
|
|
continue |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
parts := strings.Split(line, ":") |
|
|
|
user, password, err := splitLine(line, lineNumber) |
|
|
|
if ok, err := validLine(parts, lineNumber, line); !ok { |
|
|
|
if err != nil { |
|
|
|
return passwords, err |
|
|
|
return passwords, err |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
parts = trimParts(parts) |
|
|
|
_, exists := passwords[user] |
|
|
|
_, exists := passwords[parts[0]] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if exists { |
|
|
|
if exists { |
|
|
|
err = errors.New("invalid htpasswords file - user " + |
|
|
|
err = &UserError{ |
|
|
|
parts[0] + " defined more than once") |
|
|
|
Name: user, |
|
|
|
|
|
|
|
Err: ErrExists, |
|
|
|
|
|
|
|
} |
|
|
|
return passwords, err |
|
|
|
return passwords, err |
|
|
|
} |
|
|
|
} |
|
|
|
passwords[parts[0]] = parts[1] |
|
|
|
|
|
|
|
|
|
|
|
passwords[user] = password |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
return passwords, err |
|
|
|
return passwords, err |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// CreateUser creates a record in the named file with
|
|
|
|
// CreateUser creates a record in the named file with
|
|
|
|
// the named password and hash algorithm
|
|
|
|
// the named password and hash algorithm
|
|
|
|
func CreateUser(file, user, passwd string, algo Hasher) error { |
|
|
|
func CreateUser(file, user, passwd string, algo Hasher) error { |
|
|
|
pp, err := ParseHtpasswdFile(file) |
|
|
|
pp, err := ParseFile(file) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return err |
|
|
|
return err |
|
|
|
} |
|
|
|
} |
|
|
@ -71,15 +72,19 @@ func CreateUser(file, user, passwd string, algo Hasher) error { |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return err |
|
|
|
return err |
|
|
|
} |
|
|
|
} |
|
|
|
return pp.Write(file) |
|
|
|
return pp.WriteFile(file) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// CreateUser will create a new user in the given Passwd object
|
|
|
|
// CreateUser will create a new user in the given Passwd object
|
|
|
|
// using the given name, password and hashing algorithm
|
|
|
|
// using the given name, password and hashing algorithm
|
|
|
|
func (pp Passwds) CreateUser(user, passwd string, algo Hasher) error { |
|
|
|
func (pp Passwds) CreateUser(user, passwd string, algo Hasher) error { |
|
|
|
if _, exists := pp[user]; exists { |
|
|
|
if _, exists := pp[user]; exists { |
|
|
|
return fmt.Errorf("user %s already exists", user) |
|
|
|
return &UserError{ |
|
|
|
|
|
|
|
Name: user, |
|
|
|
|
|
|
|
Err: ErrExists, |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
h, err := algo.Hash(passwd) |
|
|
|
h, err := algo.Hash(passwd) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return err |
|
|
|
return err |
|
|
@ -91,7 +96,7 @@ func (pp Passwds) CreateUser(user, passwd string, algo Hasher) error { |
|
|
|
// UpdateUser will update the password for the named user
|
|
|
|
// UpdateUser will update the password for the named user
|
|
|
|
// in the named file
|
|
|
|
// in the named file
|
|
|
|
func UpdateUser(file, user, passwd string, algo Hasher) error { |
|
|
|
func UpdateUser(file, user, passwd string, algo Hasher) error { |
|
|
|
pp, err := ParseHtpasswdFile(file) |
|
|
|
pp, err := ParseFile(file) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return err |
|
|
|
return err |
|
|
|
} |
|
|
|
} |
|
|
@ -99,15 +104,19 @@ func UpdateUser(file, user, passwd string, algo Hasher) error { |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return err |
|
|
|
return err |
|
|
|
} |
|
|
|
} |
|
|
|
return pp.Write(file) |
|
|
|
return pp.WriteFile(file) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// UpdateUser will update the password for the named user
|
|
|
|
// UpdateUser will update the password for the named user
|
|
|
|
// using the given name, password and hashing algorithm
|
|
|
|
// using the given name, password and hashing algorithm
|
|
|
|
func (pp Passwds) UpdateUser(user, passwd string, algo Hasher) error { |
|
|
|
func (pp Passwds) UpdateUser(user, passwd string, algo Hasher) error { |
|
|
|
if _, exists := pp[user]; !exists { |
|
|
|
if _, exists := pp[user]; !exists { |
|
|
|
return fmt.Errorf("user %s does not exist", user) |
|
|
|
return &UserError{ |
|
|
|
|
|
|
|
Name: user, |
|
|
|
|
|
|
|
Err: ErrNotExists, |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
h, err := algo.Hash(passwd) |
|
|
|
h, err := algo.Hash(passwd) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return err |
|
|
|
return err |
|
|
@ -118,7 +127,7 @@ func (pp Passwds) UpdateUser(user, passwd string, algo Hasher) error { |
|
|
|
|
|
|
|
|
|
|
|
// DeleteUser deletes the named user from the named file
|
|
|
|
// DeleteUser deletes the named user from the named file
|
|
|
|
func DeleteUser(file, user string) error { |
|
|
|
func DeleteUser(file, user string) error { |
|
|
|
pp, err := ParseHtpasswdFile(file) |
|
|
|
pp, err := ParseFile(file) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return err |
|
|
|
return err |
|
|
|
} |
|
|
|
} |
|
|
@ -127,13 +136,16 @@ func DeleteUser(file, user string) error { |
|
|
|
return err |
|
|
|
return err |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
return pp.Write(file) |
|
|
|
return pp.WriteFile(file) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// DeleteUser deletes the named user from the named file
|
|
|
|
// DeleteUser deletes the named user from the named file
|
|
|
|
func (pp Passwds) DeleteUser(user string) error { |
|
|
|
func (pp Passwds) DeleteUser(user string) error { |
|
|
|
if _, exists := pp[user]; !exists { |
|
|
|
if _, exists := pp[user]; !exists { |
|
|
|
return fmt.Errorf("user %s does not exist", user) |
|
|
|
return &UserError{ |
|
|
|
|
|
|
|
Name: user, |
|
|
|
|
|
|
|
Err: ErrNotExists, |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
delete(pp, user) |
|
|
|
delete(pp, user) |
|
|
@ -143,7 +155,7 @@ func (pp Passwds) DeleteUser(user string) error { |
|
|
|
// VerifyUser will check if the given user and password are matching
|
|
|
|
// VerifyUser will check if the given user and password are matching
|
|
|
|
// with the content of the given file
|
|
|
|
// with the content of the given file
|
|
|
|
func VerifyUser(file, user, passwd string) error { |
|
|
|
func VerifyUser(file, user, passwd string) error { |
|
|
|
pp, err := ParseHtpasswdFile(file) |
|
|
|
pp, err := ParseFile(file) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return err |
|
|
|
return err |
|
|
|
} |
|
|
|
} |
|
|
@ -154,17 +166,25 @@ func VerifyUser(file, user, passwd string) error { |
|
|
|
// with the given Passwd object
|
|
|
|
// with the given Passwd object
|
|
|
|
func (pp Passwds) VerifyUser(user, passwd string) error { |
|
|
|
func (pp Passwds) VerifyUser(user, passwd string) error { |
|
|
|
if _, ok := pp[user]; !ok { |
|
|
|
if _, ok := pp[user]; !ok { |
|
|
|
return fmt.Errorf("user %s does not exist", user) |
|
|
|
return &UserError{ |
|
|
|
|
|
|
|
Name: user, |
|
|
|
|
|
|
|
Err: ErrNotExists, |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
alg, err := identifyHash(pp[user]) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
alg := identifyHash(pp[user]) |
|
|
|
return fmt.Errorf("cannot identify algo %v", alg) |
|
|
|
if alg == nil { |
|
|
|
|
|
|
|
return &UserError{ |
|
|
|
|
|
|
|
Name: user, |
|
|
|
|
|
|
|
Err: ErrInvalidAlgorithm, |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
return alg.Match(passwd, pp[user]) |
|
|
|
return alg.Match(passwd, pp[user]) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Write will cwrite the Passwd object to the given file
|
|
|
|
// WriteFile will write the Passwds object to the given file
|
|
|
|
func (pp Passwds) Write(file string) error { |
|
|
|
func (pp Passwds) WriteFile(file string) error { |
|
|
|
return os.WriteFile(file, pp.Bytes(), os.ModePerm) |
|
|
|
return os.WriteFile(file, pp.Bytes(), os.ModePerm) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -177,40 +197,38 @@ func (pp Passwds) Bytes() []byte { |
|
|
|
return pass |
|
|
|
return pass |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func identifyHash(h string) (Hasher, error) { |
|
|
|
func identifyHash(h string) Hasher { |
|
|
|
switch { |
|
|
|
switch { |
|
|
|
case strings.HasPrefix(h, "$2a$"), strings.HasPrefix(h, "$2y$"), |
|
|
|
case strings.HasPrefix(h, "$2a$"), strings.HasPrefix(h, "$2y$"), |
|
|
|
strings.HasPrefix(h, "$2x$"), strings.HasPrefix(h, "$2b$"): |
|
|
|
strings.HasPrefix(h, "$2x$"), strings.HasPrefix(h, "$2b$"): |
|
|
|
return new(Bcrypt), nil |
|
|
|
return new(Bcrypt) |
|
|
|
case strings.HasPrefix(h, "$apr1$"): |
|
|
|
case strings.HasPrefix(h, "$apr1$"): |
|
|
|
return new(Apr1), nil |
|
|
|
return new(Apr1) |
|
|
|
case strings.HasPrefix(h, "{SHA}"): |
|
|
|
case strings.HasPrefix(h, "{SHA}"): |
|
|
|
return new(Sha), nil |
|
|
|
return new(Sha) |
|
|
|
case strings.HasPrefix(h, "{SSHA}"): |
|
|
|
case strings.HasPrefix(h, "{SSHA}"): |
|
|
|
return new(Ssha), nil |
|
|
|
return new(Ssha) |
|
|
|
case strings.HasPrefix(h, "$5$"): |
|
|
|
case strings.HasPrefix(h, "$5$"): |
|
|
|
return new(Sha256), nil |
|
|
|
return new(Sha256) |
|
|
|
case strings.HasPrefix(h, "$6$"): |
|
|
|
case strings.HasPrefix(h, "$6$"): |
|
|
|
return new(Sha512), nil |
|
|
|
return new(Sha512) |
|
|
|
|
|
|
|
default: |
|
|
|
|
|
|
|
return nil |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
return nil, fmt.Errorf("unsupported hash algorithm") |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func validLine(parts []string, lineNumber int, line string) (bool, error) { |
|
|
|
func splitLine(line string, lineNumber int) (user, password string, err error) { |
|
|
|
var err error |
|
|
|
user, password, ok := strings.Cut(line, ":") |
|
|
|
if len(parts) != 2 { |
|
|
|
if !ok { |
|
|
|
err = errors.New(fmt.Sprintln("invalid line", lineNumber+1, |
|
|
|
return "", "", fmt.Errorf("invalid line %v", lineNumber+1) |
|
|
|
"unexpected number of parts split by", ":", len(parts), |
|
|
|
|
|
|
|
"instead of 2 in\"", line, "\"")) |
|
|
|
|
|
|
|
return false, err |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
return true, nil |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func trimParts(parts []string) []string { |
|
|
|
user = strings.TrimSpace(user) |
|
|
|
for i, part := range parts { |
|
|
|
password = strings.TrimSpace(password) |
|
|
|
parts[i] = strings.Trim(part, " ") |
|
|
|
|
|
|
|
|
|
|
|
if h := identifyHash(password); h != nil { |
|
|
|
|
|
|
|
return "", "", fmt.Errorf("invalid algorithm on line %v", lineNumber+1) |
|
|
|
} |
|
|
|
} |
|
|
|
return parts |
|
|
|
|
|
|
|
|
|
|
|
return user, password, nil |
|
|
|
} |
|
|
|
} |
|
|
|