mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-05 18:44:58 +03:00
6fde3632ef
The vendor/ folder was created with the help of @FiloSottile's gvt and vendorcheck. Any dependencies of Caddy plugins outside this repo are not vendored. We do not remove any unused, vendored packages because vendorcheck -u only checks using the current build configuration; i.e. packages that may be imported by files toggled by build tags of other systems. CI tests have been updated to ignore the vendor/ folder. When Go 1.9 is released, a few of the go commands should be revised to again use ./... as it will ignore the vendor folder by default.
43 lines
965 B
Go
43 lines
965 B
Go
package basic
|
|
|
|
import (
|
|
"crypto/sha1"
|
|
"crypto/subtle"
|
|
"encoding/base64"
|
|
"fmt"
|
|
"strings"
|
|
)
|
|
|
|
type shaPassword struct {
|
|
hashed []byte
|
|
}
|
|
|
|
// Accept valid SHA encoded passwords.
|
|
func AcceptSha(src string) (EncodedPasswd, error) {
|
|
if !strings.HasPrefix(src, "{SHA}") {
|
|
return nil, nil
|
|
}
|
|
|
|
b64 := strings.TrimPrefix(src, "{SHA}")
|
|
hashed, err := base64.StdEncoding.DecodeString(b64)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Malformed sha1(%s): %s", src, err.Error())
|
|
}
|
|
if len(hashed) != sha1.Size {
|
|
return nil, fmt.Errorf("Malformed sha1(%s): wrong length", src)
|
|
}
|
|
return &shaPassword{hashed}, nil
|
|
}
|
|
|
|
// Reject any password encoded as SHA.
|
|
func RejectSha(src string) (EncodedPasswd, error) {
|
|
if !strings.HasPrefix(src, "{SHA}") {
|
|
return nil, nil
|
|
}
|
|
return nil, fmt.Errorf("sha password rejected: %s", src)
|
|
}
|
|
|
|
func (s *shaPassword) MatchesPassword(pw string) bool {
|
|
h := sha1.Sum([]byte(pw))
|
|
return subtle.ConstantTimeCompare(h[:], s.hashed) == 1
|
|
}
|