Removed dashes from comments, unexported htpasswd struct

Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
This commit is contained in:
Dave Trombley 2015-06-06 01:37:32 -04:00 committed by Stephen J Day
parent d4f2260e04
commit e4c3ab4377
2 changed files with 19 additions and 22 deletions

View File

@ -2,9 +2,6 @@
// user credential hash in an htpasswd formatted file in a configuration-determined // user credential hash in an htpasswd formatted file in a configuration-determined
// location. // location.
// //
// The use of SHA hashes (htpasswd -s) is enforced since MD5 is insecure and simple
// system crypt() may be as well.
//
// This authentication method MUST be used under TLS, as simple token-replay attack is possible. // This authentication method MUST be used under TLS, as simple token-replay attack is possible.
package basic package basic
@ -20,7 +17,7 @@ import (
type accessController struct { type accessController struct {
realm string realm string
htpasswd *HTPasswd htpasswd *htpasswd
} }
type challenge struct { type challenge struct {
@ -30,9 +27,9 @@ type challenge struct {
var _ auth.AccessController = &accessController{} var _ auth.AccessController = &accessController{}
var ( var (
// ErrPasswordRequired - returned when no auth token is given. // ErrPasswordRequired Returned when no auth token is given.
ErrPasswordRequired = errors.New("authorization credential required") ErrPasswordRequired = errors.New("authorization credential required")
// ErrInvalidCredential - returned when the auth token does not authenticate correctly. // ErrInvalidCredential is returned when the auth token does not authenticate correctly.
ErrInvalidCredential = errors.New("invalid authorization credential") ErrInvalidCredential = errors.New("invalid authorization credential")
) )

View File

@ -12,32 +12,32 @@ import (
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
) )
// AuthenticationFailureErr - a generic error message for authentication failure to be presented to agent. // ErrAuthenticationFailure A generic error message for authentication failure to be presented to agent.
var ErrAuthenticationFailure = errors.New("Bad username or password") var ErrAuthenticationFailure = errors.New("Bad username or password")
// HTPasswd - holds a path to a system .htpasswd file and the machinery to parse it. // htpasswd Holds a path to a system .htpasswd file and the machinery to parse it.
type HTPasswd struct { type htpasswd struct {
path string path string
reader *csv.Reader reader *csv.Reader
} }
// AuthType represents a particular hash function used in the htpasswd file. // AuthType Represents a particular hash function used in the htpasswd file.
type AuthType int type AuthType int
const ( const (
// PlainText - Plain-text password storage (htpasswd -p) // PlainText Plain-text password storage (htpasswd -p)
PlainText AuthType = iota PlainText AuthType = iota
// SHA1 - sha hashed password storage (htpasswd -s) // SHA1 sha hashed password storage (htpasswd -s)
SHA1 SHA1
// ApacheMD5 - apr iterated md5 hashing (htpasswd -m) // ApacheMD5 apr iterated md5 hashing (htpasswd -m)
ApacheMD5 ApacheMD5
// BCrypt - BCrypt adapative password hashing (htpasswd -B) // BCrypt BCrypt adapative password hashing (htpasswd -B)
BCrypt BCrypt
// Crypt - System crypt() hashes. (htpasswd -d) // Crypt System crypt() hashes. (htpasswd -d)
Crypt Crypt
) )
// String returns a text representation of the AuthType // String Returns a text representation of the AuthType
func (at AuthType) String() string { func (at AuthType) String() string {
switch at { switch at {
case PlainText: case PlainText:
@ -54,14 +54,14 @@ func (at AuthType) String() string {
return "unknown" return "unknown"
} }
// NewHTPasswd - Create a new HTPasswd with the given path to .htpasswd file. // NewHTPasswd Create a new HTPasswd with the given path to .htpasswd file.
func NewHTPasswd(htpath string) *HTPasswd { func NewHTPasswd(htpath string) *htpasswd {
return &HTPasswd{path: htpath} return &htpasswd{path: htpath}
} }
var bcryptPrefixRegexp = regexp.MustCompile(`^\$2[ab]?y\$`) var bcryptPrefixRegexp = regexp.MustCompile(`^\$2[ab]?y\$`)
// GetAuthCredentialType - Inspect an htpasswd file credential and guess the encryption algorithm used. // GetAuthCredentialType Inspect an htpasswd file credential and guess the encryption algorithm used.
func GetAuthCredentialType(cred string) AuthType { func GetAuthCredentialType(cred string) AuthType {
if strings.HasPrefix(cred, "{SHA}") { if strings.HasPrefix(cred, "{SHA}") {
return SHA1 return SHA1
@ -79,8 +79,8 @@ func GetAuthCredentialType(cred string) AuthType {
return PlainText return PlainText
} }
// AuthenticateUser - Check a given user:password credential against the receiving HTPasswd's file. // AuthenticateUser Check a given user:password credential against the receiving HTPasswd's file.
func (htpasswd *HTPasswd) AuthenticateUser(user string, pwd string) (bool, error) { func (htpasswd *htpasswd) AuthenticateUser(user string, pwd string) (bool, error) {
// Open the file. // Open the file.
in, err := os.Open(htpasswd.path) in, err := os.Open(htpasswd.path)