2019-07-30 18:51:29 +00:00
|
|
|
// Package dataprovider provides data access.
|
|
|
|
// It abstract different data providers and exposes a common API.
|
|
|
|
// Currently the supported data providers are: PostreSQL (9+), MySQL (4.1+) and SQLite 3.x
|
2019-07-20 10:26:52 +00:00
|
|
|
package dataprovider
|
|
|
|
|
|
|
|
import (
|
2019-08-17 13:20:49 +00:00
|
|
|
"crypto/sha1"
|
|
|
|
"crypto/sha256"
|
|
|
|
"crypto/sha512"
|
|
|
|
"crypto/subtle"
|
|
|
|
"encoding/base64"
|
2019-08-12 16:31:31 +00:00
|
|
|
"errors"
|
2019-07-20 10:26:52 +00:00
|
|
|
"fmt"
|
2019-08-17 13:20:49 +00:00
|
|
|
"hash"
|
2019-07-20 10:26:52 +00:00
|
|
|
"path/filepath"
|
2019-08-17 13:20:49 +00:00
|
|
|
"strconv"
|
2019-07-20 10:26:52 +00:00
|
|
|
"strings"
|
2019-09-13 16:45:36 +00:00
|
|
|
"time"
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
"github.com/alexedwards/argon2id"
|
2019-08-12 16:31:31 +00:00
|
|
|
"golang.org/x/crypto/bcrypt"
|
2019-08-17 13:20:49 +00:00
|
|
|
"golang.org/x/crypto/pbkdf2"
|
2019-07-20 10:26:52 +00:00
|
|
|
"golang.org/x/crypto/ssh"
|
|
|
|
|
2019-08-12 16:31:31 +00:00
|
|
|
"github.com/drakkan/sftpgo/logger"
|
2019-09-13 16:45:36 +00:00
|
|
|
"github.com/drakkan/sftpgo/metrics"
|
2019-07-20 10:26:52 +00:00
|
|
|
"github.com/drakkan/sftpgo/utils"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2019-08-12 16:31:31 +00:00
|
|
|
// SQLiteDataProviderName name for SQLite database provider
|
2019-07-20 10:26:52 +00:00
|
|
|
SQLiteDataProviderName = "sqlite"
|
2019-09-06 09:23:06 +00:00
|
|
|
// PGSQLDataProviderName name for PostgreSQL database provider
|
|
|
|
PGSQLDataProviderName = "postgresql"
|
2019-08-12 16:31:31 +00:00
|
|
|
// MySQLDataProviderName name for MySQL database provider
|
2019-07-20 10:26:52 +00:00
|
|
|
MySQLDataProviderName = "mysql"
|
2019-08-12 16:31:31 +00:00
|
|
|
// BoltDataProviderName name for bbolt key/value store provider
|
|
|
|
BoltDataProviderName = "bolt"
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
argonPwdPrefix = "$argon2id$"
|
2019-07-26 06:00:14 +00:00
|
|
|
bcryptPwdPrefix = "$2a$"
|
2019-08-17 13:20:49 +00:00
|
|
|
pbkdf2SHA1Prefix = "$pbkdf2-sha1$"
|
|
|
|
pbkdf2SHA256Prefix = "$pbkdf2-sha256$"
|
|
|
|
pbkdf2SHA512Prefix = "$pbkdf2-sha512$"
|
2019-07-20 10:26:52 +00:00
|
|
|
manageUsersDisabledError = "please set manage_users to 1 in sftpgo.conf to enable this method"
|
2019-07-28 20:04:50 +00:00
|
|
|
trackQuotaDisabledError = "please enable track_quota in sftpgo.conf to use this method"
|
2019-07-20 10:26:52 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
2019-07-30 18:51:29 +00:00
|
|
|
// SupportedProviders data provider configured in the sftpgo.conf file must match of these strings
|
2019-09-06 09:23:06 +00:00
|
|
|
SupportedProviders = []string{SQLiteDataProviderName, PGSQLDataProviderName, MySQLDataProviderName, BoltDataProviderName}
|
2019-07-20 10:26:52 +00:00
|
|
|
config Config
|
|
|
|
provider Provider
|
|
|
|
sqlPlaceholders []string
|
|
|
|
validPerms = []string{PermAny, PermListItems, PermDownload, PermUpload, PermDelete, PermRename,
|
|
|
|
PermCreateDirs, PermCreateSymlinks}
|
2019-09-13 16:45:36 +00:00
|
|
|
hashPwdPrefixes = []string{argonPwdPrefix, bcryptPwdPrefix, pbkdf2SHA1Prefix, pbkdf2SHA256Prefix, pbkdf2SHA512Prefix}
|
|
|
|
pbkdfPwdPrefixes = []string{pbkdf2SHA1Prefix, pbkdf2SHA256Prefix, pbkdf2SHA512Prefix}
|
|
|
|
logSender = "dataProvider"
|
|
|
|
availabilityTicker *time.Ticker
|
2019-07-20 10:26:52 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Config provider configuration
|
|
|
|
type Config struct {
|
2019-07-30 18:51:29 +00:00
|
|
|
// Driver name, must be one of the SupportedProviders
|
2019-08-07 20:46:13 +00:00
|
|
|
Driver string `json:"driver" mapstructure:"driver"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Database name
|
2019-08-07 20:46:13 +00:00
|
|
|
Name string `json:"name" mapstructure:"name"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Database host
|
2019-08-07 20:46:13 +00:00
|
|
|
Host string `json:"host" mapstructure:"host"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Database port
|
2019-08-07 20:46:13 +00:00
|
|
|
Port int `json:"port" mapstructure:"port"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Database username
|
2019-08-07 20:46:13 +00:00
|
|
|
Username string `json:"username" mapstructure:"username"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Database password
|
2019-08-07 20:46:13 +00:00
|
|
|
Password string `json:"password" mapstructure:"password"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Used for drivers mysql and postgresql.
|
|
|
|
// 0 disable SSL/TLS connections.
|
|
|
|
// 1 require ssl.
|
|
|
|
// 2 set ssl mode to verify-ca for driver postgresql and skip-verify for driver mysql.
|
|
|
|
// 3 set ssl mode to verify-full for driver postgresql and preferred for driver mysql.
|
2019-08-07 20:46:13 +00:00
|
|
|
SSLMode int `json:"sslmode" mapstructure:"sslmode"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Custom database connection string.
|
|
|
|
// If not empty this connection string will be used instead of build one using the previous parameters
|
2019-08-07 20:46:13 +00:00
|
|
|
ConnectionString string `json:"connection_string" mapstructure:"connection_string"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Database table for SFTP users
|
2019-08-07 20:46:13 +00:00
|
|
|
UsersTable string `json:"users_table" mapstructure:"users_table"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Set to 0 to disable users management, 1 to enable
|
2019-08-07 20:46:13 +00:00
|
|
|
ManageUsers int `json:"manage_users" mapstructure:"manage_users"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Set the preferred way to track users quota between the following choices:
|
|
|
|
// 0, disable quota tracking. REST API to scan user dir and update quota will do nothing
|
|
|
|
// 1, quota is updated each time a user upload or delete a file even if the user has no quota restrictions
|
|
|
|
// 2, quota is updated each time a user upload or delete a file but only for users with quota restrictions.
|
|
|
|
// With this configuration the "quota scan" REST API can still be used to periodically update space usage
|
|
|
|
// for users without quota restrictions
|
2019-08-07 20:46:13 +00:00
|
|
|
TrackQuota int `json:"track_quota" mapstructure:"track_quota"`
|
2019-09-13 06:14:07 +00:00
|
|
|
// Sets the maximum number of open connections for mysql and postgresql driver.
|
|
|
|
// Default 0 (unlimited)
|
|
|
|
PoolSize int `json:"pool_size" mapstructure:"pool_size"`
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ValidationError raised if input data is not valid
|
|
|
|
type ValidationError struct {
|
|
|
|
err string
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// Validation error details
|
2019-07-20 10:26:52 +00:00
|
|
|
func (e *ValidationError) Error() string {
|
|
|
|
return fmt.Sprintf("Validation error: %s", e.err)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// MethodDisabledError raised if a method is disabled in config file.
|
|
|
|
// For example, if user management is disabled, this error is raised
|
|
|
|
// every time an user operation is done using the REST API
|
2019-07-20 10:26:52 +00:00
|
|
|
type MethodDisabledError struct {
|
|
|
|
err string
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// Method disabled error details
|
2019-07-20 10:26:52 +00:00
|
|
|
func (e *MethodDisabledError) Error() string {
|
|
|
|
return fmt.Sprintf("Method disabled error: %s", e.err)
|
|
|
|
}
|
|
|
|
|
2019-08-12 16:31:31 +00:00
|
|
|
// RecordNotFoundError raised if a requested user is not found
|
|
|
|
type RecordNotFoundError struct {
|
|
|
|
err string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e *RecordNotFoundError) Error() string {
|
|
|
|
return fmt.Sprintf("Not found: %s", e.err)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// GetProvider returns the configured provider
|
2019-07-20 10:26:52 +00:00
|
|
|
func GetProvider() Provider {
|
|
|
|
return provider
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// Provider interface that data providers must implement.
|
2019-07-20 10:26:52 +00:00
|
|
|
type Provider interface {
|
|
|
|
validateUserAndPass(username string, password string) (User, error)
|
2019-09-05 19:35:53 +00:00
|
|
|
validateUserAndPubKey(username string, pubKey string) (User, string, error)
|
2019-07-20 10:26:52 +00:00
|
|
|
updateQuota(username string, filesAdd int, sizeAdd int64, reset bool) error
|
|
|
|
getUsedQuota(username string) (int, int64, error)
|
|
|
|
userExists(username string) (User, error)
|
|
|
|
addUser(user User) error
|
|
|
|
updateUser(user User) error
|
|
|
|
deleteUser(user User) error
|
|
|
|
getUsers(limit int, offset int, order string, username string) ([]User, error)
|
|
|
|
getUserByID(ID int64) (User, error)
|
2019-09-13 16:45:36 +00:00
|
|
|
checkAvailability() error
|
|
|
|
}
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
availabilityTicker = time.NewTicker(30 * time.Second)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// Initialize the data provider.
|
|
|
|
// An error is returned if the configured driver is invalid or if the data provider cannot be initialized
|
2019-07-20 10:26:52 +00:00
|
|
|
func Initialize(cnf Config, basePath string) error {
|
2019-09-13 16:45:36 +00:00
|
|
|
var err error
|
2019-07-20 10:26:52 +00:00
|
|
|
config = cnf
|
|
|
|
sqlPlaceholders = getSQLPlaceholders()
|
|
|
|
if config.Driver == SQLiteDataProviderName {
|
2019-09-13 16:45:36 +00:00
|
|
|
err = initializeSQLiteProvider(basePath)
|
2019-09-06 09:23:06 +00:00
|
|
|
} else if config.Driver == PGSQLDataProviderName {
|
2019-09-13 16:45:36 +00:00
|
|
|
err = initializePGSQLProvider()
|
2019-07-20 10:26:52 +00:00
|
|
|
} else if config.Driver == MySQLDataProviderName {
|
2019-09-13 16:45:36 +00:00
|
|
|
err = initializeMySQLProvider()
|
2019-08-12 16:31:31 +00:00
|
|
|
} else if config.Driver == BoltDataProviderName {
|
2019-09-13 16:45:36 +00:00
|
|
|
err = initializeBoltProvider(basePath)
|
|
|
|
} else {
|
|
|
|
err = fmt.Errorf("Unsupported data provider: %v", config.Driver)
|
|
|
|
}
|
|
|
|
if err == nil {
|
|
|
|
startAvailabilityTimer()
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
2019-09-13 16:45:36 +00:00
|
|
|
return err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// CheckUserAndPass retrieves the SFTP user with the given username and password if a match is found or an error
|
2019-07-20 10:26:52 +00:00
|
|
|
func CheckUserAndPass(p Provider, username string, password string) (User, error) {
|
|
|
|
return p.validateUserAndPass(username, password)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// CheckUserAndPubKey retrieves the SFTP user with the given username and public key if a match is found or an error
|
2019-09-05 19:35:53 +00:00
|
|
|
func CheckUserAndPubKey(p Provider, username string, pubKey string) (User, string, error) {
|
2019-07-20 10:26:52 +00:00
|
|
|
return p.validateUserAndPubKey(username, pubKey)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// UpdateUserQuota updates the quota for the given SFTP user adding filesAdd and sizeAdd.
|
|
|
|
// If reset is true filesAdd and sizeAdd indicates the total files and the total size instead of the difference.
|
2019-07-28 20:04:50 +00:00
|
|
|
func UpdateUserQuota(p Provider, user User, filesAdd int, sizeAdd int64, reset bool) error {
|
2019-07-20 10:26:52 +00:00
|
|
|
if config.TrackQuota == 0 {
|
|
|
|
return &MethodDisabledError{err: trackQuotaDisabledError}
|
2019-07-28 20:04:50 +00:00
|
|
|
} else if config.TrackQuota == 2 && !reset && !user.HasQuotaRestrictions() {
|
|
|
|
return nil
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
2019-07-28 20:04:50 +00:00
|
|
|
return p.updateQuota(user.Username, filesAdd, sizeAdd, reset)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// GetUsedQuota returns the used quota for the given SFTP user.
|
|
|
|
// TrackQuota must be >=1 to enable this method
|
2019-07-20 10:26:52 +00:00
|
|
|
func GetUsedQuota(p Provider, username string) (int, int64, error) {
|
|
|
|
if config.TrackQuota == 0 {
|
|
|
|
return 0, 0, &MethodDisabledError{err: trackQuotaDisabledError}
|
|
|
|
}
|
|
|
|
return p.getUsedQuota(username)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// UserExists checks if the given SFTP username exists, returns an error if no match is found
|
2019-07-20 10:26:52 +00:00
|
|
|
func UserExists(p Provider, username string) (User, error) {
|
|
|
|
return p.userExists(username)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// AddUser adds a new SFTP user.
|
|
|
|
// ManageUsers configuration must be set to 1 to enable this method
|
2019-07-20 10:26:52 +00:00
|
|
|
func AddUser(p Provider, user User) error {
|
|
|
|
if config.ManageUsers == 0 {
|
|
|
|
return &MethodDisabledError{err: manageUsersDisabledError}
|
|
|
|
}
|
|
|
|
return p.addUser(user)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// UpdateUser updates an existing SFTP user.
|
|
|
|
// ManageUsers configuration must be set to 1 to enable this method
|
2019-07-20 10:26:52 +00:00
|
|
|
func UpdateUser(p Provider, user User) error {
|
|
|
|
if config.ManageUsers == 0 {
|
|
|
|
return &MethodDisabledError{err: manageUsersDisabledError}
|
|
|
|
}
|
|
|
|
return p.updateUser(user)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// DeleteUser deletes an existing SFTP user.
|
|
|
|
// ManageUsers configuration must be set to 1 to enable this method
|
2019-07-20 10:26:52 +00:00
|
|
|
func DeleteUser(p Provider, user User) error {
|
|
|
|
if config.ManageUsers == 0 {
|
|
|
|
return &MethodDisabledError{err: manageUsersDisabledError}
|
|
|
|
}
|
|
|
|
return p.deleteUser(user)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// GetUsers returns an array of users respecting limit and offset and filtered by username exact match if not empty
|
2019-07-20 10:26:52 +00:00
|
|
|
func GetUsers(p Provider, limit int, offset int, order string, username string) ([]User, error) {
|
|
|
|
return p.getUsers(limit, offset, order, username)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// GetUserByID returns the user with the given database ID if a match is found or an error
|
2019-07-20 10:26:52 +00:00
|
|
|
func GetUserByID(p Provider, ID int64) (User, error) {
|
|
|
|
return p.getUserByID(ID)
|
|
|
|
}
|
|
|
|
|
|
|
|
func validateUser(user *User) error {
|
|
|
|
if len(user.Username) == 0 || len(user.HomeDir) == 0 {
|
|
|
|
return &ValidationError{err: "Mandatory parameters missing"}
|
|
|
|
}
|
2019-08-07 21:41:10 +00:00
|
|
|
if len(user.Password) == 0 && len(user.PublicKeys) == 0 {
|
|
|
|
return &ValidationError{err: "Please set password or at least a public_key"}
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
if len(user.Permissions) == 0 {
|
|
|
|
return &ValidationError{err: "Please grant some permissions to this user"}
|
|
|
|
}
|
|
|
|
if !filepath.IsAbs(user.HomeDir) {
|
|
|
|
return &ValidationError{err: fmt.Sprintf("home_dir must be an absolute path, actual value: %v", user.HomeDir)}
|
|
|
|
}
|
|
|
|
for _, p := range user.Permissions {
|
|
|
|
if !utils.IsStringInSlice(p, validPerms) {
|
|
|
|
return &ValidationError{err: fmt.Sprintf("Invalid permission: %v", p)}
|
|
|
|
}
|
|
|
|
}
|
2019-08-17 13:20:49 +00:00
|
|
|
if len(user.Password) > 0 && !utils.IsStringPrefixInSlice(user.Password, hashPwdPrefixes) {
|
2019-07-20 10:26:52 +00:00
|
|
|
pwd, err := argon2id.CreateHash(user.Password, argon2id.DefaultParams)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
user.Password = pwd
|
|
|
|
}
|
2019-08-07 21:41:10 +00:00
|
|
|
for i, k := range user.PublicKeys {
|
2019-08-01 20:42:46 +00:00
|
|
|
_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(k))
|
|
|
|
if err != nil {
|
|
|
|
return &ValidationError{err: fmt.Sprintf("Could not parse key nr. %d: %s", i, err)}
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-08-12 16:31:31 +00:00
|
|
|
func checkUserAndPass(user User, password string) (User, error) {
|
|
|
|
var err error
|
|
|
|
if len(user.Password) == 0 {
|
|
|
|
return user, errors.New("Credentials cannot be null or empty")
|
|
|
|
}
|
|
|
|
var match bool
|
|
|
|
if strings.HasPrefix(user.Password, argonPwdPrefix) {
|
|
|
|
match, err = argon2id.ComparePasswordAndHash(password, user.Password)
|
|
|
|
if err != nil {
|
2019-09-06 13:19:01 +00:00
|
|
|
providerLog(logger.LevelWarn, "error comparing password with argon hash: %v", err)
|
2019-08-12 16:31:31 +00:00
|
|
|
return user, err
|
|
|
|
}
|
|
|
|
} else if strings.HasPrefix(user.Password, bcryptPwdPrefix) {
|
|
|
|
if err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)); err != nil {
|
2019-09-06 13:19:01 +00:00
|
|
|
providerLog(logger.LevelWarn, "error comparing password with bcrypt hash: %v", err)
|
2019-08-12 16:31:31 +00:00
|
|
|
return user, err
|
|
|
|
}
|
|
|
|
match = true
|
2019-08-17 13:20:49 +00:00
|
|
|
} else if utils.IsStringPrefixInSlice(user.Password, pbkdfPwdPrefixes) {
|
|
|
|
match, err = comparePbkdf2PasswordAndHash(password, user.Password)
|
|
|
|
if err != nil {
|
2019-09-06 13:19:01 +00:00
|
|
|
providerLog(logger.LevelWarn, "error comparing password with pbkdf2 sha256 hash: %v", err)
|
2019-08-17 13:20:49 +00:00
|
|
|
return user, err
|
|
|
|
}
|
2019-08-12 16:31:31 +00:00
|
|
|
}
|
|
|
|
if !match {
|
|
|
|
err = errors.New("Invalid credentials")
|
|
|
|
}
|
|
|
|
return user, err
|
|
|
|
}
|
|
|
|
|
2019-09-05 19:35:53 +00:00
|
|
|
func checkUserAndPubKey(user User, pubKey string) (User, string, error) {
|
2019-08-12 16:31:31 +00:00
|
|
|
if len(user.PublicKeys) == 0 {
|
2019-09-05 19:35:53 +00:00
|
|
|
return user, "", errors.New("Invalid credentials")
|
2019-08-12 16:31:31 +00:00
|
|
|
}
|
|
|
|
for i, k := range user.PublicKeys {
|
2019-09-05 19:35:53 +00:00
|
|
|
storedPubKey, comment, _, _, err := ssh.ParseAuthorizedKey([]byte(k))
|
2019-08-12 16:31:31 +00:00
|
|
|
if err != nil {
|
2019-09-06 13:19:01 +00:00
|
|
|
providerLog(logger.LevelWarn, "error parsing stored public key %d for user %v: %v", i, user.Username, err)
|
2019-09-05 19:35:53 +00:00
|
|
|
return user, "", err
|
2019-08-12 16:31:31 +00:00
|
|
|
}
|
|
|
|
if string(storedPubKey.Marshal()) == pubKey {
|
2019-09-05 19:35:53 +00:00
|
|
|
fp := ssh.FingerprintSHA256(storedPubKey)
|
|
|
|
return user, fp + ":" + comment, nil
|
2019-08-12 16:31:31 +00:00
|
|
|
}
|
|
|
|
}
|
2019-09-05 19:35:53 +00:00
|
|
|
return user, "", errors.New("Invalid credentials")
|
2019-08-12 16:31:31 +00:00
|
|
|
}
|
|
|
|
|
2019-08-17 13:20:49 +00:00
|
|
|
func comparePbkdf2PasswordAndHash(password, hashedPassword string) (bool, error) {
|
|
|
|
vals := strings.Split(hashedPassword, "$")
|
|
|
|
if len(vals) != 5 {
|
|
|
|
return false, fmt.Errorf("pbkdf2: hash is not in the correct format")
|
|
|
|
}
|
|
|
|
var hashFunc func() hash.Hash
|
|
|
|
var hashSize int
|
|
|
|
if strings.HasPrefix(hashedPassword, pbkdf2SHA256Prefix) {
|
|
|
|
hashSize = sha256.Size
|
|
|
|
hashFunc = sha256.New
|
|
|
|
} else if strings.HasPrefix(hashedPassword, pbkdf2SHA512Prefix) {
|
|
|
|
hashSize = sha512.Size
|
|
|
|
hashFunc = sha512.New
|
|
|
|
} else if strings.HasPrefix(hashedPassword, pbkdf2SHA1Prefix) {
|
|
|
|
hashSize = sha1.Size
|
|
|
|
hashFunc = sha1.New
|
|
|
|
} else {
|
|
|
|
return false, fmt.Errorf("pbkdf2: invalid or unsupported hash format %v", vals[1])
|
|
|
|
}
|
|
|
|
iterations, err := strconv.Atoi(vals[2])
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
salt := vals[3]
|
|
|
|
expected := vals[4]
|
|
|
|
df := pbkdf2.Key([]byte(password), []byte(salt), iterations, hashSize, hashFunc)
|
|
|
|
buf := make([]byte, base64.StdEncoding.EncodedLen(len(df)))
|
|
|
|
base64.StdEncoding.Encode(buf, df)
|
|
|
|
return subtle.ConstantTimeCompare(buf, []byte(expected)) == 1, nil
|
|
|
|
}
|
|
|
|
|
2019-07-20 10:26:52 +00:00
|
|
|
func getSSLMode() string {
|
2019-09-06 09:23:06 +00:00
|
|
|
if config.Driver == PGSQLDataProviderName {
|
2019-07-20 10:26:52 +00:00
|
|
|
if config.SSLMode == 0 {
|
|
|
|
return "disable"
|
|
|
|
} else if config.SSLMode == 1 {
|
|
|
|
return "require"
|
|
|
|
} else if config.SSLMode == 2 {
|
|
|
|
return "verify-ca"
|
|
|
|
} else if config.SSLMode == 3 {
|
|
|
|
return "verify-full"
|
|
|
|
}
|
|
|
|
} else if config.Driver == MySQLDataProviderName {
|
|
|
|
if config.SSLMode == 0 {
|
|
|
|
return "false"
|
|
|
|
} else if config.SSLMode == 1 {
|
|
|
|
return "true"
|
|
|
|
} else if config.SSLMode == 2 {
|
|
|
|
return "skip-verify"
|
|
|
|
} else if config.SSLMode == 3 {
|
|
|
|
return "preferred"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
2019-09-06 13:19:01 +00:00
|
|
|
|
2019-09-13 16:45:36 +00:00
|
|
|
func startAvailabilityTimer() {
|
|
|
|
checkDataprovider()
|
|
|
|
go func() {
|
|
|
|
for range availabilityTicker.C {
|
|
|
|
checkDataprovider()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
|
|
|
func checkDataprovider() {
|
|
|
|
err := provider.checkAvailability()
|
|
|
|
if err != nil {
|
|
|
|
providerLog(logger.LevelWarn, "check availability error: %v", err)
|
|
|
|
}
|
|
|
|
metrics.UpdateDataProviderAvailability(err)
|
|
|
|
}
|
|
|
|
|
2019-09-06 13:19:01 +00:00
|
|
|
func providerLog(level logger.LogLevel, format string, v ...interface{}) {
|
|
|
|
logger.Log(level, logSender, "", format, v...)
|
|
|
|
}
|