From be9a1fb7c461e08cc929e73b20a784d955a2e8ca Mon Sep 17 00:00:00 2001 From: Philip Hofstetter Date: Fri, 26 Jul 2019 08:00:14 +0200 Subject: [PATCH] add bcrypt support --- dataprovider/dataprovider.go | 1 + dataprovider/sqlcommon.go | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/dataprovider/dataprovider.go b/dataprovider/dataprovider.go index 0fd2aee8..a6d90308 100644 --- a/dataprovider/dataprovider.go +++ b/dataprovider/dataprovider.go @@ -22,6 +22,7 @@ const ( logSender = "dataProvider" argonPwdPrefix = "$argon2id$" + bcryptPwdPrefix = "$2a$" manageUsersDisabledError = "please set manage_users to 1 in sftpgo.conf to enable this method" trackQuotaDisabledError = "please enable track_quota in sftpgo.conf to use this method" ) diff --git a/dataprovider/sqlcommon.go b/dataprovider/sqlcommon.go index caceae09..b99c9a16 100644 --- a/dataprovider/sqlcommon.go +++ b/dataprovider/sqlcommon.go @@ -10,6 +10,8 @@ import ( "golang.org/x/crypto/ssh" "github.com/alexedwards/argon2id" + "golang.org/x/crypto/bcrypt" + "github.com/drakkan/sftpgo/logger" "github.com/drakkan/sftpgo/utils" ) @@ -44,6 +46,15 @@ func sqlCommonValidateUserAndPass(username string, password string) (User, error logger.Warn(logSender, "error comparing password with argon hash: %v", err) return user, err } + + } else if strings.HasPrefix(user.Password, bcryptPwdPrefix){ + err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)) + if err != nil { + logger.Warn(logSender, "error comparing password with bcrypt hash: %v", err) + return user, err + }else{ + match = true + } } else { // clear text password match match = (user.Password == password)