diff options
| author | Mikhail Osipov <mike.osipov@gmail.com> | 2021-09-22 14:08:50 +0300 |
|---|---|---|
| committer | Mikhail Osipov <mike.osipov@gmail.com> | 2021-09-22 14:10:24 +0300 |
| commit | bb5930cfc1852de96296c3a8b19b1e202e5c504c (patch) | |
| tree | e66aad2b93762e88889ce7052cb2e9b1a50e32e6 /pkg/server | |
| parent | 8f869ec31d249732e22c609e8dff0a492a47af5a (diff) | |
aes: get secret from file
Diffstat (limited to 'pkg/server')
| -rw-r--r-- | pkg/server/hook/aes.go | 22 | ||||
| -rw-r--r-- | pkg/server/hook/auth.go | 20 |
2 files changed, 28 insertions, 14 deletions
diff --git a/pkg/server/hook/aes.go b/pkg/server/hook/aes.go index 184d18d..6bb43fa 100644 --- a/pkg/server/hook/aes.go +++ b/pkg/server/hook/aes.go @@ -5,7 +5,11 @@ import ( "crypto/cipher" "crypto/md5" "crypto/rand" + "errors" + "fmt" "io" + "os" + "strings" "tunnel/pkg/server/env" "tunnel/pkg/server/queue" @@ -65,11 +69,23 @@ func (a *aesPipe) Recv(rq, wq queue.Q) error { } func (aesHook) New(env env.Env) (interface{}, error) { - s := env.Value("secret") - h := md5.Sum([]byte(s)) + file := env.Value("aesfile") + if file == "" { + return nil, errors.New("no aesfile configured") + } + b, err := os.ReadFile(file) + if err != nil { + return nil, fmt.Errorf("aesfile: %w", err) + } + s := strings.TrimSpace(string(b)) + if s == "" { + return nil, errors.New("aesfile: no secret") + } + + key := md5.Sum([]byte(s)) a := &aesPipe{key: make([]byte, 16)} - copy(a.key, h[:]) + copy(a.key, key[:]) return a, nil } diff --git a/pkg/server/hook/auth.go b/pkg/server/hook/auth.go index 0f70d88..9c8ca35 100644 --- a/pkg/server/hook/auth.go +++ b/pkg/server/hook/auth.go @@ -68,19 +68,18 @@ func hashsum(args ...string) string { func getpass(f *os.File, salt string, user string) string { f.Seek(0, 0) + match := func(s, t string) bool { + if salt == "" { + return s == t + } + return hashsum(salt, s) == t + } + for scanner := bufio.NewScanner(f); scanner.Scan(); { splitted := strings.SplitN(scanner.Text(), "#", 2) tokens := strings.Fields(splitted[0]) - if len(tokens) > 1 { - if salt == "" { - if tokens[0] == user { - return tokens[1] - } - } else { - if hashsum(salt, tokens[0]) == user { - return tokens[1] - } - } + if len(tokens) > 1 && match(tokens[0], user) { + return tokens[1] } } @@ -226,7 +225,6 @@ func (a *auth) Close() { func (h *authHook) New(env env.Env) (interface{}, error) { file := env.Value("authfile") - if file == "" { return nil, errors.New("no authfile configured") } |