Beispiel #1
0
func init() {
	auth.AddMechanism("SCRAM-SHA-1",
		func(e *auth.AuthElement, strm stream.ServerStream) error {
			var auth_state *auth.AuthState
			if err := strm.State().Get(&auth_state); err != nil {
				log.Println("SHAM-SHA-1 AuthState is not set can't get auth data")
				return err
			}

			auth_data, err := auth.DecodeBase64(e.Data, strm)
			if err != nil {
				return err
			}

			scram := scram.NewServer(sha1.New, nil)
			if err := scram.ParseClientFirst(auth_data); err != nil {
				return err
			}
			scram.SaltPassword([]byte(auth_state.GetPasswordByUserName(scram.UserName())))

			handler := newSHAHandler(strm, scram, auth_state)

			return handler.Handle()
		})
}
Beispiel #2
0
func init() {
	auth.AddMechanism("PLAIN",
		func(e *auth.AuthElement, stream stream.ServerStream) error {
			var auth_state *auth.AuthState
			if err := stream.State().Get(&auth_state); err != nil {
				return err
			}

			b, err := auth.DecodeBase64(e.Data, stream)
			if err != nil {
				return err
			}
			user_password := bytes.Split(b, usernamePasswordSeparator)

			if pass := auth_state.GetPasswordByUserName(string(user_password[1])); pass == string(user_password[2]) {

				if err := stream.WriteElement(mechanisms.SuccessElement{}); err != nil {
					return err
				}

				auth_state.UserName = string(user_password[1])
				auth_state.Mechanism = "PLAIN"
				stream.ReOpen()

				return nil
			} else {
				return errors.New("AUTH FAILED")
			}
		})
}
Beispiel #3
0
func (h *shaHandler) Handle() error {
	if err := h.strm.WriteElement(mechanisms.NewChallengeElement(h.scram.First())); err != nil {
		return err
	}

	// Receive a response with encoded MD5
	resp_el, err := mechanisms.ReadResponse(h.strm)
	if err != nil {
		return err
	}

	// Check SHA
	raw_resp_data, err := auth.DecodeBase64(resp_el.Data, h.strm)
	if err != nil {
		return err
	}

	if err := h.scram.CheckClientFinal(raw_resp_data); err != nil {
		return err
	}

	// Send response
	if err := h.strm.WriteElement(mechanisms.NewSuccessElement(h.scram.Final())); err != nil {
		log.Println("Could not write signature")
		return err
	}

	h.authState.UserName = h.scram.UserName()

	h.strm.ReOpen()

	return nil
}
Beispiel #4
0
func (h *digestMD5Handler) Handle() error {
	var auth_state *auth.AuthState
	if err := h.strm.State().Get(&auth_state); err != nil {
		auth_state = &auth.AuthState{}
		h.strm.State().Push(auth_state)
	}

	if err := h.strm.WriteElement(mechanisms.NewChallengeElement(h.md5.Challenge())); err != nil {
		return err
	}

	// Receive a response with encoded MD5
	resp_el, err := mechanisms.ReadResponse(h.strm)
	if err != nil {
		return err
	}

	// Check MD5
	raw_resp_data, err := auth.DecodeBase64(resp_el.Data, h.strm)
	if err != nil {
		return err
	}

	if err := h.md5.ParseResponse(raw_resp_data); err != nil {
		return err
	}
	password := auth_state.GetPasswordByUserName(h.md5.UserName())
	if err := h.md5.Validate(password); err != nil {
		return err
	}

	// Send response
	if err := h.strm.WriteElement(mechanisms.NewChallengeElement(h.md5.Final())); err != nil {
		return err
	}

	rsp, err := mechanisms.ReadResponse(h.strm)
	if err != nil {
		return err
	}
	if rsp.Data != "" {
		return errors.New("Wrong response, expected empty response")
	}

	if err := h.strm.WriteElement(mechanisms.SuccessElement{}); err != nil {
		return err
	}

	auth_state.UserName = h.md5.AuthID()

	h.strm.ReOpen()

	return nil
}