Browse Source

Authentication checker converted to store passwords as bcrypt hashes

Bernhard Fröhlich 3 months ago
parent
commit
76a04a2001
Signed by: Bernhard Froehlich <decke@bluelife.at> GPG Key ID: 4DD88C3F9F3B8333
4 changed files with 9 additions and 3 deletions
  1. 1
    0
      go.mod
  2. 2
    0
      go.sum
  3. 5
    2
      main.go
  4. 1
    1
      smtp-proxy.ini

+ 1
- 0
go.mod View File

@@ -3,4 +3,5 @@ module code.bluelife.at/decke/smtp-proxy
3 3
 require (
4 4
 	github.com/chrj/smtpd v0.1.2
5 5
 	github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de
6
+	golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
6 7
 )

+ 2
- 0
go.sum View File

@@ -3,3 +3,5 @@ github.com/chrj/smtpd v0.1.2/go.mod h1:jt4ydELuZmqhn9hn3YpEPV1dY00aOB+Q1nWXnBDFK
3 3
 github.com/eaigner/dkim v0.0.0-20150301120808-6fe4a7ee9cfb/go.mod h1:FSCIHbrqk7D01Mj8y/jW+NS1uoCerr+ad+IckTHTFf4=
4 4
 github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de h1:fkw+7JkxF3U1GzQoX9h69Wvtvxajo5Rbzy6+YMMzPIg=
5 5
 github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de/go.mod h1:irMhzlTz8+fVFj6CH2AN2i+WI5S6wWFtK3MBCIxIpyI=
6
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
7
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=

+ 5
- 2
main.go View File

@@ -16,6 +16,7 @@ import (
16 16
 
17 17
 	"github.com/chrj/smtpd"
18 18
 	"github.com/vharitonsky/iniflags"
19
+	"golang.org/x/crypto/bcrypt"
19 20
 )
20 21
 
21 22
 const (
@@ -113,8 +114,10 @@ func authChecker(peer smtpd.Peer, username string, password string) error {
113 114
 			continue
114 115
 		}
115 116
 
116
-		if username == parts[0] && password == parts[1] {
117
-			return nil
117
+		if username == parts[0] {
118
+			if bcrypt.CompareHashAndPassword([]byte(parts[1]), []byte(password)) == nil {
119
+				return nil
120
+			}
118 121
 		}
119 122
 	}
120 123
 

+ 1
- 1
smtp-proxy.ini View File

@@ -37,7 +37,7 @@
37 37
 
38 38
 ; File which contains username and password used for
39 39
 ; authentication before they can send mail.
40
-; File format: username password
40
+; File format: username bcrypt-hash
41 41
 ;allowed_users =
42 42
 
43 43
 ; Relay all mails to this SMTP server

Loading…
Cancel
Save