Commit e4383ac8 authored by Michael Ott's avatar Michael Ott
Browse files

Only store a sha1 hash of REST API passwords in the config files and hash the...

Only store a sha1 hash of REST API passwords in the config files and hash the password provided upon request
parent 5720b46a
......@@ -19,13 +19,13 @@ restAPI {
dhFile /Users/di34bap/Projects/dcdb-devel/deps/openssl-1.1.1c/crypto/dh/dh2048.pem
user admin {
password admin
password d033e22ae348aeb5660fc214aec3585c4da997
PUT
GET
}
user asdf {
password qwertz
password 8c829ee6a1ac6ffdbcf8bc0ad72b73795fff34e8
GET
}
}
......
......@@ -32,6 +32,7 @@
#include <boost/archive/iterators/binary_from_base64.hpp>
#include <boost/archive/iterators/remove_whitespace.hpp>
#include <boost/archive/iterators/transform_width.hpp>
#include <boost/uuid/detail/sha1.hpp>
// This is the C++11 equivalent of a generic lambda.
// The function object is used to send an HTTP message.
......@@ -284,8 +285,18 @@ bool RESTHttpsServer::validateUser(const http::request<Body>& req, Send&& send)
return false;
}
if (pwd != userData.first) {
ServerLOG(warning) << "Invalid password provided: " << usr << ":" << pwd;
boost::uuids::detail::sha1 sha1;
sha1.process_bytes(pwd.data(), pwd.size());
unsigned hash[5] = {0};
sha1.get_digest(hash);
std::stringstream ss;
ss << std::hex << std::setw(8) << std::setfill(' ');
for (int i = 0; i < 5; i++) {
ss << hash[i];
}
if (ss.str() != userData.first) {
ServerLOG(warning) << "Invalid password provided for user " << usr;
send(std::move(res));
return false;
}
......
......@@ -178,7 +178,9 @@ bool GlobalConfiguration::readRestAPIUsers(RESTHttpsServer* server) {
#endif
}
}
if (server->addUser(username, attributes)) {
if (attributes.first.size() != 38) {
LOG(warning) << "User " << username << "'s password does not appear to be a sha1 hash!";
} else if (server->addUser(username, attributes)) {
LOG(warning) << "User " << username << " already existed and was overwritten!";
}
} else {
......
......@@ -17,13 +17,13 @@ restAPI {
dhFile ../../deps/openssl-1.1.1c/crypto/dh/dh2048.pem
user admin {
password admin
password d033e22ae348aeb5660fc214aec3585c4da997
PUT
GET
}
user asdf {
password qwertz
password 8c829ee6a1ac6ffdbcf8bc0ad72b73795fff34e8
GET
}
}
......
......@@ -21,19 +21,19 @@ restAPI {
user user1 {
password pass1
password f0578f1e7174b1a41c4ea8c6e17f7a8a3b88c92a
POST
GET
PUT
}
user user2 {
password pass2
password 8be52126a6fde450a7162a3651d589bb51e9579d
POST
}
user user3 {
password pass3
password de2a4d5751ab06dc4f987142db57c26d50925c8a
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment