Authentication checker converted to store passwords as bcrypt hashes

2018-12-28 15:18:50 +00:00
parent 0df376e54a
commit 76a04a2001
4 changed files with 9 additions and 3 deletions
--- a/go.mod
+++ b/go.mod
@@ -3,4 +3,5 @@ module code.bluelife.at/decke/smtp-proxy
 require (
 	github.com/chrj/smtpd v0.1.2
 	github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de
+	golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
 )
--- a/go.sum
+++ b/go.sum
@@ -3,3 +3,5 @@ github.com/chrj/smtpd v0.1.2/go.mod h1:jt4ydELuZmqhn9hn3YpEPV1dY00aOB+Q1nWXnBDFK
 github.com/eaigner/dkim v0.0.0-20150301120808-6fe4a7ee9cfb/go.mod h1:FSCIHbrqk7D01Mj8y/jW+NS1uoCerr+ad+IckTHTFf4=
 github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de h1:fkw+7JkxF3U1GzQoX9h69Wvtvxajo5Rbzy6+YMMzPIg=
 github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de/go.mod h1:irMhzlTz8+fVFj6CH2AN2i+WI5S6wWFtK3MBCIxIpyI=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
--- a/main.go
+++ b/main.go
@@ -16,6 +16,7 @@ import (

 	"github.com/chrj/smtpd"
 	"github.com/vharitonsky/iniflags"
+	"golang.org/x/crypto/bcrypt"
 )

 const (
@@ -113,8 +114,10 @@ func authChecker(peer smtpd.Peer, username string, password string) error {
 			continue
 		}

-		if username == parts[0] && password == parts[1] {
-			return nil
+		if username == parts[0] {
+			if bcrypt.CompareHashAndPassword([]byte(parts[1]), []byte(password)) == nil {
+				return nil
+			}
 		}
 	}

--- a/smtp-proxy.ini
+++ b/smtp-proxy.ini
@@ -37,7 +37,7 @@

 ; File which contains username and password used for
 ; authentication before they can send mail.
-; File format: username password
+; File format: username bcrypt-hash
 ;allowed_users =

 ; Relay all mails to this SMTP server