1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
package proxy
import (
"errors"
"net"
"strings"
"time"
)
var authIface AuthBackend
var (
ErrAuthBackendExists = errors.New("auth backend already set")
ErrInvalidSRPHeader = errors.New("encoded password is not SRP")
ErrLastSrvNotSupported = errors.New("auth backend does not support server information")
)
type User struct {
Name string
Salt []byte
Verifier []byte
Timestamp time.Time
}
type Ban struct {
Addr string
Name string
}
type AuthBackend interface {
Exists(name string) bool
Passwd(name string) (salt, verifier []byte, err error)
SetPasswd(name string, salt, verifier []byte) error
LastSrv(name string) (string, error)
SetLastSrv(name, srv string) error
Timestamp(name string) (time.Time, error)
Import(in []User) error
Export() ([]User, error)
Ban(addr, name string) error
Unban(id string) error
Banned(addr *net.UDPAddr) bool
ImportBans(in []Ban) error
ExportBans() ([]Ban, error)
}
func setAuthBackend(ab AuthBackend) error {
if authIface != nil {
return ErrAuthBackendExists
}
authIface = ab
return nil
}
func encodeVerifierAndSalt(salt, verifier []byte) string {
return "#1#" + b64.EncodeToString(salt) + "#" + b64.EncodeToString(verifier)
}
func decodeVerifierAndSalt(encodedPasswd string) ([]byte, []byte, error) {
if !strings.HasPrefix(encodedPasswd, "#1#") {
return nil, nil, ErrInvalidSRPHeader
}
salt, err := b64.DecodeString(strings.Split(encodedPasswd, "#")[2])
if err != nil {
return nil, nil, err
}
verifier, err := b64.DecodeString(strings.Split(encodedPasswd, "#")[3])
if err != nil {
return nil, nil, err
}
return salt, verifier, nil
}
|
