Skip to content

Commit

Permalink
add check password hook
Browse files Browse the repository at this point in the history 
its main use case is to allow to easily support things like password+OTP for
protocols without keyboard interactive support such as FTP and WebDAV
  • Loading branch information
@drakkan
drakkan committed Aug 19, 2020
1 parent 04c9a5c commit 8b0a181
Show file tree
Hide file tree
Showing 27 changed files with 514 additions and 83 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,7 @@ Directories outside the user home directory can be exposed as virtual folders, m
## Other hooks

You can get notified as soon as a new connection is established using the [Post-connect hook](./docs/post-connect-hook.md) and after each login using the [Post-login hook](./docs/post-login-hook.md).
You can use your own hook to [check passwords](./docs/check-password-hook.md).

## Storage backends

Expand Down
14 changes: 8 additions & 6 deletions config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,12 +120,14 @@ func init() {
ExecuteOn: []string{},
Hook: "",
},
ExternalAuthHook: "",
ExternalAuthScope: 0,
CredentialsPath: "credentials",
PreLoginHook: "",
PostLoginHook: "",
PostLoginScope: 0,
ExternalAuthHook: "",
ExternalAuthScope: 0,
CredentialsPath: "credentials",
PreLoginHook: "",
PostLoginHook: "",
PostLoginScope: 0,
CheckPasswordHook: "",
CheckPasswordScope: 0,
},
HTTPDConfig: httpd.Conf{
BindPort: 8080,
Expand Down
4 changes: 2 additions & 2 deletions dataprovider/bolt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ func (p BoltProvider) checkAvailability() error {
return err
}

func (p BoltProvider) validateUserAndPass(username string, password string) (User, error) {
func (p BoltProvider) validateUserAndPass(username, password, ip, protocol string) (User, error) {
var user User
if len(password) == 0 {
return user, errors.New("Credentials cannot be null or empty")
Expand All @@ -131,7 +131,7 @@ func (p BoltProvider) validateUserAndPass(username string, password string) (Use
providerLog(logger.LevelWarn, "error authenticating user: %v, error: %v", username, err)
return user, err
}
return checkUserAndPass(user, password)
return checkUserAndPass(user, password, ip, protocol)
}

func (p BoltProvider) validateUserAndPubKey(username string, pubKey []byte) (User, string, error) {
Expand Down
Loading

0 comments on commit 8b0a181

Please sign in to comment.