mirror of
https://github.com/chrislusf/seaweedfs
synced 2025-06-29 08:12:47 +02:00
27a392f706
* improve perfs & fix rclone & refactoring Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * improve perfs on download + add seaweedfs all-in-one deployment Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * use helper for topologySpreadConstraints and fix create home dir of sftp users Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * fix helm lint Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * add missing ctx param Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> --------- Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com>
53 lines
1.3 KiB
Go
53 lines
1.3 KiB
Go
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
"math/rand"
|
|
"time"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/sftpd/user"
|
|
"golang.org/x/crypto/ssh"
|
|
)
|
|
|
|
// PasswordAuthenticator handles password-based authentication
|
|
type PasswordAuthenticator struct {
|
|
userStore user.Store
|
|
enabled bool
|
|
}
|
|
|
|
// NewPasswordAuthenticator creates a new password authenticator
|
|
func NewPasswordAuthenticator(userStore user.Store, enabled bool) *PasswordAuthenticator {
|
|
return &PasswordAuthenticator{
|
|
userStore: userStore,
|
|
enabled: enabled,
|
|
}
|
|
}
|
|
|
|
// Enabled returns whether password authentication is enabled
|
|
func (a *PasswordAuthenticator) Enabled() bool {
|
|
return a.enabled
|
|
}
|
|
|
|
// Authenticate validates a password for a user
|
|
func (a *PasswordAuthenticator) Authenticate(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {
|
|
username := conn.User()
|
|
|
|
// Check if password auth is enabled
|
|
if !a.enabled {
|
|
return nil, fmt.Errorf("password authentication disabled")
|
|
}
|
|
|
|
// Validate password against user store
|
|
if a.userStore.ValidatePassword(username, password) {
|
|
return &ssh.Permissions{
|
|
Extensions: map[string]string{
|
|
"username": username,
|
|
},
|
|
}, nil
|
|
}
|
|
|
|
// Add delay to prevent brute force attacks
|
|
time.Sleep(time.Duration(100+rand.Intn(100)) * time.Millisecond)
|
|
|
|
return nil, fmt.Errorf("authentication failed")
|
|
}
|