Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

Authentication errors: try to avoid user enumeration

Browse Source 
Fixes #395
This commit is contained in:
Nicola Murino
2021-04-26 19:48:21 +02:00
parent 7778716fa7
commit 1275328fdf
7 changed files with 59 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dataprovider/sqlcommon.go
View File

@@ -53,7 +53,7 @@ func sqlCommonValidateAdminAndPass(username, password, ip string, dbHandle *sql.
admin, err := sqlCommonGetAdminByUsername(username, dbHandle)
if err != nil {
providerLog(logger.LevelWarn, "error authenticating admin %#v: %v", username, err)
return admin, err
return admin, ErrInvalidCredentials
}
err = admin.checkUserAndPass(password, ip)
return admin, err
@@ -224,7 +224,7 @@ func sqlCommonValidateUserAndPass(username, password, ip, protocol string, dbHan
user, err := sqlCommonGetUserByUsername(username, dbHandle)
if err != nil {
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
return user, err
return user, ErrInvalidCredentials
}
return checkUserAndPass(&user, password, ip, protocol)
}
@@ -237,7 +237,7 @@ func sqlCommonValidateUserAndTLSCertificate(username, protocol string, tlsCert *
user, err := sqlCommonGetUserByUsername(username, dbHandle)
if err != nil {
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
return user, err
return user, ErrInvalidCredentials
}
return checkUserAndTLSCertificate(&user, protocol, tlsCert)
}
@@ -250,7 +250,7 @@ func sqlCommonValidateUserAndPubKey(username string, pubKey []byte, dbHandle *sq
user, err := sqlCommonGetUserByUsername(username, dbHandle)
if err != nil {
providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err)
return user, "", err
return user, "", ErrInvalidCredentials
}
return checkUserAndPubKey(&user, pubKey)
}