diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-04-24 15:58:25 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-04-24 15:58:25 +0100 |
| commit | dabdeeb919ef98f7edadb849d46deeabf0c160cf (patch) | |
| tree | 60082a41aed63b43ca63f0c094d664ada5e29cfa /src/controller.c | |
| parent | a331be73bf6ad53214facd054db4edd991e18c8e (diff) | |
| download | rspamd-dabdeeb919ef98f7edadb849d46deeabf0c160cf.tar.gz rspamd-dabdeeb919ef98f7edadb849d46deeabf0c160cf.zip | |
Add routine to recommend users to encrypt their passwords.
Diffstat (limited to 'src/controller.c')
| -rw-r--r-- | src/controller.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/src/controller.c b/src/controller.c index c207e6615..bce75c568 100644 --- a/src/controller.c +++ b/src/controller.c @@ -1727,6 +1727,49 @@ rspamd_controller_accept_socket (gint fd, short what, void *arg) rspamd_http_router_handle_socket (ctx->http, nfd, nsession); } +static void +rspamd_controller_password_sane (const gchar *password, const gchar *type) +{ + const struct rspamd_controller_pbkdf *pbkdf = &pbkdf_list[0]; + GString *msg; + guchar *salt, *key; + gchar *encoded_salt, *encoded_key; + + if (password == NULL) { + msg_warn ("%s is not set, so you should filter controller availability " + "by using of firewall or `secure_ip` option", type); + return; + } + + g_assert (pbkdf != NULL); + + if (!rspamd_is_encrypted_password (password, NULL)) { + /* Suggest encryption to a user */ + msg = g_string_new (NULL); + + rspamd_printf_gstring (msg, "your %s is not encrypted, we strongly " + "recommend to replace it with the encrypted version: ", type); + salt = g_alloca (pbkdf->salt_len); + key = g_alloca (pbkdf->key_len); + ottery_rand_bytes (salt, pbkdf->salt_len); + /* Derive key */ + rspamd_cryptobox_pbkdf (password, strlen (password), + salt, pbkdf->salt_len, key, pbkdf->key_len, pbkdf->rounds); + + encoded_salt = rspamd_encode_base32 (salt, pbkdf->salt_len); + encoded_key = rspamd_encode_base32 (key, pbkdf->key_len); + + rspamd_printf_gstring (msg, "$%d$%s$%s", pbkdf->id, encoded_salt, + encoded_key); + + msg_warn ("%v", msg); + + g_string_free (msg, TRUE); + g_free (encoded_salt); + g_free (encoded_key); + } +} + gpointer init_controller_worker (struct rspamd_config *cfg) { @@ -1825,6 +1868,10 @@ start_controller_worker (struct rspamd_worker *worker) cur = g_list_next (cur); } } + + rspamd_controller_password_sane (ctx->password, "normal password"); + rspamd_controller_password_sane (ctx->enable_password, "enable password"); + /* Accept event */ cache = rspamd_keypair_cache_new (256); ctx->http = rspamd_http_router_new (rspamd_controller_error_handler, |