| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SHA256-based password hashing algorithm used by slcl(1) and
usergen(1) is considered insecure against several kinds of attacks,
including brute force attacks. [1]
Therefore, a stronger password hashing algorithm based on the Argon2id
key derivation function is now used by default. While OpenSSL does
support Argon2id, it is only supported by very recent versions [2],
which are still not packaged by most distributions as of the time of
this writing. [3]
As an alternative to OpenSSL, libsodium [4] had several benefits:
- It provides easy-to-use functions for password hashing, base64
encoding/decoding and other cryptographic primitives used by slcl(1)
and usergen(1).
- It is packaged by most distributions [5], and most often only the patch
version differs, which ensures good compatibility across distributions.
Unfortunately, and as opposed to OpenSSL, libsodium does not come with
command-line tools. Therefore, usergen(1) had to be rewritten in C.
In order to maintain backwards compatiblity with existing databases,
slcl(1) and usergen(1) shall support the insecure, SHA256-based password
hashing algorithm. However, Argon2id shall now be the default choice for
usergen(1).
[1]: https://security.stackexchange.com/questions/195563/why-is-sha-256-not-good-for-passwords
[2]: https://docs.openssl.org/3.3/man7/EVP_KDF-ARGON2/
[3]: https://repology.org/project/openssl/versions
[4]: https://www.libsodium.org/
[5]: https://repology.org/project/libsodium/versions
|
| |
|
|
|
|
|
| |
When no quota is entered, printf(1) could fail because '%d' would expect
at least one argument. Whereas some printf(1) implementations, such as
the one by GNU coreutils, are somewhat tolerant, stricter
implementations such as Busybox would (correctly) refuse this.
|
| |
|
|
|
| |
Otherwise, it would not be possible to replace user credentials if the
directory already exists.
|
| |
|
|
|
| |
For longer passwords, od(1) might introduce a newline character, causing
printf(1) to interpret its input string incorrectly.
|
| |
|
|
| |
No changes must be committed to the database if mkdir(1) fails.
|
| |
|
|
|
|
| |
Despite common use in several POSIX operating systems, mktemp(1) is not
defined by POSIX.1-2008, nor even POSIX.1-2017. As long as it is not
introduced, m4(1)'s mkstemp can be used with similar effect.
|
| |
|
|
|
|
| |
sha256sum(1) is a GNU utility that might not be available under some
POSIX systems. Since OpenSSL is already a dependency, it makes sense to
reuse it to generate SHA256 digests.
|
| |
|
|
|
| |
xxd(1) is closely related to vim(1), might not be available under
some POSIX systems.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Due to the lack of double quotes, passwords with whitespaces were not
passed correctly to printf(1), thus making users not able to log into
their account.
OTOH, for some reason usernames containing whitespaces made jq(1)
complain, so it has been decided not to support them.
|
| |
|
|
|
|
| |
So far, usergen printed a JSON object over standard output that had to
be manually copied into db.json. Now, this step is done automatically,
thanks to jq(1). OTOH, user directory is now also created by usergen.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This feature allows admins to set a specific quota for each user, in
MiB. This feature is particularly useful for shared instances, where
unlimited user storage might be unfeasible or even dangerous for the
server.
Also, a nice HTML5 <progress> element has been added to the site that
shows how much of the quota has been consumed.
If no quota is set, slcl falls back to the default behaviour i.e.,
assume unlimited storage.
Limitations:
- While HTTP does specify a Content-Length, which determines the length
of the whole request, it does not specify how many files are involved
or their individual sizes.
- Because of this, if multiple files are uploaded simultaneously, the
whole request would be dropped if user quota is exceeded, even if not
all files exceeded it.
- Also, Content-Length adds the length of some HTTP boilerplate
(e.g.: boundaries), but slcl must rely on this before accepting the
whole request. In other words, this means some requests might be
rejected by slcl because of the extra bytes caused by such boilerplate.
- When the quota is exceeded, slcl must close the connection so that
the rest of the transfer is cancelled. Unfortunately, this means no
HTML can be sent back to the customer to inform about the situation.
|
|
|
This script takes a username and password from standard input and
generates a JSON object that can be appended to the "users" object in
db.json.
|
