Rooba
/
perkeep
mirror of https://github.com/perkeep/perkeep.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge "perf: perform password auth before checking UID."

This commit is contained in:
Brad Fitzpatrick 2013-08-20 15:18:35 +00:00 committed by Gerrit Code Review
parent 3eb520617e a4d187f7ee
commit 3ec3588f06
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/auth/auth.go
View File

@ -203,10 +203,6 @@ type UserPass struct {
} }
func (up *UserPass) AllowedAccess(req *http.Request) Operation { func (up *UserPass) AllowedAccess(req *http.Request) Operation {
if up.OrLocalhost && localhostAuthorized(req) {
return OpAll
}
user, pass, err := basicAuth(req) user, pass, err := basicAuth(req)
if err != nil { if err != nil {
return 0 return 0
@ -219,6 +215,11 @@ func (up *UserPass) AllowedAccess(req *http.Request) Operation {
return OpVivify return OpVivify
} }
} }
if up.OrLocalhost && localhostAuthorized(req) {
return OpAll
}
return 0 return 0
} }
@ -256,12 +257,6 @@ type DevAuth struct {
} }
func (da *DevAuth) AllowedAccess(req *http.Request) Operation { func (da *DevAuth) AllowedAccess(req *http.Request) Operation {
// First see if the local TCP port is owned by the same
// non-root user as this server.
if localhostAuthorized(req) {
return OpAll
}
_, pass, err := basicAuth(req) _, pass, err := basicAuth(req)
if err != nil { if err != nil {
return 0 return 0
@ -272,6 +267,14 @@ func (da *DevAuth) AllowedAccess(req *http.Request) Operation {
if pass == da.VivifyPass { if pass == da.VivifyPass {
return OpVivify return OpVivify
} }
// See if the local TCP port is owned by the same non-root user as this
// server. This check performed last as it may require reading from the
// kernel or exec'ing a program.
if localhostAuthorized(req) {
return OpAll
}
return 0 return 0
} }