Support argon2id password hash algo (#637)

* Support argon2id password hash algo * CI install argon2 deps * Go support argonid algo * RPC add pwd_hash_algo and pwd_hash_params * Support password hash algo * Don't set magic when pwd_hash is set * Fix ci error --------- Co-authored-by: 杨赫然 <heran.yang@seafile.com>
2025-09-10 03:39:01 +00:00 · 2024-05-22 18:49:57 +08:00
parent 9f5fcdfe4d
commit 96996b79e3
26 changed files with 611 additions and 76 deletions
--- a/server/virtual-repo.c
+++ b/server/virtual-repo.c
@@ -85,7 +85,17 @@ do_create_virtual_repo (SeafRepoManager *mgr,
        repo->enc_version = origin_repo->enc_version;
        if (repo->enc_version >= 3)
            memcpy (repo->salt, origin_repo->salt, 64);
-        seafile_generate_magic (repo->enc_version, repo_id, passwd, repo->salt, repo->magic);
+            if (origin_repo->pwd_hash_algo)
+                repo->pwd_hash_algo = g_strdup (origin_repo->pwd_hash_algo);
+            if (origin_repo->pwd_hash_params)
+                repo->pwd_hash_params = g_strdup (origin_repo->pwd_hash_params);
+            if (repo->pwd_hash_algo) {
+                seafile_generate_pwd_hash (repo_id, passwd, repo->salt,
+                                           repo->pwd_hash_algo, repo->pwd_hash_params, repo->pwd_hash);
+                memcpy (repo->magic, repo->pwd_hash, 32);
+            } else
+                seafile_generate_magic (repo->enc_version, repo_id, passwd, repo->salt,
+                                        repo->magic);
        if (repo->enc_version >= 2)
            memcpy (repo->random_key, origin_repo->random_key, 96);
    }
@@ -220,15 +230,29 @@ create_virtual_repo_common (SeafRepoManager *mgr,
            return NULL;
        }

-        if (seafile_verify_repo_passwd (origin_repo_id,
-                                        passwd,
-                                        origin_repo->magic,
-                                        origin_repo->enc_version,
-                                        origin_repo->salt) < 0) {
-            g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_GENERAL,
-                         "Incorrect password");
-            seaf_repo_unref (origin_repo);
-            return NULL;
+        if (origin_repo->pwd_hash_algo) {
+            if (seafile_pwd_hash_verify_repo_passwd (origin_repo_id,
+                                                     passwd,
+                                                     origin_repo->salt,
+                                                     origin_repo->pwd_hash,
+                                                     origin_repo->pwd_hash_algo,
+                                                     origin_repo->pwd_hash_params) < 0) {
+                g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_GENERAL,
+                             "Incorrect password");
+                seaf_repo_unref (origin_repo);
+                return NULL;
+            }
+        } else {
+            if (seafile_verify_repo_passwd (origin_repo_id,
+                                            passwd,
+                                            origin_repo->magic,
+                                            origin_repo->enc_version,
+                                            origin_repo->salt) < 0) {
+                g_set_error (error, SEAFILE_DOMAIN, SEAF_ERR_GENERAL,
+                             "Incorrect password");
+                seaf_repo_unref (origin_repo);
+                return NULL;
+            }
        }
    }