Stephen J Day
ffd3662982
Harden basic auth implementation
...
After consideration, the basic authentication implementation has been
simplified to only support bcrypt entries in an htpasswd file. This greatly
increases the security of the implementation by reducing the possibility of
timing attacks and other problems trying to detect the password hash type.
Also, the htpasswd file is only parsed at startup, ensuring that the file can
be edited and not effect ongoing requests. Newly added passwords take effect on
restart. Subsequently, password hash entries are now stored in a map.
Test cases have been modified accordingly.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-10 19:38:56 -07:00
Stephen J Day
427c457801
Refactor Basic Authentication package
...
This change refactors the basic authentication implementation to better follow
Go coding standards. Many types are no longer exported. The parser is now a
separate function from the authentication code. The standard functions
(*http.Request).BasicAuth/SetBasicAuth are now used where appropriate.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-10 19:06:38 -07:00
Stephen J Day
ffe56ebe41
Refactor Basic Authentication package
...
This change refactors the basic authentication implementation to better follow
Go coding standards. Many types are no longer exported. The parser is now a
separate function from the authentication code. The standard functions
(*http.Request).BasicAuth/SetBasicAuth are now used where appropriate.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
3504445680
Unexported function to comply with golint
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
abd142855a
Unexported function to comply with golint
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
fe9ca88946
Removed dashes from comments, unexported htpasswd struct
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
e4c3ab4377
Removed dashes from comments, unexported htpasswd struct
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
15bbde99c1
Fixed golint, gofmt warning advice.
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
d4f2260e04
Added dependency to golang.org/x/crypto/bcrypt
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
ff67393b2b
Added support for bcrypt, plaintext; extension points for other htpasswd hash methods.
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
04f6a4811d
Fixed golint, gofmt warning advice.
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
d2b7988b7f
Aligned formatting with gofmt
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
c50dfb7dae
Added support for bcrypt, plaintext; extension points for other htpasswd hash methods.
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
7733b6c892
Fixed WWW-Authenticate: header, added example config and import into main, fixed golint warnings
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
c4849bb99a
Aligned formatting with gofmt
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
0ecaa7f40a
Fixed WWW-Authenticate: header, added example config and import into main, fixed golint warnings
...
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
BadZen
60262521bd
Implementation of a basic authentication scheme using standard .htpasswd files
...
Signed-off-by: BadZen <dave.trombley@gmail.com>
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:37 -07:00
BadZen
8a204f59e7
Implementation of a basic authentication scheme using standard .htpasswd files
...
Signed-off-by: BadZen <dave.trombley@gmail.com>
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:37 -07:00
Olivier Gambier
7363323321
Merge pull request #612 from HuKeping/addtest-httpchecker
...
Test: add test for HTTPChecker
2015-06-10 17:08:55 -07:00
Jeff Nickoloff
bf305c1b91
Adding a volume for the default 'registry-dev' location.
...
Signed-off-by: Jeff Nickoloff <jeff@allingeek.com>
2015-06-10 10:25:41 -07:00
Antonio Mercado
b450b42c25
Removing Nginx Authorization header unset because it breaks with a user defined index endpoint
...
Signed-off-by: Antonio Mercado <amercado@thinknode.com>
2015-06-10 09:44:43 -04:00
Arnaud Porterie
aa8d3d2ca3
Merge pull request #13815 from tiborvass/do-not-send-basic-auth-on-302
...
Do not set auth headers for registry v1 if 302
2015-06-09 15:34:53 -07:00
Olivier Gambier
b230183b0f
Merge pull request #553 from dmp42/docs-rework
...
Docs rework
2015-06-09 14:48:39 -07:00
Hu Keping
5d5caa0e9a
Test: add test for HTTPChecker
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-06-10 01:39:34 +08:00
Matt Robenolt
b684b77a0c
Return valid json from StatusHandler
...
Signed-off-by: Matt Robenolt <matt@ydekproductions.com>
2015-06-08 23:31:03 -07:00
Alexander Morozov
84b7bd6dba
Merge pull request #13816 from xiekeyang/remove
...
Registry: remove unwanted return variable name
2015-06-08 20:38:30 -07:00
xiekeyang
5b3e2c7dda
Registry: remove unwanted return variable name
...
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-06-09 10:58:33 +08:00
Stephen Day
f63313de1f
Merge pull request #599 from stevvooe/clarify-deletion-by-digest-constraint
...
Clarify digest in API specification
2015-06-08 19:04:53 -07:00
Stephen Day
f654e9a96e
Merge pull request #599 from stevvooe/clarify-deletion-by-digest-constraint
...
Clarify digest in API specification
2015-06-08 19:04:53 -07:00
Stephen J Day
7e6b4e8c52
Add description of digests to API specification
...
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-08 19:04:13 -07:00
Tibor Vass
5a8f690426
Do not set auth headers if 302
...
This patch ensures no auth headers are set for v1 registries if there
was a 302 redirect.
This also ensures v2 does not use authTransport.
Signed-off-by: Tibor Vass <tibor@docker.com>
2015-06-08 19:59:39 -04:00
Olivier Gambier
25bd3fc777
Link to compose
...
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:06 -07:00
Olivier Gambier
b8d785c79e
Use bcrypt
...
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:06 -07:00
Olivier Gambier
81e8657d7b
Fix here doc conf generation
...
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:05 -07:00
Olivier Gambier
8c1784c838
Keeping in synch
...
- commenting out both the "JSON" and "token" specs, unless someone thinks they should be here
- added help, glossary, introduction and authentication documents
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:05 -07:00
Olivier Gambier
96d79eb30e
Adding authentication
...
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:05 -07:00
Olivier Gambier
74873aed14
Removing internal information
...
Removed content has been ported to the wiki
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:57:05 -07:00
Olivier Gambier
c1c638d01f
Minor keyword add
...
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:52 -07:00
Olivier Gambier
c405f3717a
Minor fixes
...
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:52 -07:00
Olivier Gambier
56ff32c683
Revising glossary
...
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:52 -07:00
Olivier Gambier
10ba376a99
Minor cleanup in the index
...
- adding glossary
- removing empty "advanced"
- commenting out building and architecture for now
- minor text enhancements
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
c3b3802503
Small fixes
...
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
b7b8e64f1d
Moved instructions up
...
Make it more obvious that environment variables is the way to go.
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
26d87ed1a5
No reason to detail here
...
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
431e829fa5
Simplified index
...
Simplified index again, to make access to information more obvious and more direct.
Added a TLDR for people in a hurry.
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
d9dfe54308
Separated "help"
...
Help page is separate now.
Removed the bulk of it from various pages.
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
4eb8d907b9
Separate introduction
...
Use cases, generalities, image naming overview.
Removed most of it from index, and some of it from other random pages.
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Olivier Gambier
2fb5c97a97
Deployment rewrote
...
Strong focus on simplification.
Entirely removed custom build instructions.
Providing sane, one-liner defaults.
Verified, easy-to-use TLS instructions.
Removed hybrid instructions.
Removed authentication with nginx instructions (either wait for native support, or move it to advanced topics).
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-08 15:55:51 -07:00
Stephen Day
89e0955d4c
Merge pull request #607 from vbatts/vbatts-v2_spec_blurb
...
spec/manifest: clarify the v2-s1 is provisional
2015-06-08 14:04:41 -07:00
Vincent Batts
0165b85861
spec/manifest: clarify the v2-s1 is provisional
...
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-06-08 16:48:48 -04:00