Snappy

Merge lp:~chipaca/snappy/auth into lp:~snappy-dev/snappy/snappy-moved-to-github

auth
Merge into snappy-moved-to-github

Proposed by John Lenton on 2015-10-07

Status:	Rejected
Rejected by:	John Lenton on 2015-10-11
Proposed branch:	lp:~chipaca/snappy/auth
Merge into:	lp:~snappy-dev/snappy/snappy-moved-to-github
Prerequisite:	lp:~chipaca/snappy/merged-list
Diff against target:	962 lines (+784/-41) 11 files modified daemon/api.go (+24/-17) daemon/basicauth_1.3.go (+54/-0) daemon/basicauth_1.4.go (+30/-0) daemon/crypt/bcrypt.go (+38/-0) daemon/crypt/crypt.go (+120/-0) daemon/crypt/crypt_test.go (+248/-0) daemon/crypt/scrypt.go (+78/-0) daemon/crypt/sha512crypt.go (+120/-0) daemon/daemon.go (+23/-1) daemon/daemon_test.go (+48/-23) daemon/response.go (+1/-0)
To merge this branch:	bzr merge lp:~chipaca/snappy/auth
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Tyler Hicks	2015-10-07	Needs Fixing on 2015-10-09
Sergio Schvezov	2015-10-07	Approve on 2015-10-09
Review via email: mp+273684@code.launchpad.net

This proposal supersedes a proposal from 2015-10-07.

Commit Message

Require authentication for non-guest methods.

Description of the Change

Only GET can be used by non-authenticated, and then only for commands flagged with GuestOK. This means that we need some way to bootsrap, which'll come in a followup branch. We also want to change the credentials via the same REST API, which is yet another followup.

I'll repeat it in bigger letters in case you missed it: THIS WILL LOCK YOU OUT OF THE REST API.

This'll probably be breaking integration tests; need to check with the guys.

Sergio Schvezov (sergiusens) wrote on 2015-10-09:

This code looks really neat and tidy, kudos!

I added a few irrelevant comments here and there (tl;rl; they are all irrelevant).

The only thing that I might consider trying is forcing garbage collection and getting rid of the 'password' from memory as soon as we have a hash, unless I missed that and is already taken care of.

John Lenton (chipaca) wrote on 2015-10-09:

re gc: probably not possible without major work, as the password will be clear(ish) in the http request headers.

If that's a concern, we should switch to digest auth.

Sergio Schvezov (sergiusens) on 2015-10-09:

review: Approve

lp:~chipaca/snappy/auth updated on 2015-10-09

752. By John Lenton on 2015-10-09: annotated 1.3's basicAuth with return variable names

Tyler Hicks (tyhicks) wrote on 2015-10-09:

I have a few inline comments and then some higher level questions below.

1) Why implement scrypt, bcrypt, and sha512crypt all right out of the gate? The design should definitely incorporate algorithm agility so that we can move from scrypt to something else down the road if scrypt is found to be flawed. However, I found it odd that we're bringing the complexity of scrypt plus two "lesser" algorithms in from the start.
- I've already reviewed the bcrypt implementation and it looks good
- I still need to review the scrypt implementation
- I'm ignoring sha512crypt until we've determined that it is needed.

2) This change creates a single username/password combo, which is different than the username/password combo for PAM logins, to be used for all sensitive requests made to snapd. How will that work in the future in a multi-user scenario? All users of the system will need to share the same snapd login information? Would it make sense for snapd to talk to PAM and authenticate these requests in that way?

Note that I haven't yet had a chance to review the tests.

Tyler Hicks (tyhicks) wrote on 2015-10-09:

The username handling doesn't look correct to me. AuthOK() calls crypt.Check([]byte(user + pass)) but crypt.Check() just treats the entire thing as the password.

review: Needs Fixing

Tyler Hicks (tyhicks) wrote on 2015-10-09:

Have you benchmarked scrypt on the BBB or Raspberry Pi 2? I'm curious if there are significant delays when checking the password. I think scrypt is generally the best choice from a security standpoint but it may take considerable time to authenticate these REST API calls.

John Lenton (chipaca) wrote on 2015-10-09:

Wrt colons in username, “a user-id containing a colon character is invalid”, says the rfc about basic auth. Also I don't really care, because

Wrt password vs user+pass, i concatenate user+password from basic auth to create the "password" that crypt needs. As there aren't users, this seemed ok (the alternative being to ask for a username and discard it).

The multiple choice of algorithms are precisely because I benchmarked them on the bbb. sha512crypt is the only one that gives sub-second performance; scrypt takes about 30 seconds.

John Lenton (chipaca) wrote on 2015-10-09:

http://pastebin.ubuntu.com/12697607/
Note it says N but it's actually log2(N). That is, 14 means an N of 16k.

That run was stapping at over 5s; I did a run with N of 1<<14 to check, and it was 23 seconds. Not 30, sorry -- even on that i7 14 is rather slow for a REST API (and on my slightly older laptop i7 it's about 2× that).

Tyler Hicks (tyhicks) wrote on 2015-10-09:

> The multiple choice of algorithms are precisely because I benchmarked them on
> the bbb. sha512crypt is the only one that gives sub-second performance; scrypt
> takes about 30 seconds.

Then is scrypt even an option? This MP has 'var DefaultAlg = SCRYPT' and crypt.Write() unconditionally uses SCRYPT.

John Lenton (chipaca) wrote on 2015-10-09:

>
> Then is scrypt even an option? This MP has 'var DefaultAlg = SCRYPT' and
> crypt.Write() unconditionally uses SCRYPT.

in a later branch I intend to let an oem snap override the default (so on arm you'd tweak it), and it's an scrypt with N=1<<10 so it's ok on even not-so-zippy intels.

Tyler Hicks (tyhicks) wrote on 2015-10-09:

> Wrt colons in username, “a user-id containing a colon character is invalid”,
> says the rfc about basic auth. Also I don't really care, because
>
> Wrt password vs user+pass, i concatenate user+password from basic auth to
> create the "password" that crypt needs. As there aren't users, this seemed ok
> (the alternative being to ask for a username and discard it).

Ok, so that again locks us into a single username and password combo for authenticating to snapd. Maybe that's fine but it would be good for one of the Snappy architects to comment here regarding whether or not multi-user support will be important in the near to medium term for snapd and Snappy, in general.

Tyler Hicks (tyhicks) wrote on 2015-10-09:

Can you add a comment to the code where the socket is created to make it clear that if this API is ever exposed over the network, HTTPS *must* used?

review: Needs Fixing

Tyler Hicks (tyhicks) wrote on 2015-10-09:

I need to start my weekend but I still need to finish looking at the scrypt implementation and research the N, R, and P values chosen. In the meantime, can you reach out to the architect team and get them to comment on how important multi-user support is?

Sergio Schvezov (sergiusens) wrote on 2015-10-09:

Maybe something closer to this https://github.com/lxc/lxd/blob/master/specs/lxd-ssl-authentication.md

John Lenton (chipaca) wrote on 2015-10-11:

We're doing the other thing, switching to named unix sockets. Thank you and sorry to waste your time, Tyler.

Tyler Hicks (tyhicks) wrote on 2015-10-13:

It wasn't a waste of time, at all! I'm glad we got the right design in place for local auth and this will allow me to start thinking about what will be needed for remote auth down the line. Thanks again, John!

Unmerged revisions

752. By John Lenton on 2015-10-09: annotated 1.3's basicAuth with return variable names
751. By John Lenton on 2015-10-09: fix for 1.3 not having basicAuth methods on http.Request. Also caught a nasty bug wrt null-termination
750. By John Lenton on 2015-10-09: restrict REST API calls w/auth
749. By John Lenton on 2015-10-08: Merged merged-list into auth.
748. By John Lenton on 2015-10-08: Merged merged-list into auth.
747. By John Lenton on 2015-10-08: Merged merged-list into auth.
746. By John Lenton on 2015-10-07: Merged merged-list into auth.
745. By John Lenton on 2015-10-07: first pass at auth

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Alan Meekins

Huang Jin

John Lenton

Snappy Developers

Yung Shen

 === modified file 'daemon/api.go'
 --- daemon/api.go	2015-10-08 12:50:11 +0000
 +++ daemon/api.go	2015-10-09 13:33:12 +0000
@@ -57,35 +57,41 @@
  var (
  	rootCmd = &Command{
--		Path: "/",
--		GET:  SyncResponse([]string{"/1.0"}).Self,
++		GuestOK: true,
++		Path:    "/",
++		GET:     SyncResponse([]string{"/1.0"}).Self,
+ 	}
  	v1Cmd = &Command{
--		Path: "/1.0",
--		GET:  v1Get,
++		GuestOK: true,
++		Path:    "/1.0",
++		GET:     v1Get,
+ 	}
  	metaIconCmd = &Command{
--		Path: "/1.0/icons/{icon}",
--		GET:  metaIconGet,
++		GuestOK: true,
++		Path:    "/1.0/icons/{icon}",
++		GET:     metaIconGet,
+ 	}
  	appIconCmd = &Command{
--		Path: "/1.0/icons/{name}.{origin}/icon",
--		GET:  appIconGet,
++		GuestOK: true,
++		Path:    "/1.0/icons/{name}.{origin}/icon",
++		GET:     appIconGet,
+ 	}
  	packagesCmd = &Command{
--		Path: "/1.0/packages",
--		GET:  getPackagesInfo,
--		POST: sideloadPackage,
++		GuestOK: true,
++		Path:    "/1.0/packages",
++		GET:     getPackagesInfo,
++		POST:    sideloadPackage,
+ 	}
  	packageCmd = &Command{
--		Path: "/1.0/packages/{name}.{origin}",
--		GET:  getPackageInfo,
--		POST: postPackage,
++		GuestOK: true,
++		Path:    "/1.0/packages/{name}.{origin}",
++		GET:     getPackageInfo,
++		POST:    postPackage,
+ 	}
  	packageConfigCmd = &Command{
@@ -95,9 +101,10 @@
+ 	}
  	packageSvcsCmd = &Command{
--		Path: "/1.0/packages/{name}.{origin}/services",
--		GET:  packageService,
--		PUT:  packageService,
++		GuestOK: true,
++		Path:    "/1.0/packages/{name}.{origin}/services",
++		GET:     packageService,
++		PUT:     packageService,
+ 	}
  	packageSvcCmd = &Command{
 === added file 'daemon/basicauth_1.3.go'
 --- daemon/basicauth_1.3.go	1970-01-01 00:00:00 +0000
 +++ daemon/basicauth_1.3.go	2015-10-09 13:33:12 +0000
@@ -0,0 +1,54 @@
++// -*- Mode: Go; indent-tabs-mode: t -*-
++// +build !go1.4
++
++/*
++ * Copyright (C) 2014-2015 Canonical Ltd
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
++
++package daemon
++
++import (
++	"bytes"
++	"encoding/base64"
++	"net/http"
++	"strings"
++)
++
++const authScheme = "Basic " // extra space because cheating
++
++func basicAuth(req *http.Request) (username string, password string, ok bool) {
++	auth := req.Header.Get("Authorization")
++	if !strings.HasPrefix(auth, authScheme) {
++		return "", "", false
++	}
++
++	up, err := base64.StdEncoding.DecodeString(auth[len(authScheme):])
++	if err != nil {
++		return "", "", false
++	}
++
++	idx := bytes.IndexByte(up, ':')
++	if idx < 0 {
++		return "", "", false
++	}
++
++	return string(up[:idx]), string(up[idx+1:]), true
++}
++
++func setBasicAuth(req *http.Request, username, password string) {
++	up := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
++	req.Header.Set("Authorization", authScheme+up)
++}
 === added file 'daemon/basicauth_1.4.go'
 --- daemon/basicauth_1.4.go	1970-01-01 00:00:00 +0000
 +++ daemon/basicauth_1.4.go	2015-10-09 13:33:12 +0000
@@ -0,0 +1,30 @@
++// -*- Mode: Go; indent-tabs-mode: t -*-
++// +build go1.4
++
++/*
++ * Copyright (C) 2014-2015 Canonical Ltd
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
++
++package daemon
++
++import (
++	"net/http"
++)
++
++var (
++	basicAuth    = (*http.Request).BasicAuth
++	setBasicAuth = (*http.Request).SetBasicAuth
++)
 === added directory 'daemon/crypt'
 === added file 'daemon/crypt/bcrypt.go'
 --- daemon/crypt/bcrypt.go	1970-01-01 00:00:00 +0000
 +++ daemon/crypt/bcrypt.go	2015-10-09 13:33:12 +0000
@@ -0,0 +1,38 @@
++// -*- Mode: Go; indent-tabs-mode: t -*-
++
++/*
++ * Copyright (C) 2014-2015 Canonical Ltd
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
++
++package crypt
++
++import (
++	"golang.org/x/crypto/bcrypt"
++)
++
++var bcryptAlg = cryptAlg{
++	gen: func(password []byte) ([]byte, error) {
++		hash, err := bcrypt.GenerateFromPassword(password, -1)
++		if err != nil {
++			return nil, err
++		}
++
++		return hash, nil
++	},
++	cmp: func(hashedPassword, password []byte) error {
++		return bcrypt.CompareHashAndPassword(hashedPassword, password)
++	},
++}
 === added file 'daemon/crypt/crypt.go'
 --- daemon/crypt/crypt.go	1970-01-01 00:00:00 +0000
 +++ daemon/crypt/crypt.go	2015-10-09 13:33:12 +0000
@@ -0,0 +1,120 @@
++// -*- Mode: Go; indent-tabs-mode: t -*-
++
++/*
++ * Copyright (C) 2014-2015 Canonical Ltd
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
++
++package crypt
++
++import (
++	"bytes"
++	"errors"
++	"io"
++	"os"
++	"path/filepath"
++
++	"launchpad.net/snappy/dirs"
++	"launchpad.net/snappy/helpers"
++)
++
++type cryptAlg struct {
++	gen func(password []byte) ([]byte, error)
++	cmp func(hashed, password []byte) error
++}
++
++// the known crypt algorithms
++//
++// xxx is algorithm the right name even
++const (
++	SHA512 = "sha512"
++	SCRYPT = "scrypt"
++	BCRYPT = "bcrypt"
++)
++
++// the default algorithm
++var DefaultAlg = SCRYPT
++
++var cryptAlgs = map[string]cryptAlg{
++	SCRYPT: scryptAlg,
++	BCRYPT: bcryptAlg,
++	SHA512: sha512cryptAlg,
++}
++
++var (
++	// ErrBadCreds is a generic "bad password" error
++	ErrBadCreds = errors.New("bad credentials")
++)
++
++const (
++	maxSecretLen = 1024 // upper bound of the length of a secret
++	maxPrefixLen = 8    // upper bound of the prefix length (e.g. "scrypt:")
++
++	minpwlen = 8
++)
++
++func pwFile() string {
++	return filepath.Join(dirs.GlobalRootDir, dirs.SnappyDir, ".snapd_creds")
++}
++
++// Write the given password out to the file, crypting it first
++func Write(password []byte) error {
++	// TODO: cracklib
++	if len(password) < minpwlen {
++		return ErrBadCreds
++	}
++
++	hash, err := cryptAlgs[DefaultAlg].gen(password)
++	if err != nil {
++		return err
++	}
++
++	buf := append([]byte(DefaultAlg+":"), hash...)
++	if err := helpers.AtomicWriteFile(pwFile(), buf, 0600); err != nil {
++		return err
++	}
++
++	return nil
++}
++
++// Check whether this password and the one on file match.
++func Check(password []byte) bool {
++	f, err := os.Open(pwFile())
++	if err != nil {
++		return false
++	}
++
++	buf := make([]byte, maxPrefixLen+maxSecretLen)
++	n, err := f.ReadAt(buf, 0)
++	if err != io.EOF {
++		return false
++	}
++
++	if n < maxPrefixLen {
++		return false
++	}
++
++	idx := bytes.IndexByte(buf[:maxPrefixLen], ':')
++	if idx < 1 {
++		return false
++	}
++
++	alg, ok := cryptAlgs[string(buf[:idx])]
++	if !ok {
++		return false
++	}
++
++	return alg.cmp(buf[idx+1:n], password) == nil
++}
 === added file 'daemon/crypt/crypt_test.go'
 --- daemon/crypt/crypt_test.go	1970-01-01 00:00:00 +0000
 +++ daemon/crypt/crypt_test.go	2015-10-09 13:33:12 +0000
@@ -0,0 +1,248 @@
++// -*- Mode: Go; indent-tabs-mode: t -*-
++
++/*
++ * Copyright (C) 2014-2015 Canonical Ltd
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
++
++package crypt
++
++import (
++	"bytes"
++	"crypto/rand"
++	"errors"
++	"io"
++	"os"
++	"path/filepath"
++	"testing"
++
++	"gopkg.in/check.v1"
++
++	"launchpad.net/snappy/dirs"
++)
++
++// Hook up check.v1 into the "go test" runner
++func Test(t *testing.T) { check.TestingT(t) }
++
++type cryptSuite struct {
++	d         string
++	oldReader io.Reader
++	oldN      int
++	oldR      int
++	oldP      int
++}
++
++var _ = check.Suite(&cryptSuite{})
++
++var errBadStuff = errors.New("fail")
++
++type totallyRandom struct {
++	err error
++}
++
++func (t *totallyRandom) Read(p []byte) (int, error) {
++	if t.err != nil {
++		return 0, t.err
++	}
++	if len(p) < 1 {
++		return 0, nil
++	}
++	p[0] = 9 // http://dilbert.com/strip/2001-10-25  -- wait, 2001? Ow.
++	return 1, nil
++}
++
++func (s *cryptSuite) SetUpTest(c *check.C) {
++	s.d = c.MkDir()
++	dirs.SetRootDir(s.d)
++	c.Check(os.MkdirAll(filepath.Join(dirs.GlobalRootDir, dirs.SnappyDir), 0755), check.IsNil)
++
++	s.oldN = scryptN
++	s.oldR = scryptR
++	s.oldP = scryptP
++	s.oldReader = rand.Reader
++	rand.Reader = &totallyRandom{}
++	scryptN = 2
++	scryptR = 1
++	scryptP = 1
++}
++
++func (s *cryptSuite) TearDownTest(c *check.C) {
++	rand.Reader = s.oldReader
++	scryptN = s.oldN
++	scryptR = s.oldR
++	scryptP = s.oldP
++}
++
++func (s *cryptSuite) TestCryptAlgs(c *check.C) {
++
++	password := []byte("password")
++	// know any interesting password to try? call 0800-CHIPACA
++	for k, v := range cryptAlgs {
++		hash, err := v.gen(password)
++		c.Assert(err, check.IsNil, check.Commentf(k))
++		c.Assert(hash, check.NotNil, check.Commentf(k))
++
++		c.Check(v.cmp(hash, password), check.IsNil, check.Commentf(k))
++		c.Check(v.cmp(hash, []byte("what")), check.NotNil, check.Commentf(k))
++	}
++}
++
++func (s *cryptSuite) TestCryptAlgsFailure(c *check.C) {
++	defer func() {
++		rand.Reader.(*totallyRandom).err = nil
++	}()
++
++	password := []byte("password")
++	for k, v := range cryptAlgs {
++		rand.Reader.(*totallyRandom).err = nil
++
++		goodHash, err := v.gen(password)
++		c.Check(err, check.IsNil, check.Commentf(k))
++		c.Check(goodHash, check.NotNil, check.Commentf(k))
++		c.Check(v.cmp(goodHash, password), check.IsNil, check.Commentf(k))
++
++		rand.Reader.(*totallyRandom).err = errBadStuff
++
++		hash, err := v.gen(password)
++		c.Check(err, check.NotNil, check.Commentf(k))
++		c.Check(hash, check.IsNil, check.Commentf(k))
++	}
++}
++
++func (s *cryptSuite) TestScryptFailures(c *check.C) {
++	pass := []byte("password")
++	c.Check(scryptAlg.cmp([]byte("w"), pass), check.ErrorMatches, "illegal ascii85 data .*")
++
++	hash, err := scryptAlg.gen(pass)
++	c.Assert(err, check.IsNil)
++	c.Check(scryptAlg.cmp(hash, pass), check.IsNil)
++
++	scryptN = 3
++	defer func() {
++		scryptN = 2
++	}()
++
++	c.Check(scryptAlg.cmp(hash, pass), check.ErrorMatches, "scrypt: N .*")
++	_, err = scryptAlg.gen(pass)
++	c.Check(err, check.ErrorMatches, "scrypt: N .*")
++}
++
++func (s *cryptSuite) TestSHA512CryptFailrues(c *check.C) {
++	c.Check(sha512cryptAlg.cmp([]byte("$$$$$$$$$$"), []byte("x")), check.ErrorMatches, "invalid argument")
++}
++
++func (s *cryptSuite) TestRoundtrip(c *check.C) {
++	c.Check(Write([]byte("password")), check.IsNil)
++	c.Check(Check([]byte("password")), check.Equals, true)
++	c.Check(Check([]byte("fishfish")), check.Equals, false)
++}
++
++func (s *cryptSuite) TestRoundtripChangedDefaults(c *check.C) {
++	DefaultAlg = "bcrypt"
++	c.Check(Write([]byte("password")), check.IsNil)
++	DefaultAlg = "scrypt"
++	c.Check(Check([]byte("password")), check.Equals, true)
++	c.Check(Check([]byte("fishfish")), check.Equals, false)
++}
++
++var failAlg = cryptAlg{
++	gen: func(password []byte) ([]byte, error) {
++		return nil, errBadStuff
++	},
++	cmp: func([]byte, []byte) error {
++		return errBadStuff
++	},
++}
++
++func (s *cryptSuite) TestCryptFailures(c *check.C) {
++	alg := cryptAlgs[DefaultAlg]
++	defer func() { cryptAlgs[DefaultAlg] = alg }()
++	pass := []byte("password")
++	dirs.SetRootDir("/does/not/exist")
++
++	// first, try to read it without having written it first:
++	c.Check(Check(pass), check.Equals, false)
++
++	// next, write it
++	c.Check(Write(pass), check.ErrorMatches, ".*no such file or directory.*")
++	// oops, my bad
++	dirs.SetRootDir(s.d)
++	// *now* write it
++	c.Check(Write(pass[:3]), check.ErrorMatches, ".*bad credentials.*")
++	// jk, jk
++	c.Check(Write(pass), check.IsNil)
++	// pass, oh joy, etc
++	c.Check(Check(pass), check.Equals, true)
++	// write it again
++	c.Check(Write(pass), check.IsNil)
++	// yep, still passes
++	c.Check(Check(pass), check.Equals, true)
++
++	// now the algorithm starts to fail. darned algorithms, they
++	// don't make 'em like they used.
++	cryptAlgs[DefaultAlg] = failAlg
++
++	c.Check(Write(pass), check.NotNil)
++	c.Check(Check(pass), check.Equals, false)
++
++	// back to normal
++	cryptAlgs[DefaultAlg] = alg
++	c.Check(Check(pass), check.Equals, true)
++
++	f, err := os.OpenFile(pwFile(), os.O_WRONLY, 0)
++	c.Check(err, check.IsNil)
++
++	// but what's this? filesystem corruption!
++	_, err = f.WriteAt([]byte{0}, 0)
++	c.Check(err, check.IsNil)
++	c.Check(Check(pass), check.Equals, false)
++
++	// mental
++	_, err = f.WriteAt(bytes.Repeat([]byte{'x'}, maxPrefixLen*2), 0)
++	c.Check(err, check.IsNil)
++	c.Check(Check(pass), check.Equals, false)
++
++	// all better
++	c.Check(Write(pass), check.IsNil)
++	c.Check(Check(pass), check.Equals, true)
++
++	// stahp!
++	os.Truncate(pwFile(), maxPrefixLen-1)
++	c.Check(Check(pass), check.Equals, false)
++
++	// no, really!
++	os.Truncate(pwFile(), 0)
++	c.Check(Check(pass), check.Equals, false)
++
++	// ok, enough
++	c.Check(os.Remove(pwFile()), check.IsNil)
++	c.Check(os.Mkdir(pwFile(), 0755), check.IsNil)
++	c.Check(Check(pass), check.Equals, false)
++	c.Check(os.Remove(pwFile()), check.IsNil)
++	c.Check(os.Symlink("does-not-exist", pwFile()), check.IsNil)
++	c.Check(Check(pass), check.Equals, false)
++}
++
++func (s *cryptSuite) TestCryptNil(c *check.C) {
++	alg := DefaultAlg
++	defer func() { DefaultAlg = alg }()
++
++	for k := range cryptAlgs {
++		DefaultAlg = k
++
++		c.Check(Write(nil), check.NotNil, check.Commentf(k))
++		c.Check(Check(nil), check.NotNil, check.Commentf(k))
++	}
++}
 === added file 'daemon/crypt/scrypt.go'
 --- daemon/crypt/scrypt.go	1970-01-01 00:00:00 +0000
 +++ daemon/crypt/scrypt.go	2015-10-09 13:33:12 +0000
@@ -0,0 +1,78 @@
++// -*- Mode: Go; indent-tabs-mode: t -*-
++
++/*
++ * Copyright (C) 2014-2015 Canonical Ltd
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
++
++package crypt
++
++import (
++	"bytes"
++	"crypto/rand"
++	"encoding/ascii85"
++	"io"
++
++	"golang.org/x/crypto/scrypt"
++)
++
++const (
++	scryptSaltLen = 32
++	scryptHashLen = 64
++)
++
++var (
++	scryptN = 1 << 10
++	scryptR = 8
++	scryptP = 16
++)
++
++var scryptAlg = cryptAlg{
++	cmp: func(hashedPassword, password []byte) error {
++		saltedHash := make([]byte, scryptSaltLen+scryptHashLen)
++		_, _, err := ascii85.Decode(saltedHash, hashedPassword, true)
++		if err != nil {
++			return err
++		}
++
++		salt := saltedHash[:scryptSaltLen]
++		hash, err := scrypt.Key([]byte(password), salt, scryptN, scryptR, scryptP, scryptHashLen)
++		if err != nil {
++			return err
++		}
++
++		if !bytes.Equal(hash, saltedHash[scryptSaltLen:]) {
++			return ErrBadCreds
++		}
++
++		return nil
++	},
++	gen: func(password []byte) ([]byte, error) {
++		salt := make([]byte, scryptSaltLen)
++		if _, err := io.ReadFull(rand.Reader, salt); err != nil {
++			return nil, err
++		}
++
++		hash, err := scrypt.Key([]byte(password), salt, scryptN, scryptR, scryptP, scryptHashLen)
++		if err != nil {
++			return nil, err
++		}
++
++		coded := make([]byte, ascii85.MaxEncodedLen(scryptSaltLen+scryptHashLen))
++		n := ascii85.Encode(coded, append(salt, hash...))
++
++		return coded[:n], nil
++	},
++}
 === added file 'daemon/crypt/sha512crypt.go'
 --- daemon/crypt/sha512crypt.go	1970-01-01 00:00:00 +0000
 +++ daemon/crypt/sha512crypt.go	2015-10-09 13:33:12 +0000
@@ -0,0 +1,120 @@
++// -*- Mode: Go; indent-tabs-mode: t -*-
++
++/*
++ * Copyright (C) 2014-2015 Canonical Ltd
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 3 as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
++
++package crypt
++
++/*
++#cgo CFLAGS: -D_GNU_SOURCE -O3 -Wextra -Werror -pedantic
++#cgo LDFLAGS: -lcrypt
++#include <crypt.h>
++#include <string.h>
++*/
++import "C"
++
++import (
++	"bytes"
++	"crypto/rand"
++	"encoding/binary"
++	"unsafe"
++)
++
++const (
++	sha512saltLetters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"
++	sha512saltNChars  = 16
++)
++
++func mksalt() ([]byte, error) {
++	raw := make([]uint32, 3)
++	if err := binary.Read(rand.Reader, binary.LittleEndian, &raw); err != nil {
++		return nil, err
++	}
++
++	full := make([]byte, sha512saltNChars+4)
++	full[0] = byte('$')
++	full[1] = byte('6')
++	full[2] = byte('$')
++	full[3+sha512saltNChars] = byte('$')
++	salt := full[3 : 3+sha512saltNChars]
++
++	m := uint32(0)
++	for i, n := range raw {
++		for j := 1; j < 6; j++ {
++			salt[i*5+j] = sha512saltLetters[n&63]
++			n >>= 6
++		}
++		m += n << (2 * uint(i))
++	}
++	salt[0] = sha512saltLetters[m]
++
++	return full, nil
++}
++
++func crypt(password, saltOrHashedPassword []byte, checkOnly bool) ([]byte, error) {
++	s := C.struct_crypt_data{}
++	s.initialized = 0
++
++	if password[len(password)-1] != 0 {
++		password = append(password, 0)
++	}
++	if saltOrHashedPassword[len(saltOrHashedPassword)-1] != 0 {
++		saltOrHashedPassword = append(saltOrHashedPassword, 0)
++	}
++
++	p, err := C.crypt_r(
++		(*C.char)(unsafe.Pointer(&password[0])),
++		(*C.char)(unsafe.Pointer(&saltOrHashedPassword[0])),
++		&s,
++	)
++	if err != nil {
++		return nil, err
++	}
++
++	n := C.strnlen(p, maxSecretLen)
++	if n == maxSecretLen {
++		// just in case
++		return nil, ErrBadCreds
++	}
++
++	buf := (*[maxSecretLen]byte)(unsafe.Pointer(p))[:n+1] // null-terminated
++
++	if checkOnly {
++		if bytes.Equal(buf, saltOrHashedPassword) {
++			return nil, nil
++		}
++		return nil, ErrBadCreds
++	}
++
++	return append([]byte(nil), buf...), nil
++}
++
++var sha512cryptAlg = cryptAlg{
++	gen: func(password []byte) ([]byte, error) {
++		salt, err := mksalt()
++		if err != nil {
++			return nil, err
++		}
++
++		return crypt(password, salt, false)
++	},
++	cmp: func(hashedPassword, password []byte) error {
++		_, err := crypt(password, hashedPassword, true)
++
++		return err
++	},
++}
 === modified file 'daemon/daemon.go'
 --- daemon/daemon.go	2015-10-05 23:10:59 +0000
 +++ daemon/daemon.go	2015-10-09 13:33:12 +0000
@@ -30,6 +30,7 @@
  	"github.com/gorilla/mux"
  	"gopkg.in/tomb.v2"
++	"launchpad.net/snappy/daemon/crypt"
  	"launchpad.net/snappy/logger"
+ )
@@ -47,7 +48,9 @@
  // A Command routes a request to an individual per-verb ResponseFUnc
  type Command struct {
--	Path string
++	// GuestOK: whether GET requests can proceed without auth
++	GuestOK bool
++	Path    string
  	//
  	GET    ResponseFunc
  	PUT    ResponseFunc
@@ -57,7 +60,26 @@
  	d *Daemon
+ }
++// AuthOK checks whether the request has enough authorization for the command
++func (c *Command) AuthOK(r *http.Request) bool {
++	if c.GuestOK && r.Method == "GET" {
++		return true
++	}
++
++	user, pass, ok := basicAuth(r)
++	if !ok {
++		return false
++	}
++
++	return crypt.Check([]byte(user + pass))
++}
++
  func (c *Command) ServeHTTP(w http.ResponseWriter, r *http.Request) {
++	if !c.AuthOK(r) {
++		Unauthorized.ServeHTTP(w, r)
++		return
++	}
++
  	var rspf ResponseFunc
  	var rsp Response = BadMethod
 === modified file 'daemon/daemon_test.go'
 --- daemon/daemon_test.go	2015-10-05 23:10:59 +0000
 +++ daemon/daemon_test.go	2015-10-09 13:33:12 +0000
@@ -23,52 +23,77 @@
  	"fmt"
  	"net/http"
  	"net/http/httptest"
++	"os"
++	"path/filepath"
  	"github.com/gorilla/mux"
  	"gopkg.in/check.v1"
++
++	"launchpad.net/snappy/daemon/crypt"
++	"launchpad.net/snappy/dirs"
+ )
  type daemonSuite struct{}
  var _ = check.Suite(&daemonSuite{})
--type mockHandler struct {
--	cmd        *Command
--	lastMethod string
--}
--
--func (mck *mockHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
--	mck.lastMethod = r.Method
--}
--func (mck *mockHandler) Self(*Command, *http.Request) Response {
--	return mck
--}
--
--func mkRF(c *check.C, cmd *Command, mck *mockHandler) ResponseFunc {
++type nullHandler struct{}
++
++func (nu *nullHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
++}
++func (nu *nullHandler) Self(*Command, *http.Request) Response {
++	return nu
++}
++
++func mkRF(c *check.C, cmd *Command, method string) ResponseFunc {
  	return func(innerCmd *Command, req *http.Request) Response {
  		c.Assert(cmd, check.Equals, innerCmd)
--		return mck
++		c.Assert(method, check.Equals, req.Method)
++		return &nullHandler{}
+ 	}
+ }
  func (s *daemonSuite) TestCommandMethodDispatch(c *check.C) {
++	dirs.SetRootDir(c.MkDir())
++	c.Check(os.MkdirAll(filepath.Join(dirs.GlobalRootDir, dirs.SnappyDir), 0755), check.IsNil)
++
  	cmd := &Command{}
--	mck := &mockHandler{cmd: cmd}
--	rf := mkRF(c, cmd, mck)
--	cmd.GET = rf
--	cmd.PUT = rf
--	cmd.POST = rf
--	cmd.DELETE = rf
++	cmd.GET = mkRF(c, cmd, "GET")
++	cmd.PUT = mkRF(c, cmd, "PUT")
++	cmd.POST = mkRF(c, cmd, "POST")
++	cmd.DELETE = mkRF(c, cmd, "DELETE")
++
++	crypt.DefaultAlg = crypt.SHA512
++	c.Check(crypt.Write([]byte("password")), check.IsNil)
  	for _, method := range []string{"GET", "POST", "PUT", "DELETE"} {
  		req, err := http.NewRequest(method, "", nil)
--		c.Assert(err, check.IsNil)
--		cmd.ServeHTTP(nil, req)
--		c.Check(mck.lastMethod, check.Equals, method)
++		c.Assert(err, check.IsNil, check.Commentf(method))
++
++		cmd.GuestOK = false
++		rec := httptest.NewRecorder()
++		cmd.ServeHTTP(rec, req)
++		c.Check(rec.Code, check.Equals, http.StatusUnauthorized, check.Commentf(method))
++
++		cmd.GuestOK = true
++		rec = httptest.NewRecorder()
++		cmd.ServeHTTP(rec, req)
++		if method == "GET" {
++			c.Check(rec.Code, check.Equals, http.StatusOK, check.Commentf(method))
++		} else {
++			c.Check(rec.Code, check.Equals, http.StatusUnauthorized, check.Commentf(method))
++		}
++		cmd.GuestOK = false
++
++		rec = httptest.NewRecorder()
++		setBasicAuth(req, "pass", "word")
++		cmd.ServeHTTP(rec, req)
++		c.Check(rec.Code, check.Equals, http.StatusOK, check.Commentf(method))
+ 	}
  	req, err := http.NewRequest("POTATO", "", nil)
  	c.Assert(err, check.IsNil)
++	setBasicAuth(req, "pass", "word")
  	rec := httptest.NewRecorder()
  	cmd.ServeHTTP(rec, req)
  	c.Check(rec.Code, check.Equals, http.StatusMethodNotAllowed)
 === modified file 'daemon/response.go'
 --- daemon/response.go	2015-10-08 12:52:40 +0000
 +++ daemon/response.go	2015-10-09 13:33:12 +0000
@@ -177,4 +177,5 @@
  	BadMethod      = ErrorResponse(http.StatusMethodNotAllowed)
  	InternalError  = ErrorResponse(http.StatusInternalServerError)
  	NotImplemented = ErrorResponse(http.StatusNotImplemented)
++	Unauthorized   = ErrorResponse(http.StatusUnauthorized)
+ )