diff options
author | Jan Kneschke <jan@kneschke.de> | 2005-09-16 10:40:45 +0000 |
---|---|---|
committer | Jan Kneschke <jan@kneschke.de> | 2005-09-16 10:40:45 +0000 |
commit | be5f187d0ff76716befd069396e5f234293eb5af (patch) | |
tree | 0e74d43728973ac41b48379eb4cef9c32d826ad7 | |
parent | dce84f26e14868cde7d55548a4591faf1da38d9f (diff) | |
download | lighttpd-git-be5f187d0ff76716befd069396e5f234293eb5af.tar.gz |
added support for md5 and blowfish passwords (fixes #73)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@710 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | src/http_auth.c | 47 |
1 files changed, 42 insertions, 5 deletions
diff --git a/src/http_auth.c b/src/http_auth.c index a08f9083..c61bc6a0 100644 --- a/src/http_auth.c +++ b/src/http_auth.c @@ -442,22 +442,59 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p } } else if (p->conf.auth_backend == AUTH_BACKEND_HTPASSWD) { #ifdef HAVE_CRYPT - char salt[3]; + char salt[32]; char *crypted; + size_t salt_len = 0; /* * htpasswd format * * user:crypted password */ + + /* + * Algorithm Salt + * CRYPT_STD_DES 2-character (Default) + * CRYPT_EXT_DES 9-character + * CRYPT_MD5 12-character beginning with $1$ + * CRYPT_BLOWFISH 16-character beginning with $2$ + */ + + if (password->used < 13 + 1) { + fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); + return -1; + } + + if (password->used == 13 + 1) { + /* a simple DES password is 2 + 11 characters */ + salt_len = 2; + } else if (password->ptr[0] == '$' && password->ptr[2] == '$') { + char *dollar = NULL; + + if (NULL == (dollar = strchr(password->ptr + 3, '$'))) { + fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); + return -1; + } + + salt_len = dollar - password->ptr; + } + + if (salt_len - 1 > sizeof(salt)) { + fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); + return -1; + } + + strncpy(salt, password->ptr, salt_len); + + salt[salt_len] = '\0'; - salt[0] = password->ptr[0]; - salt[1] = password->ptr[1]; - salt[2] = '\0'; crypted = crypt(pw, salt); if (0 == strcmp(password->ptr, crypted)) { return 0; + } else { + fprintf(stderr, "%s.%d\n", __FILE__, __LINE__); } + #endif } else if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) { if (0 == strcmp(password->ptr, pw)) { @@ -647,7 +684,7 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, /* password doesn't match */ if (http_auth_basic_password_compare(srv, p, req, username, realm->value, password, pw)) { - log_error_write(srv, __FILE__, __LINE__, "sbb", "password doesn't match", con->uri.path, username); + log_error_write(srv, __FILE__, __LINE__, "sbb", "password doesn't match for", con->uri.path, username); buffer_free(username); buffer_free(password); |