added support for md5 and blowfish passwords (fixes #73)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@710 152afb58-edef-0310-8abb-c4023f1b3aa9svn/tags/lighttpd-1.4.6
parent
dce84f26e1
commit
be5f187d0f
|
@ -442,22 +442,59 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
|
|||
}
|
||||
} else if (p->conf.auth_backend == AUTH_BACKEND_HTPASSWD) {
|
||||
#ifdef HAVE_CRYPT
|
||||
char salt[3];
|
||||
char salt[32];
|
||||
char *crypted;
|
||||
size_t salt_len = 0;
|
||||
/*
|
||||
* htpasswd format
|
||||
*
|
||||
* user:crypted password
|
||||
*/
|
||||
|
||||
/*
|
||||
* Algorithm Salt
|
||||
* CRYPT_STD_DES 2-character (Default)
|
||||
* CRYPT_EXT_DES 9-character
|
||||
* CRYPT_MD5 12-character beginning with $1$
|
||||
* CRYPT_BLOWFISH 16-character beginning with $2$
|
||||
*/
|
||||
|
||||
if (password->used < 13 + 1) {
|
||||
fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (password->used == 13 + 1) {
|
||||
/* a simple DES password is 2 + 11 characters */
|
||||
salt_len = 2;
|
||||
} else if (password->ptr[0] == '$' && password->ptr[2] == '$') {
|
||||
char *dollar = NULL;
|
||||
|
||||
if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
|
||||
fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
|
||||
return -1;
|
||||
}
|
||||
|
||||
salt_len = dollar - password->ptr;
|
||||
}
|
||||
|
||||
if (salt_len - 1 > sizeof(salt)) {
|
||||
fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
|
||||
return -1;
|
||||
}
|
||||
|
||||
strncpy(salt, password->ptr, salt_len);
|
||||
|
||||
salt[salt_len] = '\0';
|
||||
|
||||
salt[0] = password->ptr[0];
|
||||
salt[1] = password->ptr[1];
|
||||
salt[2] = '\0';
|
||||
crypted = crypt(pw, salt);
|
||||
|
||||
if (0 == strcmp(password->ptr, crypted)) {
|
||||
return 0;
|
||||
} else {
|
||||
fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
|
||||
}
|
||||
|
||||
#endif
|
||||
} else if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) {
|
||||
if (0 == strcmp(password->ptr, pw)) {
|
||||
|
@ -647,7 +684,7 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p,
|
|||
|
||||
/* password doesn't match */
|
||||
if (http_auth_basic_password_compare(srv, p, req, username, realm->value, password, pw)) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "sbb", "password doesn't match", con->uri.path, username);
|
||||
log_error_write(srv, __FILE__, __LINE__, "sbb", "password doesn't match for", con->uri.path, username);
|
||||
|
||||
buffer_free(username);
|
||||
buffer_free(password);
|
||||
|
|
Loading…
Reference in New Issue