added support for md5 and blowfish passwords (fixes #73)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@710 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.6
Jan Kneschke 2005-09-16 10:40:45 +00:00
parent dce84f26e1
commit be5f187d0f
1 changed files with 42 additions and 5 deletions

View File

@ -442,22 +442,59 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
}
} else if (p->conf.auth_backend == AUTH_BACKEND_HTPASSWD) {
#ifdef HAVE_CRYPT
char salt[3];
char salt[32];
char *crypted;
size_t salt_len = 0;
/*
* htpasswd format
*
* user:crypted password
*/
/*
* Algorithm Salt
* CRYPT_STD_DES 2-character (Default)
* CRYPT_EXT_DES 9-character
* CRYPT_MD5 12-character beginning with $1$
* CRYPT_BLOWFISH 16-character beginning with $2$
*/
if (password->used < 13 + 1) {
fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
return -1;
}
if (password->used == 13 + 1) {
/* a simple DES password is 2 + 11 characters */
salt_len = 2;
} else if (password->ptr[0] == '$' && password->ptr[2] == '$') {
char *dollar = NULL;
if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
return -1;
}
salt_len = dollar - password->ptr;
}
if (salt_len - 1 > sizeof(salt)) {
fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
return -1;
}
strncpy(salt, password->ptr, salt_len);
salt[salt_len] = '\0';
salt[0] = password->ptr[0];
salt[1] = password->ptr[1];
salt[2] = '\0';
crypted = crypt(pw, salt);
if (0 == strcmp(password->ptr, crypted)) {
return 0;
} else {
fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
}
#endif
} else if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) {
if (0 == strcmp(password->ptr, pw)) {
@ -647,7 +684,7 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p,
/* password doesn't match */
if (http_auth_basic_password_compare(srv, p, req, username, realm->value, password, pw)) {
log_error_write(srv, __FILE__, __LINE__, "sbb", "password doesn't match", con->uri.path, username);
log_error_write(srv, __FILE__, __LINE__, "sbb", "password doesn't match for", con->uri.path, username);
buffer_free(username);
buffer_free(password);