You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by je...@apache.org on 2003/11/16 20:17:14 UTC

cvs commit: apr-util/crypto apr_md5.c

jerenkrantz    2003/11/16 11:17:14

  Modified:    .        CHANGES
               crypto   apr_md5.c
  Log:
  Add SHA1 support to apr_password_validate().
  
  Submitted by:	Paul Querna <chip force-elite.com>
  Reviewed by:	Justin Erenkrantz
  
  Revision  Changes    Path
  1.120     +3 -0      apr-util/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apr-util/CHANGES,v
  retrieving revision 1.119
  retrieving revision 1.120
  diff -u -u -r1.119 -r1.120
  --- CHANGES	6 Oct 2003 20:39:09 -0000	1.119
  +++ CHANGES	16 Nov 2003 19:17:14 -0000	1.120
  @@ -1,5 +1,8 @@
   Changes with APR-util 1.0
   
  +  *) Add SHA1 support to apr_password_validate.
  +     [Paul Querna <chip force-elite.com>]
  +
     *) Pass error codes returned from constructors all the way back to
        the reslist consumer. Also fix a minor reslist memory leak that could
        happen when a constructor returns an error code.  PR 23492.
  
  
  
  1.8       +8 -4      apr-util/crypto/apr_md5.c
  
  Index: apr_md5.c
  ===================================================================
  RCS file: /home/cvs/apr-util/crypto/apr_md5.c,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -u -r1.7 -r1.8
  --- apr_md5.c	2 Jun 2003 13:47:57 -0000	1.7
  +++ apr_md5.c	16 Nov 2003 19:17:14 -0000	1.8
  @@ -99,6 +99,7 @@
   #include "apr_md5.h"
   #include "apr_lib.h"
   #include "apu_config.h"
  +#include "apr_sha1.h"
   
   #if APR_HAVE_STRING_H
   #include <string.h>
  @@ -703,10 +704,10 @@
   #endif
   
   /*
  - * Validate a plaintext password against a smashed one.  Use either
  - * crypt() (if available) or apr_md5_encode(), depending upon the format
  - * of the smashed input password.  Return APR_SUCCESS if they match, or
  - * APR_EMISMATCH if they don't.
  + * Validate a plaintext password against a smashed one.  Uses either
  + * crypt() (if available) or apr_md5_encode() or apr_sha1_base64(), depending
  + * upon the format of the smashed input password.  Returns APR_SUCCESS if
  + * they match, or APR_EMISMATCH if they don't.
    */
   
   APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, 
  @@ -721,6 +722,9 @@
            * The hash was created using our custom algorithm.
            */
           apr_md5_encode(passwd, hash, sample, sizeof(sample));
  +    }
  +    else if(!strncmp(hash, APR_SHA1PW_ID, strlen(APR_SHA1PW_ID))) {
  +         apr_sha1_base64(passwd, strlen(passwd), sample);
       }
       else {
           /*