You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by fu...@apache.org on 2011/04/17 21:07:24 UTC
svn commit: r1094184 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
support/htpasswd.c
Author: fuankg
Date: Sun Apr 17 19:07:23 2011
New Revision: 1094184
URL: http://svn.apache.org/viewvc?rev=1094184&view=rev
Log:
Syncronize with trunk version.
This includes a couple of backports / fixes: r826805, r826822,
r829162, r829355, r829431. The default algorithm is now md5
on all platforms.
All patches by sf; backport reviewed by fuankg, wrowe, trawick.
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/support/htpasswd.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1094184&r1=1094183&r2=1094184&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sun Apr 17 19:07:23 2011
@@ -1,6 +1,11 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.18
+ *) htpasswd: Change the default algorithm for htpasswd to MD5 on all
+ platforms. Crypt with its 8 character limit is not useful anymore;
+ improve out of disk space handling (PR 30877); print a warning if
+ a password is truncated by crypt. [Stefan Fritsch]
+
*) mod_win32: Added shebang check for '! so that .vbs scripts can work as CGI.
Win32's cscript interpreter can only use a single quote as comment char.
[Guenter Knauf]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1094184&r1=1094183&r2=1094184&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sun Apr 17 19:07:23 2011
@@ -91,15 +91,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * htpasswd.c: Syncronize with trunk version. This includes a couple of fixes:
- r826805, r826822, r829162, r829355, r829431. The patch below covers only
- the C code - we also need to apply the docs and CHANGES parts of r826805.
- 2.2.x patch: http://people.apache.org/~fuankg/diffs/htpasswd.c.diff
- sf: this will change the default algorithm from crypt to md5 (I am not
- against it)
- FWIW, htdbm in 2.2.x already defaults to MD5
- +1 fuankg, wrowe, trawick
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.2.x/support/htpasswd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/htpasswd.c?rev=1094184&r1=1094183&r2=1094184&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/support/htpasswd.c (original)
+++ httpd/httpd/branches/2.2.x/support/htpasswd.c Sun Apr 17 19:07:23 2011
@@ -141,7 +141,15 @@ static apr_status_t seed_rand(void)
static void putline(apr_file_t *f, const char *l)
{
- apr_file_puts(l, f);
+ apr_status_t rc;
+ rc = apr_file_puts(l, f);
+ if (rc != APR_SUCCESS) {
+ char errstr[MAX_STRING_LEN];
+ apr_strerror(rc, errstr, MAX_STRING_LEN);
+ apr_file_printf(errfile, "Error writing temp file: %s" NL, errstr);
+ apr_file_close(f);
+ exit(ERR_FILEPERM);
+ }
}
/*
@@ -201,7 +209,7 @@ static int mkrecord(char *user, char *re
apr_cpystrn(cpw,pw,sizeof(cpw));
break;
-#if !(defined(WIN32) || defined(NETWARE))
+#if (!(defined(WIN32) || defined(NETWARE)))
case ALG_CRYPT:
default:
if (seed_rand()) {
@@ -210,7 +218,16 @@ static int mkrecord(char *user, char *re
to64(&salt[0], rand(), 8);
salt[8] = '\0';
- apr_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
+ apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
+ if (strlen(pw) > 8) {
+ char *truncpw = strdup(pw);
+ truncpw[8] = '\0';
+ if (!strcmp(cpw, crypt(truncpw, salt))) {
+ apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
+ "by CRYPT algorithm." NL);
+ }
+ free(truncpw);
+ }
break;
#endif
}
@@ -243,14 +260,9 @@ static void usage(void)
apr_file_printf(errfile, " -n Don't update file; display results on "
"stdout." NL);
apr_file_printf(errfile, " -m Force MD5 encryption of the password"
-#if defined(WIN32) || defined(TPF) || defined(NETWARE)
" (default)"
-#endif
"." NL);
apr_file_printf(errfile, " -d Force CRYPT encryption of the password"
-#if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
- " (default)"
-#endif
"." NL);
apr_file_printf(errfile, " -p Do not encrypt the password (plaintext)." NL);
apr_file_printf(errfile, " -s Force SHA encryption of the password." NL);
@@ -258,10 +270,11 @@ static void usage(void)
"rather than prompting for it." NL);
apr_file_printf(errfile, " -D Delete the specified user." NL);
apr_file_printf(errfile,
- "On Windows, NetWare and TPF systems the '-m' flag is used by "
- "default." NL);
+ "On other systems than Windows, NetWare and TPF the '-p' flag will "
+ "probably not work." NL);
apr_file_printf(errfile,
- "On all other systems, the '-p' flag will probably not work." NL);
+ "The SHA algorithm does not use a salt and is less secure than "
+ "the MD5 algorithm." NL);
exit(ERR_SYNTAX);
}
@@ -428,7 +441,7 @@ int main(int argc, const char * const ar
char *scratch, cp[MAX_STRING_LEN];
int found = 0;
int i;
- int alg = ALG_CRYPT;
+ int alg = ALG_APMD5;
int mask = 0;
apr_pool_t *pool;
int existing_file = 0;