You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@hyperreal.org on 1999/05/31 21:44:31 UTC
cvs commit: apache-1.3/src/support htdigest.c htpasswd.c
coar 99/05/31 12:44:31
Modified: src/support htdigest.c htpasswd.c
Log:
Use the ap_getpass() wrapper rather than reinventing it.
Revision Changes Path
1.23 +68 -12 apache-1.3/src/support/htdigest.c
Index: htdigest.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/support/htdigest.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- htdigest.c 1999/04/09 12:57:06 1.22
+++ htdigest.c 1999/05/31 19:44:30 1.23
@@ -1,3 +1,59 @@
+/* ====================================================================
+ * Copyright (c) 1995-1999 The Apache Group. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the Apache Group
+ * for use in the Apache HTTP server project (http://www.apache.org/)."
+ *
+ * 4. The names "Apache Server" and "Apache Group" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ * nor may "Apache" appear in their names without prior written
+ * permission of the Apache Group.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the Apache Group
+ * for use in the Apache HTTP server project (http://www.apache.org/)."
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Group and was originally based
+ * on public domain software written at the National Center for
+ * Supercomputing Applications, University of Illinois, Urbana-Champaign.
+ * For more information on the Apache Group and the Apache HTTP server
+ * project, please see <http://www.apache.org/>.
+ *
+ */
/******************************************************************************
******************************************************************************
* NOTE! This program is not safe as a setuid executable! Do not make it
@@ -17,6 +73,7 @@
#else
#include <sys/signal.h>
#endif
+#include "ap.h"
#include "ap_md5.h"
#ifdef CHARSET_EBCDIC
@@ -31,15 +88,6 @@
char *tn;
-static char *strd(char *s)
-{
- char *d;
-
- d = (char *) malloc(strlen(s) + 1);
- strcpy(d, s);
- return (d);
-}
-
static void getword(char *word, char *line, char stop)
{
int x = 0, y;
@@ -89,15 +137,23 @@
AP_MD5_CTX context;
unsigned char digest[16];
char string[MAX_STRING_LEN];
+ char pwin[MAX_STRING_LEN];
+ char pwv[MAX_STRING_LEN];
unsigned int i;
- pw = strd((char *) getpass("New password:"));
- if (strcmp(pw, (char *) getpass("Re-type new password:"))) {
+ if (ap_getpass("New password: ", pwin, sizeof(pwin)) != 0) {
+ fprintf(stderr, "password too long");
+ exit(5);
+ }
+ ap_getpass("Re-type new password: ", pwv, sizeof(pwv));
+ if (strcmp(pwin, pwv) != 0) {
fprintf(stderr, "They don't match, sorry.\n");
- if (tn)
+ if (tn) {
unlink(tn);
+ }
exit(1);
}
+ pw = pwin;
fprintf(f, "%s:%s:", user, realm);
/* Do MD5 stuff */
1.30 +11 -20 apache-1.3/src/support/htpasswd.c
Index: htpasswd.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- htpasswd.c 1999/05/31 17:10:19 1.29
+++ htpasswd.c 1999/05/31 19:44:30 1.30
@@ -115,17 +115,9 @@
static char *tempfilename;
/*
- * Duplicate a string into memory malloc()ed for it.
+ * Get a line of input from the user, not including any terminating
+ * newline.
*/
-static char *strd(char *s)
-{
- char *d;
-
- d = (char *) malloc(strlen(s) + 1);
- strcpy(d, s);
- return (d);
-}
-
static int getline(char *s, int n, FILE *f)
{
register int i = 0;
@@ -236,17 +228,23 @@
char *pw;
char cpw[120];
char salt[9];
+ char pwin[129];
+ char pwv[129];
if (passwd != NULL) {
pw = passwd;
}
else {
- pw = strd((char *) getpass("New password: "));
- if (strcmp(pw, (char *) getpass("Re-type new password: "))) {
+ if (ap_getpass("New password: ", pwin, sizeof(pwin)) != 0) {
+ ap_cpystrn(record, "password too long", (rlen -1));
+ return ERR_OVERFLOW;
+ }
+ ap_getpass("Re-type new password: ", pwv, sizeof(pwv));
+ if (strcmp(pwin, pwv) != 0) {
ap_cpystrn(record, "password verification error", (rlen - 1));
- free(pw);
return ERR_PWMISMATCH;
}
+ pw = pwin;
}
(void) srand((int) time((time_t *) NULL));
to64(&salt[0], rand(), 8);
@@ -262,13 +260,6 @@
break;
}
- /*
- * Now that we have the smashed password, we don't need the
- * plaintext one any more.
- */
- if (passwd == NULL) {
- free(pw);
- }
/*
* Check to see if the buffer is large enough to hold the username,
* hash, and delimiters.