You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Martin Kraemer <ma...@mch.sni.de> on 1998/09/29 23:40:12 UTC
[PATCH] Take 1 (was: Proposal for Win32 crypt() issue)
On Tue, Sep 29, 1998 at 03:40:14PM -0400, Jim Jagielski wrote:
> Rodent of Unusual Size wrote:
> >
> > I'd like to suggest the following workaround/solution to
> > the Win32 crypt() issue:
> >
> > o Use MD5 on Win32.
>
> I don't think having non-interoperable .htpasswd files is that big
> of a deal. I think this makes sense, esp for 1.3.3. :)
Here's a first step at an "md5 crypt".
* it takes a password and a "salt" (and uses the salt for permutations)
* as Marc proposed in march, it takes a pool* to return a dynamic copy
See Message-ID: <Pi...@valis.worldgate.com>
* it builds a base64 encoded result string (instead of simple hex),
giving a fairly similar look (to crypt()'s result), only the string is
24 bytes long instead of 13.
What's missing:
* optional integration into the various os.h files (right now, switching
to ap_crypt() instead of crypt() is done in the central ap_config.h
file)
* In mod_auth.c, the code must be rewritten to use ap_pcrypt() instead
of crypt() (as in Marc's version)
* The MSVC project files would have to be updated.
* I'm in a hurry. The #endif comments in the patch are wrong.
Ignore them for now.
These things are easy to add. Tell me if you want me to add these to the
patch.
Martin
--
| S I E M E N S | <Ma...@mch.sni.de> | Siemens Nixdorf
| ------------- | Voice: +49-89-636-46021 | Informationssysteme AG
| N I X D O R F | FAX: +49-89-636-44994 | 81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request
Re: Proposal for Win32 crypt() issue
Posted by Ben Hyde <bh...@pobox.com>.
Rodent of Unusual Size writes:
>Marc Slemko wrote:
>>...
>For crying in your beer
Marc! Put down the beer!
Re: Proposal for Win32 crypt() issue
Posted by Marc Slemko <ma...@worldgate.com>.
On Tue, 29 Sep 1998, Rodent of Unusual Size wrote:
> Marc Slemko wrote:
> >
> > You can have it use static storage if you pass in a NULL pointer.
>
> That doesn't help; you still need to link with libmain.
>
> For crying in your beer, it's only 24 bytes. And it's always
> 24 bytes, correct? Pass in a 24-byte buffer; palloc() it
> first if you want, but don't unnecessarily taint a G-P
> routine.
No, it does not take a 24-byte buffer. Passing it such would be broken on
systems where crypt() returns something longer than 24 bytes.
For example, this would break on FreeBSD using MD5 crypt.
Re: Proposal for Win32 crypt() issue
Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
Marc Slemko wrote:
>
> You can have it use static storage if you pass in a NULL pointer.
That doesn't help; you still need to link with libmain.
For crying in your beer, it's only 24 bytes. And it's always
24 bytes, correct? Pass in a 24-byte buffer; palloc() it
first if you want, but don't unnecessarily taint a G-P
routine.
#ken P-)}
Ken Coar <http://Web.Golux.Com/coar/>
Apache Group member <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>
Re: [PATCH] Take 1 (was: Proposal for Win32 crypt() issue)
Posted by Marc Slemko <ma...@znep.com>.
On Tue, 29 Sep 1998, Rodent of Unusual Size wrote:
> Martin Kraemer wrote:
> >
> > Here's a first step at an "md5 crypt".
> >
> > * it takes a password and a "salt" (and uses the salt for
> > permutations)
> > * as Marc proposed in march, it takes a pool* to return a dynamic copy
>
> Unfortunately, that breaks its reusability in src/support/htpasswd.c.
> And elsewhere.
You can have it use static storage if you pass in a NULL pointer.
As to if you want to do that, that is a different matter.
Re: [PATCH] Take 1 (was: Proposal for Win32 crypt() issue)
Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
Martin Kraemer wrote:
>
> Here's a first step at an "md5 crypt".
>
> * it takes a password and a "salt" (and uses the salt for
> permutations)
> * as Marc proposed in march, it takes a pool* to return a dynamic copy
Unfortunately, that breaks its reusability in src/support/htpasswd.c.
And elsewhere.
Before we start generating patches for multiple proposals, may
we come to a consensus about what we're going to do
strategy-wise?
#ken P-)}
Ken Coar <http://Web.Golux.Com/coar/>
Apache Group member <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>