-*- coding: utf-8 -*-
Changes with Apache 2.2.18
+ *) htpasswd: Change the default algorithm for htpasswd to MD5 on all
+ platforms. Crypt with its 8 character limit is not useful anymore;
+ improve out of disk space handling (PR 30877); print a warning if
+ a password is truncated by crypt. [Stefan Fritsch]
+
*) mod_win32: Added shebang check for '! so that .vbs scripts can work as CGI.
Win32's cscript interpreter can only use a single quote as comment char.
[Guenter Knauf]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * htpasswd.c: Syncronize with trunk version. This includes a couple of fixes:
- r826805, r826822, r829162, r829355, r829431. The patch below covers only
- the C code - we also need to apply the docs and CHANGES parts of r826805.
- 2.2.x patch: http://people.apache.org/~fuankg/diffs/htpasswd.c.diff
- sf: this will change the default algorithm from crypt to md5 (I am not
- against it)
- FWIW, htdbm in 2.2.x already defaults to MD5
- +1 fuankg, wrowe, trawick
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
static void putline(apr_file_t *f, const char *l)
{
- apr_file_puts(l, f);
+ apr_status_t rc;
+ rc = apr_file_puts(l, f);
+ if (rc != APR_SUCCESS) {
+ char errstr[MAX_STRING_LEN];
+ apr_strerror(rc, errstr, MAX_STRING_LEN);
+ apr_file_printf(errfile, "Error writing temp file: %s" NL, errstr);
+ apr_file_close(f);
+ exit(ERR_FILEPERM);
+ }
}
/*
apr_cpystrn(cpw,pw,sizeof(cpw));
break;
-#if !(defined(WIN32) || defined(NETWARE))
+#if (!(defined(WIN32) || defined(NETWARE)))
case ALG_CRYPT:
default:
if (seed_rand()) {
to64(&salt[0], rand(), 8);
salt[8] = '\0';
- apr_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
+ apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
+ if (strlen(pw) > 8) {
+ char *truncpw = strdup(pw);
+ truncpw[8] = '\0';
+ if (!strcmp(cpw, crypt(truncpw, salt))) {
+ apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
+ "by CRYPT algorithm." NL);
+ }
+ free(truncpw);
+ }
break;
#endif
}
apr_file_printf(errfile, " -n Don't update file; display results on "
"stdout." NL);
apr_file_printf(errfile, " -m Force MD5 encryption of the password"
-#if defined(WIN32) || defined(TPF) || defined(NETWARE)
" (default)"
-#endif
"." NL);
apr_file_printf(errfile, " -d Force CRYPT encryption of the password"
-#if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
- " (default)"
-#endif
"." NL);
apr_file_printf(errfile, " -p Do not encrypt the password (plaintext)." NL);
apr_file_printf(errfile, " -s Force SHA encryption of the password." NL);
"rather than prompting for it." NL);
apr_file_printf(errfile, " -D Delete the specified user." NL);
apr_file_printf(errfile,
- "On Windows, NetWare and TPF systems the '-m' flag is used by "
- "default." NL);
+ "On other systems than Windows, NetWare and TPF the '-p' flag will "
+ "probably not work." NL);
apr_file_printf(errfile,
- "On all other systems, the '-p' flag will probably not work." NL);
+ "The SHA algorithm does not use a salt and is less secure than "
+ "the MD5 algorithm." NL);
exit(ERR_SYNTAX);
}
char *scratch, cp[MAX_STRING_LEN];
int found = 0;
int i;
- int alg = ALG_CRYPT;
+ int alg = ALG_APMD5;
int mask = 0;
apr_pool_t *pool;
int existing_file = 0;
projects / thirdparty / apache / httpd.git / commitdiff
