Return-Path: X-Original-To: apmail-apr-commits-archive@www.apache.org Delivered-To: apmail-apr-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 843BDDDAF for ; Thu, 5 Jul 2012 18:02:53 +0000 (UTC) Received: (qmail 32261 invoked by uid 500); 5 Jul 2012 18:02:53 -0000 Delivered-To: apmail-apr-commits-archive@apr.apache.org Received: (qmail 32222 invoked by uid 500); 5 Jul 2012 18:02:53 -0000 Mailing-List: contact commits-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: dev@apr.apache.org List-Id: Delivered-To: mailing list commits@apr.apache.org Received: (qmail 32214 invoked by uid 99); 5 Jul 2012 18:02:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jul 2012 18:02:53 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jul 2012 18:02:50 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 5C2A823889BF for ; Thu, 5 Jul 2012 18:02:29 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1357772 - in /apr/apr/trunk: build.conf crypto/apr_md5.c crypto/apr_passwd.c Date: Thu, 05 Jul 2012 18:02:29 -0000 To: commits@apr.apache.org From: sf@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120705180229.5C2A823889BF@eris.apache.org> Author: sf Date: Thu Jul 5 18:02:28 2012 New Revision: 1357772 URL: http://svn.apache.org/viewvc?rev=1357772&view=rev Log: Move non-MD5-related things from apr_md5.c to new file apr_passwd.c Added: apr/apr/trunk/crypto/apr_passwd.c (with props) Modified: apr/apr/trunk/build.conf apr/apr/trunk/crypto/apr_md5.c Modified: apr/apr/trunk/build.conf URL: http://svn.apache.org/viewvc/apr/apr/trunk/build.conf?rev=1357772&r1=1357771&r2=1357772&view=diff ============================================================================== --- apr/apr/trunk/build.conf (original) +++ apr/apr/trunk/build.conf Thu Jul 5 18:02:28 2012 @@ -13,6 +13,7 @@ paths = crypto/apr_crypto.c crypto/apr_md4.c crypto/apr_md5.c + crypto/apr_passwd.c crypto/apr_sha1.c crypto/getuuid.c crypto/uuid.c Modified: apr/apr/trunk/crypto/apr_md5.c URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_md5.c?rev=1357772&r1=1357771&r2=1357772&view=diff ============================================================================== --- apr/apr/trunk/crypto/apr_md5.c (original) +++ apr/apr/trunk/crypto/apr_md5.c Thu Jul 5 18:02:28 2012 @@ -61,20 +61,10 @@ #include "apr_md5.h" #include "apr_lib.h" #include "apr_private.h" -#include "apr_sha1.h" #if APR_HAVE_STRING_H #include #endif -#if APR_HAVE_CRYPT_H -#include -#endif -#if APR_HAVE_UNISTD_H -#include -#endif -#if APR_HAVE_PTHREAD_H -#include -#endif /* Constants for MD5Transform routine. */ @@ -478,7 +468,7 @@ APR_DECLARE(apr_status_t) apr_MD5InitEBC * Define the Magic String prefix that identifies a password as being * hashed using our algorithm. */ -static const char *apr1_id = "$apr1$"; +static const char const *apr1_id = "$apr1$"; /* * The following MD5 password encryption code was largely borrowed from @@ -660,136 +650,3 @@ APR_DECLARE(apr_status_t) apr_md5_encode apr_cpystrn(result, passwd, nbytes - 1); return APR_SUCCESS; } - -#if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) -#if defined(APU_CRYPT_THREADSAFE) || !APR_HAS_THREADS || \ - defined(CRYPT_R_CRYPTD) || defined(CRYPT_R_STRUCT_CRYPT_DATA) - -#define crypt_mutex_lock() -#define crypt_mutex_unlock() - -#elif APR_HAVE_PTHREAD_H && defined(PTHREAD_MUTEX_INITIALIZER) - -static pthread_mutex_t crypt_mutex = PTHREAD_MUTEX_INITIALIZER; -static void crypt_mutex_lock(void) -{ - pthread_mutex_lock(&crypt_mutex); -} - -static void crypt_mutex_unlock(void) -{ - pthread_mutex_unlock(&crypt_mutex); -} - -#elif defined(OS2) - -static HMTX crypt_mutex = 0; -static void crypt_mutex_lock() -{ - if (crypt_mutex == 0) { - /* Prevent race condition where two threads could try to create the - * mutex concurrently - */ - DosEnterCritSec(); - - if (crypt_mutex == 0) { - DosCreateMutexSem(NULL, &crypt_mutex, 0, FALSE); - } - - DosExitCritSec(); - } - - DosRequestMutexSem(crypt_mutex, SEM_INDEFINITE_WAIT); -} - -static void crypt_mutex_unlock() -{ - DosReleaseMutexSem(crypt_mutex); -} - -#else - -#error apr_password_validate() is not threadsafe. rebuild APR without thread support. - -#endif -#endif - -/* - * Validate a plaintext password against a smashed one. Uses either - * crypt() (if available) or apr_md5_encode() or apr_sha1_base64(), depending - * upon the format of the smashed input password. Returns APR_SUCCESS if - * they match, or APR_EMISMATCH if they don't. If the platform doesn't - * support crypt, then the default check is against a clear text string. - */ -APR_DECLARE(apr_status_t) apr_password_validate(const char *passwd, - const char *hash) -{ - char sample[120]; -#if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) - char *crypt_pw; -#endif - if (!strncmp(hash, apr1_id, strlen(apr1_id))) { - /* - * The hash was created using our custom algorithm. - */ - apr_md5_encode(passwd, hash, sample, sizeof(sample)); - } - else if (!strncmp(hash, APR_SHA1PW_ID, APR_SHA1PW_IDLEN)) { - apr_sha1_base64(passwd, (int)strlen(passwd), sample); - } - else { - /* - * It's not our algorithm, so feed it to crypt() if possible. - */ -#if defined(WIN32) || defined(BEOS) || defined(NETWARE) - apr_cpystrn(sample, passwd, sizeof(sample) - 1); -#elif defined(CRYPT_R_CRYPTD) - CRYPTD buffer; - - crypt_pw = crypt_r(passwd, hash, &buffer); - if (!crypt_pw) { - return APR_EMISMATCH; - } - apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); -#elif defined(CRYPT_R_STRUCT_CRYPT_DATA) - struct crypt_data buffer; - -#if defined(__GLIBC_PREREQ) && __GLIBC_PREREQ(2,4) - buffer.initialized = 0; -#else - /* - * glibc before 2.3.2 had a bug that required clearing the - * whole struct - */ - memset(&buffer, 0, sizeof(buffer)); -#endif - crypt_pw = crypt_r(passwd, hash, &buffer); - if (!crypt_pw) { - return APR_EMISMATCH; - } - apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); -#else - /* Do a bit of sanity checking since we know that crypt_r() - * should always be used for threaded builds on AIX, and - * problems in configure logic can result in the wrong - * choice being made. - */ -#if defined(_AIX) && APR_HAS_THREADS -#error Configuration error! crypt_r() should have been selected! -#endif - - /* Handle thread safety issues by holding a mutex around the - * call to crypt(). - */ - crypt_mutex_lock(); - crypt_pw = crypt(passwd, hash); - if (!crypt_pw) { - crypt_mutex_unlock(); - return APR_EMISMATCH; - } - apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); - crypt_mutex_unlock(); -#endif - } - return (strcmp(sample, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH; -} Added: apr/apr/trunk/crypto/apr_passwd.c URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_passwd.c?rev=1357772&view=auto ============================================================================== --- apr/apr/trunk/crypto/apr_passwd.c (added) +++ apr/apr/trunk/crypto/apr_passwd.c Thu Jul 5 18:02:28 2012 @@ -0,0 +1,169 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "apr_strings.h" +#include "apr_md5.h" +#include "apr_lib.h" +#include "apr_private.h" +#include "apr_sha1.h" + +#if APR_HAVE_STRING_H +#include +#endif +#if APR_HAVE_CRYPT_H +#include +#endif +#if APR_HAVE_UNISTD_H +#include +#endif +#if APR_HAVE_PTHREAD_H +#include +#endif + +static const char const *apr1_id = "$apr1$"; + +#if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) +#if defined(APU_CRYPT_THREADSAFE) || !APR_HAS_THREADS || \ + defined(CRYPT_R_CRYPTD) || defined(CRYPT_R_STRUCT_CRYPT_DATA) + +#define crypt_mutex_lock() +#define crypt_mutex_unlock() + +#elif APR_HAVE_PTHREAD_H && defined(PTHREAD_MUTEX_INITIALIZER) + +static pthread_mutex_t crypt_mutex = PTHREAD_MUTEX_INITIALIZER; +static void crypt_mutex_lock(void) +{ + pthread_mutex_lock(&crypt_mutex); +} + +static void crypt_mutex_unlock(void) +{ + pthread_mutex_unlock(&crypt_mutex); +} + +#elif defined(OS2) + +static HMTX crypt_mutex = 0; +static void crypt_mutex_lock() +{ + if (crypt_mutex == 0) { + /* Prevent race condition where two threads could try to create the + * mutex concurrently + */ + DosEnterCritSec(); + + if (crypt_mutex == 0) { + DosCreateMutexSem(NULL, &crypt_mutex, 0, FALSE); + } + + DosExitCritSec(); + } + + DosRequestMutexSem(crypt_mutex, SEM_INDEFINITE_WAIT); +} + +static void crypt_mutex_unlock() +{ + DosReleaseMutexSem(crypt_mutex); +} + +#else + +#error apr_password_validate() is not threadsafe. rebuild APR without thread support. + +#endif +#endif + +/* + * Validate a plaintext password against a smashed one. Uses either + * crypt() (if available) or apr_md5_encode() or apr_sha1_base64(), depending + * upon the format of the smashed input password. Returns APR_SUCCESS if + * they match, or APR_EMISMATCH if they don't. If the platform doesn't + * support crypt, then the default check is against a clear text string. + */ +APR_DECLARE(apr_status_t) apr_password_validate(const char *passwd, + const char *hash) +{ + char sample[120]; +#if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) + char *crypt_pw; +#endif + if (!strncmp(hash, apr1_id, strlen(apr1_id))) { + /* + * The hash was created using our custom algorithm. + */ + apr_md5_encode(passwd, hash, sample, sizeof(sample)); + } + else if (!strncmp(hash, APR_SHA1PW_ID, APR_SHA1PW_IDLEN)) { + apr_sha1_base64(passwd, (int)strlen(passwd), sample); + } + else { + /* + * It's not our algorithm, so feed it to crypt() if possible. + */ +#if defined(WIN32) || defined(BEOS) || defined(NETWARE) + apr_cpystrn(sample, passwd, sizeof(sample) - 1); +#elif defined(CRYPT_R_CRYPTD) + CRYPTD buffer; + + crypt_pw = crypt_r(passwd, hash, &buffer); + if (!crypt_pw) { + return APR_EMISMATCH; + } + apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); +#elif defined(CRYPT_R_STRUCT_CRYPT_DATA) + struct crypt_data buffer; + +#if defined(__GLIBC_PREREQ) && __GLIBC_PREREQ(2,4) + buffer.initialized = 0; +#else + /* + * glibc before 2.3.2 had a bug that required clearing the + * whole struct + */ + memset(&buffer, 0, sizeof(buffer)); +#endif + crypt_pw = crypt_r(passwd, hash, &buffer); + if (!crypt_pw) { + return APR_EMISMATCH; + } + apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); +#else + /* Do a bit of sanity checking since we know that crypt_r() + * should always be used for threaded builds on AIX, and + * problems in configure logic can result in the wrong + * choice being made. + */ +#if defined(_AIX) && APR_HAS_THREADS +#error Configuration error! crypt_r() should have been selected! +#endif + + /* Handle thread safety issues by holding a mutex around the + * call to crypt(). + */ + crypt_mutex_lock(); + crypt_pw = crypt(passwd, hash); + if (!crypt_pw) { + crypt_mutex_unlock(); + return APR_EMISMATCH; + } + apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); + crypt_mutex_unlock(); +#endif + } + return (strcmp(sample, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH; +} Propchange: apr/apr/trunk/crypto/apr_passwd.c ------------------------------------------------------------------------------ svn:eol-style = native