apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: apr_password_validate on win32 silently mishandles crypted hashes
Date Wed, 26 May 2004 21:08:42 GMT
rbb@rkbloom.net wrote:
> Portable doesn't mean what most people think in means in APR.  It means
> the code _should_ work on all platforms.  It doesn't mean that the data
> will be processed identically on all platforms hwoever.  In this case, you
> are asking windows to validate a password that it can't encrypt.  That
> isn't going to work.

And according to you definition it is not portable. Since it _should_ work, 
but it doesn't.

> What we do in this case, is apr_password_validate uses either crypt, md5,
> or base64, depending on the input.  There should be a function in APR to
> encrypt passwords (not sure if there is, and I can't find one in a quick
> search).
> But, do not expect that the details will work cross-platform, just the
> code.

In which case the code doing crypt verification doesn't belong to 
apr_password_validate. A quick grep of the Apache source shows that it's only 
used by the Apache support utils and should be moved there verbatim.

If you want to support crypt, include the implementation of fcrypt() on those 
platforms that don't carry crypt.

At the moment apr_password_validate is half-baked API with very vague docs.

> Ryan
> On Wed, 26 May 2004, Stas Bekman wrote:
>>I thought that P in APR stands for Portable, but I guess it is not quite true.
>>I wrote code using apr_password_validate and it works perfectly fine on linux,
>>but it doesn't on windows. apr_password_validate can't handle crypted hashes
>>on several platforms which don't have this function:
>>#if defined(WIN32) || defined(BEOS) || defined(NETWARE)
>>         apr_cpystrn(sample, passwd, sizeof(sample) - 1);
>>Why is this function in the public API then? Granted it's useful for checking
>>md5 checksums and base64 encodes, but for crypt inputs it doesn't give users
>>any indication whether it does the verification or not. On the listed three
>>platforms it silently does nothing.
>>May be the function should be renamed apr_checksum_validate and do just that?
>>If crypt is not supported, the word password is very misleading. Besides the
>>documentation must be more specific than just saying:
>>  * Validate any password encypted with any algorithm that APR understands
>>  * @param passwd The password to validate
>>  * @param hash The password to validate against
>>  */
>>APR doesn't commit here to what algorithms it actually understands, leaving
>>the user in need to go and read the source code to figure that out. IMHO, it
>>should say:
>>  * Validate hashes created by APR supported algorithms: md5 and base64.
>>  * hashes created by crypt are supported only on platforms that provide
>>  * crypt(3), so don't rely on that function unless you know that your
>>  * application will be run only on platforms that support it.
>>  * @param passwd The password to validate
>>  * @param hash The password to validate against
>>  */
>>And the function should assert if crypted hash is attempted to be verified on
>>platforms that don't support it.
>>Steve Hay, who originally reported this problem, suggests that apr may want to
>>include the implementation of fcrypt, which is how perl provides the crypt()
>>function on win32 starting from 5.9.1.
>>Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
>>http://stason.org/     mod_perl Guide ---> http://perl.apache.org
>>mailto:stas@stason.org http://use.perl.org http://apacheweek.com
>>http://modperlbook.org http://apache.org   http://ticketmaster.com

Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

View raw message