httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@hyperreal.org
Subject cvs commit: apache-1.3/src/support htdigest.c htpasswd.c
Date Mon, 31 May 1999 19:44:31 GMT
coar        99/05/31 12:44:31

  Modified:    src/support htdigest.c htpasswd.c
  Log:
  	Use the ap_getpass() wrapper rather than reinventing it.
  
  Revision  Changes    Path
  1.23      +68 -12    apache-1.3/src/support/htdigest.c
  
  Index: htdigest.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/support/htdigest.c,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- htdigest.c	1999/04/09 12:57:06	1.22
  +++ htdigest.c	1999/05/31 19:44:30	1.23
  @@ -1,3 +1,59 @@
  +/* ====================================================================
  + * Copyright (c) 1995-1999 The Apache Group.  All rights reserved.
  + *
  + * Redistribution and use in source and binary forms, with or without
  + * modification, are permitted provided that the following conditions
  + * are met:
  + *
  + * 1. Redistributions of source code must retain the above copyright
  + *    notice, this list of conditions and the following disclaimer. 
  + *
  + * 2. Redistributions in binary form must reproduce the above copyright
  + *    notice, this list of conditions and the following disclaimer in
  + *    the documentation and/or other materials provided with the
  + *    distribution.
  + *
  + * 3. All advertising materials mentioning features or use of this
  + *    software must display the following acknowledgment:
  + *    "This product includes software developed by the Apache Group
  + *    for use in the Apache HTTP server project (http://www.apache.org/)."
  + *
  + * 4. The names "Apache Server" and "Apache Group" must not be used to
  + *    endorse or promote products derived from this software without
  + *    prior written permission. For written permission, please contact
  + *    apache@apache.org.
  + *
  + * 5. Products derived from this software may not be called "Apache"
  + *    nor may "Apache" appear in their names without prior written
  + *    permission of the Apache Group.
  + *
  + * 6. Redistributions of any form whatsoever must retain the following
  + *    acknowledgment:
  + *    "This product includes software developed by the Apache Group
  + *    for use in the Apache HTTP server project (http://www.apache.org/)."
  + *
  + * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
  + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
  + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  + * OF THE POSSIBILITY OF SUCH DAMAGE.
  + * ====================================================================
  + *
  + * This software consists of voluntary contributions made by many
  + * individuals on behalf of the Apache Group and was originally based
  + * on public domain software written at the National Center for
  + * Supercomputing Applications, University of Illinois, Urbana-Champaign.
  + * For more information on the Apache Group and the Apache HTTP server
  + * project, please see <http://www.apache.org/>.
  + *
  + */
   /******************************************************************************
    ******************************************************************************
    * NOTE! This program is not safe as a setuid executable!  Do not make it
  @@ -17,6 +73,7 @@
   #else
   #include <sys/signal.h>
   #endif
  +#include "ap.h"
   #include "ap_md5.h"
   
   #ifdef CHARSET_EBCDIC
  @@ -31,15 +88,6 @@
   
   char *tn;
   
  -static char *strd(char *s)
  -{
  -    char *d;
  -
  -    d = (char *) malloc(strlen(s) + 1);
  -    strcpy(d, s);
  -    return (d);
  -}
  -
   static void getword(char *word, char *line, char stop)
   {
       int x = 0, y;
  @@ -89,15 +137,23 @@
       AP_MD5_CTX context;
       unsigned char digest[16];
       char string[MAX_STRING_LEN];
  +    char pwin[MAX_STRING_LEN];
  +    char pwv[MAX_STRING_LEN];
       unsigned int i;
   
  -    pw = strd((char *) getpass("New password:"));
  -    if (strcmp(pw, (char *) getpass("Re-type new password:"))) {
  +    if (ap_getpass("New password: ", pwin, sizeof(pwin)) != 0) {
  +	fprintf(stderr, "password too long");
  +	exit(5);
  +    }
  +    ap_getpass("Re-type new password: ", pwv, sizeof(pwv));
  +    if (strcmp(pwin, pwv) != 0) {
   	fprintf(stderr, "They don't match, sorry.\n");
  -	if (tn)
  +	if (tn) {
   	    unlink(tn);
  +	}
   	exit(1);
       }
  +    pw = pwin;
       fprintf(f, "%s:%s:", user, realm);
   
       /* Do MD5 stuff */
  
  
  
  1.30      +11 -20    apache-1.3/src/support/htpasswd.c
  
  Index: htpasswd.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
  retrieving revision 1.29
  retrieving revision 1.30
  diff -u -r1.29 -r1.30
  --- htpasswd.c	1999/05/31 17:10:19	1.29
  +++ htpasswd.c	1999/05/31 19:44:30	1.30
  @@ -115,17 +115,9 @@
   static char *tempfilename;
   
   /*
  - * Duplicate a string into memory malloc()ed for it.
  + * Get a line of input from the user, not including any terminating
  + * newline.
    */
  -static char *strd(char *s)
  -{
  -    char *d;
  -
  -    d = (char *) malloc(strlen(s) + 1);
  -    strcpy(d, s);
  -    return (d);
  -}
  -
   static int getline(char *s, int n, FILE *f)
   {
       register int i = 0;
  @@ -236,17 +228,23 @@
       char *pw;
       char cpw[120];
       char salt[9];
  +    char pwin[129];
  +    char pwv[129];
   
       if (passwd != NULL) {
   	pw = passwd;
       }
       else {
  -	pw = strd((char *) getpass("New password: "));
  -	if (strcmp(pw, (char *) getpass("Re-type new password: "))) {
  +	if (ap_getpass("New password: ", pwin, sizeof(pwin)) != 0) {
  +	    ap_cpystrn(record, "password too long", (rlen -1));
  +	    return ERR_OVERFLOW;
  +	}
  +	ap_getpass("Re-type new password: ", pwv, sizeof(pwv));
  +	if (strcmp(pwin, pwv) != 0) {
   	    ap_cpystrn(record, "password verification error", (rlen - 1));
  -	    free(pw);
   	    return ERR_PWMISMATCH;
   	}
  +	pw = pwin;
       }
       (void) srand((int) time((time_t *) NULL));
       to64(&salt[0], rand(), 8);
  @@ -262,13 +260,6 @@
   	break;
       }
   
  -    /*
  -     * Now that we have the smashed password, we don't need the
  -     * plaintext one any more.
  -     */
  -    if (passwd == NULL) {
  -	free(pw);
  -    }
       /*
        * Check to see if the buffer is large enough to hold the username,
        * hash, and delimiters.
  
  
  

Mime
View raw message