httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: PATCH: ap_md5c.c understands SHA1 (Netscape web server) passwords
Date Sun, 01 Aug 1999 14:48:55 GMT

Hmm, this was the patch I had in mind; looking at either implementation I
do see not that much different. Though anyone is free to take this further
and really abstract the md5, sha1 and the various encoding formats,
i.e. base64, mime-like 64 and what else might be in use. 

What is done here to Clinton's files is the following;

	Move ap_validate_passwd() into a new ap_checkpass.c file.

	Split up ap_md5c.c into an md5 and an sha1 specific file

	Moved Clinton's perl support files to support/SHA1

	Entry in CHANGES

	Entry in 1.3 feature doc's
		
Any objections to commiting this? I am still testing it, but intend
to be done with it today.

Dw

Index: htdocs/manual/new_features_1_3.html
===================================================================
RCS file: /x3/home/cvs/apache-1.3/htdocs/manual/new_features_1_3.html,v
retrieving revision 1.79
diff -u -r1.79 new_features_1_3.html
--- new_features_1_3.html	1999/03/23 14:30:40	1.79
+++ new_features_1_3.html	1999/08/01 14:37:18
@@ -675,6 +675,15 @@
 
 </DL>
 
+<DT><STRONG>Support for Netscape style SHA1 encrypted passwords</STRONG><BR>
+<DD>To facilitate migration or integration of BasicAuth password
+    schemes where the password is encrypted using SHA1 (as opposed
+    to apache's build in MD5 and/or the OS specific crypt(3) function
+    ) passwords prefixed with with <CODE>{SHA1}</CODE> are taken
+    as Base64 encoded SHA1 passwords. More information and
+    some utilities to convert Netscape ldap/ldif entries can be
+    found in support/SHA1. 
+
 <!--#include virtual="footer.html" -->
 </BODY>
 </HTML>
Index: src/CHANGES
===================================================================
RCS file: /x3/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1406
diff -u -r1.1406 CHANGES
--- CHANGES	1999/07/31 03:30:16	1.1406
+++ CHANGES	1999/08/01 14:38:00
@@ -1,5 +1,12 @@
 Changes with Apache 1.3.8
 
+  *) Added SHA1 password encryption support to easy migration from 
+     Netscape servers. See support/SHA1 for more information; based
+     on the code contributed by Clinton Wong <clintdw@netcom.com>.
+     Caused the separation of ap_md5.c into md5, sha1 and a general
+     ap_checkpass.c with just a validate_passwd routine.
+     [dirkx]
+
   *) Change for EBCDIC platforms (TPF and BS2000) to correctly deal
      with ASCII/EBCDIC conversions in "ident" query.
      [David McCreedy <McCreedy@us.ibm.com>]
Index: src/ap/Makefile.tmpl
===================================================================
RCS file: /x3/home/cvs/apache-1.3/src/ap/Makefile.tmpl,v
retrieving revision 1.32
diff -u -r1.32 Makefile.tmpl
--- Makefile.tmpl	1999/05/31 17:09:30	1.32
+++ Makefile.tmpl	1999/08/01 14:38:01
@@ -6,7 +6,7 @@
 LIB=libap.a
 
 OBJS=ap_cpystrn.o ap_execve.o ap_fnmatch.o ap_getpass.o ap_md5c.o ap_signal.o \
-     ap_slack.o ap_snprintf.o
+     ap_slack.o ap_snprintf.o ap_sha1.o ap_checkpass.o
 
 .c.o:
 	$(CC) -c $(INCLUDES) $(CFLAGS) $<
Index: src/ap/ap_md5c.c
===================================================================
RCS file: /x3/home/cvs/apache-1.3/src/ap/ap_md5c.c,v
retrieving revision 1.27
diff -u -r1.27 ap_md5c.c
--- ap_md5c.c	1999/04/27 20:36:28	1.27
+++ ap_md5c.c	1999/08/01 14:38:05
@@ -415,7 +415,7 @@
  * Define the Magic String prefix that identifies a password as being
  * hashed using our algorithm.
  */
-static const char *apr1_id = "$apr1$";
+const char *apr1_id = "$apr1$";
 
 /*
  * The following MD5 password encryption code was largely borrowed from
@@ -586,41 +586,4 @@
     memset(final, 0, sizeof(final));
 
     ap_cpystrn(result, passwd, nbytes - 1);
-}
-
-/*
- * Validate a plaintext password against a smashed one.  Use either
- * crypt() (if available) or ap_MD5Encode(), depending upon the format
- * of the smashed input password.  Return NULL if they match, or
- * an explanatory text string if they don't.
- */
-
-API_EXPORT(char *) ap_validate_password(const char *passwd, const char *hash)
-{
-    char sample[120];
-    char *crypt_pw;
-
-    if (!strncmp(hash, apr1_id, strlen(apr1_id))) {
-	/*
-	 * The hash was created using our custom algorithm.
-	 */
-	ap_MD5Encode((const unsigned char *)passwd,
-		     (const unsigned char *)hash, sample, sizeof(sample));
-    }
-    else {
-	/*
-	 * It's not our algorithm, so feed it to crypt() if possible.
-	 */
-#if defined(WIN32) || defined(TPF)
-	/*
-	 * On Windows, the only alternative to our MD5 algorithm is plain
-	 * text.
-	 */
-	ap_cpystrn(sample, passwd, sizeof(sample) - 1);
-#else
-	crypt_pw = crypt(passwd, hash);
-	ap_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
-#endif
-    }
-    return (strcmp(sample, hash) == 0) ? NULL : "password mismatch";
 }
Index: src/include/ap_md5.h
===================================================================
RCS file: /x3/home/cvs/apache-1.3/src/include/ap_md5.h,v
retrieving revision 1.5
diff -u -r1.5 ap_md5.h
--- ap_md5.h	1999/04/08 20:56:39	1.5
+++ ap_md5.h	1999/08/01 14:38:08
@@ -104,6 +104,8 @@
     unsigned char buffer[64];	/* input buffer */
 } AP_MD5_CTX;
 
+const char *apr1_id;		/* MD5 passwd marker string */
+
 API_EXPORT(void) ap_MD5Init(AP_MD5_CTX *context);
 API_EXPORT(void) ap_MD5Update(AP_MD5_CTX *context, const unsigned char *input,
 			      unsigned int inputLen);
Index: src/modules/standard/mod_auth.c
===================================================================
RCS file: /x3/home/cvs/apache-1.3/src/modules/standard/mod_auth.c,v
retrieving revision 1.45
diff -u -r1.45 mod_auth.c
--- mod_auth.c	1999/02/03 16:22:32	1.45
+++ mod_auth.c	1999/08/01 14:38:10
@@ -74,7 +74,7 @@
 #include "http_core.h"
 #include "http_log.h"
 #include "http_protocol.h"
-#include "ap_md5.h"
+#include "ap_checkpass.h"
 
 typedef struct auth_config_struct {
     char *auth_pwfile;
Index: src/modules/standard/mod_auth_db.c
===================================================================
RCS file: /x3/home/cvs/apache-1.3/src/modules/standard/mod_auth_db.c,v
retrieving revision 1.40
diff -u -r1.40 mod_auth_db.c
--- mod_auth_db.c	1999/02/03 16:22:32	1.40
+++ mod_auth_db.c	1999/08/01 14:38:11
@@ -96,7 +96,7 @@
 #include "http_log.h"
 #include "http_protocol.h"
 #include <db.h>
-#include "ap_md5.h"
+#include "ap_checkpass.h"
 
 #if defined(DB_VERSION_MAJOR) && (DB_VERSION_MAJOR == 2)
 #define DB2
Index: src/modules/standard/mod_auth_dbm.c
===================================================================
RCS file: /x3/home/cvs/apache-1.3/src/modules/standard/mod_auth_dbm.c,v
retrieving revision 1.46
diff -u -r1.46 mod_auth_dbm.c
--- mod_auth_dbm.c	1999/06/09 11:13:55	1.46
+++ mod_auth_dbm.c	1999/08/01 14:38:14
@@ -80,7 +80,7 @@
 #else
 #include <ndbm.h>
 #endif
-#include "ap_md5.h"
+#include "ap_checkpass.h"
 
 /*
  * Module definition information - the part between the -START and -END
Index: src/support/README
===================================================================
RCS file: /x3/home/cvs/apache-1.3/src/support/README,v
retrieving revision 1.1
diff -u -r1.1 README
--- README	1999/04/05 13:52:20	1.1
+++ README	1999/08/01 14:38:19
@@ -55,3 +55,8 @@
         see  the  document  `Apache  suEXEC  Support'
 	under http://www.apache.org/docs/suexec.html .
 
+SHA1
+	This directory includes some utilities to allow Apache 1.3.6 to 
+	recognize passwords in SHA1 format, as used by Netscape web 
+	servers. It is not installed by default.
+
? .AppleDouble


Mime
View raw message