httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: PATCH: support utilities should enable crypt() , current htdbm checks broken
Date Fri, 16 Mar 2007 16:37:45 GMT
Nope - it won't.  Where does z/OS define the crypt() prototype?

The correct patch is to ask APR_HAS_CRYPT (which we need to provide
by patching apr, if we don't already.)

If APR didn't detect crypt, adding crypt() style p/w's to htdbm,
htpasswd etc will still be a noop.

Bill

David Jones wrote:
> Support utilities should enable crypt() iff it is available.
> Using the presence of <crypt.h> does not reliably determine if crypt()
> is available.
> Specifically z/OS supports crypt, but does not have <crypt.h >, so it is
> broken when checking APR_HAVE_CRYPT_H.
> 
> Added crypt to AC_CHECK_FUNCS in httpd's configure.in
> <http://configure.in> , this creates a HAVE_CRYPT define. Then changed
> the checks in htpasswd.c and htdbm.c to check HAVE_CRYPT.
> 
> This will let htdbm.c determine crypt() support accurately (it currently
> checks APR_HAVE_CRYPT_H) and htpasswd.c use a more concise and
> consistent check (it currently checks if OS = WIN32 || TPF || NETWARE)
> 
> 
> Note: This also fixes a TPF bug as they need to switch from crypt to MD5
> like the other systems who don't have crypt:
>    Currently the check to automatically switch from using crypt to md5 is:
>              #if !(defined(WIN32) || defined(NETWARE))
>    All other checks for not supporting crypt in htdbm.c are:
>              #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
>    From the man page for htpasswd:
>            -d     Use crypt() encryption for passwords. The default on 
> all  plat-
>                   forms but Windows, Netware and TPF. Though possibly
> supported by
>                   htpasswd on all platforms, it is  not  supported  by 
> the  httpd
>                   server on Windows, Netware and TPF
> 
> 
> 
> Index: configure.in <http://configure.in>
> ===================================================================
> --- configure.in <http://configure.in>        (revision 518254)
> +++ configure.in <http://configure.in>        (working copy)
> @@ -389,6 +389,7 @@
> 
>  dnl ## Check for library functions
>  AC_SEARCH_LIBS(sqrt, m)
> +AC_SEARCH_LIBS(crypt, crypt ufc)
> 
>  dnl See Comment #Spoon
> 
> @@ -399,6 +400,7 @@
>  bindprocessor \
>  prctl \
>  timegm \
> +crypt
>  )
> 
>  dnl confirm that a void pointer is large enough to store a long integer
> 
> Index: support/htdbm.c
> ===================================================================
> --- support/htdbm.c    (revision 494665)
> +++ support/htdbm.c    (working copy)
> @@ -29,6 +29,7 @@
>  #include "apr_file_info.h"
>  #include "apr_pools.h"
>  #include "apr_signal.h"
> +#include "ap_config.h"
>  #include "apr_md5.h"
>  #include "apr_sha1.h"
>  #include "apr_dbm.h"
> @@ -69,7 +70,7 @@
>  #define ALG_APMD5 1
>  #define ALG_APSHA 2
>  
> -#if APR_HAVE_CRYPT_H
> +#ifdef HAVE_CRYPT
>  #define ALG_CRYPT 3
>  #endif
>  
> @@ -311,12 +312,12 @@
>          case ALG_PLAIN:
>              /* XXX this len limitation is not in sync with any HTTPd
> len. */
>              apr_cpystrn(cpw,htdbm->userpass,sizeof(cpw));
> -#if APR_HAVE_CRYPT_H
> +#ifdef HAVE_CRYPT
>              fprintf(stderr, "Warning: Plain text passwords aren't
> supported by the "
>                      "server on this platform!\n");
>  #endif
>          break;
> -#if APR_HAVE_CRYPT_H
> +#ifdef HAVE_CRYPT
>          case ALG_CRYPT:
>              (void) srand((int) time((time_t *) NULL));
>              to64(&salt[0], rand(), 8);
> @@ -347,7 +348,7 @@
>  static void htdbm_usage(void)
>  {
>  
> -#if APR_HAVE_CRYPT_H
> +#ifdef HAVE_CRYPT
>  #define CRYPT_OPTION "d"
>  #else
>  #define CRYPT_OPTION ""
> @@ -367,7 +368,7 @@
>      fprintf(stderr, "   -c   Create a new database.\n");
>      fprintf(stderr, "   -n   Don't update database; display results on
> stdout.\n");
>      fprintf(stderr, "   -m   Force MD5 encryption of the password
> (default).\n");
> -#if APR_HAVE_CRYPT_H
> +#ifdef HAVE_CRYPT
>      fprintf(stderr, "   -d   Force CRYPT encryption of the password
> (now deprecated).\n");
>  #endif
>      fprintf(stderr, "   -p   Do not encrypt the password (plaintext).\n");
> @@ -474,7 +475,7 @@
>              case 's':
>                  h->alg = ALG_APSHA;
>                  break;
> -#if APR_HAVE_CRYPT_H
> +#ifdef HAVE_CRYPT
>              case 'd':
>                  h->alg = ALG_CRYPT;
>                  break;
> 
> Index: support/htpasswd.c
> ===================================================================
> --- support/htpasswd.c    (revision 494665)
> +++ support/htpasswd.c    (working copy)
> @@ -45,6 +45,7 @@
>  #include "apr_file_io.h"
>  #include "apr_general.h"
>  #include "apr_signal.h"
> +#include "ap_config.h"
>  
>  #if APR_HAVE_STDIO_H
>  #include < stdio.h>
> @@ -175,7 +176,7 @@
>          apr_cpystrn(cpw,pw,sizeof(cpw));
>          break;
>  
> -#if !(defined(WIN32) || defined(NETWARE))
> +#ifdef HAVE_CRYPT
>      case ALG_CRYPT:
>      default:
>          (void) srand((int) time((time_t *) NULL));
> @@ -215,12 +216,12 @@
>      apr_file_printf(errfile, " -n  Don't update file; display results on "
>                      "stdout." NL);
>      apr_file_printf(errfile, " -m  Force MD5 encryption of the password"
> -#if defined(WIN32) || defined(TPF) || defined(NETWARE)
> +#ifndef HAVE_CRYPT
>          " (default)"
>  #endif
>          "." NL);
>      apr_file_printf(errfile, " -d  Force CRYPT encryption of the password"
> -#if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
> +#ifdef HAVE_CRYPT
>              " (default)"
>  #endif
>              "." NL);
> @@ -435,14 +436,14 @@
>      check_args(pool, argc, argv, &alg, &mask, &user, &pwfilename,
> &password);
>  
>  
> -#if defined(WIN32) || defined(NETWARE)
> +#ifndef HAVE_CRYPT
>      if (alg == ALG_CRYPT) {
>          alg = ALG_APMD5;
>          apr_file_printf(errfile, "Automatically using MD5 format." NL);
>      }
>  #endif
>  
> -#if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
> +#ifdef HAVE_CRYPT
>      if (alg == ALG_PLAIN) {
>          apr_file_printf(errfile,"Warning: storing passwords as plain
> text "
>                          "might just not work on this platform." NL);
> 


Mime
View raw message