#define NL APR_EOL_STR
+#if defined(WIN32) || defined(NETWARE)
+#define CRYPT_ALGO_SUPPORTED 0
+#else
+#define CRYPT_ALGO_SUPPORTED 1
+#endif
+
+#if CRYPT_ALGO_SUPPORTED
static void to64(char *s, unsigned long v, int n)
{
static unsigned char itoa64[] = /* 0 ... 63 => ASCII - 64 */
v >>= 6;
}
}
+#endif
static void generate_salt(char *s, size_t size)
{
- static unsigned char tbl[] =
+ static unsigned char tbl[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
size_t i;
for (i = 0; i < size; ++i) {
}
}
-static apr_status_t seed_rand()
+static apr_status_t seed_rand(void)
{
int seed = 0;
apr_status_t rv;
static void putline(apr_file_t *f, const char *l)
{
- apr_file_puts(l, f);
+ apr_status_t rc;
+ rc = apr_file_puts(l, f);
+ if (rc != APR_SUCCESS) {
+ char errstr[MAX_STRING_LEN];
+ apr_strerror(rc, errstr, MAX_STRING_LEN);
+ apr_file_printf(errfile, "Error writing temp file: %s" NL, errstr);
+ apr_file_close(f);
+ exit(ERR_FILEPERM);
+ }
}
/*
char pwv[MAX_STRING_LEN];
char salt[9];
apr_size_t bufsize;
+#if CRYPT_ALGO_SUPPORTED
+ char *cbuf;
+#endif
if (passwd != NULL) {
pw = passwd;
apr_cpystrn(cpw,pw,sizeof(cpw));
break;
-#if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
+#if CRYPT_ALGO_SUPPORTED
case ALG_CRYPT:
default:
if (seed_rand()) {
to64(&salt[0], rand(), 8);
salt[8] = '\0';
- apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
+ cbuf = crypt(pw, salt);
+ if (cbuf == NULL) {
+ char errbuf[128];
+
+ apr_snprintf(record, rlen-1, "crypt() failed: %s",
+ apr_strerror(errno, errbuf, sizeof errbuf));
+ return ERR_PWMISMATCH;
+ }
+
+ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1);
+ if (strlen(pw) > 8) {
+ char *truncpw = strdup(pw);
+ truncpw[8] = '\0';
+ if (!strcmp(cpw, crypt(truncpw, salt))) {
+ apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
+ "by CRYPT algorithm." NL);
+ }
+ free(truncpw);
+ }
break;
-#endif
+#endif /* CRYPT_ALGO_SUPPORTED */
}
memset(pw, '\0', strlen(pw));
apr_file_printf(errfile, " -n Don't update file; display results on "
"stdout." NL);
apr_file_printf(errfile, " -m Force MD5 encryption of the password"
-#if defined(WIN32) || defined(TPF) || defined(NETWARE)
" (default)"
-#endif
"." NL);
apr_file_printf(errfile, " -d Force CRYPT encryption of the password"
-#if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
- " (default)"
-#endif
"." NL);
apr_file_printf(errfile, " -p Do not encrypt the password (plaintext)." NL);
apr_file_printf(errfile, " -s Force SHA encryption of the password." NL);
"rather than prompting for it." NL);
apr_file_printf(errfile, " -D Delete the specified user." NL);
apr_file_printf(errfile,
- "On Windows, NetWare and TPF systems the '-m' flag is used by "
- "default." NL);
+ "On other systems than Windows and NetWare the '-p' flag will "
+ "probably not work." NL);
apr_file_printf(errfile,
- "On all other systems, the '-p' flag will probably not work." NL);
+ "The SHA algorithm does not use a salt and is less secure than "
+ "the MD5 algorithm." NL);
exit(ERR_SYNTAX);
}
char *scratch, cp[MAX_STRING_LEN];
int found = 0;
int i;
- int alg = ALG_CRYPT;
+ int alg = ALG_APMD5;
int mask = 0;
apr_pool_t *pool;
int existing_file = 0;
check_args(pool, argc, argv, &alg, &mask, &user, &pwfilename, &password);
-#if defined(WIN32) || defined(TPF) || defined(NETWARE)
+#if !CRYPT_ALGO_SUPPORTED
if (alg == ALG_CRYPT) {
alg = ALG_APMD5;
apr_file_printf(errfile, "Automatically using MD5 format." NL);
}
#endif
-#if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
+#if CRYPT_ALGO_SUPPORTED
if (alg == ALG_PLAIN) {
apr_file_printf(errfile,"Warning: storing passwords as plain text "
"might just not work on this platform." NL);