Add ability to htpasswd (via -5) to produce non-obfuscated MD5 hashes.

mod_auth_digest's passwords can not be obfuscated by the APR magic
sequence (as we don't call apr_password_validate on them), therefore we
need a tool to produce true MD5 hex hashes.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96737 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 7b8ea567c4741d7386da243d62f80f6f1783c044..12cf300e2554fc180c9f03b090ff2cfbe200e5a3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.41
 
+  *) Add ability to htpasswd (via -5) to produce non-obfuscated MD5 hashes.
+     [Justin Erenkrantz]
+
   *) Rewrite of aaa modules to an authn/authz model.
      [Dirk-Willem van Gulik, Justin Erenkrantz]
   

diff --git a/support/htpasswd.c b/support/htpasswd.c
index f756ff07fea03b22e9771c3af204fe8759eadf77..4a847bb2fa02fa190853b3487e0414324d820f42 100644 (file)
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -126,6 +126,7 @@
 #define ALG_CRYPT 1
 #define ALG_APMD5 2
 #define ALG_APSHA 3 
+#define ALG_APMD5_TRUE 4
 
 #define ERR_FILEPERM 1
 #define ERR_SYNTAX 2
@@ -206,6 +207,23 @@ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd,
         apr_md5_encode((const char *)pw, (const char *)salt,
                      cpw, sizeof(cpw));
         break;
+    case ALG_APMD5_TRUE:
+    {
+        const char *hex = "0123456789abcdef";
+        unsigned char hash[MD5_DIGESTSIZE];
+        char *r;
+        int i;
+
+        /* Take the MD5 hash of the string argument.  */
+        apr_md5(hash, pw, strlen(pw));
+
+        for (i = 0, r = cpw; i < MD5_DIGESTSIZE; i++) {
+            *r++ = hex[hash[i] >> 4];
+            *r++ = hex[hash[i] & 0xF];
+        }
+        *r = '\0';
+        break;
+    }
 
     case ALG_PLAIN:
         /* XXX this len limitation is not in sync with any HTTPd len. */
@@ -256,6 +274,8 @@ static void usage(void)
         " (default)"
 #endif
         ".\n");
+    apr_file_printf(errfile, " -5  Force true MD5 encryption of the "
+                             "password.\n");
     apr_file_printf(errfile, " -d  Force CRYPT encryption of the password"
 #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
             " (default)"
@@ -360,6 +380,9 @@ static void check_args(apr_pool_t *pool, int argc, const char *const argv[],
             else if (*arg == 'm') {
                 *alg = ALG_APMD5;
             }
+            else if (*arg == '5') {
+                *alg = ALG_APMD5_TRUE;
+            }
             else if (*arg == 's') {
                 *alg = ALG_APSHA;
             }