From: Justin Erenkrantz <jerenkrantz@apache.org>
Date: Tue, 10 Sep 2002 03:00:50 +0000 (+0000)
Subject: Add ability to htpasswd (via -5) to produce non-obfuscated MD5 hashes.
X-Git-Tag: 2.0.42~93
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3283ae992d86cda7ace322e7a18e5f30ddceac51;p=apache

Add ability to htpasswd (via -5) to produce non-obfuscated MD5 hashes.

mod_auth_digest's passwords can not be obfuscated by the APR magic
sequence (as we don't call apr_password_validate on them), therefore we
need a tool to produce true MD5 hex hashes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96737 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 7b8ea567c4..12cf300e25 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.41
 
+  *) Add ability to htpasswd (via -5) to produce non-obfuscated MD5 hashes.
+     [Justin Erenkrantz]
+
   *) Rewrite of aaa modules to an authn/authz model.
      [Dirk-Willem van Gulik, Justin Erenkrantz]
   
diff --git a/support/htpasswd.c b/support/htpasswd.c
index f756ff07fe..4a847bb2fa 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -126,6 +126,7 @@
 #define ALG_CRYPT 1
 #define ALG_APMD5 2
 #define ALG_APSHA 3 
+#define ALG_APMD5_TRUE 4
 
 #define ERR_FILEPERM 1
 #define ERR_SYNTAX 2
@@ -206,6 +207,23 @@ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd,
         apr_md5_encode((const char *)pw, (const char *)salt,
                      cpw, sizeof(cpw));
         break;
+    case ALG_APMD5_TRUE:
+    {
+        const char *hex = "0123456789abcdef";
+        unsigned char hash[MD5_DIGESTSIZE];
+        char *r;
+        int i;
+
+        /* Take the MD5 hash of the string argument.  */
+        apr_md5(hash, pw, strlen(pw));
+
+        for (i = 0, r = cpw; i < MD5_DIGESTSIZE; i++) {
+            *r++ = hex[hash[i] >> 4];
+            *r++ = hex[hash[i] & 0xF];
+        }
+        *r = '\0';
+        break;
+    }
 
     case ALG_PLAIN:
         /* XXX this len limitation is not in sync with any HTTPd len. */
@@ -256,6 +274,8 @@ static void usage(void)
         " (default)"
 #endif
         ".\n");
+    apr_file_printf(errfile, " -5  Force true MD5 encryption of the "
+                             "password.\n");
     apr_file_printf(errfile, " -d  Force CRYPT encryption of the password"
 #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
             " (default)"
@@ -360,6 +380,9 @@ static void check_args(apr_pool_t *pool, int argc, const char *const argv[],
             else if (*arg == 'm') {
                 *alg = ALG_APMD5;
             }
+            else if (*arg == '5') {
+                *alg = ALG_APMD5_TRUE;
+            }
             else if (*arg == 's') {
                 *alg = ALG_APSHA;
             }