htpasswd.c

Checkout Tools
  • last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
* support/htpasswd.c (usage): More usage fixes for SHA-2; describe

as "secure", leave bcrypt only algorithm described as "very secure".

* support/htpasswd.c (usage): Document SHA-256/512 support.

Add support for SHA-2 crypt() algorithm in htpasswd.

* configure.in: Detect SHA-2 support in crypt().

* support/passwd_common.h: Define ALG_CRYPT_SHA256, ALG_CRYPT_SHA512,

include ap_config_auto.h.

* support/htpasswd.c (check_args): Allow -2, -5, -r arguments for

SHA-256, SHA-256 and rounds options respectively.

* support/passwd_common.c

(parse_common_options): Parse -2, -5, -r args.

(mkhash): Generate crypt hash for SHA256/SHA512 algorithms.

  1. … 3 more files in changeset.
* support/htpasswd.c (usage): Fix bcrypt round maximum.

* docs/manual/programs/htpasswd.xml: Document that bcrypt rounds are

capped at 17.

PR: 62078

  1. … 1 more file in changeset.
* support/htpasswd.c (main): Only check for readability if running in

verify (-v) mode.

PR: 61631

  1. … 1 more file in changeset.
* Do not apply the strict permissions of the temporary file to a possibly

existing passwd file.

This long standing bug was triggered by fixing a bug in APR in r1791029.

PR: 61240

  1. … 2 more files in changeset.
htpasswd: don't point to (unused) stack memory on output

to make static analysers happy. PR 60634.

Reported by shqking and Zhenwei Zou.

htpasswd: Add -v option to verify a password

htpasswd and htdbm could use some more refactoring...

  1. … 4 more files in changeset.
fix htpasswd/htdbm brown paper bag bugs

- use the correct string to generate the hash from. PR 54735

- print error message instead of empty string

while there, replace strdup + check for oom with apr_pstrdup

  1. … 2 more files in changeset.
htdbm, htpasswd: print error message if out of memory

PR: 54345

  1. … 3 more files in changeset.
htdbm:

- Add vxl to getopt

- Remove "-C" from usage for -x and -l

- Add space between -C and "cost"

- Usage reorder and sync with htpasswd

htpasswd:

- Usage reorder and sync with htdbm

  1. … 1 more file in changeset.
Optionally read passwords from stdin

PR: 40243

Submitted by: Adomas Paltanavicius <adomas paltanavicius gmail com>, sf

  1. … 4 more files in changeset.
add support for bcrypt

PR: 49288

  1. … 4 more files in changeset.
Start refactoring of htpasswd and htdbm

- Move many common code parts into separate source file. This adds some

of htpasswd's recent improvements to htdbm.

- Rework salt generation to use the full 48bit of entropy for MD5

Previously, it would only generate 2^32 different salts on a given

platform.

- Use apr_getopt().

  1. … 5 more files in changeset.
htpasswd: Use correct file mode for checking if file is writable.

Also switch to the non-deprecated APR_FOPEN_* flags

PR: 45923

  1. … 1 more file in changeset.
note more prominently that SHA and crypt are insecure

  1. … 1 more file in changeset.
* support/htpasswd.c (mkrecord): Handle crypt() failure.

* support/htdbm.c (htdbm_make): Handle crypt() failure.

Submitted by: Paul Wouters <pwouters redhat.com>, jorton

  1. … 2 more files in changeset.
Cleanup effort in prep for GA push:

Trim trailing whitespace... no func change

  1. … 118 more files in changeset.
hide some unused code on Win32 and NetWare

  1. … 1 more file in changeset.
Fix brown-paper-bag bug.

Verify that password has been truncated before printing a warning.

Print a warning if a password is truncated by crypt.

htpasswd: Improve out of disk space handling

PR: 30877

  1. … 1 more file in changeset.
Change the default algorithm for htpasswd to MD5 on all platforms. Crypt

with its 8 character limit is not useful anymore.

  1. … 2 more files in changeset.
remove TPF support
  1. … 15 more files in changeset.
* support/htpasswd.c (seed_rand): Fix compiler warning.

Fix printing of error message.

Improve generation of the seed to rand, by using apr_generate_random_bytes,

rather than the current time as a seed.

PR: 31440

Improve salt string generation.

PR: 31440

Submited by: Andreas Krennmair <ak synflood.at>

Make the hardcoded checks for platforms-without-crypt consistent.

This apparently fixes some oddities on TPF.

Submitted by: David Jones <oscaremma gmail.com>

Reviewed by: wrowe, trawick