1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 --- 52 unchanged lines hidden (view full) --- 61 62#else 63 64#error apr_password_validate() is not threadsafe. rebuild APR without thread support. 65 66#endif 67#endif 68 |
69#if defined(WIN32) || defined(BEOS) || defined(NETWARE) || defined(__ANDROID__) 70#define CRYPT_MISSING 1 71#else 72#define CRYPT_MISSING 0 73#endif 74 |
75/* 76 * Validate a plaintext password against a smashed one. Uses either 77 * crypt() (if available) or apr_md5_encode() or apr_sha1_base64(), depending 78 * upon the format of the smashed input password. Returns APR_SUCCESS if 79 * they match, or APR_EMISMATCH if they don't. If the platform doesn't 80 * support crypt, then the default check is against a clear text string. 81 */ 82APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, 83 const char *hash) 84{ 85 char sample[200]; |
86#if !CRYPT_MISSING |
87 char *crypt_pw; 88#endif 89 if (hash[0] == '$' 90 && hash[1] == '2' 91 && (hash[2] == 'a' || hash[2] == 'y') 92 && hash[3] == '$') { 93 if (_crypt_blowfish_rn(passwd, hash, sample, sizeof(sample)) == NULL) 94 return APR_FROM_OS_ERROR(errno); --- 6 unchanged lines hidden (view full) --- 101 } 102 else if (!strncmp(hash, APR_SHA1PW_ID, APR_SHA1PW_IDLEN)) { 103 apr_sha1_base64(passwd, (int)strlen(passwd), sample); 104 } 105 else { 106 /* 107 * It's not our algorithm, so feed it to crypt() if possible. 108 */ |
109#if CRYPT_MISSING |
110 return (strcmp(passwd, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH; 111#elif defined(CRYPT_R_CRYPTD) 112 apr_status_t rv; 113 CRYPTD *buffer = malloc(sizeof(*buffer)); 114 115 if (buffer == NULL) 116 return APR_ENOMEM; 117 crypt_pw = crypt_r(passwd, hash, buffer); --- 83 unchanged lines hidden --- |