| apr_passwd.c (253734) | apr_passwd.c (272076) |
|---|---|
| 1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 --- 52 unchanged lines hidden (view full) --- 61 62#else 63 64#error apr_password_validate() is not threadsafe. rebuild APR without thread support. 65 66#endif 67#endif 68 | 1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 --- 52 unchanged lines hidden (view full) --- 61 62#else 63 64#error apr_password_validate() is not threadsafe. rebuild APR without thread support. 65 66#endif 67#endif 68 |
| 69#if defined(WIN32) || defined(BEOS) || defined(NETWARE) || defined(__ANDROID__) 70#define CRYPT_MISSING 1 71#else 72#define CRYPT_MISSING 0 73#endif 74 |
|
| 69/* 70 * Validate a plaintext password against a smashed one. Uses either 71 * crypt() (if available) or apr_md5_encode() or apr_sha1_base64(), depending 72 * upon the format of the smashed input password. Returns APR_SUCCESS if 73 * they match, or APR_EMISMATCH if they don't. If the platform doesn't 74 * support crypt, then the default check is against a clear text string. 75 */ 76APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, 77 const char *hash) 78{ 79 char sample[200]; | 75/* 76 * Validate a plaintext password against a smashed one. Uses either 77 * crypt() (if available) or apr_md5_encode() or apr_sha1_base64(), depending 78 * upon the format of the smashed input password. Returns APR_SUCCESS if 79 * they match, or APR_EMISMATCH if they don't. If the platform doesn't 80 * support crypt, then the default check is against a clear text string. 81 */ 82APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, 83 const char *hash) 84{ 85 char sample[200]; |
| 80#if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) | 86#if !CRYPT_MISSING |
| 81 char *crypt_pw; 82#endif 83 if (hash[0] == '$' 84 && hash[1] == '2' 85 && (hash[2] == 'a' || hash[2] == 'y') 86 && hash[3] == '$') { 87 if (_crypt_blowfish_rn(passwd, hash, sample, sizeof(sample)) == NULL) 88 return APR_FROM_OS_ERROR(errno); --- 6 unchanged lines hidden (view full) --- 95 } 96 else if (!strncmp(hash, APR_SHA1PW_ID, APR_SHA1PW_IDLEN)) { 97 apr_sha1_base64(passwd, (int)strlen(passwd), sample); 98 } 99 else { 100 /* 101 * It's not our algorithm, so feed it to crypt() if possible. 102 */ | 87 char *crypt_pw; 88#endif 89 if (hash[0] == '$' 90 && hash[1] == '2' 91 && (hash[2] == 'a' || hash[2] == 'y') 92 && hash[3] == '$') { 93 if (_crypt_blowfish_rn(passwd, hash, sample, sizeof(sample)) == NULL) 94 return APR_FROM_OS_ERROR(errno); --- 6 unchanged lines hidden (view full) --- 101 } 102 else if (!strncmp(hash, APR_SHA1PW_ID, APR_SHA1PW_IDLEN)) { 103 apr_sha1_base64(passwd, (int)strlen(passwd), sample); 104 } 105 else { 106 /* 107 * It's not our algorithm, so feed it to crypt() if possible. 108 */ |
| 103#if defined(WIN32) || defined(BEOS) || defined(NETWARE) | 109#if CRYPT_MISSING |
| 104 return (strcmp(passwd, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH; 105#elif defined(CRYPT_R_CRYPTD) 106 apr_status_t rv; 107 CRYPTD *buffer = malloc(sizeof(*buffer)); 108 109 if (buffer == NULL) 110 return APR_ENOMEM; 111 crypt_pw = crypt_r(passwd, hash, buffer); --- 83 unchanged lines hidden --- | 110 return (strcmp(passwd, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH; 111#elif defined(CRYPT_R_CRYPTD) 112 apr_status_t rv; 113 CRYPTD *buffer = malloc(sizeof(*buffer)); 114 115 if (buffer == NULL) 116 return APR_ENOMEM; 117 crypt_pw = crypt_r(passwd, hash, buffer); --- 83 unchanged lines hidden --- |