VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-15 23:27:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix misleading crypt vs hash terminology in ht* and dbmmanage tools.

Browse Source 
What the htpasswd, htdbm and dbmmanage tools do is hashing passwords, not
encrypting them, so fix the terminology in manpages, docs, --help, comments
and function names.

Submitted by: Michele Preziuso <mpreziuso kaosdynamics.com>
Reviewed by: ylavic
Github: closes #153


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1884207 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yann Ylavic
2020-12-08 14:06:16 +00:00
parent 7bb1b3dbd6
commit 542f66501b
9 changed files with 118 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
support/dbmmanage.in
View File

@ -32,9 +32,9 @@ sub usage {
die <<SYNTAX;
Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
where enc is -d for crypt encryption (default except on Win32, Netware)
-m for MD5 encryption (default on Win32, Netware)
-s for SHA1 encryption
where enc is -d for crypt hashing (default except on Win32, Netware)
-m for MD5 hashing (default on Win32, Netware)
-s for SHA1 hashing
-p for plaintext
command is one of: $cmds
@ -48,7 +48,7 @@ Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
SYNTAX
}
sub need_sha1_crypt {
sub need_sha1_hash {
if (!eval ('require "Digest/SHA1.pm";')) {
print STDERR <<SHAERR;
dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
@ -56,21 +56,21 @@ available from CPAN:
http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz
Please install Digest::SHA1 and try again, or use a different crypt option:
Please install Digest::SHA1 and try again, or use a different hashing option:
SHAERR
usage();
}
}
sub need_md5_crypt {
sub need_md5_hash {
if (!eval ('require "Crypt/PasswdMD5.pm";')) {
print STDERR <<MD5ERR;
dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN
http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz
Please install Crypt::PasswdMD5 and try again, or use a different crypt option:
Please install Crypt::PasswdMD5 and try again, or use a different hashing option:
MD5ERR
usage();
@ -93,10 +93,10 @@ my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;
my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others?
my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;
my $crypt_method = "crypt";
my $hash_method = "crypt";
if ($crypt_not_supported) {
$crypt_method = "md5";
$hash_method = "md5";
}
# Some platforms won't jump through our favorite hoops
@ -105,7 +105,7 @@ my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others?
my $not_unix = $^O =~ /(?:$not_unix_platforms)/;
if ($crypt_not_supported) {
$crypt_method = "md5";
$hash_method = "md5";
}
if (@ARGV[0] eq "-d") {
@ -114,12 +114,12 @@ if (@ARGV[0] eq "-d") {
print STDERR
"Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
}
$crypt_method = "crypt";
$hash_method = "crypt";
}
if (@ARGV[0] eq "-m") {
shift @ARGV;
$crypt_method = "md5";
$hash_method = "md5";
}
if (@ARGV[0] eq "-p") {
@ -128,20 +128,20 @@ if (@ARGV[0] eq "-p") {
print STDERR
"Warning: Apache/$^O does not support plaintext passwords!\n\n";
}
$crypt_method = "plain";
$hash_method = "plain";
}
if (@ARGV[0] eq "-s") {
shift @ARGV;
need_sha1_crypt();
$crypt_method = "sha1";
need_sha1_hash();
$hash_method = "sha1";
}
if ($crypt_method eq "md5") {
need_md5_crypt();
if ($hash_method eq "md5") {
need_md5_hash();
}
my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;
my($file,$command,$key,$hashed_pwd,$groups,$comment) = @ARGV;
usage() unless $file and $command and defined &{$dbmc::{$command}};
@ -188,7 +188,7 @@ sub saltpw_crypt {
randchar(2);
}
sub cryptpw_crypt {
sub hashpw_crypt {
my ($pw, $salt) = @_;
$salt = saltpw_crypt unless $salt;
crypt $pw, $salt;
@ -199,24 +199,24 @@ sub saltpw_md5 {
randchar(8);
}
sub cryptpw_md5 {
sub hashpw_md5 {
my($pw, $salt) = @_;
$salt = saltpw_md5 unless $salt;
Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
}
sub cryptpw_sha1 {
sub hashpw_sha1 {
my($pw, $salt) = @_;
'{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
}
sub cryptpw {
if ($crypt_method eq "md5") {
return cryptpw_md5(@_);
} elsif ($crypt_method eq "sha1") {
return cryptpw_sha1(@_);
} elsif ($crypt_method eq "crypt") {
return cryptpw_crypt(@_);
sub hashpw {
if ($hash_method eq "md5") {
return hashpw_md5(@_);
} elsif ($hash_method eq "sha1") {
return hashpw_sha1(@_);
} elsif ($hash_method eq "crypt") {
return hashpw_crypt(@_);
}
@_[0]; # otherwise return plaintext
}
@ -243,10 +243,10 @@ sub getpass {
sub dbmc::update {
die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
$crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
$hashed_pwd = (split /:/, $DB{$key}, 3)[0] if $hashed_pwd eq '.';
$groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
$comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
if (!$crypted_pwd || $crypted_pwd eq '-') {
if (!$hashed_pwd || $hashed_pwd eq '-') {
dbmc->adduser;
}
else {
@ -255,23 +255,23 @@ sub dbmc::update {
}
sub dbmc::add {
die "Can't use empty password!\n" unless $crypted_pwd;
die "Can't use empty password!\n" unless $hashed_pwd;
unless($is_update) {
die "Sorry, user `$key' already exists!\n" if $DB{$key};
}
$groups = '' if $groups eq '-';
$comment = '' if $comment eq '-';
$groups .= ":" . $comment if $comment;
$crypted_pwd .= ":" . $groups if $groups;
$DB{$key} = $crypted_pwd;
$hashed_pwd .= ":" . $groups if $groups;
$DB{$key} = $hashed_pwd;
my $action = $is_update ? "updated" : "added";
print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
print "User $key $action with password hashed to $DB{$key} using $hash_method\n";
}
sub dbmc::adduser {
my $value = getpass "New password:";
die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
$crypted_pwd = cryptpw $value;
$hashed_pwd = hashpw $value;
dbmc->add;
}
@ -289,23 +289,23 @@ sub dbmc::check {
my $chkpass = (split /:/, $DB{$key}, 3)[0];
my $testpass = getpass();
if (substr($chkpass, 0, 6) eq '$apr1$') {
need_md5_crypt;
$crypt_method = "md5";
need_md5_hash;
$hash_method = "md5";
} elsif (substr($chkpass, 0, 5) eq '{SHA}') {
need_sha1_crypt;
$crypt_method = "sha1";
need_sha1_hash;
$hash_method = "sha1";
} elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
$crypt_method = "crypt";
$hash_method = "crypt";
} else {
$crypt_method = "plain";
$hash_method = "plain";
}
print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass
? " password ok\n" : " password mismatch\n");
print $hash_method . (hashpw($testpass, $chkpass) eq $chkpass
? " password ok\n" : " password mismatch\n");
}
sub dbmc::import {
while(defined($_ = <STDIN>) and chomp) {
($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;
($key,$hashed_pwd,$groups,$comment) = split /:/, $_, 4;
dbmc->add;
}
}

10
support/htdbm.c
View File

@ -290,13 +290,13 @@ static void htdbm_usage(void)
" -n Don't update database; display results on stdout.\n"
" -b Use the password from the command line rather than prompting for it.\n"
" -i Read password from stdin without verification (for script usage).\n"
" -m Force MD5 encryption of the password (default).\n"
" -B Force BCRYPT encryption of the password (very secure).\n"
" -m Force MD5 hashing of the password (default).\n"
" -B Force BCRYPT hashing of the password (very secure).\n"
" -C Set the computing time used for the bcrypt algorithm\n"
" (higher is more secure but slower, default: %d, valid: 4 to 31).\n"
" -d Force CRYPT encryption of the password (8 chars max, insecure).\n"
" -s Force SHA encryption of the password (insecure).\n"
" -p Do not encrypt the password (plaintext, insecure).\n"
" -d Force CRYPT hashing of the password (8 chars max, insecure).\n"
" -s Force SHA hashing of the password (insecure).\n"
" -p Do not hash the password (plaintext, insecure).\n"
" -T DBM Type (SDBM|GDBM|DB|default).\n"
" -l Display usernames from database on stdout.\n"
" -v Verify the username/password.\n"

14
support/htpasswd.c
View File

@ -108,17 +108,17 @@ static void usage(void)
" -b Use the password from the command line rather than prompting "
"for it." NL
" -i Read password from stdin without verification (for script usage)." NL
" -m Force MD5 encryption of the password (default)." NL
" -2 Force SHA-256 crypt() hash of the password (secure)." NL
" -5 Force SHA-512 crypt() hash of the password (secure)." NL
" -B Force bcrypt encryption of the password (very secure)." NL
" -m Force MD5 hashing of the password (default)." NL
" -2 Force SHA-256 hashing of the password (secure)." NL
" -5 Force SHA-512 hashing of the password (secure)." NL
" -B Force bcrypt hashing of the password (very secure)." NL
" -C Set the computing time used for the bcrypt algorithm" NL
" (higher is more secure but slower, default: %d, valid: 4 to 17)." NL
" -r Set the number of rounds used for the SHA-256, SHA-512 algorithms" NL
" (higher is more secure but slower, default: 5000)." NL
" -d Force CRYPT encryption of the password (8 chars max, insecure)." NL
" -s Force SHA-1 encryption of the password (insecure)." NL
" -p Do not encrypt the password (plaintext, insecure)." NL
" -d Force CRYPT hashing of the password (8 chars max, insecure)." NL
" -s Force SHA-1 hashing of the password (insecure)." NL
" -p Do not hash the password (plaintext, insecure)." NL
" -D Delete the specified user." NL
" -v Verify password for the specified user." NL
"On other systems than Windows and NetWare the '-p' flag will "