static void add_password(char *user, char *realm, FILE *f) { char *pw; AP_MD5_CTX context; unsigned char digest[16]; char string[MAX_STRING_LEN]; char pwin[MAX_STRING_LEN]; char pwv[MAX_STRING_LEN]; unsigned int i; if (ap_getpass("New password: "******"password too long"); exit(5); } ap_getpass("Re-type new password: "******"They don't match, sorry.\n"); if (tn) { unlink(tn); } exit(1); } pw = pwin; fprintf(f, "%s:%s:", user, realm); /* Do MD5 stuff */ sprintf(string, "%s:%s:%s", user, realm, pw); ap_MD5Init(&context); ap_MD5Update(&context, (unsigned char *) string, strlen(string)); ap_MD5Final(digest, &context); for (i = 0; i < 16; i++) fprintf(f, "%02x", digest[i]); fprintf(f, "\n"); }
/* * Make a password record from the given information. A zero return * indicates success; failure means that the output buffer contains an * error message instead. */ static int mkrecord(char *user, char *record, size_t rlen, char *passwd, int alg) { char *pw; char cpw[120]; char pwin[MAX_STRING_LEN]; char pwv[MAX_STRING_LEN]; char salt[9]; if (passwd != NULL) { pw = passwd; } else { #ifdef TPF fprintf(stderr, "Invalid entry. The -b option is required on TPF.\n"); return usage(); #else if (ap_getpass("New password: "******"password too long (>%lu)", (unsigned long) (sizeof(pwin) - 1)); return ERR_OVERFLOW; } ap_getpass("Re-type new password: "******"password verification error", (rlen - 1)); return ERR_PWMISMATCH; } pw = pwin; memset(pwv, '\0', sizeof(pwin)); #endif /* TPF */ } switch (alg) { case ALG_APSHA: /* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */ ap_sha1_base64(pw,strlen(pw),cpw); break; case ALG_APMD5: (void) srand((int) time((time_t *) NULL)); ap_to64(&salt[0], rand(), 8); salt[8] = '\0'; ap_MD5Encode((const unsigned char *)pw, (const unsigned char *)salt, cpw, sizeof(cpw)); break; case ALG_PLAIN: /* XXX this len limitation is not in sync with any HTTPd len. */ ap_cpystrn(cpw,pw,sizeof(cpw)); break; case ALG_CRYPT: default: (void) srand((int) time((time_t *) NULL)); ap_to64(&salt[0], rand(), 8); salt[8] = '\0'; ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1); break; } memset(pw, '\0', strlen(pw)); /* * Check to see if the buffer is large enough to hold the username, * hash, and delimiters. */ if ((strlen(user) + 1 + strlen(cpw)) > (rlen - 1)) { ap_cpystrn(record, "resultant record too long", (rlen - 1)); return ERR_OVERFLOW; } strcpy(record, user); strcat(record, ":"); strcat(record, cpw); return 0; }