1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
From c92496720d21ea7888187a8ae305c392d4fe824a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Thu, 12 Feb 2015 06:39:39 +0000
Subject: [PATCH 26/29] [mod_auth] use crypt_r instead of crypt if available
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2986 152afb58-edef-0310-8abb-c4023f1b3aa9
---
NEWS | 1 +
configure.ac | 22 +++++++++++++++-------
src/CMakeLists.txt | 12 +++++++++---
src/config.h.cmake | 3 ++-
src/http_auth.c | 10 +++++++++-
5 files changed, 36 insertions(+), 12 deletions(-)
diff --git a/NEWS b/NEWS
index ddb370d..59fd4f6 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,7 @@ NEWS
* [connections] fix bug in connection state handling
* print backtrace in assert logging with libunwind
* major refactoring of internal buffer/chunk handling
+ * [mod_auth] use crypt_r instead of crypt if available
- 1.4.35 - 2014-03-12
* [network/ssl] fix build error if TLSEXT is disabled
diff --git a/configure.ac b/configure.ac
index c846d1a..16e66d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -528,19 +528,27 @@ if test "$WITH_LUA" != "no"; then
AC_SUBST(LUA_LIBS)
fi
+dnl search for crypt_r and (fallback) for crypt
save_LIBS=$LIBS
-AC_SEARCH_LIBS(crypt,crypt,[
+LIBS=
+AC_SEARCH_LIBS([crypt_r],[crypt],[
+ AC_DEFINE([HAVE_CRYPT_R], [1], [crypt_r])
AC_CHECK_HEADERS([crypt.h],[
- AC_DEFINE([HAVE_CRYPT_H], [1])
+ AC_DEFINE([HAVE_CRYPT_H], [1], [crypt.h])
])
- AC_DEFINE([HAVE_LIBCRYPT], [1], [libcrypt])
- if test "$ac_cv_search_crypt" != no; then
- test "$ac_cv_search_crypt" = "none required" || CRYPT_LIB="$ac_cv_search_crypt"
- fi
+ CRYPT_LIB=$LIBS
+],[
+ AC_SEARCH_LIBS([crypt],[crypt],[
+ AC_CHECK_HEADERS([crypt.h],[
+ AC_DEFINE([HAVE_CRYPT_H], [1], [crypt.h])
+ ])
+
+ CRYPT_LIB=$LIBS
+ ])
])
LIBS=$save_LIBS
-AC_SUBST(CRYPT_LIB)
+AC_SUBST([CRYPT_LIB])
save_LIBS=$LIBS
AC_SEARCH_LIBS(sendfilev,sendfile,[
diff --git a/src/http_auth.c b/src/http_auth.c
index a98ea62..dacf70a 100644
--- a/src/http_auth.c
+++ b/src/http_auth.c
@@ -669,15 +669,23 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
return (strcmp(sample, password->ptr) == 0) ? 0 : 1;
#endif
} else {
-#ifdef HAVE_CRYPT
+#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT)
char *crypted;
+#if defined(HAVE_CRYPT_R)
+ struct crypt_data crypt_tmp_data;
+ crypt_tmp_data.initialized = 0;
+#endif
/* a simple DES password is 2 + 11 characters. everything else should be longer. */
if (buffer_string_length(password) < 13) {
return -1;
}
+#if defined(HAVE_CRYPT_R)
+ if (0 == (crypted = crypt_r(pw, password->ptr, &crypt_tmp_data))) {
+#else
if (0 == (crypted = crypt(pw, password->ptr))) {
+#endif
/* crypt failed. */
return -1;
}
--
2.4.5
|
