aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRon Yorston <rmy@pobox.com>2020-04-09 09:48:49 +0100
committerRon Yorston <rmy@pobox.com>2020-04-09 09:48:49 +0100
commit4e2a8f454acabca58c4d3aee607732d16b50281c (patch)
tree2dc97f18eb9fcbf810b3da76b5eec025641cec24
parente9715893fdd30b6de367b3e0f0d9e3c362ec8889 (diff)
downloadbusybox-w32-4e2a8f454acabca58c4d3aee607732d16b50281c.tar.gz
busybox-w32-4e2a8f454acabca58c4d3aee607732d16b50281c.tar.bz2
busybox-w32-4e2a8f454acabca58c4d3aee607732d16b50281c.zip
httpd: allow use of MD5-encrypted passwords
Allow use of MD5-encrypted passwords in HTTP authentication. However: - Since it adds 4K to the size of the binary it isn't enabled by default. Unencrypted password are allowed in the default build. - The use of '*' wildcards for user/password in the configuration file isn't allowed. - Enabling this feature requires enabling 'Use internal crypt functions' (USE_BB_CRYPT) in the 'Login/Password Management Utilities' section.
-rw-r--r--networking/httpd.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index 35c94cb00..efe57ecf7 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2022,6 +2022,7 @@ static int check_user_passwd(const char *path, char *user_and_passwd)
2022 goto bad_input; 2022 goto bad_input;
2023 2023
2024 /* compare "user:" */ 2024 /* compare "user:" */
2025# if !ENABLE_PLATFORM_MINGW32
2025 if (cur->after_colon[0] != '*' 2026 if (cur->after_colon[0] != '*'
2026 && strncmp(cur->after_colon, user_and_passwd, 2027 && strncmp(cur->after_colon, user_and_passwd,
2027 colon_after_user - user_and_passwd + 1) != 0 2028 colon_after_user - user_and_passwd + 1) != 0
@@ -2029,11 +2030,20 @@ static int check_user_passwd(const char *path, char *user_and_passwd)
2029 continue; 2030 continue;
2030 } 2031 }
2031 /* this cfg entry is '*' or matches username from peer */ 2032 /* this cfg entry is '*' or matches username from peer */
2033# else
2034 if (strncmp(cur->after_colon, user_and_passwd,
2035 colon_after_user - user_and_passwd + 1) != 0
2036 ) {
2037 continue;
2038 }
2039 /* this cfg entry matches username from peer */
2040# endif
2032 2041
2033 passwd = strchr(cur->after_colon, ':'); 2042 passwd = strchr(cur->after_colon, ':');
2034 if (!passwd) 2043 if (!passwd)
2035 goto bad_input; 2044 goto bad_input;
2036 passwd++; 2045 passwd++;
2046# if !ENABLE_PLATFORM_MINGW32
2037 if (passwd[0] == '*') { 2047 if (passwd[0] == '*') {
2038# if ENABLE_PAM 2048# if ENABLE_PAM
2039 struct pam_userinfo userinfo; 2049 struct pam_userinfo userinfo;
@@ -2081,11 +2091,12 @@ static int check_user_passwd(const char *path, char *user_and_passwd)
2081 goto check_encrypted; 2091 goto check_encrypted;
2082# endif /* ENABLE_PAM */ 2092# endif /* ENABLE_PAM */
2083 } 2093 }
2094# endif /* !ENABLE_PLATFORM_MINGW32 */
2084 /* Else: passwd is from httpd.conf, it is either plaintext or encrypted */ 2095 /* Else: passwd is from httpd.conf, it is either plaintext or encrypted */
2085 2096
2086 if (passwd[0] == '$' && isdigit(passwd[1])) { 2097 if (passwd[0] == '$' && isdigit(passwd[1])) {
2087 char *encrypted; 2098 char *encrypted;
2088# if !ENABLE_PAM 2099# if !ENABLE_PAM && !ENABLE_PLATFORM_MINGW32
2089 check_encrypted: 2100 check_encrypted:
2090# endif 2101# endif
2091 /* encrypt pwd from peer and check match with local one */ 2102 /* encrypt pwd from peer and check match with local one */