On Thu, Jan 19, 2012 at 12:40 PM, Pascal Bellard <[email protected]> wrote: > Hello, > > httpd does not support clear password when FEATURE_HTTPD_AUTH_MD5 is set. > > The fix : > --- busybox/networking/httpd.c.org Thu Jan 19 12:33:37 2012 > +++ busybox/networking/httpd.c Thu Jan 19 12:34:32 2012 > @@ -1840,7 +1840,7 @@ > /* this cfg entry is '*' or matches username from > peer */ > > /* encrypt pwd from peer and check match with > local one */ > - { > + if (passwd[0] == '$' && passwd[1] == '1' && > passwd[2] == '$') { > char *encrypted = pw_encrypt( > /* pwd: */ colon_after_user + 1, > /* salt: */ passwd,
The point is, pw_encrypt() autodetects hash type by looking at salt. It can do md5 and sha256/512, else it defaults to des. In the future, it may even take other hashes (blowfish?). How about this: if passwd[0] is '$', then use pw_encrypt(), else treat it as plain text? -- vda _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
