Stas Bekman wrote:
>Steve Hay wrote:
>
>
>>Stas Bekman wrote:
>>
>>
>>
>>
>>>Can you take a look at apr_password_validate and see why it doesn't validate
>>>on windows?
>>>
>>>
>>>
>>Doh! -- it contains this:
>>
>>#if defined(WIN32) || defined(BEOS) || defined(NETWARE)
>> apr_cpystrn(sample, passwd, sizeof(sample) - 1);
>>#elif...
>>
>>
>
>Hmm, what's the point of having APR function which doesn't work crossplatform?
>
Well apr_password_validate() actually kicks off like this:
if (!strncmp(hash, apr1_id, strlen(apr1_id))) {
/*
* The hash was created using our custom algorithm.
*/
apr_md5_encode(passwd, hash, sample, sizeof(sample));
}
else {
/*
* It's not our algorithm, so feed it to crypt() if possible.
*/
#if defined(WIN32) || defined(BEOS) || defined(NETWARE)
apr_cpystrn(sample, passwd, sizeof(sample) - 1);
#else
... do stuff using crypt ...
so it's only the case where "it's not our algorithm" in which the
password gets crypted at all, but copied rather than crypted on Win32
(no doubt because Win32 doesn't have a native crypt() function -- Perl
only has crypt() on Win32 by default since 5.8.1 when an fcrypt()
implementation was added to the Perl source to provide it.)
>Do we want to support it at all?
>
Maybe, since the apr_md5_encode() does look to be portable, but it would
be most useful if apr_md5_encode() was supported in the Perl glue too so
that apr m5 hashes can be produced in the first place.
>
>
>
>>so the below patch makes it pass on Win32.
>>
>>
>
>More like hiding the problem, IMHO. Making a test pass is easy, the question
>is whether it actually tests something.
>
What problem? It tests what the function does! The question is whether
the function actually does something useful :)
>
>
>
>>Is mp2 supported on BeOS / NetWare?
>>
>>
>
>I have no clue. In theory it should run on all platforms Apache and Perl are
>supported, but I don't remember anybody reporting any successes or failures on
>those platforms.
>
>
>
>
>>Index: t/response/TestAPR/util.pm
>>===================================================================
>>RCS file: /home/cvspublic/modperl-2.0/t/response/TestAPR/util.pm,v
>>retrieving revision 1.8
>>diff -u -r1.8 util.pm
>>--- t/response/TestAPR/util.pm 22 May 2004 21:47:32 -0000 1.8
>>+++ t/response/TestAPR/util.pm 25 May 2004 10:19:32 -0000
>>@@ -23,7 +23,7 @@
>> ok ! APR::Util::password_validate("one", "two");
>>
>> my $clear = "pass1";
>>- my $hash = "1fWDc9QWYCWrQ";
>>+ my $hash = $^O =~ /MSWin32/ ? $clear : "1fWDc9QWYCWrQ";
>> ok APR::Util::password_validate($clear, $hash);
>>
>>
>
>That's comparing clear text to clear text, isn't it?
>
Which is correct given that the function simply calls apr_cpystrn() on
Win32, isn't it?
So I think we should (a) support apr_md5_encode() and (b) add a note to
the APR::Util::password_validate() docs that whilst it is possible to
call crypt() in Perl on Win32 (at least as of 5.8.1),
password_validate() doesn't support that format of smashed password on
Win32 because of limitations in the APR C library.
(Or: see if the APR C library maintainers would be interested in adding
the fcrypt() that Perl uses to provide crypt() on Win32?)
- Steve
------------------------------------------------
Radan Computational Ltd.
The information contained in this message and any files transmitted with it are
confidential and intended for the addressee(s) only. If you have received this
message in error or there are any problems, please notify the sender immediately. The
unauthorized use, disclosure, copying or alteration of this message is strictly
forbidden. Note that any views or opinions presented in this email are solely those
of the author and do not necessarily represent those of Radan Computational Ltd. The
recipient(s) of this message should check it and any attached files for viruses: Radan
Computational will accept no liability for any damage caused by any virus transmitted
by this email.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
