Revision: 7509
http://sourceforge.net/p/ipcop/svn/7509
Author: owes
Date: 2014-04-30 18:26:31 +0000 (Wed, 30 Apr 2014)
Log Message:
-----------
The passwords stored for proxy local authentication are stored using MD5 not
CRYPT. Therefore passwords cannot be verified using Perl crypt().
Solved by adding Apache::Htpasswd which can work with both CRYPT and MD5
passwords.
Modified Paths:
--------------
ipcop/trunk/html/vhost81/cgi-bin/chpasswd.cgi
ipcop/trunk/make.sh
ipcop/trunk/updates/2.1.5/ROOTFILES.i486-2.1.5
Added Paths:
-----------
ipcop/trunk/config/rootfiles/common/Apache-Htpasswd
ipcop/trunk/config/rootfiles/common/Crypt-PasswdMD5
ipcop/trunk/lfs/Apache-Htpasswd
ipcop/trunk/lfs/Crypt-PasswdMD5
Added: ipcop/trunk/config/rootfiles/common/Apache-Htpasswd
===================================================================
--- ipcop/trunk/config/rootfiles/common/Apache-Htpasswd
(rev 0)
+++ ipcop/trunk/config/rootfiles/common/Apache-Htpasswd 2014-04-30 18:26:31 UTC
(rev 7509)
@@ -0,0 +1,6 @@
+#usr/lib/perl5/site_perl/PERLVER/Apache
+usr/lib/perl5/site_perl/PERLVER/Apache/Htpasswd.pm
+#usr/lib/perl5/site_perl/PERLVER/MACHINE-linux/auto/Apache
+#usr/lib/perl5/site_perl/PERLVER/MACHINE-linux/auto/Apache/Htpasswd
+#usr/lib/perl5/site_perl/PERLVER/MACHINE-linux/auto/Apache/Htpasswd/.packlist
+#usr/share/man/man3/Apache::Htpasswd.3
Added: ipcop/trunk/config/rootfiles/common/Crypt-PasswdMD5
===================================================================
--- ipcop/trunk/config/rootfiles/common/Crypt-PasswdMD5
(rev 0)
+++ ipcop/trunk/config/rootfiles/common/Crypt-PasswdMD5 2014-04-30 18:26:31 UTC
(rev 7509)
@@ -0,0 +1,6 @@
+#usr/lib/perl5/site_perl/PERLVER/Crypt
+usr/lib/perl5/site_perl/PERLVER/Crypt/PasswdMD5.pm
+#usr/lib/perl5/site_perl/PERLVER/MACHINE-linux/auto/Crypt
+#usr/lib/perl5/site_perl/PERLVER/MACHINE-linux/auto/Crypt/PasswdMD5
+#usr/lib/perl5/site_perl/PERLVER/MACHINE-linux/auto/Crypt/PasswdMD5/.packlist
+#usr/share/man/man3/Crypt::PasswdMD5.3
Modified: ipcop/trunk/html/vhost81/cgi-bin/chpasswd.cgi
===================================================================
--- ipcop/trunk/html/vhost81/cgi-bin/chpasswd.cgi 2014-04-30 18:12:33 UTC
(rev 7508)
+++ ipcop/trunk/html/vhost81/cgi-bin/chpasswd.cgi 2014-04-30 18:26:31 UTC
(rev 7509)
@@ -16,12 +16,13 @@
# along with IPCop. If not, see <http://www.gnu.org/licenses/>.
#
# (c) 2005 marco.s - http://www.advproxy.net
-# (c) 2010-2011 The IPCop Team
+# (c) 2010-2014 The IPCop Team
#
# $Id$
#
use strict;
+use Apache::Htpasswd;
# enable only the following on debugging purpose
#use warnings;
@@ -38,7 +39,7 @@
### Initialize environment
&General::readhash("/var/ipcop/proxy/settings", \%proxysettings);
-my $userdb = "/var/ipcop/proxy/ncsa/passwd";
+my $userdb = '/var/ipcop/proxy/ncsa/passwd';
my @users = ();
my @temp = ();
@@ -49,10 +50,16 @@
my $cryptpwd = '';
my $returncode = '';
+$cgiparams{'SUBMIT'} = '';
&General::getcgihash(\%cgiparams);
if ($cgiparams{'SUBMIT'} eq $Lang::tr{'change password'})
{
+ if (! -e $userdb) {
+ $errormessage = $Lang::tr{'errmsg change fail'};
+ goto ERROR;
+ }
+
if ($cgiparams{'USERNAME'} eq '') {
$errormessage = $Lang::tr{'errmsg no username'};
goto ERROR;
@@ -69,40 +76,20 @@
$errormessage = $Lang::tr{'errmsg password length 1'}.'
'.$proxysettings{'NCSA_MIN_PASS_LEN'}.' '.$Lang::tr{'errmsg password length 2'};
goto ERROR;
}
- if (! -z $userdb) {
- open FILE, $userdb;
- @users = <FILE>;
- close FILE;
- $username = '';
- $cryptpwd = '';
-
- foreach (@users) {
- chomp;
- @temp = split(/:/,$_);
- if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i) {
- $username = $temp[0];
- $cryptpwd = $temp[1];
- }
- }
- }
- if ($username eq '') {
+ my $htpasswd = new Apache::Htpasswd($userdb);
+ $cryptpwd = $htpasswd->fetchPass($cgiparams{'USERNAME'});
+ if (!$cryptpwd) {
$errormessage = $Lang::tr{'errmsg invalid user'};
goto ERROR;
}
- if (!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)) {
+ if (!$htpasswd->htpasswd($cgiparams{'USERNAME'},
$cgiparams{'NEW_PASSWORD_1'}, $cgiparams{'OLD_PASSWORD'})) {
$errormessage = $Lang::tr{'incorrect password'};
goto ERROR;
}
- $returncode = system("/usr/sbin/htpasswd -b $userdb $username
$cgiparams{'NEW_PASSWORD_1'}");
- if ($returncode == 0) {
- $success = 1;
- undef %cgiparams;
- }
- else {
- $errormessage = $Lang::tr{'errmsg change fail'};
- goto ERROR;
- }
+
+ $success = 1;
+ undef %cgiparams;
}
ERROR:
@@ -222,20 +209,18 @@
}
}
+
+# manual page reference, not in user page
+# http://www.ipcop.org/2.0.0/en/admin/html/webaccess-passwords.html
+
print <<END
</table>
<hr />
<table width='100%'>
<tr>
<td class='comment1button'> </td>
-
<td class='button1button'><input type='submit'
name='SUBMIT' value='$Lang::tr{'change password'}' /></td>
-
- <td class='onlinehelp'>
- <!--<a
href='http://www.ipcop.org/2.0.0/en/admin/html/webaccess-passwords.html'
- target='_blank'><img
src='/images/web-support.png' alt='Online Help (in English)'
- title='Online Help (in English)' /></a>-->
- </td>
+ <td class='onlinehelp'> </td>
</tr>
</table>
</td>
@@ -271,5 +256,3 @@
END
;
-
-&Header::closepage('skip_connected');
Added: ipcop/trunk/lfs/Apache-Htpasswd
===================================================================
--- ipcop/trunk/lfs/Apache-Htpasswd (rev 0)
+++ ipcop/trunk/lfs/Apache-Htpasswd 2014-04-30 18:26:31 UTC (rev 7509)
@@ -0,0 +1,93 @@
+###############################################################################
+# This file is part of the IPCop Firewall. #
+# #
+# IPCop is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPCop is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPCop; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Makefiles are based on LFSMake, which is #
+# Copyright (C) 2002 Rod Roard <[email protected]>
#
+# #
+# Modifications by: #
+# ??-12-2003 Mark Wormgoor < [email protected]> #
+# - Modified Makefile for IPCop build #
+# #
+# $Id: Archive-Zip 7354 2014-03-21 21:09:10Z owes $
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+PKG_NAME = Apache-Htpasswd
+VER = 1.9
+HOST_ARCH = all
+OTHER_SRC = yes
+
+THISAPP = $(PKG_NAME)-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_CPAN)/K/KM/KMELTZ
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(STAGE_ORDER)_$(STAGE)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = ee2ca41f9dd92d7a830a5ba65fcbeef0
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(firstword $(MAKEFILE_LIST)) $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
+ cd $(DIR_APP) && perl Makefile.PL
+ cd $(DIR_APP) && make
+ifeq "$(RUNNING_TEST)" "yes"
+ -cd $(DIR_APP) && make test TEST_VERBOSE=1 &>
$(DIR_TEST)/$(THISAPP)-$(STAGE_ORDER).log
+endif
+ cd $(DIR_APP) && make install
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
Property changes on: ipcop/trunk/lfs/Apache-Htpasswd
___________________________________________________________________
Added: svn:keyword
## -0,0 +1 ##
+Id
\ No newline at end of property
Added: ipcop/trunk/lfs/Crypt-PasswdMD5
===================================================================
--- ipcop/trunk/lfs/Crypt-PasswdMD5 (rev 0)
+++ ipcop/trunk/lfs/Crypt-PasswdMD5 2014-04-30 18:26:31 UTC (rev 7509)
@@ -0,0 +1,93 @@
+###############################################################################
+# This file is part of the IPCop Firewall. #
+# #
+# IPCop is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPCop is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPCop; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Makefiles are based on LFSMake, which is #
+# Copyright (C) 2002 Rod Roard <[email protected]>
#
+# #
+# Modifications by: #
+# ??-12-2003 Mark Wormgoor < [email protected]> #
+# - Modified Makefile for IPCop build #
+# #
+# $Id: Archive-Zip 7354 2014-03-21 21:09:10Z owes $
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+PKG_NAME = Crypt-PasswdMD5
+VER = 1.40
+HOST_ARCH = all
+OTHER_SRC = yes
+
+THISAPP = $(PKG_NAME)-$(VER)
+DL_FILE = $(THISAPP).tgz
+DL_FROM = $(URL_CPAN)/R/RS/RSAVAGE
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(STAGE_ORDER)_$(STAGE)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = efc61e1f62c9768be39df2613d685343
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(firstword $(MAKEFILE_LIST)) $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
+ cd $(DIR_APP) && perl Makefile.PL
+ cd $(DIR_APP) && make
+ifeq "$(RUNNING_TEST)" "yes"
+ -cd $(DIR_APP) && make test TEST_VERBOSE=1 &>
$(DIR_TEST)/$(THISAPP)-$(STAGE_ORDER).log
+endif
+ cd $(DIR_APP) && make install
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
Property changes on: ipcop/trunk/lfs/Crypt-PasswdMD5
___________________________________________________________________
Added: svn:keyword
## -0,0 +1 ##
+Id
\ No newline at end of property
Modified: ipcop/trunk/make.sh
===================================================================
--- ipcop/trunk/make.sh 2014-04-30 18:12:33 UTC (rev 7508)
+++ ipcop/trunk/make.sh 2014-04-30 18:26:31 UTC (rev 7509)
@@ -1910,6 +1910,8 @@
chroot_make sqlite # before DBD-SQLite and ulogd that
depend on it
# PERL CPAN packages
chroot_make Archive-Zip # OpenVPN
+ chroot_make Apache-Htpasswd
+ chroot_make Crypt-PasswdMD5
chroot_make URI
chroot_make HTML-Tagset
chroot_make HTML-Parser
Modified: ipcop/trunk/updates/2.1.5/ROOTFILES.i486-2.1.5
===================================================================
--- ipcop/trunk/updates/2.1.5/ROOTFILES.i486-2.1.5 2014-04-30 18:12:33 UTC
(rev 7508)
+++ ipcop/trunk/updates/2.1.5/ROOTFILES.i486-2.1.5 2014-04-30 18:26:31 UTC
(rev 7509)
@@ -136,6 +136,10 @@
/usr/lib/openvpn/plugins/openvpn-plugin-down-root.la
/usr/sbin/openvpn
##
+## perl Apache-Htpasswd and Crypt-PasswdMD5
+/usr/lib/perl5/site_perl/5.14.2/Apache/Htpasswd.pm
+/usr/lib/perl5/site_perl/5.14.2/Crypt/PasswdMD5.pm
+##
## perl DBD-SQLite-1.42
/usr/lib/perl5/site_perl/5.14.2/i486-linux/DBD/SQLite.pm
/usr/lib/perl5/site_perl/5.14.2/i486-linux/auto/DBD/SQLite/SQLite.so
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
