cvs commit: apache-1.3/src/support htpasswd.c
coar99/04/09 20:46:00
Modified:src/support htpasswd.c
Log:
free() some malloc()ed memory on error exit -- and remove a
stray debugging message (d'oh!).
Revision ChangesPath
1.27 +2 -1 apache-1.3/src/support/htpasswd.c
Index: htpasswd.c
===
RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- htpasswd.c1999/04/08 22:17:53 1.26
+++ htpasswd.c1999/04/10 03:45:59 1.27
@@ -244,6 +244,7 @@
pw = strd((char *) getpass(New password: ));
if (strcmp(pw, (char *) getpass(Re-type new password: ))) {
ap_cpystrn(record, password verification error, (rlen - 1));
+ free(pw);
return ERR_PWMISMATCH;
}
}
@@ -260,7 +261,7 @@
ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
break;
}
-fprintf(stderr, Yow!\n);
+
/*
* Now that we have the smashed password, we don't need the
* plaintext one any more.
cvs commit: apache-apr/apr/lib Makefile.in
bjh 99/04/09 21:28:03 Modified:apr configure.in Makefile.in apr/lib Makefile.in Added: apr/file_io/os2 Makefile Log: Some additions to the configure and build process for OS/2. Revision ChangesPath 1.4 +1 -0 apache-apr/apr/configure.in Index: configure.in === RCS file: /home/cvs/apache-apr/apr/configure.in,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- configure.in 1999/04/09 05:37:00 1.3 +++ configure.in 1999/04/10 04:28:00 1.4 @@ -9,6 +9,7 @@ dnl Checks for programs. AC_PROG_CC AC_PROG_RANLIB +AC_CHECK_PROGS(SH, /bin/sh sh) dnl Checks for libraries. 1.2 +2 -0 apache-apr/apr/Makefile.in Index: Makefile.in === RCS file: /home/cvs/apache-apr/apr/Makefile.in,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- Makefile.in 1999/03/25 20:12:21 1.1 +++ Makefile.in 1999/04/10 04:28:00 1.2 @@ -1,10 +1,12 @@ # # APR (Apache Portable Runtime) library Makefile. # [EMAIL PROTECTED]@ # # Macros for compilation commands # [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ @CFLAGS@ @OPTIM@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ $(LDLIBS) 1.1 apache-apr/apr/file_io/os2/Makefile Index: Makefile === ## ## Apache Makefile, currently created manually. ## SRCDIR=.. EXTRA_CFLAGS=-g EXTRA_LDFLAGS= EXTRA_LIBS= EXTRA_INCLUDES= EXTRA_DEPS= OSDIR= INCDIR=../../../include INCLUDES0=-I $(INCDIR) SHELL=sh CC=gcc CPP=gcc -E TARGET= OPTIM= CFLAGS_SHLIB=-fpic -DSHARED_MODULE LD_SHLIB=ld LDFLAGS_SHLIB=-Bshareable LDFLAGS_SHLIB_EXPORT=-rdynamic CFLAGS1= -DOS2 -DUSE_HSREGEX INCLUDES1= LIBS_SHLIB= LDFLAGS1= MFLAGS_STATIC=--no-print-directory REGLIB=regex/libregex.a RANLIB=ar s LIBS1= -lm CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS) LIBS=$(EXTRA_LIBS) $(LIBS1) INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES) LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS) LIB=file.a OBJS= open.o readwrite.o filedup.o filestat.o maperrorcode.o seek.o .c.o: $(CC) -c $(INCLUDES) $(CFLAGS) $ all: $(HEADERS) $(LIB) $(LIB): $(OBJS) rm -f $@ ar cr $@ $(OBJS) $(RANLIB) $@ cp $@ ../ clean: rm -f *.o $(LIB) distclean: clean -rm -f Makefile # We really don't expect end users to use this rule. It works only with # gcc, and rebuilds Makefile.tmpl. You have to re-run Configure after # using it. depend: cp Makefile.tmpl Makefile.tmpl.bak \ sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl Makefile.new \ gcc -MM $(INCLUDES) $(CFLAGS) *.c Makefile.new \ sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \ -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \ Makefile.tmpl \ rm Makefile.new #Dependencies $(OBJS): Makefile # DO NOT REMOVE open.o: open.c filestat.c readwrite.o: readwrite.c filedup.o: filedup.c filestat.o: filestat.c seek.o: seek.c maperrorcode.o: maperrorcode.c 1.3 +1 -0 apache-apr/apr/lib/Makefile.in Index: Makefile.in === RCS file: /home/cvs/apache-apr/apr/lib/Makefile.in,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Makefile.in 1999/03/25 20:12:26 1.2 +++ Makefile.in 1999/04/10 04:28:02 1.3 @@ -3,6 +3,7 @@ #INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES) #LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS) [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ @CFLAGS@ @OPTIM@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ $(LDLIBS)
cvs commit: apache-1.3/src/support htpasswd.1 htpasswd.c
coar99/04/10 08:08:46
Modified:src CHANGES
src/support htpasswd.1 htpasswd.c
Log:
Fix typos that were limiting passwords on Win32 to 8 characters, and
add some more documentation.
Submitted by: Pointed out by [EMAIL PROTECTED]
Revision ChangesPath
1.1305+4 -0 apache-1.3/src/CHANGES
Index: CHANGES
===
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1304
retrieving revision 1.1305
diff -u -r1.1304 -r1.1305
--- CHANGES 1999/04/09 13:06:26 1.1304
+++ CHANGES 1999/04/10 15:08:43 1.1305
@@ -1,5 +1,9 @@
Changes with Apache 1.3.7
+ *) Correct an apparent typo: on the Windows and MPE platforms, the
+ htpasswd utility was limiting passwords to only 8 characters.
+ [Ken Coar]
+
*) EBCDIC platforms: David submitted patches for two bugs in the
MD5 digest port for EBCDIC machines:
a) the htdigest utility overwrote the old contents of the digest file
1.10 +53 -2 apache-1.3/src/support/htpasswd.1
Index: htpasswd.1
===
RCS file: /home/cvs/apache-1.3/src/support/htpasswd.1,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- htpasswd.11999/04/08 22:17:51 1.9
+++ htpasswd.11999/04/10 15:08:45 1.10
@@ -96,12 +96,20 @@
DBM database see
\fBdbmmanage\fP.
.PP
+.B htpasswd
+encrypts passwords using either a version of MD5 modified for Apache,
+or the system's \fIcrypt()\fP routine. Files managed by
+.B htpasswd
+may contain both types of passwords; some user records may have
+MD5-encrypted passwords while others in the same file may have passwords
+encrypted with \fIcrypt()\fP.
+.PP
This manual page only lists the command line arguments. For details of
the directives necessary to configure user authentication in
.B httpd
see
the Apache manual, which is part of the Apache distribution or can be
-found at http://www.apache.org/.
+found at URL:http://www.apache.org/.
.SH OPTIONS
.IP \-b
Use batch mode; \fIi.e.\fP, get the password from the command line
@@ -135,6 +143,49 @@
entered interactively and the verification entry didn't match, 4 if
its operation was interrupted, and 5 if a value is too long (username,
filename, password, or final computed record).
+.SH EXAMPLES
+\fBhtpasswd /usr/local/etc/apache/.htpasswd-users jsmith\fP
+.IP
+Adds or modifies the password for user \fIjsmith\fP.
+The user is prompted for the password. If executed
+on a Windows system, the password will be encrypted using the
+modified Apache MD5 algorithm; otherwise, the system's
+\fIcrypt()\fP routine will be used. If the file does not
+exist,
+.B htpasswd
+will do nothing except return an error.
+.LP
+\fBhtpasswd -c /home/doe/public_html/.htpasswd jane\fP
+.IP
+Creates a new file and stores a record in it for user \fIjane\fP.
+The user is prompted for the password.
+If the file exists and cannot be read, or cannot be written,
+it is not altered and
+.B htpasswd
+will display a message and return an error status.
+.LP
+\fBhtpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve\fP
+.IP
+Encrypts the password from the command line (\fIPwd4Steve\fP) using
+the MD5 algorithm, and stores it in the specified file.
+.LP
+.SH SECURITY CONSIDERATIONS
+Web password files such as those managed by
+.B htpasswd
+should \fBnot\fP be within the Web server's URI space -- that is,
+they should not be fetchable with a browser.
+.PP
+The use of the \fI-b\fP option is discouraged, since when it is
+used the unencrypted password appears on the command line.
+.SH RESTRICTIONS
+On the Windows and MPE platforms, passwords encrypted with
+.B htpasswd
+are limited to no more than 80 characters in length. Longer
+passwords will be truncated to 80 characters.
+.PP
+The MD5 algorithm used by
+.B htpasswd
+is specific to the Apache software; passwords encrypted using it will not be
+usable with other Web servers.
.SH SEE ALSO
.BR httpd(8)
-.
1.28 +4 -4 apache-1.3/src/support/htpasswd.c
Index: htpasswd.c
===
RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- htpasswd.c1999/04/10 03:45:59 1.27
+++ htpasswd.c1999/04/10 15:08:45 1.28
@@ -181,8 +181,8 @@
fputs(prompt, stderr);
gets((char *) password);
-if (strlen((char *) password) 8) {
- password[8] = '\0';
+if (strlen((char *) password) 80) {
+ password[80] = '\0';
}
return (char *) password;
@@ -217,8 +217,8 @@
