Mercurial > hg > nginx
annotate src/core/ngx_crypt.c @ 7690:8253424d1aff
Added size check to ngx_http_alloc_large_header_buffer().
This ensures that copying won't write more than the buffer size
even if the buffer comes from hc->free and it is smaller than the large
client header buffer size in the virtual host configuration. This might
happen if size of large client header buffers is different in name-based
virtual hosts, similarly to the problem with number of buffers fixed
in 6926:e662cbf1b932.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 06 Aug 2020 05:02:22 +0300 |
| parents | 1064ea81ed3a |
| children |
| rev | line source |
|---|---|
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
2 /* |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
3 * Copyright (C) Maxim Dounin |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
4 */ |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
5 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
6 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
|
4759
4c36e15651f7
Fixed compilation with -Wmissing-prototypes.
Ruslan Ermilov <ru@nginx.com>
parents:
3928
diff
changeset
|
9 #include <ngx_crypt.h> |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 #include <ngx_md5.h> |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 #include <ngx_sha1.h> |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
12 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 |
|
3926
14622ee4fa08
fix building --without-http_auth_basic_module,
Igor Sysoev <igor@sysoev.ru>
parents:
3922
diff
changeset
|
14 #if (NGX_CRYPT) |
|
14622ee4fa08
fix building --without-http_auth_basic_module,
Igor Sysoev <igor@sysoev.ru>
parents:
3922
diff
changeset
|
15 |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 static ngx_int_t ngx_crypt_apr1(ngx_pool_t *pool, u_char *key, u_char *salt, |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
17 u_char **encrypted); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
18 static ngx_int_t ngx_crypt_plain(ngx_pool_t *pool, u_char *key, u_char *salt, |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
19 u_char **encrypted); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
20 static ngx_int_t ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
21 u_char **encrypted); |
|
5034
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
22 static ngx_int_t ngx_crypt_sha(ngx_pool_t *pool, u_char *key, u_char *salt, |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
23 u_char **encrypted); |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
24 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
25 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
26 static u_char *ngx_crypt_to64(u_char *p, uint32_t v, size_t n); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
27 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
28 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
29 ngx_int_t |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
30 ngx_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
31 { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
32 if (ngx_strncmp(salt, "$apr1$", sizeof("$apr1$") - 1) == 0) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
33 return ngx_crypt_apr1(pool, key, salt, encrypted); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
34 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
35 } else if (ngx_strncmp(salt, "{PLAIN}", sizeof("{PLAIN}") - 1) == 0) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
36 return ngx_crypt_plain(pool, key, salt, encrypted); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
37 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
38 } else if (ngx_strncmp(salt, "{SSHA}", sizeof("{SSHA}") - 1) == 0) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
39 return ngx_crypt_ssha(pool, key, salt, encrypted); |
|
5034
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
40 |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
41 } else if (ngx_strncmp(salt, "{SHA}", sizeof("{SHA}") - 1) == 0) { |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
42 return ngx_crypt_sha(pool, key, salt, encrypted); |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
43 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
44 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
45 /* fallback to libc crypt() */ |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
46 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
47 return ngx_libc_crypt(pool, key, salt, encrypted); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
48 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
49 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
50 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
51 static ngx_int_t |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
52 ngx_crypt_apr1(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
53 { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
54 ngx_int_t n; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
55 ngx_uint_t i; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
56 u_char *p, *last, final[16]; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
57 size_t saltlen, keylen; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
58 ngx_md5_t md5, ctx1; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
59 |
| 5924 | 60 /* Apache's apr1 crypt is Poul-Henning Kamp's md5 crypt with $apr1$ magic */ |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
61 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 keylen = ngx_strlen(key); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
64 /* true salt: no magic, max 8 chars, stop at first $ */ |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
65 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
66 salt += sizeof("$apr1$") - 1; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
67 last = salt + 8; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
68 for (p = salt; *p && *p != '$' && p < last; p++) { /* void */ } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
69 saltlen = p - salt; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
71 /* hash key and salt */ |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
72 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
73 ngx_md5_init(&md5); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
74 ngx_md5_update(&md5, key, keylen); |
|
3928
105841a157b9
fix building on FreeBSD 6 or earlier against system md5
Igor Sysoev <igor@sysoev.ru>
parents:
3926
diff
changeset
|
75 ngx_md5_update(&md5, (u_char *) "$apr1$", sizeof("$apr1$") - 1); |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
76 ngx_md5_update(&md5, salt, saltlen); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
77 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
78 ngx_md5_init(&ctx1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
79 ngx_md5_update(&ctx1, key, keylen); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
80 ngx_md5_update(&ctx1, salt, saltlen); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
81 ngx_md5_update(&ctx1, key, keylen); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
82 ngx_md5_final(final, &ctx1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
83 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
84 for (n = keylen; n > 0; n -= 16) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
85 ngx_md5_update(&md5, final, n > 16 ? 16 : n); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
86 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
87 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
88 ngx_memzero(final, sizeof(final)); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
89 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
90 for (i = keylen; i; i >>= 1) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
91 if (i & 1) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
92 ngx_md5_update(&md5, final, 1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
93 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
94 } else { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
95 ngx_md5_update(&md5, key, 1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
96 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
97 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
98 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
99 ngx_md5_final(final, &md5); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
100 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
101 for (i = 0; i < 1000; i++) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
102 ngx_md5_init(&ctx1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
103 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
104 if (i & 1) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
105 ngx_md5_update(&ctx1, key, keylen); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
106 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
107 } else { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
108 ngx_md5_update(&ctx1, final, 16); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
109 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
110 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
111 if (i % 3) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
112 ngx_md5_update(&ctx1, salt, saltlen); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
113 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
114 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
115 if (i % 7) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
116 ngx_md5_update(&ctx1, key, keylen); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
117 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
118 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
119 if (i & 1) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
120 ngx_md5_update(&ctx1, final, 16); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
121 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
122 } else { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
123 ngx_md5_update(&ctx1, key, keylen); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
124 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
125 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
126 ngx_md5_final(final, &ctx1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
127 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
128 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
129 /* output */ |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
130 |
|
5386
2d947c2e3ea1
Core: fix misallocation at ngx_crypt_apr1 (ticket #412).
Markus Linnala <Markus.Linnala@cybercom.com>
parents:
5034
diff
changeset
|
131 *encrypted = ngx_pnalloc(pool, sizeof("$apr1$") - 1 + saltlen + 1 + 22 + 1); |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
132 if (*encrypted == NULL) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
133 return NGX_ERROR; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
134 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
135 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
136 p = ngx_cpymem(*encrypted, "$apr1$", sizeof("$apr1$") - 1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
137 p = ngx_copy(p, salt, saltlen); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
138 *p++ = '$'; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
139 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
140 p = ngx_crypt_to64(p, (final[ 0]<<16) | (final[ 6]<<8) | final[12], 4); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
141 p = ngx_crypt_to64(p, (final[ 1]<<16) | (final[ 7]<<8) | final[13], 4); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
142 p = ngx_crypt_to64(p, (final[ 2]<<16) | (final[ 8]<<8) | final[14], 4); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
143 p = ngx_crypt_to64(p, (final[ 3]<<16) | (final[ 9]<<8) | final[15], 4); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
144 p = ngx_crypt_to64(p, (final[ 4]<<16) | (final[10]<<8) | final[ 5], 4); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
145 p = ngx_crypt_to64(p, final[11], 2); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
146 *p = '\0'; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
147 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
148 return NGX_OK; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
149 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
150 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
151 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
152 static u_char * |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
153 ngx_crypt_to64(u_char *p, uint32_t v, size_t n) |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
154 { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
155 static u_char itoa64[] = |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
156 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
157 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
158 while (n--) { |
| 6474 | 159 *p++ = itoa64[v & 0x3f]; |
| 160 v >>= 6; | |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
161 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
162 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
163 return p; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
164 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
165 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
166 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
167 static ngx_int_t |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
168 ngx_crypt_plain(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
169 { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
170 size_t len; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
171 u_char *p; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
172 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
173 len = ngx_strlen(key); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
174 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
175 *encrypted = ngx_pnalloc(pool, sizeof("{PLAIN}") - 1 + len + 1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
176 if (*encrypted == NULL) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
177 return NGX_ERROR; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
178 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
179 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
180 p = ngx_cpymem(*encrypted, "{PLAIN}", sizeof("{PLAIN}") - 1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
181 ngx_memcpy(p, key, len + 1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
182 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
183 return NGX_OK; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
184 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
185 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
186 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
187 static ngx_int_t |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
188 ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
189 { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
190 size_t len; |
|
4815
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
191 ngx_int_t rc; |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
192 ngx_str_t encoded, decoded; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
193 ngx_sha1_t sha1; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
194 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
195 /* "{SSHA}" base64(SHA1(key salt) salt) */ |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
196 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
197 /* decode base64 salt to find out true salt */ |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
198 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
199 encoded.data = salt + sizeof("{SSHA}") - 1; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
200 encoded.len = ngx_strlen(encoded.data); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
201 |
|
4815
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
202 len = ngx_max(ngx_base64_decoded_length(encoded.len), 20); |
|
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
203 |
|
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
204 decoded.data = ngx_pnalloc(pool, len); |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
205 if (decoded.data == NULL) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
206 return NGX_ERROR; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
207 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
208 |
|
4815
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
209 rc = ngx_decode_base64(&decoded, &encoded); |
|
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
210 |
|
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
211 if (rc != NGX_OK || decoded.len < 20) { |
|
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
212 decoded.len = 20; |
|
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
213 } |
|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
214 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
215 /* update SHA1 from key and salt */ |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
216 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
217 ngx_sha1_init(&sha1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
218 ngx_sha1_update(&sha1, key, ngx_strlen(key)); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
219 ngx_sha1_update(&sha1, decoded.data + 20, decoded.len - 20); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
220 ngx_sha1_final(decoded.data, &sha1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
221 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
222 /* encode it back to base64 */ |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
223 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
224 len = sizeof("{SSHA}") - 1 + ngx_base64_encoded_length(decoded.len) + 1; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
225 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
226 *encrypted = ngx_pnalloc(pool, len); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
227 if (*encrypted == NULL) { |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
228 return NGX_ERROR; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
229 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
230 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
231 encoded.data = ngx_cpymem(*encrypted, "{SSHA}", sizeof("{SSHA}") - 1); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
232 ngx_encode_base64(&encoded, &decoded); |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
233 encoded.data[encoded.len] = '\0'; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
234 |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
235 return NGX_OK; |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
236 } |
|
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
237 |
|
5034
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
238 |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
239 static ngx_int_t |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
240 ngx_crypt_sha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
241 { |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
242 size_t len; |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
243 ngx_str_t encoded, decoded; |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
244 ngx_sha1_t sha1; |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
245 u_char digest[20]; |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
246 |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
247 /* "{SHA}" base64(SHA1(key)) */ |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
248 |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
249 decoded.len = sizeof(digest); |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
250 decoded.data = digest; |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
251 |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
252 ngx_sha1_init(&sha1); |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
253 ngx_sha1_update(&sha1, key, ngx_strlen(key)); |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
254 ngx_sha1_final(digest, &sha1); |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
255 |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
256 len = sizeof("{SHA}") - 1 + ngx_base64_encoded_length(decoded.len) + 1; |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
257 |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
258 *encrypted = ngx_pnalloc(pool, len); |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
259 if (*encrypted == NULL) { |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
260 return NGX_ERROR; |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
261 } |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
262 |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
263 encoded.data = ngx_cpymem(*encrypted, "{SHA}", sizeof("{SHA}") - 1); |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
264 ngx_encode_base64(&encoded, &decoded); |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
265 encoded.data[encoded.len] = '\0'; |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
266 |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
267 return NGX_OK; |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
268 } |
|
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
269 |
|
3926
14622ee4fa08
fix building --without-http_auth_basic_module,
Igor Sysoev <igor@sysoev.ru>
parents:
3922
diff
changeset
|
270 #endif /* NGX_CRYPT */ |