7 #elif defined(__linux__)
8 /* linux needs _XOPEN_SOURCE */
12 #if defined(HAVE_LIBCRYPT) && !defined(HAVE_CRYPT)
13 /* always assume crypt() is present if we have -lcrypt */
21 #include <openssl/md4.h>
22 #include <openssl/sha.h>
25 #include "safe_memclear.h"
30 #include "http_auth.h"
34 #include "inet_ntop_cache.h"
38 #include <sys/types.h>
48 * htdigest, htpasswd, plain auth backends
52 buffer
*auth_plain_groupfile
;
53 buffer
*auth_plain_userfile
;
54 buffer
*auth_htdigest_userfile
;
55 buffer
*auth_htpasswd_userfile
;
60 plugin_config
**config_storage
;
64 static handler_t
mod_authn_file_htdigest_digest(server
*srv
, connection
*con
, void *p_d
, const char *username
, const char *realm
, unsigned char HA1
[16]);
65 static handler_t
mod_authn_file_htdigest_basic(server
*srv
, connection
*con
, void *p_d
, const http_auth_require_t
*require
, const buffer
*username
, const char *pw
);
66 static handler_t
mod_authn_file_plain_digest(server
*srv
, connection
*con
, void *p_d
, const char *username
, const char *realm
, unsigned char HA1
[16]);
67 static handler_t
mod_authn_file_plain_basic(server
*srv
, connection
*con
, void *p_d
, const http_auth_require_t
*require
, const buffer
*username
, const char *pw
);
68 static handler_t
mod_authn_file_htpasswd_basic(server
*srv
, connection
*con
, void *p_d
, const http_auth_require_t
*require
, const buffer
*username
, const char *pw
);
70 INIT_FUNC(mod_authn_file_init
) {
71 static http_auth_backend_t http_auth_backend_htdigest
=
72 { "htdigest", mod_authn_file_htdigest_basic
, mod_authn_file_htdigest_digest
, NULL
};
73 static http_auth_backend_t http_auth_backend_htpasswd
=
74 { "htpasswd", mod_authn_file_htpasswd_basic
, NULL
, NULL
};
75 static http_auth_backend_t http_auth_backend_plain
=
76 { "plain", mod_authn_file_plain_basic
, mod_authn_file_plain_digest
, NULL
};
77 plugin_data
*p
= calloc(1, sizeof(*p
));
79 /* register http_auth_backend_htdigest */
80 http_auth_backend_htdigest
.p_d
= p
;
81 http_auth_backend_set(&http_auth_backend_htdigest
);
83 /* register http_auth_backend_htpasswd */
84 http_auth_backend_htpasswd
.p_d
= p
;
85 http_auth_backend_set(&http_auth_backend_htpasswd
);
87 /* register http_auth_backend_plain */
88 http_auth_backend_plain
.p_d
= p
;
89 http_auth_backend_set(&http_auth_backend_plain
);
94 FREE_FUNC(mod_authn_file_free
) {
99 if (!p
) return HANDLER_GO_ON
;
101 if (p
->config_storage
) {
103 for (i
= 0; i
< srv
->config_context
->used
; i
++) {
104 plugin_config
*s
= p
->config_storage
[i
];
106 if (NULL
== s
) continue;
108 buffer_free(s
->auth_plain_groupfile
);
109 buffer_free(s
->auth_plain_userfile
);
110 buffer_free(s
->auth_htdigest_userfile
);
111 buffer_free(s
->auth_htpasswd_userfile
);
115 free(p
->config_storage
);
120 return HANDLER_GO_ON
;
123 SETDEFAULTS_FUNC(mod_authn_file_set_defaults
) {
124 plugin_data
*p
= p_d
;
127 config_values_t cv
[] = {
128 { "auth.backend.plain.groupfile", NULL
, T_CONFIG_STRING
, T_CONFIG_SCOPE_CONNECTION
}, /* 0 */
129 { "auth.backend.plain.userfile", NULL
, T_CONFIG_STRING
, T_CONFIG_SCOPE_CONNECTION
}, /* 1 */
130 { "auth.backend.htdigest.userfile", NULL
, T_CONFIG_STRING
, T_CONFIG_SCOPE_CONNECTION
}, /* 2 */
131 { "auth.backend.htpasswd.userfile", NULL
, T_CONFIG_STRING
, T_CONFIG_SCOPE_CONNECTION
}, /* 3 */
132 { NULL
, NULL
, T_CONFIG_UNSET
, T_CONFIG_SCOPE_UNSET
}
135 p
->config_storage
= calloc(1, srv
->config_context
->used
* sizeof(plugin_config
*));
137 for (i
= 0; i
< srv
->config_context
->used
; i
++) {
138 data_config
const* config
= (data_config
const*)srv
->config_context
->data
[i
];
141 s
= calloc(1, sizeof(plugin_config
));
142 s
->auth_plain_groupfile
= buffer_init();
143 s
->auth_plain_userfile
= buffer_init();
144 s
->auth_htdigest_userfile
= buffer_init();
145 s
->auth_htpasswd_userfile
= buffer_init();
147 cv
[0].destination
= s
->auth_plain_groupfile
;
148 cv
[1].destination
= s
->auth_plain_userfile
;
149 cv
[2].destination
= s
->auth_htdigest_userfile
;
150 cv
[3].destination
= s
->auth_htpasswd_userfile
;
152 p
->config_storage
[i
] = s
;
154 if (0 != config_insert_values_global(srv
, config
->value
, cv
, i
== 0 ? T_CONFIG_SCOPE_SERVER
: T_CONFIG_SCOPE_CONNECTION
)) {
155 return HANDLER_ERROR
;
159 return HANDLER_GO_ON
;
164 static int mod_authn_file_patch_connection(server
*srv
, connection
*con
, plugin_data
*p
) {
166 plugin_config
*s
= p
->config_storage
[0];
168 PATCH(auth_plain_groupfile
);
169 PATCH(auth_plain_userfile
);
170 PATCH(auth_htdigest_userfile
);
171 PATCH(auth_htpasswd_userfile
);
173 /* skip the first, the global context */
174 for (i
= 1; i
< srv
->config_context
->used
; i
++) {
175 data_config
*dc
= (data_config
*)srv
->config_context
->data
[i
];
176 s
= p
->config_storage
[i
];
178 /* condition didn't match */
179 if (!config_check_cond(srv
, con
, dc
)) continue;
182 for (j
= 0; j
< dc
->value
->used
; j
++) {
183 data_unset
*du
= dc
->value
->data
[j
];
185 if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("auth.backend.plain.groupfile"))) {
186 PATCH(auth_plain_groupfile
);
187 } else if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("auth.backend.plain.userfile"))) {
188 PATCH(auth_plain_userfile
);
189 } else if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("auth.backend.htdigest.userfile"))) {
190 PATCH(auth_htdigest_userfile
);
191 } else if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("auth.backend.htpasswd.userfile"))) {
192 PATCH(auth_htpasswd_userfile
);
202 static int mod_authn_file_htdigest_get(server
*srv
, const buffer
*auth_fn
, const buffer
*username
, const buffer
*realm
, unsigned char HA1
[16]) {
206 if (buffer_string_is_empty(auth_fn
)) return -1;
207 if (buffer_is_empty(username
) || buffer_is_empty(realm
)) return -1;
209 fp
= fopen(auth_fn
->ptr
, "r");
211 log_error_write(srv
, __FILE__
, __LINE__
, "sbss", "opening digest-userfile", auth_fn
, "failed:", strerror(errno
));
216 while (NULL
!= fgets(f_user
, sizeof(f_user
), fp
)) {
217 char *f_pwd
, *f_realm
;
220 /* skip blank lines and comment lines (beginning '#') */
221 if (f_user
[0] == '#' || f_user
[0] == '\n' || f_user
[0] == '\0') continue;
226 * user:realm:md5(user:realm:password)
229 if (NULL
== (f_realm
= strchr(f_user
, ':'))) {
230 log_error_write(srv
, __FILE__
, __LINE__
, "sbs",
231 "parsed error in", auth_fn
,
232 "expected 'username:realm:hashed password'");
234 continue; /* skip bad lines */
237 if (NULL
== (f_pwd
= strchr(f_realm
+ 1, ':'))) {
238 log_error_write(srv
, __FILE__
, __LINE__
, "sbs",
239 "parsed error in", auth_fn
,
240 "expected 'username:realm:hashed password'");
242 continue; /* skip bad lines */
245 /* get pointers to the fields */
246 u_len
= f_realm
- f_user
;
248 r_len
= f_pwd
- f_realm
;
251 if (buffer_string_length(username
) == u_len
&&
252 (buffer_string_length(realm
) == r_len
) &&
253 (0 == strncmp(username
->ptr
, f_user
, u_len
)) &&
254 (0 == strncmp(realm
->ptr
, f_realm
, r_len
))) {
257 size_t pwd_len
= strlen(f_pwd
);
258 if (f_pwd
[pwd_len
-1] == '\n') --pwd_len
;
262 return http_auth_md5_hex2bin(f_pwd
, pwd_len
, HA1
);
270 static handler_t
mod_authn_file_htdigest_digest(server
*srv
, connection
*con
, void *p_d
, const char *username
, const char *realm
, unsigned char HA1
[16]) {
271 plugin_data
*p
= (plugin_data
*)p_d
;
272 buffer
*username_buf
= buffer_init_string(username
);
273 buffer
*realm_buf
= buffer_init_string(realm
);
275 mod_authn_file_patch_connection(srv
, con
, p
);
276 rc
= mod_authn_file_htdigest_get(srv
, p
->conf
.auth_htdigest_userfile
, username_buf
, realm_buf
, HA1
);
277 buffer_free(realm_buf
);
278 buffer_free(username_buf
);
280 return (0 == rc
) ? HANDLER_GO_ON
: HANDLER_ERROR
;
283 static handler_t
mod_authn_file_htdigest_basic(server
*srv
, connection
*con
, void *p_d
, const http_auth_require_t
*require
, const buffer
*username
, const char *pw
) {
284 plugin_data
*p
= (plugin_data
*)p_d
;
286 unsigned char HA1
[16];
287 unsigned char htdigest
[16];
289 mod_authn_file_patch_connection(srv
, con
, p
);
290 if (mod_authn_file_htdigest_get(srv
, p
->conf
.auth_htdigest_userfile
, username
, require
->realm
, htdigest
)) return HANDLER_ERROR
;
292 li_MD5_Init(&Md5Ctx
);
293 li_MD5_Update(&Md5Ctx
, CONST_BUF_LEN(username
));
294 li_MD5_Update(&Md5Ctx
, CONST_STR_LEN(":"));
295 li_MD5_Update(&Md5Ctx
, CONST_BUF_LEN(require
->realm
));
296 li_MD5_Update(&Md5Ctx
, CONST_STR_LEN(":"));
297 li_MD5_Update(&Md5Ctx
, (unsigned char *)pw
, strlen(pw
));
298 li_MD5_Final(HA1
, &Md5Ctx
);
301 return (0 == memcmp(HA1
, htdigest
, sizeof(HA1
))
302 && http_auth_match_rules(require
, username
->ptr
, NULL
, NULL
))
310 static int mod_authn_file_htpasswd_get(server
*srv
, const buffer
*auth_fn
, const buffer
*username
, buffer
*password
) {
314 if (buffer_is_empty(username
)) return -1;
316 if (buffer_string_is_empty(auth_fn
)) return -1;
317 fp
= fopen(auth_fn
->ptr
, "r");
319 log_error_write(srv
, __FILE__
, __LINE__
, "sbss",
320 "opening plain-userfile", auth_fn
, "failed:", strerror(errno
));
325 while (NULL
!= fgets(f_user
, sizeof(f_user
), fp
)) {
329 /* skip blank lines and comment lines (beginning '#') */
330 if (f_user
[0] == '#' || f_user
[0] == '\n' || f_user
[0] == '\0') continue;
335 * user:crypted passwd
338 if (NULL
== (f_pwd
= strchr(f_user
, ':'))) {
339 log_error_write(srv
, __FILE__
, __LINE__
, "sbs",
340 "parsed error in", auth_fn
,
341 "expected 'username:hashed password'");
343 continue; /* skip bad lines */
346 /* get pointers to the fields */
347 u_len
= f_pwd
- f_user
;
350 if (buffer_string_length(username
) == u_len
&&
351 (0 == strncmp(username
->ptr
, f_user
, u_len
))) {
354 size_t pwd_len
= strlen(f_pwd
);
355 if (f_pwd
[pwd_len
-1] == '\n') --pwd_len
;
357 buffer_copy_string_len(password
, f_pwd
, pwd_len
);
368 static handler_t
mod_authn_file_plain_digest(server
*srv
, connection
*con
, void *p_d
, const char *username
, const char *realm
, unsigned char HA1
[16]) {
369 plugin_data
*p
= (plugin_data
*)p_d
;
370 buffer
*username_buf
= buffer_init_string(username
);
371 buffer
*password_buf
= buffer_init();/* password-string from auth-backend */
373 mod_authn_file_patch_connection(srv
, con
, p
);
374 rc
= mod_authn_file_htpasswd_get(srv
, p
->conf
.auth_plain_userfile
, username_buf
, password_buf
);
376 /* generate password from plain-text */
378 li_MD5_Init(&Md5Ctx
);
379 li_MD5_Update(&Md5Ctx
, (unsigned char *)username_buf
->ptr
, buffer_string_length(username_buf
));
380 li_MD5_Update(&Md5Ctx
, CONST_STR_LEN(":"));
381 li_MD5_Update(&Md5Ctx
, (unsigned char *)realm
, strlen(realm
));
382 li_MD5_Update(&Md5Ctx
, CONST_STR_LEN(":"));
383 li_MD5_Update(&Md5Ctx
, (unsigned char *)password_buf
->ptr
, buffer_string_length(password_buf
));
384 li_MD5_Final(HA1
, &Md5Ctx
);
386 buffer_free(password_buf
);
387 buffer_free(username_buf
);
389 return (0 == rc
) ? HANDLER_GO_ON
: HANDLER_ERROR
;
392 static handler_t
mod_authn_file_plain_basic(server
*srv
, connection
*con
, void *p_d
, const http_auth_require_t
*require
, const buffer
*username
, const char *pw
) {
393 plugin_data
*p
= (plugin_data
*)p_d
;
394 buffer
*password_buf
= buffer_init();/* password-string from auth-backend */
396 mod_authn_file_patch_connection(srv
, con
, p
);
397 rc
= mod_authn_file_htpasswd_get(srv
, p
->conf
.auth_plain_userfile
, username
, password_buf
);
399 rc
= buffer_is_equal_string(password_buf
, pw
, strlen(pw
)) ? 0 : -1;
401 buffer_free(password_buf
);
403 return 0 == rc
&& http_auth_match_rules(require
, username
->ptr
, NULL
, NULL
)
412 * the $apr1$ handling is taken from apache 1.3.x
416 * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0
417 * MD5 crypt() function, which is licenced as follows:
418 * ----------------------------------------------------------------------------
419 * "THE BEER-WARE LICENSE" (Revision 42):
420 * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
421 * can do whatever you want with this stuff. If we meet some day, and you think
422 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
423 * ----------------------------------------------------------------------------
426 #define APR_MD5_DIGESTSIZE 16
427 #define APR1_ID "$apr1$"
430 * The following MD5 password encryption code was largely borrowed from
431 * the FreeBSD 3.0 /usr/src/lib/libcrypt/crypt.c file, which is
432 * licenced as stated above.
435 static void to64(char *s
, unsigned long v
, int n
)
437 static const unsigned char itoa64
[] = /* 0 ... 63 => ASCII - 64 */
438 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
441 *s
++ = itoa64
[v
&0x3f];
446 static void apr_md5_encode(const char *pw
, const char *salt
, char *result
, size_t nbytes
) {
448 * Minimum size is 8 bytes for salt, plus 1 for the trailing NUL,
449 * plus 4 for the '$' separators, plus the password hash itself.
450 * Let's leave a goodly amount of leeway.
453 char passwd
[120], *p
;
455 unsigned char final
[APR_MD5_DIGESTSIZE
];
457 li_MD5_CTX ctx
, ctx1
;
461 * Refine the salt first. It's possible we were given an already-hashed
462 * string as the salt argument, so extract the actual salt value from it
463 * if so. Otherwise just use the string up to the first '$' as the salt.
468 * If it starts with the magic string, then skip that.
470 if (!strncmp(sp
, APR1_ID
, strlen(APR1_ID
))) {
471 sp
+= strlen(APR1_ID
);
475 * It stops at the first '$' or 8 chars, whichever comes first
477 for (ep
= sp
; (*ep
!= '\0') && (*ep
!= '$') && (ep
< (sp
+ 8)); ep
++) {
482 * Get the length of the true salt
487 * 'Time to make the doughnuts..'
492 * The password first, since that is what is most unknown
494 li_MD5_Update(&ctx
, pw
, strlen(pw
));
497 * Then our magic string
499 li_MD5_Update(&ctx
, APR1_ID
, strlen(APR1_ID
));
504 li_MD5_Update(&ctx
, sp
, sl
);
507 * Then just as many characters of the MD5(pw, salt, pw)
510 li_MD5_Update(&ctx1
, pw
, strlen(pw
));
511 li_MD5_Update(&ctx1
, sp
, sl
);
512 li_MD5_Update(&ctx1
, pw
, strlen(pw
));
513 li_MD5_Final(final
, &ctx1
);
514 for (pl
= strlen(pw
); pl
> 0; pl
-= APR_MD5_DIGESTSIZE
) {
515 li_MD5_Update(&ctx
, final
,
516 (pl
> APR_MD5_DIGESTSIZE
) ? APR_MD5_DIGESTSIZE
: pl
);
520 * Don't leave anything around in vm they could use.
522 memset(final
, 0, sizeof(final
));
525 * Then something really weird...
527 for (i
= strlen(pw
); i
!= 0; i
>>= 1) {
529 li_MD5_Update(&ctx
, final
, 1);
532 li_MD5_Update(&ctx
, pw
, 1);
537 * Now make the output string. We know our limitations, so we
538 * can use the string routines without bounds checking.
540 strcpy(passwd
, APR1_ID
);
541 strncat(passwd
, sp
, sl
);
544 li_MD5_Final(final
, &ctx
);
547 * And now, just to make sure things don't run too fast..
548 * On a 60 Mhz Pentium this takes 34 msec, so you would
549 * need 30 seconds to build a 1000 entry dictionary...
551 for (i
= 0; i
< 1000; i
++) {
554 li_MD5_Update(&ctx1
, pw
, strlen(pw
));
557 li_MD5_Update(&ctx1
, final
, APR_MD5_DIGESTSIZE
);
560 li_MD5_Update(&ctx1
, sp
, sl
);
564 li_MD5_Update(&ctx1
, pw
, strlen(pw
));
568 li_MD5_Update(&ctx1
, final
, APR_MD5_DIGESTSIZE
);
571 li_MD5_Update(&ctx1
, pw
, strlen(pw
));
573 li_MD5_Final(final
,&ctx1
);
576 p
= passwd
+ strlen(passwd
);
578 l
= (final
[ 0]<<16) | (final
[ 6]<<8) | final
[12]; to64(p
, l
, 4); p
+= 4;
579 l
= (final
[ 1]<<16) | (final
[ 7]<<8) | final
[13]; to64(p
, l
, 4); p
+= 4;
580 l
= (final
[ 2]<<16) | (final
[ 8]<<8) | final
[14]; to64(p
, l
, 4); p
+= 4;
581 l
= (final
[ 3]<<16) | (final
[ 9]<<8) | final
[15]; to64(p
, l
, 4); p
+= 4;
582 l
= (final
[ 4]<<16) | (final
[10]<<8) | final
[ 5]; to64(p
, l
, 4); p
+= 4;
583 l
= final
[11] ; to64(p
, l
, 2); p
+= 2;
587 * Don't leave anything around in vm they could use.
589 safe_memclear(final
, sizeof(final
));
593 #define apr_cpystrn strncpy
594 apr_cpystrn(result
, passwd
, nbytes
- 1);
598 static void apr_sha_encode(const char *pw
, char *result
, size_t nbytes
) {
599 unsigned char digest
[20];
600 size_t base64_written
;
602 SHA1((const unsigned char*) pw
, strlen(pw
), digest
);
604 memset(result
, 0, nbytes
);
606 /* need 5 bytes for "{SHA}", 28 for base64 (3 bytes -> 4 bytes) of SHA1 (20 bytes), 1 terminating */
607 if (nbytes
< 5 + 28 + 1) return;
609 memcpy(result
, "{SHA}", 5);
610 base64_written
= li_to_base64(result
+ 5, nbytes
- 5, digest
, 20, BASE64_STANDARD
);
611 force_assert(base64_written
== 28);
612 result
[5 + base64_written
] = '\0'; /* terminate string */
616 static handler_t
mod_authn_file_htpasswd_basic(server
*srv
, connection
*con
, void *p_d
, const http_auth_require_t
*require
, const buffer
*username
, const char *pw
) {
617 plugin_data
*p
= (plugin_data
*)p_d
;
618 buffer
*password
= buffer_init();/* password-string from auth-backend */
620 mod_authn_file_patch_connection(srv
, con
, p
);
621 rc
= mod_authn_file_htpasswd_get(srv
, p
->conf
.auth_htpasswd_userfile
, username
, password
);
625 if (!strncmp(password
->ptr
, APR1_ID
, strlen(APR1_ID
))) {
627 * The hash was created using $apr1$ custom algorithm.
629 apr_md5_encode(pw
, password
->ptr
, sample
, sizeof(sample
));
630 rc
= strcmp(sample
, password
->ptr
);
633 else if (0 == strncmp(password
->ptr
, "{SHA}", 5)) {
634 apr_sha_encode(pw
, sample
, sizeof(sample
));
635 rc
= strcmp(sample
, password
->ptr
);
638 #if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT)
639 /* a simple DES password is 2 + 11 characters. everything else should be longer. */
640 else if (buffer_string_length(password
) >= 13) {
642 #if defined(HAVE_CRYPT_R)
643 struct crypt_data crypt_tmp_data
;
644 crypt_tmp_data
.initialized
= 0;
646 #ifdef USE_OPENSSL /* (for MD4_*() (e.g. MD4_Update())) */
647 if (0 == memcmp(password
->ptr
, CONST_STR_LEN("$1+ntlm$"))) {
648 /* CRYPT-MD5-NTLM algorithm
649 * This algorithm allows for the construction of (slight more)
650 * secure, salted password hashes from an environment where only
651 * legacy NTLM hashes are available and where it is not feasible
652 * to re-hash all the passwords with the MD5-based crypt(). */
653 /* Note: originally, LM password were limited to 14 chars.
654 * NTLM passwords limited to 127 chars, and encoding to UCS-2LE
655 * requires double that, so sample[256] buf is large enough.
656 * Prior sample[120] size likely taken from apr_md5_encode(). */
657 char *b
= password
->ptr
+sizeof("$1+ntlm$")-1;
658 char *e
= strchr(b
, '$');
659 size_t slen
= (NULL
!= e
) ? (size_t)(e
- b
) : sizeof(sample
);
660 size_t pwlen
= strlen(pw
) * 2;
661 if (slen
< sizeof(sample
) - (sizeof("$1$")-1)
662 && pwlen
< sizeof(sample
)) {
663 /* compute NTLM hash and convert to lowercase hex chars
664 * (require lc hex chars from li_tohex()) */
666 char ntlmhex
[33]; /*(sizeof(ntlmhash)*2 + 1)*/
670 /*(reuse sample buffer to encode pw into UCS-2LE)
671 *(Note: assumes pw input in ISO-8859-1) */
672 /*(buffer sizes checked above)*/
673 for (int i
=0; i
< (int)pwlen
; i
+=2) {
674 sample
[i
] = pw
[(i
>> 1)];
677 MD4_Update(&c
, (unsigned char *)sample
, pwlen
);
679 MD4_Final((unsigned char *)ntlmhash
, &c
);
680 li_tohex(ntlmhex
,sizeof(ntlmhex
),ntlmhash
,sizeof(ntlmhash
));
682 /*(reuse sample buffer for salt (FYI: expect slen == 8))*/
683 memcpy(sample
, "$1$", sizeof("$1$")-1);
684 memcpy(sample
+sizeof("$1$")-1, b
, slen
);
685 sample
[sizeof("$1$")-1+slen
] = '\0';
686 #if defined(HAVE_CRYPT_R)
687 crypted
= crypt_r(ntlmhex
, sample
, &crypt_tmp_data
);
689 crypted
= crypt(ntlmhex
, sample
);
692 && 0 == strncmp(crypted
, "$1$", sizeof("$1$")-1)) {
693 rc
= strcmp(b
, crypted
+3); /*skip crypted "$1$" prefix*/
700 #if defined(HAVE_CRYPT_R)
701 crypted
= crypt_r(pw
, password
->ptr
, &crypt_tmp_data
);
703 crypted
= crypt(pw
, password
->ptr
);
705 if (NULL
!= crypted
) {
706 rc
= strcmp(password
->ptr
, crypted
);
712 buffer_free(password
);
714 return 0 == rc
&& http_auth_match_rules(require
, username
->ptr
, NULL
, NULL
)
720 int mod_authn_file_plugin_init(plugin
*p
);
721 int mod_authn_file_plugin_init(plugin
*p
) {
722 p
->version
= LIGHTTPD_VERSION_ID
;
723 p
->name
= buffer_init_string("authn_file");
724 p
->init
= mod_authn_file_init
;
725 p
->set_defaults
= mod_authn_file_set_defaults
;
726 p
->cleanup
= mod_authn_file_free
;