Browse Source

[mod_auth] use crypt_r instead of crypt if available

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2986 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.36
Stefan Bühler 7 years ago
parent
commit
c92496720d
  1. 1
      NEWS
  2. 22
      configure.ac
  3. 12
      src/CMakeLists.txt
  4. 3
      src/config.h.cmake
  5. 10
      src/http_auth.c

1
NEWS

@ -16,6 +16,7 @@ NEWS
* [connections] fix bug in connection state handling
* print backtrace in assert logging with libunwind
* major refactoring of internal buffer/chunk handling
* [mod_auth] use crypt_r instead of crypt if available
- 1.4.35 - 2014-03-12
* [network/ssl] fix build error if TLSEXT is disabled

22
configure.ac

@ -528,19 +528,27 @@ if test "$WITH_LUA" != "no"; then
AC_SUBST(LUA_LIBS)
fi
dnl search for crypt_r and (fallback) for crypt
save_LIBS=$LIBS
AC_SEARCH_LIBS(crypt,crypt,[
LIBS=
AC_SEARCH_LIBS([crypt_r],[crypt],[
AC_DEFINE([HAVE_CRYPT_R], [1], [crypt_r])
AC_CHECK_HEADERS([crypt.h],[
AC_DEFINE([HAVE_CRYPT_H], [1])
AC_DEFINE([HAVE_CRYPT_H], [1], [crypt.h])
])
AC_DEFINE([HAVE_LIBCRYPT], [1], [libcrypt])
if test "$ac_cv_search_crypt" != no; then
test "$ac_cv_search_crypt" = "none required" || CRYPT_LIB="$ac_cv_search_crypt"
fi
CRYPT_LIB=$LIBS
],[
AC_SEARCH_LIBS([crypt],[crypt],[
AC_CHECK_HEADERS([crypt.h],[
AC_DEFINE([HAVE_CRYPT_H], [1], [crypt.h])
])
CRYPT_LIB=$LIBS
])
])
LIBS=$save_LIBS
AC_SUBST(CRYPT_LIB)
AC_SUBST([CRYPT_LIB])
save_LIBS=$LIBS
AC_SEARCH_LIBS(sendfilev,sendfile,[

12
src/CMakeLists.txt

@ -96,11 +96,17 @@ CHECK_INCLUDE_FILES(syslog.h HAVE_SYSLOG_H)
CHECK_INCLUDE_FILES(fastcgi.h HAVE_FASTCGI_H)
CHECK_INCLUDE_FILES(fastcgi/fastcgi.h HAVE_FASTCGI_FASTCGI_H)
# will be needed for auth
CHECK_INCLUDE_FILES(crypt.h HAVE_CRYPT_H)
IF(NOT HAVE_CRYPT)
## check if we need libcrypt for crypt()
# check if we need libcrypt for crypt_r()
CHECK_LIBRARY_EXISTS(crypt crypt_r "" HAVE_LIBCRYPT_CRYPT_R)
IF(HAVE_LIBCRYPT_CRYPT_R)
SET(HAVE_CRYPT_R 1 FORCE)
SET(HAVE_LIBCRYPT 1 FORCE)
ELSE(HAVE_LIBCRYPT_CRYPT_R)
CHECK_LIBRARY_EXISTS(crypt crypt "" HAVE_LIBCRYPT)
ENDIF(NOT HAVE_CRYPT)
ENDIF(HAVE_LIBCRYPT_CRYPT_R)
CHECK_FUNCTION_EXISTS(crypt_r HAVE_CRYPT_R)
CHECK_INCLUDE_FILES(sys/inotify.h HAVE_SYS_INOTIFY_H)
IF(HAVE_SYS_INOTIFY_H)

3
src/config.h.cmake

@ -115,7 +115,6 @@
/* Functions */
#cmakedefine HAVE_CHROOT
#cmakedefine HAVE_CRYPT
#cmakedefine HAVE_EPOLL_CTL
#cmakedefine HAVE_FORK
#cmakedefine HAVE_GETRLIMIT
@ -150,6 +149,8 @@
/* libcrypt */
#cmakedefine HAVE_CRYPT_H
#cmakedefine HAVE_LIBCRYPT
#cmakedefine HAVE_CRYPT
#cmakedefine HAVE_CRYPT_R
/* fastcgi */
#cmakedefine HAVE_FASTCGI_H

10
src/http_auth.c

@ -669,15 +669,23 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
return (strcmp(sample, password->ptr) == 0) ? 0 : 1;
#endif
} else {
#ifdef HAVE_CRYPT
#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT)
char *crypted;
#if defined(HAVE_CRYPT_R)
struct crypt_data crypt_tmp_data;
crypt_tmp_data.initialized = 0;
#endif
/* a simple DES password is 2 + 11 characters. everything else should be longer. */
if (buffer_string_length(password) < 13) {
return -1;
}
#if defined(HAVE_CRYPT_R)
if (0 == (crypted = crypt_r(pw, password->ptr, &crypt_tmp_data))) {
#else
if (0 == (crypted = crypt(pw, password->ptr))) {
#endif
/* crypt failed. */
return -1;
}

Loading…
Cancel
Save