Mercurial > hg > nginx
annotate src/core/ngx_crypt.c @ 9270:3d455e37abf8
Core: PID file writing synchronization.
Now, ngx_daemon() does not call exit() in the parent process immediately,
but instead waits for the child process to signal it actually started (and
wrote the PID file if configured to). This ensures that the PID file
already exists when the parent process exits.
To make sure that signal handlers won't cause unexpected logging in the
parent process if the child process dies (for example, due to errors when
writing the PID file), ngx_init_signals() is moved to the child process.
This resolves "PID file ... not readable (yet?) after start" and "Failed
to parse PID from file..." errors as observed with systemd.
Note that the errors observed are considered to be a bug in systemd, which
isn't able to work properly with traditional Unix daemons. Still, the
workaround is implemented to make sure there will be no OS vendor patches
trying to address this.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 13 May 2024 06:13:22 +0300 |
parents | 1064ea81ed3a |
children |
rev | line source |
---|---|
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
2 /* |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
3 * Copyright (C) Maxim Dounin |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
4 */ |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
5 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
6 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
4759
4c36e15651f7
Fixed compilation with -Wmissing-prototypes.
Ruslan Ermilov <ru@nginx.com>
parents:
3928
diff
changeset
|
9 #include <ngx_crypt.h> |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 #include <ngx_md5.h> |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 #include <ngx_sha1.h> |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
12 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 |
3926
14622ee4fa08
fix building --without-http_auth_basic_module,
Igor Sysoev <igor@sysoev.ru>
parents:
3922
diff
changeset
|
14 #if (NGX_CRYPT) |
14622ee4fa08
fix building --without-http_auth_basic_module,
Igor Sysoev <igor@sysoev.ru>
parents:
3922
diff
changeset
|
15 |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 static ngx_int_t ngx_crypt_apr1(ngx_pool_t *pool, u_char *key, u_char *salt, |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
17 u_char **encrypted); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
18 static ngx_int_t ngx_crypt_plain(ngx_pool_t *pool, u_char *key, u_char *salt, |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
19 u_char **encrypted); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
20 static ngx_int_t ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
21 u_char **encrypted); |
5034
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
22 static ngx_int_t ngx_crypt_sha(ngx_pool_t *pool, u_char *key, u_char *salt, |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
23 u_char **encrypted); |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
24 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
25 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
26 static u_char *ngx_crypt_to64(u_char *p, uint32_t v, size_t n); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
27 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
28 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
29 ngx_int_t |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
30 ngx_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
31 { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
32 if (ngx_strncmp(salt, "$apr1$", sizeof("$apr1$") - 1) == 0) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
33 return ngx_crypt_apr1(pool, key, salt, encrypted); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
34 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
35 } else if (ngx_strncmp(salt, "{PLAIN}", sizeof("{PLAIN}") - 1) == 0) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
36 return ngx_crypt_plain(pool, key, salt, encrypted); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
37 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
38 } else if (ngx_strncmp(salt, "{SSHA}", sizeof("{SSHA}") - 1) == 0) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
39 return ngx_crypt_ssha(pool, key, salt, encrypted); |
5034
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
40 |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
41 } else if (ngx_strncmp(salt, "{SHA}", sizeof("{SHA}") - 1) == 0) { |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
42 return ngx_crypt_sha(pool, key, salt, encrypted); |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
43 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
44 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
45 /* fallback to libc crypt() */ |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
46 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
47 return ngx_libc_crypt(pool, key, salt, encrypted); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
48 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
49 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
50 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
51 static ngx_int_t |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
52 ngx_crypt_apr1(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
53 { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
54 ngx_int_t n; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
55 ngx_uint_t i; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
56 u_char *p, *last, final[16]; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
57 size_t saltlen, keylen; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
58 ngx_md5_t md5, ctx1; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
59 |
5924 | 60 /* Apache's apr1 crypt is Poul-Henning Kamp's md5 crypt with $apr1$ magic */ |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
61 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 keylen = ngx_strlen(key); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
64 /* true salt: no magic, max 8 chars, stop at first $ */ |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
65 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
66 salt += sizeof("$apr1$") - 1; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
67 last = salt + 8; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
68 for (p = salt; *p && *p != '$' && p < last; p++) { /* void */ } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
69 saltlen = p - salt; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
71 /* hash key and salt */ |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
72 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
73 ngx_md5_init(&md5); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
74 ngx_md5_update(&md5, key, keylen); |
3928
105841a157b9
fix building on FreeBSD 6 or earlier against system md5
Igor Sysoev <igor@sysoev.ru>
parents:
3926
diff
changeset
|
75 ngx_md5_update(&md5, (u_char *) "$apr1$", sizeof("$apr1$") - 1); |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
76 ngx_md5_update(&md5, salt, saltlen); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
77 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
78 ngx_md5_init(&ctx1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
79 ngx_md5_update(&ctx1, key, keylen); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
80 ngx_md5_update(&ctx1, salt, saltlen); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
81 ngx_md5_update(&ctx1, key, keylen); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
82 ngx_md5_final(final, &ctx1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
83 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
84 for (n = keylen; n > 0; n -= 16) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
85 ngx_md5_update(&md5, final, n > 16 ? 16 : n); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
86 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
87 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
88 ngx_memzero(final, sizeof(final)); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
89 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
90 for (i = keylen; i; i >>= 1) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
91 if (i & 1) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
92 ngx_md5_update(&md5, final, 1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
93 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
94 } else { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
95 ngx_md5_update(&md5, key, 1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
96 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
97 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
98 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
99 ngx_md5_final(final, &md5); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
100 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
101 for (i = 0; i < 1000; i++) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
102 ngx_md5_init(&ctx1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
103 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
104 if (i & 1) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
105 ngx_md5_update(&ctx1, key, keylen); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
106 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
107 } else { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
108 ngx_md5_update(&ctx1, final, 16); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
109 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
110 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
111 if (i % 3) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
112 ngx_md5_update(&ctx1, salt, saltlen); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
113 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
114 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
115 if (i % 7) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
116 ngx_md5_update(&ctx1, key, keylen); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
117 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
118 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
119 if (i & 1) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
120 ngx_md5_update(&ctx1, final, 16); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
121 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
122 } else { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
123 ngx_md5_update(&ctx1, key, keylen); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
124 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
125 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
126 ngx_md5_final(final, &ctx1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
127 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
128 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
129 /* output */ |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
130 |
5386
2d947c2e3ea1
Core: fix misallocation at ngx_crypt_apr1 (ticket #412).
Markus Linnala <Markus.Linnala@cybercom.com>
parents:
5034
diff
changeset
|
131 *encrypted = ngx_pnalloc(pool, sizeof("$apr1$") - 1 + saltlen + 1 + 22 + 1); |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
132 if (*encrypted == NULL) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
133 return NGX_ERROR; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
134 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
135 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
136 p = ngx_cpymem(*encrypted, "$apr1$", sizeof("$apr1$") - 1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
137 p = ngx_copy(p, salt, saltlen); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
138 *p++ = '$'; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
139 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
140 p = ngx_crypt_to64(p, (final[ 0]<<16) | (final[ 6]<<8) | final[12], 4); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
141 p = ngx_crypt_to64(p, (final[ 1]<<16) | (final[ 7]<<8) | final[13], 4); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
142 p = ngx_crypt_to64(p, (final[ 2]<<16) | (final[ 8]<<8) | final[14], 4); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
143 p = ngx_crypt_to64(p, (final[ 3]<<16) | (final[ 9]<<8) | final[15], 4); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
144 p = ngx_crypt_to64(p, (final[ 4]<<16) | (final[10]<<8) | final[ 5], 4); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
145 p = ngx_crypt_to64(p, final[11], 2); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
146 *p = '\0'; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
147 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
148 return NGX_OK; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
149 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
150 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
151 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
152 static u_char * |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
153 ngx_crypt_to64(u_char *p, uint32_t v, size_t n) |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
154 { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
155 static u_char itoa64[] = |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
156 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
157 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
158 while (n--) { |
6474 | 159 *p++ = itoa64[v & 0x3f]; |
160 v >>= 6; | |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
161 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
162 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
163 return p; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
164 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
165 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
166 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
167 static ngx_int_t |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
168 ngx_crypt_plain(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
169 { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
170 size_t len; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
171 u_char *p; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
172 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
173 len = ngx_strlen(key); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
174 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
175 *encrypted = ngx_pnalloc(pool, sizeof("{PLAIN}") - 1 + len + 1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
176 if (*encrypted == NULL) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
177 return NGX_ERROR; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
178 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
179 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
180 p = ngx_cpymem(*encrypted, "{PLAIN}", sizeof("{PLAIN}") - 1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
181 ngx_memcpy(p, key, len + 1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
182 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
183 return NGX_OK; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
184 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
185 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
186 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
187 static ngx_int_t |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
188 ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
189 { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
190 size_t len; |
4815
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
191 ngx_int_t rc; |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
192 ngx_str_t encoded, decoded; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
193 ngx_sha1_t sha1; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
194 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
195 /* "{SSHA}" base64(SHA1(key salt) salt) */ |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
196 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
197 /* decode base64 salt to find out true salt */ |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
198 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
199 encoded.data = salt + sizeof("{SSHA}") - 1; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
200 encoded.len = ngx_strlen(encoded.data); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
201 |
4815
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
202 len = ngx_max(ngx_base64_decoded_length(encoded.len), 20); |
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
203 |
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
204 decoded.data = ngx_pnalloc(pool, len); |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
205 if (decoded.data == NULL) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
206 return NGX_ERROR; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
207 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
208 |
4815
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
209 rc = ngx_decode_base64(&decoded, &encoded); |
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
210 |
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
211 if (rc != NGX_OK || decoded.len < 20) { |
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
212 decoded.len = 20; |
63dff7943fc7
Crypt: fixed handling of corrupted SSHA entries in password file.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4759
diff
changeset
|
213 } |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
214 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
215 /* update SHA1 from key and salt */ |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
216 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
217 ngx_sha1_init(&sha1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
218 ngx_sha1_update(&sha1, key, ngx_strlen(key)); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
219 ngx_sha1_update(&sha1, decoded.data + 20, decoded.len - 20); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
220 ngx_sha1_final(decoded.data, &sha1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
221 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
222 /* encode it back to base64 */ |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
223 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
224 len = sizeof("{SSHA}") - 1 + ngx_base64_encoded_length(decoded.len) + 1; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
225 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
226 *encrypted = ngx_pnalloc(pool, len); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
227 if (*encrypted == NULL) { |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
228 return NGX_ERROR; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
229 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
230 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
231 encoded.data = ngx_cpymem(*encrypted, "{SSHA}", sizeof("{SSHA}") - 1); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
232 ngx_encode_base64(&encoded, &decoded); |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
233 encoded.data[encoded.len] = '\0'; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
234 |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
235 return NGX_OK; |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
236 } |
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
237 |
5034
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
238 |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
239 static ngx_int_t |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
240 ngx_crypt_sha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
241 { |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
242 size_t len; |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
243 ngx_str_t encoded, decoded; |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
244 ngx_sha1_t sha1; |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
245 u_char digest[20]; |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
246 |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
247 /* "{SHA}" base64(SHA1(key)) */ |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
248 |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
249 decoded.len = sizeof(digest); |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
250 decoded.data = digest; |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
251 |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
252 ngx_sha1_init(&sha1); |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
253 ngx_sha1_update(&sha1, key, ngx_strlen(key)); |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
254 ngx_sha1_final(digest, &sha1); |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
255 |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
256 len = sizeof("{SHA}") - 1 + ngx_base64_encoded_length(decoded.len) + 1; |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
257 |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
258 *encrypted = ngx_pnalloc(pool, len); |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
259 if (*encrypted == NULL) { |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
260 return NGX_ERROR; |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
261 } |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
262 |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
263 encoded.data = ngx_cpymem(*encrypted, "{SHA}", sizeof("{SHA}") - 1); |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
264 ngx_encode_base64(&encoded, &decoded); |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
265 encoded.data[encoded.len] = '\0'; |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
266 |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
267 return NGX_OK; |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
268 } |
e4441ebe05d5
Added support for {SHA} passwords (ticket #50).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4815
diff
changeset
|
269 |
3926
14622ee4fa08
fix building --without-http_auth_basic_module,
Igor Sysoev <igor@sysoev.ru>
parents:
3922
diff
changeset
|
270 #endif /* NGX_CRYPT */ |