diff options
author | Yann Ylavic <ylavic@apache.org> | 2020-12-08 15:06:16 +0100 |
---|---|---|
committer | Yann Ylavic <ylavic@apache.org> | 2020-12-08 15:06:16 +0100 |
commit | 542f66501b547cc8a03908323e891a31b6f2a6f5 (patch) | |
tree | 35e877a1c3fe66b80e5d3ed3295bb352fb98c2d3 /support | |
parent | ci: have an ASan run w/o pool-debug too. (diff) | |
download | apache2-542f66501b547cc8a03908323e891a31b6f2a6f5.tar.xz apache2-542f66501b547cc8a03908323e891a31b6f2a6f5.zip |
Fix misleading crypt vs hash terminology in ht* and dbmmanage tools.
What the htpasswd, htdbm and dbmmanage tools do is hashing passwords, not
encrypting them, so fix the terminology in manpages, docs, --help, comments
and function names.
Submitted by: Michele Preziuso <mpreziuso kaosdynamics.com>
Reviewed by: ylavic
Github: closes #153
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1884207 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'support')
-rw-r--r-- | support/dbmmanage.in | 88 | ||||
-rw-r--r-- | support/htdbm.c | 10 | ||||
-rw-r--r-- | support/htpasswd.c | 14 |
3 files changed, 56 insertions, 56 deletions
diff --git a/support/dbmmanage.in b/support/dbmmanage.in index 2dd8c8679b..881d2301ad 100644 --- a/support/dbmmanage.in +++ b/support/dbmmanage.in @@ -32,9 +32,9 @@ sub usage { die <<SYNTAX; Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]] - where enc is -d for crypt encryption (default except on Win32, Netware) - -m for MD5 encryption (default on Win32, Netware) - -s for SHA1 encryption + where enc is -d for crypt hashing (default except on Win32, Netware) + -m for MD5 hashing (default on Win32, Netware) + -s for SHA1 hashing -p for plaintext command is one of: $cmds @@ -48,7 +48,7 @@ Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]] SYNTAX } -sub need_sha1_crypt { +sub need_sha1_hash { if (!eval ('require "Digest/SHA1.pm";')) { print STDERR <<SHAERR; dbmmanage SHA1 passwords require the interface or the module Digest::SHA1 @@ -56,21 +56,21 @@ available from CPAN: http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz -Please install Digest::SHA1 and try again, or use a different crypt option: +Please install Digest::SHA1 and try again, or use a different hashing option: SHAERR usage(); } } -sub need_md5_crypt { +sub need_md5_hash { if (!eval ('require "Crypt/PasswdMD5.pm";')) { print STDERR <<MD5ERR; dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz -Please install Crypt::PasswdMD5 and try again, or use a different crypt option: +Please install Crypt::PasswdMD5 and try again, or use a different hashing option: MD5ERR usage(); @@ -93,10 +93,10 @@ my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/; my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others? my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/; -my $crypt_method = "crypt"; +my $hash_method = "crypt"; if ($crypt_not_supported) { - $crypt_method = "md5"; + $hash_method = "md5"; } # Some platforms won't jump through our favorite hoops @@ -105,7 +105,7 @@ my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others? my $not_unix = $^O =~ /(?:$not_unix_platforms)/; if ($crypt_not_supported) { - $crypt_method = "md5"; + $hash_method = "md5"; } if (@ARGV[0] eq "-d") { @@ -114,12 +114,12 @@ if (@ARGV[0] eq "-d") { print STDERR "Warning: Apache/$^O does not support crypt()ed passwords!\n\n"; } - $crypt_method = "crypt"; + $hash_method = "crypt"; } if (@ARGV[0] eq "-m") { shift @ARGV; - $crypt_method = "md5"; + $hash_method = "md5"; } if (@ARGV[0] eq "-p") { @@ -128,20 +128,20 @@ if (@ARGV[0] eq "-p") { print STDERR "Warning: Apache/$^O does not support plaintext passwords!\n\n"; } - $crypt_method = "plain"; + $hash_method = "plain"; } if (@ARGV[0] eq "-s") { shift @ARGV; - need_sha1_crypt(); - $crypt_method = "sha1"; + need_sha1_hash(); + $hash_method = "sha1"; } -if ($crypt_method eq "md5") { - need_md5_crypt(); +if ($hash_method eq "md5") { + need_md5_hash(); } -my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV; +my($file,$command,$key,$hashed_pwd,$groups,$comment) = @ARGV; usage() unless $file and $command and defined &{$dbmc::{$command}}; @@ -188,7 +188,7 @@ sub saltpw_crypt { randchar(2); } -sub cryptpw_crypt { +sub hashpw_crypt { my ($pw, $salt) = @_; $salt = saltpw_crypt unless $salt; crypt $pw, $salt; @@ -199,24 +199,24 @@ sub saltpw_md5 { randchar(8); } -sub cryptpw_md5 { +sub hashpw_md5 { my($pw, $salt) = @_; $salt = saltpw_md5 unless $salt; Crypt::PasswdMD5::apache_md5_crypt($pw, $salt); } -sub cryptpw_sha1 { +sub hashpw_sha1 { my($pw, $salt) = @_; '{SHA}' . Digest::SHA1::sha1_base64($pw) . "="; } -sub cryptpw { - if ($crypt_method eq "md5") { - return cryptpw_md5(@_); - } elsif ($crypt_method eq "sha1") { - return cryptpw_sha1(@_); - } elsif ($crypt_method eq "crypt") { - return cryptpw_crypt(@_); +sub hashpw { + if ($hash_method eq "md5") { + return hashpw_md5(@_); + } elsif ($hash_method eq "sha1") { + return hashpw_sha1(@_); + } elsif ($hash_method eq "crypt") { + return hashpw_crypt(@_); } @_[0]; # otherwise return plaintext } @@ -243,10 +243,10 @@ sub getpass { sub dbmc::update { die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key}; - $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.'; + $hashed_pwd = (split /:/, $DB{$key}, 3)[0] if $hashed_pwd eq '.'; $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.'; $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.'; - if (!$crypted_pwd || $crypted_pwd eq '-') { + if (!$hashed_pwd || $hashed_pwd eq '-') { dbmc->adduser; } else { @@ -255,23 +255,23 @@ sub dbmc::update { } sub dbmc::add { - die "Can't use empty password!\n" unless $crypted_pwd; + die "Can't use empty password!\n" unless $hashed_pwd; unless($is_update) { die "Sorry, user `$key' already exists!\n" if $DB{$key}; } $groups = '' if $groups eq '-'; $comment = '' if $comment eq '-'; $groups .= ":" . $comment if $comment; - $crypted_pwd .= ":" . $groups if $groups; - $DB{$key} = $crypted_pwd; + $hashed_pwd .= ":" . $groups if $groups; + $DB{$key} = $hashed_pwd; my $action = $is_update ? "updated" : "added"; - print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n"; + print "User $key $action with password hashed to $DB{$key} using $hash_method\n"; } sub dbmc::adduser { my $value = getpass "New password:"; die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value; - $crypted_pwd = cryptpw $value; + $hashed_pwd = hashpw $value; dbmc->add; } @@ -289,23 +289,23 @@ sub dbmc::check { my $chkpass = (split /:/, $DB{$key}, 3)[0]; my $testpass = getpass(); if (substr($chkpass, 0, 6) eq '$apr1$') { - need_md5_crypt; - $crypt_method = "md5"; + need_md5_hash; + $hash_method = "md5"; } elsif (substr($chkpass, 0, 5) eq '{SHA}') { - need_sha1_crypt; - $crypt_method = "sha1"; + need_sha1_hash; + $hash_method = "sha1"; } elsif (length($chkpass) == 13 && $chkpass ne $testpass) { - $crypt_method = "crypt"; + $hash_method = "crypt"; } else { - $crypt_method = "plain"; + $hash_method = "plain"; } - print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass - ? " password ok\n" : " password mismatch\n"); + print $hash_method . (hashpw($testpass, $chkpass) eq $chkpass + ? " password ok\n" : " password mismatch\n"); } sub dbmc::import { while(defined($_ = <STDIN>) and chomp) { - ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4; + ($key,$hashed_pwd,$groups,$comment) = split /:/, $_, 4; dbmc->add; } } diff --git a/support/htdbm.c b/support/htdbm.c index 40a3d23293..c2f8f3f01a 100644 --- a/support/htdbm.c +++ b/support/htdbm.c @@ -290,13 +290,13 @@ static void htdbm_usage(void) " -n Don't update database; display results on stdout.\n" " -b Use the password from the command line rather than prompting for it.\n" " -i Read password from stdin without verification (for script usage).\n" - " -m Force MD5 encryption of the password (default).\n" - " -B Force BCRYPT encryption of the password (very secure).\n" + " -m Force MD5 hashing of the password (default).\n" + " -B Force BCRYPT hashing of the password (very secure).\n" " -C Set the computing time used for the bcrypt algorithm\n" " (higher is more secure but slower, default: %d, valid: 4 to 31).\n" - " -d Force CRYPT encryption of the password (8 chars max, insecure).\n" - " -s Force SHA encryption of the password (insecure).\n" - " -p Do not encrypt the password (plaintext, insecure).\n" + " -d Force CRYPT hashing of the password (8 chars max, insecure).\n" + " -s Force SHA hashing of the password (insecure).\n" + " -p Do not hash the password (plaintext, insecure).\n" " -T DBM Type (SDBM|GDBM|DB|default).\n" " -l Display usernames from database on stdout.\n" " -v Verify the username/password.\n" diff --git a/support/htpasswd.c b/support/htpasswd.c index f17d9923e1..2bb6d08247 100644 --- a/support/htpasswd.c +++ b/support/htpasswd.c @@ -108,17 +108,17 @@ static void usage(void) " -b Use the password from the command line rather than prompting " "for it." NL " -i Read password from stdin without verification (for script usage)." NL - " -m Force MD5 encryption of the password (default)." NL - " -2 Force SHA-256 crypt() hash of the password (secure)." NL - " -5 Force SHA-512 crypt() hash of the password (secure)." NL - " -B Force bcrypt encryption of the password (very secure)." NL + " -m Force MD5 hashing of the password (default)." NL + " -2 Force SHA-256 hashing of the password (secure)." NL + " -5 Force SHA-512 hashing of the password (secure)." NL + " -B Force bcrypt hashing of the password (very secure)." NL " -C Set the computing time used for the bcrypt algorithm" NL " (higher is more secure but slower, default: %d, valid: 4 to 17)." NL " -r Set the number of rounds used for the SHA-256, SHA-512 algorithms" NL " (higher is more secure but slower, default: 5000)." NL - " -d Force CRYPT encryption of the password (8 chars max, insecure)." NL - " -s Force SHA-1 encryption of the password (insecure)." NL - " -p Do not encrypt the password (plaintext, insecure)." NL + " -d Force CRYPT hashing of the password (8 chars max, insecure)." NL + " -s Force SHA-1 hashing of the password (insecure)." NL + " -p Do not hash the password (plaintext, insecure)." NL " -D Delete the specified user." NL " -v Verify password for the specified user." NL "On other systems than Windows and NetWare the '-p' flag will " |