'cvs commit: apr-util/include apr_md5.h'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apr-cvs
Subject:    cvs commit: apr-util/include apr_md5.h
From:       rbb () apache ! org
Date:       2004-05-28 0:22:02
Message-ID: 20040528002202.11411.qmail () minotaur ! apache ! org
[Download RAW message or body]

rbb         2004/05/27 17:22:02

  Modified:    crypto   apr_md5.c
               include  apr_md5.h
  Log:
  Add a note about the clear text check for platforms that don't support
  crypt(3)
  
  Submitted by:  Stas Bekman <stas@stason.org>
  
  Revision  Changes    Path
  1.11      +2 -2      apr-util/crypto/apr_md5.c
  
  Index: apr_md5.c
  ===================================================================
  RCS file: /home/cvs/apr-util/crypto/apr_md5.c,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- apr_md5.c	4 Apr 2004 15:35:35 -0000	1.10
  +++ apr_md5.c	28 May 2004 00:22:02 -0000	1.11
  @@ -668,9 +668,9 @@
    * Validate a plaintext password against a smashed one.  Uses either
    * crypt() (if available) or apr_md5_encode() or apr_sha1_base64(), depending
    * upon the format of the smashed input password.  Returns APR_SUCCESS if
  - * they match, or APR_EMISMATCH if they don't.
  + * they match, or APR_EMISMATCH if they don't.  If the platform doesn't
  + * support crypt, then the default check is against a clear text string.
    */
  -
   APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, 
                                                   const char *hash)
   {
  
  
  
  1.9       +6 -1      apr-util/include/apr_md5.h
  
  Index: apr_md5.h
  ===================================================================
  RCS file: /home/cvs/apr-util/include/apr_md5.h,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- apr_md5.h	26 Feb 2004 21:55:12 -0000	1.8
  +++ apr_md5.h	28 May 2004 00:22:02 -0000	1.9
  @@ -140,7 +140,12 @@
   
   
   /**
  - * Validate any password encypted with any algorithm that APR understands
  + * Validate hashes created by APR-supported algorithms: md5 and base64.
  + * hashes created by crypt are supported only on platforms that provide
  + * crypt(3), so don't rely on that function unless you know that your
  + * application will be run only on platforms that support it.  On platforms
  + * that don't support crypt(3), this falls back to a clear text string
  + * comparison.
    * @param passwd The password to validate
    * @param hash The password to validate against
    */
  
  
  
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic