[prev in list] [next in list] [prev in thread] [next in thread]
List: apr-cvs
Subject: cvs commit: apr-util/include apr_md5.h
From: rbb () apache ! org
Date: 2004-05-28 0:22:02
Message-ID: 20040528002202.11411.qmail () minotaur ! apache ! org
[Download RAW message or body]
rbb 2004/05/27 17:22:02
Modified: crypto apr_md5.c
include apr_md5.h
Log:
Add a note about the clear text check for platforms that don't support
crypt(3)
Submitted by: Stas Bekman <stas@stason.org>
Revision Changes Path
1.11 +2 -2 apr-util/crypto/apr_md5.c
Index: apr_md5.c
===================================================================
RCS file: /home/cvs/apr-util/crypto/apr_md5.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- apr_md5.c 4 Apr 2004 15:35:35 -0000 1.10
+++ apr_md5.c 28 May 2004 00:22:02 -0000 1.11
@@ -668,9 +668,9 @@
* Validate a plaintext password against a smashed one. Uses either
* crypt() (if available) or apr_md5_encode() or apr_sha1_base64(), depending
* upon the format of the smashed input password. Returns APR_SUCCESS if
- * they match, or APR_EMISMATCH if they don't.
+ * they match, or APR_EMISMATCH if they don't. If the platform doesn't
+ * support crypt, then the default check is against a clear text string.
*/
-
APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd,
const char *hash)
{
1.9 +6 -1 apr-util/include/apr_md5.h
Index: apr_md5.h
===================================================================
RCS file: /home/cvs/apr-util/include/apr_md5.h,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- apr_md5.h 26 Feb 2004 21:55:12 -0000 1.8
+++ apr_md5.h 28 May 2004 00:22:02 -0000 1.9
@@ -140,7 +140,12 @@
/**
- * Validate any password encypted with any algorithm that APR understands
+ * Validate hashes created by APR-supported algorithms: md5 and base64.
+ * hashes created by crypt are supported only on platforms that provide
+ * crypt(3), so don't rely on that function unless you know that your
+ * application will be run only on platforms that support it. On platforms
+ * that don't support crypt(3), this falls back to a clear text string
+ * comparison.
* @param passwd The password to validate
* @param hash The password to validate against
*/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic