wok-undigest rev 536
busybox/httpd: check system passwords
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Sat Nov 05 14:10:28 2011 +0100 (2011-11-05) |
| parents | e7e924e4d2be |
| children | e3d45fb903d5 |
| files | busybox/receipt busybox/stuff/busybox-1.19-httpd.u |
line diff
1.1 --- a/busybox/receipt Sat Nov 05 13:26:34 2011 +0100 1.2 +++ b/busybox/receipt Sat Nov 05 14:10:28 2011 +0100 1.3 @@ -28,6 +28,7 @@ 1.4 printable.u 1.5 cmdline.u 1.6 conspy.u 1.7 +httpd.u 1.8 EOT 1.9 cp $stuff/$PACKAGE-${VERSION%.*}.config .config 1.10 }
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/busybox/stuff/busybox-1.19-httpd.u Sat Nov 05 14:10:28 2011 +0100 2.3 @@ -0,0 +1,85 @@ 2.4 +Check system passwords 2.5 +--- busybox-1.19.0/networking/httpd.c 2.6 ++++ busybox-1.19.0/networking/httpd.c 2.7 +@@ -54,6 +54,7 @@ 2.8 + * /cgi-bin:foo:bar # Require user foo, pwd bar on urls starting with /cgi-bin/ 2.9 + * /adm:admin:setup # Require user admin, pwd setup on urls starting with /adm/ 2.10 + * /adm:toor:PaSsWd # or user toor, pwd PaSsWd on urls starting with /adm/ 2.11 ++ * /adm:root:* # or user root, pwd from /etc/passwd on urls starting with /adm/ 2.12 + * .au:audio/basic # additional mime type for audio.au files 2.13 + * *.php:/path/php # run xxx.php through an interpreter 2.14 + * 2.15 +@@ -1745,7 +1746,7 @@ 2.16 + const char *prev = NULL; 2.17 + 2.18 + for (cur = g_auth; cur; cur = cur->next) { 2.19 +- const char *dir_prefix; 2.20 ++ const char *dir_prefix, *passwd; 2.21 + size_t len; 2.22 + 2.23 + dir_prefix = cur->before_colon; 2.24 +@@ -1770,18 +1771,28 @@ 2.25 + /* Path match found */ 2.26 + prev = dir_prefix; 2.27 + 2.28 ++ remoteuser = xstrndup(user_and_passwd, 2.29 ++ strchrnul(user_and_passwd, ':') - user_and_passwd); 2.30 ++ passwd = strchr(cur->after_colon, ':'); 2.31 ++ 2.32 ++ if (passwd && passwd[1] == '*' && passwd[2] == 0) { 2.33 ++ pw = getpwnam(remoteuser); 2.34 ++ /* Don't check the password if password entry is empty (!) */ 2.35 ++ if (pw && pw->pw_passwd[0] != '!' && pw->pw_passwd[0] != '*' && 2.36 ++ (!pw->pw_passwd[0] || correct_password(pw))) 2.37 ++ return 1; /* Ok */ 2.38 ++ free(remoteuser); 2.39 ++ continue; 2.40 ++ } 2.41 + if (ENABLE_FEATURE_HTTPD_AUTH_MD5) { 2.42 +- char *md5_passwd; 2.43 +- 2.44 +- md5_passwd = strchr(cur->after_colon, ':'); 2.45 +- if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1' 2.46 +- && md5_passwd[3] == '$' && md5_passwd[4] 2.47 ++ if (passwd && passwd[1] == '$' && passwd[2] == '1' 2.48 ++ && passwd[3] == '$' && passwd[4] 2.49 + ) { 2.50 + char *encrypted; 2.51 + int r, user_len_p1; 2.52 + 2.53 +- md5_passwd++; 2.54 +- user_len_p1 = md5_passwd - cur->after_colon; 2.55 ++ passwd++; 2.56 ++ user_len_p1 = passwd - cur->after_colon; 2.57 + /* comparing "user:" */ 2.58 + if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) { 2.59 + continue; 2.60 +@@ -1789,22 +1800,20 @@ 2.61 + 2.62 + encrypted = pw_encrypt( 2.63 + user_and_passwd + user_len_p1 /* cleartext pwd from user */, 2.64 +- md5_passwd /*salt */, 1 /* cleanup */); 2.65 +- r = strcmp(encrypted, md5_passwd); 2.66 ++ passwd /*salt */, 1 /* cleanup */); 2.67 ++ r = strcmp(encrypted, passwd); 2.68 + free(encrypted); 2.69 + if (r == 0) 2.70 +- goto set_remoteuser_var; /* Ok */ 2.71 ++ return 1; /* Ok */ 2.72 + continue; 2.73 + } 2.74 + } 2.75 + 2.76 + /* Comparing plaintext "user:pass" in one go */ 2.77 +- if (strcmp(cur->after_colon, user_and_passwd) == 0) { 2.78 +- set_remoteuser_var: 2.79 +- remoteuser = xstrndup(user_and_passwd, 2.80 +- strchrnul(user_and_passwd, ':') - user_and_passwd); 2.81 ++ if (strcmp(cur->after_colon, user_and_passwd) == 0) 2.82 + return 1; /* Ok */ 2.83 +- } 2.84 ++ free(remoteuser); 2.85 ++ remoteuser = NULL; 2.86 + } /* for */ 2.87 + 2.88 + /* 0(bad) if prev is set: matches were found but passwd was wrong */