crypt(3) http auth pws

1 files changed, 54 insertions, 0 deletions

diff --git a/auth.cpp b/auth.cpp
new file mode 100644
index 0000000..c9c9765
--- /dev/null
+++ b/auth.cpp
@@ -0,0 +1,54 @@
+#include "auth.h"
+
+#include <crypt.h>
+#include <string.h>
+
+#include <stdexcept>
+#include <iostream>
+
+// crypt specified password
+std::string Auth::generate(const std::string& pw)
+{
+ struct crypt_data data;
+ memset((void *)&data, '\0', sizeof(data));
+ 
+ if (crypt_gensalt_rn("$6$", 2000, nullptr, 0, data.setting, sizeof(data.setting)) == nullptr)
+  throw std::runtime_error("Error on crypt_gensalt_r()");
+
+ strncpy(data.input, pw.data(), sizeof(data.input));
+
+ if (crypt_r(data.input, data.setting, &data) == nullptr)
+  throw std::runtime_error("Error on crypt_r()");
+
+ return data.output;
+}
+
+// validate specified password against crypted hash
+bool Auth::validate(const std::string& crypted, const std::string& pw)
+{
+ struct crypt_data data;
+ memset((void *)&data, '\0', sizeof(data));
+
+ size_t pos = crypted.find_last_of('$');
+ if (pos == crypted.npos) {
+  std::cerr << "Warning: Bad password hash configured (format)" << std::endl;
+  return false;
+ }
+
+ if (sizeof(data.setting) <= pos) {
+  std::cerr << "Warning: Bad password hash configured (salt size)" << std::endl;
+  return false;
+ }
+
+ memcpy(&data.setting, crypted.data(), pos);
+
+ strncpy(data.input, pw.data(), sizeof(data.input));
+
+ if (crypt_r(data.input, data.setting, &data) == nullptr) {
+  std::cerr << "Warning: Error on crypt_r()" << std::endl;
+  return false;
+ }
+
+ return crypted == data.output;
+}
+