summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--auth.cpp31
-rw-r--r--webserver.conf4
2 files changed, 22 insertions, 13 deletions
diff --git a/auth.cpp b/auth.cpp
index 451c1ce..501eb07 100644
--- a/auth.cpp
+++ b/auth.cpp
@@ -3,8 +3,10 @@
#include <crypt.h>
#include <string.h>
-#include <stdexcept>
+#include <algorithm>
#include <iostream>
+#include <random>
+#include <stdexcept>
// crypt specified password
std::string Auth::generate(const std::string& pw)
@@ -12,14 +14,22 @@ std::string Auth::generate(const std::string& pw)
struct crypt_data data;
memset((void *)&data, '\0', sizeof(data));
- char setting[1000];
-
- if (crypt_gensalt_rn("$6$", 2000, nullptr, 0, setting, sizeof(setting)) == nullptr)
- throw std::runtime_error("Error on crypt_gensalt_r()");
+ std::random_device rd;
+ std::mt19937 rng{rd()};
+ std::uniform_int_distribution<int> uid(0, 63);
+
+ std::string chars{std::string(std::string::size_type(64), char('a'))};
+ std::iota(chars.begin() , chars.begin() + 26, 'a');
+ std::iota(chars.begin() + 26, chars.begin() + 52, 'A');
+ std::iota(chars.begin() + 52, chars.begin() + 62, '0');
+ chars[62] = '.';
+ chars[63] = '/';
+
+ std::string salt{{chars[uid(rng)], chars[uid(rng)]}};
char* result;
- if ((result = crypt_r(pw.data(), setting, &data)) == nullptr)
+ if ((result = crypt_r(pw.data(), salt.data(), &data)) == nullptr)
throw std::runtime_error("Error on crypt_r()");
return result;
@@ -31,16 +41,15 @@ bool Auth::validate(const std::string& crypted, const std::string& pw)
struct crypt_data data;
memset((void *)&data, '\0', sizeof(data));
- size_t pos = crypted.find_last_of('$');
- if (pos == crypted.npos) {
- std::cerr << "Warning: Bad password hash configured (format)" << std::endl;
+ if (crypted.size() < 2) {
+ std::cerr << "Warning: Bad password hash configured (size)" << std::endl;
return false;
}
- std::string setting{crypted.substr(0, pos)};
+ std::string salt{crypted.substr(0, 2)};
char* output;
- if ((output = crypt_r(pw.data(), setting.data(), &data)) == nullptr) {
+ if ((output = crypt_r(pw.data(), salt.data(), &data)) == nullptr) {
std::cerr << "Warning: Error on crypt_r()" << std::endl;
return false;
}
diff --git a/webserver.conf b/webserver.conf
index 55a1870..5282af1 100644
--- a/webserver.conf
+++ b/webserver.conf
@@ -29,7 +29,7 @@
<target>/home/ernie/testbox</target>
<WEBBOX_NAME>Testbox1</WEBBOX_NAME>
<WEBBOX_READONLY>0</WEBBOX_READONLY>
- <auth login="abc" password="$6$rounds=2000$HGwnefVabvSkS4Kg$5xYJDIVL7rkMGVVBOHf8/pHTJFKeEDytzS9em6En9qydgUFqbtbOTnTp/HyYk9At4eDL64jGKmbSKNFsXlquI1"/>
+ <auth login="abc" password="p3p0Jka3YM5Fk"/>
</path>
<path requested="/blog">
<plugin>weblog</plugin>
@@ -45,7 +45,7 @@
<path requested="/cgi-bin">
<plugin>cgi</plugin>
<target>/home/ernie/code/webserver/cgi-bin</target>
- <auth login="abc" password="$6$rounds=2000$HGwnefVabvSkS4Kg$5xYJDIVL7rkMGVVBOHf8/pHTJFKeEDytzS9em6En9qydgUFqbtbOTnTp/HyYk9At4eDL64jGKmbSKNFsXlquI1"/>
+ <auth login="abc" password="p3p0Jka3YM5Fk"/>
</path>
<certpath>/home/ernie/code/webserver/fullchain.pem</certpath>
<keypath>/home/ernie/code/webserver/privkey.pem</keypath>