diff options
| -rw-r--r-- | auth.cpp | 31 | ||||
| -rw-r--r-- | webserver.conf | 4 |
2 files changed, 22 insertions, 13 deletions
@@ -3,8 +3,10 @@ #include <crypt.h> #include <string.h> -#include <stdexcept> +#include <algorithm> #include <iostream> +#include <random> +#include <stdexcept> // crypt specified password std::string Auth::generate(const std::string& pw) @@ -12,14 +14,22 @@ std::string Auth::generate(const std::string& pw) struct crypt_data data; memset((void *)&data, '\0', sizeof(data)); - char setting[1000]; - - if (crypt_gensalt_rn("$6$", 2000, nullptr, 0, setting, sizeof(setting)) == nullptr) - throw std::runtime_error("Error on crypt_gensalt_r()"); + std::random_device rd; + std::mt19937 rng{rd()}; + std::uniform_int_distribution<int> uid(0, 63); + + std::string chars{std::string(std::string::size_type(64), char('a'))}; + std::iota(chars.begin() , chars.begin() + 26, 'a'); + std::iota(chars.begin() + 26, chars.begin() + 52, 'A'); + std::iota(chars.begin() + 52, chars.begin() + 62, '0'); + chars[62] = '.'; + chars[63] = '/'; + + std::string salt{{chars[uid(rng)], chars[uid(rng)]}}; char* result; - if ((result = crypt_r(pw.data(), setting, &data)) == nullptr) + if ((result = crypt_r(pw.data(), salt.data(), &data)) == nullptr) throw std::runtime_error("Error on crypt_r()"); return result; @@ -31,16 +41,15 @@ bool Auth::validate(const std::string& crypted, const std::string& pw) struct crypt_data data; memset((void *)&data, '\0', sizeof(data)); - size_t pos = crypted.find_last_of('$'); - if (pos == crypted.npos) { - std::cerr << "Warning: Bad password hash configured (format)" << std::endl; + if (crypted.size() < 2) { + std::cerr << "Warning: Bad password hash configured (size)" << std::endl; return false; } - std::string setting{crypted.substr(0, pos)}; + std::string salt{crypted.substr(0, 2)}; char* output; - if ((output = crypt_r(pw.data(), setting.data(), &data)) == nullptr) { + if ((output = crypt_r(pw.data(), salt.data(), &data)) == nullptr) { std::cerr << "Warning: Error on crypt_r()" << std::endl; return false; } diff --git a/webserver.conf b/webserver.conf index 55a1870..5282af1 100644 --- a/webserver.conf +++ b/webserver.conf @@ -29,7 +29,7 @@ <target>/home/ernie/testbox</target> <WEBBOX_NAME>Testbox1</WEBBOX_NAME> <WEBBOX_READONLY>0</WEBBOX_READONLY> - <auth login="abc" password="$6$rounds=2000$HGwnefVabvSkS4Kg$5xYJDIVL7rkMGVVBOHf8/pHTJFKeEDytzS9em6En9qydgUFqbtbOTnTp/HyYk9At4eDL64jGKmbSKNFsXlquI1"/> + <auth login="abc" password="p3p0Jka3YM5Fk"/> </path> <path requested="/blog"> <plugin>weblog</plugin> @@ -45,7 +45,7 @@ <path requested="/cgi-bin"> <plugin>cgi</plugin> <target>/home/ernie/code/webserver/cgi-bin</target> - <auth login="abc" password="$6$rounds=2000$HGwnefVabvSkS4Kg$5xYJDIVL7rkMGVVBOHf8/pHTJFKeEDytzS9em6En9qydgUFqbtbOTnTp/HyYk9At4eDL64jGKmbSKNFsXlquI1"/> + <auth login="abc" password="p3p0Jka3YM5Fk"/> </path> <certpath>/home/ernie/code/webserver/fullchain.pem</certpath> <keypath>/home/ernie/code/webserver/privkey.pem</keypath> |