From 0d8329bd3aea1874f6fd41c066ec45fd73607504 Mon Sep 17 00:00:00 2001 From: Roland Reichwein Date: Mon, 27 Apr 2020 07:58:15 +0200 Subject: Fix crypt --- auth.cpp | 31 ++++++++++++++++++++----------- webserver.conf | 4 ++-- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/auth.cpp b/auth.cpp index 451c1ce..501eb07 100644 --- a/auth.cpp +++ b/auth.cpp @@ -3,8 +3,10 @@ #include #include -#include +#include #include +#include +#include // crypt specified password std::string Auth::generate(const std::string& pw) @@ -12,14 +14,22 @@ std::string Auth::generate(const std::string& pw) struct crypt_data data; memset((void *)&data, '\0', sizeof(data)); - char setting[1000]; - - if (crypt_gensalt_rn("$6$", 2000, nullptr, 0, setting, sizeof(setting)) == nullptr) - throw std::runtime_error("Error on crypt_gensalt_r()"); + std::random_device rd; + std::mt19937 rng{rd()}; + std::uniform_int_distribution uid(0, 63); + + std::string chars{std::string(std::string::size_type(64), char('a'))}; + std::iota(chars.begin() , chars.begin() + 26, 'a'); + std::iota(chars.begin() + 26, chars.begin() + 52, 'A'); + std::iota(chars.begin() + 52, chars.begin() + 62, '0'); + chars[62] = '.'; + chars[63] = '/'; + + std::string salt{{chars[uid(rng)], chars[uid(rng)]}}; char* result; - if ((result = crypt_r(pw.data(), setting, &data)) == nullptr) + if ((result = crypt_r(pw.data(), salt.data(), &data)) == nullptr) throw std::runtime_error("Error on crypt_r()"); return result; @@ -31,16 +41,15 @@ bool Auth::validate(const std::string& crypted, const std::string& pw) struct crypt_data data; memset((void *)&data, '\0', sizeof(data)); - size_t pos = crypted.find_last_of('$'); - if (pos == crypted.npos) { - std::cerr << "Warning: Bad password hash configured (format)" << std::endl; + if (crypted.size() < 2) { + std::cerr << "Warning: Bad password hash configured (size)" << std::endl; return false; } - std::string setting{crypted.substr(0, pos)}; + std::string salt{crypted.substr(0, 2)}; char* output; - if ((output = crypt_r(pw.data(), setting.data(), &data)) == nullptr) { + if ((output = crypt_r(pw.data(), salt.data(), &data)) == nullptr) { std::cerr << "Warning: Error on crypt_r()" << std::endl; return false; } diff --git a/webserver.conf b/webserver.conf index 55a1870..5282af1 100644 --- a/webserver.conf +++ b/webserver.conf @@ -29,7 +29,7 @@ /home/ernie/testbox Testbox1 0 - + weblog @@ -45,7 +45,7 @@ cgi /home/ernie/code/webserver/cgi-bin - + /home/ernie/code/webserver/fullchain.pem /home/ernie/code/webserver/privkey.pem -- cgit v1.2.3