From 0d8329bd3aea1874f6fd41c066ec45fd73607504 Mon Sep 17 00:00:00 2001
From: Roland Reichwein <mail@reichwein.it>
Date: Mon, 27 Apr 2020 07:58:15 +0200
Subject: Fix crypt

---
 auth.cpp       | 31 ++++++++++++++++++++-----------
 webserver.conf |  4 ++--
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/auth.cpp b/auth.cpp
index 451c1ce..501eb07 100644
--- a/auth.cpp
+++ b/auth.cpp
@@ -3,8 +3,10 @@
 #include <crypt.h>
 #include <string.h>
 
-#include <stdexcept>
+#include <algorithm>
 #include <iostream>
+#include <random>
+#include <stdexcept>
 
 // crypt specified password
 std::string Auth::generate(const std::string& pw)
@@ -12,14 +14,22 @@ std::string Auth::generate(const std::string& pw)
  struct crypt_data data;
  memset((void *)&data, '\0', sizeof(data));
 
- char setting[1000];
- 
- if (crypt_gensalt_rn("$6$", 2000, nullptr, 0, setting, sizeof(setting)) == nullptr)
-  throw std::runtime_error("Error on crypt_gensalt_r()");
+ std::random_device rd;
+ std::mt19937 rng{rd()};
+ std::uniform_int_distribution<int> uid(0, 63);
+
+ std::string chars{std::string(std::string::size_type(64), char('a'))};
+ std::iota(chars.begin()     , chars.begin() + 26, 'a');
+ std::iota(chars.begin() + 26, chars.begin() + 52, 'A');
+ std::iota(chars.begin() + 52, chars.begin() + 62, '0');
+ chars[62] = '.';
+ chars[63] = '/';
+
+ std::string salt{{chars[uid(rng)], chars[uid(rng)]}};
 
  char* result;
 
- if ((result = crypt_r(pw.data(), setting, &data)) == nullptr)
+ if ((result = crypt_r(pw.data(), salt.data(), &data)) == nullptr)
   throw std::runtime_error("Error on crypt_r()");
 
  return result;
@@ -31,16 +41,15 @@ bool Auth::validate(const std::string& crypted, const std::string& pw)
  struct crypt_data data;
  memset((void *)&data, '\0', sizeof(data));
 
- size_t pos = crypted.find_last_of('$');
- if (pos == crypted.npos) {
-  std::cerr << "Warning: Bad password hash configured (format)" << std::endl;
+ if (crypted.size() < 2) {
+  std::cerr << "Warning: Bad password hash configured (size)" << std::endl;
   return false;
  }
 
- std::string setting{crypted.substr(0, pos)};
+ std::string salt{crypted.substr(0, 2)};
 
  char* output;
- if ((output = crypt_r(pw.data(), setting.data(), &data)) == nullptr) {
+ if ((output = crypt_r(pw.data(), salt.data(), &data)) == nullptr) {
   std::cerr << "Warning: Error on crypt_r()" << std::endl;
   return false;
  }
diff --git a/webserver.conf b/webserver.conf
index 55a1870..5282af1 100644
--- a/webserver.conf
+++ b/webserver.conf
@@ -29,7 +29,7 @@
     <target>/home/ernie/testbox</target>
     <WEBBOX_NAME>Testbox1</WEBBOX_NAME>
     <WEBBOX_READONLY>0</WEBBOX_READONLY>
-    <auth login="abc" password="$6$rounds=2000$HGwnefVabvSkS4Kg$5xYJDIVL7rkMGVVBOHf8/pHTJFKeEDytzS9em6En9qydgUFqbtbOTnTp/HyYk9At4eDL64jGKmbSKNFsXlquI1"/>
+    <auth login="abc" password="p3p0Jka3YM5Fk"/>
    </path>
    <path requested="/blog">
     <plugin>weblog</plugin>
@@ -45,7 +45,7 @@
    <path requested="/cgi-bin">
     <plugin>cgi</plugin>
     <target>/home/ernie/code/webserver/cgi-bin</target>
-    <auth login="abc" password="$6$rounds=2000$HGwnefVabvSkS4Kg$5xYJDIVL7rkMGVVBOHf8/pHTJFKeEDytzS9em6En9qydgUFqbtbOTnTp/HyYk9At4eDL64jGKmbSKNFsXlquI1"/>
+    <auth login="abc" password="p3p0Jka3YM5Fk"/>
    </path>
    <certpath>/home/ernie/code/webserver/fullchain.pem</certpath>
    <keypath>/home/ernie/code/webserver/privkey.pem</keypath>
-- 
cgit v1.2.3