support blowfish encryption in the password files and use it by default

From: Sergey Smitienko <hunter@comsys.com.ua>, markus ok

2 files changed, 28 insertions, 14 deletions

diff --git a/usr.sbin/httpd/src/support/htpasswd.1 b/usr.sbin/httpd/src/support/htpasswd.1
index 7cfe927254a..2e663e50ddc 100644
--- a/usr.sbin/httpd/src/support/htpasswd.1
+++ b/usr.sbin/httpd/src/support/htpasswd.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: htpasswd.1,v 1.11 2004/12/14 12:48:06 jmc Exp $
+.\"	$OpenBSD: htpasswd.1,v 1.12 2005/03/24 09:43:11 henning Exp $
 .\"
 .\" ====================================================================
 .\" The Apache Software License, Version 1.1
@@ -66,23 +66,23 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl c
-.Op Fl d | m | p | s
+.Op Fl d | l | m | p | s
 .Ar passwordfile
 .Ar username
 .Nm
 .Fl b
 .Op Fl c
-.Op Fl d | m | p | s
+.Op Fl d | l | m | p | s
 .Ar passwordfile
 .Ar username
 .Ar password
 .Nm
 .Fl n
-.Op Fl d | m | p | s
+.Op Fl d | l | m | p | s
 .Ar username
 .Nm
 .Fl bn
-.Op Fl d | m | p | s
+.Op Fl d | l | m | p | s
 .Ar username
 .Ar password
 .Sh DESCRIPTION
@@ -148,7 +148,11 @@ This option cannot be combined with the
 .Fl n
 option.
 .It Fl d
-Use
+Use DES-based 
+.Xr crypt 3
+encryption for passwords.
+.It Fl l
+Use Blowfish-based 
 .Xr crypt 3
 encryption for passwords.
 This is the default.
diff --git a/usr.sbin/httpd/src/support/htpasswd.c b/usr.sbin/httpd/src/support/htpasswd.c
index 9a17c354ff4..f4b6a0d6fb9 100644
--- a/usr.sbin/httpd/src/support/htpasswd.c
+++ b/usr.sbin/httpd/src/support/htpasswd.c
@@ -96,6 +96,8 @@
 #define ALG_CRYPT 1
 #define ALG_APMD5 2
 #define ALG_APSHA 3 
+#define ALG_APBLF 4
+
 
 #define ERR_FILEPERM 1
 #define ERR_SYNTAX 2
@@ -165,7 +167,7 @@ static int mkrecord(char *user, char *record, size_t rlen, char *passwd,
     char cpw[120];
     char pwin[MAX_STRING_LEN];
     char pwv[MAX_STRING_LEN];
-    char salt[9];
+    char salt[33];
 
     if (passwd != NULL) {
 	pw = passwd;
@@ -205,12 +207,16 @@ static int mkrecord(char *user, char *record, size_t rlen, char *passwd,
 	break;
 
     case ALG_CRYPT:
-    default:
         ap_to64(&salt[0], arc4random(), 8);
         salt[8] = '\0';
 
 	ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
 	break;
+    case ALG_APBLF:
+    default:
+	strlcpy(salt, bcrypt_gensalt(6), sizeof(salt));
+	strlcpy(cpw, (char *)crypt(pw, salt), sizeof(cpw));
+	break;
     }
     memset(pw, '\0', strlen(pw));
 
@@ -228,13 +234,14 @@ static int mkrecord(char *user, char *record, size_t rlen, char *passwd,
 
 static int usage(void)
 {
-    fprintf(stderr, "Usage:\thtpasswd [-c] [-d | -m | -p | -s] passwordfile username\n");
-    fprintf(stderr, "\thtpasswd -b [-c] [-d | -m | -p | -s] passwordfile username password\n");
-    fprintf(stderr, "\thtpasswd -n [-d | -m | -p | -s] username\n");
-    fprintf(stderr, "\thtpasswd -bn [-d | -m | -p | -s] username password\n");
+    fprintf(stderr, "Usage:\thtpasswd [-c] [-d | -l | -m | -p | -s ] passwordfile username\n");
+    fprintf(stderr, "\thtpasswd -b [-c] [-d | -l | -m | -p | -s] passwordfile username password\n");
+    fprintf(stderr, "\thtpasswd -n [-d | -l | -m | -p | -s] username\n");
+    fprintf(stderr, "\thtpasswd -bn [-d | -l | -m | -p | -s] username password\n");
     fprintf(stderr, " -b  Use the password from the command line rather than prompting for it.\n");
     fprintf(stderr, " -c  Create a new file.\n");
-    fprintf(stderr, " -d  Force CRYPT encryption of the password (default).\n");
+    fprintf(stderr, " -l  Force Blowfish-based CRYPT encryption of the password(default).\n");
+    fprintf(stderr, " -d  Force DES-based CRYPT encryption of the password.\n");
     fprintf(stderr, " -m  Force MD5 encryption of the password.\n");
     fprintf(stderr, " -n  Don't update file; display results on stdout.\n");
     fprintf(stderr, " -p  Do not encrypt the password (plaintext).\n");
@@ -323,7 +330,7 @@ int main(int argc, char *argv[])
     char pwfilename[MAX_STRING_LEN];
     char *arg;
     int found = 0;
-    int alg = ALG_CRYPT;
+    int alg = ALG_APBLF;
     int newfile = 0;
     int nofile = 0;
     int noninteractive = 0;
@@ -371,6 +378,9 @@ int main(int argc, char *argv[])
 	    else if (*arg == 'd') {
 		alg = ALG_CRYPT;
 	    }
+	    else if (*arg == 'l') {
+		alg = ALG_APBLF;
+	    }
 	    else if (*arg == 'b') {
 		noninteractive++;
 		args_left++;