From owner-freebsd-ports  Sun Sep 13 01:58:05 1998
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA04642
          for freebsd-ports-outgoing; Sun, 13 Sep 1998 01:58:05 -0700 (PDT)
          (envelope-from owner-freebsd-ports@FreeBSD.ORG)
Received: from emmi.physik.TU-Berlin.DE (emmi.physik.TU-Berlin.DE [130.149.160.103])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA04635
          for <ports@FreeBSD.ORG>; Sun, 13 Sep 1998 01:58:01 -0700 (PDT)
          (envelope-from ibex@emmi.physik.TU-Berlin.DE)
Received: (from ibex@localhost)
	by emmi.physik.TU-Berlin.DE (8.8.8/8.8.8) id KAA12447;
	Sun, 13 Sep 1998 10:57:36 +0200 (CEST)
	(envelope-from ibex)
Message-ID: <19980913105736.A12390@physik.TU-Berlin.DE>
Date: Sun, 13 Sep 1998 10:57:36 +0200
From: Dirk Froemberg <ibex@physik.TU-Berlin.DE>
To: "Vladimir B. Grebenschikov" <vova@radiance.plugcom.ru>,
        andreas@klemm.gtn.com
Cc: stefan@asterix.webaffairs.net, ports@FreeBSD.ORG
Subject: Re: FreeBSD Port: apache-php3.0.3-1.3.0
References: <19980912094245.A29717@klemm.gtn.com> <199809121644.UAA27281@plugcom.ru>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="pWyiEgJYm5f9v55/"
X-Mailer: Mutt 0.93i
In-Reply-To: <199809121644.UAA27281@plugcom.ru>; from Vladimir B. Grebenschikov on Sat, Sep 12, 1998 at 08:44:48PM +0400
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii

Hello Vladimir!

First thanks for pointing out that php3_crypt doesn't work with
MD5 crypt properly. Actually it doesn't with DES crypt either, since
the generation of the salt is too coarse compared to runtime.

I replaced the #ifdef NEWSALT with something checking whether
MD5 crypt or DES crypt is called on runtime.

The standard salt for the DES crypt is used again (with a finer salt
generation of course), because the extented salt returns a strange
(perhaps only to me 8-) result which has nothing to do with a standard
DES string. And it lasts up to _10 minutes_ to calculate an extented
crypt on my Pentium 90 which is much too long for something like PHP3.

Please have a look at the attached diffs. If you agree Andreas could
commit them soon.

Perhaps you also want to contact the original PHP3 authors to include
this patch in the PHP3 distribution.

	Best regards Dirk

On Sat, Sep 12, 1998 at 08:44:48PM +0400, Vladimir B. Grebenschikov wrote:
> > Dirk Froemberg is the new port maintainer.
> > I didn't look closely into this ... if we add this patch, does
> > it still work if installing FreeBSD with DES ?
> 
> Will at this stage, BUT when called with one argument
> crypt("password") - identical salt will be used ('$1')
> 
> for fix this need to compile crypt.c with -DNEWSALT, but it is not best
> solution for FreeBSD with DES, I know

-- 
e-mail: ibex@physik.tu-berlin.de

--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=patch-an

*** ../php-3.0.3/functions/crypt.c.orig	Fri May 15 12:57:19 1998
--- ../php-3.0.3/functions/crypt.c	Sun Sep 13 09:27:06 1998
***************
*** 66,74 ****
--- 66,96 ----
  	"Crypt", crypt_functions, NULL, NULL, NULL, NULL, NULL, STANDARD_MODULE_PROPERTIES
  };
  
+ #ifdef __FreeBSD__
+ static unsigned char itoa64[] =         /* 0 ... 63 => ascii - 64 */
+ 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+ 
+ void
+ to64(s, v, n)
+ 	char *s;
+ 	long v;
+ 	int n;
+ {
+ 	while (--n >= 0) {
+ 		*s++ = itoa64[v&0x3f];
+ 		v >>= 6;
+ 	}
+ }
+ #endif
+ 
  void php3_crypt(INTERNAL_FUNCTION_PARAMETERS)
  {
+ #ifdef __FreeBSD__
+ 	char salt[10];
+ 	struct timeval tv;
+ #else
  	char salt[4];
+ #endif
  	int arg_count = ARG_COUNT(ht);
  	pval *arg1, *arg2;
  	static char seedchars[] =
***************
*** 83,96 ****
--- 105,141 ----
  	salt[0] = '\0';
  	if (arg_count == 2) {
  		convert_to_string(arg2);
+ #ifdef __FreeBSD__              
+ 		strncpy(salt, arg2->value.str.val, 9);
+ #else                   
  		strncpy(salt, arg2->value.str.val, 2);
+ #endif
  	}
  	if (!salt[0]) {
+ #ifdef __FreeBSD__
+ 		gettimeofday(&tv,0);
+ 		if (!strncmp(crypt("test", "xx"), "$1$", 3)) {
+ 			/* MD5 salt */
+ 			strncpy(&salt[0], "$1$", 3);
+ 			(void)srandom((int)time((time_t *)NULL));
+ 			to64(&salt[3], random(), 3);
+ 			to64(&salt[6], tv.tv_usec, 3);
+ 			salt[9] = '\0';
+ 		} else {
+ 			/* DES salt */
+ 			srandom(getpid() * tv.tv_usec);
+ 			to64(&salt[0], random(), 2);
+ 			salt[2] = '\0';
+ 		}
+ #else
  		srand(time(0) * getpid());
  		salt[0] = seedchars[rand() % 64];
  		salt[1] = seedchars[rand() % 64];
+ #endif
  	}
+ #ifndef __FreeBSD__
  	salt[2] = '\0';
+ #endif
  
  	return_value->value.str.val = (char *) crypt(arg1->value.str.val, salt);
  	return_value->value.str.len = strlen(return_value->value.str.val);	/* can be optimized away to 13? */

--pWyiEgJYm5f9v55/--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message