1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
21 #include "apr_errno.h"
22 #include "apr_strings.h"
23 #include "apr_file_io.h"
24 #include "apr_thread_pool.h"
31 #if defined(WIN32) || defined(BEOS) || defined(NETWARE)
32 #define CRYPT_ALGO_SUPPORTED 0
34 #define CRYPT_ALGO_SUPPORTED 1
37 #if defined __GLIBC_PREREQ
38 #if __GLIBC_PREREQ(2,7)
39 #define GLIBCSHA_ALGO_SUPPORTED
43 #if CRYPT_ALGO_SUPPORTED
51 passwords and hashes created with Apache's htpasswd utility like this:
53 htpasswd -c -b passwords pass1 pass1
54 htpasswd -b passwords pass2 pass2
55 htpasswd -b passwords pass3 pass3
56 htpasswd -b passwords pass4 pass4
57 htpasswd -b passwords pass5 pass5
58 htpasswd -b passwords pass6 pass6
59 htpasswd -b passwords pass7 pass7
60 htpasswd -b passwords pass8 pass8
61 (insert Perl one-liner to convert to initializer :) )
63 {"pass1", "1fWDc9QWYCWrQ"},
64 {"pass2", "1fiGx3u7QoXaM"},
65 {"pass3", "1fzijMylTiwCs"},
66 {"pass4", "nHUYc8U2UOP7s"},
67 {"pass5", "nHpETGLGPwAmA"},
68 {"pass6", "nHbsbWmJ3uyhc"},
69 {"pass7", "nHQ3BbF0Y9vpI"},
70 {"pass8", "nHZA1rViSldQk"}
72 static int num_passwords = sizeof(passwords) / sizeof(passwords[0]);
74 static void test_crypt(abts_case *tc, void *data)
78 for (i = 0; i < num_passwords; i++) {
79 apr_assert_success(tc, "check for valid password",
80 apr_password_validate(passwords[i].password,
87 static void * APR_THREAD_FUNC testing_thread(apr_thread_t *thd,
93 for (i = 0; i < 100; i++) {
102 /* test for threadsafe crypt() */
103 static void test_threadsafe(abts_case *tc, void *data)
107 apr_thread_pool_t *thrp;
109 rv = apr_thread_pool_create(&thrp, NUM_THR/2, NUM_THR, p);
110 ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
112 for (i = 0; i < NUM_THR; i++) {
113 rv = apr_thread_pool_push(thrp, testing_thread, tc, 0, NULL);
114 ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
117 apr_thread_pool_destroy(thrp);
121 #endif /* CRYPT_ALGO_SUPPORTED */
123 static void test_shapass(abts_case *tc, void *data)
125 const char *pass = "hellojed";
126 const char *pass2 = "hellojed2";
129 apr_sha1_base64(pass, strlen(pass), hash);
131 apr_assert_success(tc, "SHA1 password validated",
132 apr_password_validate(pass, hash));
133 APR_ASSERT_FAILURE(tc, "wrong SHA1 password should not validate",
134 apr_password_validate(pass2, hash));
137 static void test_md5pass(abts_case *tc, void *data)
139 const char *pass = "hellojed", *salt = "sardine";
140 const char *pass2 = "hellojed2";
143 apr_md5_encode(pass, salt, hash, sizeof hash);
145 apr_assert_success(tc, "MD5 password validated",
146 apr_password_validate(pass, hash));
147 APR_ASSERT_FAILURE(tc, "wrong MD5 password should not validate",
148 apr_password_validate(pass2, hash));
151 #ifdef GLIBCSHA_ALGO_SUPPORTED
154 const char *password;
156 } glibc_sha_pws[] = {
158 { "secret1", "$5$0123456789abcdef$SFX.CooXBS8oXsbAPgU/UyiCodhrLQ19sBgvcA3Zh1D" },
159 { "secret2", "$5$rounds=100000$0123456789abcdef$dLXfO5m4d.xv8G66kpz2LyL0.Mi5wjLlH0m7rtgyhyB" },
161 { "secret3", "$6$0123456789abcdef$idOsOfoWwnCQkJm9hd2hxS4NnEs9nBA9poOFXsvtrYSoSHaOToCfyUoZwKe.ZCZnq7D95tGVoi2jxZZMyVwTL1" },
162 { "secret4", "$6$rounds=100000$0123456789abcdef$ZiAMjbeA.iIGTWxq2oks9Bvz9sfxaoGPgAtpwimPEwFwkSNMTK7lLwABzzldds/n4UgCQ16HqawPrCrePr4YX1" },
166 static void test_glibc_shapass(abts_case *tc, void *data)
169 while (glibc_sha_pws[i].password) {
170 apr_assert_success(tc, "check for valid glibc crypt-sha password",
171 apr_password_validate(glibc_sha_pws[i].password,
172 glibc_sha_pws[i].hash));
178 static void test_bcryptpass(abts_case *tc, void *data)
180 const char *pass = "hellojed";
181 const char *pass2 = "hellojed2";
182 unsigned char salt[] = "sardine_sardine";
184 const char *hash2 = "$2a$08$qipUJiI9fySUN38hcbz.lucXvAmtgowKOWYtB9y3CXyl6lTknruou";
185 const char *pass3 = "foobar";
187 apr_assert_success(tc, "bcrypt encode password",
188 apr_bcrypt_encode(pass, 5, salt, sizeof(salt), hash,
191 apr_assert_success(tc, "bcrypt password validated",
192 apr_password_validate(pass, hash));
193 APR_ASSERT_FAILURE(tc, "wrong bcrypt password should not validate",
194 apr_password_validate(pass2, hash));
195 apr_assert_success(tc, "bcrypt password validated",
196 apr_password_validate(pass3, hash2));
200 abts_suite *testpass(abts_suite *suite)
202 suite = ADD_SUITE(suite);
204 #if CRYPT_ALGO_SUPPORTED
205 abts_run_test(suite, test_crypt, NULL);
207 abts_run_test(suite, test_threadsafe, NULL);
209 #endif /* CRYPT_ALGO_SUPPORTED */
210 abts_run_test(suite, test_shapass, NULL);
211 abts_run_test(suite, test_md5pass, NULL);
212 abts_run_test(suite, test_bcryptpass, NULL);
213 #ifdef GLIBCSHA_ALGO_SUPPORTED
214 abts_run_test(suite, test_glibc_shapass, NULL);