[Klone-users] simple authentication klapp (updated)

thomas fossati tho at koanlogic.com
Wed Mar 12 16:39:27 EDT 2008 

Hi Alvaro,

On Mar 12, 2008, at 5:28 PM, Alvaro Pereira wrote:
> 1.- How do you generate the encrypted passwords? I had a look in 2
> different websites on how to create .htpasswd files, but none of them
> come out with an encrypted password similar to Klone's. I suppose  
> Klone
> must have a different generator algorithm.

the password hashing algorithm is plain MD5.  If you have OpenSSL at  
hand you can try something like:

$ /bin/echo -n "your_password_here" | openssl md5

You can access the same algorithm from within your klone application  
using the u_md5() function:

     char hashed_pwd[MD5_DIGEST_BUFSZ];

     u_md5("your_password_here", strlen("your_password_here"),  
hashed_pwd);

     printf("%s\n", hashed_pwd);

> 2.- In the example the passwd file is actually embedded. But how about
> if I would like to have such a file in the file system of my embedded
> product. The reason is that I would like to access it as an
> administrator and be able to add/change/delete passwords, so the
> combination of usernames/passwords can be tailored for each unit we
> produce. It would be ideal the administrator is able to access this  
> file
> through the web service itself (something I can do right now, but
> without the encryption capability).
> So let's say that when I log into the unit using Klone, there is a  
> page
> that submits an HTML form where I can do these operations in the  
> passwd
> file.

Sure it is possible, since the pwd module abstracts the I/O interface:

in auth_init(), instead of emb_open() you can use fopen() to open a  
file in your file system (remember to add "--enable_sup_fs" to  
KLONE_CONF_ARGS):

     dbg_err_if ((pwd_fp = fopen(pwd_name, "r")) == NULL);

Then you must provide an fgets wrapper for accessing lines in your  
passwd file:

     static char *file_fgets (char *str, int size, void *stream)
     {
         return fgets(str, size, (FILE *) stream);
     }

and pass it to the u_pwd_init() function, together with the I/O stream  
handler and the hash function:

     dbg_err_if (u_pwd_init(pwd_fp, file_fgets, u_md5,  
MD5_DIGEST_BUFSZ, &g_pwd));

that's all.

> 3.- How can I have a look on the libu:pwd module API? I guess it is  
> the
> one with all these definitions. In the example there are functions  
> like
> u_pwd_auth_user and u_pwd_init. Where are they defined?

from within klapp-auth-simple/ you can open the following couple of  
pages in your browser:

* klone-2.0.3rc0/build/target/klone-core-2.0.3rc0/libu/doc/html/ 
group__pwd.html
* klone-2.0.3rc0/build/target/klone-core-2.0.3rc0/libu/doc/html/pwd_8c- 
source.html

Hope it helps.

ciao, t.

More information about the klone-users mailing list