From 678fe256b3133f41132119e7ecd2f3ceae8b67e6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 17 Apr 2024 15:42:58 +0200
Subject: Merging upstream version 2.4.59.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 support/htpasswd.c | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

(limited to 'support/htpasswd.c')

diff --git a/support/htpasswd.c b/support/htpasswd.c
index 7dd5af9..c576532 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -98,28 +98,32 @@ static int mkrecord(struct passwd_ctx *ctx, char *user)
 static void usage(void)
 {
     apr_file_printf(errfile, "Usage:" NL
-        "\thtpasswd [-cimBdpsDv] [-C cost] passwordfile username" NL
-        "\thtpasswd -b[cmBdpsDv] [-C cost] passwordfile username password" NL
+        "\thtpasswd [-cimB25dpsDv] [-C cost] [-r rounds] passwordfile username" NL
+        "\thtpasswd -b[cmB25dpsDv] [-C cost] [-r rounds] passwordfile username password" NL
         NL
-        "\thtpasswd -n[imBdps] [-C cost] username" NL
-        "\thtpasswd -nb[mBdps] [-C cost] username password" NL
+        "\thtpasswd -n[imB25dps] [-C cost] [-r rounds] username" NL
+        "\thtpasswd -nb[mB25dps] [-C cost] [-r rounds] username password" NL
         " -c  Create a new file." NL
         " -n  Don't update file; display results on stdout." NL
         " -b  Use the password from the command line rather than prompting "
             "for it." NL
         " -i  Read password from stdin without verification (for script usage)." NL
-        " -m  Force MD5 encryption of the password (default)." NL
-        " -B  Force bcrypt encryption of the password (very secure)." NL
+        " -m  Force MD5 hashing of the password (default)." NL
+        " -2  Force SHA-256 hashing of the password (secure)." NL
+        " -5  Force SHA-512 hashing of the password (secure)." NL
+        " -B  Force bcrypt hashing of the password (very secure)." NL
         " -C  Set the computing time used for the bcrypt algorithm" NL
         "     (higher is more secure but slower, default: %d, valid: 4 to 17)." NL
-        " -d  Force CRYPT encryption of the password (8 chars max, insecure)." NL
-        " -s  Force SHA encryption of the password (insecure)." NL
-        " -p  Do not encrypt the password (plaintext, insecure)." NL
+        " -r  Set the number of rounds used for the SHA-256, SHA-512 algorithms" NL
+        "     (higher is more secure but slower, default: 5000)." NL
+        " -d  Force CRYPT hashing of the password (8 chars max, insecure)." NL
+        " -s  Force SHA-1 hashing of the password (insecure)." NL
+        " -p  Do not hash the password (plaintext, insecure)." NL
         " -D  Delete the specified user." NL
         " -v  Verify password for the specified user." NL
         "On other systems than Windows and NetWare the '-p' flag will "
             "probably not work." NL
-        "The SHA algorithm does not use a salt and is less secure than the "
+        "The SHA-1 algorithm does not use a salt and is less secure than the "
             "MD5 algorithm." NL,
         BCRYPT_DEFAULT_COST
     );
@@ -178,7 +182,7 @@ static void check_args(int argc, const char *const argv[],
     if (rv != APR_SUCCESS)
         exit(ERR_SYNTAX);
 
-    while ((rv = apr_getopt(state, "cnmspdBbDiC:v", &opt, &opt_arg)) == APR_SUCCESS) {
+    while ((rv = apr_getopt(state, "cnmspdBbDi25C:r:v", &opt, &opt_arg)) == APR_SUCCESS) {
         switch (opt) {
         case 'c':
             *mask |= APHTP_NEWFILE;
-- 
cgit v1.2.3