/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/******************************************************************************
******************************************************************************
* NOTE! This program is not safe as a setuid executable! Do not make it
* setuid!
******************************************************************************
*****************************************************************************/
/*
* htpasswd.c: simple program for manipulating password file for
* the Apache HTTP server
*
* Originally by Rob McCool
*
* Exit values:
* 0: Success
* 1: Failure; file access/permission problem
* 2: Failure; command line syntax problem (usage message issued)
* 3: Failure; password verification failure
* 4: Failure; operation interrupted (such as with CTRL/C)
* 5: Failure; buffer would overflow (username, filename, or computed
* record too long)
* 6: Failure; username contains illegal or reserved characters
* 7: Failure; file is not a valid htpasswd file
*/
#include "passwd_common.h"
#include "apr_signal.h"
#include "apr_getopt.h"
#if APR_HAVE_STDIO_H
#include <stdio.h>
#endif
#include "apr_md5.h"
#include "apr_sha1.h"
#include <stdlib.h>
#endif
#include <string.h>
#endif
#include <unistd.h>
#endif
#ifdef WIN32
#include <conio.h>
#endif
{
int ret;
if (ret)
return ret;
return ERR_OVERFLOW;
}
return 0;
}
static void usage(void)
{
"\thtpasswd [-cimBdpsDv] [-C cost] passwordfile username" NL
"\thtpasswd -b[cmBdpsDv] [-C cost] passwordfile username password" NL
"\thtpasswd -n[imBdps] [-C cost] username" NL
"\thtpasswd -nb[mBdps] [-C cost] username password" NL
" -c Create a new file." NL
" -n Don't update file; display results on stdout." NL
" -b Use the password from the command line rather than prompting "
"for it." NL
" -i Read password from stdin without verification (for script usage)." NL
" -m Force MD5 encryption of the password (default)." NL
" -B Force bcrypt encryption of the password (very secure)." NL
" -C Set the computing time used for the bcrypt algorithm" NL
" (higher is more secure but slower, default: %d, valid: 4 to 31)." NL
" -d Force CRYPT encryption of the password (8 chars max, insecure)." NL
" -s Force SHA encryption of the password (insecure)." NL
" -p Do not encrypt the password (plaintext, insecure)." NL
" -D Delete the specified user." NL
" -v Verify password for the specified user." NL
"On other systems than Windows and NetWare the '-p' flag will "
"probably not work." NL
"The SHA algorithm does not use a salt and is less secure than the "
"MD5 algorithm." NL,
);
}
/*
* Check to see if the specified file can be opened for the given
* access.
*/
{
apr_file_t *f = NULL;
return 0;
}
apr_file_close(f);
return 1;
}
/*
* Return true if the named file exists, regardless of permissions.
*/
{
}
static void terminate(void)
{
#ifdef NETWARE
pressanykey();
#endif
}
char **pwfilename)
{
const char *arg;
int i, ret;
char opt;
const char *opt_arg;
if (rv != APR_SUCCESS)
switch (opt) {
case 'c':
*mask |= APHTP_NEWFILE;
break;
case 'n':
args_left--;
*mask |= APHTP_NOFILE;
break;
case 'D':
*mask |= APHTP_DELUSER;
break;
case 'v':
*mask |= APHTP_VERIFY;
break;
default:
if (ret) {
}
}
}
args_left++;
usage();
/* not a power of two, i.e. more than one flag specified */
argv[0]);
}
/*
* Make sure we still have exactly the right number of arguments left
* (the filename, the username, and possibly the password if -b was
* specified).
*/
usage();
}
if (!(*mask & APHTP_NOFILE)) {
}
}
}
}
argv[0], MAX_STRING_LEN);
}
}
}
{
int ret;
return ret;
if (rv == APR_SUCCESS)
return 0;
if (APR_STATUS_IS_EMISMATCH(rv)) {
return ERR_PWMISMATCH;
}
&rv);
return ERR_GENERAL;
}
/*
* Let's do it. We end up doing a lot of file opening and closing,
* but what do we care? This application isn't run constantly.
*/
{
char *dirname;
int found = 0;
int i;
unsigned mask = 0;
int existing_file = 0;
#endif
if (rv) {
exit(1);
}
if (rv) {
exit(1);
}
if (rv) {
exit(1);
}
#endif /*APR_CHARSET_EBCDIC*/
/*
* Only do the file checks if we're supposed to frob it.
*/
if (!(mask & APHTP_NOFILE)) {
if (existing_file) {
/*
* Check that this existing file is readable and writable.
*/
}
}
else {
/*
* Error out if -c was omitted for this non-existant file.
*/
if (!(mask & APHTP_NEWFILE)) {
"%s: cannot modify file %s; use '-c' to create it" NL,
argv[0], pwfilename);
}
/*
* As it doesn't exist yet, verify that we can create it.
*/
argv[0], pwfilename);
}
}
}
/*
* All the file access checks (if any) have been made. Time to go to work;
* try to create the record for the username in question. If that
* fails, there's no need to waste any time on file manipulations.
* Any error message text is returned in the record buffer, since
* the mkrecord() routine doesn't have access to argv[].
*/
if (i != 0) {
exit(i);
}
if (mask & APHTP_NOFILE) {
exit(0);
}
}
if ((mask & APHTP_VERIFY) == 0) {
/*
* We can access the files the right way, and we have a record
* to add or update. Let's do it..
*/
argv[0]);
}
}
}
/*
* If we're not creating a new file, copy records from the existing
* one to the temporary file until we find the specified user.
*/
argv[0], pwfilename);
}
char *colon;
while (apr_isspace(*scratch)) {
++scratch;
}
continue;
}
/*
* See if this is our user.
*/
*colon = '\0';
}
else {
/*
* If we've not got a colon on the line, this could well
* not be a valid htpasswd file.
* We should bail at this point.
*/
"to be a valid htpasswd file." NL,
argv[0], pwfilename);
}
continue;
}
else {
/* We found the user we were looking for */
found++;
if ((mask & APHTP_DELUSER)) {
/* Delete entry from the file */
}
else if ((mask & APHTP_VERIFY)) {
/* Verify */
if (len == 0) {
user);
}
if (i != 0) {
exit(i);
}
}
else {
/* Update entry */
}
}
}
}
if (!found) {
if (mask & APHTP_DELUSER) {
exit(0);
}
else if (mask & APHTP_VERIFY) {
}
else {
}
}
if (mask & APHTP_VERIFY) {
exit(0);
}
/* The temporary file has all the data, just copy it to the new location.
*/
APR_SUCCESS) {
argv[0], pwfilename);
}
return 0;
}