htpasswd.c revision cccd31fa4a72fe23cc3249c06db181b274a55a69
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny/* ====================================================================
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * The Apache Software License, Version 1.1
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * Copyright (c) 2000 The Apache Software Foundation. All rights
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * Redistribution and use in source and binary forms, with or without
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * modification, are permitted provided that the following conditions
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * 1. Redistributions of source code must retain the above copyright
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * notice, this list of conditions and the following disclaimer.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * 2. Redistributions in binary form must reproduce the above copyright
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * notice, this list of conditions and the following disclaimer in
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * the documentation and/or other materials provided with the
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * distribution.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * 3. The end-user documentation included with the redistribution,
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * if any, must include the following acknowledgment:
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * "This product includes software developed by the
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * Apache Software Foundation (http://www.apache.org/)."
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * Alternately, this acknowledgment may appear in the software itself,
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * if and wherever such third-party acknowledgments normally appear.
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * 4. The names "Apache" and "Apache Software Foundation" must
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * not be used to endorse or promote products derived from this
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * software without prior written permission. For written
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * permission, please contact apache@apache.org.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * 5. Products derived from this software may not be called "Apache",
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * nor may "Apache" appear in their name, without prior written
204cfc89a076fd32bf34f2abb3f809304aaa88abSimo Sorce * permission of the Apache Software Foundation.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
9822d4d468ec74e4e173f5adf0db12d02974cd18Sumit Bose * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
a6cca9c284724fafd670a3163812f248ba53ad97Jakub Hrozek * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
9822d4d468ec74e4e173f5adf0db12d02974cd18Sumit Bose * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
9822d4d468ec74e4e173f5adf0db12d02974cd18Sumit Bose * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
9822d4d468ec74e4e173f5adf0db12d02974cd18Sumit Bose * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
9822d4d468ec74e4e173f5adf0db12d02974cd18Sumit Bose * SUCH DAMAGE.
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose * ====================================================================
a6cca9c284724fafd670a3163812f248ba53ad97Jakub Hrozek * This software consists of voluntary contributions made by many
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek * individuals on behalf of the Apache Software Foundation. For more
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * information on the Apache Software Foundation, please see
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * Portions of this software are based upon public domain software
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * originally written at the National Center for Supercomputing Applications,
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * University of Illinois, Urbana-Champaign.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny/******************************************************************************
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny ******************************************************************************
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * NOTE! This program is not safe as a setuid executable! Do not make it
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce ******************************************************************************
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny *****************************************************************************/
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * htpasswd.c: simple program for manipulating password file for
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * the Apache HTTP server
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * Originally by Rob McCool
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * Exit values:
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * 0: Success
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * 1: Failure; file access/permission problem
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * 2: Failure; command line syntax problem (usage message issued)
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * 3: Failure; password verification failure
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * 4: Failure; operation interrupted (such as with CTRL/C)
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * 5: Failure; buffer would overflow (username, filename, or computed
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * record too long)
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * 6: Failure; username contains illegal or reserved characters
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose#else /*CHARSET_EBCDIC*/
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek#endif /*CHARSET_EBCDIC*/
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * This needs to be declared statically so the signal handler can
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * access it.
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov * If our platform knows about the tmpnam() external buffer size, create
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov * a buffer to pass in. This is needed in a threaded environment, or
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * one that thinks it is (like HP-UX).
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov * Get a line of input from the user, not including any terminating
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce register int i = 0;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce s[i] = (char) fgetc(f);
9822d4d468ec74e4e173f5adf0db12d02974cd18Sumit Bose if (s[i] == CR) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) {
9822d4d468ec74e4e173f5adf0db12d02974cd18Sumit Bose s[i] = '\0';
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose for (x = 0; l[x]; x++) {
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bosestatic void to64(char *s, unsigned long v, int n)
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose static unsigned char itoa64[] = /* 0 ... 63 => ASCII - 64 */
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose while (--n >= 0) {
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * Make a password record from the given information. A zero return
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * indicates success; failure means that the output buffer contains an
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * error message instead.
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bosestatic int mkrecord(char *user, char *record, size_t rlen, char *passwd,
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose if (apr_getpass("New password: ", pwin, &bufsize) != 0) {
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose apr_snprintf(record, (rlen - 1), "password too long (>%d)",
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek apr_getpass("Re-type new password: ", pwv, &bufsize);
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek apr_cpystrn(record, "password verification error", (rlen - 1));
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce /* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny apr_MD5Encode((const char *)pw, (const char *)salt,
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny /* XXX this len limitation is not in sync with any HTTPd len. */
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny apr_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * Check to see if the buffer is large enough to hold the username,
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * hash, and delimiters.
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny if ((strlen(user) + 1 + strlen(cpw)) > (rlen - 1)) {
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny apr_cpystrn(record, "resultant record too long", (rlen - 1));
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorcestatic int usage(void)
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny fprintf(stderr, "\thtpasswd [-cmdps] passwordfile username\n");
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny fprintf(stderr, "\thtpasswd -b[cmdps] passwordfile username password\n\n");
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny fprintf(stderr, "\thtpasswd -n[mdps] username\n");
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny fprintf(stderr, "\thtpasswd -nb[mdps] username password\n");
cb388d52f49f54963379cc20a25e14d17fe6e9a3Simo Sorce fprintf(stderr, " -n Don't update file; display results on stdout.\n");
cb388d52f49f54963379cc20a25e14d17fe6e9a3Simo Sorce fprintf(stderr, " -m Force MD5 encryption of the password"
cb388d52f49f54963379cc20a25e14d17fe6e9a3Simo Sorce " (default)"
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov fprintf(stderr, " -d Force CRYPT encryption of the password"
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny " (default)"
204cfc89a076fd32bf34f2abb3f809304aaa88abSimo Sorce fprintf(stderr, " -p Do not encrypt the password (plaintext).\n");
204cfc89a076fd32bf34f2abb3f809304aaa88abSimo Sorce fprintf(stderr, " -s Force SHA encryption of the password.\n");
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce fprintf(stderr, " -b Use the password from the command line rather "
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce "than prompting for it.\n");
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce "On Windows and TPF systems the '-m' flag is used by default.\n");
204cfc89a076fd32bf34f2abb3f809304aaa88abSimo Sorce "On all other systems, the '-p' flag will probably not work.\n");
204cfc89a076fd32bf34f2abb3f809304aaa88abSimo Sorcestatic void interrupted(void)
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * Check to see if the specified file can be opened for the given
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * Return true if a file is readable.
17195241500e46272018d7897d6e87249870caf2Pavel Reichl * Return true if the specified file can be opened for write access.
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * Return true if the named file exists, regardless of permissions.
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * Copy from the current position of one file to the current position
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * of another.
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose while (fgets(line, sizeof(line), source) != NULL) {
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * Let's do it. We end up doing a lot of file opening and closing,
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * but what do we care? This application isn't run constantly.
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose rv = apr_xlate_open(&to_ascii, "ISO8859-1", APR_DEFAULT_CHARSET, pool);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose fprintf(stderr, "apr_xlate_open(to ASCII)->%d\n", rv);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose fprintf(stderr, "ap_SHA1InitEBCDIC()->%d\n", rv);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose fprintf(stderr, "apr_MD5InitEBCDIC()->%d\n", rv);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose#endif /*CHARSET_EBCDIC*/
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * Preliminary check to make sure they provided at least
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * three arguments, we'll do better argument checking as
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * we parse the command line.
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * Go through the argument list and pick out any options. They
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * have to precede any other arguments.
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * Make sure we still have exactly the right number of arguments left
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * (the filename, the username, and possibly the password if -b was
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorce * specified).
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny fprintf(stderr, "%s: -c and -n options conflict\n", argv[0]);
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny if (strlen(argv[i]) > (sizeof(pwfilename) - 1)) {
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny fprintf(stderr, "%s: filename too long\n", argv[0]);
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny fprintf(stderr, "%s: username too long (>%d)\n", argv[0],
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny fprintf(stderr, "%s: username contains illegal character '%c'\n",
17195241500e46272018d7897d6e87249870caf2Pavel Reichl if (strlen(argv[i + 2]) > (sizeof(password) - 1)) {
17195241500e46272018d7897d6e87249870caf2Pavel Reichl fprintf(stderr, "%s: password too long (>%d)\n", argv[0],
17195241500e46272018d7897d6e87249870caf2Pavel Reichl fprintf(stderr, "Automatically using MD5 format on Windows.\n");
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny fprintf(stderr,"Warning: storing passwords as plain text might "
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny "just not work on this platform.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov * Only do the file checks if we're supposed to frob it.
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * Verify that the file exists if -c was omitted. We give a special
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * message if it doesn't.
3b0e0352d8076909608d04750d3ea6b0d9ba33f6Jakub Hrozek "%s: cannot modify file %s; use '-c' to create it\n",
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * Verify that we can read the existing file in the case of an update
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny * to it (rather than creation of a new one).
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorce fprintf(stderr, "%s: cannot open file %s for read access\n",
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * Now check to see if we can preserve an existing file in case
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * of password verification errors on a -c operation.
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce if (newfile && exists(pwfilename) && (! readable(pwfilename))) {
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce fprintf(stderr, "%s: cannot open file %s for read access\n"
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce "%s: existing auth data would be lost on "
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce "password mismatch",
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek * Now verify that the file is writable!
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose fprintf(stderr, "%s: cannot open file %s for write access\n",
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek * All the file access checks (if any) have been made. Time to go to work;
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek * try to create the record for the username in question. If that
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * fails, there's no need to waste any time on file manipulations.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * Any error message text is returned in the record buffer, since
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * the mkrecord() routine doesn't have access to argv[].
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce if (i != 0) {
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * We can access the files the right way, and we have a record
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * to add or update. Let's do it..
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce if ((tempfilename == NULL) || (*tempfilename == '\0')) {
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce fprintf(stderr, "%s: unable to generate temporary filename\n",
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce fprintf(stderr, "%s: unable to create temporary file '%s'\n", argv[0],
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce * If we're not creating a new file, copy records from the existing
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce * one to the temporary file until we find the specified user.
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce * See if this is our user.
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek * Now add the user record we created.
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek * If we're updating an existing file, there may be additional
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek * records beyond the one we're updating, so copy them.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * The temporary file now contains the information that should be
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * in the actual password file. Close the open files, re-open them
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny * in the appropriate mode, and copy them file to the real one.