httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@hyperreal.org
Subject cvs commit: apache-1.3/src/support htpasswd.c
Date Wed, 10 Mar 1999 20:36:51 GMT
coar        99/03/10 12:36:47

  Modified:    src/support htpasswd.c
  Log:
  	Add licence, change argumbnt handling to alway recognise '-' as
  	a flag prefix, make a little easier to expand to other algorithms
  	in the future, and change file handling.  Previously a misspelt
  	passphrase could destroy existing security data (i.e., '-c'
  	would leave an empty file rather than whatever had been there
  	before).  Also distinguish between failure causes in the
  	exit status.
  
  Revision  Changes    Path
  1.22      +374 -142  apache-1.3/src/support/htpasswd.c
  
  Index: htpasswd.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- htpasswd.c	1999/03/08 20:14:05	1.21
  +++ htpasswd.c	1999/03/10 20:36:46	1.22
  @@ -1,3 +1,60 @@
  +/* ====================================================================
  + * Copyright (c) 1995-1999 The Apache Group.  All rights reserved.
  + *
  + * Redistribution and use in source and binary forms, with or without
  + * modification, are permitted provided that the following conditions
  + * are met:
  + *
  + * 1. Redistributions of source code must retain the above copyright
  + *    notice, this list of conditions and the following disclaimer. 
  + *
  + * 2. Redistributions in binary form must reproduce the above copyright
  + *    notice, this list of conditions and the following disclaimer in
  + *    the documentation and/or other materials provided with the
  + *    distribution.
  + *
  + * 3. All advertising materials mentioning features or use of this
  + *    software must display the following acknowledgment:
  + *    "This product includes software developed by the Apache Group
  + *    for use in the Apache HTTP server project (http://www.apache.org/)."
  + *
  + * 4. The names "Apache Server" and "Apache Group" must not be used to
  + *    endorse or promote products derived from this software without
  + *    prior written permission. For written permission, please contact
  + *    apache@apache.org.
  + *
  + * 5. Products derived from this software may not be called "Apache"
  + *    nor may "Apache" appear in their names without prior written
  + *    permission of the Apache Group.
  + *
  + * 6. Redistributions of any form whatsoever must retain the following
  + *    acknowledgment:
  + *    "This product includes software developed by the Apache Group
  + *    for use in the Apache HTTP server project (http://www.apache.org/)."
  + *
  + * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
  + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
  + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  + * OF THE POSSIBILITY OF SUCH DAMAGE.
  + * ====================================================================
  + *
  + * This software consists of voluntary contributions made by many
  + * individuals on behalf of the Apache Group and was originally based
  + * on public domain software written at the National Center for
  + * Supercomputing Applications, University of Illinois, Urbana-Champaign.
  + * For more information on the Apache Group and the Apache HTTP server
  + * project, please see <http://www.apache.org/>.
  + *
  + */
  +
   /******************************************************************************
    ******************************************************************************
    * NOTE! This program is not safe as a setuid executable!  Do not make it
  @@ -5,14 +62,23 @@
    ******************************************************************************
    *****************************************************************************/
   /*
  - * htpasswd.c: simple program for manipulating password file for NCSA httpd
  + * htpasswd.c: simple program for manipulating password file for
  + * the Apache HTTP server
    * 
  - * Rob McCool
  + * Originally by Rob McCool
  + *
  + * Exit values:
  + *  0: Success
  + *  1: Failure; file permission problem
  + *  2: Failure; command line syntax problem (usage message issued)
  + *  3: Failure; password verification failure
  + *  4: Failure; operation interrupted (such as with CTRL/C)
    */
   
   #include "ap_config.h"
   #include <sys/types.h>
   #include <signal.h>
  +#include <errno.h>
   #include "ap.h"
   #include "ap_md5.h"
   
  @@ -31,9 +97,23 @@
   #endif /*CHARSET_EBCDIC*/
   
   #define MAX_STRING_LEN 256
  +#define ALG_CRYPT 1
  +#define ALG_APMD5 2
  +
  +#define ERR_FILEPERM 1
  +#define ERR_SYNTAX 2
  +#define ERR_PWMISMATCH 3
  +#define ERR_INTERRUPTED 4
   
  -char *tn;
  +/*
  + * This needs to be declared statically so the signal handler can
  + * access it.
  + */
  +static char *tempfilename;
   
  +/*
  + * Duplicate a string into memory malloc()ed for it.
  + */
   static char *strd(char *s)
   {
       char *d;
  @@ -43,24 +123,6 @@
       return (d);
   }
   
  -static void getword(char *word, char *line, char stop)
  -{
  -    int x = 0, y;
  -
  -    for (x = 0; ((line[x]) && (line[x] != stop)); x++) {
  -	word[x] = line[x];
  -    }
  -
  -    word[x] = '\0';
  -    if (line[x]) {
  -	++x;
  -    }
  -    y = 0;
  -
  -    while ((line[y++] = line[x++]))
  -	;
  -}
  -
   static int getline(char *s, int n, FILE *f)
   {
       register int i = 0;
  @@ -93,7 +155,7 @@
   
   /* From local_passwd.c (C) Regents of Univ. of California blah blah */
   static unsigned char itoa64[] =	/* 0 ... 63 => ascii - 64 */
  -"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
  +    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
   
   static void to64(register char *s, register long v, register int n)
   {
  @@ -104,7 +166,8 @@
   }
   
   #ifdef MPE
  -/* MPE lacks getpass() and a way to suppress stdin echo.  So for now, just
  +/*
  + * MPE lacks getpass() and a way to suppress stdin echo.  So for now, just
    * issue the prompt and read the results with echo.  (Ugh).
    */
   
  @@ -125,7 +188,8 @@
   #endif
   
   #ifdef WIN32
  -/* Windows lacks getpass().  So we'll re-implement it here.
  +/*
  + * Windows lacks getpass().  So we'll re-implement it here.
    */
   
   static char *getpass(const char *prompt)
  @@ -158,170 +222,338 @@
   }
   #endif
   
  -static void add_password(char *user, FILE *f, int use_md5)
  +/*
  + * Make a password record from the given information.  A true return
  + * indicates success; failure means that the output buffer contains an
  + * error message instead.
  + */
  +static int mkrecord(char *user, char *record, size_t rlen, int alg)
   {
  -    char *pw, cpw[120], salt[9];
  -
  -    pw = strd((char *) getpass("New password:"));
  -    if (strcmp(pw, (char *) getpass("Re-type new password:"))) {
  -	fprintf(stderr, "They don't match, sorry.\n");
  -	if (tn) {
  -	    unlink(tn);
  -	}
  -	exit(1);
  +    char *pw;
  +    char cpw[120];
  +    char salt[9];
  +
  +    pw = strd((char *) getpass("New password: "));
  +    if (strcmp(pw, (char *) getpass("Re-type new password: "))) {
  +	ap_cpystrn(record, "password verification error", (rlen - 1));
  +	return 0;
       }
       (void) srand((int) time((time_t *) NULL));
       to64(&salt[0], rand(), 8);
       salt[8] = '\0';
   
  -    if (use_md5) {
  -        ap_MD5Encode(pw, salt, cpw, sizeof(cpw));
  -    }
  -    else {
  +    switch (alg) {
  +    case ALG_APMD5:
  +	ap_MD5Encode(pw, salt, cpw, sizeof(cpw));
  +	break;
  +    case ALG_CRYPT:
   	ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
  +	break;
       }
  +    /*
  +     * Now that we have the smashed password, we don't need the
  +     * plaintext one any more.
  +     */
       free(pw);
  -    fprintf(f, "%s:%s\n", user, cpw);
  +    /*
  +     * Check to see if the buffer is large enough to hold the username,
  +     * hash, and delimiters.
  +     */
  +    if ((strlen(user) + 1 + strlen(cpw)) > (rlen - 1)) {
  +	ap_cpystrn(record, "resultant record too long", (rlen - 1));
  +	return 0;
  +    }
  +    strcpy(record, user);
  +    strcat(record, ":");
  +    strcat(record, cpw);
  +    return 1;
   }
   
  -static void usage(void)
  +static int usage(void)
   {
       fprintf(stderr, "Usage: htpasswd [-cm] passwordfile username\n");
       fprintf(stderr, "The -c flag creates a new file.\n");
  -    fprintf(stderr, "The -m flag creates a md5 encrypted file.\n");
  +    fprintf(stderr, "The -m flag forces MD5 encryption of the password.\n");
       fprintf(stderr, "On Windows systems the -m flag is used by default.\n");
  -    exit(1);
  +    return ERR_SYNTAX;
   }
   
   static void interrupted(void)
   {
       fprintf(stderr, "Interrupted.\n");
  -    if (tn) {
  -	unlink(tn);
  +    if (tempfilename != NULL) {
  +	unlink(tempfilename);
  +    }
  +    exit(ERR_INTERRUPTED);
  +}
  +
  +/*
  + * Check to see if the specified file can be opened for the given
  + * access.
  + */
  +int accessible(char *fname, char *mode)
  +{
  +    FILE *s;
  +
  +    s = fopen(fname, mode);
  +    if (s == NULL) {
  +	return 0;
  +    }
  +    fclose(s);
  +    return 1;
  +}
  +
  +/*
  + * Return true if a file is readable.
  + */
  +int readable(char *fname)
  +{
  +    return accessible(fname, "r");
  +}
  +
  +/*
  + * Return true if the specified file can be opened for write access.
  + */
  +int writable(char *fname)
  +{
  +    return accessible(fname, "a");
  +}
  +
  +/*
  + * Return true if the named file exists, regardless of permissions.
  + */
  +int exists(char *fname)
  +{
  +#ifdef WIN32
  +    struct _stat sbuf;
  +#else
  +    struct stat sbuf;
  +#endif
  +    int check;
  +
  +#ifdef WIN32
  +    check = _stat(fname, &sbuf);
  +#else
  +    check = stat(fname, &sbuf);
  +#endif
  +    return ((check == -1) && (errno == ENOENT)) ? 0 : 1;
  +}
  +
  +/*
  + * Copy from the current position of one file to the current position
  + * of another.
  + */
  +void copy_file(FILE *target, FILE *source)
  +{
  +    static char line[MAX_STRING_LEN];
  +
  +    while (fgets(line, sizeof(line), source) != NULL) {
  +	fputs(line, target);
       }
  -    exit(1);
   }
   
  +/*
  + * Let's do it.  We end up doing a lot of file opening and closing,
  + * but what do we care?  This application isn't run constantly.
  + */
   int main(int argc, char *argv[])
   {
  -    FILE *tfp, *f;
  +    FILE *ftemp = NULL;
  +    FILE *fpw = NULL;
       char user[MAX_STRING_LEN];
  +    char record[MAX_STRING_LEN];
       char line[MAX_STRING_LEN];
  -    char l[MAX_STRING_LEN];
  -    char w[MAX_STRING_LEN];
  -    char command[MAX_STRING_LEN];
  -    char filename[MAX_STRING_LEN];
  -    int found;
  -    int use_md5 = 0;
  +    char pwfilename[MAX_STRING_LEN];
  +    char *arg;
  +    int found = 0;
  +    int alg = ALG_CRYPT;
       int newfile = 0;
  -    int currarg = 1;
  -    int filearg;
  +    int i;
   
  -    tn = NULL;
  +    tempfilename = NULL;
       signal(SIGINT, (void (*)(int)) interrupted);
   
  -    /* preliminary check to make sure they provided at least
  +    /*
  +     * Preliminary check to make sure they provided at least
        * three arguments, we'll do better argument checking as 
        * we parse the command line.
        */
       if (argc < 3) {
  -	    usage();
  +	return usage();
       }
   
  -    /* I would rather use getopt, but Windows and UNIX seem to handle getopt
  -     * differently, so I am doing the argument checking by hand.
  +    /*
  +     * Go through the argument list and pick out any options.  They
  +     * have to precede any other arguments.
        */
  -    
  -    if (!strcmp(argv[1],"-c") || !strcmp(argv[2],"-c")) {
  -        newfile = 1;
  -        currarg++;
  -    }
  -    if (!strcmp(argv[1],"-m") || !strcmp(argv[2],"-m")) {
  -        use_md5 = 1;
  -        currarg++;
  +    for (i = 1; i < argc; i++) {
  +	arg = argv[i];
  +	if (*arg != '-') {
  +	    break;
  +	}
  +	while (*++arg != '\0') {
  +	    if (*arg == 'c') {
  +		newfile++;
  +	    }
  +	    else if (*arg == 'm') {
  +		alg = ALG_APMD5;
  +	    }
  +	    else {
  +		return usage();
  +	    }
  +	}
       }
   
  -    if (!strcmp(argv[1], "-cm") || !strcmp(argv[2], "-mc")) {
  -        use_md5 = 1;
  -        newfile = 1;
  -        currarg++;
  +    /*
  +     * Make sure we still have exactly two arguments left (the filename
  +     * and the username).
  +     */
  +    if ((argc - i) != 2) {
  +	return usage();
       }
  -
  -    strcpy(filename, argv[currarg]);
  -    filearg = currarg++;
  -
  -    if (argc <= filearg + 1) {
  -        usage();
  +    if (strlen(argv[i]) > (sizeof(pwfilename) - 1)) {
  +	fprintf(stderr, "%s: filename too long\n", argv[0]);
  +	return 1;
  +    }
  +    strcpy(pwfilename, argv[i]);
  +    if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
  +	fprintf(stderr, "%s: username too long\n", argv[0]);
  +	return 1;
       }
  +    strcpy(user, argv[i + 1]);
   
   #ifdef WIN32
  -    if (!use_md5) {
  -	use_md5 = 1;
  -	fprintf(stderr,"Automatically using md5 format on Windows.\n");
  +    if (alg == ALG_CRYPT) {
  +	alg = ALG_APMD5;
  +	fprintf(stderr, "Automatically using MD5 format on Windows.\n");
       }
   #endif
  -    if (newfile) {
  -        if (!(tfp = fopen(filename, "w+"))) {
  -            fprintf(stderr, "Could not open password file %s for writing.\n",
  -                    filename);
  -	    perror("fopen");
  -	    exit(1);
  -	}
  -	printf("Adding password for %s.\n", argv[currarg]);
  -	add_password(argv[currarg], tfp, use_md5);
  -	fclose(tfp);
  -	return(0);
  -    }
  -
  -    tn = tmpnam(NULL);
  -    if (!(tfp = fopen(tn, "w+"))) {
  -	fprintf(stderr, "Could not open temp file.\n");
  -	exit(1);
  -    }
  -
  -    if (!(f = fopen(argv[filearg], "r+"))) {
  -        fprintf(stderr, "Could not open password file %s for reading.\n",
  -                argv[filearg]);
  -        fprintf(stderr, "Use -c option to create a new one\n");
  -	fclose(tfp);
  -	unlink(tn);
  -	exit(1);
  -    }
  -    strcpy(user, argv[currarg]);
  -
  -    found = 0;
  -    while (!(getline(line, MAX_STRING_LEN, f))) {
  -	if (found || (line[0] == '#') || (!line[0])) {
  -	    putline(tfp, line);
  -	    continue;
  -	}
  -	strcpy(l, line);
  -	getword(w, l, ':');
  -	if (strcmp(user, w)) {
  -	    putline(tfp, line);
  -	    continue;
  -        }
  -	else {
  -	    printf("Changing password for user %s\n", user);
  -            add_password(user, tfp, use_md5);
  -	    found = 1;
  +
  +    /*
  +     * Verify that the file exists if -c was omitted.  We give a special
  +     * message if it doesn't.
  +     */
  +    if ((! newfile) && (! exists(pwfilename))) {
  +	fprintf(stderr, "%s: cannot modify file %s; use '-c' to create it\n",
  +		argv[0], pwfilename);
  +	perror("fopen");
  +	exit(ERR_FILEPERM);
  +    }
  +    /*
  +     * Verify that we can read the existing file in the case of an update
  +     * to it (rather than creation of a new one).
  +     */
  +    if ((! newfile) && (! readable(pwfilename))) {
  +	fprintf(stderr, "%s: cannot open file %s for read access\n",
  +		argv[0], pwfilename);
  +	perror("fopen");
  +	exit(ERR_FILEPERM);
  +    }
  +    /*
  +     * Now check to see if we can preserve an existing file in case
  +     * of password verification errors on a -c operation.
  +     */
  +    if (newfile && exists(pwfilename) && (! readable(pwfilename))) {
  +	fprintf(stderr, "%s: cannot open file %s for read access\n"
  +		"%s: existing auth data would be lost on password mismatch",
  +		argv[0], pwfilename, argv[0]);
  +	perror("fopen");
  +	exit(ERR_FILEPERM);
  +    }
  +    /*
  +     * Now verify that the file is writable!
  +     */
  +    if (! writable(pwfilename)) {
  +	fprintf(stderr, "%s: cannot open file %s for write access\n",
  +		argv[0], pwfilename);
  +	perror("fopen");
  +	exit(ERR_FILEPERM);
  +    }
  +
  +    /*
  +     * All the file access checks have been made.  Time to go to work;
  +     * try to create the record for the username in question.  If that
  +     * fails, there's no need to waste any time on file manipulations.
  +     * Any error message text is returned in the record buffer, since
  +     * the mkrecord() routine doesn't have access to argv[].
  +     */
  +    if (! mkrecord(user, record, sizeof(record) - 1, alg)) {
  +	fprintf(stderr, "%s: %s\n", argv[0], record);
  +	exit(ERR_PWMISMATCH);
  +    }
  +
  +    /*
  +     * We can access the files the right way, and we have a record
  +     * to add or update.  Let's do it..
  +     */
  +    tempfilename = tmpnam(NULL);
  +    ftemp = fopen(tempfilename, "w+");
  +    if (ftemp == NULL) {
  +	fprintf(stderr, "%s: unable to create temporary file\n", argv[0]);
  +	perror("fopen");
  +	exit(ERR_FILEPERM);
  +    }
  +    /*
  +     * If we're not creating a new file, copy records from the existing
  +     * one to the temporary file until we find the specified user.
  +     */
  +    if (! newfile) {
  +	char scratch[MAX_STRING_LEN];
  +
  +	fpw = fopen(pwfilename, "r");
  +	while (! (getline(line, sizeof(line), fpw))) {
  +	    char *colon;
  +
  +	    if ((line[0] == '#') || (line[0] == '\0')) {
  +		putline(ftemp, line);
  +		continue;
  +	    }
  +	    strcpy(scratch, line);
  +	    /*
  +	     * See if this is our user.
  +	     */
  +	    colon = strchr(scratch, ':');
  +	    if (colon != NULL) {
  +		*colon = '\0';
  +	    }
  +	    if (strcmp(user, scratch) != 0) {
  +		putline(ftemp, line);
  +		continue;
  +	    }
  +	    found++;
  +	    break;
   	}
  +    }
  +    if (found) {
  +	fprintf(stderr, "Updating ");
       }
  -    if (!found) {
  -	printf("Adding user %s\n", user);
  -        add_password(user, tfp, use_md5);
  -    }
  -/*
  - * make a copy from the tmp file to the actual file
  - */  
  -    f = fopen(filename, "w+");
  -    rewind(tfp);
  -    while (fgets(command, MAX_STRING_LEN, tfp) != NULL) {
  -	fputs(command, f);
  -    }
  -
  -    fclose(f);
  -    fclose(tfp);
  -    unlink(tn);
  -    return(0);
  +    else {
  +	fprintf(stderr, "Adding ");
  +    }
  +    fprintf(stderr, "password for user %s\n", user);
  +    /*
  +     * Now add the user record we created.
  +     */
  +    putline(ftemp, record);
  +    /*
  +     * If we're updating an existing file, there may be additional
  +     * records beyond the one we're updating, so copy them.
  +     */
  +    if (! newfile) {
  +	copy_file(ftemp, fpw);
  +	fclose(fpw);
  +    }
  +    /*
  +     * The temporary file now contains the information that should be
  +     * in the actual password file.  Close the open files, re-open them
  +     * in the appropriate mode, and copy them file to the real one.
  +     */
  +    fclose(ftemp);
  +    fpw = fopen(pwfilename, "w+");
  +    ftemp = fopen(tempfilename, "r");
  +    copy_file(fpw, ftemp);
  +    fclose(fpw);
  +    fclose(ftemp);
  +    unlink(tempfilename);
  +    return 0;
   }
  
  
  

Mime
View raw message