httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@hyperreal.org
Subject cvs commit: apache-1.3/src/support htpasswd.1 htpasswd.c
Date Thu, 08 Apr 1999 22:17:59 GMT
coar        99/04/08 15:17:56

  Modified:    src      CHANGES
               src/support htpasswd.1 htpasswd.c
  Log:
  	Allow (though discouraged) htpasswd to get the password from
  	the command line.  People who wanted this in the past probably
  	just modified htpasswd.c to do it; that's a lot more difficult
  	in the Win32 environment.
  
  Revision  Changes    Path
  1.1302    +5 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1301
  retrieving revision 1.1302
  diff -u -r1.1301 -r1.1302
  --- CHANGES	1999/04/08 21:04:41	1.1301
  +++ CHANGES	1999/04/08 22:17:45	1.1302
  @@ -1,4 +1,9 @@
   Changes with Apache 1.3.7
  +  *) support/htpasswd now permits the password to be specified on the
  +     command line with the '-b' switch.  This is useful when passwords
  +     need to be maintained by scripts -- particularly in the Win32
  +     environment.  [Ken Coar]
  +
     *) Win32: Win32 multiple services patch. Added capability to install and
        run multiple copies of apache as individual services.
   
  
  
  
  1.9       +42 -3     apache-1.3/src/support/htpasswd.1
  
  Index: htpasswd.1
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/support/htpasswd.1,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- htpasswd.1	1999/01/25 22:55:40	1.8
  +++ htpasswd.1	1999/04/08 22:17:51	1.9
  @@ -59,12 +59,33 @@
   [
   .B \-c
   ] 
  +[
  +.B \-m
  +] 
   .I passwdfile
   .I username
  +.br
  +.B htpasswd
  +.B \-b  
  +[
  +.B \-c
  +] 
  +[
  +.B \-m
  +] 
  +.I passwdfile
  +.I username
  +.I password
   .SH DESCRIPTION
   .B htpasswd
   is used to create and update the flat-files used to store
   usernames and password for basic authentication of HTTP users.
  +If
  +.B htpasswd
  +cannot access a file, such as not being able to write to the output
  +file or not being able to read the file in order to update it,
  +it returns an error status and makes no changes.
  +.PP
   Resources available from the
   .B httpd
   Apache web server can be restricted to just the users listed
  @@ -82,20 +103,38 @@
   the Apache manual, which is part of the Apache distribution or can be
   found at http://www.apache.org/.
   .SH OPTIONS
  +.IP \-b 
  +Use batch mode; \fIi.e.\fP, get the password from the command line
  +rather than prompting for it. \fBThis option should be used with
  +extreme care, since the password is clearly visible on the command
  +line.\fP
   .IP \-c 
   Create the \fIpasswdfile\fP. If \fIpasswdfile\fP already exists, it
  -is deleted first. 
  +is rewritten and truncated.
   .IP \-m 
   Use MD5 encryption for passwords.  On Windows, this is the only format 
   supported.
   .IP \fB\fIpasswdfile\fP
   Name of the file to contain the user name and password. If \-c
   is given, this file is created if it does not already exist,
  -or deleted and recreated if it does exist. 
  +or rewritten and truncated if it does exist. 
   .IP \fB\fIusername\fP
   The username to create or update in \fBpasswdfile\fP. If
  -\fIusername\fP does not exist is this file, an entry is added. If it
  +\fIusername\fP does not exist in this file, an entry is added. If it
   does exist, the password is changed.
  +.IP \fB\fIpassword\fP
  +The plaintext password to be encrypted and stored in the file.  Only used
  +with the \fI-b\fP flag.
  +.SH EXIT STATUS
  +.B htpasswd
  +returns a zero status ("true") if the username and password have
  +been successfully added or updated in the \fIpasswdfile\fP.
  +.B htpasswd
  +returns 1 if it encounters some problem accessing files, 2 if there
  +was a syntax problem with the command line, 3 if the password was
  +entered interactively and the verification entry didn't match, 4 if
  +its operation was interrupted, and 5 if a value is too long (username,
  +filename, password, or final computed record).
   .SH SEE ALSO
   .BR httpd(8)
   .
  
  
  
  1.26      +44 -13    apache-1.3/src/support/htpasswd.c
  
  Index: htpasswd.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- htpasswd.c	1999/04/08 20:56:44	1.25
  +++ htpasswd.c	1999/04/08 22:17:53	1.26
  @@ -230,17 +230,23 @@
    * indicates success; failure means that the output buffer contains an
    * error message instead.
    */
  -static int mkrecord(char *user, char *record, size_t rlen, int alg)
  +static int mkrecord(char *user, char *record, size_t rlen, char *passwd,
  +		    int alg)
   {
       char *pw;
       char cpw[120];
       char salt[9];
   
  -    pw = strd((char *) getpass("New password: "));
  -    if (strcmp(pw, (char *) getpass("Re-type new password: "))) {
  -	ap_cpystrn(record, "password verification error", (rlen - 1));
  -	return ERR_PWMISMATCH;
  +    if (passwd != NULL) {
  +	pw = passwd;
       }
  +    else {
  +	pw = strd((char *) getpass("New password: "));
  +	if (strcmp(pw, (char *) getpass("Re-type new password: "))) {
  +	    ap_cpystrn(record, "password verification error", (rlen - 1));
  +	    return ERR_PWMISMATCH;
  +	}
  +    }
       (void) srand((int) time((time_t *) NULL));
       to64(&salt[0], rand(), 8);
       salt[8] = '\0';
  @@ -254,11 +260,14 @@
   	ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
   	break;
       }
  +    fprintf(stderr, "Yow!\n");
       /*
        * Now that we have the smashed password, we don't need the
        * plaintext one any more.
        */
  -    free(pw);
  +    if (passwd == NULL) {
  +	free(pw);
  +    }
       /*
        * Check to see if the buffer is large enough to hold the username,
        * hash, and delimiters.
  @@ -275,9 +284,13 @@
   
   static int usage(void)
   {
  -    fprintf(stderr, "Usage: htpasswd [-cm] passwordfile username\n");
  -    fprintf(stderr, "The -c flag creates a new file.\n");
  -    fprintf(stderr, "The -m flag forces MD5 encryption of the password.\n");
  +    fprintf(stderr, "Usage:\n");
  +    fprintf(stderr, "\thtpasswd [-cm] passwordfile username\n");
  +    fprintf(stderr, "\thtpasswd -b[cm] passwordfile username password\n\n");
  +    fprintf(stderr, " -c  Create a new file.\n");
  +    fprintf(stderr, " -m  Force MD5 encryption of the password.\n");
  +    fprintf(stderr, " -b  Use the password from the command line rather ");
  +    fprintf(stderr, "than prompting for it.\n");
       fprintf(stderr, "On Windows systems the -m flag is used by default.\n");
       return ERR_SYNTAX;
   }
  @@ -365,6 +378,7 @@
       FILE *ftemp = NULL;
       FILE *fpw = NULL;
       char user[MAX_STRING_LEN];
  +    char password[MAX_STRING_LEN];
       char record[MAX_STRING_LEN];
       char line[MAX_STRING_LEN];
       char pwfilename[MAX_STRING_LEN];
  @@ -372,7 +386,9 @@
       int found = 0;
       int alg = ALG_CRYPT;
       int newfile = 0;
  +    int noninteractive = 0;
       int i;
  +    int args_left = 2;
   
       tempfilename = NULL;
       signal(SIGINT, (void (*)(int)) interrupted);
  @@ -402,6 +418,10 @@
   	    else if (*arg == 'm') {
   		alg = ALG_APMD5;
   	    }
  +	    else if (*arg == 'b') {
  +		noninteractive++;
  +		args_left++;
  +	    }
   	    else {
   		return usage();
   	    }
  @@ -409,10 +429,11 @@
       }
   
       /*
  -     * Make sure we still have exactly two arguments left (the filename
  -     * and the username).
  +     * Make sure we still have exactly the right number of arguments left
  +     # (the filename, the username, and possibly the password if -b was
  +     # specified).
        */
  -    if ((argc - i) != 2) {
  +    if ((argc - i) != args_left) {
   	return usage();
       }
       if (strlen(argv[i]) > (sizeof(pwfilename) - 1)) {
  @@ -425,6 +446,13 @@
   	return ERR_OVERFLOW;
       }
       strcpy(user, argv[i + 1]);
  +    if (noninteractive) {
  +	if (strlen(argv[i + 2]) > (sizeof(password) - 1)) {
  +	    fprintf(stderr, "%s: password too long\n", argv[0]);
  +	    return ERR_OVERFLOW;
  +	}
  +	strcpy(password, argv[i + 2]);
  +    }
   
   #ifdef WIN32
       if (alg == ALG_CRYPT) {
  @@ -481,7 +509,10 @@
        * Any error message text is returned in the record buffer, since
        * the mkrecord() routine doesn't have access to argv[].
        */
  -    if ((i = mkrecord(user, record, sizeof(record) - 1, alg)) != 0) {
  +    i = mkrecord(user, record, sizeof(record) - 1,
  +		 noninteractive ? password : NULL,
  +		 alg);
  +    if (i != 0) {
   	fprintf(stderr, "%s: %s\n", argv[0], record);
   	exit(i);
       }
  
  
  

Mime
View raw message