httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject [PATCH] let htpasswd display results for other tools (1.3)
Date Tue, 23 May 2000 21:24:20 GMT
The patch below is in response to some mail I get every now and
then.

The tool that knows how to manage passwords that Apache can understand
is htpasswd.  Unfortunately it currently requires that you frob
a file every time you want to generate cryptotext passwords.
This patch adds a '-n' flag to make it dump the "user:cryptopw"
text on standard output, and not diddle any files, which means
it can be used to encrypt passwords for inclusion in other types
of databases.

Similar patch for 2.0 coming shortly (if my network connexion consents
to function for the fractional second necessary..)

Most of the source changes are due to indenting the file-frobbing
bits and making them conditional.

Index: htpasswd.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
retrieving revision 1.40
diff -u -r1.40 htpasswd.c
--- htpasswd.c  2000/05/04 00:57:40     1.40
+++ htpasswd.c  2000/05/23 21:08:57
@@ -257,7 +257,10 @@
     fprintf(stderr, "Usage:\n");
     fprintf(stderr, "\thtpasswd [-cmdps] passwordfile username\n");
     fprintf(stderr, "\thtpasswd -b[cmdps] passwordfile username password\n\n");
+    fprintf(stderr, "\thtpasswd -n[mdps] username\n");
+    fprintf(stderr, "\thtpasswd -nb[mdps] username password\n");
     fprintf(stderr, " -c  Create a new file.\n");
+    fprintf(stderr, " -n  Don't update file; display results on stdout.\n");
     fprintf(stderr, " -m  Force MD5 encryption of the password"
 #if defined(WIN32) || defined(TPF)
        " (default)"
@@ -370,6 +373,7 @@
     int found = 0;
     int alg = ALG_CRYPT;
     int newfile = 0;
+    int nofile = 0;
     int noninteractive = 0;
     int i;
     int args_left = 2;
@@ -399,6 +403,10 @@
            if (*arg == 'c') {
                newfile++;
            }
+           else if (*arg == 'n') {
+               nofile++;
+               args_left--;
+           }
            else if (*arg == 'm') {
                alg = ALG_APMD5;
            }
@@ -428,16 +436,25 @@
      */
     if ((argc - i) != args_left) {
        return usage();
+    }
+    if (newfile && nofile) {
+       fprintf(stderr, "%s: -c and -n options conflict\n", argv[0]);
+       return usage();
     }
-    if (strlen(argv[i]) > (sizeof(pwfilename) - 1)) {
-       fprintf(stderr, "%s: filename too long\n", argv[0]);
-       return ERR_OVERFLOW;
-    }
-    strcpy(pwfilename, argv[i]);
-    if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
-       fprintf(stderr, "%s: username too long (>%d)\n", argv[0],
-               sizeof(user) - 1);
-       return ERR_OVERFLOW;
+    if (nofile) {
+       i--;
+    }
+    else {
+       if (strlen(argv[i]) > (sizeof(pwfilename) - 1)) {
+           fprintf(stderr, "%s: filename too long\n", argv[0]);
+           return ERR_OVERFLOW;
+       }
+       strcpy(pwfilename, argv[i]);
+       if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
+           fprintf(stderr, "%s: username too long (>%d)\n", argv[0],
+                   sizeof(user) - 1);
+           return ERR_OVERFLOW;
+       }
     }
     strcpy(user, argv[i + 1]);
     if ((arg = strchr(user, ':')) != NULL) {
@@ -472,49 +489,55 @@
                "just not work on this platform.\n");
     }
 #endif
-    /*
-     * Verify that the file exists if -c was omitted.  We give a special
-     * message if it doesn't.
-     */
-    if ((! newfile) && (! exists(pwfilename))) {
-       fprintf(stderr, "%s: cannot modify file %s; use '-c' to create it\n",
-               argv[0], pwfilename);
-       perror("fopen");
-       exit(ERR_FILEPERM);
-    }
-    /*
-     * Verify that we can read the existing file in the case of an update
-     * to it (rather than creation of a new one).
-     */
-    if ((! newfile) && (! readable(pwfilename))) {
-       fprintf(stderr, "%s: cannot open file %s for read access\n",
-               argv[0], pwfilename);
-       perror("fopen");
-       exit(ERR_FILEPERM);
-    }
-    /*
-     * Now check to see if we can preserve an existing file in case
-     * of password verification errors on a -c operation.
-     */
-    if (newfile && exists(pwfilename) && (! readable(pwfilename))) {
-       fprintf(stderr, "%s: cannot open file %s for read access\n"
-               "%s: existing auth data would be lost on password mismatch",
-               argv[0], pwfilename, argv[0]);
-       perror("fopen");
-       exit(ERR_FILEPERM);
-    }
-    /*
-     * Now verify that the file is writable!
-     */
-    if (! writable(pwfilename)) {
-       fprintf(stderr, "%s: cannot open file %s for write access\n",
-               argv[0], pwfilename);
-       perror("fopen");
-       exit(ERR_FILEPERM);
+    if (! nofile) {
+       /*
+        * Only do the file checks if we're supposed to frob it.
+        *
+        * Verify that the file exists if -c was omitted.  We give a special
+        * message if it doesn't.
+        */
+       if ((! newfile) && (! exists(pwfilename))) {
+           fprintf(stderr,
+                   "%s: cannot modify file %s; use '-c' to create it\n",
+                   argv[0], pwfilename);
+           perror("fopen");
+           exit(ERR_FILEPERM);
+       }
+       /*
+        * Verify that we can read the existing file in the case of an update
+        * to it (rather than creation of a new one).
+        */
+       if ((! newfile) && (! readable(pwfilename))) {
+           fprintf(stderr, "%s: cannot open file %s for read access\n",
+                   argv[0], pwfilename);
+           perror("fopen");
+           exit(ERR_FILEPERM);
+       }
+       /*
+        * Now check to see if we can preserve an existing file in case
+        * of password verification errors on a -c operation.
+        */
+       if (newfile && exists(pwfilename) && (! readable(pwfilename))) {
+           fprintf(stderr, "%s: cannot open file %s for read access\n"
+                   "%s: existing auth data would be lost on "
+                   "password mismatch",
+                   argv[0], pwfilename, argv[0]);
+           perror("fopen");
+           exit(ERR_FILEPERM);
+       }
+       /*
+        * Now verify that the file is writable!
+        */
+       if (! writable(pwfilename)) {
+           fprintf(stderr, "%s: cannot open file %s for write access\n",
+                   argv[0], pwfilename);
+           perror("fopen");
+           exit(ERR_FILEPERM);
+       }
     }
 
     /*
-     * All the file access checks have been made.  Time to go to work;
+     * All the file access checks (if any) have been made.  Time to go to work;
      * try to create the record for the username in question.  If that
      * fails, there's no need to waste any time on file manipulations.
      * Any error message text is returned in the record buffer, since
@@ -526,6 +549,10 @@
     if (i != 0) {
        fprintf(stderr, "%s: %s\n", argv[0], record);
        exit(i);
+    }
+    if (nofile) {
+       printf("%s\n", record);
+       exit(0);
     }
 
     /*

Index: htpasswd.1
===================================================================
RCS file: /home/cvs/apache-1.3/src/support/htpasswd.1,v
retrieving revision 1.13
diff -u -r1.13 htpasswd.1
--- htpasswd.1  2000/02/18 16:12:41     1.13
+++ htpasswd.1  2000/05/23 21:08:57
@@ -1,57 +1,60 @@
-.TH htpasswd 1 "February 2000"
-.\" Copyright (c) 1997-2000 The Apache Group. All rights reserved.
+.TH htpasswd 1 "May 2000"
+.\" The Apache Software License, Version 1.1
 .\"
+.\" Copyright (c) 2000 The Apache Software Foundation.  All rights
+.\" reserved.
+.\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\"
 .\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer. 
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in
 .\"    the documentation and/or other materials provided with the
 .\"    distribution.
 .\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the Apache Group
-.\"    for use in the Apache HTTP server project (http://www.apache.org/)."
-.\"
-.\" 4. The names "Apache Server" and "Apache Group" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache"
-.\"    nor may "Apache" appear in their names without prior written
-.\"    permission of the Apache Group.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the Apache Group
-.\"    for use in the Apache HTTP server project (http://www.apache.org/)."
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
+.\" 3. The end-user documentation included with the redistribution,
+.\"    if any, must include the following acknowledgment:
+.\"       "This product includes software developed by the
+.\"        Apache Software Foundation (http://www.apache.org/)."
+.\"    Alternately, this acknowledgment may appear in the software itself,
+.\"    if and wherever such third-party acknowledgments normally appear.
+.\"
+.\" 4. The names "Apache" and "Apache Software Foundation" must
+.\"    not be used to endorse or promote products derived from this
+.\"    software without prior written permission. For written
+.\"    permission, please contact apache@apache.org.
+.\"
+.\" 5. Products derived from this software may not be called "Apache",
+.\"    nor may "Apache" appear in their name, without prior written
+.\"    permission of the Apache Software Foundation.
+.\"
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\" ====================================================================
 .\"
 .\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Group and was originally based
-.\" on public domain software written at the National Center for
-.\" Supercomputing Applications, University of Illinois, Urbana-Champaign.
-.\" For more information on the Apache Group and the Apache HTTP server
-.\" project, please see <http://www.apache.org/>.
+.\" individuals on behalf of the Apache Software Foundation.  For more
+.\" information on the Apache Software Foundation, please see
+.\" <http://www.apache.org/>.
+.\"
+.\" Portions of this software are based upon public domain software
+.\" originally written at the National Center for Supercomputing Applications,
+.\" University of Illinois, Urbana-Champaign.
+.\"
 .SH NAME
 htpasswd \- Create and update user authentication files
 .SH SYNOPSIS
@@ -88,6 +91,33 @@
 .I passwdfile
 .I username
 .I password
+.br
+.B htpasswd 
+.B \-n
+[
+.B \-m
+|
+.B \-d
+|
+.B \-s
+|
+.B \-p
+] 
+.I username
+.br
+.B htpasswd
+.B \-nb
+[
+.B \-m
+|
+.B \-d
+|
+.B \-s
+|
+.B \-p
+] 
+.I username
+.I password
 .SH DESCRIPTION
 .B htpasswd
 is used to create and update the flat-files used to store
@@ -103,8 +133,9 @@
 Apache web server can be restricted to just the users listed
 in the files created by 
 .B htpasswd.
-This program can only be used
-when the usernames are stored in a flat-file. To use a
+This program can only manage usernames and passwords
+stored in a flat-file. It can encrypt and display password information
+for use in other types of data stores, though.  To use a
 DBM database see 
 \fBdbmmanage\fP.
 .PP
@@ -130,7 +161,15 @@
 line.\fP
 .IP \-c 
 Create the \fIpasswdfile\fP. If \fIpasswdfile\fP already exists, it
-is rewritten and truncated.
+is rewritten and truncated.  This option cannot be combined with
+the \fB-n\fP option.
+.IP \-n
+Display the results on standard output rather than updating a file.
+This is useful for generating password records acceptable to Apache
+for inclusion in non-text data stores.  This option changes the
+syntax of the command line, since the \fIpasswdfile\fP argument
+(usually the first one) is omitted.  It cannot be combined with
+the \fB-c\fP option.
 .IP \-m 
 Use Apache's modified MD5 algorithm for passwords.  Passwords encrypted
 with this algorithm are transportable to any platform (Windows, Unix,
@@ -140,7 +179,7 @@
 Use crypt() encryption for passwords. The default on all platforms but
 Windows and TPF. Though possibly supported by
 .B htpasswd
-onm all platforms, it is not supported by the
+on all platforms, it is not supported by the
 .B httpd
 server on Windows and TPF.
 .IP \-s

-- 
#ken    P-)}

Ken Coar                    <http://Golux.Com/coar/>
Apache Software Foundation  <http://www.apache.org/>
"Apache Server for Dummies" <http://Apache-Server.Com/>
"Apache Server Unleashed"   <http://ApacheUnleashed.Com/>

Mime
View raw message