httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: [PATCH] let htpasswd display results for other tools (1.3)
Date Wed, 24 May 2000 00:02:00 GMT
+1 on both versions of Apache.

(IMO: fine for 1.3 since it doesn't touch the server)

Cheers,
-g

On Tue, 23 May 2000, Rodent of Unusual Size wrote:

> The patch below is in response to some mail I get every now and
> then.
> 
> The tool that knows how to manage passwords that Apache can understand
> is htpasswd.  Unfortunately it currently requires that you frob
> a file every time you want to generate cryptotext passwords.
> This patch adds a '-n' flag to make it dump the "user:cryptopw"
> text on standard output, and not diddle any files, which means
> it can be used to encrypt passwords for inclusion in other types
> of databases.
> 
> Similar patch for 2.0 coming shortly (if my network connexion consents
> to function for the fractional second necessary..)
> 
> Most of the source changes are due to indenting the file-frobbing
> bits and making them conditional.
> 
> Index: htpasswd.c
> ===================================================================
> RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
> retrieving revision 1.40
> diff -u -r1.40 htpasswd.c
> --- htpasswd.c  2000/05/04 00:57:40     1.40
> +++ htpasswd.c  2000/05/23 21:08:57
> @@ -257,7 +257,10 @@
>      fprintf(stderr, "Usage:\n");
>      fprintf(stderr, "\thtpasswd [-cmdps] passwordfile username\n");
>      fprintf(stderr, "\thtpasswd -b[cmdps] passwordfile username password\n\n");
> +    fprintf(stderr, "\thtpasswd -n[mdps] username\n");
> +    fprintf(stderr, "\thtpasswd -nb[mdps] username password\n");
>      fprintf(stderr, " -c  Create a new file.\n");
> +    fprintf(stderr, " -n  Don't update file; display results on stdout.\n");
>      fprintf(stderr, " -m  Force MD5 encryption of the password"
>  #if defined(WIN32) || defined(TPF)
>         " (default)"
> @@ -370,6 +373,7 @@
>      int found = 0;
>      int alg = ALG_CRYPT;
>      int newfile = 0;
> +    int nofile = 0;
>      int noninteractive = 0;
>      int i;
>      int args_left = 2;
> @@ -399,6 +403,10 @@
>             if (*arg == 'c') {
>                 newfile++;
>             }
> +           else if (*arg == 'n') {
> +               nofile++;
> +               args_left--;
> +           }
>             else if (*arg == 'm') {
>                 alg = ALG_APMD5;
>             }
> @@ -428,16 +436,25 @@
>       */
>      if ((argc - i) != args_left) {
>         return usage();
> +    }
> +    if (newfile && nofile) {
> +       fprintf(stderr, "%s: -c and -n options conflict\n", argv[0]);
> +       return usage();
>      }
> -    if (strlen(argv[i]) > (sizeof(pwfilename) - 1)) {
> -       fprintf(stderr, "%s: filename too long\n", argv[0]);
> -       return ERR_OVERFLOW;
> -    }
> -    strcpy(pwfilename, argv[i]);
> -    if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
> -       fprintf(stderr, "%s: username too long (>%d)\n", argv[0],
> -               sizeof(user) - 1);
> -       return ERR_OVERFLOW;
> +    if (nofile) {
> +       i--;
> +    }
> +    else {
> +       if (strlen(argv[i]) > (sizeof(pwfilename) - 1)) {
> +           fprintf(stderr, "%s: filename too long\n", argv[0]);
> +           return ERR_OVERFLOW;
> +       }
> +       strcpy(pwfilename, argv[i]);
> +       if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
> +           fprintf(stderr, "%s: username too long (>%d)\n", argv[0],
> +                   sizeof(user) - 1);
> +           return ERR_OVERFLOW;
> +       }
>      }
>      strcpy(user, argv[i + 1]);
>      if ((arg = strchr(user, ':')) != NULL) {
> @@ -472,49 +489,55 @@
>                 "just not work on this platform.\n");
>      }
>  #endif
> -    /*
> -     * Verify that the file exists if -c was omitted.  We give a special
> -     * message if it doesn't.
> -     */
> -    if ((! newfile) && (! exists(pwfilename))) {
> -       fprintf(stderr, "%s: cannot modify file %s; use '-c' to create it\n",
> -               argv[0], pwfilename);
> -       perror("fopen");
> -       exit(ERR_FILEPERM);
> -    }
> -    /*
> -     * Verify that we can read the existing file in the case of an update
> -     * to it (rather than creation of a new one).
> -     */
> -    if ((! newfile) && (! readable(pwfilename))) {
> -       fprintf(stderr, "%s: cannot open file %s for read access\n",
> -               argv[0], pwfilename);
> -       perror("fopen");
> -       exit(ERR_FILEPERM);
> -    }
> -    /*
> -     * Now check to see if we can preserve an existing file in case
> -     * of password verification errors on a -c operation.
> -     */
> -    if (newfile && exists(pwfilename) && (! readable(pwfilename))) {
> -       fprintf(stderr, "%s: cannot open file %s for read access\n"
> -               "%s: existing auth data would be lost on password mismatch",
> -               argv[0], pwfilename, argv[0]);
> -       perror("fopen");
> -       exit(ERR_FILEPERM);
> -    }
> -    /*
> -     * Now verify that the file is writable!
> -     */
> -    if (! writable(pwfilename)) {
> -       fprintf(stderr, "%s: cannot open file %s for write access\n",
> -               argv[0], pwfilename);
> -       perror("fopen");
> -       exit(ERR_FILEPERM);
> +    if (! nofile) {
> +       /*
> +        * Only do the file checks if we're supposed to frob it.
> +        *
> +        * Verify that the file exists if -c was omitted.  We give a special
> +        * message if it doesn't.
> +        */
> +       if ((! newfile) && (! exists(pwfilename))) {
> +           fprintf(stderr,
> +                   "%s: cannot modify file %s; use '-c' to create it\n",
> +                   argv[0], pwfilename);
> +           perror("fopen");
> +           exit(ERR_FILEPERM);
> +       }
> +       /*
> +        * Verify that we can read the existing file in the case of an update
> +        * to it (rather than creation of a new one).
> +        */
> +       if ((! newfile) && (! readable(pwfilename))) {
> +           fprintf(stderr, "%s: cannot open file %s for read access\n",
> +                   argv[0], pwfilename);
> +           perror("fopen");
> +           exit(ERR_FILEPERM);
> +       }
> +       /*
> +        * Now check to see if we can preserve an existing file in case
> +        * of password verification errors on a -c operation.
> +        */
> +       if (newfile && exists(pwfilename) && (! readable(pwfilename)))
{
> +           fprintf(stderr, "%s: cannot open file %s for read access\n"
> +                   "%s: existing auth data would be lost on "
> +                   "password mismatch",
> +                   argv[0], pwfilename, argv[0]);
> +           perror("fopen");
> +           exit(ERR_FILEPERM);
> +       }
> +       /*
> +        * Now verify that the file is writable!
> +        */
> +       if (! writable(pwfilename)) {
> +           fprintf(stderr, "%s: cannot open file %s for write access\n",
> +                   argv[0], pwfilename);
> +           perror("fopen");
> +           exit(ERR_FILEPERM);
> +       }
>      }
>  
>      /*
> -     * All the file access checks have been made.  Time to go to work;
> +     * All the file access checks (if any) have been made.  Time to go to work;
>       * try to create the record for the username in question.  If that
>       * fails, there's no need to waste any time on file manipulations.
>       * Any error message text is returned in the record buffer, since
> @@ -526,6 +549,10 @@
>      if (i != 0) {
>         fprintf(stderr, "%s: %s\n", argv[0], record);
>         exit(i);
> +    }
> +    if (nofile) {
> +       printf("%s\n", record);
> +       exit(0);
>      }
>  
>      /*
> 
> Index: htpasswd.1
> ===================================================================
> RCS file: /home/cvs/apache-1.3/src/support/htpasswd.1,v
> retrieving revision 1.13
> diff -u -r1.13 htpasswd.1
> --- htpasswd.1  2000/02/18 16:12:41     1.13
> +++ htpasswd.1  2000/05/23 21:08:57
> @@ -1,57 +1,60 @@
> -.TH htpasswd 1 "February 2000"
> -.\" Copyright (c) 1997-2000 The Apache Group. All rights reserved.
> +.TH htpasswd 1 "May 2000"
> +.\" The Apache Software License, Version 1.1
>  .\"
> +.\" Copyright (c) 2000 The Apache Software Foundation.  All rights
> +.\" reserved.
> +.\"
>  .\" Redistribution and use in source and binary forms, with or without
>  .\" modification, are permitted provided that the following conditions
>  .\" are met:
>  .\"
>  .\" 1. Redistributions of source code must retain the above copyright
> -.\"    notice, this list of conditions and the following disclaimer. 
> +.\"    notice, this list of conditions and the following disclaimer.
>  .\"
>  .\" 2. Redistributions in binary form must reproduce the above copyright
>  .\"    notice, this list of conditions and the following disclaimer in
>  .\"    the documentation and/or other materials provided with the
>  .\"    distribution.
>  .\"
> -.\" 3. All advertising materials mentioning features or use of this
> -.\"    software must display the following acknowledgment:
> -.\"    "This product includes software developed by the Apache Group
> -.\"    for use in the Apache HTTP server project (http://www.apache.org/)."
> -.\"
> -.\" 4. The names "Apache Server" and "Apache Group" must not be used to
> -.\"    endorse or promote products derived from this software without
> -.\"    prior written permission. For written permission, please contact
> -.\"    apache@apache.org.
> -.\"
> -.\" 5. Products derived from this software may not be called "Apache"
> -.\"    nor may "Apache" appear in their names without prior written
> -.\"    permission of the Apache Group.
> -.\"
> -.\" 6. Redistributions of any form whatsoever must retain the following
> -.\"    acknowledgment:
> -.\"    "This product includes software developed by the Apache Group
> -.\"    for use in the Apache HTTP server project (http://www.apache.org/)."
> -.\"
> -.\" THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
> -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> -.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
> +.\" 3. The end-user documentation included with the redistribution,
> +.\"    if any, must include the following acknowledgment:
> +.\"       "This product includes software developed by the
> +.\"        Apache Software Foundation (http://www.apache.org/)."
> +.\"    Alternately, this acknowledgment may appear in the software itself,
> +.\"    if and wherever such third-party acknowledgments normally appear.
> +.\"
> +.\" 4. The names "Apache" and "Apache Software Foundation" must
> +.\"    not be used to endorse or promote products derived from this
> +.\"    software without prior written permission. For written
> +.\"    permission, please contact apache@apache.org.
> +.\"
> +.\" 5. Products derived from this software may not be called "Apache",
> +.\"    nor may "Apache" appear in their name, without prior written
> +.\"    permission of the Apache Software Foundation.
> +.\"
> +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
> +.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
> +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
> +.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>  .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
> -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
> -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
> -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
> -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
> -.\" OF THE POSSIBILITY OF SUCH DAMAGE.
> +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> +.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
> +.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
> +.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
> +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
> +.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> +.\" SUCH DAMAGE.
>  .\" ====================================================================
>  .\"
>  .\" This software consists of voluntary contributions made by many
> -.\" individuals on behalf of the Apache Group and was originally based
> -.\" on public domain software written at the National Center for
> -.\" Supercomputing Applications, University of Illinois, Urbana-Champaign.
> -.\" For more information on the Apache Group and the Apache HTTP server
> -.\" project, please see <http://www.apache.org/>.
> +.\" individuals on behalf of the Apache Software Foundation.  For more
> +.\" information on the Apache Software Foundation, please see
> +.\" <http://www.apache.org/>.
> +.\"
> +.\" Portions of this software are based upon public domain software
> +.\" originally written at the National Center for Supercomputing Applications,
> +.\" University of Illinois, Urbana-Champaign.
> +.\"
>  .SH NAME
>  htpasswd \- Create and update user authentication files
>  .SH SYNOPSIS
> @@ -88,6 +91,33 @@
>  .I passwdfile
>  .I username
>  .I password
> +.br
> +.B htpasswd 
> +.B \-n
> +[
> +.B \-m
> +|
> +.B \-d
> +|
> +.B \-s
> +|
> +.B \-p
> +] 
> +.I username
> +.br
> +.B htpasswd
> +.B \-nb
> +[
> +.B \-m
> +|
> +.B \-d
> +|
> +.B \-s
> +|
> +.B \-p
> +] 
> +.I username
> +.I password
>  .SH DESCRIPTION
>  .B htpasswd
>  is used to create and update the flat-files used to store
> @@ -103,8 +133,9 @@
>  Apache web server can be restricted to just the users listed
>  in the files created by 
>  .B htpasswd.
> -This program can only be used
> -when the usernames are stored in a flat-file. To use a
> +This program can only manage usernames and passwords
> +stored in a flat-file. It can encrypt and display password information
> +for use in other types of data stores, though.  To use a
>  DBM database see 
>  \fBdbmmanage\fP.
>  .PP
> @@ -130,7 +161,15 @@
>  line.\fP
>  .IP \-c 
>  Create the \fIpasswdfile\fP. If \fIpasswdfile\fP already exists, it
> -is rewritten and truncated.
> +is rewritten and truncated.  This option cannot be combined with
> +the \fB-n\fP option.
> +.IP \-n
> +Display the results on standard output rather than updating a file.
> +This is useful for generating password records acceptable to Apache
> +for inclusion in non-text data stores.  This option changes the
> +syntax of the command line, since the \fIpasswdfile\fP argument
> +(usually the first one) is omitted.  It cannot be combined with
> +the \fB-c\fP option.
>  .IP \-m 
>  Use Apache's modified MD5 algorithm for passwords.  Passwords encrypted
>  with this algorithm are transportable to any platform (Windows, Unix,
> @@ -140,7 +179,7 @@
>  Use crypt() encryption for passwords. The default on all platforms but
>  Windows and TPF. Though possibly supported by
>  .B htpasswd
> -onm all platforms, it is not supported by the
> +on all platforms, it is not supported by the
>  .B httpd
>  server on Windows and TPF.
>  .IP \-s
> 
> -- 
> #ken    P-)}
> 
> Ken Coar                    <http://Golux.Com/coar/>
> Apache Software Foundation  <http://www.apache.org/>
> "Apache Server for Dummies" <http://Apache-Server.Com/>
> "Apache Server Unleashed"   <http://ApacheUnleashed.Com/>
> 

-- 
Greg Stein, http://www.lyra.org/


Mime
View raw message