Lines 67-72
Link Here
|
67 |
#define APHTP_NEWFILE 1 |
67 |
#define APHTP_NEWFILE 1 |
68 |
#define APHTP_NOFILE 2 |
68 |
#define APHTP_NOFILE 2 |
69 |
#define APHTP_DELUSER 4 |
69 |
#define APHTP_DELUSER 4 |
|
|
70 |
#define APHTP_VERIFY 8 |
70 |
|
71 |
|
71 |
apr_file_t *ftemp = NULL; |
72 |
apr_file_t *ftemp = NULL; |
72 |
|
73 |
|
Lines 92-99
Link Here
|
92 |
static void usage(void) |
93 |
static void usage(void) |
93 |
{ |
94 |
{ |
94 |
apr_file_printf(errfile, "Usage:" NL |
95 |
apr_file_printf(errfile, "Usage:" NL |
95 |
"\thtpasswd [-cimBdpsD] [-C cost] passwordfile username" NL |
96 |
"\thtpasswd [-cimBdpsDv] [-C cost] passwordfile username" NL |
96 |
"\thtpasswd -b[cmBdpsD] [-C cost] passwordfile username password" NL |
97 |
"\thtpasswd -b[cmBdpsDv] [-C cost] passwordfile username password" NL |
97 |
NL |
98 |
NL |
98 |
"\thtpasswd -n[imBdps] [-C cost] username" NL |
99 |
"\thtpasswd -n[imBdps] [-C cost] username" NL |
99 |
"\thtpasswd -nb[mBdps] [-C cost] username password" NL |
100 |
"\thtpasswd -nb[mBdps] [-C cost] username password" NL |
Lines 110-115
Link Here
|
110 |
" -s Force SHA encryption of the password (insecure)." NL |
111 |
" -s Force SHA encryption of the password (insecure)." NL |
111 |
" -p Do not encrypt the password (plaintext, insecure)." NL |
112 |
" -p Do not encrypt the password (plaintext, insecure)." NL |
112 |
" -D Delete the specified user." NL |
113 |
" -D Delete the specified user." NL |
|
|
114 |
" -v Verify password for the specified user." NL |
113 |
"On other systems than Windows and NetWare the '-p' flag will " |
115 |
"On other systems than Windows and NetWare the '-p' flag will " |
114 |
"probably not work." NL |
116 |
"probably not work." NL |
115 |
"The SHA algorithm does not use a salt and is less secure than the " |
117 |
"The SHA algorithm does not use a salt and is less secure than the " |
Lines 155-161
Link Here
|
155 |
} |
157 |
} |
156 |
|
158 |
|
157 |
static void check_args(int argc, const char *const argv[], |
159 |
static void check_args(int argc, const char *const argv[], |
158 |
struct passwd_ctx *ctx, int *mask, char **user, |
160 |
struct passwd_ctx *ctx, unsigned *mask, char **user, |
159 |
char **pwfilename) |
161 |
char **pwfilename) |
160 |
{ |
162 |
{ |
161 |
const char *arg; |
163 |
const char *arg; |
Lines 171-177
Link Here
|
171 |
if (rv != APR_SUCCESS) |
173 |
if (rv != APR_SUCCESS) |
172 |
exit(ERR_SYNTAX); |
174 |
exit(ERR_SYNTAX); |
173 |
|
175 |
|
174 |
while ((rv = apr_getopt(state, "cnmspdBbDiC:", &opt, &opt_arg)) == APR_SUCCESS) { |
176 |
while ((rv = apr_getopt(state, "cnmspdBbDiC:v", &opt, &opt_arg)) == APR_SUCCESS) { |
175 |
switch (opt) { |
177 |
switch (opt) { |
176 |
case 'c': |
178 |
case 'c': |
177 |
*mask |= APHTP_NEWFILE; |
179 |
*mask |= APHTP_NEWFILE; |
Lines 183-188
Link Here
|
183 |
case 'D': |
185 |
case 'D': |
184 |
*mask |= APHTP_DELUSER; |
186 |
*mask |= APHTP_DELUSER; |
185 |
break; |
187 |
break; |
|
|
188 |
case 'v': |
189 |
*mask |= APHTP_VERIFY; |
190 |
break; |
186 |
default: |
191 |
default: |
187 |
ret = parse_common_options(ctx, opt, opt_arg); |
192 |
ret = parse_common_options(ctx, opt, opt_arg); |
188 |
if (ret) { |
193 |
if (ret) { |
Lines 196-213
Link Here
|
196 |
if (rv != APR_EOF) |
201 |
if (rv != APR_EOF) |
197 |
usage(); |
202 |
usage(); |
198 |
|
203 |
|
199 |
if ((*mask & APHTP_NEWFILE) && (*mask & APHTP_NOFILE)) { |
204 |
if ((*mask) & (*mask - 1)) { |
200 |
apr_file_printf(errfile, "%s: -c and -n options conflict" NL, argv[0]); |
205 |
/* not a power of two, i.e. more than one flag specified */ |
|
|
206 |
apr_file_printf(errfile, "%s: only one of -c -n -v -D may be specified" NL, |
207 |
argv[0]); |
201 |
exit(ERR_SYNTAX); |
208 |
exit(ERR_SYNTAX); |
202 |
} |
209 |
} |
203 |
if ((*mask & APHTP_NEWFILE) && (*mask & APHTP_DELUSER)) { |
210 |
if ((*mask & APHTP_VERIFY) && ctx->passwd_src == PW_PROMPT) |
204 |
apr_file_printf(errfile, "%s: -c and -D options conflict" NL, argv[0]); |
211 |
ctx->passwd_src = PW_PROMPT_VERIFY; |
205 |
exit(ERR_SYNTAX); |
212 |
|
206 |
} |
|
|
207 |
if ((*mask & APHTP_NOFILE) && (*mask & APHTP_DELUSER)) { |
208 |
apr_file_printf(errfile, "%s: -n and -D options conflict" NL, argv[0]); |
209 |
exit(ERR_SYNTAX); |
210 |
} |
211 |
/* |
213 |
/* |
212 |
* Make sure we still have exactly the right number of arguments left |
214 |
* Make sure we still have exactly the right number of arguments left |
213 |
* (the filename, the username, and possibly the password if -b was |
215 |
* (the filename, the username, and possibly the password if -b was |
Lines 246-251
Link Here
|
246 |
} |
248 |
} |
247 |
} |
249 |
} |
248 |
|
250 |
|
|
|
251 |
static int verify(struct passwd_ctx *ctx, const char *hash) |
252 |
{ |
253 |
apr_status_t rv; |
254 |
int ret; |
255 |
|
256 |
if (ctx->passwd == NULL && (ret = get_password(ctx)) != 0) |
257 |
return ret; |
258 |
rv = apr_password_validate(ctx->passwd, hash); |
259 |
if (rv == APR_SUCCESS) |
260 |
return 0; |
261 |
if (APR_STATUS_IS_EMISMATCH(rv)) { |
262 |
ctx->errstr = "password verification failed"; |
263 |
return ERR_PWMISMATCH; |
264 |
} |
265 |
ctx->errstr = apr_psprintf(ctx->pool, "Could not verify password: %pm", |
266 |
&rv); |
267 |
return ERR_GENERAL; |
268 |
} |
269 |
|
249 |
/* |
270 |
/* |
250 |
* Let's do it. We end up doing a lot of file opening and closing, |
271 |
* Let's do it. We end up doing a lot of file opening and closing, |
251 |
* but what do we care? This application isn't run constantly. |
272 |
* but what do we care? This application isn't run constantly. |
Lines 253-259
Link Here
|
253 |
int main(int argc, const char * const argv[]) |
274 |
int main(int argc, const char * const argv[]) |
254 |
{ |
275 |
{ |
255 |
apr_file_t *fpw = NULL; |
276 |
apr_file_t *fpw = NULL; |
256 |
const char *errstr = NULL; |
|
|
257 |
char line[MAX_STRING_LEN]; |
277 |
char line[MAX_STRING_LEN]; |
258 |
char *pwfilename = NULL; |
278 |
char *pwfilename = NULL; |
259 |
char *user = NULL; |
279 |
char *user = NULL; |
Lines 262-268
Link Here
|
262 |
char *scratch, cp[MAX_STRING_LEN]; |
282 |
char *scratch, cp[MAX_STRING_LEN]; |
263 |
int found = 0; |
283 |
int found = 0; |
264 |
int i; |
284 |
int i; |
265 |
int mask = 0; |
285 |
unsigned mask = 0; |
266 |
apr_pool_t *pool; |
286 |
apr_pool_t *pool; |
267 |
int existing_file = 0; |
287 |
int existing_file = 0; |
268 |
struct passwd_ctx ctx = { 0 }; |
288 |
struct passwd_ctx ctx = { 0 }; |
Lines 274-279
Link Here
|
274 |
apr_app_initialize(&argc, &argv, NULL); |
294 |
apr_app_initialize(&argc, &argv, NULL); |
275 |
atexit(terminate); |
295 |
atexit(terminate); |
276 |
apr_pool_create(&pool, NULL); |
296 |
apr_pool_create(&pool, NULL); |
|
|
297 |
apr_pool_abort_set(abort_on_oom, pool); |
277 |
apr_file_open_stderr(&errfile, pool); |
298 |
apr_file_open_stderr(&errfile, pool); |
278 |
ctx.pool = pool; |
299 |
ctx.pool = pool; |
279 |
ctx.alg = ALG_APMD5; |
300 |
ctx.alg = ALG_APMD5; |
Lines 341-350
Link Here
|
341 |
* Any error message text is returned in the record buffer, since |
362 |
* Any error message text is returned in the record buffer, since |
342 |
* the mkrecord() routine doesn't have access to argv[]. |
363 |
* the mkrecord() routine doesn't have access to argv[]. |
343 |
*/ |
364 |
*/ |
344 |
if (!(mask & APHTP_DELUSER)) { |
365 |
if ((mask & (APHTP_DELUSER|APHTP_VERIFY)) == 0) { |
345 |
i = mkrecord(&ctx, user); |
366 |
i = mkrecord(&ctx, user); |
346 |
if (i != 0) { |
367 |
if (i != 0) { |
347 |
apr_file_printf(errfile, "%s: %s" NL, argv[0], errstr); |
368 |
apr_file_printf(errfile, "%s: %s" NL, argv[0], ctx.errstr); |
348 |
exit(i); |
369 |
exit(i); |
349 |
} |
370 |
} |
350 |
if (mask & APHTP_NOFILE) { |
371 |
if (mask & APHTP_NOFILE) { |
Lines 353-373
Link Here
|
353 |
} |
374 |
} |
354 |
} |
375 |
} |
355 |
|
376 |
|
356 |
/* |
377 |
if ((mask & APHTP_VERIFY) == 0) { |
357 |
* We can access the files the right way, and we have a record |
378 |
/* |
358 |
* to add or update. Let's do it.. |
379 |
* We can access the files the right way, and we have a record |
359 |
*/ |
380 |
* to add or update. Let's do it.. |
360 |
if (apr_temp_dir_get((const char**)&dirname, pool) != APR_SUCCESS) { |
381 |
*/ |
361 |
apr_file_printf(errfile, "%s: could not determine temp dir" NL, |
382 |
if (apr_temp_dir_get((const char**)&dirname, pool) != APR_SUCCESS) { |
362 |
argv[0]); |
383 |
apr_file_printf(errfile, "%s: could not determine temp dir" NL, |
363 |
exit(ERR_FILEPERM); |
384 |
argv[0]); |
364 |
} |
385 |
exit(ERR_FILEPERM); |
365 |
dirname = apr_psprintf(pool, "%s/%s", dirname, tn); |
386 |
} |
|
|
387 |
dirname = apr_psprintf(pool, "%s/%s", dirname, tn); |
366 |
|
388 |
|
367 |
if (apr_file_mktemp(&ftemp, dirname, 0, pool) != APR_SUCCESS) { |
389 |
if (apr_file_mktemp(&ftemp, dirname, 0, pool) != APR_SUCCESS) { |
368 |
apr_file_printf(errfile, "%s: unable to create temporary file %s" NL, |
390 |
apr_file_printf(errfile, "%s: unable to create temporary file %s" NL, |
369 |
argv[0], dirname); |
391 |
argv[0], dirname); |
370 |
exit(ERR_FILEPERM); |
392 |
exit(ERR_FILEPERM); |
|
|
393 |
} |
371 |
} |
394 |
} |
372 |
|
395 |
|
373 |
/* |
396 |
/* |
Lines 418-450
Link Here
|
418 |
continue; |
441 |
continue; |
419 |
} |
442 |
} |
420 |
else { |
443 |
else { |
421 |
if (!(mask & APHTP_DELUSER)) { |
444 |
/* We found the user we were looking for */ |
422 |
/* We found the user we were looking for. |
445 |
found++; |
423 |
* Add him to the file. |
446 |
if ((mask & APHTP_DELUSER)) { |
424 |
*/ |
447 |
/* Delete entry from the file */ |
|
|
448 |
apr_file_printf(errfile, "Deleting "); |
449 |
} |
450 |
else if ((mask & APHTP_VERIFY)) { |
451 |
/* Verify */ |
452 |
char *hash = colon + 1; |
453 |
size_t len; |
454 |
|
455 |
len = strcspn(hash, "\r\n"); |
456 |
if (len == 0) { |
457 |
apr_file_printf(errfile, "Empty hash for user %s" NL, |
458 |
user); |
459 |
exit(ERR_INVALID); |
460 |
} |
461 |
hash[len] = '\0'; |
462 |
|
463 |
i = verify(&ctx, hash); |
464 |
if (i != 0) { |
465 |
apr_file_printf(errfile, "%s" NL, ctx.errstr); |
466 |
exit(i); |
467 |
} |
468 |
} |
469 |
else { |
470 |
/* Update entry */ |
425 |
apr_file_printf(errfile, "Updating "); |
471 |
apr_file_printf(errfile, "Updating "); |
426 |
putline(ftemp, ctx.out); |
472 |
putline(ftemp, ctx.out); |
427 |
found++; |
|
|
428 |
} |
473 |
} |
429 |
else { |
|
|
430 |
/* We found the user we were looking for. |
431 |
* Delete them from the file. |
432 |
*/ |
433 |
apr_file_printf(errfile, "Deleting "); |
434 |
found++; |
435 |
} |
436 |
} |
474 |
} |
437 |
} |
475 |
} |
438 |
apr_file_close(fpw); |
476 |
apr_file_close(fpw); |
439 |
} |
477 |
} |
440 |
if (!found && !(mask & APHTP_DELUSER)) { |
478 |
if (!found) { |
441 |
apr_file_printf(errfile, "Adding "); |
479 |
if (mask & APHTP_DELUSER) { |
442 |
putline(ftemp, ctx.out); |
480 |
apr_file_printf(errfile, "User %s not found" NL, user); |
|
|
481 |
exit(0); |
482 |
} |
483 |
else if (mask & APHTP_VERIFY) { |
484 |
apr_file_printf(errfile, "User %s not found" NL, user); |
485 |
exit(ERR_BADUSER); |
486 |
} |
487 |
else { |
488 |
apr_file_printf(errfile, "Adding "); |
489 |
putline(ftemp, ctx.out); |
490 |
} |
443 |
} |
491 |
} |
444 |
else if (!found && (mask & APHTP_DELUSER)) { |
492 |
if (mask & APHTP_VERIFY) { |
445 |
apr_file_printf(errfile, "User %s not found" NL, user); |
493 |
apr_file_printf(errfile, "Password for user %s correct." NL, user); |
446 |
exit(0); |
494 |
exit(0); |
447 |
} |
495 |
} |
|
|
496 |
|
448 |
apr_file_printf(errfile, "password for user %s" NL, user); |
497 |
apr_file_printf(errfile, "password for user %s" NL, user); |
449 |
|
498 |
|
450 |
/* The temporary file has all the data, just copy it to the new location. |
499 |
/* The temporary file has all the data, just copy it to the new location. |