1
/* Licensed to the Apache Software Foundation (ASF) under one or more
2
* contributor license agreements. See the NOTICE file distributed with
3
* this work for additional information regarding copyright ownership.
4
* The ASF licenses this file to You under the Apache License, Version 2.0
5
* (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
17
/******************************************************************************
18
******************************************************************************
19
* NOTE! This program is not safe as a setuid executable! Do not make it
21
******************************************************************************
22
*****************************************************************************/
24
* htdigest.c: simple program for manipulating digest passwd file for Apache
26
* by Alexei Kosut, based on htpasswd.c, by Rob McCool
30
#include "apr_file_io.h"
32
#include "apr_lib.h" /* for apr_getpass() */
33
#include "apr_general.h"
34
#include "apr_signal.h"
35
#include "apr_strings.h" /* for apr_pstrdup() */
37
#define APR_WANT_STDIO
38
#define APR_WANT_STRFUNC
41
#if APR_HAVE_SYS_TYPES_H
42
#include <sys/types.h>
53
#if APR_CHARSET_EBCDIC
59
#endif /* APR_CHARSET_EBCDIC */
61
#define MAX_STRING_LEN 256
63
apr_file_t *tfp = NULL;
66
#if APR_CHARSET_EBCDIC
67
apr_xlate_t *to_ascii;
70
static void cleanup_tempfile_and_exit(int rc)
78
static void getword(char *word, char *line, char stop)
82
for (x = 0; ((line[x]) && (line[x] != stop)); x++)
90
while ((line[y++] = line[x++]));
93
static int get_line(char *s, int n, apr_file_t *f)
97
apr_status_t rv = APR_EINVAL;
100
((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {
107
if (rv != APR_SUCCESS)
113
static void putline(apr_file_t *f, char *l)
117
for (x = 0; l[x]; x++)
118
apr_file_putc(l[x], f);
122
static void add_password(const char *user, const char *realm, apr_file_t *f)
125
apr_md5_ctx_t context;
126
unsigned char digest[16];
127
char string[MAX_STRING_LEN];
128
char pwin[MAX_STRING_LEN];
129
char pwv[MAX_STRING_LEN];
131
apr_size_t len = sizeof(pwin);
133
if (apr_password_get("New password: ", pwin, &len) != APR_SUCCESS) {
134
apr_file_printf(errfile, "password too long");
135
cleanup_tempfile_and_exit(5);
138
apr_password_get("Re-type new password: ", pwv, &len);
139
if (strcmp(pwin, pwv) != 0) {
140
apr_file_printf(errfile, "They don't match, sorry.\n");
141
cleanup_tempfile_and_exit(1);
144
apr_file_printf(f, "%s:%s:", user, realm);
147
sprintf(string, "%s:%s:%s", user, realm, pw);
149
apr_md5_init(&context);
150
#if APR_CHARSET_EBCDIC
151
apr_md5_set_xlate(&context, to_ascii);
153
apr_md5_update(&context, (unsigned char *) string, strlen(string));
154
apr_md5_final(digest, &context);
156
for (i = 0; i < 16; i++)
157
apr_file_printf(f, "%02x", digest[i]);
159
apr_file_printf(f, "\n");
162
static void usage(void)
164
apr_file_printf(errfile, "Usage: htdigest [-c] passwordfile realm username\n");
165
apr_file_printf(errfile, "The -c flag creates a new file.\n");
169
static void interrupted(void)
171
apr_file_printf(errfile, "Interrupted.\n");
172
cleanup_tempfile_and_exit(1);
175
static void terminate(void)
183
int main(int argc, const char * const argv[])
187
char tn[] = "htdigest.tmp.XXXXXX";
189
char user[MAX_STRING_LEN];
190
char realm[MAX_STRING_LEN];
191
char line[MAX_STRING_LEN];
192
char l[MAX_STRING_LEN];
193
char w[MAX_STRING_LEN];
194
char x[MAX_STRING_LEN];
197
apr_app_initialize(&argc, &argv, NULL);
199
apr_pool_create(&cntxt, NULL);
200
apr_file_open_stderr(&errfile, cntxt);
202
#if APR_CHARSET_EBCDIC
203
rv = apr_xlate_open(&to_ascii, "ISO-8859-1", APR_DEFAULT_CHARSET, cntxt);
205
apr_file_printf(errfile, "apr_xlate_open(): %s (%d)\n",
206
apr_strerror(rv, line, sizeof(line)), rv);
211
apr_signal(SIGINT, (void (*)(int)) interrupted);
213
if (strcmp(argv[1], "-c"))
215
rv = apr_file_open(&f, argv[2], APR_WRITE | APR_CREATE,
216
APR_OS_DEFAULT, cntxt);
217
if (rv != APR_SUCCESS) {
220
apr_file_printf(errfile, "Could not open passwd file %s for writing: %s\n",
222
apr_strerror(rv, errmsg, sizeof errmsg));
225
apr_file_printf(errfile, "Adding password for %s in realm %s.\n",
227
add_password(argv[4], argv[3], f);
234
if (apr_temp_dir_get((const char**)&dirname, cntxt) != APR_SUCCESS) {
235
apr_file_printf(errfile, "%s: could not determine temp dir\n",
239
dirname = apr_psprintf(cntxt, "%s/%s", dirname, tn);
241
if (apr_file_mktemp(&tfp, dirname, 0, cntxt) != APR_SUCCESS) {
242
apr_file_printf(errfile, "Could not open temp file %s.\n", dirname);
246
if (apr_file_open(&f, argv[1], APR_READ, APR_OS_DEFAULT, cntxt) != APR_SUCCESS) {
247
apr_file_printf(errfile,
248
"Could not open passwd file %s for reading.\n", argv[1]);
249
apr_file_printf(errfile, "Use -c option to create new one.\n");
250
cleanup_tempfile_and_exit(1);
252
apr_cpystrn(user, argv[3], sizeof(user));
253
apr_cpystrn(realm, argv[2], sizeof(realm));
256
while (!(get_line(line, MAX_STRING_LEN, f))) {
257
if (found || (line[0] == '#') || (!line[0])) {
264
if (strcmp(user, w) || strcmp(realm, x)) {
269
apr_file_printf(errfile, "Changing password for user %s in realm %s\n",
271
add_password(user, realm, tfp);
276
apr_file_printf(errfile, "Adding user %s in realm %s\n", user, realm);
277
add_password(user, realm, tfp);
281
/* The temporary file has all the data, just copy it to the new location.
283
if (apr_file_copy(dirname, argv[1], APR_FILE_SOURCE_PERMS, cntxt) !=
285
apr_file_printf(errfile, "%s: unable to update file %s\n",