1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * htdbm.c: simple program for manipulating DBM
19 * password databases for the Apache HTTP server
21 * Contributed by Mladen Turk <mturk mappingsoft.com>
27 #include "apr_strings.h"
28 #include "apr_file_io.h"
29 #include "apr_file_info.h"
30 #include "apr_pools.h"
31 #include "apr_signal.h"
42 #if APR_HAVE_STRINGS_H
47 #if APR_CHARSET_EBCDIC
48 #include "apr_xlate.h"
49 #endif /*APR_CHARSET_EBCDIC*/
59 #if !APR_CHARSET_EBCDIC
62 #else /*APR_CHARSET_EBCDIC*/
65 #endif /*APR_CHARSET_EBCDIC*/
67 #define MAX_STRING_LEN 256
72 #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
77 #define ERR_FILEPERM 1
79 #define ERR_PWMISMATCH 3
80 #define ERR_INTERRUPTED 4
81 #define ERR_OVERFLOW 5
86 typedef struct htdbm_t htdbm_t
;
91 #if APR_CHARSET_EBCDIC
92 apr_xlate_t
*to_ascii
;
106 #define HTDBM_DELETE 1
107 #define HTDBM_VERIFY 2
109 #define HTDBM_NOFILE 4
110 #define HTDBM_STDIN 5
112 static void terminate(void)
120 static void htdbm_terminate(htdbm_t
*htdbm
)
123 apr_dbm_close(htdbm
->dbm
);
129 static void htdbm_interrupted(void)
132 fprintf(stderr
, "htdbm Interrupted !\n");
133 exit(ERR_INTERRUPTED
);
136 static apr_status_t
htdbm_init(apr_pool_t
**pool
, htdbm_t
**hdbm
)
139 #if APR_CHARSET_EBCDIC
143 apr_pool_create( pool
, NULL
);
144 apr_signal(SIGINT
, (void (*)(int)) htdbm_interrupted
);
146 (*hdbm
) = (htdbm_t
*)apr_pcalloc(*pool
, sizeof(htdbm_t
));
147 (*hdbm
)->pool
= *pool
;
149 #if APR_CHARSET_EBCDIC
150 rv
= apr_xlate_open(&((*hdbm
)->to_ascii
), "ISO-8859-1", APR_DEFAULT_CHARSET
, (*hdbm
)->pool
);
152 fprintf(stderr
, "apr_xlate_open(to ASCII)->%d\n", rv
);
155 rv
= apr_SHA1InitEBCDIC((*hdbm
)->to_ascii
);
157 fprintf(stderr
, "apr_SHA1InitEBCDIC()->%d\n", rv
);
160 rv
= apr_MD5InitEBCDIC((*hdbm
)->to_ascii
);
162 fprintf(stderr
, "apr_MD5InitEBCDIC()->%d\n", rv
);
165 #endif /*APR_CHARSET_EBCDIC*/
167 /* Set MD5 as default */
168 (*hdbm
)->alg
= ALG_APMD5
;
169 (*hdbm
)->type
= "default";
173 static apr_status_t
htdbm_open(htdbm_t
*htdbm
)
176 return apr_dbm_open_ex(&htdbm
->dbm
, htdbm
->type
, htdbm
->filename
, APR_DBM_RWCREATE
,
177 APR_OS_DEFAULT
, htdbm
->pool
);
179 return apr_dbm_open_ex(&htdbm
->dbm
, htdbm
->type
, htdbm
->filename
,
180 htdbm
->rdonly
? APR_DBM_READONLY
: APR_DBM_READWRITE
,
181 APR_OS_DEFAULT
, htdbm
->pool
);
184 static apr_status_t
htdbm_save(htdbm_t
*htdbm
, int *changed
)
186 apr_datum_t key
, val
;
188 if (!htdbm
->username
)
191 key
.dptr
= htdbm
->username
;
192 key
.dsize
= strlen(htdbm
->username
);
193 if (apr_dbm_exists(htdbm
->dbm
, key
))
196 val
.dsize
= strlen(htdbm
->userpass
);
198 val
.dptr
= htdbm
->userpass
;
200 val
.dptr
= apr_pstrcat(htdbm
->pool
, htdbm
->userpass
, ":",
201 htdbm
->comment
, NULL
);
202 val
.dsize
+= (strlen(htdbm
->comment
) + 1);
204 return apr_dbm_store(htdbm
->dbm
, key
, val
);
207 static apr_status_t
htdbm_del(htdbm_t
*htdbm
)
211 key
.dptr
= htdbm
->username
;
212 key
.dsize
= strlen(htdbm
->username
);
213 if (!apr_dbm_exists(htdbm
->dbm
, key
))
216 return apr_dbm_delete(htdbm
->dbm
, key
);
219 static apr_status_t
htdbm_verify(htdbm_t
*htdbm
)
221 apr_datum_t key
, val
;
222 char pwd
[MAX_STRING_LEN
] = {0};
225 key
.dptr
= htdbm
->username
;
226 key
.dsize
= strlen(htdbm
->username
);
227 if (!apr_dbm_exists(htdbm
->dbm
, key
))
229 if (apr_dbm_fetch(htdbm
->dbm
, key
, &val
) != APR_SUCCESS
)
231 rec
= apr_pstrndup(htdbm
->pool
, val
.dptr
, val
.dsize
);
232 cmnt
= strchr(rec
, ':');
234 strncpy(pwd
, rec
, cmnt
- rec
);
237 return apr_password_validate(htdbm
->userpass
, pwd
);
240 static apr_status_t
htdbm_list(htdbm_t
*htdbm
)
243 apr_datum_t key
, val
;
245 char kb
[MAX_STRING_LEN
];
248 rv
= apr_dbm_firstkey(htdbm
->dbm
, &key
);
249 if (rv
!= APR_SUCCESS
) {
250 fprintf(stderr
, "Empty database -- %s\n", htdbm
->filename
);
253 rec
= apr_pcalloc(htdbm
->pool
, HUGE_STRING_LEN
);
255 fprintf(stderr
, "Dumping records from database -- %s\n", htdbm
->filename
);
256 fprintf(stderr
, " %-32sComment\n", "Username");
257 while (key
.dptr
!= NULL
) {
258 rv
= apr_dbm_fetch(htdbm
->dbm
, key
, &val
);
259 if (rv
!= APR_SUCCESS
) {
260 fprintf(stderr
, "Failed getting data from %s\n", htdbm
->filename
);
263 strncpy(kb
, key
.dptr
, key
.dsize
);
264 kb
[key
.dsize
] = '\0';
265 fprintf(stderr
, " %-32s", kb
);
266 strncpy(rec
, val
.dptr
, val
.dsize
);
267 rec
[val
.dsize
] = '\0';
268 cmnt
= strchr(rec
, ':');
270 fprintf(stderr
, "%s", cmnt
+ 1);
271 fprintf(stderr
, "\n");
272 rv
= apr_dbm_nextkey(htdbm
->dbm
, &key
);
273 if (rv
!= APR_SUCCESS
)
274 fprintf(stderr
, "Failed getting NextKey\n");
278 fprintf(stderr
, "Total #records : %d\n", i
);
282 static void to64(char *s
, unsigned long v
, int n
)
284 static unsigned char itoa64
[] = /* 0 ... 63 => ASCII - 64 */
285 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
288 *s
++ = itoa64
[v
&0x3f];
293 static apr_status_t
htdbm_make(htdbm_t
*htdbm
)
295 char cpw
[MAX_STRING_LEN
];
298 switch (htdbm
->alg
) {
300 /* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */
301 apr_sha1_base64(htdbm
->userpass
,strlen(htdbm
->userpass
),cpw
);
305 (void) srand((int) time((time_t *) NULL
));
306 to64(&salt
[0], rand(), 8);
308 apr_md5_encode((const char *)htdbm
->userpass
, (const char *)salt
,
312 /* XXX this len limitation is not in sync with any HTTPd len. */
313 apr_cpystrn(cpw
,htdbm
->userpass
,sizeof(cpw
));
314 #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
315 fprintf(stderr
, "Warning: Plain text passwords aren't supported by the "
316 "server on this platform!\n");
319 #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
321 (void) srand((int) time((time_t *) NULL
));
322 to64(&salt
[0], rand(), 8);
324 apr_cpystrn(cpw
, crypt(htdbm
->userpass
, salt
), sizeof(cpw
) - 1);
325 fprintf(stderr
, "CRYPT is now deprecated, use MD5 instead!\n");
330 htdbm
->userpass
= apr_pstrdup(htdbm
->pool
, cpw
);
334 static apr_status_t
htdbm_valid_username(htdbm_t
*htdbm
)
336 if (!htdbm
->username
|| (strlen(htdbm
->username
) > 64) || (strlen(htdbm
->username
) < 1)) {
337 fprintf(stderr
, "Invalid username length\n");
340 if (strchr(htdbm
->username
, ':')) {
341 fprintf(stderr
, "Username contains invalid characters\n");
347 static void htdbm_usage(void)
350 #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
351 #define CRYPT_OPTION "d"
353 #define CRYPT_OPTION ""
355 fprintf(stderr
, "htdbm -- program for manipulating DBM password databases.\n\n");
356 fprintf(stderr
, "Usage: htdbm [-cm"CRYPT_OPTION
"pstvx] [-TDBTYPE] database username\n");
357 fprintf(stderr
, " -b[cm"CRYPT_OPTION
"ptsv] [-TDBTYPE] database username password\n");
358 fprintf(stderr
, " -n[m"CRYPT_OPTION
"pst] username\n");
359 fprintf(stderr
, " -nb[m"CRYPT_OPTION
"pst] username password\n");
360 fprintf(stderr
, " -v[m"CRYPT_OPTION
"ps] [-TDBTYPE] database username\n");
361 fprintf(stderr
, " -vb[m"CRYPT_OPTION
"ps] [-TDBTYPE] database username password\n");
362 fprintf(stderr
, " -x[m"CRYPT_OPTION
"ps] [-TDBTYPE] database username\n");
363 fprintf(stderr
, " -l [-TDBTYPE] database\n");
364 fprintf(stderr
, "Options:\n");
365 fprintf(stderr
, " -b Use the password from the command line rather "
366 "than prompting for it.\n");
367 fprintf(stderr
, " -c Create a new database.\n");
368 fprintf(stderr
, " -n Don't update database; display results on stdout.\n");
369 fprintf(stderr
, " -m Force MD5 encryption of the password (default).\n");
370 #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
371 fprintf(stderr
, " -d Force CRYPT encryption of the password (now deprecated).\n");
373 fprintf(stderr
, " -p Do not encrypt the password (plaintext).\n");
374 fprintf(stderr
, " -s Force SHA encryption of the password.\n");
375 fprintf(stderr
, " -T DBM Type (SDBM|GDBM|DB|default).\n");
376 fprintf(stderr
, " -l Display usernames from database on stdout.\n");
377 fprintf(stderr
, " -t The last param is username comment.\n");
378 fprintf(stderr
, " -v Verify the username/password.\n");
379 fprintf(stderr
, " -x Remove the username record from database.\n");
385 int main(int argc
, const char * const argv
[])
390 char pwi
[MAX_STRING_LEN
];
391 char pwc
[MAX_STRING_LEN
];
392 char errbuf
[MAX_STRING_LEN
];
398 int pwd_supplied
= 0;
400 int cmd
= HTDBM_MAKE
;
404 apr_app_initialize(&argc
, &argv
, NULL
);
407 if ((rv
= htdbm_init(&pool
, &h
)) != APR_SUCCESS
) {
408 fprintf(stderr
, "Unable to initialize htdbm terminating!\n");
409 apr_strerror(rv
, errbuf
, sizeof(errbuf
));
413 * Preliminary check to make sure they provided at least
414 * three arguments, we'll do better argument checking as
415 * we parse the command line.
420 * Go through the argument list and pick out any options. They
421 * have to precede any other arguments.
423 for (i
= 1; i
< argc
; i
++) {
428 while (*++arg
!= '\0') {
455 h
->type
= apr_pstrdup(h
->pool
, ++arg
);
458 --arg
; /* so incrementing this in the loop with find a null */
477 #if (!(defined(WIN32) || defined(TPF) || defined(NETWARE)))
489 * Make sure we still have exactly the right number of arguments left
490 * (the filename, the username, and possibly the password if -b was
493 if ((argc
- i
) != args_left
)
499 h
->filename
= apr_pstrdup(h
->pool
, argv
[i
]);
500 if ((rv
= htdbm_open(h
)) != APR_SUCCESS
) {
501 fprintf(stderr
, "Error opening database %s\n", argv
[i
]);
502 apr_strerror(rv
, errbuf
, sizeof(errbuf
));
503 fprintf(stderr
,"%s\n",errbuf
);
508 h
->username
= apr_pstrdup(pool
, argv
[i
+1]);
509 if (htdbm_valid_username(h
) != APR_SUCCESS
)
513 h
->userpass
= apr_pstrdup(pool
, argv
[i
+2]);
517 if (apr_password_get("Enter password : ", pwi
, &l
) != APR_SUCCESS
) {
518 fprintf(stderr
, "Password too long\n");
522 if (apr_password_get("Re-type password : ", pwc
, &l
) != APR_SUCCESS
) {
523 fprintf(stderr
, "Password too long\n");
526 if (strcmp(pwi
, pwc
) != 0) {
527 fprintf(stderr
, "Password verification error\n");
528 exit(ERR_PWMISMATCH
);
531 h
->userpass
= apr_pstrdup(pool
, pwi
);
533 if (need_cmnt
&& pwd_supplied
)
534 h
->comment
= apr_pstrdup(pool
, argv
[i
+3]);
536 h
->comment
= apr_pstrdup(pool
, argv
[i
+2]);
540 if ((rv
= htdbm_verify(h
)) != APR_SUCCESS
) {
541 if(rv
== APR_ENOENT
) {
542 fprintf(stderr
, "The user '%s' could not be found in database\n", h
->username
);
546 fprintf(stderr
, "Password mismatch for user '%s'\n", h
->username
);
547 exit(ERR_PWMISMATCH
);
551 fprintf(stderr
, "Password validated for user '%s'\n", h
->username
);
554 if (htdbm_del(h
) != APR_SUCCESS
) {
555 fprintf(stderr
, "Cannot find user '%s' in database\n", h
->username
);
569 if (need_file
&& !h
->rdonly
) {
570 if ((rv
= htdbm_save(h
, &changed
)) != APR_SUCCESS
) {
571 apr_strerror(rv
, errbuf
, sizeof(errbuf
));
574 fprintf(stdout
, "Database %s %s.\n", h
->filename
,
575 h
->create
? "created" : (changed
? "modified" : "updated"));
577 if (cmd
== HTDBM_NOFILE
) {
579 fprintf(stderr
, "%s:%s\n", h
->username
, h
->userpass
);
582 fprintf(stderr
, "%s:%s:%s\n", h
->username
, h
->userpass
,
588 return 0; /* Suppress compiler warning. */