Google Git
Sign in
apache / apr / cc3fca20f700829592add524e705d525fca287f2 / . / test / htdigest.c
blob: 528aa5c819ebb075aec9573e729e2b48434c0bb4 [file] [log] [blame]
/* ====================================================================
* Copyright (c) 1995-1999 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* 4. The names "Apache Server" and "Apache Group" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Group and was originally based
* on public domain software written at the National Center for
* Supercomputing Applications, University of Illinois, Urbana-Champaign.
* For more information on the Apache Group and the Apache HTTP server
* project, please see <http://www.apache.org/>.
*
*/
/******************************************************************************
******************************************************************************
* NOTE! This program is not safe as a setuid executable! Do not make it
* setuid!
******************************************************************************
*****************************************************************************/
/*
* htdigest.c: simple program for manipulating digest passwd file for Apache
*
* by Alexei Kosut, based on htpasswd.c, by Rob McCool
*/
#include "apr_lib.h"
#include "apr_md5.h"
#include <sys/types.h>
#if defined(MPE) || defined(QNX) || defined(WIN32)
#include <signal.h>
#else
#include <sys/signal.h>
#endif
#ifdef WIN32
#include <conio.h>
#endif
#ifdef CHARSET_EBCDIC
#define LF '\n'
#define CR '\r'
#else
#define LF 10
#define CR 13
#endif /* CHARSET_EBCDIC */
#define MAX_STRING_LEN 256
char *tn;
ap_context_t *cntxt;
static void getword(char *word, char *line, char stop)
{
int x = 0, y;
for (x = 0; ((line[x]) && (line[x] != stop)); x++)
word[x] = line[x];
word[x] = '\0';
if (line[x])
++x;
y = 0;
while ((line[y++] = line[x++]));
}
static int getline(char *s, int n, ap_file_t *f)
{
register int i = 0;
char ch;
while (1) {
ap_getc(f, &ch);
s[i] = ch;
if (s[i] == CR)
ap_getc(f, &ch);
s[i] = ch;
if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) {
s[i] = '\0';
if (ap_eof(f) == APR_EOF) {
return 1;
}
return 0;
}
++i;
}
}
static void putline(ap_file_t *f, char *l)
{
int x;
for (x = 0; l[x]; x++)
ap_putc(f, l[x]);
ap_putc(f, '\n');
}
static void add_password(char *user, char *realm, ap_file_t *f)
{
char *pw;
APR_MD5_CTX context;
unsigned char digest[16];
char string[MAX_STRING_LEN];
char pwin[MAX_STRING_LEN];
char pwv[MAX_STRING_LEN];
unsigned int i;
size_t len = sizeof(pwin);
if (ap_getpass("New password: ", pwin, &len) != APR_SUCCESS) {
fprintf(stderr, "password too long");
exit(5);
}
len = sizeof(pwin);
ap_getpass("Re-type new password: ", pwv, &len);
if (strcmp(pwin, pwv) != 0) {
fprintf(stderr, "They don't match, sorry.\n");
if (tn) {
ap_remove_file(cntxt, tn);
}
exit(1);
}
pw = pwin;
ap_fprintf(f, "%s:%s:", user, realm);
/* Do MD5 stuff */
sprintf(string, "%s:%s:%s", user, realm, pw);
apr_MD5Init(&context);
apr_MD5Update(&context, (unsigned char *) string, strlen(string));
apr_MD5Final(digest, &context);
for (i = 0; i < 16; i++)
ap_fprintf(f, "%02x", digest[i]);
ap_fprintf(f, "\n");
}
static void usage(void)
{
fprintf(stderr, "Usage: htdigest [-c] passwordfile realm username\n");
fprintf(stderr, "The -c flag creates a new file.\n");
exit(1);
}
static void interrupted(void)
{
fprintf(stderr, "Interrupted.\n");
if (tn)
ap_remove_file(cntxt, tn);
exit(1);
}
int main(int argc, char *argv[])
{
ap_file_t *tfp, *f;
char user[MAX_STRING_LEN];
char realm[MAX_STRING_LEN];
char line[MAX_STRING_LEN];
char l[MAX_STRING_LEN];
char w[MAX_STRING_LEN];
char x[MAX_STRING_LEN];
char command[MAX_STRING_LEN];
int found;
ap_create_context(NULL, NULL, &cntxt);
tn = NULL;
signal(SIGINT, (void (*)(int)) interrupted);
if (argc == 5) {
if (strcmp(argv[1], "-c"))
usage();
if (ap_open(cntxt, argv[2], APR_WRITE | APR_CREATE, -1, &tfp) != APR_SUCCESS) {
fprintf(stderr, "Could not open passwd file %s for writing.\n",
argv[2]);
perror("ap_open");
exit(1);
}
printf("Adding password for %s in realm %s.\n", argv[4], argv[3]);
add_password(argv[4], argv[3], tfp);
ap_close(tfp);
exit(0);
}
else if (argc != 4)
usage();
tn = tmpnam(NULL);
if (ap_open(cntxt, tn, APR_WRITE | APR_CREATE, -1, &tfp)!= APR_SUCCESS) {
fprintf(stderr, "Could not open temp file.\n");
exit(1);
}
if (ap_open(cntxt, argv[1], APR_READ, -1, &f) != APR_SUCCESS) {
fprintf(stderr,
"Could not open passwd file %s for reading.\n", argv[1]);
fprintf(stderr, "Use -c option to create new one.\n");
exit(1);
}
strcpy(user, argv[3]);
strcpy(realm, argv[2]);
found = 0;
while (!(getline(line, MAX_STRING_LEN, f))) {
if (found || (line[0] == '#') || (!line[0])) {
putline(tfp, line);
continue;
}
strcpy(l, line);
getword(w, l, ':');
getword(x, l, ':');
if (strcmp(user, w) || strcmp(realm, x)) {
putline(tfp, line);
continue;
}
else {
printf("Changing password for user %s in realm %s\n", user, realm);
add_password(user, realm, tfp);
found = 1;
}
}
if (!found) {
printf("Adding user %s in realm %s\n", user, realm);
add_password(user, realm, tfp);
}
ap_close(f);
ap_close(tfp);
#if defined(OS2) || defined(WIN32)
sprintf(command, "copy \"%s\" \"%s\"", tn, argv[1]);
#else
sprintf(command, "cp %s %s", tn, argv[1]);
#endif
system(command);
ap_remove_file(cntxt, tn);
return 0;
}