support/dbmmanage.in - httpd - Git at Google

 #!@perlbin@
 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 #for more functionality see the HTTPD::UserAdmin module:
 # http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
 #
 # usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment>

 package dbmmanage;
 #                               -ldb    -lndbm    -lgdbm    -lsdbm
 BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) }
 use strict;
 use Fcntl;
 use AnyDBM_File ();

 sub usage {
     my $cmds = join "|", sort keys %dbmc::;
     die <<SYNTAX;
 Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]

     where enc is  -d for crypt encryption (default except on Win32, Netware)
                   -m for MD5 encryption (default on Win32, Netware)
                   -s for SHA1 encryption
                   -p for plaintext

     command is one of: $cmds

     pw of . for update command retains the old password
     pw of - (or blank) for update command prompts for the password

     groups or comment of . (or blank) for update command retains old values
     groups or comment of - for update command clears the existing value
     groups or comment of - for add and adduser commands is the empty value
 SYNTAX
 }

 sub need_sha1_crypt {
     if (!eval ('require "Digest/SHA1.pm";')) {
         print STDERR <<SHAERR;
 dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
 available from CPAN:

     http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz

 Please install Digest::SHA1 and try again, or use a different crypt option:

 SHAERR
         usage();
     }
 }

 sub need_md5_crypt {
     if (!eval ('require "Crypt/PasswdMD5.pm";')) {
         print STDERR <<MD5ERR;
 dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN

     http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz

 Please install Crypt::PasswdMD5 and try again, or use a different crypt option:

 MD5ERR
         usage();
     }
 }

 # if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains
 # four bytes of iteration count and four bytes of salt).  Otherwise, just use
 # the traditional two-byte salt.
 # see the man page on your system to decide if you have a newer crypt() lib.
 # I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
 # The new style crypt() allows up to 20 characters of the password to be
 # significant rather than only 8.
 #
 my $newstyle_salt_platforms = join '|', qw{bsdos}; #others?
 my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;

 # Some platforms just can't crypt() for Apache
 #
 my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others?
 my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;

 my $crypt_method = "crypt";

 if ($crypt_not_supported) {
     $crypt_method = "md5";
 }

 # Some platforms won't jump through our favorite hoops
 #
 my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others?
 my $not_unix = $^O =~ /(?:$not_unix_platforms)/;

 if ($crypt_not_supported) {
     $crypt_method = "md5";
 }

 if (@ARGV[0] eq "-d") {
     shift @ARGV;
     if ($crypt_not_supported) {
         print STDERR
               "Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
     }
     $crypt_method = "crypt";
 }

 if (@ARGV[0] eq "-m") {
     shift @ARGV;
     $crypt_method = "md5";
 }

 if (@ARGV[0] eq "-p") {
     shift @ARGV;
     if (!$crypt_not_supported) {
         print STDERR
               "Warning: Apache/$^O does not support plaintext passwords!\n\n";
     }
     $crypt_method = "plain";
 }

 if (@ARGV[0] eq "-s") {
     shift @ARGV;
     need_sha1_crypt();
     $crypt_method = "sha1";
 }

 if ($crypt_method eq "md5") {
     need_md5_crypt();
 }

 my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;

 usage() unless $file and $command and defined &{$dbmc::{$command}};

 # remove extension if any
 my $chop = join '|', qw{db.? pag dir};
 $file =~ s/\.($chop)$//;

 my $is_update = $command eq "update";
 my %DB = ();
 my @range = ();
 my($mode, $flags) = $command =~
     /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT);

 tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!";
 dbmc->$command();
 untie %DB;


 my $x;
 sub genseed {
     my $psf;
     if ($not_unix) {
         srand (time ^ $$ or time ^ ($$ + ($$ << 15)));
     }
     else {
         for (qw(-xlwwa -le)) {
             `ps $_ 2>/dev/null`;
             $psf = $_, last unless $?;
         }
         srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`));
     }
     @range = (qw(. /), '0'..'9','a'..'z','A'..'Z');
     $x = int scalar @range;
 }

 sub randchar {
     join '', map $range[rand $x], 1..shift||1;
 }

 sub saltpw_crypt {
     genseed() unless @range;
     return $newstyle_salt ?
         join '', "_", randchar, "a..", randchar(4) :
         randchar(2);
 }

 sub cryptpw_crypt {
     my ($pw, $salt) = @_;
     $salt = saltpw_crypt unless $salt;
     crypt $pw, $salt;
 }

 sub saltpw_md5 {
     genseed() unless @range;
     randchar(8);
 }

 sub cryptpw_md5 {
     my($pw, $salt) = @_;
     $salt = saltpw_md5 unless $salt;
     Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
 }

 sub cryptpw_sha1 {
     my($pw, $salt) = @_;
     '{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
 }

 sub cryptpw {
     if ($crypt_method eq "md5") {
         return cryptpw_md5(@_);
     } elsif ($crypt_method eq "sha1") {
         return cryptpw_sha1(@_);
     } elsif ($crypt_method eq "crypt") {
         return cryptpw_crypt(@_);
     }
     @_[0]; # otherwise return plaintext
 }

 sub getpass {
     my $prompt = shift || "Enter password:";

     unless($not_unix) {
         open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
         system "stty -echo;";
     }

     my($c,$pwd);
     print STDERR $prompt;
     while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {
         $pwd .= $c;
     }

     system "stty echo" unless $not_unix;
     print STDERR "\n";
     die "Can't use empty password!\n" unless length $pwd;
     return $pwd;
 }

 sub dbmc::update {
     die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
     $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
     $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
     $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
     if (!$crypted_pwd || $crypted_pwd eq '-') {
         dbmc->adduser;
     }
     else {
         dbmc->add;
     }
 }

 sub dbmc::add {
     die "Can't use empty password!\n" unless $crypted_pwd;
     unless($is_update) {
         die "Sorry, user `$key' already exists!\n" if $DB{$key};
     }
     $groups = '' if $groups eq '-';
     $comment = '' if $comment eq '-';
     $groups .= ":" . $comment if $comment;
     $crypted_pwd .= ":" . $groups if $groups;
     $DB{$key} = $crypted_pwd;
     my $action = $is_update ? "updated" : "added";
     print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
 }

 sub dbmc::adduser {
     my $value = getpass "New password:";
     die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
     $crypted_pwd = cryptpw $value;
     dbmc->add;
 }

 sub dbmc::delete {
     die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
     delete $DB{$key}, print "`$key' deleted\n";
 }

 sub dbmc::view {
     print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;
 }

 sub dbmc::check {
     die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
     my $chkpass = (split /:/, $DB{$key}, 3)[0];
     my $testpass = getpass();
     if (substr($chkpass, 0, 6) eq '$apr1$') {
         need_md5_crypt;
         $crypt_method = "md5";
     } elsif (substr($chkpass, 0, 5) eq '{SHA}') {
         need_sha1_crypt;
         $crypt_method = "sha1";
     } elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
         $crypt_method = "crypt";
     } else {
         $crypt_method = "plain";
     }
     print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass
                            ? " password ok\n" : " password mismatch\n");
 }

 sub dbmc::import {
     while(defined($_ = <STDIN>) and chomp) {
         ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;
         dbmc->add;
     }
 }
	#!@perlbin@
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	#for more functionality see the HTTPD::UserAdmin module:
	# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
	#
	# usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment>

	package dbmmanage;
	# -ldb -lndbm -lgdbm -lsdbm
	BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) }
	use strict;
	use Fcntl;
	use AnyDBM_File ();

	sub usage {
	my $cmds = join "\|", sort keys %dbmc::;
	die <<SYNTAX;
	Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]

	where enc is -d for crypt encryption (default except on Win32, Netware)
	-m for MD5 encryption (default on Win32, Netware)
	-s for SHA1 encryption
	-p for plaintext

	command is one of: $cmds

	pw of . for update command retains the old password
	pw of - (or blank) for update command prompts for the password

	groups or comment of . (or blank) for update command retains old values
	groups or comment of - for update command clears the existing value
	groups or comment of - for add and adduser commands is the empty value
	SYNTAX
	}

	sub need_sha1_crypt {
	if (!eval ('require "Digest/SHA1.pm";')) {
	print STDERR <<SHAERR;
	dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
	available from CPAN:

	http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz

	Please install Digest::SHA1 and try again, or use a different crypt option:

	SHAERR
	usage();
	}
	}

	sub need_md5_crypt {
	if (!eval ('require "Crypt/PasswdMD5.pm";')) {
	print STDERR <<MD5ERR;
	dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN

	http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz

	Please install Crypt::PasswdMD5 and try again, or use a different crypt option:

	MD5ERR
	usage();
	}
	}

	# if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains
	# four bytes of iteration count and four bytes of salt). Otherwise, just use
	# the traditional two-byte salt.
	# see the man page on your system to decide if you have a newer crypt() lib.
	# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
	# The new style crypt() allows up to 20 characters of the password to be
	# significant rather than only 8.
	#
	my $newstyle_salt_platforms = join '\|', qw{bsdos}; #others?
	my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;

	# Some platforms just can't crypt() for Apache
	#
	my $crypt_not_supported_platforms = join '\|', qw{MSWin32 NetWare}; #others?
	my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;

	my $crypt_method = "crypt";

	if ($crypt_not_supported) {
	$crypt_method = "md5";
	}

	# Some platforms won't jump through our favorite hoops
	#
	my $not_unix_platforms = join '\|', qw{MSWin32 NetWare}; #others?
	my $not_unix = $^O =~ /(?:$not_unix_platforms)/;

	if ($crypt_not_supported) {
	$crypt_method = "md5";
	}

	if (@ARGV[0] eq "-d") {
	shift @ARGV;
	if ($crypt_not_supported) {
	print STDERR
	"Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
	}
	$crypt_method = "crypt";
	}

	if (@ARGV[0] eq "-m") {
	shift @ARGV;
	$crypt_method = "md5";
	}

	if (@ARGV[0] eq "-p") {
	shift @ARGV;
	if (!$crypt_not_supported) {
	print STDERR
	"Warning: Apache/$^O does not support plaintext passwords!\n\n";
	}
	$crypt_method = "plain";
	}

	if (@ARGV[0] eq "-s") {
	shift @ARGV;
	need_sha1_crypt();
	$crypt_method = "sha1";
	}

	if ($crypt_method eq "md5") {
	need_md5_crypt();
	}

	my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;

	usage() unless $file and $command and defined &{$dbmc::{$command}};

	# remove extension if any
	my $chop = join '\|', qw{db.? pag dir};
	$file =~ s/\.($chop)$//;

	my $is_update = $command eq "update";
	my %DB = ();
	my @range = ();
	my($mode, $flags) = $command =~
	/^(?:view\|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR\|O_CREAT);

	tie (%DB, "AnyDBM_File", $file, $flags, $mode) \|\| die "Can't tie $file: $!";
	dbmc->$command();
	untie %DB;


	my $x;
	sub genseed {
	my $psf;
	if ($not_unix) {
	srand (time ^ $$ or time ^ ($$ + ($$ << 15)));
	}
	else {
	for (qw(-xlwwa -le)) {
	`ps $_ 2>/dev/null`;
	$psf = $_, last unless $?;
	}
	srand (time ^ $$ ^ unpack("%L*", `ps $psf \| gzip -f`));
	}
	@range = (qw(. /), '0'..'9','a'..'z','A'..'Z');
	$x = int scalar @range;
	}

	sub randchar {
	join '', map $range[rand $x], 1..shift\|\|1;
	}

	sub saltpw_crypt {
	genseed() unless @range;
	return $newstyle_salt ?
	join '', "_", randchar, "a..", randchar(4) :
	randchar(2);
	}

	sub cryptpw_crypt {
	my ($pw, $salt) = @_;
	$salt = saltpw_crypt unless $salt;
	crypt $pw, $salt;
	}

	sub saltpw_md5 {
	genseed() unless @range;
	randchar(8);
	}

	sub cryptpw_md5 {
	my($pw, $salt) = @_;
	$salt = saltpw_md5 unless $salt;
	Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
	}

	sub cryptpw_sha1 {
	my($pw, $salt) = @_;
	'{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
	}

	sub cryptpw {
	if ($crypt_method eq "md5") {
	return cryptpw_md5(@_);
	} elsif ($crypt_method eq "sha1") {
	return cryptpw_sha1(@_);
	} elsif ($crypt_method eq "crypt") {
	return cryptpw_crypt(@_);
	}
	@_[0]; # otherwise return plaintext
	}

	sub getpass {
	my $prompt = shift \|\| "Enter password:";

	unless($not_unix) {
	open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
	system "stty -echo;";
	}

	my($c,$pwd);
	print STDERR $prompt;
	while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {
	$pwd .= $c;
	}

	system "stty echo" unless $not_unix;
	print STDERR "\n";
	die "Can't use empty password!\n" unless length $pwd;
	return $pwd;
	}

	sub dbmc::update {
	die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
	$crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
	$groups = (split /:/, $DB{$key}, 3)[1] if !$groups \|\| $groups eq '.';
	$comment = (split /:/, $DB{$key}, 3)[2] if !$comment \|\| $comment eq '.';
	if (!$crypted_pwd \|\| $crypted_pwd eq '-') {
	dbmc->adduser;
	}
	else {
	dbmc->add;
	}
	}

	sub dbmc::add {
	die "Can't use empty password!\n" unless $crypted_pwd;
	unless($is_update) {
	die "Sorry, user `$key' already exists!\n" if $DB{$key};
	}
	$groups = '' if $groups eq '-';
	$comment = '' if $comment eq '-';
	$groups .= ":" . $comment if $comment;
	$crypted_pwd .= ":" . $groups if $groups;
	$DB{$key} = $crypted_pwd;
	my $action = $is_update ? "updated" : "added";
	print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
	}

	sub dbmc::adduser {
	my $value = getpass "New password:";
	die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
	$crypted_pwd = cryptpw $value;
	dbmc->add;
	}

	sub dbmc::delete {
	die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
	delete $DB{$key}, print "`$key' deleted\n";
	}

	sub dbmc::view {
	print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;
	}

	sub dbmc::check {
	die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
	my $chkpass = (split /:/, $DB{$key}, 3)[0];
	my $testpass = getpass();
	if (substr($chkpass, 0, 6) eq '$apr1$') {
	need_md5_crypt;
	$crypt_method = "md5";
	} elsif (substr($chkpass, 0, 5) eq '{SHA}') {
	need_sha1_crypt;
	$crypt_method = "sha1";
	} elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
	$crypt_method = "crypt";
	} else {
	$crypt_method = "plain";
	}
	print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass
	? " password ok\n" : " password mismatch\n");
	}

	sub dbmc::import {
	while(defined($_ = <STDIN>) and chomp) {
	($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;
	dbmc->add;
	}
	}