3 # Licensed to the Apache Software Foundation (ASF) under one or more
4 # contributor license agreements. See the NOTICE file distributed with
5 # this work for additional information regarding copyright ownership.
6 # The ASF licenses this file to You under the Apache License, Version 2.0
7 # (the "License"); you may not use this file except in compliance with
8 # the License. You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
18 #for more functionality see the HTTPD::UserAdmin module:
19 # http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
21 # usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment>
24 # -ldb -lndbm -lgdbm -lsdbm
25 BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) }
31 my $cmds = join "|", sort keys %dbmc::;
33 Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
35 where enc is -d for crypt encryption (default except on Win32, Netware)
36 -m for MD5 encryption (default on Win32, Netware)
37 -s for SHA1 encryption
40 command is one of: $cmds
42 pw of . for update command retains the old password
43 pw of - (or blank) for update command prompts for the password
45 groups or comment of . (or blank) for update command retains old values
46 groups or comment of - for update command clears the existing value
47 groups or comment of - for add and adduser commands is the empty value
52 if (!eval ('require "Digest/SHA1.pm";')) {
53 print STDERR <<SHAERR;
54 dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
57 http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz
59 Please install Digest::SHA1 and try again, or use a different crypt option:
67 if (!eval ('require "Crypt/PasswdMD5.pm";')) {
68 print STDERR <<MD5ERR;
69 dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN
71 http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz
73 Please install Crypt::PasswdMD5 and try again, or use a different crypt option:
80 # if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains
81 # four bytes of iteration count and four bytes of salt). Otherwise, just use
82 # the traditional two-byte salt.
83 # see the man page on your system to decide if you have a newer crypt() lib.
84 # I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
85 # The new style crypt() allows up to 20 characters of the password to be
86 # significant rather than only 8.
88 my $newstyle_salt_platforms = join '|', qw{bsdos}; #others?
89 my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;
91 # Some platforms just can't crypt() for Apache
93 my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others?
94 my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;
96 my $crypt_method = "crypt";
98 if ($crypt_not_supported) {
99 $crypt_method = "md5";
102 # Some platforms won't jump through our favorite hoops
104 my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others?
105 my $not_unix = $^O =~ /(?:$not_unix_platforms)/;
107 if ($crypt_not_supported) {
108 $crypt_method = "md5";
111 if (@ARGV[0] eq "-d") {
113 if ($crypt_not_supported) {
115 "Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
117 $crypt_method = "crypt";
120 if (@ARGV[0] eq "-m") {
122 $crypt_method = "md5";
125 if (@ARGV[0] eq "-p") {
127 if (!$crypt_not_supported) {
129 "Warning: Apache/$^O does not support plaintext passwords!\n\n";
131 $crypt_method = "plain";
134 if (@ARGV[0] eq "-s") {
137 $crypt_method = "sha1";
140 if ($crypt_method eq "md5") {
144 my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;
146 usage() unless $file and $command and defined &{$dbmc::{$command}};
148 # remove extension if any
149 my $chop = join '|', qw{db.? pag dir};
150 $file =~ s/\.($chop)$//;
152 my $is_update = $command eq "update";
155 my($mode, $flags) = $command =~
156 /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT);
158 tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!";
167 srand (time ^ $$ or time ^ ($$ + ($$ << 15)));
170 for (qw(-xlwwa -le)) {
172 $psf = $_, last unless $?;
174 srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`));
176 @range = (qw(. /), '0'..'9','a'..'z','A'..'Z');
177 $x = int scalar @range;
181 join '', map $range[rand $x], 1..shift||1;
185 genseed() unless @range;
186 return $newstyle_salt ?
187 join '', "_", randchar, "a..", randchar(4) :
192 my ($pw, $salt) = @_;
193 $salt = saltpw_crypt unless $salt;
198 genseed() unless @range;
204 $salt = saltpw_md5 unless $salt;
205 Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
210 '{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
214 if ($crypt_method eq "md5") {
215 return cryptpw_md5(@_);
216 } elsif ($crypt_method eq "sha1") {
217 return cryptpw_sha1(@_);
218 } elsif ($crypt_method eq "crypt") {
219 return cryptpw_crypt(@_);
221 @_[0]; # otherwise return plaintext
225 my $prompt = shift || "Enter password:";
228 open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
229 system "stty -echo;";
233 print STDERR $prompt;
234 while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {
238 system "stty echo" unless $not_unix;
240 die "Can't use empty password!\n" unless length $pwd;
245 die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
246 $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
247 $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
248 $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
249 if (!$crypted_pwd || $crypted_pwd eq '-') {
258 die "Can't use empty password!\n" unless $crypted_pwd;
260 die "Sorry, user `$key' already exists!\n" if $DB{$key};
262 $groups = '' if $groups eq '-';
263 $comment = '' if $comment eq '-';
264 $groups .= ":" . $comment if $comment;
265 $crypted_pwd .= ":" . $groups if $groups;
266 $DB{$key} = $crypted_pwd;
267 my $action = $is_update ? "updated" : "added";
268 print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
272 my $value = getpass "New password:";
273 die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
274 $crypted_pwd = cryptpw $value;
279 die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
280 delete $DB{$key}, print "`$key' deleted\n";
284 print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;
288 die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
289 my $chkpass = (split /:/, $DB{$key}, 3)[0];
290 my $testpass = getpass();
291 if (substr($chkpass, 0, 6) eq '$apr1$') {
293 $crypt_method = "md5";
294 } elsif (substr($chkpass, 0, 5) eq '{SHA}') {
296 $crypt_method = "sha1";
297 } elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
298 $crypt_method = "crypt";
300 $crypt_method = "plain";
302 print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass
303 ? " password ok\n" : " password mismatch\n");
307 while(defined($_ = <STDIN>) and chomp) {
308 ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;