1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * htdbm.c: simple program for manipulating DBM
19 * password databases for the Apache HTTP server
21 * Contributed by Mladen Turk <mturk mappingsoft.com>
25 #include "passwd_common.h"
26 #include "apr_file_io.h"
27 #include "apr_file_info.h"
28 #include "apr_pools.h"
29 #include "apr_signal.h"
33 #include "apr_getopt.h"
41 #if APR_HAVE_STRINGS_H
46 #if APR_CHARSET_EBCDIC
47 #include "apr_xlate.h"
48 #endif /*APR_CHARSET_EBCDIC*/
58 typedef struct htdbm_t htdbm_t;
62 struct passwd_ctx ctx;
63 #if APR_CHARSET_EBCDIC
64 apr_xlate_t *to_ascii;
76 #define HTDBM_DELETE 1
77 #define HTDBM_VERIFY 2
79 #define HTDBM_NOFILE 4
81 static void terminate(void)
89 static void htdbm_terminate(htdbm_t *htdbm)
92 apr_dbm_close(htdbm->dbm);
98 static void htdbm_interrupted(void)
101 fprintf(stderr, "htdbm Interrupted !\n");
102 exit(ERR_INTERRUPTED);
105 static apr_status_t htdbm_init(apr_pool_t **pool, htdbm_t **hdbm)
108 #if APR_CHARSET_EBCDIC
112 apr_pool_create( pool, NULL);
113 apr_pool_abort_set(abort_on_oom, *pool);
114 apr_file_open_stderr(&errfile, *pool);
115 apr_signal(SIGINT, (void (*)(int)) htdbm_interrupted);
117 (*hdbm) = (htdbm_t *)apr_pcalloc(*pool, sizeof(htdbm_t));
118 (*hdbm)->ctx.pool = *pool;
120 #if APR_CHARSET_EBCDIC
121 rv = apr_xlate_open(&((*hdbm)->to_ascii), "ISO-8859-1", APR_DEFAULT_CHARSET, (*hdbm)->ctx.pool);
123 fprintf(stderr, "apr_xlate_open(to ASCII)->%d\n", rv);
126 rv = apr_SHA1InitEBCDIC((*hdbm)->to_ascii);
128 fprintf(stderr, "apr_SHA1InitEBCDIC()->%d\n", rv);
131 rv = apr_MD5InitEBCDIC((*hdbm)->to_ascii);
133 fprintf(stderr, "apr_MD5InitEBCDIC()->%d\n", rv);
136 #endif /*APR_CHARSET_EBCDIC*/
138 /* Set MD5 as default */
139 (*hdbm)->ctx.alg = ALG_APMD5;
140 (*hdbm)->type = "default";
144 static apr_status_t htdbm_open(htdbm_t *htdbm)
147 return apr_dbm_open_ex(&htdbm->dbm, htdbm->type, htdbm->filename, APR_DBM_RWCREATE,
148 APR_OS_DEFAULT, htdbm->ctx.pool);
150 return apr_dbm_open_ex(&htdbm->dbm, htdbm->type, htdbm->filename,
151 htdbm->rdonly ? APR_DBM_READONLY : APR_DBM_READWRITE,
152 APR_OS_DEFAULT, htdbm->ctx.pool);
155 static apr_status_t htdbm_save(htdbm_t *htdbm, int *changed)
157 apr_datum_t key, val;
159 if (!htdbm->username)
162 key.dptr = htdbm->username;
163 key.dsize = strlen(htdbm->username);
164 if (apr_dbm_exists(htdbm->dbm, key))
167 val.dsize = strlen(htdbm->ctx.passwd);
169 val.dptr = htdbm->ctx.passwd;
171 val.dptr = apr_pstrcat(htdbm->ctx.pool, htdbm->ctx.passwd, ":",
172 htdbm->comment, NULL);
173 val.dsize += (strlen(htdbm->comment) + 1);
175 return apr_dbm_store(htdbm->dbm, key, val);
178 static apr_status_t htdbm_del(htdbm_t *htdbm)
182 key.dptr = htdbm->username;
183 key.dsize = strlen(htdbm->username);
184 if (!apr_dbm_exists(htdbm->dbm, key))
187 return apr_dbm_delete(htdbm->dbm, key);
190 static apr_status_t htdbm_verify(htdbm_t *htdbm)
192 apr_datum_t key, val;
196 key.dptr = htdbm->username;
197 key.dsize = strlen(htdbm->username);
198 if (!apr_dbm_exists(htdbm->dbm, key))
200 if (apr_dbm_fetch(htdbm->dbm, key, &val) != APR_SUCCESS)
202 rec = apr_pstrndup(htdbm->ctx.pool, val.dptr, val.dsize);
203 cmnt = strchr(rec, ':');
205 pwd = apr_pstrndup(htdbm->ctx.pool, rec, cmnt - rec);
207 pwd = apr_pstrdup(htdbm->ctx.pool, rec);
208 return apr_password_validate(htdbm->ctx.passwd, pwd);
211 static apr_status_t htdbm_list(htdbm_t *htdbm)
214 apr_datum_t key, val;
218 rv = apr_dbm_firstkey(htdbm->dbm, &key);
219 if (rv != APR_SUCCESS) {
220 fprintf(stderr, "Empty database -- %s\n", htdbm->filename);
223 fprintf(stderr, "Dumping records from database -- %s\n", htdbm->filename);
224 fprintf(stderr, " %-32s Comment\n", "Username");
225 while (key.dptr != NULL) {
226 rv = apr_dbm_fetch(htdbm->dbm, key, &val);
227 if (rv != APR_SUCCESS) {
228 fprintf(stderr, "Failed getting data from %s\n", htdbm->filename);
231 /* Note: we don't store \0-terminators on our dbm data */
232 fprintf(stderr, " %-32.*s", (int)key.dsize, key.dptr);
233 cmnt = memchr(val.dptr, ':', val.dsize);
235 fprintf(stderr, " %.*s", (int)(val.dptr+val.dsize - (cmnt+1)), cmnt + 1);
236 fprintf(stderr, "\n");
237 rv = apr_dbm_nextkey(htdbm->dbm, &key);
238 if (rv != APR_SUCCESS)
239 fprintf(stderr, "Failed getting NextKey\n");
243 fprintf(stderr, "Total #records : %d\n", i);
247 static int htdbm_make(htdbm_t *htdbm)
249 char cpw[MAX_STRING_LEN];
252 htdbm->ctx.out = cpw;
253 htdbm->ctx.out_len = sizeof(cpw);
254 ret = mkhash(&htdbm->ctx);
256 fprintf(stderr, "Error: %s\n", htdbm->ctx.errstr);
259 htdbm->ctx.passwd = apr_pstrdup(htdbm->ctx.pool, cpw);
263 static apr_status_t htdbm_valid_username(htdbm_t *htdbm)
265 if (!htdbm->username || (strlen(htdbm->username) > 64) || (strlen(htdbm->username) < 1)) {
266 fprintf(stderr, "Invalid username length\n");
269 if (strchr(htdbm->username, ':')) {
270 fprintf(stderr, "Username contains invalid characters\n");
276 static void htdbm_usage(void)
279 "htdbm -- program for manipulating DBM password databases.\n\n"
280 "Usage: htdbm [-cimBdpstvx] [-C cost] [-TDBTYPE] database username\n"
281 " -b[cmBdptsv] [-C cost] [-TDBTYPE] database username password\n"
282 " -n[imBdpst] [-C cost] username\n"
283 " -nb[mBdpst] [-C cost] username password\n"
284 " -v[imBdps] [-C cost] [-TDBTYPE] database username\n"
285 " -vb[mBdps] [-C cost] [-TDBTYPE] database username password\n"
286 " -x [-TDBTYPE] database username\n"
287 " -l [-TDBTYPE] database\n"
289 " -c Create a new database.\n"
290 " -n Don't update database; display results on stdout.\n"
291 " -b Use the password from the command line rather than prompting for it.\n"
292 " -i Read password from stdin without verification (for script usage).\n"
293 " -m Force MD5 encryption of the password (default).\n"
294 " -B Force BCRYPT encryption of the password (very secure).\n"
295 " -C Set the computing time used for the bcrypt algorithm\n"
296 " (higher is more secure but slower, default: %d, valid: 4 to 31).\n"
297 " -d Force CRYPT encryption of the password (8 chars max, insecure).\n"
298 " -s Force SHA encryption of the password (insecure).\n"
299 " -p Do not encrypt the password (plaintext, insecure).\n"
300 " -T DBM Type (SDBM|GDBM|DB|default).\n"
301 " -l Display usernames from database on stdout.\n"
302 " -v Verify the username/password.\n"
303 " -x Remove the username record from database.\n"
304 " -t The last param is username comment.\n"
305 "The SHA algorithm does not use a salt and is less secure than the "
307 BCRYPT_DEFAULT_COST);
311 int main(int argc, const char * const argv[])
315 char errbuf[MAX_STRING_LEN];
321 int cmd = HTDBM_MAKE;
322 int i, ret, args_left = 2;
327 apr_app_initialize(&argc, &argv, NULL);
330 if ((rv = htdbm_init(&pool, &h)) != APR_SUCCESS) {
331 fprintf(stderr, "Unable to initialize htdbm terminating!\n");
332 apr_strerror(rv, errbuf, sizeof(errbuf));
336 rv = apr_getopt_init(&state, pool, argc, argv);
337 if (rv != APR_SUCCESS)
340 while ((rv = apr_getopt(state, "cnmspdBbtivxlC:T:", &opt, &opt_arg)) == APR_SUCCESS) {
362 h->type = apr_pstrdup(h->ctx.pool, opt_arg);
373 ret = parse_common_options(&h->ctx, opt, opt_arg);
375 fprintf(stderr, "Error: %s\n", h->ctx.errstr);
380 if (h->ctx.passwd_src == PW_ARG) {
385 * Make sure we still have exactly the right number of arguments left
386 * (the filename, the username, and possibly the password if -b was
390 if (rv != APR_EOF || argc - i != args_left)
394 h->filename = apr_pstrdup(h->ctx.pool, argv[i++]);
395 if ((rv = htdbm_open(h)) != APR_SUCCESS) {
396 fprintf(stderr, "Error opening database %s\n", h->filename);
397 apr_strerror(rv, errbuf, sizeof(errbuf));
398 fprintf(stderr,"%s\n",errbuf);
403 h->username = apr_pstrdup(pool, argv[i++]);
404 if (htdbm_valid_username(h) != APR_SUCCESS)
407 if (h->ctx.passwd_src == PW_ARG)
408 h->ctx.passwd = apr_pstrdup(pool, argv[i++]);
411 ret = get_password(&h->ctx);
413 fprintf(stderr, "Error: %s\n", h->ctx.errstr);
418 h->comment = apr_pstrdup(pool, argv[i++]);
422 if ((rv = htdbm_verify(h)) != APR_SUCCESS) {
423 if (APR_STATUS_IS_ENOENT(rv)) {
424 fprintf(stderr, "The user '%s' could not be found in database\n", h->username);
428 fprintf(stderr, "Password mismatch for user '%s'\n", h->username);
429 exit(ERR_PWMISMATCH);
433 fprintf(stderr, "Password validated for user '%s'\n", h->username);
436 if (htdbm_del(h) != APR_SUCCESS) {
437 fprintf(stderr, "Cannot find user '%s' in database\n", h->username);
452 if (need_file && !h->rdonly) {
453 if ((rv = htdbm_save(h, &changed)) != APR_SUCCESS) {
454 apr_strerror(rv, errbuf, sizeof(errbuf));
457 fprintf(stdout, "Database %s %s.\n", h->filename,
458 h->create ? "created" : (changed ? "modified" : "updated"));
460 if (cmd == HTDBM_NOFILE) {
462 fprintf(stderr, "%s:%s\n", h->username, h->ctx.passwd);
465 fprintf(stderr, "%s:%s:%s\n", h->username, h->ctx.passwd,
471 return 0; /* Suppress compiler warning. */