1 /* Copyright 2000-2004 Apache Software Foundation
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 /******************************************************************************
17 ******************************************************************************
18 * NOTE! This program is not safe as a setuid executable! Do not make it
20 ******************************************************************************
21 *****************************************************************************/
23 * htdigest.c: simple program for manipulating digest passwd file for Apache
25 * by Alexei Kosut, based on htpasswd.c, by Rob McCool
29 #include "apr_file_io.h"
31 #include "apr_lib.h" /* for apr_getpass() */
32 #include "apr_general.h"
33 #include "apr_signal.h"
34 #include "apr_strings.h" /* for apr_pstrdup() */
36 #define APR_WANT_STDIO
37 #define APR_WANT_STRFUNC
40 #if APR_HAVE_SYS_TYPES_H
41 #include <sys/types.h>
52 #if APR_CHARSET_EBCDIC
58 #endif /* APR_CHARSET_EBCDIC */
60 #define MAX_STRING_LEN 256
62 /* DELONCLOSE is quite cool, but:
63 * we need to close the file before we can copy it.
64 * otherwise it's locked by the system ;-(
66 * XXX: Other systems affected? (Netware?, OS2?)
69 #define OMIT_DELONCLOSE 1
72 apr_file_t *tfp = NULL;
74 #if APR_CHARSET_EBCDIC
75 apr_xlate_t *to_ascii;
78 static void cleanup_tempfile_and_exit(int rc)
81 #ifdef OMIT_DELONCLOSE
82 const char *cfilename;
83 char *filename = NULL;
85 if (apr_file_name_get(&cfilename, tfp) == APR_SUCCESS) {
86 filename = apr_pstrdup(cntxt, cfilename);
91 #ifdef OMIT_DELONCLOSE
93 apr_file_remove(filename, cntxt);
101 static void getword(char *word, char *line, char stop)
105 for (x = 0; ((line[x]) && (line[x] != stop)); x++)
113 while ((line[y++] = line[x++]));
116 static int get_line(char *s, int n, apr_file_t *f)
120 apr_status_t rv = APR_EINVAL;
122 while (i < (n - 1) &&
123 ((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {
130 if (rv != APR_SUCCESS)
136 static void putline(apr_file_t *f, char *l)
140 for (x = 0; l[x]; x++)
141 apr_file_putc(l[x], f);
145 static void add_password(const char *user, const char *realm, apr_file_t *f)
148 apr_md5_ctx_t context;
149 unsigned char digest[16];
150 char string[MAX_STRING_LEN];
151 char pwin[MAX_STRING_LEN];
152 char pwv[MAX_STRING_LEN];
154 apr_size_t len = sizeof(pwin);
156 if (apr_password_get("New password: ", pwin, &len) != APR_SUCCESS) {
157 fprintf(stderr, "password too long");
158 cleanup_tempfile_and_exit(5);
161 apr_password_get("Re-type new password: ", pwv, &len);
162 if (strcmp(pwin, pwv) != 0) {
163 fprintf(stderr, "They don't match, sorry.\n");
164 cleanup_tempfile_and_exit(1);
167 apr_file_printf(f, "%s:%s:", user, realm);
170 sprintf(string, "%s:%s:%s", user, realm, pw);
172 apr_md5_init(&context);
173 #if APR_CHARSET_EBCDIC
174 apr_md5_set_xlate(&context, to_ascii);
176 apr_md5_update(&context, (unsigned char *) string, strlen(string));
177 apr_md5_final(digest, &context);
179 for (i = 0; i < 16; i++)
180 apr_file_printf(f, "%02x", digest[i]);
182 apr_file_printf(f, "\n");
185 static void usage(void)
187 fprintf(stderr, "Usage: htdigest [-c] passwordfile realm username\n");
188 fprintf(stderr, "The -c flag creates a new file.\n");
192 static void interrupted(void)
194 fprintf(stderr, "Interrupted.\n");
195 cleanup_tempfile_and_exit(1);
198 static void terminate(void)
206 int main(int argc, const char * const argv[])
210 char tn[] = "htdigest.tmp.XXXXXX";
211 char user[MAX_STRING_LEN];
212 char realm[MAX_STRING_LEN];
213 char line[MAX_STRING_LEN];
214 char l[MAX_STRING_LEN];
215 char w[MAX_STRING_LEN];
216 char x[MAX_STRING_LEN];
217 char command[MAX_STRING_LEN];
220 apr_app_initialize(&argc, &argv, NULL);
222 apr_pool_create(&cntxt, NULL);
224 #if APR_CHARSET_EBCDIC
225 rv = apr_xlate_open(&to_ascii, "ISO8859-1", APR_DEFAULT_CHARSET, cntxt);
227 fprintf(stderr, "apr_xlate_open(): %s (%d)\n",
228 apr_strerror(rv, line, sizeof(line)), rv);
233 apr_signal(SIGINT, (void (*)(int)) interrupted);
235 if (strcmp(argv[1], "-c"))
237 rv = apr_file_open(&f, argv[2], APR_WRITE | APR_CREATE, -1, cntxt);
238 if (rv != APR_SUCCESS) {
241 fprintf(stderr, "Could not open passwd file %s for writing: %s\n",
243 apr_strerror(rv, errmsg, sizeof errmsg));
246 printf("Adding password for %s in realm %s.\n", argv[4], argv[3]);
247 add_password(argv[4], argv[3], f);
254 if (apr_file_mktemp(&tfp, tn,
255 #ifdef OMIT_DELONCLOSE
256 APR_CREATE | APR_READ | APR_WRITE | APR_EXCL
260 , cntxt) != APR_SUCCESS) {
261 fprintf(stderr, "Could not open temp file.\n");
265 if (apr_file_open(&f, argv[1], APR_READ, -1, cntxt) != APR_SUCCESS) {
267 "Could not open passwd file %s for reading.\n", argv[1]);
268 fprintf(stderr, "Use -c option to create new one.\n");
269 cleanup_tempfile_and_exit(1);
271 apr_cpystrn(user, argv[3], sizeof(user));
272 apr_cpystrn(realm, argv[2], sizeof(realm));
275 while (!(get_line(line, MAX_STRING_LEN, f))) {
276 if (found || (line[0] == '#') || (!line[0])) {
283 if (strcmp(user, w) || strcmp(realm, x)) {
288 printf("Changing password for user %s in realm %s\n", user, realm);
289 add_password(user, realm, tfp);
294 printf("Adding user %s in realm %s\n", user, realm);
295 add_password(user, realm, tfp);
298 #if defined(OS2) || defined(WIN32)
299 sprintf(command, "copy \"%s\" \"%s\"", tn, argv[1]);
301 sprintf(command, "cp %s %s", tn, argv[1]);
304 #ifdef OMIT_DELONCLOSE
307 apr_file_remove(tn, cntxt);