1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
55 /******************************************************************************
56 ******************************************************************************
57 * NOTE! This program is not safe as a setuid executable! Do not make it
59 ******************************************************************************
60 *****************************************************************************/
62 * htdigest.c: simple program for manipulating digest passwd file for Apache
64 * by Alexei Kosut, based on htpasswd.c, by Rob McCool
68 #include "apr_file_io.h"
70 #include "apr_lib.h" /* for apr_getpass() */
71 #include "apr_general.h"
77 #if APR_HAVE_SYS_TYPES_H
78 #include <sys/types.h>
81 #if APR_HAVE_SYS_SIGNAL_H
82 #include <sys/signal.h>
95 #if APR_CHARSET_EBCDIC
101 #endif /* APR_CHARSET_EBCDIC */
103 #define MAX_STRING_LEN 256
107 #if APR_CHARSET_EBCDIC
108 apr_xlate_t *to_ascii;
111 static void getword(char *word, char *line, char stop)
115 for (x = 0; ((line[x]) && (line[x] != stop)); x++)
123 while ((line[y++] = line[x++]));
126 static int getline(char *s, int n, apr_file_t *f)
132 apr_file_getc(&ch, f);
136 apr_file_getc(&ch, f);
139 if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) {
141 if (apr_file_eof(f) == APR_EOF) {
150 static void putline(apr_file_t *f, char *l)
154 for (x = 0; l[x]; x++)
155 apr_file_putc(l[x], f);
156 apr_file_putc('\n', f);
160 static void add_password(char *user, char *realm, apr_file_t *f)
163 apr_md5_ctx_t context;
164 unsigned char digest[16];
165 char string[MAX_STRING_LEN];
166 char pwin[MAX_STRING_LEN];
167 char pwv[MAX_STRING_LEN];
169 size_t len = sizeof(pwin);
171 if (apr_password_get("New password: ", pwin, &len) != APR_SUCCESS) {
172 fprintf(stderr, "password too long");
176 apr_password_get("Re-type new password: ", pwv, &len);
177 if (strcmp(pwin, pwv) != 0) {
178 fprintf(stderr, "They don't match, sorry.\n");
180 apr_file_remove(tn, cntxt);
185 apr_file_printf(f, "%s:%s:", user, realm);
188 sprintf(string, "%s:%s:%s", user, realm, pw);
190 apr_md5_init(&context);
191 #if APR_CHARSET_EBCDIC
192 apr_md5_set_xlate(&context, to_ascii);
194 apr_md5_update(&context, (unsigned char *) string, strlen(string));
195 apr_md5_final(digest, &context);
197 for (i = 0; i < 16; i++)
198 apr_file_printf(f, "%02x", digest[i]);
200 apr_file_printf(f, "\n");
203 static void usage(void)
205 fprintf(stderr, "Usage: htdigest [-c] passwordfile realm username\n");
206 fprintf(stderr, "The -c flag creates a new file.\n");
210 static void interrupted(void)
212 fprintf(stderr, "Interrupted.\n");
214 apr_file_remove(tn, cntxt);
218 static void terminate(void)
223 int main(int argc, char *argv[])
225 apr_file_t *tfp = NULL, *f;
227 char user[MAX_STRING_LEN];
228 char realm[MAX_STRING_LEN];
229 char line[MAX_STRING_LEN];
230 char l[MAX_STRING_LEN];
231 char w[MAX_STRING_LEN];
232 char x[MAX_STRING_LEN];
233 char command[MAX_STRING_LEN];
236 rv = apr_initialize();
238 fprintf(stderr, "apr_initialize(): %s (%d)\n",
239 apr_strerror(rv, line, sizeof(line)), rv);
243 apr_pool_create(&cntxt, NULL);
245 #if APR_CHARSET_EBCDIC
246 rv = apr_xlate_open(&to_ascii, "ISO8859-1", APR_DEFAULT_CHARSET, cntxt);
248 fprintf(stderr, "apr_xlate_open(): %s (%d)\n",
249 apr_strerror(rv, line, sizeof(line)), rv);
255 apr_signal(SIGINT, (void (*)(int)) interrupted);
257 if (strcmp(argv[1], "-c"))
259 rv = apr_file_open(&tfp, argv[2], APR_WRITE | APR_CREATE, -1, cntxt);
260 if (rv != APR_SUCCESS) {
263 fprintf(stderr, "Could not open passwd file %s for writing: %s\n",
265 apr_strerror(rv, errmsg, sizeof errmsg));
268 printf("Adding password for %s in realm %s.\n", argv[4], argv[3]);
269 add_password(argv[4], argv[3], tfp);
277 if (apr_file_open(&tfp, tn, APR_WRITE | APR_CREATE, -1, cntxt)!= APR_SUCCESS) {
278 fprintf(stderr, "Could not open temp file.\n");
282 if (apr_file_open(&f, argv[1], APR_READ, -1, cntxt) != APR_SUCCESS) {
284 "Could not open passwd file %s for reading.\n", argv[1]);
285 fprintf(stderr, "Use -c option to create new one.\n");
288 strcpy(user, argv[3]);
289 strcpy(realm, argv[2]);
292 while (!(getline(line, MAX_STRING_LEN, f))) {
293 if (found || (line[0] == '#') || (!line[0])) {
300 if (strcmp(user, w) || strcmp(realm, x)) {
305 printf("Changing password for user %s in realm %s\n", user, realm);
306 add_password(user, realm, tfp);
311 printf("Adding user %s in realm %s\n", user, realm);
312 add_password(user, realm, tfp);
316 #if defined(OS2) || defined(WIN32)
317 sprintf(command, "copy \"%s\" \"%s\"", tn, argv[1]);
319 sprintf(command, "cp %s %s", tn, argv[1]);
322 apr_file_remove(tn, cntxt);