From 52184d64fa261201524f271aa15628ba598c084b Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Mon, 25 Sep 2000 19:06:40 +0000
Subject: [PATCH]   Cleaner feature tests and new -d -m -s -p options for
 crypt, MD5, SHA1   and plaintext password cyphers.  Not certain what the $^O
 tag for   NETWARE really is, so this may need to be fixed.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@86321 13f79535-47bb-0310-9956-ffa450edef68
---
 STATUS            |   6 +-
 support/dbmmanage | 229 +++++++++++++++++++++++++++++++++-------------
 2 files changed, 166 insertions(+), 69 deletions(-)

diff --git a/STATUS b/STATUS
index 3dab1d2902..2864a47a51 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 Apache 2.0 STATUS:
-Last modified at [$Date: 2000/09/02 11:32:42 $]
+Last modified at [$Date: 2000/09/25 19:06:39 $]
 
 Release:
 
@@ -136,10 +136,6 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
     * configuration option to use *DBM
       Status: Greg +1 (volunteers)
 
-    * add SDBM into src/lib/sdbm/ as a default/fallback DBM implementation.
-      SDBM is used by Perl, mod_dav, mod_sssl, others for basic DBM support.
-      Status: Greg +1 (volunteers)
-
     * Integrate mod_dav.
         Message-id: <20000625173247.M29590@lyra.org>
         Status: works. passes initial regression testing. Joe Orton
diff --git a/support/dbmmanage b/support/dbmmanage
index 0617496009..0a3da6cad8 100644
--- a/support/dbmmanage
+++ b/support/dbmmanage
@@ -1,65 +1,64 @@
 #!/usr/local/bin/perl
+
 # ====================================================================
-# The Apache Software License, Version 1.1
-#
-# Copyright (c) 2000 The Apache Software Foundation.  All rights
-# reserved.
+# Copyright (c) 1995-1999 The Apache Group.  All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 #
 # 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
+#    notice, this list of conditions and the following disclaimer. 
 #
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in
 #    the documentation and/or other materials provided with the
 #    distribution.
 #
-# 3. The end-user documentation included with the redistribution,
-#    if any, must include the following acknowledgment:
-#       "This product includes software developed by the
-#        Apache Software Foundation (http://www.apache.org/)."
-#    Alternately, this acknowledgment may appear in the software itself,
-#    if and wherever such third-party acknowledgments normally appear.
+# 3. All advertising materials mentioning features or use of this
+#    software must display the following acknowledgment:
+#    "This product includes software developed by the Apache Group
+#    for use in the Apache HTTP server project (http://www.apache.org/)."
 #
-# 4. The names "Apache" and "Apache Software Foundation" must
-#    not be used to endorse or promote products derived from this
-#    software without prior written permission. For written
-#    permission, please contact apache@apache.org.
+# 4. The names "Apache Server" and "Apache Group" must not be used to
+#    endorse or promote products derived from this software without
+#    prior written permission. For written permission, please contact
+#    apache@apache.org.
 #
-# 5. Products derived from this software may not be called "Apache",
-#    nor may "Apache" appear in their name, without prior written
-#    permission of the Apache Software Foundation.
+# 5. Products derived from this software may not be called "Apache"
+#    nor may "Apache" appear in their names without prior written
+#    permission of the Apache Group.
 #
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+# 6. Redistributions of any form whatsoever must retain the following
+#    acknowledgment:
+#    "This product includes software developed by the Apache Group
+#    for use in the Apache HTTP server project (http://www.apache.org/)."
+#
+# THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
 # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 # ====================================================================
 #
 # This software consists of voluntary contributions made by many
-# individuals on behalf of the Apache Software Foundation.  For more
-# information on the Apache Software Foundation, please see
-# <http://www.apache.org/>.
-#
-# Portions of this software are based upon public domain software
-# originally written at the National Center for Supercomputing Applications,
-# University of Illinois, Urbana-Champaign.
-#
+# individuals on behalf of the Apache Group and was originally based
+# on public domain software written at the National Center for
+# Supercomputing Applications, University of Illinois, Urbana-Champaign.
+# For more information on the Apache Group and the Apache HTTP server
+# project, please see <http://www.apache.org/>.
+
 #for more functionality see the HTTPD::UserAdmin module:
 # http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
 #
-# usage: dbmmanage <DBMfile> <command> <key> <value>
+# usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment>
 
 package dbmmanage;
 #                               -ldb    -lndbm    -lgdbm    -lsdbm
@@ -67,10 +66,8 @@ BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) }
 use strict;
 use Fcntl;
 use AnyDBM_File ();
-
-my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;
-
-usage() unless $file and $command and defined &{$dbmc::{$command}};
+use Crypt::PasswdMD5 qw(apache_md5_crypt); # http://www.cpan.org/modules/by-module/Crypt/
+use Digest::SHA1 qw(sha1_base64);          # http://www.cpan.org/modules/by-module/MD5/
 
 # if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains
 # four bytes of iteration count and four bytes of salt).  Otherwise, just use
@@ -79,14 +76,67 @@ usage() unless $file and $command and defined &{$dbmc::{$command}};
 # I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
 # The new style crypt() allows up to 20 characters of the password to be
 # significant rather than only 8.
-my $newstyle_salt = join '|', qw{bsdos}; #others?
+#
+my $newstyle_salt_platforms = join '|', qw{bsdos}; #others?
+my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;
+
+# Some platforms just can't crypt() for Apache
+#
+my $crypt_not_supported_platforms = join '|', qw{MSWin32 netware}; #others?
+my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;
+
+my $crypt_method = "crypt";
+
+if ($crypt_not_supported) {
+    $crypt_method = "md5";
+}
+
+# Some platforms won't jump through our favorite hoops
+#
+my $not_unix_platforms = join '|', qw{MSWin32 netware}; #others?
+my $not_unix = $^O =~ /(?:$not_unix_platforms)/;
+
+if ($crypt_not_supported) {
+    $crypt_method = "md5";
+}
+
+if (@ARGV[0] eq "-d") {
+    shift @ARGV;
+    if ($crypt_not_supported) {
+        print STDERR 
+              "Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
+    }
+    $crypt_method = "crypt";
+}
+
+if (@ARGV[0] eq "-m") {
+    shift @ARGV;
+    $crypt_method = "md5";
+}
+
+if (@ARGV[0] eq "-p") {
+    shift @ARGV;
+    if (!$crypt_not_supported) {
+        print STDERR 
+              "Warning: Apache/$^O does not support plaintext passwords!\n\n";
+    }
+    $crypt_method = "plain";
+}
+
+if (@ARGV[0] eq "-s") {
+    shift @ARGV;
+    $crypt_method = "sha1";
+}
+
+my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;
+
+usage() unless $file and $command and defined &{$dbmc::{$command}};
 
 # remove extension if any
 my $chop = join '|', qw{db.? pag dir};
 $file =~ s/\.($chop)$//;
 
 my $is_update = $command eq "update";
-my $Is_Win32  = $^O eq "MSWin32"; 
 my %DB = ();
 my @range = ();
 my($mode, $flags) = $command =~ 
@@ -99,23 +149,31 @@ untie %DB;
 sub usage {
     my $cmds = join "|", sort keys %dbmc::;
     die <<SYNTAX;
-Usage: dbmmanage dbname command [username [pw [group[,group] [comment]]]]
+Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
 
-    where command is one of: $cmds
+    where enc is  -d for crypt encryption (default except on Win32, Netware)
+                  -m for MD5 encryption (default on Win32, Netware)
+                  -s for SHA1 encryption
+                  -p for plaintext
 
-    pw of . for update retains the old password
-    pw of - (or blank) for update prompts for the password
+    command is one of: $cmds
 
-    groups or comment of . (or blank) for update retains old values
-    groups or comment of - for update clears the existing value
-    groups or comment of - for add or adduser is an empty value
+    pw of . for update command retains the old password
+    pw of - (or blank) for update command prompts for the password
+
+    groups or comment of . (or blank) for update command retains old values
+    groups or comment of - for update command clears the existing value
+    groups or comment of - for add and adduser commands is the empty value
+
+    Note that crypt is not accepted by Apache/Win32 or Apache/Netware,
+    and plaintext is accepted only by Apache/Win32 and Apache/Netware.
 SYNTAX
 }
 
 my $x;
 sub genseed {
     my $psf;
-    if ($Is_Win32) {
+    if ($not_unix) {
 	srand (time ^ $$ or time ^ ($$ + ($$ << 15)));
     }
     else {
@@ -133,18 +191,50 @@ sub randchar {
     join '', map $range[rand $x], 1..shift||1;
 }
 
-sub salt {
-    my $newstyle = $^O =~ /(?:$newstyle_salt)/;
+sub saltpw_crypt {
     genseed() unless @range; 
-    return $newstyle ? 
+    return $newstyle_salt ? 
 	join '', "_", randchar, "a..", randchar(4) :
         randchar(2);
 }
 
+sub cryptpw_crypt {
+    my ($pw, $salt) = @_;
+    $salt = saltpw_crypt unless $salt;
+    crypt $pw, $salt;
+}
+
+sub saltpw_md5 {
+    genseed() unless @range; 
+    randchar(8);
+}
+
+sub cryptpw_md5 {
+    my($pw, $salt) = @_;
+    $salt = saltpw_md5 unless $salt;
+    apache_md5_crypt $pw, $salt;
+}
+
+sub cryptpw_sha1 {
+    my($pw, $salt) = @_;
+    '{SHA}' . sha1_base64($pw) . "=";
+}
+
+sub cryptpw {
+    if ($crypt_method eq "md5") {
+        return cryptpw_md5(@_);
+    } elsif ($crypt_method eq "sha1") {
+        return cryptpw_sha1(@_);
+    } elsif ($crypt_method eq "crypt") {
+        return cryptpw_crypt(@_);
+    }
+    @_[0]; # otherwise return plaintext
+}
+
 sub getpass {
     my $prompt = shift || "Enter password:";
 
-    unless($Is_Win32) { 
+    unless($not_unix) { 
 	open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
 	system "stty -echo;";
     }
@@ -155,7 +245,7 @@ sub getpass {
 	$pwd .= $c;
     }
 
-    system "stty echo" unless $Is_Win32;
+    system "stty echo" unless $not_unix;
     print STDERR "\n";
     die "Can't use empty password!\n" unless length $pwd;
     return $pwd;
@@ -163,9 +253,9 @@ sub getpass {
 
 sub dbmc::update {
     die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
-    $crypted_pwd = (split /:/, $DB{$key}, 4)[0] if $crypted_pwd eq '.';
-    $groups = (split /:/, $DB{$key}, 4)[1] if !$groups || $groups eq '.';
-    $comment = (split /:/, $DB{$key}, 4)[2] if !$comment || $comment eq '.';
+    $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
+    $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
+    $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
     if (!$crypted_pwd || $crypted_pwd eq '-') {
         dbmc->adduser;
     }
@@ -185,13 +275,13 @@ sub dbmc::add {
     $crypted_pwd .= ":" . $groups if $groups;
     $DB{$key} = $crypted_pwd;
     my $action = $is_update ? "updated" : "added";
-    print "User $key $action with password encrypted to $DB{$key}\n";
+    print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
 }
 
 sub dbmc::adduser {
     my $value = getpass "New password:";
     die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
-    $crypted_pwd = crypt $value, caller->salt;
+    $crypted_pwd = cryptpw $value;
     dbmc->add;
 }
 
@@ -206,8 +296,19 @@ sub dbmc::view {
 
 sub dbmc::check {
     die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
-    my $chkpass = (split /:/, $DB{$key},4)[0];
-    print crypt(getpass(), $chkpass) eq $chkpass ? "password ok\n" : "password mismatch\n";
+    my $chkpass = (split /:/, $DB{$key}, 3)[0];
+    my $testpass = getpass();
+    if (substr($chkpass, 0, 6) eq '$apr1$') {
+        $crypt_method = "md5";
+    } elsif (substr($chkpass, 0, 5) eq '{SHA}') {
+        $crypt_method = "sha1";
+    } elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
+        $crypt_method = "crypt";
+    } else {
+        $crypt_method = "plain";
+    }
+    print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass 
+                           ? " password ok\n" : " password mismatch\n");
 }
 
 sub dbmc::import {
-- 
2.50.1