1#!@perlbin@ 2# 3# Licensed to the Apache Software Foundation (ASF) under one or more 4# contributor license agreements. See the NOTICE file distributed with 5# this work for additional information regarding copyright ownership. 6# The ASF licenses this file to You under the Apache License, Version 2.0 7# (the "License"); you may not use this file except in compliance with 8# the License. You may obtain a copy of the License at 9# 10# http://www.apache.org/licenses/LICENSE-2.0 11# 12# Unless required by applicable law or agreed to in writing, software 13# distributed under the License is distributed on an "AS IS" BASIS, 14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15# See the License for the specific language governing permissions and 16# limitations under the License. 17 18#for more functionality see the HTTPD::UserAdmin module: 19# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz 20# 21# usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment> 22 23package dbmmanage; 24# -ldb -lndbm -lgdbm -lsdbm 25BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) } 26use strict; 27use Fcntl; 28use AnyDBM_File (); 29 30sub usage { 31 my $cmds = join "|", sort keys %dbmc::; 32 die <<SYNTAX; 33Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]] 34 35 where enc is -d for crypt encryption (default except on Win32, Netware) 36 -m for MD5 encryption (default on Win32, Netware) 37 -s for SHA1 encryption 38 -p for plaintext 39 40 command is one of: $cmds 41 42 pw of . for update command retains the old password 43 pw of - (or blank) for update command prompts for the password 44 45 groups or comment of . (or blank) for update command retains old values 46 groups or comment of - for update command clears the existing value 47 groups or comment of - for add and adduser commands is the empty value 48SYNTAX 49} 50 51sub need_sha1_crypt { 52 if (!eval ('require "Digest/SHA1.pm";')) { 53 print STDERR <<SHAERR; 54dbmmanage SHA1 passwords require the interface or the module Digest::SHA1 55available from CPAN: 56 57 http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz 58 59Please install Digest::SHA1 and try again, or use a different crypt option: 60 61SHAERR 62 usage(); 63 } 64} 65 66sub need_md5_crypt { 67 if (!eval ('require "Crypt/PasswdMD5.pm";')) { 68 print STDERR <<MD5ERR; 69dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN 70 71 http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz 72 73Please install Crypt::PasswdMD5 and try again, or use a different crypt option: 74 75MD5ERR 76 usage(); 77 } 78} 79 80# if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains 81# four bytes of iteration count and four bytes of salt). Otherwise, just use 82# the traditional two-byte salt. 83# see the man page on your system to decide if you have a newer crypt() lib. 84# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does). 85# The new style crypt() allows up to 20 characters of the password to be 86# significant rather than only 8. 87# 88my $newstyle_salt_platforms = join '|', qw{bsdos}; #others? 89my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/; 90 91# Some platforms just can't crypt() for Apache 92# 93my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others? 94my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/; 95 96my $crypt_method = "crypt"; 97 98if ($crypt_not_supported) { 99 $crypt_method = "md5"; 100} 101 102# Some platforms won't jump through our favorite hoops 103# 104my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others? 105my $not_unix = $^O =~ /(?:$not_unix_platforms)/; 106 107if ($crypt_not_supported) { 108 $crypt_method = "md5"; 109} 110 111if (@ARGV[0] eq "-d") { 112 shift @ARGV; 113 if ($crypt_not_supported) { 114 print STDERR 115 "Warning: Apache/$^O does not support crypt()ed passwords!\n\n"; 116 } 117 $crypt_method = "crypt"; 118} 119 120if (@ARGV[0] eq "-m") { 121 shift @ARGV; 122 $crypt_method = "md5"; 123} 124 125if (@ARGV[0] eq "-p") { 126 shift @ARGV; 127 if (!$crypt_not_supported) { 128 print STDERR 129 "Warning: Apache/$^O does not support plaintext passwords!\n\n"; 130 } 131 $crypt_method = "plain"; 132} 133 134if (@ARGV[0] eq "-s") { 135 shift @ARGV; 136 need_sha1_crypt(); 137 $crypt_method = "sha1"; 138} 139 140if ($crypt_method eq "md5") { 141 need_md5_crypt(); 142} 143 144my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV; 145 146usage() unless $file and $command and defined &{$dbmc::{$command}}; 147 148# remove extension if any 149my $chop = join '|', qw{db.? pag dir}; 150$file =~ s/\.($chop)$//; 151 152my $is_update = $command eq "update"; 153my %DB = (); 154my @range = (); 155my($mode, $flags) = $command =~ 156 /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT); 157 158tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!"; 159dbmc->$command(); 160untie %DB; 161 162 163my $x; 164sub genseed { 165 my $psf; 166 if ($not_unix) { 167 srand (time ^ $$ or time ^ ($$ + ($$ << 15))); 168 } 169 else { 170 for (qw(-xlwwa -le)) { 171 `ps $_ 2>/dev/null`; 172 $psf = $_, last unless $?; 173 } 174 srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`)); 175 } 176 @range = (qw(. /), '0'..'9','a'..'z','A'..'Z'); 177 $x = int scalar @range; 178} 179 180sub randchar { 181 join '', map $range[rand $x], 1..shift||1; 182} 183 184sub saltpw_crypt { 185 genseed() unless @range; 186 return $newstyle_salt ? 187 join '', "_", randchar, "a..", randchar(4) : 188 randchar(2); 189} 190 191sub cryptpw_crypt { 192 my ($pw, $salt) = @_; 193 $salt = saltpw_crypt unless $salt; 194 crypt $pw, $salt; 195} 196 197sub saltpw_md5 { 198 genseed() unless @range; 199 randchar(8); 200} 201 202sub cryptpw_md5 { 203 my($pw, $salt) = @_; 204 $salt = saltpw_md5 unless $salt; 205 Crypt::PasswdMD5::apache_md5_crypt($pw, $salt); 206} 207 208sub cryptpw_sha1 { 209 my($pw, $salt) = @_; 210 '{SHA}' . Digest::SHA1::sha1_base64($pw) . "="; 211} 212 213sub cryptpw { 214 if ($crypt_method eq "md5") { 215 return cryptpw_md5(@_); 216 } elsif ($crypt_method eq "sha1") { 217 return cryptpw_sha1(@_); 218 } elsif ($crypt_method eq "crypt") { 219 return cryptpw_crypt(@_); 220 } 221 @_[0]; # otherwise return plaintext 222} 223 224sub getpass { 225 my $prompt = shift || "Enter password:"; 226 227 unless($not_unix) { 228 open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n"; 229 system "stty -echo;"; 230 } 231 232 my($c,$pwd); 233 print STDERR $prompt; 234 while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") { 235 $pwd .= $c; 236 } 237 238 system "stty echo" unless $not_unix; 239 print STDERR "\n"; 240 die "Can't use empty password!\n" unless length $pwd; 241 return $pwd; 242} 243 244sub dbmc::update { 245 die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key}; 246 $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.'; 247 $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.'; 248 $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.'; 249 if (!$crypted_pwd || $crypted_pwd eq '-') { 250 dbmc->adduser; 251 } 252 else { 253 dbmc->add; 254 } 255} 256 257sub dbmc::add { 258 die "Can't use empty password!\n" unless $crypted_pwd; 259 unless($is_update) { 260 die "Sorry, user `$key' already exists!\n" if $DB{$key}; 261 } 262 $groups = '' if $groups eq '-'; 263 $comment = '' if $comment eq '-'; 264 $groups .= ":" . $comment if $comment; 265 $crypted_pwd .= ":" . $groups if $groups; 266 $DB{$key} = $crypted_pwd; 267 my $action = $is_update ? "updated" : "added"; 268 print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n"; 269} 270 271sub dbmc::adduser { 272 my $value = getpass "New password:"; 273 die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value; 274 $crypted_pwd = cryptpw $value; 275 dbmc->add; 276} 277 278sub dbmc::delete { 279 die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key}; 280 delete $DB{$key}, print "`$key' deleted\n"; 281} 282 283sub dbmc::view { 284 print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB; 285} 286 287sub dbmc::check { 288 die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key}; 289 my $chkpass = (split /:/, $DB{$key}, 3)[0]; 290 my $testpass = getpass(); 291 if (substr($chkpass, 0, 6) eq '$apr1$') { 292 need_md5_crypt; 293 $crypt_method = "md5"; 294 } elsif (substr($chkpass, 0, 5) eq '{SHA}') { 295 need_sha1_crypt; 296 $crypt_method = "sha1"; 297 } elsif (length($chkpass) == 13 && $chkpass ne $testpass) { 298 $crypt_method = "crypt"; 299 } else { 300 $crypt_method = "plain"; 301 } 302 print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass 303 ? " password ok\n" : " password mismatch\n"); 304} 305 306sub dbmc::import { 307 while(defined($_ = <STDIN>) and chomp) { 308 ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4; 309 dbmc->add; 310 } 311} 312 313