diff options
Diffstat (limited to '')
-rw-r--r-- | support/dbmmanage.in | 312 |
1 files changed, 312 insertions, 0 deletions
diff --git a/support/dbmmanage.in b/support/dbmmanage.in new file mode 100644 index 0000000..2dd8c86 --- /dev/null +++ b/support/dbmmanage.in @@ -0,0 +1,312 @@ +#!@perlbin@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#for more functionality see the HTTPD::UserAdmin module: +# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz +# +# usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment> + +package dbmmanage; +# -ldb -lndbm -lgdbm -lsdbm +BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) } +use strict; +use Fcntl; +use AnyDBM_File (); + +sub usage { + my $cmds = join "|", sort keys %dbmc::; + die <<SYNTAX; +Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]] + + where enc is -d for crypt encryption (default except on Win32, Netware) + -m for MD5 encryption (default on Win32, Netware) + -s for SHA1 encryption + -p for plaintext + + command is one of: $cmds + + pw of . for update command retains the old password + pw of - (or blank) for update command prompts for the password + + groups or comment of . (or blank) for update command retains old values + groups or comment of - for update command clears the existing value + groups or comment of - for add and adduser commands is the empty value +SYNTAX +} + +sub need_sha1_crypt { + if (!eval ('require "Digest/SHA1.pm";')) { + print STDERR <<SHAERR; +dbmmanage SHA1 passwords require the interface or the module Digest::SHA1 +available from CPAN: + + http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz + +Please install Digest::SHA1 and try again, or use a different crypt option: + +SHAERR + usage(); + } +} + +sub need_md5_crypt { + if (!eval ('require "Crypt/PasswdMD5.pm";')) { + print STDERR <<MD5ERR; +dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN + + http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz + +Please install Crypt::PasswdMD5 and try again, or use a different crypt option: + +MD5ERR + usage(); + } +} + +# if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains +# four bytes of iteration count and four bytes of salt). Otherwise, just use +# the traditional two-byte salt. +# see the man page on your system to decide if you have a newer crypt() lib. +# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does). +# The new style crypt() allows up to 20 characters of the password to be +# significant rather than only 8. +# +my $newstyle_salt_platforms = join '|', qw{bsdos}; #others? +my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/; + +# Some platforms just can't crypt() for Apache +# +my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others? +my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/; + +my $crypt_method = "crypt"; + +if ($crypt_not_supported) { + $crypt_method = "md5"; +} + +# Some platforms won't jump through our favorite hoops +# +my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others? +my $not_unix = $^O =~ /(?:$not_unix_platforms)/; + +if ($crypt_not_supported) { + $crypt_method = "md5"; +} + +if (@ARGV[0] eq "-d") { + shift @ARGV; + if ($crypt_not_supported) { + print STDERR + "Warning: Apache/$^O does not support crypt()ed passwords!\n\n"; + } + $crypt_method = "crypt"; +} + +if (@ARGV[0] eq "-m") { + shift @ARGV; + $crypt_method = "md5"; +} + +if (@ARGV[0] eq "-p") { + shift @ARGV; + if (!$crypt_not_supported) { + print STDERR + "Warning: Apache/$^O does not support plaintext passwords!\n\n"; + } + $crypt_method = "plain"; +} + +if (@ARGV[0] eq "-s") { + shift @ARGV; + need_sha1_crypt(); + $crypt_method = "sha1"; +} + +if ($crypt_method eq "md5") { + need_md5_crypt(); +} + +my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV; + +usage() unless $file and $command and defined &{$dbmc::{$command}}; + +# remove extension if any +my $chop = join '|', qw{db.? pag dir}; +$file =~ s/\.($chop)$//; + +my $is_update = $command eq "update"; +my %DB = (); +my @range = (); +my($mode, $flags) = $command =~ + /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT); + +tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!"; +dbmc->$command(); +untie %DB; + + +my $x; +sub genseed { + my $psf; + if ($not_unix) { + srand (time ^ $$ or time ^ ($$ + ($$ << 15))); + } + else { + for (qw(-xlwwa -le)) { + `ps $_ 2>/dev/null`; + $psf = $_, last unless $?; + } + srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`)); + } + @range = (qw(. /), '0'..'9','a'..'z','A'..'Z'); + $x = int scalar @range; +} + +sub randchar { + join '', map $range[rand $x], 1..shift||1; +} + +sub saltpw_crypt { + genseed() unless @range; + return $newstyle_salt ? + join '', "_", randchar, "a..", randchar(4) : + randchar(2); +} + +sub cryptpw_crypt { + my ($pw, $salt) = @_; + $salt = saltpw_crypt unless $salt; + crypt $pw, $salt; +} + +sub saltpw_md5 { + genseed() unless @range; + randchar(8); +} + +sub cryptpw_md5 { + my($pw, $salt) = @_; + $salt = saltpw_md5 unless $salt; + Crypt::PasswdMD5::apache_md5_crypt($pw, $salt); +} + +sub cryptpw_sha1 { + my($pw, $salt) = @_; + '{SHA}' . Digest::SHA1::sha1_base64($pw) . "="; +} + +sub cryptpw { + if ($crypt_method eq "md5") { + return cryptpw_md5(@_); + } elsif ($crypt_method eq "sha1") { + return cryptpw_sha1(@_); + } elsif ($crypt_method eq "crypt") { + return cryptpw_crypt(@_); + } + @_[0]; # otherwise return plaintext +} + +sub getpass { + my $prompt = shift || "Enter password:"; + + unless($not_unix) { + open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n"; + system "stty -echo;"; + } + + my($c,$pwd); + print STDERR $prompt; + while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") { + $pwd .= $c; + } + + system "stty echo" unless $not_unix; + print STDERR "\n"; + die "Can't use empty password!\n" unless length $pwd; + return $pwd; +} + +sub dbmc::update { + die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key}; + $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.'; + $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.'; + $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.'; + if (!$crypted_pwd || $crypted_pwd eq '-') { + dbmc->adduser; + } + else { + dbmc->add; + } +} + +sub dbmc::add { + die "Can't use empty password!\n" unless $crypted_pwd; + unless($is_update) { + die "Sorry, user `$key' already exists!\n" if $DB{$key}; + } + $groups = '' if $groups eq '-'; + $comment = '' if $comment eq '-'; + $groups .= ":" . $comment if $comment; + $crypted_pwd .= ":" . $groups if $groups; + $DB{$key} = $crypted_pwd; + my $action = $is_update ? "updated" : "added"; + print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n"; +} + +sub dbmc::adduser { + my $value = getpass "New password:"; + die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value; + $crypted_pwd = cryptpw $value; + dbmc->add; +} + +sub dbmc::delete { + die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key}; + delete $DB{$key}, print "`$key' deleted\n"; +} + +sub dbmc::view { + print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB; +} + +sub dbmc::check { + die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key}; + my $chkpass = (split /:/, $DB{$key}, 3)[0]; + my $testpass = getpass(); + if (substr($chkpass, 0, 6) eq '$apr1$') { + need_md5_crypt; + $crypt_method = "md5"; + } elsif (substr($chkpass, 0, 5) eq '{SHA}') { + need_sha1_crypt; + $crypt_method = "sha1"; + } elsif (length($chkpass) == 13 && $chkpass ne $testpass) { + $crypt_method = "crypt"; + } else { + $crypt_method = "plain"; + } + print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass + ? " password ok\n" : " password mismatch\n"); +} + +sub dbmc::import { + while(defined($_ = <STDIN>) and chomp) { + ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4; + dbmc->add; + } +} + |