summaryrefslogtreecommitdiffstats
path: root/support/dbmmanage.in
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 06:33:50 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 06:33:50 +0000
commitfe39ffb8b90ae4e002ed73fe98617cd590abb467 (patch)
treeb80e5956907d8aeaaffe4e4f0c068c0e6157ce8b /support/dbmmanage.in
parentInitial commit. (diff)
downloadapache2-fe39ffb8b90ae4e002ed73fe98617cd590abb467.tar.xz
apache2-fe39ffb8b90ae4e002ed73fe98617cd590abb467.zip
Adding upstream version 2.4.56.upstream/2.4.56upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'support/dbmmanage.in')
-rw-r--r--support/dbmmanage.in312
1 files changed, 312 insertions, 0 deletions
diff --git a/support/dbmmanage.in b/support/dbmmanage.in
new file mode 100644
index 0000000..2dd8c86
--- /dev/null
+++ b/support/dbmmanage.in
@@ -0,0 +1,312 @@
+#!@perlbin@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#for more functionality see the HTTPD::UserAdmin module:
+# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
+#
+# usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment>
+
+package dbmmanage;
+# -ldb -lndbm -lgdbm -lsdbm
+BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) }
+use strict;
+use Fcntl;
+use AnyDBM_File ();
+
+sub usage {
+ my $cmds = join "|", sort keys %dbmc::;
+ die <<SYNTAX;
+Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
+
+ where enc is -d for crypt encryption (default except on Win32, Netware)
+ -m for MD5 encryption (default on Win32, Netware)
+ -s for SHA1 encryption
+ -p for plaintext
+
+ command is one of: $cmds
+
+ pw of . for update command retains the old password
+ pw of - (or blank) for update command prompts for the password
+
+ groups or comment of . (or blank) for update command retains old values
+ groups or comment of - for update command clears the existing value
+ groups or comment of - for add and adduser commands is the empty value
+SYNTAX
+}
+
+sub need_sha1_crypt {
+ if (!eval ('require "Digest/SHA1.pm";')) {
+ print STDERR <<SHAERR;
+dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
+available from CPAN:
+
+ http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz
+
+Please install Digest::SHA1 and try again, or use a different crypt option:
+
+SHAERR
+ usage();
+ }
+}
+
+sub need_md5_crypt {
+ if (!eval ('require "Crypt/PasswdMD5.pm";')) {
+ print STDERR <<MD5ERR;
+dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN
+
+ http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz
+
+Please install Crypt::PasswdMD5 and try again, or use a different crypt option:
+
+MD5ERR
+ usage();
+ }
+}
+
+# if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains
+# four bytes of iteration count and four bytes of salt). Otherwise, just use
+# the traditional two-byte salt.
+# see the man page on your system to decide if you have a newer crypt() lib.
+# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
+# The new style crypt() allows up to 20 characters of the password to be
+# significant rather than only 8.
+#
+my $newstyle_salt_platforms = join '|', qw{bsdos}; #others?
+my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;
+
+# Some platforms just can't crypt() for Apache
+#
+my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others?
+my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;
+
+my $crypt_method = "crypt";
+
+if ($crypt_not_supported) {
+ $crypt_method = "md5";
+}
+
+# Some platforms won't jump through our favorite hoops
+#
+my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others?
+my $not_unix = $^O =~ /(?:$not_unix_platforms)/;
+
+if ($crypt_not_supported) {
+ $crypt_method = "md5";
+}
+
+if (@ARGV[0] eq "-d") {
+ shift @ARGV;
+ if ($crypt_not_supported) {
+ print STDERR
+ "Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
+ }
+ $crypt_method = "crypt";
+}
+
+if (@ARGV[0] eq "-m") {
+ shift @ARGV;
+ $crypt_method = "md5";
+}
+
+if (@ARGV[0] eq "-p") {
+ shift @ARGV;
+ if (!$crypt_not_supported) {
+ print STDERR
+ "Warning: Apache/$^O does not support plaintext passwords!\n\n";
+ }
+ $crypt_method = "plain";
+}
+
+if (@ARGV[0] eq "-s") {
+ shift @ARGV;
+ need_sha1_crypt();
+ $crypt_method = "sha1";
+}
+
+if ($crypt_method eq "md5") {
+ need_md5_crypt();
+}
+
+my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;
+
+usage() unless $file and $command and defined &{$dbmc::{$command}};
+
+# remove extension if any
+my $chop = join '|', qw{db.? pag dir};
+$file =~ s/\.($chop)$//;
+
+my $is_update = $command eq "update";
+my %DB = ();
+my @range = ();
+my($mode, $flags) = $command =~
+ /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT);
+
+tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!";
+dbmc->$command();
+untie %DB;
+
+
+my $x;
+sub genseed {
+ my $psf;
+ if ($not_unix) {
+ srand (time ^ $$ or time ^ ($$ + ($$ << 15)));
+ }
+ else {
+ for (qw(-xlwwa -le)) {
+ `ps $_ 2>/dev/null`;
+ $psf = $_, last unless $?;
+ }
+ srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`));
+ }
+ @range = (qw(. /), '0'..'9','a'..'z','A'..'Z');
+ $x = int scalar @range;
+}
+
+sub randchar {
+ join '', map $range[rand $x], 1..shift||1;
+}
+
+sub saltpw_crypt {
+ genseed() unless @range;
+ return $newstyle_salt ?
+ join '', "_", randchar, "a..", randchar(4) :
+ randchar(2);
+}
+
+sub cryptpw_crypt {
+ my ($pw, $salt) = @_;
+ $salt = saltpw_crypt unless $salt;
+ crypt $pw, $salt;
+}
+
+sub saltpw_md5 {
+ genseed() unless @range;
+ randchar(8);
+}
+
+sub cryptpw_md5 {
+ my($pw, $salt) = @_;
+ $salt = saltpw_md5 unless $salt;
+ Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
+}
+
+sub cryptpw_sha1 {
+ my($pw, $salt) = @_;
+ '{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
+}
+
+sub cryptpw {
+ if ($crypt_method eq "md5") {
+ return cryptpw_md5(@_);
+ } elsif ($crypt_method eq "sha1") {
+ return cryptpw_sha1(@_);
+ } elsif ($crypt_method eq "crypt") {
+ return cryptpw_crypt(@_);
+ }
+ @_[0]; # otherwise return plaintext
+}
+
+sub getpass {
+ my $prompt = shift || "Enter password:";
+
+ unless($not_unix) {
+ open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
+ system "stty -echo;";
+ }
+
+ my($c,$pwd);
+ print STDERR $prompt;
+ while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {
+ $pwd .= $c;
+ }
+
+ system "stty echo" unless $not_unix;
+ print STDERR "\n";
+ die "Can't use empty password!\n" unless length $pwd;
+ return $pwd;
+}
+
+sub dbmc::update {
+ die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
+ $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
+ $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
+ $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
+ if (!$crypted_pwd || $crypted_pwd eq '-') {
+ dbmc->adduser;
+ }
+ else {
+ dbmc->add;
+ }
+}
+
+sub dbmc::add {
+ die "Can't use empty password!\n" unless $crypted_pwd;
+ unless($is_update) {
+ die "Sorry, user `$key' already exists!\n" if $DB{$key};
+ }
+ $groups = '' if $groups eq '-';
+ $comment = '' if $comment eq '-';
+ $groups .= ":" . $comment if $comment;
+ $crypted_pwd .= ":" . $groups if $groups;
+ $DB{$key} = $crypted_pwd;
+ my $action = $is_update ? "updated" : "added";
+ print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
+}
+
+sub dbmc::adduser {
+ my $value = getpass "New password:";
+ die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
+ $crypted_pwd = cryptpw $value;
+ dbmc->add;
+}
+
+sub dbmc::delete {
+ die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
+ delete $DB{$key}, print "`$key' deleted\n";
+}
+
+sub dbmc::view {
+ print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;
+}
+
+sub dbmc::check {
+ die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
+ my $chkpass = (split /:/, $DB{$key}, 3)[0];
+ my $testpass = getpass();
+ if (substr($chkpass, 0, 6) eq '$apr1$') {
+ need_md5_crypt;
+ $crypt_method = "md5";
+ } elsif (substr($chkpass, 0, 5) eq '{SHA}') {
+ need_sha1_crypt;
+ $crypt_method = "sha1";
+ } elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
+ $crypt_method = "crypt";
+ } else {
+ $crypt_method = "plain";
+ }
+ print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass
+ ? " password ok\n" : " password mismatch\n");
+}
+
+sub dbmc::import {
+ while(defined($_ = <STDIN>) and chomp) {
+ ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;
+ dbmc->add;
+ }
+}
+