Compare with Previous | Blame | View Log
## Licensed to the Apache Software Foundation (ASF) under one or more# contributor license agreements. See the NOTICE file distributed with# this work for additional information regarding copyright ownership.# The ASF licenses this file to You under the Apache License, Version 2.0# (the "License"); you may not use this file except in compliance with# the License. You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.#for more functionality see the HTTPD::UserAdmin module:# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz## usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment>package dbmmanage;# -ldb -lndbm -lgdbm -lsdbmBEGIN { @AnyDBM_File::ISA = qw(SDBM_File) }use strict;use Fcntl;use AnyDBM_File ();sub usage {my $cmds = join "|", sort keys %dbmc::;die <<SYNTAX;Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]where enc is -d for crypt encryption (default except on Win32, Netware)-m for MD5 encryption (default on Win32, Netware)-s for SHA1 encryption-p for plaintextcommand is one of: $cmdspw of . for update command retains the old passwordpw of - (or blank) for update command prompts for the passwordgroups or comment of . (or blank) for update command retains old valuesgroups or comment of - for update command clears the existing valuegroups or comment of - for add and adduser commands is the empty valueSYNTAX}sub need_sha1_crypt {if (!eval ('require "Digest/SHA1.pm";')) {print STDERR <<SHAERR;dbmmanage SHA1 passwords require the interface or the module Digest::SHA1available from CPAN:http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gzPlease install Digest::SHA1 and try again, or use a different crypt option:SHAERRusage();}}sub need_md5_crypt {if (!eval ('require "Crypt/PasswdMD5.pm";')) {print STDERR <<MD5ERR;dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPANhttp://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gzPlease install Crypt::PasswdMD5 and try again, or use a different crypt option:MD5ERRusage();}}# if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains# four bytes of iteration count and four bytes of salt). Otherwise, just use# the traditional two-byte salt.# see the man page on your system to decide if you have a newer crypt() lib.# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).# The new style crypt() allows up to 20 characters of the password to be# significant rather than only 8.#my $newstyle_salt_platforms = join '|', qw{bsdos}; #others?my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;# Some platforms just can't crypt() for Apache#my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others?my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;my $crypt_method = "crypt";if ($crypt_not_supported) {$crypt_method = "md5";}# Some platforms won't jump through our favorite hoops#my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others?my $not_unix = $^O =~ /(?:$not_unix_platforms)/;if ($crypt_not_supported) {$crypt_method = "md5";}if (@ARGV[0] eq "-d") {shift @ARGV;if ($crypt_not_supported) {print STDERR"Warning: Apache/$^O does not support crypt()ed passwords!\n\n";}$crypt_method = "crypt";}if (@ARGV[0] eq "-m") {shift @ARGV;$crypt_method = "md5";}if (@ARGV[0] eq "-p") {shift @ARGV;if (!$crypt_not_supported) {print STDERR"Warning: Apache/$^O does not support plaintext passwords!\n\n";}$crypt_method = "plain";}if (@ARGV[0] eq "-s") {shift @ARGV;need_sha1_crypt();$crypt_method = "sha1";}if ($crypt_method eq "md5") {need_md5_crypt();}my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;usage() unless $file and $command and defined &{$dbmc::{$command}};# remove extension if anymy $chop = join '|', qw{db.? pag dir};$file =~ s/\.($chop)$//;my $is_update = $command eq "update";my %DB = ();my @range = ();my($mode, $flags) = $command =~/^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT);tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!";dbmc->$command();untie %DB;my $x;sub genseed {my $psf;if ($not_unix) {srand (time ^ $$ or time ^ ($$ + ($$ << 15)));}else {for (qw(-xlwwa -le)) {`ps $_ 2>/dev/null`;$psf = $_, last unless $?;}srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`));}@range = (qw(. /), '0'..'9','a'..'z','A'..'Z');$x = int scalar @range;}sub randchar {join '', map $range[rand $x], 1..shift||1;}sub saltpw_crypt {genseed() unless @range;return $newstyle_salt ?join '', "_", randchar, "a..", randchar(4) :randchar(2);}sub cryptpw_crypt {my ($pw, $salt) = @_;$salt = saltpw_crypt unless $salt;crypt $pw, $salt;}sub saltpw_md5 {genseed() unless @range;randchar(8);}sub cryptpw_md5 {my($pw, $salt) = @_;$salt = saltpw_md5 unless $salt;Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);}sub cryptpw_sha1 {my($pw, $salt) = @_;'{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";}sub cryptpw {if ($crypt_method eq "md5") {return cryptpw_md5(@_);} elsif ($crypt_method eq "sha1") {return cryptpw_sha1(@_);} elsif ($crypt_method eq "crypt") {return cryptpw_crypt(@_);}@_[0]; # otherwise return plaintext}sub getpass {my $prompt = shift || "Enter password:";unless($not_unix) {open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";system "stty -echo;";}my($c,$pwd);print STDERR $prompt;while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {$pwd .= $c;}system "stty echo" unless $not_unix;print STDERR "\n";die "Can't use empty password!\n" unless length $pwd;return $pwd;}sub dbmc::update {die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};$crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';$groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';$comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';if (!$crypted_pwd || $crypted_pwd eq '-') {dbmc->adduser;}else {dbmc->add;}}sub dbmc::add {die "Can't use empty password!\n" unless $crypted_pwd;unless($is_update) {die "Sorry, user `$key' already exists!\n" if $DB{$key};}$groups = '' if $groups eq '-';$comment = '' if $comment eq '-';$groups .= ":" . $comment if $comment;$crypted_pwd .= ":" . $groups if $groups;$DB{$key} = $crypted_pwd;my $action = $is_update ? "updated" : "added";print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";}sub dbmc::adduser {my $value = getpass "New password:";die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;$crypted_pwd = cryptpw $value;dbmc->add;}sub dbmc::delete {die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};delete $DB{$key}, print "`$key' deleted\n";}sub dbmc::view {print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;}sub dbmc::check {die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};my $chkpass = (split /:/, $DB{$key}, 3)[0];my $testpass = getpass();if (substr($chkpass, 0, 6) eq '$apr1$') {need_md5_crypt;$crypt_method = "md5";} elsif (substr($chkpass, 0, 5) eq '{SHA}') {need_sha1_crypt;$crypt_method = "sha1";} elsif (length($chkpass) == 13 && $chkpass ne $testpass) {$crypt_method = "crypt";} else {$crypt_method = "plain";}print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass? " password ok\n" : " password mismatch\n");}sub dbmc::import {while(defined($_ = <STDIN>) and chomp) {($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;dbmc->add;}}