dbmmanage.pl 9.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311
  1. #
  2. # Licensed to the Apache Software Foundation (ASF) under one or more
  3. # contributor license agreements. See the NOTICE file distributed with
  4. # this work for additional information regarding copyright ownership.
  5. # The ASF licenses this file to You under the Apache License, Version 2.0
  6. # (the "License"); you may not use this file except in compliance with
  7. # the License. You may obtain a copy of the License at
  8. #
  9. # http://www.apache.org/licenses/LICENSE-2.0
  10. #
  11. # Unless required by applicable law or agreed to in writing, software
  12. # distributed under the License is distributed on an "AS IS" BASIS,
  13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. # See the License for the specific language governing permissions and
  15. # limitations under the License.
  16. #for more functionality see the HTTPD::UserAdmin module:
  17. # http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
  18. #
  19. # usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment>
  20. package dbmmanage;
  21. # -ldb -lndbm -lgdbm -lsdbm
  22. BEGIN { @AnyDBM_File::ISA = qw(SDBM_File) }
  23. use strict;
  24. use Fcntl;
  25. use AnyDBM_File ();
  26. sub usage {
  27. my $cmds = join "|", sort keys %dbmc::;
  28. die <<SYNTAX;
  29. Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
  30. where enc is -d for crypt encryption (default except on Win32, Netware)
  31. -m for MD5 encryption (default on Win32, Netware)
  32. -s for SHA1 encryption
  33. -p for plaintext
  34. command is one of: $cmds
  35. pw of . for update command retains the old password
  36. pw of - (or blank) for update command prompts for the password
  37. groups or comment of . (or blank) for update command retains old values
  38. groups or comment of - for update command clears the existing value
  39. groups or comment of - for add and adduser commands is the empty value
  40. SYNTAX
  41. }
  42. sub need_sha1_crypt {
  43. if (!eval ('require "Digest/SHA1.pm";')) {
  44. print STDERR <<SHAERR;
  45. dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
  46. available from CPAN:
  47. http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz
  48. Please install Digest::SHA1 and try again, or use a different crypt option:
  49. SHAERR
  50. usage();
  51. }
  52. }
  53. sub need_md5_crypt {
  54. if (!eval ('require "Crypt/PasswdMD5.pm";')) {
  55. print STDERR <<MD5ERR;
  56. dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN
  57. http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz
  58. Please install Crypt::PasswdMD5 and try again, or use a different crypt option:
  59. MD5ERR
  60. usage();
  61. }
  62. }
  63. # if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains
  64. # four bytes of iteration count and four bytes of salt). Otherwise, just use
  65. # the traditional two-byte salt.
  66. # see the man page on your system to decide if you have a newer crypt() lib.
  67. # I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
  68. # The new style crypt() allows up to 20 characters of the password to be
  69. # significant rather than only 8.
  70. #
  71. my $newstyle_salt_platforms = join '|', qw{bsdos}; #others?
  72. my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;
  73. # Some platforms just can't crypt() for Apache
  74. #
  75. my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others?
  76. my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;
  77. my $crypt_method = "crypt";
  78. if ($crypt_not_supported) {
  79. $crypt_method = "md5";
  80. }
  81. # Some platforms won't jump through our favorite hoops
  82. #
  83. my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others?
  84. my $not_unix = $^O =~ /(?:$not_unix_platforms)/;
  85. if ($crypt_not_supported) {
  86. $crypt_method = "md5";
  87. }
  88. if (@ARGV[0] eq "-d") {
  89. shift @ARGV;
  90. if ($crypt_not_supported) {
  91. print STDERR
  92. "Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
  93. }
  94. $crypt_method = "crypt";
  95. }
  96. if (@ARGV[0] eq "-m") {
  97. shift @ARGV;
  98. $crypt_method = "md5";
  99. }
  100. if (@ARGV[0] eq "-p") {
  101. shift @ARGV;
  102. if (!$crypt_not_supported) {
  103. print STDERR
  104. "Warning: Apache/$^O does not support plaintext passwords!\n\n";
  105. }
  106. $crypt_method = "plain";
  107. }
  108. if (@ARGV[0] eq "-s") {
  109. shift @ARGV;
  110. need_sha1_crypt();
  111. $crypt_method = "sha1";
  112. }
  113. if ($crypt_method eq "md5") {
  114. need_md5_crypt();
  115. }
  116. my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;
  117. usage() unless $file and $command and defined &{$dbmc::{$command}};
  118. # remove extension if any
  119. my $chop = join '|', qw{db.? pag dir};
  120. $file =~ s/\.($chop)$//;
  121. my $is_update = $command eq "update";
  122. my %DB = ();
  123. my @range = ();
  124. my($mode, $flags) = $command =~
  125. /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT);
  126. tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!";
  127. dbmc->$command();
  128. untie %DB;
  129. my $x;
  130. sub genseed {
  131. my $psf;
  132. if ($not_unix) {
  133. srand (time ^ $$ or time ^ ($$ + ($$ << 15)));
  134. }
  135. else {
  136. for (qw(-xlwwa -le)) {
  137. `ps $_ 2>/dev/null`;
  138. $psf = $_, last unless $?;
  139. }
  140. srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`));
  141. }
  142. @range = (qw(. /), '0'..'9','a'..'z','A'..'Z');
  143. $x = int scalar @range;
  144. }
  145. sub randchar {
  146. join '', map $range[rand $x], 1..shift||1;
  147. }
  148. sub saltpw_crypt {
  149. genseed() unless @range;
  150. return $newstyle_salt ?
  151. join '', "_", randchar, "a..", randchar(4) :
  152. randchar(2);
  153. }
  154. sub cryptpw_crypt {
  155. my ($pw, $salt) = @_;
  156. $salt = saltpw_crypt unless $salt;
  157. crypt $pw, $salt;
  158. }
  159. sub saltpw_md5 {
  160. genseed() unless @range;
  161. randchar(8);
  162. }
  163. sub cryptpw_md5 {
  164. my($pw, $salt) = @_;
  165. $salt = saltpw_md5 unless $salt;
  166. Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
  167. }
  168. sub cryptpw_sha1 {
  169. my($pw, $salt) = @_;
  170. '{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
  171. }
  172. sub cryptpw {
  173. if ($crypt_method eq "md5") {
  174. return cryptpw_md5(@_);
  175. } elsif ($crypt_method eq "sha1") {
  176. return cryptpw_sha1(@_);
  177. } elsif ($crypt_method eq "crypt") {
  178. return cryptpw_crypt(@_);
  179. }
  180. @_[0]; # otherwise return plaintext
  181. }
  182. sub getpass {
  183. my $prompt = shift || "Enter password:";
  184. unless($not_unix) {
  185. open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
  186. system "stty -echo;";
  187. }
  188. my($c,$pwd);
  189. print STDERR $prompt;
  190. while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {
  191. $pwd .= $c;
  192. }
  193. system "stty echo" unless $not_unix;
  194. print STDERR "\n";
  195. die "Can't use empty password!\n" unless length $pwd;
  196. return $pwd;
  197. }
  198. sub dbmc::update {
  199. die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
  200. $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
  201. $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
  202. $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
  203. if (!$crypted_pwd || $crypted_pwd eq '-') {
  204. dbmc->adduser;
  205. }
  206. else {
  207. dbmc->add;
  208. }
  209. }
  210. sub dbmc::add {
  211. die "Can't use empty password!\n" unless $crypted_pwd;
  212. unless($is_update) {
  213. die "Sorry, user `$key' already exists!\n" if $DB{$key};
  214. }
  215. $groups = '' if $groups eq '-';
  216. $comment = '' if $comment eq '-';
  217. $groups .= ":" . $comment if $comment;
  218. $crypted_pwd .= ":" . $groups if $groups;
  219. $DB{$key} = $crypted_pwd;
  220. my $action = $is_update ? "updated" : "added";
  221. print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
  222. }
  223. sub dbmc::adduser {
  224. my $value = getpass "New password:";
  225. die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
  226. $crypted_pwd = cryptpw $value;
  227. dbmc->add;
  228. }
  229. sub dbmc::delete {
  230. die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
  231. delete $DB{$key}, print "`$key' deleted\n";
  232. }
  233. sub dbmc::view {
  234. print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;
  235. }
  236. sub dbmc::check {
  237. die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
  238. my $chkpass = (split /:/, $DB{$key}, 3)[0];
  239. my $testpass = getpass();
  240. if (substr($chkpass, 0, 6) eq '$apr1$') {
  241. need_md5_crypt;
  242. $crypt_method = "md5";
  243. } elsif (substr($chkpass, 0, 5) eq '{SHA}') {
  244. need_sha1_crypt;
  245. $crypt_method = "sha1";
  246. } elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
  247. $crypt_method = "crypt";
  248. } else {
  249. $crypt_method = "plain";
  250. }
  251. print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass
  252. ? " password ok\n" : " password mismatch\n");
  253. }
  254. sub dbmc::import {
  255. while(defined($_ = <STDIN>) and chomp) {
  256. ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;
  257. dbmc->add;
  258. }
  259. }