You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2012/10/07 11:10:14 UTC
svn commit: r1395256 - in /httpd/httpd/trunk: CHANGES support/htdbm.c
support/htpasswd.c support/passwd_common.c support/passwd_common.h
Author: sf
Date: Sun Oct 7 09:10:14 2012
New Revision: 1395256
URL: http://svn.apache.org/viewvc?rev=1395256&view=rev
Log:
Optionally read passwords from stdin
PR: 40243
Submitted by: Adomas Paltanavicius <adomas paltanavicius gmail com>, sf
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/support/htdbm.c
httpd/httpd/trunk/support/htpasswd.c
httpd/httpd/trunk/support/passwd_common.c
httpd/httpd/trunk/support/passwd_common.h
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1395256&r1=1395255&r2=1395256&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Oct 7 09:10:14 2012
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) htpasswd, htdbm: Optionally read passwords from stdin, as more
+ secure alternative to -b. PR 40243. [Adomas Paltanavicius <adomas
+ paltanavicius gmail com>, Stefan Fritsch]
+
*) htpasswd, htdbm: Add support for bcrypt algorithm (requires
apr-util 1.5 or higher). PR 49288. [Stefan Fritsch]
Modified: httpd/httpd/trunk/support/htdbm.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdbm.c?rev=1395256&r1=1395255&r2=1395256&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htdbm.c (original)
+++ httpd/httpd/trunk/support/htdbm.c Sun Oct 7 09:10:14 2012
@@ -276,11 +276,11 @@ static void htdbm_usage(void)
{
fprintf(stderr,
"htdbm -- program for manipulating DBM password databases.\n\n"
- "Usage: htdbm [-cmBdpstvx] [-Ccost] [-TDBTYPE] database username\n"
+ "Usage: htdbm [-cimBdpstvx] [-Ccost] [-TDBTYPE] database username\n"
" -b[cmBdptsv] [-Ccost] [-TDBTYPE] database username password\n"
- " -n[mBdpst] [-Ccost] username\n"
+ " -n[imBdpst] [-Ccost] username\n"
" -nb[mBdpst] [-Ccost] username password\n"
- " -v[mBdps] [-Ccost] [-TDBTYPE] database username\n"
+ " -v[imBdps] [-Ccost] [-TDBTYPE] database username\n"
" -vb[mBdps] [-Ccost] [-TDBTYPE] database username password\n"
" -x [-Ccost] [-TDBTYPE] database username\n"
" -l [-Ccost] [-TDBTYPE] database\n"
@@ -288,6 +288,7 @@ static void htdbm_usage(void)
" -b Use the password from the command line rather than prompting for it.\n"
" -c Create a new database.\n"
" -n Don't update database; display results on stdout.\n"
+ " -i Read password from stdin without verification (for script usage)\n"
" -m Force MD5 encryption of the password (default).\n"
" -B Force BCRYPT encryption of the password (very secure).\n"
" -d Force CRYPT encryption of the password (8 chars max, insecure).\n"
Modified: httpd/httpd/trunk/support/htpasswd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=1395256&r1=1395255&r2=1395256&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htpasswd.c (original)
+++ httpd/httpd/trunk/support/htpasswd.c Sun Oct 7 09:10:14 2012
@@ -92,13 +92,14 @@ static int mkrecord(struct passwd_ctx *c
static void usage(void)
{
apr_file_printf(errfile, "Usage:" NL
- "\thtpasswd [-cmBdpsD] [-C cost] passwordfile username" NL
+ "\thtpasswd [-cimBdpsD] [-C cost] passwordfile username" NL
"\thtpasswd -b[cmBdpsD] [-C cost] passwordfile username password" NL
NL
- "\thtpasswd -n[mBdps] [-C cost] username" NL
+ "\thtpasswd -n[imBdps] [-C cost] username" NL
"\thtpasswd -nb[mBdps] [-C cost] username password" NL
" -c Create a new file." NL
" -n Don't update file; display results on stdout." NL
+ " -i Read password from stdin without verification (for script usage)" NL
" -m Force MD5 encryption of the password (default)." NL
" -B Force bcrypt encryption of the password (very secure)." NL
" -C Set the computing time used for the bcrypt algorithm" NL
Modified: httpd/httpd/trunk/support/passwd_common.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/passwd_common.c?rev=1395256&r1=1395255&r2=1395256&view=diff
==============================================================================
--- httpd/httpd/trunk/support/passwd_common.c (original)
+++ httpd/httpd/trunk/support/passwd_common.c Sun Oct 7 09:10:14 2012
@@ -95,18 +95,41 @@ void putline(apr_file_t *f, const char *
int get_password(struct passwd_ctx *ctx)
{
- char buf[MAX_STRING_LEN + 1];
- apr_size_t bufsize = sizeof(buf);
- if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0)
- goto err_too_long;
- apr_password_get("Re-type new password: ", buf, &bufsize);
- if (strcmp(ctx->out, buf) != 0) {
- ctx->errstr = "password verification error";
- memset(ctx->out, '\0', ctx->out_len);
+ if (ctx->passwd_src == PW_STDIN) {
+ char *buf = ctx->out;
+ apr_file_t *file_stdin;
+ apr_size_t nread;
+ if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) {
+ ctx->errstr = "Unable to read from stdin.";
+ return ERR_GENERAL;
+ }
+ if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1,
+ &nread) != APR_EOF
+ || nread == ctx->out_len - 1) {
+ goto err_too_long;
+ }
+ buf[nread] = '\0';
+ if (nread >= 1 && buf[nread-1] == '\n') {
+ buf[nread-1] = '\0';
+ if (nread >= 2 && buf[nread-2] == '\r')
+ buf[nread-2] = '\0';
+ }
+ apr_file_close(file_stdin);
+ }
+ else {
+ char buf[MAX_STRING_LEN + 1];
+ apr_size_t bufsize = sizeof(buf);
+ if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0)
+ goto err_too_long;
+ apr_password_get("Re-type new password: ", buf, &bufsize);
+ if (strcmp(ctx->out, buf) != 0) {
+ ctx->errstr = "password verification error";
+ memset(ctx->out, '\0', ctx->out_len);
+ memset(buf, '\0', sizeof(buf));
+ return ERR_PWMISMATCH;
+ }
memset(buf, '\0', sizeof(buf));
- return ERR_PWMISMATCH;
}
- memset(buf, '\0', sizeof(buf));
return 0;
err_too_long:
@@ -234,6 +257,9 @@ int parse_common_options(struct passwd_c
case 'b':
ctx->passwd_src = PW_ARG;
break;
+ case 'i':
+ ctx->passwd_src = PW_STDIN;
+ break;
case 'm':
ctx->alg = ALG_APMD5;
break;
Modified: httpd/httpd/trunk/support/passwd_common.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/passwd_common.h?rev=1395256&r1=1395255&r2=1395256&view=diff
==============================================================================
--- httpd/httpd/trunk/support/passwd_common.h (original)
+++ httpd/httpd/trunk/support/passwd_common.h Sun Oct 7 09:10:14 2012
@@ -79,7 +79,8 @@ struct passwd_ctx {
int cost;
enum {
PW_PROMPT = 0,
- PW_ARG
+ PW_ARG,
+ PW_STDIN
} passwd_src;
};