You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2012/10/07 11:10:14 UTC

svn commit: r1395256 - in /httpd/httpd/trunk: CHANGES support/htdbm.c support/htpasswd.c support/passwd_common.c support/passwd_common.h

Author: sf
Date: Sun Oct  7 09:10:14 2012
New Revision: 1395256

URL: http://svn.apache.org/viewvc?rev=1395256&view=rev
Log:
Optionally read passwords from stdin

PR: 40243
Submitted by: Adomas Paltanavicius <adomas paltanavicius gmail com>, sf

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/support/htdbm.c
    httpd/httpd/trunk/support/htpasswd.c
    httpd/httpd/trunk/support/passwd_common.c
    httpd/httpd/trunk/support/passwd_common.h

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1395256&r1=1395255&r2=1395256&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Oct  7 09:10:14 2012
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) htpasswd, htdbm: Optionally read passwords from stdin, as more
+     secure alternative to -b.  PR 40243. [Adomas Paltanavicius <adomas
+     paltanavicius gmail com>, Stefan Fritsch]
+
   *) htpasswd, htdbm: Add support for bcrypt algorithm (requires
      apr-util 1.5 or higher). PR 49288. [Stefan Fritsch]
 

Modified: httpd/httpd/trunk/support/htdbm.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdbm.c?rev=1395256&r1=1395255&r2=1395256&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htdbm.c (original)
+++ httpd/httpd/trunk/support/htdbm.c Sun Oct  7 09:10:14 2012
@@ -276,11 +276,11 @@ static void htdbm_usage(void)
 {
     fprintf(stderr,
         "htdbm -- program for manipulating DBM password databases.\n\n"
-        "Usage: htdbm    [-cmBdpstvx] [-Ccost] [-TDBTYPE] database username\n"
+        "Usage: htdbm   [-cimBdpstvx] [-Ccost] [-TDBTYPE] database username\n"
         "                -b[cmBdptsv] [-Ccost] [-TDBTYPE] database username password\n"
-        "                -n[mBdpst]   [-Ccost] username\n"
+        "                -n[imBdpst]  [-Ccost] username\n"
         "                -nb[mBdpst]  [-Ccost] username password\n"
-        "                -v[mBdps]    [-Ccost] [-TDBTYPE] database username\n"
+        "                -v[imBdps]   [-Ccost] [-TDBTYPE] database username\n"
         "                -vb[mBdps]   [-Ccost] [-TDBTYPE] database username password\n"
         "                -x           [-Ccost] [-TDBTYPE] database username\n"
         "                -l           [-Ccost] [-TDBTYPE] database\n"
@@ -288,6 +288,7 @@ static void htdbm_usage(void)
         "   -b   Use the password from the command line rather than prompting for it.\n"
         "   -c   Create a new database.\n"
         "   -n   Don't update database; display results on stdout.\n"
+        "   -i   Read password from stdin without verification (for script usage)\n"
         "   -m   Force MD5 encryption of the password (default).\n"
         "   -B   Force BCRYPT encryption of the password (very secure).\n"
         "   -d   Force CRYPT encryption of the password (8 chars max, insecure).\n"

Modified: httpd/httpd/trunk/support/htpasswd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=1395256&r1=1395255&r2=1395256&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htpasswd.c (original)
+++ httpd/httpd/trunk/support/htpasswd.c Sun Oct  7 09:10:14 2012
@@ -92,13 +92,14 @@ static int mkrecord(struct passwd_ctx *c
 static void usage(void)
 {
     apr_file_printf(errfile, "Usage:" NL
-        "\thtpasswd [-cmBdpsD]  [-C cost] passwordfile username" NL
+        "\thtpasswd [-cimBdpsD] [-C cost] passwordfile username" NL
         "\thtpasswd -b[cmBdpsD] [-C cost] passwordfile username password" NL
         NL
-        "\thtpasswd -n[mBdps]  [-C cost] username" NL
+        "\thtpasswd -n[imBdps] [-C cost] username" NL
         "\thtpasswd -nb[mBdps] [-C cost] username password" NL
         " -c  Create a new file." NL
         " -n  Don't update file; display results on stdout." NL
+        " -i  Read password from stdin without verification (for script usage)" NL
         " -m  Force MD5 encryption of the password (default)." NL
         " -B  Force bcrypt encryption of the password (very secure)." NL
         " -C  Set the computing time used for the bcrypt algorithm" NL

Modified: httpd/httpd/trunk/support/passwd_common.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/passwd_common.c?rev=1395256&r1=1395255&r2=1395256&view=diff
==============================================================================
--- httpd/httpd/trunk/support/passwd_common.c (original)
+++ httpd/httpd/trunk/support/passwd_common.c Sun Oct  7 09:10:14 2012
@@ -95,18 +95,41 @@ void putline(apr_file_t *f, const char *
 
 int get_password(struct passwd_ctx *ctx)
 {
-    char buf[MAX_STRING_LEN + 1];
-    apr_size_t bufsize = sizeof(buf);
-    if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0)
-        goto err_too_long;
-    apr_password_get("Re-type new password: ", buf, &bufsize);
-    if (strcmp(ctx->out, buf) != 0) {
-        ctx->errstr = "password verification error";
-        memset(ctx->out, '\0', ctx->out_len);
+    if (ctx->passwd_src == PW_STDIN) {
+        char *buf = ctx->out;
+        apr_file_t *file_stdin;
+        apr_size_t nread;
+        if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) {
+            ctx->errstr = "Unable to read from stdin.";
+            return ERR_GENERAL;
+        }
+        if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1,
+                               &nread) != APR_EOF
+            || nread == ctx->out_len - 1) {
+            goto err_too_long;
+        }
+        buf[nread] = '\0';
+        if (nread >= 1 && buf[nread-1] == '\n') {
+            buf[nread-1] = '\0';
+            if (nread >= 2 && buf[nread-2] == '\r')
+                buf[nread-2] = '\0';
+        }
+        apr_file_close(file_stdin);
+    }
+    else {
+        char buf[MAX_STRING_LEN + 1];
+        apr_size_t bufsize = sizeof(buf);
+        if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0)
+            goto err_too_long;
+        apr_password_get("Re-type new password: ", buf, &bufsize);
+        if (strcmp(ctx->out, buf) != 0) {
+            ctx->errstr = "password verification error";
+            memset(ctx->out, '\0', ctx->out_len);
+            memset(buf, '\0', sizeof(buf));
+            return ERR_PWMISMATCH;
+        }
         memset(buf, '\0', sizeof(buf));
-        return ERR_PWMISMATCH;
     }
-    memset(buf, '\0', sizeof(buf));
     return 0;
 
 err_too_long:
@@ -234,6 +257,9 @@ int parse_common_options(struct passwd_c
     case 'b':
         ctx->passwd_src = PW_ARG;
         break;
+    case 'i':
+        ctx->passwd_src = PW_STDIN;
+        break;
     case 'm':
         ctx->alg = ALG_APMD5;
         break;

Modified: httpd/httpd/trunk/support/passwd_common.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/passwd_common.h?rev=1395256&r1=1395255&r2=1395256&view=diff
==============================================================================
--- httpd/httpd/trunk/support/passwd_common.h (original)
+++ httpd/httpd/trunk/support/passwd_common.h Sun Oct  7 09:10:14 2012
@@ -79,7 +79,8 @@ struct passwd_ctx {
     int             cost;
     enum {
         PW_PROMPT = 0,
-        PW_ARG
+        PW_ARG,
+        PW_STDIN
     } passwd_src;
 };