Attachment #36256 for bug #52313

View | Details | Raw Unified | Return to bug 52313
Collapse All | Expand All

Lines 68-73 Link Here

(-)a/support/htdbm.c (-11 / +30 lines)
68	char *comment;	68	char *comment;
69	char *type;	69	char *type;
70	int create;	70	int create;
		71	int allowcolon;
		72	int keep;
		73	int writevalue;
71	int rdonly;	74	int rdonly;
72	};	75	};
73		76
Lines 161-168 Link Here
161		164
162	key.dptr = htdbm->username;	165	key.dptr = htdbm->username;
163	key.dsize = strlen(htdbm->username);	166	key.dsize = strlen(htdbm->username);
164	if (apr_dbm_exists(htdbm->dbm, key))	167	if (apr_dbm_exists(htdbm->dbm, key)) {
		168	if (htdbm->keep)
		169	return APR_EEXIST;
165	*changed = 1;	170	*changed = 1;
		171	}
166		172
167	val.dsize = strlen(htdbm->ctx.passwd);	173	val.dsize = strlen(htdbm->ctx.passwd);
168	if (!htdbm->comment)	174	if (!htdbm->comment)
Lines 205-210 Link Here
205	pwd = apr_pstrndup(htdbm->ctx.pool, rec, cmnt - rec);	211	pwd = apr_pstrndup(htdbm->ctx.pool, rec, cmnt - rec);
206	else	212	else
207	pwd = apr_pstrdup(htdbm->ctx.pool, rec);	213	pwd = apr_pstrdup(htdbm->ctx.pool, rec);
		214	if (htdbm->writevalue) fwrite(val.dptr, 1, val.dsize, stdout);
208	return apr_password_validate(htdbm->ctx.passwd, pwd);	215	return apr_password_validate(htdbm->ctx.passwd, pwd);
209	}	216	}
210		217
Lines 266-272 Link Here
266	fprintf(stderr, "Invalid username length\n");	273	fprintf(stderr, "Invalid username length\n");
267	return APR_EINVAL;	274	return APR_EINVAL;
268	}	275	}
269	if (strchr(htdbm->username, ':')) {	276	if (!htdbm->allowcolon && strchr(htdbm->username, ':')) {
270	fprintf(stderr, "Username contains invalid characters\n");	277	fprintf(stderr, "Username contains invalid characters\n");
271	return APR_EINVAL;	278	return APR_EINVAL;
272	}	279	}
Lines 277-290 Link Here
277	{	284	{
278	fprintf(stderr,	285	fprintf(stderr,
279	"htdbm -- program for manipulating DBM password databases.\n\n"	286	"htdbm -- program for manipulating DBM password databases.\n\n"
280	"Usage: htdbm [-cimBdpstvx] [-C cost] [-TDBTYPE] database username\n"	287	"Usage: htdbm [-cimBdpstvxak] [-C cost] [-TDBTYPE] database username\n"
281	" -b[cmBdptsv] [-C cost] [-TDBTYPE] database username password\n"	288	" -b[cmBdptsvak] [-C cost] [-TDBTYPE] database username password\n"
282	" -n[imBdpst] [-C cost] username\n"	289	" -n[imBdpst] [-C cost] username\n"
283	" -nb[mBdpst] [-C cost] username password\n"	290	" -nb[mBdpst] [-C cost] username password\n"
284	" -v[imBdps] [-C cost] [-TDBTYPE] database username\n"	291	" -v[imBdpsw] [-C cost] [-TDBTYPE] database username\n"
285	" -vb[mBdps] [-C cost] [-TDBTYPE] database username password\n"	292	" -vb[mBdpsw] [-C cost] [-TDBTYPE] database username password\n"
286	" -x [-TDBTYPE] database username\n"	293	" -x [-TDBTYPE] database username\n"
287	" -l [-TDBTYPE] database\n"	294	" -l [-TDBTYPE] database\n"
288	"Options:\n"	295	"Options:\n"
289	" -c Create a new database.\n"	296	" -c Create a new database.\n"
290	" -n Don't update database; display results on stdout.\n"	297	" -n Don't update database; display results on stdout.\n"
Lines 302-307 Link Here
302	" -v Verify the username/password.\n"	309	" -v Verify the username/password.\n"
303	" -x Remove the username record from database.\n"	310	" -x Remove the username record from database.\n"
304	" -t The last param is username comment.\n"	311	" -t The last param is username comment.\n"
		312	" -a Allow colons in username.\n"
		313	" -k Keep existing entries; only new entries may be added.\n"
		314	" -w Write database value to stdout (when verifying).\n"
305	"The SHA algorithm does not use a salt and is less secure than the "	315	"The SHA algorithm does not use a salt and is less secure than the "
306	"MD5 algorithm.\n",	316	"MD5 algorithm.\n",
307	BCRYPT_DEFAULT_COST);	317	BCRYPT_DEFAULT_COST);
Lines 337-343 Link Here
337	if (rv != APR_SUCCESS)	347	if (rv != APR_SUCCESS)
338	exit(ERR_SYNTAX);	348	exit(ERR_SYNTAX);
339		349
340	while ((rv = apr_getopt(state, "cnmspdBbDivxlC:T:", &opt, &opt_arg)) == APR_SUCCESS) {	350	while ((rv = apr_getopt(state, "akwtcnmspdBbDivxlC:T:", &opt, &opt_arg)) == APR_SUCCESS) {
341	switch (opt) {	351	switch (opt) {
342	case 'c':	352	case 'c':
343	h->create = 1;	353	h->create = 1;
Lines 369-374 Link Here
369	need_pwd = 0;	379	need_pwd = 0;
370	cmd = HTDBM_DELETE;	380	cmd = HTDBM_DELETE;
371	break;	381	break;
		382	case 'a':
		383	h->allowcolon = 1;
		384	break;
		385	case 'k':
		386	h->keep = 1;
		387	break;
		388	case 'w':
		389	h->writevalue = 1;
		390	break;
372	default:	391	default:
373	ret = parse_common_options(&h->ctx, opt, opt_arg);	392	ret = parse_common_options(&h->ctx, opt, opt_arg);
374	if (ret) {	393	if (ret) {

Return to bug 52313