#include #include #include #include #include #include #include #include #include #define USER_FILE "/var/www/server/conf/.htpasswd" #define WIZARD "surobm" char *makeword(char *line, char stop); char *fmakeword(FILE *f, char stop, int *len); char x2c(char *what); void unescape_url(char *url); void plustospace(char *str); int cp(char *in, char *out); extern char *safepwd(struct passwd *pwd, char *pass); char *tn; /* From local_passwd.c (C) Regents of Univ. of California blah blah */ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; to64(s, v, n) register char *s; register long v; register int n; { while (--n >= 0) { *s++ = itoa64[v&0x3f]; v >>= 6; } } void change_password(char *user, char *pw, FILE *f) { char *cpw, salt[3]; (void)srand((int)time((time_t *)NULL)); to64(&salt[0],rand(),2); cpw = crypt(pw,salt); free(pw); fprintf(f,"%s:%s\n",user,cpw); } void putline(FILE *f,char *l) { int x; for(x=0;l[x];x++) fputc(l[x],f); fputc('\n',f); } main(int argc, char *argv[]) { register int x; int cl,found,create; char *u,*t1,*t2,*p1,*p2,*user, /* command[256],*/ line[256], l[256], w[256]; FILE *tfp,*f; struct passwd *pw; char *msg; tn = NULL; printf("Content-type: text/html%c%c",10,10); if(strcmp(getenv("REQUEST_METHOD"),"POST")) { printf("This script should be referenced with a METHOD of POST.\n"); printf("If you don't understand this, see this "); printf("forms overview.%c",10); exit(1); } if(strcmp(getenv("CONTENT_TYPE"),"application/x-www-form-urlencoded")) { printf("This script can only be used to decode form results. \n"); exit(1); } cl = atoi(getenv("CONTENT_LENGTH")); user=NULL; p1=NULL; p2=NULL; create=0; for(x=0;cl && (!feof(stdin));x++) { t1 = fmakeword(stdin,'&',&cl); t2 = makeword(t1,'='); unescape_url(t1); unescape_url(t2); if(!strcmp(t2,"user")) { if(!user) user = t1; else { printf("This script was accessed from the wrong form.\n"); exit(1); } } else if(!strcmp(t2,"newpasswd1")) { if(!p1) p1 = t1; else { printf("This script was accessed from the wrong form.\n"); exit(1); } } else if(!strcmp(t2,"newpasswd2")) { if(!p2) p2 = t1; else { printf("This script was accessed from the wrong form.\n"); exit(1); } } else { printf("This script was accessed from the wrong form.\n"); printf("Unrecognized directive %s.\n",t2); exit(1); } free(t2); } u=getenv("REMOTE_USER"); /* if((strcmp(u,WIZARD)) && (strcmp(user,u))) {*/ if( NULL == ( pw = getpwnam( user ))) { if ( NULL != ( pw = malloc(sizeof(struct passwd)))) { pw->pw_name=strdup(user); pw->pw_gecos=strdup("unknown"); } } if(strcmp(user,u)) { printf("User Mismatch"); printf("

User Mismatch

"); printf("The username you gave does not correspond with the "); printf("user you authenticated as.\n"); exit(1); } if(strcmp(p1,p2)) { printf("Password Mismatch"); printf("

Password Mismatch

"); printf("The two copies of your password do not match. Please"); printf(" try again."); exit(1); } if ( NULL != ( msg = safepwd( pw, p1 ))) { printf("Bad Password"); printf("

Bad Password

"); printf("%s\n",msg); exit(1); } tn = tmpnam(NULL); if(!(tfp = fopen(tn,"w"))) { fprintf(stderr,"Could not open temp file.\n"); exit(1); } if(!(f = fopen(USER_FILE,"r"))) { fprintf(stderr, "Could not open passwd file for reading.\n",USER_FILE); exit(1); } found = 0; while(!(getline(line,256,f))) { if(found || (line[0] == '#') || (!line[0])) { putline(tfp,line); continue; } strcpy(l,line); getword(w,l,':'); if(strcmp(user,w)) { putline(tfp,line); continue; } else { change_password(user,p1,tfp); found=1; } } if((!found) && (create)) change_password(user,p1,tfp); fclose(f); fclose(tfp); /* sprintf(command,"cp %s %s",tn,USER_FILE);*/ /* system(command);*/ if ( 0 == cp( tn, USER_FILE )) { unlink(tn); printf("Successful Change"); printf("

Successful Change

"); printf("Your password has been successfully changed.

"); exit(0); } else { unlink(tn); printf("Failed Change"); printf("

Failed Change

"); printf("Your password could not be changed.

"); exit(1); } } int cp(char *in, char *out) { #define BS 512 FILE *i; FILE *o; char buffer[BS]; size_t n; if ( NULL == ( o = fopen( out, "wb"))) { perror(out); return 1; } if ( NULL == ( i = fopen( in, "rb"))) { perror(in); fclose(o); return 1; } while ( 0 != ( n = fread( buffer, 1, BS, i ))) fwrite( buffer, 1, n, o ); if (!feof(i)) perror("fread"); fclose(i); fclose(o); return(0); }