diff -Naupr thttpd-2.25b.orig/extras/htpasswd.1 thttpd-2.25b/extras/htpasswd.1
--- thttpd-2.25b.orig/extras/htpasswd.1 1998-05-07 19:01:04.000000000 +0200
+++ thttpd-2.25b/extras/htpasswd.1 2008-09-25 10:43:13.000000000 +0200
@@ -1,8 +1,8 @@
-.TH htpasswd 1 "05 May 1998"
+.TH thtpasswd 1 "05 May 1998"
.SH NAME
-htpasswd - manipulate HTTP-server password files
+thtpasswd - manipulate HTTP-server password files
.SH SYNOPSIS
-.B htpasswd
+.B thtpasswd
.RB [ -c ]
.I passwordfile
.I username
diff -Naupr thttpd-2.25b.orig/extras/htpasswd.c thttpd-2.25b/extras/htpasswd.c
--- thttpd-2.25b.orig/extras/htpasswd.c 2001-12-19 01:08:08.000000000 +0100
+++ thttpd-2.25b/extras/htpasswd.c 2008-09-25 10:43:13.000000000 +0200
@@ -21,7 +21,12 @@ extern char *crypt(const char *key, cons
#define LF 10
#define CR 13
+#define CPW_LEN 13
+
+/* ie 'string' + '\0' */
#define MAX_STRING_LEN 256
+/* ie 'maxstring' + ':' + cpassword */
+#define MAX_LINE_LEN MAX_STRING_LEN+1+CPW_LEN
int tfd;
char temp_template[] = "/tmp/htp.XXXXXX";
@@ -137,8 +142,9 @@ add_password( char* user, FILE* f )
}
static void usage(void) {
- fprintf(stderr,"Usage: htpasswd [-c] passwordfile username\n");
- fprintf(stderr,"The -c flag creates a new file.\n");
+ fprintf(stderr,"Usage: htpasswd [-c] passwordfile username\n"
+ "The -c flag creates a new file.\n"
+ "Will prompt for password, unless given on stdin.\n");
exit(1);
}
@@ -151,17 +157,37 @@ void interrupted(int signo) {
int main(int argc, char *argv[]) {
FILE *tfp,*f;
char user[MAX_STRING_LEN];
- char line[MAX_STRING_LEN];
- char l[MAX_STRING_LEN];
+ char line[MAX_LINE_LEN];
+ char l[MAX_LINE_LEN];
char w[MAX_STRING_LEN];
char command[MAX_STRING_LEN];
- int found;
+ int found,u;
tfd = -1;
+ u = 2; /* argv[u] is username, unless... */
signal(SIGINT,(void (*)(int))interrupted);
if(argc == 4) {
+ u = 3;
if(strcmp(argv[1],"-c"))
usage();
+ if((f=fopen(argv[2],"r")) != NULL) {
+ fclose(f);
+ fprintf(stderr,
+ "Password file %s already exists.\n"
+ "Delete it first, if you really want to overwrite it.\n",
+ argv[2]);
+ exit(1);
+ }
+ } else if(argc != 3) usage();
+ /* check uname length; underlying system will take care of pwdfile
+ name too long */
+ if (strlen(argv[u]) >= MAX_STRING_LEN) {
+ fprintf(stderr,"Username too long (max %i): %s\n",
+ MAX_STRING_LEN-1, argv[u]);
+ exit(1);
+ }
+
+ if(argc == 4) {
if(!(tfp = fopen(argv[2],"w"))) {
fprintf(stderr,"Could not open passwd file %s for writing.\n",
argv[2]);
@@ -172,12 +198,6 @@ int main(int argc, char *argv[]) {
add_password(argv[3],tfp);
fclose(tfp);
exit(0);
- } else if(argc != 3) usage();
-
- tfd = mkstemp(temp_template);
- if(!(tfp = fdopen(tfd,"w"))) {
- fprintf(stderr,"Could not open temp file.\n");
- exit(1);
}
if(!(f = fopen(argv[1],"r"))) {
@@ -186,16 +206,43 @@ int main(int argc, char *argv[]) {
fprintf(stderr,"Use -c option to create new one.\n");
exit(1);
}
+ if(freopen(argv[1],"a",f) == NULL) {
+ fprintf(stderr,
+ "Could not open passwd file %s for writing!.\n"
+ "Changes would be lost.\n",argv[1]);
+ exit(1);
+ }
+ f = freopen(argv[1],"r",f);
+
+ /* pwdfile is there, go on with tempfile now ... */
+ tfd = mkstemp(temp_template);
+ if(!(tfp = fdopen(tfd,"w"))) {
+ fprintf(stderr,"Could not open temp file.\n");
+ exit(1);
+ }
+ /* already checked for boflw ... */
strcpy(user,argv[2]);
found = 0;
- while(!(getline(line,MAX_STRING_LEN,f))) {
+ /* line we get is username:pwd, or possibly any other cruft */
+ while(!(getline(line,MAX_LINE_LEN,f))) {
+ char *i;
+
if(found || (line[0] == '#') || (!line[0])) {
putline(tfp,line);
continue;
}
- strcpy(l,line);
- getword(w,l,':');
+ i = index(line,':');
+ w[0] = '\0';
+ /* actually, cpw is CPW_LEN chars and never null, hence ':' should
+ always be at line[strlen(line)-CPW_LEN-1] in a valid user:cpw line
+ Here though we may allow for pre-hancrafted pwdfile (!)...
+ But still need to check for length limits.
+ */
+ if (i != 0 && i-line <= MAX_STRING_LEN-1) {
+ strcpy(l,line);
+ getword(w,l,':');
+ }
if(strcmp(user,w)) {
putline(tfp,line);
continue;
@@ -210,10 +257,28 @@ int main(int argc, char *argv[]) {
printf("Adding user %s\n",user);
add_password(user,tfp);
}
+ /* close, rewind & copy */
+ fclose(f);
+ fclose(tfp);
+ f = fopen(argv[1],"w");
+ if(f==NULL) {
+ fprintf(stderr,"Failed re-opening %s!?\n",argv[1]);
+ exit(1);
+ }
+ tfp = fopen(temp_template,"r");
+ if(tfp==NULL) {
+ fprintf(stderr,"Failed re-opening tempfile!?\n");
+ exit(1);
+ }
+ {
+ int c;
+ while((c=fgetc(tfp))!=EOF && !feof(tfp)) {
+ fputc(c,f);
+ /* fputc(c,stderr); */
+ }
+ }
fclose(f);
fclose(tfp);
- sprintf(command,"cp %s %s",temp_template,argv[1]);
- system(command);
unlink(temp_template);
exit(0);
}
diff -Naupr thttpd-2.25b.orig/extras/makeweb.1 thttpd-2.25b/extras/makeweb.1
--- thttpd-2.25b.orig/extras/makeweb.1 2005-06-29 19:53:22.000000000 +0200
+++ thttpd-2.25b/extras/makeweb.1 2008-09-25 10:43:13.000000000 +0200
@@ -2,11 +2,17 @@
.SH NAME
makeweb - create user web directory
.SH SYNOPSIS
-.B makeweb
+.B makeweb
+[\fI -d webdir \fR]
.SH DESCRIPTION
.PP
This program allows users to create their own web subdirectories off
of the main web directory.
+.PP
+.TP
+\fB\-d\fR
+Specify the root directory for new user directories. The default directory
+is /var/www
.SH "SEE ALSO
thttpd(8)
.SH AUTHOR
diff -Naupr thttpd-2.25b.orig/extras/makeweb.c thttpd-2.25b/extras/makeweb.c
--- thttpd-2.25b.orig/extras/makeweb.c 2005-06-29 19:53:25.000000000 +0200
+++ thttpd-2.25b/extras/makeweb.c 2008-09-25 10:43:13.000000000 +0200
@@ -48,6 +48,10 @@
static char* argv0;
+void usage(void)
+{
+ printf("usage: %s [-d webdir] \n",argv0);
+}
static void
check_room( int size, int len )
@@ -121,28 +125,44 @@ This is probably a configuration error.\
int
main( int argc, char** argv )
{
+ extern char *optarg;
char* webdir;
char* prefix;
struct passwd* pwd;
char* username;
char* homedir;
+ int opts;
+
char dirname[5000];
char linkname[5000];
char linkbuf[5000];
struct stat sb;
-
+
argv0 = argv[0];
- if ( argc != 1 )
+
+#ifndef TILDE_MAP_2
+ webdir = WEBDIR;
+#endif /* TILDE_MAP_2 */
+
+ if ( (opts = getopt(argc, argv, "d:h")) != EOF )
+ {
+ switch (opts)
{
- (void) fprintf( stderr, "usage: %s\n", argv0 );
- exit( 1 );
- }
+ case 'd': webdir = strdup(optarg); break;
+ case 'h': usage(); return 1; break;
+ default:
+ usage();
+ return 1;
+ break;
+ }
+
+ }
pwd = getpwuid( getuid() );
if ( pwd == (struct passwd*) 0 )
{
(void) fprintf( stderr, "%s: can't find your username\n", argv0 );
- exit( 1 );
+ exit ( 1 );
}
username = pwd->pw_name;
homedir = pwd->pw_dir;
@@ -159,11 +179,9 @@ main( int argc, char** argv )
(void) strcat( dirname, TILDE_MAP_2 );
check_dir( dirname, pwd->pw_uid, pwd->pw_gid );
-
+
#else /* TILDE_MAP_2 */
- /* Gather the pieces. */
- webdir = WEBDIR;
#ifdef TILDE_MAP_1
prefix = TILDE_MAP_1;
#else /* TILDE_MAP_1 */
diff -Naupr thttpd-2.25b.orig/thttpd.8 thttpd-2.25b/thttpd.8
--- thttpd-2.25b.orig/thttpd.8 2005-06-29 19:50:56.000000000 +0200
+++ thttpd-2.25b/thttpd.8 2008-09-25 10:43:13.000000000 +0200
@@ -270,7 +270,7 @@ called .htpasswd by default.
This file is formatted as the familiar colon-separated
username/encrypted-password pair, records delimited by newlines.
The protection does not carry over to subdirectories.
-The utility program htpasswd(1) is included to help create and
+The utility program thtpasswd(1) is included to help create and
modify .htpasswd files.
.PP
Relevant config.h option: AUTH_FILE
@@ -562,7 +562,7 @@ This is a little tricky to set up correc
chroot() then the log file must be within the chroot tree, but it's
definitely doable.
.SH "SEE ALSO"
-redirect(8), ssi(8), makeweb(1), htpasswd(1), syslogtocern(8), weblog_parse(1), http_get(1)
+thtpasswd(1), syslogtocern(8)
.SH THANKS
.PP
Many thanks to contributors, reviewers, testers: