#!/usr/bin/perl5 # # htaccess.pl # Copyright (c) 1998 SurfUtah.Com # written by Rus Berrett # # user authentication manager # # set up the salt set for crypting passwords @saltset = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '.', '/'); # read the form data &parse_form_data(*array); # set the current user, user "admin" has special privileges $user = $ENV{'REMOTE_USER'}; # access different directory if ($array{'submit'} eq "Access Directory") { &access_directory(); } # read in the htpasswd filename and htgroup filename from .htaccess file &read_passwd_group_info(); if ($user ne "admin") { # only that is allowed is to change password $array{'username'} = $user; if ($array{'submit'} eq "Change Password") { &change_passwd(); exit(0); } # print out the change password form &print_change_passwd_form(); exit(0); } # print out an appropriate form if appropriate if ($array{'action'} eq "yes") { if ($array{'submit'} eq "Add User") { &add_user(); } elsif ($array{'submit'} eq "Add Group") { &add_group(); } elsif ($array{'submit'} eq "Change Password") { &change_passwd(); } elsif ($array{'submit'} eq "Remove User") { &remove_user(); } elsif ($array{'submit'} eq "Remove Group") { &remove_group(); } elsif ($array{'submit'} eq "Rename User") { &rename_user(); } elsif ($array{'submit'} eq "Rename Group") { &rename_group(); } elsif ($array{'submit'} eq "Update Group") { &update_group(); } exit(0); } if ($array{'submit'} eq "Add User") { &print_add_user_form(); } elsif ($array{'submit'} eq "Add Group") { &print_add_group_form(); } elsif ($array{'submit'} eq "Change Password") { &print_change_passwd_form(); } elsif ($array{'submit'} eq "Remove User") { &print_remove_user_form(); } elsif ($array{'submit'} eq "Remove Group") { &print_remove_group_form(); } elsif ($array{'submit'} eq "Rename User") { &print_rename_user_form(); } elsif ($array{'submit'} eq "Rename Group") { &print_rename_group_form(); } elsif ($array{'submit'} eq "User Composition") { &print_group_composition(); } elsif ($array{'submit'} eq "Change AuthGroupFile") { &change_authgroupfile(); } elsif ($array{'submit'} eq "Change AuthName") { &change_authname(); } elsif ($array{'submit'} eq "Change AuthUserFile") { &change_authuserfile(); } elsif ($array{'submit'} eq "Update Limit Fields") { &update_limit_fields(); } elsif ($array{'submit'} eq "Remove Limit Definition") { &remove_limit_directive(); } else { &print_menu(); } ################################################## sub access_directory { local ($dir, $match, $htat); # check directory &check_directory(); $dir = $array{'htaccess'}; $array{'htaccess'} .= ".htaccess"; unless (-e "$array{'htaccess'}") { # copy a generic .htaccess file into the directory unless (open(NEWHTACCESS, ">$array{'htaccess'}")) { &print_header_info("User Authentication Manager Error - cannot create $array{'htaccess'}", 0); &return_error("Cannot create \"$array{'htaccess'}\". $!"); } print NEWHTACCESS < require valid-user ENDTEXT close(NEWHTACCESS); } else { # check for a line AddType application/x-httpd-cgi .pl $match = 0; $htat = ""; open(HTACCESS, "$array{'htaccess'}"); while () { $htat .= "$_"; chop; $_ =~ s/^\s+//g; $_ =~ s/\s+$//g; $_ =~ s/\s+/ /g; $_ =~ tr/A-Z/a-z/; if ($_ eq "addtype application/x-httpd-cgi .pl") { $match = 1; last; } } close(HTACCESS); if ($match == 0) { open(HTACCESS, ">$array{'htaccess'}"); print HTACCESS "AddType application/x-httpd-cgi .pl\n"; print HTACCESS "$htat"; close(HTACCESS); } } unless (-e "$dir/htaccess.pl") { link("/usr/local/etc/httpd/cgi-bin/library/htaccess/htaccess.pl", "$dir/htaccess.pl") || print STDERR "$!\n"; } } ################################################## sub add_group { # error checking - must have groupname and groupusers &check_groupname_field(); &check_groupusers_field(); # can we open up the file? &check_htgroup_file_existence(); # add the group $array{'htgroup'} = (split(/[;|]/, $array{'htgroup'}))[0]; open(PWF, "$array{'htgroup'}"); while () { chop; if (/$array{'groupname'}\:/) { close(PWF); &print_header_info("User Authentication Manager Error - $array{'groupname'} already exists", 0); &return_error("Group \"$array{'groupname'}\" already exists"); } } close(PWF); open(PWF, ">>$array{'htgroup'}"); print PWF "$array{'groupname'}:$array{'groupusers'}\n"; close(PWF); &print_header_info("User Authentication Manager - $array{'groupname'} added", 0); print <$array{'groupname'} added to $array{'htgroup'} The user, "$array{'groupname'}", was successfully added to the file, "$array{'htgroup'}" with a group user list of "$array{'groupusers'}".

ENDTEXT &print_footer_info(); } ################################################## sub add_user { local ($now, $salt); # error checking - must have username, passwd, and passwd_confirm &check_username_field(); &check_passwd_fields(); &check_passwd_match(); # error checking - passwd and passwd_confirm must match &check_passwd_match(); # can we open up the file? &check_htpasswd_file_existence(); # add the user $now = time(); $salt = $saltset[$$ % 64] . $saltset[$now % 64]; $array{'passwd'} = crypt($array{'passwd'}, $salt); $array{'htpasswd'} = (split(/[;|]/, $array{'htpasswd'}))[0]; open(PWF, "$array{'htpasswd'}"); while () { chop; if (/$array{'username'}\:/) { close(PWF); &print_header_info("User Authentication Manager Error - $array{'username'} already exists", 0); &return_error("User \"$array{'username'}\" already exists"); } } close(PWF); open(PWF, ">>$array{'htpasswd'}"); print PWF "$array{'username'}:$array{'passwd'}\n"; close(PWF); &print_header_info("User Authentication Manager - $array{'username'} added", 0); print <$array{'username'} added to $array{'htpasswd'} The user, "$array{'username'}", was successfully added to the file, "$array{'htpasswd'}" with the password you provided.

ENDTEXT &print_footer_info(); } ################################################## sub change_authgroupfile { local ($newhtaccessfn); # error checking - check authgroupfile &check_authgroupfile_field(); # change the authgroupfile $newhtaccessfn = "$array{'htaccess'}" . ".tmp" . "$$"; open(HTACCESS, "$array{'htaccess'}"); open(NEWHTACCESS, ">$newhtaccessfn"); while () { if (/^AuthGroupFile/i) { print NEWHTACCESS "AuthGroupFile $array{'authgroupfile'}\n"; } else { print NEWHTACCESS "$_"; } } close(HTACCESS); close(NEWHTACCESS); rename($newhtaccessfn, $array{'htaccess'}); &print_header_info("User Authentication Manager - AuthUserFile changed to $array{'authgroupfile'}", 0); print <AuthGroupFile changed to $array{'authgroupfile'} The AuthGroupFile variable was successfully changed to "$array{'authgroupfile'}".

ENDTEXT &print_footer_info(); } ################################################## sub change_authname { local ($newhtaccessfn); # error checking - check authname &check_authname_field(); # change the authname $newhtaccessfn = "$array{'htaccess'}" . ".tmp" . "$$"; open(HTACCESS, "$array{'htaccess'}"); open(NEWHTACCESS, ">$newhtaccessfn"); while () { if (/^AuthName/i) { print NEWHTACCESS "AuthName $array{'authname'}\n"; } else { print NEWHTACCESS "$_"; } } close(HTACCESS); close(NEWHTACCESS); rename($newhtaccessfn, $array{'htaccess'}); &print_header_info("User Authentication Manager - AuthName changed to $array{'authname'}", 0); print <AuthName changed to $array{'authname'} The AuthName variable was successfully changed to "$array{'authname'}".

ENDTEXT &print_footer_info(); } ################################################## sub change_authuserfile { local ($newhtaccessfn); # error checking - check authuserfile &check_authuserfile_field(); # change the authuserfile $newhtaccessfn = "$array{'htaccess'}" . ".tmp" . "$$"; open(HTACCESS, "$array{'htaccess'}"); open(NEWHTACCESS, ">$newhtaccessfn"); while () { if (/^AuthUserFile/i) { print NEWHTACCESS "AuthUserFile $array{'authuserfile'}\n"; } else { print NEWHTACCESS "$_"; } } close(HTACCESS); close(NEWHTACCESS); rename($newhtaccessfn, $array{'htaccess'}); &print_header_info("User Authentication Manager - AuthUserFile changed to $array{'authuserfile'}", 0); print <AuthUserFile changed to $array{'authuserfile'} The AuthUserFile variable was successfully changed to "$array{'authuserfile'}".

ENDTEXT &print_footer_info(); } ################################################## sub change_passwd { local ($now, $salt, $newhtpassfn); $steps = "-1"; if ($ENV{'REMOTE_USER'} eq "admin") { $steps = "-2"; } # error checking - must have username field &check_username_field(); # error checking - passwd and passwd_confirm must match &check_passwd_fields(); &check_passwd_match(); # can we open up the file? &check_htpasswd_file_existence(); # change the password $now = time(); $salt = $saltset[$$ % 64] . $saltset[$now % 64]; $array{'passwd'} = crypt($array{'passwd'}, $salt); $array{'htpasswd'} = (split(/[;|]/, $array{'htpasswd'}))[0]; $newhtpassfn = "$array{'htpasswd'}" . ".tmp" . "$$"; open(PWF, "$array{'htpasswd'}"); open(NEWPWF, ">$newhtpassfn"); while () { if (/$array{'username'}\:/) { print NEWPWF "$array{'username'}:$array{'passwd'}\n"; } else { print NEWPWF $_; } } close(PWF); close(NEWPWF); rename($newhtpassfn, $array{'htpasswd'}); &print_header_info("User Authentication Manager - password for $array{'username'} changed", 0); print <password for $array{'username'} changed The password for the user, "$array{'username'}", was successfully changed to the password you provided.

ENDTEXT &print_footer_info(); } ################################################## sub check_authgroupfile_field { if ($array{'authgroupfile'} eq "") { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for the AuthGroupFile field and resubmit."); } # check to see if the file can be opened if (-e "$array{'authgroupfile'}") { # do nothing } else { unless (open(TESTFP, ">$array{'authgroupfile'}")) { &print_header_info("User Authentication Manager Error - Bad Filename", 0); &return_error("Please provide a valid value for the AuthGroupFile field and resubmit. $!"); } close(TESTFP); } } ################################################## sub check_authname_field { if ($array{'authname'} eq "") { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for the AuthName field and resubmit."); } } ################################################## sub check_authuserfile_field { local ($username, $cryptpw); if ($array{'authuserfile'} eq "") { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for the AuthUserFile field and resubmit."); } # check to see if the file can be opened if (-e "$array{'authuserfile'}") { # do nothing } else { unless (open(TESTFP, ">$array{'authuserfile'}")) { &print_header_info("User Authentication Manager Error - Bad Filename", 0); &return_error("Please provide a valid value for the AuthUserFile field and resubmit. $!"); } # get the admin crypted password open(HTPASSWD, "$array{'htpasswd'}"); while () { chop; if (/^#/) { next; } if (/admin\:/i) { ($username, $cryptpw) = split(/\:/, $_); last; } } close(HTPASSWD); # put in an admin entry print TESTFP "admin:$cryptpw\n"; close(TESTFP); } } ################################################## sub check_directory { if ($array{'htaccess'} eq "") { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for the directory field and resubmit."); } $array{'htaccess'} .= "/" if ($array{'htaccess'} !~ /\/$/); unless (-d "$array{'htaccess'}") { &print_header_info("User Authentication Manager Error - Invalid Field", 0); &return_error("Please provide a valid value for the directory field and resubmit (\"$array{'htaccess'}\" is not a directory)."); } } ################################################## sub check_groupname_field { if ($array{'groupname'} eq "") { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for the Group Name field and resubmit."); } } ################################################## sub check_groupusers_field { if ($array{'groupusers'} eq "") { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for the Group User field and resubmit."); } } ################################################## sub check_htgroup_file_existence { if ($array{'htgroup'} eq "") { $array{'htgroup'} = ".htgroup"; } if (-e "$array{'htgroup'}") { unless (open (HTG, "$array{'htgroup'}")) { &print_header_info("User Authentication Manager Error - cannot open file", 0); &return_error("Cannot open file $array{'htgroup'} to add new group."); } } else { unless (open (HTG, ">$array{'htgroup'}")) { &print_header_info("User Authentication Manager Error - cannot open file", 0); &return_error("Cannot open file $array{'htgroup'} to add new group."); } } close(HTG); } ################################################## sub check_htpasswd_file_existence { if ($array{'htpasswd'} eq "") { $array{'htpasswd'} = ".htpasswd"; } if (-e "$array{'htpasswd'}") { unless (open(HTP, "$array{'htpasswd'}")) { &print_header_info("User Authentication Manager Error - cannot open file", 0); &return_error("Cannot open file $array{'htpasswd'}. $!"); } } else { unless (open(HTP, ">$array{'htpasswd'}")) { &print_header_info("User Authentication Manager Error - cannot open file", 0); &return_error("Cannot open file $array{'htpasswd'}. $!"); } } close(HTP); } ################################################## sub check_limit_fields { local ($index, $kc, $kk, $eka, $ekb); if (($array{'GET'} eq "") && ($array{'POST'} eq "") && ($array{'PUT'} eq "") && ($array{'DELETE'} eq "")) { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for at least one of the methods and resubmit."); } $kc = -1; for ($index = 0; $index <= $array{'limitfields'}; $index++) { $kk = "keep" . $index; if ($array{$kk} eq "yes") { $kc++; $eka = "element" . $index . "a"; $ekb = "element" . $index . "b"; if ($array{$eka} eq "NEW OPTION") { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please select an option for the new directive option button (NEW OPTION is not valid)."); } if (($array{$ekb} eq "") && ($array{$eka} ne "require valid-user")) { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for the directive option \"$array{$eka}\" and resubmit."); } if (($array{$eka} eq "order") && (!(($array{$ekb} eq "deny,allow") || ($array{$ekb} eq "allow,deny") || ($array{$ekb} eq "mutual-failure")))) { &print_header_info("User Authentication Manager Error - Invalid Field", 0); &return_error("Values for the \"order\" directive can include only \"deny,allow\", \"allow,deny\", or \"mutual-failure\" (\"$array{$ekb}\" is not valid)."); } if (($array{$eka} eq "deny from") && ($array{$ekb} =~ /[^a-zA-Z0-9\.\-]/)) { &print_header_info("User Authentication Manager Error - Invalid Field", 0); &return_error("Values for the \"deny from\" directive can include only \"all\", a domain name, host name, full IP address, or partial IP address (\"$array{$ekb}\" is not valid)."); } if (($array{$eka} eq "allow from") && ($array{$ekb} =~ /[^a-zA-Z0-9\.\-]/)) { &print_header_info("User Authentication Manager Error - Invalid Field", 0); &return_error("Values for the \"allow from\" directive can include only \"all\", a domain name, host name, full IP address, or partial IP address (\"$array{$ekb}\" is not valid)."); } if (($array{$eka} eq "require user") && ($array{$ekb} =~ /[^a-zA-Z0-9\ ]/)) { &print_header_info("User Authentication Manager Error - Invalid Field", 0); &return_error("Values for the \"require user\" directive can include only user names (\"$array{$ekb}\" is not valid)."); } if (($array{$eka} eq "require group") && ($array{$ekb} =~ /[^a-zA-Z0-9]/)) { &print_header_info("User Authentication Manager Error - Invalid Field", 0); &return_error("Values for the \"require group\" directive can include only group names (\"$array{$ekb}\" is not valid)."); } if (($array{$eka} eq "satisfy") && (!(($array{$ekb} eq "all") || ($array{$ekb} eq "any")))) { &print_header_info("User Authentication Manager Error - Invalid Field", 0); &return_error("Values for the \"satisfy\" directive can include only \"all\", or \"any\" (\"$array{$ekb}\" is not valid)."); } } } if ($kc == -1) { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please check at least one of the directives and resubmit."); } } ################################################## sub check_newgroupname_field { if ($array{'newgroupname'} eq "") { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for the New Group Name field and resubmit."); } } ################################################## sub check_newusername_field { if ($array{'newusername'} eq "") { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for the New User Name field and resubmit."); } } ################################################## sub check_passwd_fields { if (($array{'passwd'} eq "") || ($array{'passwd_confirm'} eq "")) { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for both the password fields and resubmit."); } } ################################################## sub check_passwd_match { if ($array{'passwd'} ne $array{'passwd_confirm'}) { &print_header_info("User Authentication Manager Error - Password Mismatch", 0); &return_error("Please provide matching values for both the password fields and resubmit."); } } ################################################## sub check_username_field { if ($array{'username'} eq "") { &print_header_info("User Authentication Manager Error - Missing Fields", 0); &return_error("Please provide a value for the User Name field and resubmit."); } } ################################################## sub parse_form_data { local (*FORM_DATA) = @_; local ($request_method, $query_string, @key_value_pairs, $key_value, $key, $value); $request_method = $ENV{'REQUEST_METHOD'}; if ($request_method eq "GET") { $query_string = $ENV{'QUERY_STRING'}; } elsif ($request_method eq "POST") { read(STDIN, $query_string, $ENV{'CONTENT_LENGTH'}); } else { # neither POST nor GET $query_string = $ENV{'QUERY_STRING'}; } @key_value_pairs = split(/&/, $query_string); foreach $key_value (@key_value_pairs) { ($key, $value) = split (/=/, $key_value); $key =~ tr/+/ /; $value =~ tr/+/ /; $value =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex($1))/eg; $value =~ s/^\s+//g; $value =~ s/\s+$//g; if (defined($FORM_DATA{$key})) { $FORM_DATA{$key} = join(" ", $FORM_DATA{$key}, $value); } else { $FORM_DATA{$key} = $value; } } } ################################################## sub print_add_group_form { local ($size, $username, $cryptpw); $size = ($array{'numusers'} > 10) ? 10 : $array{'numusers'}; &print_header_info("User Authentication Manager - Add Group", 0); print <Add Group

Group Name:

Group Users:

ENDTEXT &print_footer_info(); } ################################################## sub print_add_user_form { &print_header_info("User Authentication Manager - Add User", 0); print <Add User

User Names:

Password:

Retype Password:

ENDTEXT &print_footer_info(); } ################################################## sub print_change_passwd_form { # error checking - must have username field &check_username_field(); &print_header_info("User Authentication Manager - Change Password", 0); print <Change Password

New Password:

Retype Password:

ENDTEXT &print_footer_info(); } ################################################## sub print_footer_info { print "\n\n"; } ################################################## sub print_group_composition { local ($username, $cryptpw, $groupname, $groupusers, $size, $sel); # error checking - groupname must be specified &check_groupname_field(); open(HTGROUP, "$array{'htgroup'}"); while () { chop; if (/^#/) { next; } ($groupname, $groupusers) = split(/\:/, $_); if ($groupname eq $array{'groupname'}) { $groupusers = " " . $groupusers . " "; last; } } close(HTGROUP); $size = ($array{'numusers'} > 10) ? 10 : $array{'numusers'}; &print_header_info("User Authentication Manager - Group Composition", 0); print <Group Composition

ENDTEXT &print_footer_info(); } ################################################## sub print_header_info { local ($title, $nocache) = @_; local ($meta); $meta = ""; if ($nocache == 1) { $meta = "\n"; } print < $meta $title ENDHEAD } ################################################## sub print_menu { local ($username, $cryptpw, $size, $groupname, $groupusers); local ($index, $key, $va, $vb, $kv, $sa, $sb, $sc, $sindex, $require); &print_header_info("User Authentication Manager - Menu", 1); print <$array{'htaccess'}

AuthName:

AuthUserFile:

AuthGroupFile:

ENDTEXT if ($limitcount > 0) { print "Limit Definitions (see "; print "http://hoohoo.ncsa.uiuc.edu/docs/setup/access/Limit.html)\n"; } for ($index = 0; $index < $limitcount; $index++) { print "

\n"; print "\n"; print "\n"; print "<Limit "; print "{'GET'}> GET\n"; print "{'POST'}> POST\n"; print "{'PUT'}> PUT\n"; print "{'DELETE'}> DELETE\n"; print ">\n
\n"; $key = 0; while (defined($limits[$index]->{$key})) { # print "$limits[$index]->{$key}
\n"; $va = "element" . $key . "a"; $vb = "element" . $key . "b"; $kv = "keep" . $key; print "    "; print "\n"; if ($limits[$index]->{$key} =~ /^order/) { $sa = ($limits[$index]->{$key} =~ /deny\,allow/) ? "SELECTED" : ""; $sb = ($limits[$index]->{$key} =~ /allow\,deny/) ? "SELECTED" : ""; $sc = ($limits[$index]->{$key} =~ /mutual-failure/) ? "SELECTED" : ""; print " order "; print "\n"; print "\n
\n"; } elsif ($limits[$index]->{$key} =~ /^deny from/) { $limits[$index]->{$key} =~ s/deny from //; print " deny from "; print "\n"; print "{$key}\">\n
\n"; } elsif ($limits[$index]->{$key} =~ /^allow from/) { $limits[$index]->{$key} =~ s/allow from //; print " allow from "; print "\n"; print "{$key}\">\n
\n"; } elsif ($limits[$index]->{$key} =~ /^require/) { $limits[$index]->{$key} .= " "; $sindex = index($limits[$index]->{$key}, " ", 8); $require = substr($limits[$index]->{$key}, 0, $sindex); $limits[$index]->{$key} =~ s/$require //; $limits[$index]->{$key} =~ s/\s$//g; print " $require "; if ($require !~ /valid-user/) { print "\n"; print "{$key}\">\n"; } else { print "\n"; print "\n"; } print "
\n"; } elsif ($limits[$index]->{$key} =~ /^referer deny from/) { $limits[$index]->{$key} =~ s/referer deny from //; print " referer deny from "; print "\n"; print "{$key}\">\n
\n"; } elsif ($limits[$index]->{$key} =~ /^referer allow from/) { $limits[$index]->{$key} =~ s/referer allow from //; print " referer allow from "; print "\n"; print "{$key}\">\n
\n"; } elsif ($limits[$index]->{$key} =~ /^satisfy/) { $sa = ($limits[$index]->{$key} =~ /all/) ? "SELECTED" : ""; $sb = ($limits[$index]->{$key} =~ /any/) ? "SELECTED" : ""; print " satisfy "; print "\n"; print "\n
\n"; } elsif ($limits[$index]->{$key} =~ /^OnDeny/) { $limits[$index]->{$key} =~ s/OnDeny //; print " OnDeny "; print "\n"; print "{$key}\">\n
\n"; } $key++; } $va = "element" . $key . "a"; $vb = "element" . $key . "b"; $kv = "keep" . $key; print "    "; print "\n"; print "\n"; print "\n
\n"; print "\n"; print "</Limit>\n
\n"; print "\n"; if ($limitcount > 1) { print "\n"; } print "
\n

\n"; } print <

ENDTEXT if ($array{'numusers'} > 0) { $size = ""; if ($array{'numusers'} > 10) { $size = "size=10"; } print "User Names:
\n

ENDTEXT } print <

ENDTEXT if ((-T "$array{'htgroup'}") && ($array{'htgroup'} ne "/dev/null")) { if ($array{'numgroups'} > 0) { $size = ""; if ($array{'numgroups'} > 5) { $size = "size=5"; } print "Groups:
\n

ENDTEXT } print "\n

\n"; } print "

\n

\n

\n

\n"; &print_footer_info(); } ################################################## sub print_remove_group_form { # error checking - groupname must be specified &check_groupname_field(); &print_header_info("User Authentication Manager - Remove Group", 0); print <Remove User

Are you sure you want to remove the group, "$array{'groupname'}", from the group file, "$array{'htgroup'}"?

ENDTEXT &print_footer_info(); } ################################################## sub print_remove_user_form { # error checking - username must be specified &check_username_field(); &print_header_info("User Authentication Manager - Remove User", 0); print <Remove User

Are you sure you want to remove the user, "$array{'username'}", from the group file, "$array{'htpasswd'}"?

ENDTEXT &print_footer_info(); } ################################################## sub print_rename_group_form { # error checking - must have groupname &check_groupname_field(); &print_header_info("User Authentication Manager - Rename Group", 0); print <Rename Group $array{'groupname'}

New Group Name:

ENDTEXT &print_footer_info(); } ################################################## sub print_rename_user_form { # error checking - must have username &check_username_field(); &print_header_info("User Authentication Manager - Rename User", 0); print <Rename User $array{'username'}

New User Name:

ENDTEXT &print_footer_info(); } ################################################## sub read_passwd_group_info { local ($prefix, $index) = @_; # figure out where the .htaccess file reside (if not found then # punt).... note: parsing authentication set up in the access.conf # file is not currently supported by this script if ($array{'htaccess'} eq "") { $prefix = "."; while (1) { unless (-e "$prefix") { last; } $array{'htaccess'} = $prefix . "/.htaccess"; if (-e "$array{'htaccess'}") { last; } $prefix .= "/.."; } } else { # make sure the htaccess file is valid if (-d "$array{'htaccess'}") { $array{'htaccess'} .= "/" if ($array{'htaccess'} !~ /\/$/); $array{'htaccess'} .= ".htaccess"; } } unless (-e "$array{'htaccess'}") { # prompt for a .htaccess file $array{'htaccess'} = ""; &print_header_info("User Authentication Manager Error - cannot find htaccess file", 0); print <htaccess Path Specification

Please specify a directory which either contains a .htaccess file or one which you would like one created. For example: '/usr/local/etc/httpd/htdocs/some_directory'.

ENDTEXT &print_footer_info(); exit(0); } $limitcount = $limitoptions = 0; open(HTACCESS, "$array{'htaccess'}"); while () { chop; s/^\s+//g; s/\s+$//g; if (/^AuthUserFile/i) { ($tag, $array{'htpasswd'}) = split(/\ /, $_); } elsif (/^AuthGroupFile/i) { ($tag, $array{'htgroup'}) = split(/\ /, $_); } elsif (/^AuthName/i) { $index = index($_, " "); $array{'htauthname'} = substr($_, $index+1); } elsif (/\{'GET'} = "CHECKED" if (/GET/); $limits[$limitcount]->{'POST'} = "CHECKED" if (/POST/); $limits[$limitcount]->{'PUT'} = "CHECKED" if (/PUT/); $limits[$limitcount]->{'DELETE'} = "CHECKED" if (/DELETE/); } elsif (/\<\/Limit\>/i) { $limitcount++; $limitoptions = 0; } elsif ((/^order/i) || (/^deny/i) || (/^allow/i) || (/^require/i) || (/^referer/i) || (/^satisfy/i) || (/^onDeny/i)) { $limits[$limitcount]->{$limitoptions} = "$_"; $limitoptions++; } } close(HTACCESS); # count the number of users (should be greater than zero) $array{'numusers'} = 0; if (-e "$array{'htpasswd'}") { open(HTPASSWD, "$array{'htpasswd'}"); while () { chop; if (/^#/) { next; } if (/\:/) { $array{'numusers'}++; } } close(HTPASSWD); } # count the number of groups $array{'numgroups'} = 0; if ((-e "$array{'htgroup'}") && (-T "$array{'htgroup'}")) { open(HTGROUP, "$array{'htgroup'}"); while () { chop; if (/^#/) { next; } if (/\:/) { $array{'numgroups'}++; } } close(HTGROUP); } } ################################################## sub remove_group { local ($newhtgroupfn); # error checking - must select a groupname &check_groupname_field(); # can we open up the file? &check_htgroup_file_existence(); # remove the group $array{'htgroup'} = (split(/[;|]/, $array{'htgroup'}))[0]; $newhtgroupfn = "$array{'htgroup'}" . ".tmp" . "$$"; open(GROUPF, "$array{'htgroup'}"); open(NEWGROUPF, ">$newhtgroupfn"); while () { if (/$array{'groupname'}\:/) { # do nothing } else { print NEWGROUPF $_; } } close(GROUPF); close(NEWGROUPF); rename($newhtgroupfn, $array{'htgroup'}); &print_header_info("User Authentication Manager - $array{'groupname'} removed", 0); print <$array{'groupname'} removed The group, "$array{'groupname'}", was successfully removed from the group file, "$array{'htgroup'}".

ENDTEXT &print_footer_info(); } ################################################## sub remove_limit_directive { local ($newhtaccessfn); # remove the limit directive $newhtaccessfn = "$array{'htaccess'}" . ".tmp" . "$$"; open(HTACCESS, "$array{'htaccess'}"); open(NEWHTACCESS, ">$newhtaccessfn"); $limitcount = -1; while () { if (/\) { if (/\<\/Limit\>/i) { last; } } } else { print NEWHTACCESS "$_"; } } else { print NEWHTACCESS "$_"; } } close(HTACCESS); close(NEWHTACCESS); rename($newhtaccessfn, $array{'htaccess'}); &print_header_info("User Authentication Manager - Limit Definition Removed", 0); print <Limit Definition Removed The Limit Definition you selected was successfully removed.

ENDTEXT &print_footer_info(); } ################################################## sub remove_user { local ($newhtpassfn); # error checking - must select a username &check_username_field(); # can we open up the file? &check_htpasswd_file_existence(); # remove the user $array{'htpasswd'} = (split(/[;|]/, $array{'htpasswd'}))[0]; $newhtpassfn = "$array{'htpasswd'}" . ".tmp" . "$$"; open(PWF, "$array{'htpasswd'}"); open(NEWPWF, ">$newhtpassfn"); while () { if (/$array{'username'}\:/) { # do nothing } else { print NEWPWF $_; } } close(PWF); close(NEWPWF); rename($newhtpassfn, $array{'htpasswd'}); &print_header_info("User Authentication Manager - $array{'username'} removed", 0); print <$array{'username'} removed The user, "$array{'username'}", was successfully removed from the password file, "$array{'htpasswd'}".

ENDTEXT &print_footer_info(); } ################################################## sub rename_group { local ($newhtgroupfn, $groupname, $groupusers); # error checking - must have newgroupname &check_newgroupname_field(); # can we open up the file? &check_htgroup_file_existence(); # change the group entry $array{'htgroup'} = (split(/[;|]/, $array{'htgroup'}))[0]; $newhtgroupfn = "$array{'htgroup'}" . ".tmp" . "$$"; open(GPF, "$array{'htgroup'}"); open(NEWGPF, ">$newhtgroupfn"); while () { if (/$array{'groupname'}\:/) { ($groupname, $groupusers) = split(/\:/, $_); print NEWGPF "$array{'newgroupname'}:$groupusers"; } else { print NEWGPF $_; } } close(GPF); close(NEWGPF); rename($newhtgroupfn, $array{'htgroup'}); &print_header_info("User Authentication Manager - $array{'groupname'} changed to $array{'newgroupname'}", 0); print <$array{'groupname'} changed to $array{'newgroupname'} The name of the group, "$array{'groupname'}", was successfully changed to the new group name, "$array{'newgroupname'}".

ENDTEXT &print_footer_info(); } ################################################## sub rename_user { local ($newhtpasswdfn, $username, $cryptpw); # error checking - must have newusername &check_newusername_field(); # can we open up the file? &check_htpasswd_file_existence(); # change the user entry $array{'htpasswd'} = (split(/[;|]/, $array{'htpasswd'}))[0]; $newhtpasswdfn = "$array{'htpasswd'}" . ".tmp" . "$$"; open(PWF, "$array{'htpasswd'}"); open(NEWPWF, ">$newhtpasswdfn"); while () { if (/$array{'username'}\:/) { ($username, $cryptpw) = split(/\:/, $_); print NEWPWF "$array{'newusername'}:$cryptpw"; } else { print NEWPWF $_; } } close(PWF); close(NEWPWF); rename($newhtpasswdfn, $array{'htpasswd'}); &print_header_info("User Authentication Manager - $array{'username'} changed to $array{'newusername'}", 0); print <$array{'username'} changed to $array{'newusername'} The name of the user, "$array{'username'}", was successfully changed to the new user name, "$array{'newusername'}".

ENDTEXT &print_footer_info(); } ################################################## sub return_error { local ($message) = @_; print <

User Authentication Manager Error

An unknown error has been encountered. The error message is listed below:

    $message

ENDERROR &print_footer_info(); exit(1); } ################################################## sub update_group { local ($newhtgroupfn); # error checking - must have groupusers &check_groupusers_field(); # can we open up the file? &check_htgroup_file_existence(); # change the group entry $array{'htgroup'} = (split(/[;|]/, $array{'htgroup'}))[0]; $newhtgroupfn = "$array{'htgroup'}" . ".tmp" . "$$"; open(GPF, "$array{'htgroup'}"); open(NEWGPF, ">$newhtgroupfn"); while () { if (/$array{'groupname'}\:/) { print NEWGPF "$array{'groupname'}:$array{'groupusers'}\n"; } else { print NEWGPF $_; } } close(GPF); close(NEWGPF); rename($newhtgroupfn, $array{'htgroup'}); &print_header_info("User Authentication Manager - user composition for $array{'groupname'} changed", 0); print <user composition for $array{'groupname'} changed The user composition for the group, "$array{'groupname'}", was successfully changed to include the following users, "$array{'groupusers'}".

ENDTEXT &print_footer_info(); } ################################################## sub update_limit_fields { local ($newhtaccessfn, $newline, $ltxt, $methods, $index, $kk, $eka, $ekb); # check for valid input &check_limit_fields(); # remove the limit directive $newhtaccessfn = "$array{'htaccess'}" . ".tmp" . "$$"; open(HTACCESS, "$array{'htaccess'}"); open(NEWHTACCESS, ">$newhtaccessfn"); $limitcount = -1; while () { if (/\) { if (/\<\/Limit\>/i) { last; } } # print out the new limit definition $ltxt = $methods = ""; $methods .= " GET" if ($array{'GET'} eq "CHECKED"); $methods .= " POST" if ($array{'POST'} eq "CHECKED"); $methods .= " PUT" if ($array{'PUT'} eq "CHECKED"); $methods .= " DELETE" if ($array{'DELETE'} eq "CHECKED"); $newline = "\n"; print NEWHTACCESS "$newline"; $ltxt .= "$newline"; for ($index = 0; $index <= $array{'limitfields'}; $index++) { $kk = "keep" . $index; if ($array{$kk} eq "yes") { $eka = "element" . $index . "a"; $ekb = "element" . $index . "b"; $newline = " $array{$eka} $array{$ekb}\n"; print NEWHTACCESS "$newline"; $ltxt .= "$newline"; } } $newline = "\n"; print NEWHTACCESS "$newline"; $ltxt .= $newline; } else { print NEWHTACCESS "$_"; } } else { print NEWHTACCESS "$_"; } } close(HTACCESS); close(NEWHTACCESS); rename($newhtaccessfn, $array{'htaccess'}); $ltxt =~ s/\Limit Definition Updated The Limit Definition you selected was successfully updated. 

$ltxt

ENDTEXT &print_footer_info(); } ############################################################################## # eof htaccess.pl