From ea4e672527e83ba9585b76322390761291a5e5b9 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Thu, 13 Feb 2014 04:03:46 +0100 Subject: [PATCH] htextauth: Added a simple authenticator program for example purposes. --- doc/htextauth.doc | 10 ++++++++++ etc/extauth/mkhtpasswd | 37 +++++++++++++++++++++++++++++++++++++ etc/extauth/vhtpasswd | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100755 etc/extauth/mkhtpasswd create mode 100755 etc/extauth/vhtpasswd diff --git a/doc/htextauth.doc b/doc/htextauth.doc index b985492..8c3b6f7 100644 --- a/doc/htextauth.doc +++ b/doc/htextauth.doc @@ -78,6 +78,16 @@ the client. Note that *htextauth* will wait for the authentication program to exit and not process any other requests until then. +FILES +----- +The file `etc/extauth/vhtpasswd` in the *ashd* source distribution is +a simple authenticator program (written in Python) that can be used +with *htextauth*, which verifies the given credentials against a +simple database of users with encrypted passwords. It can be used as +is, or as a simple example of how to produce authenticator +programs. The accompanying `mkhtpasswd` program can be used to +maintain the password database. + AUTHOR ------ Fredrik Tolf diff --git a/etc/extauth/mkhtpasswd b/etc/extauth/mkhtpasswd new file mode 100755 index 0000000..923ab07 --- /dev/null +++ b/etc/extauth/mkhtpasswd @@ -0,0 +1,37 @@ +#!/usr/bin/python + +import sys, os, termios, hmac, hashlib, getopt, getpass + +def usage(out): + out.write("usage: mkhtpasswd [-h] FILE USERNAME\n") + +opts, args = getopt.getopt(sys.argv[1:], "h") +for o, a in opts: + if o == "-h": + usage(sys.stdout) + sys.exit(0) +if len(args) < 2: + usage(sys.stderr) + sys.exit(1) + +def hashpw(usr, pw): + dig = hmac.new(pw, digestmod=hashlib.sha1) + dig.update(usr) + return dig.hexdigest() + +if ':' in args[1]: + sys.stderr.write("mkhtpasswd: username cannot contain `:'\n") + sys.exit(1) + +passwds = {} +if os.path.exists(args[0]): + with open(args[0]) as fp: + for line in fp: + usr, pw = line.strip().split(':') + passwds[usr] = pw + +passwds[args[1]] = hashpw(args[1], getpass.getpass()) + +with open(args[0], "w") as fp: + for usr, pw in passwds.iteritems(): + fp.write("%s:%s\n" % (usr, pw)) diff --git a/etc/extauth/vhtpasswd b/etc/extauth/vhtpasswd new file mode 100755 index 0000000..422206d --- /dev/null +++ b/etc/extauth/vhtpasswd @@ -0,0 +1,34 @@ +#!/usr/bin/python + +import sys, hmac, hashlib, getopt + +def usage(out): + out.write("usage: vhtpasswd [-h] FILE\n") + +opts, args = getopt.getopt(sys.argv[1:], "h") +for o, a in opts: + if o == "-h": + usage(sys.stdout) + sys.exit(0) +if len(args) < 1: + usage(sys.stderr) + sys.exit(1) + +def hashpw(usr, pw): + dig = hmac.new(pw, digestmod=hashlib.sha1) + dig.update(usr) + return dig.hexdigest() + +def findpw(fn, name): + with open(fn) as fp: + for line in fp: + usr, pw = line.strip().split(':') + if usr == name: + return pw + return None + +usr = sys.stdin.readline().strip() +gpw = sys.stdin.readline().strip() +if findpw(args[0], usr) == hashpw(usr, gpw): + sys.exit(0) +sys.exit(1) -- 2.11.0