htauth 1.0.0

data/CHANGES

@@ -0,0 +1,4 @@
+= rpasswd Changelog
+=== Version 1.0.0
+
+* Initial public release

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2008 Jeremy Hinegardner
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README

@@ -0,0 +1,94 @@
+== HTAuth
+
+* Homepage[http://copiousfreetime.rubyforge.org/htauth]
+* {Rubyforge Project}[http://rubyforge.org/projects/copiousfreetime/]
+* email jeremy at hinegardner dot org
+
+== DESCRIPTION
+
+HTAuth is a pure ruby replacement for the Apache support programs +htdigest+ and
++htpasswd+.  Command line and API access are provided for access to htdigest and
+htpasswd files.
+
+== FEATURES 
+
+Rpassword provides to drop in commands *htdigest-ruby* and *htpasswd-ruby* that
+can manipulate the digest and passwd files in the same manner as Apache's
+original commands.  
+
+*htdigest-ruby* and *htpasswd-ruby* are command line compatible with *htdigest*
+and *htpasswd*.  They support the same exact same command line options as the
+originals, and have some extras.
+
+Additionally, you can access all the functionality of *htdigest-ruby* and
+*htpasswd-ruby* through an API.
+
+== SYNOPSIS
+
+* htpasswd-ruby command line application
+
+    Usage: 
+    htpasswd-ruby [-cmdpsD] passwordfile username
+    htpasswd-ruby -b[cmdpsD] passwordfile username password
+
+    htpasswd-ruby -n[mdps] username
+    htpasswd-ruby -nb[mdps] username password
+
+    -b, --batch                      Batch mode, get the password from the command line, rather than prompt
+    -c, --create                     Create a new file; this overwrites an existing file.
+    -d, --crypt                      Force CRYPT encryption of the password (default).
+    -D, --delete                     Delete the specified user.
+    -h, --help                       Display this help.
+    -m, --md5                        Force MD5 encryption of the password (default on Windows).
+    -n, --stdout                     Do not update the file; Display the results on stdout instead.
+    -p, --plaintext                  Do not encrypt the password (plaintext).
+    -s, --sha1                       Force SHA encryption of the password.
+    -v, --version                    Show version info.
+
+* htdigest-ruby command line application
+
+    Usage: htdigest-ruby [options] passwordfile realm username
+    -c, --create                     Create a new digest password file; this overwrites an existing file.
+    -D, --delete                     Delete the specified user.
+    -h, --help                       Display this help.
+    -v, --version                    Show version info.
+
+* API Usage
+
+   HTAuth::DigestFile.new("some.htdigest") do |df|
+      df.add_or_update('someuser', 'myrealm', 'a password')
+      df.delete('someolduser', 'myotherrealm')
+   end
+
+   HTAuth::PasswdFile.new("some.htpasswd", HTAuth::File::CREATE) do |pf|
+      pf.add('someuser', 'a password', 'md5')
+      pf.add('someotheruser', 'a different password', 'sha1')
+   end
+  
+   
+== CREDITS
+
+* {The Apache Software Foundation}[http://www.apache.org/]
+* all the folks who contributed to htdigest and htpassword 
+
+== LICENSE
+
+Copyright (c) 2008 Jeremy Hinegardner
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/bin/htdigest-ruby

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+begin
+    require 'htauth'
+rescue LoadError 
+    path = File.expand_path(File.join(File.dirname(__FILE__),"..","lib"))
+    raise if $:.include?(path)
+    $: << path
+    retry
+end
+
+HTAuth::Digest.new.run(ARGV)

data/bin/htpasswd-ruby

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+begin
+    require 'htauth'
+rescue LoadError 
+    path = File.expand_path(File.join(File.dirname(__FILE__),"..","lib"))
+    raise if $:.include?(path)
+    $: << path
+    retry
+end
+
+HTAuth::Passwd.new.run(ARGV)

data/lib/htauth/algorithm.rb

@@ -0,0 +1,67 @@
+
+module HTAuth
+    class InvalidAlgorithmError < StandardError ; end
+    # base class all the Passwd algorithms derive from
+    class Algorithm
+
+        SALT_CHARS    = (%w[ . / ] + ("0".."9").to_a + ('A'..'Z').to_a + ('a'..'z').to_a).freeze
+        DEFAULT       = ( RUBY_PLATFORM !~ /mswin32/ ) ? "crypt" : "md5"
+        EXISTING      = "existing"
+
+        class << self
+            def algorithm_from_name(a_name, params = {})
+                raise InvalidAlgorithmError, "`#{a_name}' is an invalid encryption algorithm, use one of #{sub_klasses.keys.join(', ')}" unless sub_klasses[a_name.downcase]
+                sub_klasses[a_name.downcase].new(params)
+            end
+
+            def algorithms_from_field(password_field)
+                matches = []
+
+                if password_field.index(sub_klasses['sha1'].new.prefix) then
+                    matches << sub_klasses['sha1'].new
+                elsif password_field.index(sub_klasses['md5'].new.prefix) then
+                    p = password_field.split("$")
+                    matches << sub_klasses['md5'].new( :salt => p[2] )
+                else
+                    matches << sub_klasses['plaintext'].new
+                    matches << sub_klasses['crypt'].new( :salt => password_field[0,2] )
+                end
+
+                return matches
+            end
+
+            def inherited(sub_klass)
+                k = sub_klass.name.split("::").last.downcase
+                sub_klasses[k] = sub_klass
+            end
+
+            def sub_klasses
+                @sub_klasses ||= {}
+            end
+        end
+
+        def prefix ; end
+        def encode(password) ; end
+        
+        # 8 bytes of random items from SALT_CHARS
+        def gen_salt
+            chars = []
+            8.times { chars << SALT_CHARS[rand(SALT_CHARS.size)] }
+            chars.join('')     
+        end
+
+        # this is not the Base64 encoding, this is the to64() method from apr
+        def to_64(number, rounds)
+            r = StringIO.new
+            rounds.times do |x|
+                r.print(SALT_CHARS[number % 64])
+                number >>= 6
+            end
+            return r.string
+        end
+    end
+end
+require 'htauth/md5'
+require 'htauth/sha1'
+require 'htauth/crypt'
+require 'htauth/plaintext'

data/lib/htauth/crypt.rb

@@ -0,0 +1,20 @@
+require 'htauth/algorithm'
+
+module HTAuth
+
+    # The basic crypt algorithm
+    class Crypt < Algorithm
+        
+        def initialize(params = {})
+            @salt = params[:salt] || params['salt'] || gen_salt
+        end
+
+        def prefix
+            ""
+        end
+
+        def encode(password)
+            password.crypt(@salt)
+        end
+    end
+end

data/lib/htauth/digest.rb

@@ -0,0 +1,128 @@
+require 'htauth/digest_file'
+require 'ostruct'
+require 'optparse'
+
+require 'rubygems'
+require 'highline'
+
+module HTAuth
+    class Digest
+
+        MAX_PASSWD_LENGTH = 255
+
+        attr_accessor :digest_file
+
+        def initialize
+            @digest_file = nil
+        end
+
+        def options
+            if @options.nil? then
+                @options                = ::OpenStruct.new
+                @options.show_version   = false
+                @options.show_help      = false
+                @options.file_mode      = DigestFile::ALTER
+                @options.passwdfile     = nil
+                @options.realm          = nil
+                @options.username       = nil
+                @options.delete_entry   = false
+            end
+            @options
+        end
+
+        def option_parser
+            if not @option_parser then
+                @option_parser = OptionParser.new do |op|
+                    op.banner = "Usage: #{op.program_name} [options] passwordfile realm username"
+                    op.on("-c", "--create", "Create a new digest password file; this overwrites an existing file.") do |c|
+                        options.file_mode = DigestFile::CREATE
+                    end
+
+                    op.on("-D", "--delete", "Delete the specified user.") do |d|
+                        options.delete_entry = d
+                    end
+
+                    op.on("-h", "--help", "Display this help.") do |h|
+                        options.show_help = h
+                    end
+
+                    op.on("-v", "--version", "Show version info.") do |v|
+                        options.show_version = v
+                    end
+                end
+            end
+            @option_parser
+        end
+
+        def show_help
+            $stdout.puts option_parser
+            exit 1
+        end
+
+        def show_version
+            $stdout.puts "#{option_parser.program_name}: version #{HTAuth::VERSION}"
+            exit 1
+        end
+
+        def parse_options(argv)
+            begin
+                option_parser.parse!(argv)
+                show_version if options.show_version
+                show_help if options.show_help or argv.size < 3
+
+                options.passwdfile = argv.shift
+                options.realm      = argv.shift
+                options.username   = argv.shift
+            rescue ::OptionParser::ParseError => pe
+                $stderr.puts "ERROR: #{option_parser.program_name} - #{pe}"
+                $stderr.puts "Try `#{option_parser.program_name} --help` for more information"
+                exit 1
+            end
+        end
+
+        def run(argv)
+            begin
+                parse_options(argv)
+                digest_file = DigestFile.new(options.passwdfile, options.file_mode)
+
+                if options.delete_entry then
+                    digest_file.delete(options.username, options.realm)
+                else
+                    # initialize here so that if $stdin is overwritten it gest picked up
+                    hl = ::HighLine.new
+
+                    action = digest_file.has_entry?(options.username, options.realm) ? "Changing" : "Adding"
+
+                    $stdout.puts "#{action} password for #{options.username} in realm #{options.realm}."
+
+                    pw_in       = hl.ask("        New password: ") { |q| q.echo = '*' } 
+                    raise PasswordError, "password '#{pw_in}' too long" if pw_in.length >= MAX_PASSWD_LENGTH
+                    
+                    pw_validate = hl.ask("Re-type new password: ") { |q| q.echo = '*' }
+                    raise PasswordError, "They don't match, sorry." unless pw_in == pw_validate
+
+                    digest_file.add_or_update(options.username, options.realm, pw_in)
+                end
+
+                digest_file.save!
+
+            rescue HTAuth::FileAccessError => fae
+                msg = "Could not open password file #{options.passwdfile} "
+                $stderr.puts "#{msg}: #{fae.message}"
+                $stderr.puts fae.backtrace.join("\n")
+                exit 1
+            rescue HTAuth::PasswordError => pe
+                $stderr.puts "#{pe.message}"
+                exit 1
+            rescue HTAuth::DigestFileError => fe
+                $stderr.puts "#{fe.message}"
+                exit 1
+            rescue SignalException => se
+                $stderr.puts
+                $stderr.puts "Interrupted"
+                exit 1
+            end
+            exit 0
+        end
+    end
+end

data/lib/htauth/digest_entry.rb

@@ -0,0 +1,72 @@
+require 'digest/md5'
+
+module HTAuth
+    class InvalidDigestEntry < StandardError ; end
+
+    # A single record in an htdigest file.  
+    class DigestEntry
+
+        attr_accessor :user
+        attr_accessor :realm
+        attr_accessor :digest
+
+        class << self
+            def from_line(line)
+                parts = is_entry!(line)
+                d = DigestEntry.new(parts[0], parts[1])
+                d.digest = parts[2]
+                return d
+            end
+
+            # test if a line is an entry, raise InvalidDigestEntry if it is not.
+            # an entry must be composed of 3 parts, username:realm:md5sum
+            # where username, and realm do not contain the ':' character 
+            # and the md5sum must be 32 characters long.
+            def is_entry!(line)
+                raise InvalidDigestEntry, "line commented out" if line =~ /\A#/
+                parts = line.strip.split(":")
+                raise InvalidDigestEntry, "line must be of the format username:realm:md5checksum" if parts.size != 3
+                raise InvalidDigestEntry, "md5 checksum is not 32 characters long" if parts.last.size  != 32
+                raise InvalidDigestEntry, "md5 checksum has invalid characters" if parts.last !~ /\A[[:xdigit:]]{32}\Z/
+                return parts
+            end
+
+            # test if a line is an entry and return true or false
+            def is_entry?(line)
+                begin
+                    is_entry!(line)
+                    return true
+                rescue InvalidDigestEntry
+                    return false
+                end
+            end
+        end
+
+        def initialize(user, realm, password = "")
+            @user     = user
+            @realm    = realm
+            @digest   = calc_digest(password)
+        end
+
+        def password=(new_password)
+            @digest = calc_digest(new_password)
+        end
+
+        def calc_digest(password)
+            ::Digest::MD5.hexdigest("#{user}:#{realm}:#{password}")
+        end
+
+        def authenticated?(check_password)
+            hd = ::Digest::MD5.hexdigest("#{user}:#{realm}:#{check_password}")
+            return hd == digest
+        end
+
+        def key
+            "#{user}:#{realm}"
+        end
+
+        def to_s
+            "#{user}:#{realm}:#{digest}"
+        end
+    end
+end

data/lib/htauth/digest_file.rb

@@ -0,0 +1,85 @@
+require 'stringio'
+require 'tempfile'
+
+require 'htauth/file'
+require 'htauth/digest_entry'
+
+module HTAuth
+    class DigestFileError < StandardError ; end
+    class DigestFile < HTAuth::File
+
+        ENTRY_KLASS = HTAuth::DigestEntry
+
+        # does the entry the the specified username and realm exist in the file
+        def has_entry?(username, realm)
+            test_entry = DigestEntry.new(username, realm)
+            @entries.has_key?(test_entry.key)
+        end
+
+        # remove an entry from the file
+        def delete(username, realm)
+            if has_entry?(username, realm) then
+                ir = internal_record(username, realm)
+                line_index = ir['line_index']
+                @entries.delete(ir['entry'].key)
+                @lines[line_index] = nil
+                dirty!
+            end
+            nil
+        end
+
+        # add or update an entry as appropriate
+        def add_or_update(username, realm, password)
+            if has_entry?(username, realm) then
+                update(username, realm, password)
+            else
+                add(username, realm, password)
+            end
+        end
+
+        # add an new record.  raises an error if the entry exists.
+        def add(username, realm, password)
+            raise DigestFileError, "Unable to add already existing user #{username} in realm #{realm}" if has_entry?(username, realm)
+            
+            new_entry = DigestEntry.new(username, realm, password)
+            new_index = @lines.size
+            @lines << new_entry.to_s
+            @entries[new_entry.key] = { 'entry' => new_entry, 'line_index' => new_index }
+            dirty!
+            return nil
+        end
+
+        # update an already existing entry with a new password.  raises an error if the entry does not exist
+        def update(username, realm, password)
+            raise DigestFileError, "Unable to update non-existent user #{username} in realm #{realm}" unless has_entry?(username, realm)
+            ir = internal_record(username, realm)
+            ir['entry'].password = password
+            @lines[ir['line_index']] = ir['entry'].to_s
+            dirty!
+            return nil
+        end
+
+        # fetches a copy of an entry from the file.  Updateing the entry returned from fetch will NOT
+        # propogate back to the file.
+        def fetch(username, realm)
+            return nil unless has_entry?(username, realm)
+            ir = internal_record(username, realm)
+            return ir['entry'].dup
+        end
+
+        def entry_klass
+            ENTRY_KLASS
+        end
+
+        def file_type
+            "digest"
+        end
+
+        private
+
+        def internal_record(username, realm)
+            e = DigestEntry.new(username, realm)
+            @entries[e.key]
+        end
+    end
+end

data/lib/htauth/entry.rb

@@ -0,0 +1,9 @@
+module HTAuth
+
+    # base class from which all entries are derived
+    class Entry
+        def dup
+            self.class.from_line(self.to_s)
+        end
+    end
+end

data/lib/htauth/file.rb

@@ -0,0 +1,102 @@
+require 'stringio'
+
+module HTAuth
+    class FileAccessError < StandardError ; end
+    class File
+        ALTER  = "alter"
+        CREATE = "create"
+        STDOUT_FLAG = "-"
+
+        attr_reader :filename
+        attr_reader :file
+
+        class << self
+            # open a file yielding the the file object for use.  The file is saved when 
+            # the block exists, if the file has had alterations made.
+            def open(filename, mode = ALTER) 
+                f = self.new(filename, mode)
+                if block_given?
+                    begin
+                        yield f
+                    ensure
+                        f.save! if f and f.dirty?
+                    end
+                end
+                return f
+            end
+        end
+
+        # Create or Alter a password file.
+        #
+        # Altering a non-existent file is an error.  Creating an existing file results in
+        # a truncation and overwrite of the existing file.
+        def initialize(filename, mode = ALTER)
+            @filename   = filename
+            @mode       = mode
+            @dirty      = false
+            
+            raise FileAccessError, "Invalid mode #{mode}" unless [ ALTER, CREATE ].include?(mode)
+
+            if (filename != STDOUT_FLAG) and (mode == ALTER) and (not ::File.exist?(filename)) then
+                raise FileAccessError, "Could not open passwd file #{filename} for reading." 
+            end
+
+            begin
+                @entries  = {}
+                @lines    = []
+                load_entries if (@mode == ALTER) and (filename != STDOUT_FLAG)
+            rescue => e
+                raise FileAccessError, e.message
+            end
+        end
+
+        # return whether or not an alteration to the file has happened
+        def dirty?
+            @dirty
+        end
+
+        # mark the file as dirty
+        def dirty!
+            @dirty = true
+        end
+
+        # update the original file with the new contents
+        def save!
+            begin
+                case filename
+                when STDOUT_FLAG
+                    $stdout.write(contents)
+                else
+                    ::File.open(@filename,"w") do |f|
+                        f.write(contents)
+                    end
+                end
+                @dirty = false
+            rescue => e
+                raise FileAccessError, "Error saving file #{@filename} : #{e.message}"
+            end
+        end
+
+        # return what should be the contents of the file
+        def contents
+            c = StringIO.new
+            @lines.each do |l| 
+                c.puts l if l
+            end
+            c.string
+        end
+
+        # load up entries, keep items in the same order and do not trim out any 
+        # items in the file, like commented out lines or empty space
+        def load_entries
+            @lines   = IO.readlines(@filename)
+            @lines.each_with_index do |line,idx|
+                if entry_klass.is_entry?(line) then
+                    entry = entry_klass.from_line(line)
+                    v     = { 'entry' => entry, 'line_index' => idx }
+                    @entries[entry.key] = v
+                end
+            end
+        end
+    end
+end

data/lib/htauth/gemspec.rb

@@ -0,0 +1,52 @@
+require 'rubygems'
+require 'htauth/specification'
+require 'htauth/version'
+require 'rake'
+
+# The Gem Specification plus some extras for htauth.
+module HTAuth
+    SPEC = HTAuth::Specification.new do |spec|
+                spec.name               = "htauth"
+                spec.version            = HTAuth::VERSION
+                spec.rubyforge_project  = "copiousfreetime"
+                spec.author             = "Jeremy Hinegardner"
+                spec.email              = "jeremy@hinegardner.org"
+                spec.homepage           = "http://copiousfreetime.rubyforge.org/htauth"
+
+                spec.summary            = "HTAuth provides htdigest and htpasswd support."
+                spec.description        = <<-DESC
+                HTAuth is a pure ruby replacement for the Apache support programs htdigest
+                and htpasswd.  Command line and API access are provided for access to
+                htdigest and htpasswd files.
+                DESC
+
+                spec.extra_rdoc_files   = FileList["CHANGES", "LICENSE", "README"]
+                spec.has_rdoc           = true
+                spec.rdoc_main          = "README"
+                spec.rdoc_options       = [ "--line-numbers" , "--inline-source" ]
+
+                spec.test_files         = FileList["spec/**/*"]
+                spec.executables        << "htdigest-ruby" 
+                spec.executables        << "htpasswd-ruby" 
+                spec.files              = spec.test_files + spec.extra_rdoc_files + 
+                                          FileList["lib/**/*.rb"]
+               
+                spec.add_dependency("highline", ">= 1.4.0")
+
+                spec.platform           = Gem::Platform::RUBY
+
+                spec.remote_user        = "jjh"
+                spec.local_rdoc_dir     = "doc/rdoc"
+                spec.remote_rdoc_dir    = ""
+                spec.local_coverage_dir = "doc/coverage"
+
+                spec.remote_site_dir    = "#{spec.name}/"
+
+                spec.post_install_message = <<EOM
+Try out 'htpasswd-ruby' or 'htdigest-ruby' to get started.
+EOM
+
+           end
+end
+
+