NCCI Perl Modules

NCCI Perl Documentation CryptPasswordFile(3)

NAME

CryptPasswordFile - Manage Unix crypt-style password file.

SYNOPSIS

# Access to modules (see the NOTES section for setup)

BEGIN {

...

push (@INC, "../sys/csbase/lib");

}

use CryptPasswordFile;

$pwdFile = new CryptPasswordFile ($pwdFileName);

# Add a regular entry

$pwdFile->addEntry ("smedley", "secret") ||

die "$0: Unexpected error: " . $pwdFile->lastError ();

# Check that the password is correct

my ($r);

$r = $pwdFile->checkPassword ("smedley", "secret");

if (! defined ($r)) {

die "$0: Unexpected error: " . $pwdFile->lastError ();

} elsif (! $r) {

die "$0: checkPassword for smedley did not match";

}

# ... and that an incorrect password is not accepted.

$r = $pwdFile->checkPassword ("smedley", "notsecret");

if ($r ne 0) {

die "$0: checkPassword did not detect incorrect password";

}

# Change the password

$pwdFile->changePassword ("smedley", "secret", "newsecret") ||

die "$0: Unexpected error: " . $pwdFile->lastError ();

# Check that the password is correct

$r = $pwdFile->checkPassword ("smedley", "newsecret");

if (! defined ($r)) {

die "$0: Unexpected error: " . $pwdFile->lastError ();

} elsif (! $r) {

die "$0: checkPassword for smedley did not match";

}

19/Mar/01 Last change: perl 5.004, patch 01 1

NCCI Perl Documentation CryptPasswordFile(3)

# Force a password

$pwdFile->forcePassword ("smedley", "forced") ||

die "$0: Unexpected error: " . $pwdFile->lastError ();

# Check the forced password

$r = $pwdFile->checkPassword ("smedley", "forced");

if (! defined ($r)) {

die "$0: Unexpected error: " . $pwdFile->lastError ();

} elsif (! $r) {

die "$0: checkPassword for smedley did not match";

}

# Fetch encrypted password

print "$0: smedley encrypted password: ",

$pwdFile->getEncryptedPassword ("smedley"), "\n";

# Clobber smedley

$pwdFile->deleteEntry ("smedley") ||

die "$0: Unexpected error: " . $pwdFile->lastError ();

DESCRIPTION

This Perl class implement a lightweight set of functions for

managing users represented in a htaccess/crypt database.

These flat-file databases represent login IDs and encrypted

passwords. These database are typically used by web server

for Basic Authentication.

This library allows addition, deletion, and modification of

users and passwords. This is simple user management, folks.

No additional user attributes are maintained.

Functions

CryptPasswordFile->new ($pwdFileName)

The name of the file containing the loginID:encryptedPwd

data. Create a new CryptPasswordFile object, which

operates on the named password file.

lastError ()

error ()

If an error is returned by one of the routines (i.e. it

returns undef), you can get the text which describes the

problem from lastError() or it's synonym error(). Note

that the text is typically a full line, suitable for

direct output to a user.

19/Mar/01 Last change: perl 5.004, patch 01 2

NCCI Perl Documentation CryptPasswordFile(3)

checkPassword ($loginId, $password)

Determines whether the supplied password is valid for

the given loginId.

Returns 1 on if the password is valid, returns 0 if the

password is not valid, returns undef on other errors,

including if the loginId is not in the passwordfile.

addEntry ($loginId, $initialPassword)

Returns 1 on success, undef on failure.

Add a new user with the given parameters. If the

$loginId user already exists, then fail (return undef).

deleteEntry ($loginId)

Delete all references to the given user.

Return 1 on success, undef on failure.

changePassword ($loginId, $oldPassword, $newPassword)

Find the entry in password file for $loginId.

If it exists and if the old password is correct, then

replace with encryption of newPassword and return 1.

If the old password was not correct, return 0.

Otherwise return undef.

forcePassword ($loginId, [$newPassword])

Find the entry in password file for $loginId. If it

exists, replace the password with the encryption of

$newPassword and return 1. If $newPassword is not

supplied, it defaults to $loginId. Otherwise return

undef.

getEncryptedPassword ($loginId)

Returns the password for a given user, if it exists.

Returns "" if the file is readable, but the given

loginId is not in the file.

Returns undef if there are problems accessing the file.

setEncryptedPassword ($loginId, $newEncryptedPassword)

Find the entry in password file for $loginId. If it

exists, then replace with encryption of newPassword and

return 1, otherwise return undef.

encryptPassword ($pwd, $salt)

Encrypt and return a password using the Unix crypt

algorithm. The first two characters of the optional

salt is used, if supplied. If we get no salt, the first

19/Mar/01 Last change: perl 5.004, patch 01 3

NCCI Perl Documentation CryptPasswordFile(3)

two characters returned by 'uname' are used.

WARNING

None

NOTES

This module has not yet been set up for "installation" in

your local Perl. We currently use a set of conventions for

access to this module, until the install procedures are

developed:

- The source code lives on development and production hosts

in the directory /Volumes/app/cs/csbase/lib.

- By convention, a project maintains perl scripts in

subdirectories of some top-level directory, which we will

call $TOP.

- By convention, projects establish a $TOP/sys directory

which contains a symbolic link from csbase to

/Volummes/app/cs/csbase.

- To get access to the modules, you typically include a

BEGIN of the form:

BEGIN {

...

push (@INC, "../sys/csbase/lib");

}

AUTHOR

Clint Goss <clint@goss.com>, October 1997