From ea4e672527e83ba9585b76322390761291a5e5b9 Mon Sep 17 00:00:00 2001
From: Fredrik Tolf <fredrik@dolda2000.com>
Date: Thu, 13 Feb 2014 04:03:46 +0100
Subject: [PATCH] htextauth: Added a simple authenticator program for example
 purposes.

---
 doc/htextauth.doc      | 10 ++++++++++
 etc/extauth/mkhtpasswd | 37 +++++++++++++++++++++++++++++++++++++
 etc/extauth/vhtpasswd  | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 81 insertions(+)
 create mode 100755 etc/extauth/mkhtpasswd
 create mode 100755 etc/extauth/vhtpasswd

diff --git a/doc/htextauth.doc b/doc/htextauth.doc
index b985492..8c3b6f7 100644
--- a/doc/htextauth.doc
+++ b/doc/htextauth.doc
@@ -78,6 +78,16 @@ the client.
 Note that *htextauth* will wait for the authentication program to exit
 and not process any other requests until then.
 
+FILES
+-----
+The file `etc/extauth/vhtpasswd` in the *ashd* source distribution is
+a simple authenticator program (written in Python) that can be used
+with *htextauth*, which verifies the given credentials against a
+simple database of users with encrypted passwords. It can be used as
+is, or as a simple example of how to produce authenticator
+programs. The accompanying `mkhtpasswd` program can be used to
+maintain the password database.
+
 AUTHOR
 ------
 Fredrik Tolf <fredrik@dolda2000.com>
diff --git a/etc/extauth/mkhtpasswd b/etc/extauth/mkhtpasswd
new file mode 100755
index 0000000..923ab07
--- /dev/null
+++ b/etc/extauth/mkhtpasswd
@@ -0,0 +1,37 @@
+#!/usr/bin/python
+
+import sys, os, termios, hmac, hashlib, getopt, getpass
+
+def usage(out):
+    out.write("usage: mkhtpasswd [-h] FILE USERNAME\n")
+
+opts, args = getopt.getopt(sys.argv[1:], "h")
+for o, a in opts:
+    if o == "-h":
+        usage(sys.stdout)
+        sys.exit(0)
+if len(args) < 2:
+    usage(sys.stderr)
+    sys.exit(1)
+
+def hashpw(usr, pw):
+    dig = hmac.new(pw, digestmod=hashlib.sha1)
+    dig.update(usr)
+    return dig.hexdigest()
+
+if ':' in args[1]:
+    sys.stderr.write("mkhtpasswd: username cannot contain `:'\n")
+    sys.exit(1)
+
+passwds = {}
+if os.path.exists(args[0]):
+    with open(args[0]) as fp:
+        for line in fp:
+            usr, pw = line.strip().split(':')
+            passwds[usr] = pw
+
+passwds[args[1]] = hashpw(args[1], getpass.getpass())
+
+with open(args[0], "w") as fp:
+    for usr, pw in passwds.iteritems():
+        fp.write("%s:%s\n" % (usr, pw))
diff --git a/etc/extauth/vhtpasswd b/etc/extauth/vhtpasswd
new file mode 100755
index 0000000..422206d
--- /dev/null
+++ b/etc/extauth/vhtpasswd
@@ -0,0 +1,34 @@
+#!/usr/bin/python
+
+import sys, hmac, hashlib, getopt
+
+def usage(out):
+    out.write("usage: vhtpasswd [-h] FILE\n")
+
+opts, args = getopt.getopt(sys.argv[1:], "h")
+for o, a in opts:
+    if o == "-h":
+        usage(sys.stdout)
+        sys.exit(0)
+if len(args) < 1:
+    usage(sys.stderr)
+    sys.exit(1)
+
+def hashpw(usr, pw):
+    dig = hmac.new(pw, digestmod=hashlib.sha1)
+    dig.update(usr)
+    return dig.hexdigest()
+
+def findpw(fn, name):
+    with open(fn) as fp:
+        for line in fp:
+            usr, pw = line.strip().split(':')
+            if usr == name:
+                return pw
+    return None
+
+usr = sys.stdin.readline().strip()
+gpw = sys.stdin.readline().strip()
+if findpw(args[0], usr) == hashpw(usr, gpw):
+    sys.exit(0)
+sys.exit(1)
-- 
2.11.0