Richard Hector wrote:
Hi all, I want my users to be able to change their http basic auth passwords (currently in /etc/apache/ok_users/<category> - but open to suggestions). Ideally this would be via the web site itself, but I'm struggling to see how to make suEXEC do what I want, especially while trying to learn the CGI and Apache::Htpasswd modules at the same time. It seems to require my script to be either in the main document tree or in a UserDir, neither of which seems ideal - especially since I only want this script usable on one vhost (on my internal LAN) and my UserDirs are accessible from all. Have I missed something here? Alternatively, I don't mind if they have to use a shell on the webserver. I'd prefer an existing solution if it's available, but I haven't found anything yet - writing suid stuff still scares me a bit :-) Any suggestions?
A server that I have an account on lets you change your web password with the following setuid root c program:
#define PASSWD_FN "/etc/apache/something.passwd"
#define HTPASSWD_BIN "/usr/bin/htpasswd"
#include <pwd.h>
#include <sys/types.h>
#include <unistd.h>
int main(int argc, char **argv)
{
struct passwd *pwd_ent;
pwd_ent = getpwuid(getuid());
execl(HTPASSWD_BIN, HTPASSWD_BIN, PASSWD_FN, pwd_ent->pw_name, 0);
}
I have no idea how well vetted it is[this same server is a potato server
that has never been patched for the ptrace vulnerability]. There is
only one login/password for the entire site[stored in
/etc/apache/something.passwd], but you may be able to adapt it[it is
fairly simple code...].
Attachment:
pgpevuhNnrCWy.pgp
Description: PGP signature