helpers/digest_auth/file/digest_file_auth.cc

   1 /*
   2  * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /*
  10  * AUTHOR: Robert Collins.
  11  *
  12  * Based on ncsa_auth.c by Arjan de Vet <Arjan.deVet@adv.iae.nl>
  13  *
  14  * LDAP backend extension by Flavio Pescuma,
  15  * MARA Systems AB <flavio@marasystems.com>
  16  *
  17  * Example digest authentication program for Squid, based on the original
  18  * proxy_auth code from client_side.c, written by
  19  * Jon Thackray <jrmt@uk.gdscorp.com>.
  20  *
  21  * - comment lines are possible and should start with a '#';
  22  * - empty or blank lines are possible;
  23  * - file format is username:password
  24  *
  25  * To build a directory integrated backend, you need to be able to
  26  * calculate the HA1 returned to squid. To avoid storing a plaintext
  27  * password you can calculate MD5(username:realm:password) when the
  28  * user changes their password, and store the tuple username:realm:HA1.
  29  * then find the matching username:realm when squid asks for the
  30  * HA1.
  31  *
  32  * This implementation could be improved by using such a triple for
  33  * the file format.  However storing such a triple does little to
  34  * improve security: If compromised the username:realm:HA1 combination
  35  * is "plaintext equivalent" - for the purposes of digest authentication
  36  * they allow the user access. Password syncronisation is not tackled
  37  * by digest - just preventing on the wire compromise.
  38  *
  39  * Copyright (c) 2003  Robert Collins  <robertc@squid-cache.org>
  40  */
  41
  42 #include "squid.h"
  43 #include "digest_common.h"
  44 #include "helpers/defines.h"
  45 #include "text_backend.h"
  46
  47 static void
  48 GetHHA1(RequestData * requestData)
  49 {
  50     TextHHA1(requestData);
  51 }
  52
  53 static void
  54 ParseBuffer(char *buf, RequestData * requestData)
  55 {
  56     char *p;
  57     requestData->parsed = 0;
  58     if ((p = strchr(buf, '\n')) != NULL)
  59         *p = '\0';      /* strip \n */
  60
  61     p = NULL;
  62     requestData->channelId = strtoll(buf, &p, 10);
  63     if (*p != ' ') // not a channel-ID
  64         requestData->channelId = -1;
  65     else
  66         buf = ++p;
  67
  68     if ((requestData->user = strtok(buf, "\"")) == NULL)
  69         return;
  70     if ((requestData->realm = strtok(NULL, "\"")) == NULL)
  71         return;
  72     if ((requestData->realm = strtok(NULL, "\"")) == NULL)
  73         return;
  74     requestData->parsed = -1;
  75 }
  76
  77 static void
  78 OutputHHA1(RequestData * requestData)
  79 {
  80     requestData->error = 0;
  81     GetHHA1(requestData);
  82     if (requestData->channelId >= 0)
  83         printf("%u ", requestData->channelId);
  84     if (requestData->error) {
  85         SEND_ERR("message=\"No such user\"");
  86         return;
  87     }
  88     printf("OK ha1=\"%s\"\n", requestData->HHA1);
  89 }
  90
  91 static void
  92 DoOneRequest(char *buf)
  93 {
  94     RequestData requestData;
  95     ParseBuffer(buf, &requestData);
  96     if (!requestData.parsed) {
  97         if (requestData.channelId >= 0)
  98             printf("%u ", requestData.channelId);
  99         SEND_BH("message=\"Invalid line received\"");
 100         return;
 101     }
 102     OutputHHA1(&requestData);
 103 }
 104
 105 static void
 106 ProcessArguments(int argc, char **argv)
 107 {
 108     TextArguments(argc, argv);
 109 }
 110
 111 int
 112 main(int argc, char **argv)
 113 {
 114     char buf[HELPER_INPUT_BUFFER];
 115     setbuf(stdout, NULL);
 116     ProcessArguments(argc, argv);
 117     while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL)
 118         DoOneRequest(buf);
 119     return 0;
 120 }
 121