]>
Commit | Line | Data |
---|---|---|
2d70df72 | 1 | /* |
54e8823b | 2 | * digest_file_auth.cc |
2d70df72 | 3 | * |
c152a447 AJ |
4 | * AUTHOR: Robert Collins. |
5 | * | |
6 | * Based on ncsa_auth.c by Arjan de Vet <Arjan.deVet@adv.iae.nl> | |
68d57793 | 7 | * |
c152a447 AJ |
8 | * LDAP backend extension by Flavio Pescuma, |
9 | * MARA Systems AB <flavio@marasystems.com> | |
2d70df72 | 10 | * |
11 | * Example digest authentication program for Squid, based on the original | |
12 | * proxy_auth code from client_side.c, written by | |
13 | * Jon Thackray <jrmt@uk.gdscorp.com>. | |
14 | * | |
15 | * - comment lines are possible and should start with a '#'; | |
16 | * - empty or blank lines are possible; | |
17 | * - file format is username:password | |
26ac0430 | 18 | * |
548adcc8 | 19 | * To build a directory integrated backend, you need to be able to |
2d70df72 | 20 | * calculate the HA1 returned to squid. To avoid storing a plaintext |
548adcc8 | 21 | * password you can calculate MD5(username:realm:password) when the |
22 | * user changes their password, and store the tuple username:realm:HA1. | |
23 | * then find the matching username:realm when squid asks for the | |
24 | * HA1. | |
2d70df72 | 25 | * |
548adcc8 | 26 | * This implementation could be improved by using such a triple for |
27 | * the file format. However storing such a triple does little to | |
28 | * improve security: If compromised the username:realm:HA1 combination | |
29 | * is "plaintext equivalent" - for the purposes of digest authentication | |
30 | * they allow the user access. Password syncronisation is not tackled | |
31 | * by digest - just preventing on the wire compromise. | |
2d70df72 | 32 | * |
0ff1980a | 33 | * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org> |
2d70df72 | 34 | */ |
35 | ||
f7f3304a | 36 | #include "squid.h" |
0ff1980a | 37 | #include "digest_common.h" |
c152a447 | 38 | #include "helpers/defines.h" |
b9e9de8a | 39 | #include "text_backend.h" |
54e8823b AJ |
40 | |
41 | #define PROGRAM_NAME "digest_file_auth" | |
ca6965d0 | 42 | |
e9505fad | 43 | static void |
ca6965d0 | 44 | GetHHA1(RequestData * requestData) |
45 | { | |
b9e9de8a | 46 | TextHHA1(requestData); |
ca6965d0 | 47 | } |
2d70df72 | 48 | |
49 | static void | |
ca6965d0 | 50 | ParseBuffer(char *buf, RequestData * requestData) |
2d70df72 | 51 | { |
0ff1980a | 52 | char *p; |
53 | requestData->parsed = 0; | |
54 | if ((p = strchr(buf, '\n')) != NULL) | |
26ac0430 | 55 | *p = '\0'; /* strip \n */ |
0ff1980a | 56 | if ((requestData->user = strtok(buf, "\"")) == NULL) |
26ac0430 | 57 | return; |
0ff1980a | 58 | if ((requestData->realm = strtok(NULL, "\"")) == NULL) |
26ac0430 | 59 | return; |
0ff1980a | 60 | if ((requestData->realm = strtok(NULL, "\"")) == NULL) |
26ac0430 | 61 | return; |
0ff1980a | 62 | requestData->parsed = -1; |
2d70df72 | 63 | } |
64 | ||
65 | static void | |
ca6965d0 | 66 | OutputHHA1(RequestData * requestData) |
2d70df72 | 67 | { |
0ff1980a | 68 | requestData->error = 0; |
69 | GetHHA1(requestData); | |
ca6965d0 | 70 | if (requestData->error) { |
c152a447 | 71 | SEND_ERR("No such user"); |
26ac0430 | 72 | return; |
2d70df72 | 73 | } |
0ff1980a | 74 | printf("%s\n", requestData->HHA1); |
75 | } | |
76 | ||
77 | static void | |
78 | DoOneRequest(char *buf) | |
79 | { | |
80 | RequestData requestData; | |
ca6965d0 | 81 | ParseBuffer(buf, &requestData); |
0ff1980a | 82 | if (!requestData.parsed) { |
c152a447 | 83 | SEND_ERR(""); |
26ac0430 | 84 | return; |
2d70df72 | 85 | } |
0ff1980a | 86 | OutputHHA1(&requestData); |
2d70df72 | 87 | } |
88 | ||
e9505fad | 89 | static void |
ca6965d0 | 90 | ProcessArguments(int argc, char **argv) |
91 | { | |
7ed0602b | 92 | TextArguments(argc, argv); |
ca6965d0 | 93 | } |
94 | ||
2d70df72 | 95 | int |
96 | main(int argc, char **argv) | |
97 | { | |
c152a447 | 98 | char buf[HELPER_INPUT_BUFFER]; |
2d70df72 | 99 | setbuf(stdout, NULL); |
ca6965d0 | 100 | ProcessArguments(argc, argv); |
c152a447 | 101 | while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) |
26ac0430 | 102 | DoOneRequest(buf); |
54e8823b | 103 | return 0; |
2d70df72 | 104 | } |