]>
Commit | Line | Data |
---|---|---|
89f77e43 | 1 | /* |
77b1029d | 2 | * Copyright (C) 1996-2020 The Squid Software Foundation and contributors |
89f77e43 | 3 | * |
ca02e0ec AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
9 | /* | |
10 | * AUTHOR: Robert Collins. | |
11 | * Based on ncsa_auth.c by Arjan de Vet <Arjan.deVet@adv.iae.nl> | |
89f77e43 | 12 | * LDAP backend extension by Flavio Pescuma, MARA Systems AB <flavio@marasystems.com> |
13 | * | |
14 | * Example digest authentication program for Squid, based on the original | |
15 | * proxy_auth code from client_side.c, written by | |
16 | * Jon Thackray <jrmt@uk.gdscorp.com>. | |
17 | * | |
18 | * - comment lines are possible and should start with a '#'; | |
19 | * - empty or blank lines are possible; | |
20 | * - file format is username:password | |
26ac0430 | 21 | * |
89f77e43 | 22 | * To build a directory integrated backend, you need to be able to |
23 | * calculate the HA1 returned to squid. To avoid storing a plaintext | |
24 | * password you can calculate MD5(username:realm:password) when the | |
25 | * user changes their password, and store the tuple username:realm:HA1. | |
26 | * then find the matching username:realm when squid asks for the | |
27 | * HA1. | |
28 | * | |
29 | * This implementation could be improved by using such a triple for | |
30 | * the file format. However storing such a triple does little to | |
31 | * improve security: If compromised the username:realm:HA1 combination | |
32 | * is "plaintext equivalent" - for the purposes of digest authentication | |
2b61af8e | 33 | * they allow the user access. Password synchronization is not tackled |
89f77e43 | 34 | * by digest - just preventing on the wire compromise. |
35 | * | |
36 | * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org> | |
37 | */ | |
ca02e0ec | 38 | |
f7f3304a | 39 | #include "squid.h" |
d4d7f6dd AJ |
40 | #include "auth/digest/LDAP/digest_common.h" |
41 | #include "auth/digest/LDAP/ldap_backend.h" | |
079b1d0f | 42 | #include "helper/protocol_defines.h" |
56ff4687 | 43 | |
89f77e43 | 44 | #define PROGRAM_NAME "digest_ldap_auth" |
45 | ||
e9505fad | 46 | static void |
89f77e43 | 47 | GetHHA1(RequestData * requestData) |
48 | { | |
49 | LDAPHHA1(requestData); | |
50 | } | |
51 | ||
52 | static void | |
53 | ParseBuffer(char *buf, RequestData * requestData) | |
54 | { | |
55 | char *p; | |
56 | requestData->parsed = 0; | |
57 | if ((p = strchr(buf, '\n')) != NULL) | |
f53969cc | 58 | *p = '\0'; /* strip \n */ |
6cb2818d AJ |
59 | |
60 | p = NULL; | |
61 | requestData->channelId = strtoll(buf, &p, 10); | |
62 | if (*p != ' ') // not a channel-ID | |
63 | requestData->channelId = -1; | |
64 | else | |
65 | buf = ++p; | |
66 | ||
89f77e43 | 67 | if ((requestData->user = strtok(buf, "\"")) == NULL) |
26ac0430 | 68 | return; |
89f77e43 | 69 | if ((requestData->realm = strtok(NULL, "\"")) == NULL) |
26ac0430 | 70 | return; |
89f77e43 | 71 | if ((requestData->realm = strtok(NULL, "\"")) == NULL) |
26ac0430 | 72 | return; |
89f77e43 | 73 | requestData->parsed = -1; |
74 | } | |
75 | ||
76 | static void | |
77 | OutputHHA1(RequestData * requestData) | |
78 | { | |
79 | requestData->error = 0; | |
80 | GetHHA1(requestData); | |
6cb2818d AJ |
81 | if (requestData->channelId >= 0) |
82 | printf("%u ", requestData->channelId); | |
89f77e43 | 83 | if (requestData->error) { |
c69199bb | 84 | SEND_ERR("message=\"No such user\""); |
26ac0430 | 85 | return; |
89f77e43 | 86 | } |
c69199bb | 87 | printf("OK ha1=\"%s\"\n", requestData->HHA1); |
89f77e43 | 88 | } |
89 | ||
90 | static void | |
91 | DoOneRequest(char *buf) | |
92 | { | |
93 | RequestData requestData; | |
94 | ParseBuffer(buf, &requestData); | |
95 | if (!requestData.parsed) { | |
6cb2818d AJ |
96 | if (requestData.channelId >= 0) |
97 | printf("%u ", requestData.channelId); | |
c69199bb | 98 | SEND_BH("message=\"Invalid line received\""); |
26ac0430 | 99 | return; |
89f77e43 | 100 | } |
101 | OutputHHA1(&requestData); | |
102 | } | |
103 | ||
e9505fad | 104 | static void |
89f77e43 | 105 | ProcessArguments(int argc, char **argv) |
106 | { | |
24885773 | 107 | if (int i = LDAPArguments(argc, argv)) |
26ac0430 | 108 | exit(i); |
89f77e43 | 109 | } |
110 | ||
111 | int | |
112 | main(int argc, char **argv) | |
113 | { | |
56ff4687 | 114 | char buf[HELPER_INPUT_BUFFER]; |
89f77e43 | 115 | setbuf(stdout, NULL); |
116 | ProcessArguments(argc, argv); | |
56ff4687 | 117 | while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) |
26ac0430 | 118 | DoOneRequest(buf); |
24885773 | 119 | return EXIT_SUCCESS; |
89f77e43 | 120 | } |
f53969cc | 121 |