]>
Commit | Line | Data |
---|---|---|
2d70df72 | 1 | /* |
bf95c10a | 2 | * Copyright (C) 1996-2022 The Squid Software Foundation and contributors |
2d70df72 | 3 | * |
ca02e0ec AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
9 | /* | |
c152a447 AJ |
10 | * AUTHOR: Robert Collins. |
11 | * | |
12 | * Based on ncsa_auth.c by Arjan de Vet <Arjan.deVet@adv.iae.nl> | |
68d57793 | 13 | * |
c152a447 AJ |
14 | * LDAP backend extension by Flavio Pescuma, |
15 | * MARA Systems AB <flavio@marasystems.com> | |
2d70df72 | 16 | * |
17 | * Example digest authentication program for Squid, based on the original | |
18 | * proxy_auth code from client_side.c, written by | |
19 | * Jon Thackray <jrmt@uk.gdscorp.com>. | |
20 | * | |
21 | * - comment lines are possible and should start with a '#'; | |
22 | * - empty or blank lines are possible; | |
23 | * - file format is username:password | |
26ac0430 | 24 | * |
548adcc8 | 25 | * To build a directory integrated backend, you need to be able to |
2d70df72 | 26 | * calculate the HA1 returned to squid. To avoid storing a plaintext |
548adcc8 | 27 | * password you can calculate MD5(username:realm:password) when the |
28 | * user changes their password, and store the tuple username:realm:HA1. | |
29 | * then find the matching username:realm when squid asks for the | |
30 | * HA1. | |
2d70df72 | 31 | * |
548adcc8 | 32 | * This implementation could be improved by using such a triple for |
33 | * the file format. However storing such a triple does little to | |
34 | * improve security: If compromised the username:realm:HA1 combination | |
35 | * is "plaintext equivalent" - for the purposes of digest authentication | |
2b61af8e | 36 | * they allow the user access. Password synchronization is not tackled |
548adcc8 | 37 | * by digest - just preventing on the wire compromise. |
2d70df72 | 38 | * |
0ff1980a | 39 | * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org> |
2d70df72 | 40 | */ |
41 | ||
f7f3304a | 42 | #include "squid.h" |
d4d7f6dd AJ |
43 | #include "auth/digest/file/digest_common.h" |
44 | #include "auth/digest/file/text_backend.h" | |
079b1d0f | 45 | #include "helper/protocol_defines.h" |
54e8823b | 46 | |
e9505fad | 47 | static void |
ca6965d0 | 48 | GetHHA1(RequestData * requestData) |
49 | { | |
b9e9de8a | 50 | TextHHA1(requestData); |
ca6965d0 | 51 | } |
2d70df72 | 52 | |
53 | static void | |
ca6965d0 | 54 | ParseBuffer(char *buf, RequestData * requestData) |
2d70df72 | 55 | { |
0ff1980a | 56 | char *p; |
57 | requestData->parsed = 0; | |
aee3523a | 58 | if ((p = strchr(buf, '\n')) != nullptr) |
f53969cc | 59 | *p = '\0'; /* strip \n */ |
6cb2818d | 60 | |
aee3523a | 61 | p = nullptr; |
6cb2818d AJ |
62 | requestData->channelId = strtoll(buf, &p, 10); |
63 | if (*p != ' ') // not a channel-ID | |
64 | requestData->channelId = -1; | |
65 | else | |
66 | buf = ++p; | |
67 | ||
aee3523a | 68 | if ((requestData->user = strtok(buf, "\"")) == nullptr) |
26ac0430 | 69 | return; |
aee3523a | 70 | if ((requestData->realm = strtok(nullptr, "\"")) == nullptr) |
26ac0430 | 71 | return; |
aee3523a | 72 | if ((requestData->realm = strtok(nullptr, "\"")) == nullptr) |
26ac0430 | 73 | return; |
0ff1980a | 74 | requestData->parsed = -1; |
2d70df72 | 75 | } |
76 | ||
77 | static void | |
ca6965d0 | 78 | OutputHHA1(RequestData * requestData) |
2d70df72 | 79 | { |
0ff1980a | 80 | requestData->error = 0; |
81 | GetHHA1(requestData); | |
6cb2818d AJ |
82 | if (requestData->channelId >= 0) |
83 | printf("%u ", requestData->channelId); | |
ca6965d0 | 84 | if (requestData->error) { |
c69199bb | 85 | SEND_ERR("message=\"No such user\""); |
26ac0430 | 86 | return; |
2d70df72 | 87 | } |
c69199bb | 88 | printf("OK ha1=\"%s\"\n", requestData->HHA1); |
0ff1980a | 89 | } |
90 | ||
91 | static void | |
92 | DoOneRequest(char *buf) | |
93 | { | |
94 | RequestData requestData; | |
ca6965d0 | 95 | ParseBuffer(buf, &requestData); |
0ff1980a | 96 | if (!requestData.parsed) { |
6cb2818d AJ |
97 | if (requestData.channelId >= 0) |
98 | printf("%u ", requestData.channelId); | |
c69199bb | 99 | SEND_BH("message=\"Invalid line received\""); |
26ac0430 | 100 | return; |
2d70df72 | 101 | } |
0ff1980a | 102 | OutputHHA1(&requestData); |
2d70df72 | 103 | } |
104 | ||
e9505fad | 105 | static void |
ca6965d0 | 106 | ProcessArguments(int argc, char **argv) |
107 | { | |
7ed0602b | 108 | TextArguments(argc, argv); |
ca6965d0 | 109 | } |
110 | ||
2d70df72 | 111 | int |
112 | main(int argc, char **argv) | |
113 | { | |
c152a447 | 114 | char buf[HELPER_INPUT_BUFFER]; |
aee3523a | 115 | setbuf(stdout, nullptr); |
ca6965d0 | 116 | ProcessArguments(argc, argv); |
aee3523a | 117 | while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != nullptr) |
26ac0430 | 118 | DoOneRequest(buf); |
24885773 | 119 | return EXIT_SUCCESS; |
2d70df72 | 120 | } |
f53969cc | 121 |