helpers/basic_auth/DB/squid_db_auth.in

   1 #!@PERL@
   2 use strict;
   3 use DBI;
   4 use Getopt::Long;
   5 use Pod::Usage;
   6 $|=1;
   7
   8 =pod
   9
  10 =head1 NAME
  11
  12 db_auth.pl - Database auth helper for Squid
  13
  14 =cut
  15
  16 my $dsn = "DBI:mysql:database=squid";
  17 my $db_user = undef;
  18 my $db_passwd = undef;
  19 my $db_table = "passwd";
  20 my $db_usercol = "user";
  21 my $db_passwdcol = "password";
  22 my $db_cond = "enabled = 1";
  23 my $plaintext = 0;
  24 my $persist = 0;
  25
  26 =pod
  27
  28 =head1 SYNOPSIS
  29
  30 db_auth.pl [options]
  31
  32 =head1 DESCRIPTOIN
  33
  34 This program verifies username & password to a database
  35
  36 =over 8
  37
  38 =item   B<--dsn>
  39
  40 Database DSN. Default "DBI:mysql:database=squid"
  41
  42 =item   B<--user>
  43
  44 Database User
  45
  46 =item   B<--password>
  47
  48 Database password
  49
  50 =item   B<--table>
  51
  52 Database table. Default "passwd".
  53
  54 =item   B<--usercol>
  55
  56 Username column. Default "user".
  57
  58 =item   B<--passwdcol>
  59
  60 Password column. Default "password".
  61
  62 =item   B<--cond>
  63
  64 Condition, defaults to enabled=1. Specify 1 or "" for no condition
  65
  66 =item   B<--plaintext>
  67
  68 Database contains plain-text passwords
  69
  70 =item   B<--persist>
  71
  72 Keep a persistent database connection open between queries.
  73
  74 =back
  75
  76 =cut
  77
  78 GetOptions(
  79         'dsn=s' => \$dsn,
  80         'user=s' => \$db_user,
  81         'password=s' => \$db_passwd,
  82         'table=s' => \$db_table,
  83         'usercol=s' => \$db_usercol,
  84         'passwdcol=s' => \$db_passwdcol,
  85         'cond=s' => \$db_cond,
  86         'plaintext' => \$plaintext,
  87         'persist' => \$persist,
  88         );
  89
  90 my ($_dbh, $_sth);
  91
  92 sub close_db()
  93 {
  94     return if !defined($_dbh);
  95     $_dbh->disconnect();
  96     undef $_dbh;
  97     undef $_sth;
  98 }
  99
 100 sub open_db()
 101 {
 102     return $_sth if defined $_sth;
 103     $_dbh = DBI->connect($dsn, $db_user, $db_passwd);
 104     if (!defined $_dbh) {
 105         warn ("Could not connect to $dsn\n");
 106         return undef;
 107     }
 108     $_sth = $_dbh->prepare("SELECT $db_passwdcol FROM $db_table WHERE $db_usercol = ?" . ($db_cond ne "" ? " AND $db_cond" : "")) || die;
 109     return $_sth;
 110 }
 111
 112 sub check_password($$)
 113 {
 114     my ($password, $key) = @_;
 115
 116     return 1 if crypt($password, $key) eq $key;
 117
 118     return 1 if $plaintext && $password eq $key;
 119
 120     return 0;
 121 }
 122
 123 sub query_db($) {
 124     my ($user) = @_;
 125     my ($sth) = open_db() || return undef;
 126     if (!$sth->execute($user)) {
 127         close_db();
 128         open_db() || return undef;
 129         $sth->execute($user) || return undef;;
 130     }
 131     return $sth;
 132 }
 133 my $status;
 134
 135 while (<>) {
 136     my ($user, $password) = split;
 137     $status = "ERR";
 138     $user =~ s/%(..)/pack("H*", $1)/ge;
 139     $password =~ s/%(..)/pack("H*", $1)/ge;
 140
 141     $status = "ERR database error";
 142     my $sth = query_db($user) || next;
 143     $status = "ERR unknown login";
 144     my $row = $sth->fetchrow_arrayref() || next;
 145     $status = "ERR login failure";
 146     next if (!check_password($password, @$row[0]));
 147     $status = "OK";
 148 } continue {
 149     close_db() if (!$persist);
 150     print $status . "\n";
 151 }
 152
 153 =pod
 154
 155 =head1 COPYRIGHT
 156
 157 Copyright (C) 2007 Henrik Nordstrom <henrik@henriknordstrom.net>
 158 This program is free software. You may redistribute copies of it under the
 159 terms of the GNU General Public License version 2, or (at youropinion) any
 160 later version.
 161
 162 =cut