]>
git.ipfire.org Git - thirdparty/squid.git/blob - helpers/digest_auth/LDAP/digest_pw_auth.cc
4 * AUTHOR: Robert Collins. Based on ncsa_auth.c by Arjan de Vet
5 * <Arjan.deVet@adv.iae.nl>
6 * LDAP backend extension by Flavio Pescuma, MARA Systems AB <flavio@marasystems.com>
8 * Example digest authentication program for Squid, based on the original
9 * proxy_auth code from client_side.c, written by
10 * Jon Thackray <jrmt@uk.gdscorp.com>.
12 * - comment lines are possible and should start with a '#';
13 * - empty or blank lines are possible;
14 * - file format is username:password
16 * To build a directory integrated backend, you need to be able to
17 * calculate the HA1 returned to squid. To avoid storing a plaintext
18 * password you can calculate MD5(username:realm:password) when the
19 * user changes their password, and store the tuple username:realm:HA1.
20 * then find the matching username:realm when squid asks for the
23 * This implementation could be improved by using such a triple for
24 * the file format. However storing such a triple does little to
25 * improve security: If compromised the username:realm:HA1 combination
26 * is "plaintext equivalent" - for the purposes of digest authentication
27 * they allow the user access. Password syncronisation is not tackled
28 * by digest - just preventing on the wire compromise.
30 * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org>
33 #include "digest_common.h"
34 #include "helpers/defines.h"
35 #include "ldap_backend.h"
37 #define PROGRAM_NAME "digest_ldap_auth"
41 GetHHA1(RequestData
* requestData
)
43 LDAPHHA1(requestData
);
47 ParseBuffer(char *buf
, RequestData
* requestData
)
50 requestData
->parsed
= 0;
51 if ((p
= strchr(buf
, '\n')) != NULL
)
52 *p
= '\0'; /* strip \n */
53 if ((requestData
->user
= strtok(buf
, "\"")) == NULL
)
55 if ((requestData
->realm
= strtok(NULL
, "\"")) == NULL
)
57 if ((requestData
->realm
= strtok(NULL
, "\"")) == NULL
)
59 requestData
->parsed
= -1;
63 OutputHHA1(RequestData
* requestData
)
65 requestData
->error
= 0;
67 if (requestData
->error
) {
68 SEND_ERR("No such user");
71 printf("%s\n", requestData
->HHA1
);
75 DoOneRequest(char *buf
)
77 RequestData requestData
;
78 ParseBuffer(buf
, &requestData
);
79 if (!requestData
.parsed
) {
83 OutputHHA1(&requestData
);
87 ProcessArguments(int argc
, char **argv
)
90 i
= LDAPArguments(argc
, argv
);
96 main(int argc
, char **argv
)
98 char buf
[HELPER_INPUT_BUFFER
];
100 ProcessArguments(argc
, argv
);
101 while (fgets(buf
, HELPER_INPUT_BUFFER
, stdin
) != NULL
)