helpers/digest_auth/LDAP/digest_pw_auth.cc

   1 /*
   2  * digest_pw_auth.c
   3  *
   4  * AUTHOR: Robert Collins. Based on ncsa_auth.c by Arjan de Vet
   5  * <Arjan.deVet@adv.iae.nl>
   6  * LDAP backend extension by Flavio Pescuma, MARA Systems AB <flavio@marasystems.com>
   7  *
   8  * Example digest authentication program for Squid, based on the original
   9  * proxy_auth code from client_side.c, written by
  10  * Jon Thackray <jrmt@uk.gdscorp.com>.
  11  *
  12  * - comment lines are possible and should start with a '#';
  13  * - empty or blank lines are possible;
  14  * - file format is username:password
  15  *
  16  * To build a directory integrated backend, you need to be able to
  17  * calculate the HA1 returned to squid. To avoid storing a plaintext
  18  * password you can calculate MD5(username:realm:password) when the
  19  * user changes their password, and store the tuple username:realm:HA1.
  20  * then find the matching username:realm when squid asks for the
  21  * HA1.
  22  *
  23  * This implementation could be improved by using such a triple for
  24  * the file format.  However storing such a triple does little to
  25  * improve security: If compromised the username:realm:HA1 combination
  26  * is "plaintext equivalent" - for the purposes of digest authentication
  27  * they allow the user access. Password syncronisation is not tackled
  28  * by digest - just preventing on the wire compromise.
  29  *
  30  * Copyright (c) 2003  Robert Collins  <robertc@squid-cache.org>
  31  */
  32 #include "squid.h"
  33 #include "digest_common.h"
  34 #include "helpers/defines.h"
  35 #include "ldap_backend.h"
  36
  37 #define PROGRAM_NAME "digest_ldap_auth"
  38
  39
  40 static void
  41 GetHHA1(RequestData * requestData)
  42 {
  43     LDAPHHA1(requestData);
  44 }
  45
  46 static void
  47 ParseBuffer(char *buf, RequestData * requestData)
  48 {
  49     char *p;
  50     requestData->parsed = 0;
  51     if ((p = strchr(buf, '\n')) != NULL)
  52         *p = '\0';              /* strip \n */
  53     if ((requestData->user = strtok(buf, "\"")) == NULL)
  54         return;
  55     if ((requestData->realm = strtok(NULL, "\"")) == NULL)
  56         return;
  57     if ((requestData->realm = strtok(NULL, "\"")) == NULL)
  58         return;
  59     requestData->parsed = -1;
  60 }
  61
  62 static void
  63 OutputHHA1(RequestData * requestData)
  64 {
  65     requestData->error = 0;
  66     GetHHA1(requestData);
  67     if (requestData->error) {
  68         SEND_ERR("No such user");
  69         return;
  70     }
  71     printf("%s\n", requestData->HHA1);
  72 }
  73
  74 static void
  75 DoOneRequest(char *buf)
  76 {
  77     RequestData requestData;
  78     ParseBuffer(buf, &requestData);
  79     if (!requestData.parsed) {
  80         SEND_ERR("");
  81         return;
  82     }
  83     OutputHHA1(&requestData);
  84 }
  85
  86 static void
  87 ProcessArguments(int argc, char **argv)
  88 {
  89     int i;
  90     i = LDAPArguments(argc, argv);
  91     if (i)
  92         exit(i);
  93 }
  94
  95 int
  96 main(int argc, char **argv)
  97 {
  98     char buf[HELPER_INPUT_BUFFER];
  99     setbuf(stdout, NULL);
 100     ProcessArguments(argc, argv);
 101     while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL)
 102         DoOneRequest(buf);
 103     exit(0);
 104 }