]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/auth/basic/DB/basic_db_auth.pl.in
11 basic_db_auth - Database auth helper for Squid
15 basic_db_auth [options]
19 This program verifies username & password to a database
27 Write debug info to stderr.
31 Database DSN. Default "DBI:mysql:database=squid"
43 Database table. Default "passwd".
47 Username column. Default "user".
51 Password column. Default "password".
55 Condition, defaults to enabled=1. Specify 1 or "" for no condition
56 If you use --joomla flag, this condition will be changed to block=0
60 Database contains plain-text passwords
64 Database contains unsalted MD5 passwords
68 Database contains unsalted SHA1 passwords
72 Selects the correct salt to evaluate passwords
76 Keep a persistent database connection open between queries.
80 Tells helper that user database is Joomla DB. So their unusual salt
81 hashing is understood.
87 This program was written by
88 I<Henrik Nordstrom <henrik@henriknordstrom.net>> and
89 I<Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>>
91 This manual was written by I<Henrik Nordstrom <henrik@henriknordstrom.net>>
95 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
97 * Squid software is distributed under GPLv2+ license and includes
98 * contributions from numerous individuals and organizations.
99 * Please see the COPYING and CONTRIBUTORS files for details.
101 Copyright (C) 2007 Henrik Nordstrom <henrik@henriknordstrom.net>
102 Copyright (C) 2010 Luis Daniel Lucio Quiroz <dlucio@okay.com.mx> (Joomla support)
103 This program is free software. You may redistribute copies of it under the
104 terms of the GNU General Public License version 2, or (at your opinion) any
109 Questions on the usage of this program can be sent to the I<Squid Users mailing list <squid-users@lists.squid-cache.org>>
111 =head1 REPORTING BUGS
113 Bug reports need to be made in English.
114 See https://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
116 Report bugs or bug fixes using https://bugs.squid-cache.org/
118 Report serious security bugs to I<Squid Bugs <squid-bugs@lists.squid-cache.org>>
120 Report ideas for new improvements to the I<Squid Developers mailing list <squid-dev@lists.squid-cache.org>>
126 The Squid FAQ wiki https://wiki.squid-cache.org/SquidFaq
128 The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
133 use Digest
::MD5
qw(md5 md5_hex md5_base64);
134 use Digest
::SHA
qw(sha1 sha1_hex sha1_base64);
136 my $dsn = "DBI:mysql:database=squid";
138 my $db_passwd = undef;
139 my $db_table = "passwd";
140 my $db_usercol = "user";
141 my $db_passwdcol = "password";
142 my $db_cond = "enabled = 1";
149 my $hashsalt = undef;
153 'user=s' => \
$db_user,
154 'password=s' => \
$db_passwd,
155 'table=s' => \
$db_table,
156 'usercol=s' => \
$db_usercol,
157 'passwdcol=s' => \
$db_passwdcol,
158 'cond=s' => \
$db_cond,
159 'plaintext' => \
$plaintext,
162 'persist' => \
$persist,
163 'joomla' => \
$isjoomla,
165 'salt=s' => \
$hashsalt,
169 $db_cond = "block = 0" if $isjoomla;
173 return if !defined($_dbh);
181 return $_sth if defined $_sth;
182 $_dbh = DBI
->connect($dsn, $db_user, $db_passwd);
183 if (!defined $_dbh) {
184 warn ("Could not connect to $dsn\n");
185 my @driver_names = DBI
->available_drivers();
186 my $msg = "DSN drivers apparently installed, available:\n";
187 foreach my $dn (@driver_names) {
194 $sql_query = "SELECT $db_passwdcol FROM $db_table WHERE $db_usercol = ?" . ($db_cond ne "" ?
" AND $db_cond" : "");
195 $_sth = $_dbh->prepare($sql_query) || die;
199 sub check_password
($$)
201 my ($password, $key) = @_;
206 ($key2,$salt) = split (/:/, $key);
207 return 1 if md5_hex
($password.$salt).':'.$salt eq $key;
210 return 1 if defined $hashsalt && crypt($password, $hashsalt) eq $key;
211 return 1 if crypt($password, $key) eq $key;
212 return 1 if $md5 && md5_hex
($password) eq $key;
213 return 1 if $sha1 && sha1_hex
($password) eq $key;
214 return 1 if $plaintext && $password eq $key;
222 my ($sth) = open_db
() || return undef;
223 if (!$sth->execute($user)) {
225 open_db
() || return undef;
226 $sth->execute($user) || return undef;;
234 my ($user, $password) = split;
236 $user =~ s/%(..)/pack("H*", $1)/ge;
237 $password =~ s/%(..)/pack("H*", $1)/ge;
239 $status = "ERR database error";
240 my $sth = query_db
($user) || next;
241 $status = "ERR unknown login";
242 my $row = $sth->fetchrow_arrayref() || next;
243 $status = "ERR login failure";
244 next if (!check_password
($password, @
$row[0]));
247 close_db
() if (!$persist);
248 print $status . "\n";