]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/auth/digest/eDirectory/digest_pw_auth.cc
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 * AUTHOR: Robert Collins. Based on ncsa_auth.c by Arjan de Vet
11 * <Arjan.deVet@adv.iae.nl>
12 * LDAP backend extension by Flavio Pescuma, MARA Systems AB <flavio@marasystems.com>
14 * Example digest authentication program for Squid, based on the original
15 * proxy_auth code from client_side.c, written by
16 * Jon Thackray <jrmt@uk.gdscorp.com>.
18 * - comment lines are possible and should start with a '#';
19 * - empty or blank lines are possible;
20 * - file format is username:password
22 * To build a directory integrated backend, you need to be able to
23 * calculate the HA1 returned to squid. To avoid storing a plaintext
24 * password you can calculate MD5(username:realm:password) when the
25 * user changes their password, and store the tuple username:realm:HA1.
26 * then find the matching username:realm when squid asks for the
29 * This implementation could be improved by using such a triple for
30 * the file format. However storing such a triple does little to
31 * improve security: If compromised the username:realm:HA1 combination
32 * is "plaintext equivalent" - for the purposes of digest authentication
33 * they allow the user access. Password synchronization is not tackled
34 * by digest - just preventing on the wire compromise.
36 * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org>
39 #include "auth/digest/eDirectory/digest_common.h"
40 #include "auth/digest/eDirectory/ldap_backend.h"
41 #include "helper/protocol_defines.h"
43 #define PROGRAM_NAME "digest_edirectory_auth"
46 GetHHA1(RequestData
* requestData
)
48 LDAPHHA1(requestData
);
52 ParseBuffer(char *buf
, RequestData
* requestData
)
55 requestData
->parsed
= 0;
56 if ((p
= strchr(buf
, '\n')) != nullptr)
57 *p
= '\0'; /* strip \n */
60 requestData
->channelId
= strtoll(buf
, &p
, 10);
61 if (*p
!= ' ') // not a channel-ID
62 requestData
->channelId
= -1;
66 if ((requestData
->user
= strtok(buf
, "\"")) == nullptr)
68 if ((requestData
->realm
= strtok(nullptr, "\"")) == nullptr)
70 if ((requestData
->realm
= strtok(nullptr, "\"")) == nullptr)
72 requestData
->parsed
= -1;
76 OutputHHA1(RequestData
* requestData
)
78 requestData
->error
= 0;
80 if (requestData
->channelId
>= 0)
81 printf("%u ", requestData
->channelId
);
82 if (requestData
->error
) {
83 SEND_ERR("message=\"No such user\"");
86 printf("OK ha1=\"%s\"\n", requestData
->HHA1
);
90 DoOneRequest(char *buf
)
92 RequestData requestData
;
93 ParseBuffer(buf
, &requestData
);
94 if (!requestData
.parsed
) {
95 if (requestData
.channelId
>= 0)
96 printf("%u ", requestData
.channelId
);
97 SEND_BH("message=\"Invalid line received\"");
100 OutputHHA1(&requestData
);
104 ProcessArguments(int argc
, char **argv
)
106 if (int i
= LDAPArguments(argc
, argv
))
111 main(int argc
, char **argv
)
113 char buf
[HELPER_INPUT_BUFFER
];
114 setbuf(stdout
, nullptr);
115 ProcessArguments(argc
, argv
);
116 while (fgets(buf
, HELPER_INPUT_BUFFER
, stdin
) != nullptr)