Database auth helper using Perl DBI

diff --git a/configure.in b/configure.in
index 85a6ba37759f9ca2c7463dea5190d255d3170e7f..71d5d6f1876bf1951ed7bc7846a29d06bab590f4 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -1,7 +1,7 @@
 
 dnl  Configuration input file for Squid
 dnl
-dnl  $Id: configure.in,v 1.455 2007/05/20 04:22:43 adrian Exp $
+dnl  $Id: configure.in,v 1.456 2007/06/02 23:46:00 hno Exp $
 dnl
 dnl
 dnl
@@ -11,7 +11,7 @@ AM_CONFIG_HEADER(include/autoconf.h)
 AC_CONFIG_AUX_DIR(cfgaux)
 AC_CONFIG_SRCDIR([src/main.cc])
 AM_INIT_AUTOMAKE([tar-ustar])
-AC_REVISION($Revision: 1.455 $)dnl
+AC_REVISION($Revision: 1.456 $)dnl
 AC_PREFIX_DEFAULT(/usr/local/squid)
 AM_MAINTAINER_MODE
 
@@ -3291,6 +3291,7 @@ AC_CONFIG_FILES([\
        helpers/basic_auth/multi-domain-NTLM/Makefile \
        helpers/basic_auth/SASL/Makefile \
        helpers/basic_auth/POP3/Makefile \
+       helpers/basic_auth/DB/Makefile \
        helpers/digest_auth/Makefile \
        helpers/digest_auth/password/Makefile \
        helpers/digest_auth/ldap/Makefile \

diff --git a/helpers/basic_auth/DB/Makefile.am b/helpers/basic_auth/DB/Makefile.am
new file mode 100644 (file)
index 0000000..209426a
--- /dev/null
+++ b/helpers/basic_auth/DB/Makefile.am
@@ -0,0 +1,14 @@
+#
+#  Makefile for the Squid Object Cache server
+#
+#  $Id: Makefile.am,v 1.1 2007/06/02 23:46:00 hno Exp $
+#
+#  Uncomment and customize the following to suit your needs:
+#
+
+libexec_SCRIPTS        = \
+       db_auth.pl
+
+EXTRA_DIST = \
+       db_auth.pl \
+       passwd.sql

diff --git a/helpers/basic_auth/DB/passwd.sql b/helpers/basic_auth/DB/passwd.sql
new file mode 100644 (file)
index 0000000..c9528c6
--- /dev/null
+++ b/helpers/basic_auth/DB/passwd.sql
@@ -0,0 +1,8 @@
+CREATE TABLE `passwd` (
+  `user` varchar(32) NOT NULL default '',
+  `password` varchar(35) NOT NULL default '',
+  `enabled` tinyint(1) NOT NULL default '1',
+  `fullname` varchar(60) default NULL,
+  `comment` varchar(60) default NULL,
+  PRIMARY KEY  (`user`)
+);

diff --git a/helpers/basic_auth/DB/squid_db_auth.in b/helpers/basic_auth/DB/squid_db_auth.in
new file mode 100755 (executable)
index 0000000..e481c9b
--- /dev/null
+++ b/helpers/basic_auth/DB/squid_db_auth.in
@@ -0,0 +1,125 @@
+#!/usr/bin/perl
+use strict;
+use DBI;
+use Getopt::Long;
+use Pod::Usage;
+
+=pod
+
+=head1 NAME
+
+db_auth.pl - Database auth helper for Squid
+
+=cut
+
+my $dsn = "DBI:mysql:database=squid";
+my $db_user = undef;
+my $db_passwd = undef;
+my $db_table = "passwd";
+my $db_usercol = "user";
+my $db_passwdcol = "password";
+my $db_cond = "enabled = 1";
+my $plaintext = 0;
+
+=pod
+
+=head1 SYNOPSIS
+
+db_auth.pl [options]
+
+=head1 DESCRIPTOIN
+
+This program verifies username & password to a database
+
+=over 8
+
+=item  B<--dsn>
+
+Database DSN. Default "DBI:mysql:database=squid"
+
+=item  B<--user>
+
+Database User
+
+=item  B<--password>
+
+Database password
+
+=item  B<--table>
+
+Database table. Default "passwd".
+
+=item  B<--usercol>
+
+Username column. Default "user".
+
+=item  B<--passwdcol>
+
+Password column. Default "password".
+
+=item  B<--cond>
+
+Condition, defaults to enabled=1. Specify 1 or "" for no condition
+
+=item  B<--plaintext>
+
+Database contains plain-text passwords
+
+=back
+
+=cut
+
+GetOptions(
+       'dsn=s' => \$dsn,
+       'user=s' => \$db_user,
+       'password=s' => \$db_passwd,
+       'table=s' => \$db_table,
+       'usercol=s' => \$db_usercol,
+       'passwdcol=s' => \$db_passwdcol,
+       'cond=s' => \$db_cond,
+       'plaintext' => \$plaintext,
+       );
+
+my $dbh = DBI->connect($dsn, $db_user, $db_passwd) || die ("Could not connect to $dsn\n");
+
+my ($sth) = $dbh->prepare("SELECT $db_passwdcol FROM $db_table WHERE $db_usercol = ?" . ($db_cond ne "" ? " AND $db_cond" : "")) || die;
+
+my $status;
+
+sub check_password($$)
+{
+    my ($password, $key) = @_;
+
+    return 1 if crypt($password, $key) eq $key;
+    
+    return 1 if $plaintext && $password eq $key;
+
+    return 0;
+}
+while (<>) {
+    my ($user, $password) = split;
+    $status = "ERR";
+    $user =~ s/%(..)/pack("H*", $1)/ge;
+    $password =~ s/%(..)/pack("H*", $1)/ge;
+
+    $status = "ERR internal error";
+    $sth->execute($user) || next;
+    $status = "ERR unknown login";
+    my ($row) = $sth->fetchrow_arrayref() || next;
+    $status = "ERR login failure";
+    next if (!check_password($password, @$row[0]));
+    $status = "OK";
+} continue {
+    print $status . "\n";
+}
+
+=pod
+
+=head1 COPYRIGHT
+
+Copyright (C) 2007 Henrik Nordstrom <henrik@henriknordstrom.net>
+This program is free software. You may redistribute copies of it under the
+terms of the GNU General Public License version 2, or (at youropinion) any
+later version.
+
+=cut

diff --git a/helpers/basic_auth/Makefile.am b/helpers/basic_auth/Makefile.am
index b8bd443e9b218568b2efb7b6a8dcffd1f43a15d7..1254d7685e52cb0ea5dc48352f1a38d0ef442ea9 100644 (file)
--- a/helpers/basic_auth/Makefile.am
+++ b/helpers/basic_auth/Makefile.am
@@ -1,7 +1,7 @@
 #  Makefile for storage modules in the Squid Object Cache server
 #
-#  $Id: Makefile.am,v 1.7 2006/12/09 23:28:23 hno Exp $
+#  $Id: Makefile.am,v 1.8 2007/06/02 23:49:23 hno Exp $
 #
 
-DIST_SUBDIRS   = getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi POP3
+DIST_SUBDIRS   = getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi POP3 DB
 SUBDIRS                = @BASIC_AUTH_HELPERS@