- Added 'max-conn' option to 'cache_peer'
- Added SSL gatewaying support, allowing Squid to act as a SSL server
in accelerator setups.
+ - SASL authentication helper by Ian Castle
- Countless other small things and fixes
Changes to Squid-2.4.STABLE6 (March 19, 2002):
dnl
dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9)
dnl
-dnl $Id: configure.in,v 1.257 2002/01/28 17:49:24 hno Exp $
+dnl $Id: configure.in,v 1.258 2002/03/30 16:42:57 hno Exp $
dnl
dnl
dnl
AC_CONFIG_AUX_DIR(cfgaux)
AM_INIT_AUTOMAKE(squid, 2.6-DEVEL)
AM_CONFIG_HEADER(include/autoconf.h)
-AC_REVISION($Revision: 1.257 $)dnl
+AC_REVISION($Revision: 1.258 $)dnl
AC_PREFIX_DEFAULT(/usr/local/squid)
AM_MAINTAINER_MODE
src/auth/basic/helpers/YP/Makefile \
src/auth/basic/helpers/getpwnam/Makefile \
src/auth/basic/helpers/multi-domain-NTLM/Makefile \
+ src/auth/basic/helpers/SASL/Makefile \
src/auth/digest/Makefile \
src/auth/digest/helpers/Makefile \
src/auth/digest/helpers/password/Makefile \
# Makefile for storage modules in the Squid Object Cache server
#
-# $Id: Makefile.am,v 1.1 2001/08/31 11:19:14 robertc Exp $
+# $Id: Makefile.am,v 1.2 2002/03/30 16:42:58 hno Exp $
#
-DIST_SUBDIRS = getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP
+DIST_SUBDIRS = getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL
SUBDIRS = @BASIC_AUTH_HELPERS@
--- /dev/null
+#
+# Makefile for the Squid SASL authentication helper
+#
+# $Id: Makefile.am,v 1.1 2002/03/30 16:42:58 hno Exp $
+#
+# Uncomment and customize the following to suit your needs:
+#
+
+INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \
+ -I$(top_srcdir)/src/
+
+libexec_PROGRAMS = sasl_auth
+LDADD = -lsasl $(XTRA_LIBS)
--- /dev/null
+This program authenticates users using SASL (specifically the
+cyrus-sasl authentication method).
+
+SASL is configurable (somewhat like PAM). Each service authenticating
+against SASL identifies itself with an application name. Each
+"application" can be configured independently by the SASL administrator.
+
+For this authenticator, the SASL application name is, by default,
+
+ squid_sasl_auth
+
+To configure the authentication method used the file "squid_sasl_auth.conf"
+can be placed in the appropriate location, usually "/usr/lib/sasl".
+
+The authentication database is defined by the "pwcheck_method" parameter.
+Only the "PLAIN" authentication mechanism is used.
+
+Examples:
+
+pwcheck_method:sasldb
+ use sasldb - the default if no conf file is installed.
+pwcheck_method:pam
+ use PAM
+pwcheck_method:passwd
+ use traditional /etc/passwd
+pwcheck_method:shadow
+ use slightly less traditional /etc/shadow
+
+Others methods may be supported by your cyrus-sasl implementation -
+consult your cyrus-sasl documentation for information.
+
+Typically the authentication database (/etc/sasldb, /etc/shadow, pam)
+can not be accessed by a "normal" user. You should use setuid/setgid
+and an appropriate user/group on the executable to allow the
+authenticator to access the appropriate password database. If the
+access to the database is not permitted then the authenticator
+will typically fail with "-1, generic error".
+
+ chown root.mail sasl_auth
+ chmod ug+s sasl_auth
+
+If the application name ("squid_sasl_auth") will also be used for the
+pam service name if pwcheck_method:pam is chosen. And example pam
+configuration file "squid_sasl_auth" is also included.
+
+
+Ian Castle
+ian.castle@coldcomfortfarm.net
+March 2002
--- /dev/null
+/*
+ * $Id: sasl_auth.c,v 1.1 2002/03/30 16:42:59 hno Exp $
+ *
+ * SASL authenticator module for Squid.
+ * Copyright (C) 2002 Ian Castle <ian.castle@coldcomfortfarm.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ *
+ * Install instructions:
+ *
+ * This program authenticates users against using cyrus-sasl
+ *
+ * Compile this program with: gcc -Wall -o sasl_auth sasl_auth.c -lsasl
+ *
+ */
+#include <sasl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define APP_NAME_SASL "squid_sasl_auth"
+
+int
+main()
+{
+ char line[8192];
+ char *username, *password;
+ const char *errstr;
+
+ int rc;
+ sasl_conn_t *conn = NULL;
+
+ rc = sasl_server_init( NULL, APP_NAME_SASL );
+
+ if ( rc != SASL_OK ) {
+ fprintf( stderr, "error %d %s\n", rc, sasl_errstring(rc, NULL, NULL ));
+ fprintf( stdout, "ERR\n" );
+ return 1;
+ }
+
+ rc = sasl_server_new( APP_NAME_SASL, NULL, NULL, NULL, 0, &conn );
+
+ if ( rc != SASL_OK ) {
+ fprintf( stderr, "error %d %s\n", rc, sasl_errstring(rc, NULL, NULL ));
+ fprintf( stdout, "ERR\n" );
+ return 1;
+ }
+
+ while ( fgets( line, sizeof( line ), stdin )) {
+ username = &line[0];
+ password = strchr( line, '\n' );
+ if ( !password) {
+ fprintf( stderr, "authenticator: Unexpected input '%s'\n", line );
+ fprintf( stdout, "ERR\n" );
+ continue;
+ }
+ *password = '\0';
+ password = strchr ( line, ' ' );
+ if ( !password) {
+ fprintf( stderr, "authenticator: Unexpected input '%s'\n", line );
+ fprintf( stdout, "ERR\n" );
+ continue;
+ }
+ *password++ = '\0';
+
+ rc = sasl_checkpass(conn, username, strlen(username), password, strlen(password), &errstr);
+
+ if ( rc != SASL_OK ) {
+ if ( errstr ) {
+ fprintf( stderr, "errstr %s\n", errstr );
+ }
+ if ( rc != SASL_BADAUTH ) {
+ fprintf( stderr, "error %d %s\n", rc, sasl_errstring(rc, NULL, NULL ));
+ }
+ fprintf( stdout, "ERR\n" );
+ }
+ else {
+ fprintf( stdout, "OK\n" );
+ }
+
+ }
+
+ sasl_dispose( &conn );
+ sasl_done();
+
+ return 0;
+}
--- /dev/null
+pwcheck_method:sasldb
projects / thirdparty / squid.git / commitdiff
