helpers/basic_auth/SMB/Makefile \
helpers/basic_auth/SSPI/Makefile \
helpers/digest_auth/Makefile \
- helpers/digest_auth/password/Makefile \
- helpers/digest_auth/ldap/Makefile \
helpers/digest_auth/eDirectory/Makefile \
+ helpers/digest_auth/file/Makefile \
+ helpers/digest_auth/ldap/Makefile \
helpers/ntlm_auth/Makefile \
helpers/ntlm_auth/fakeauth/Makefile \
helpers/ntlm_auth/no_check/Makefile \
<sect2>Digest Authentication protocol helpers
<p><itemize>
- <item>(none yet converted)
+ <item>digest_pw_auth - digest_file_auth - Authenticate against credentials stored in a simple text file.
</itemize>
<sect2>External ACL helpers
-# Makefile for digest auth helpers in the Squid Object Cache server
-#
-# $Id$
-#
+## Alphabetical list of sub-directories to distribute with Squid:
+DIST_SUBDIRS= \
+ eDirectory \
+ file \
+ ldap
-DIST_SUBDIRS = password ldap eDirectory
-SUBDIRS = $(DIGEST_AUTH_HELPERS)
+SUBDIRS= $(DIGEST_AUTH_HELPERS)
--- /dev/null
+include $(top_srcdir)/src/Common.am
+
+## we need our local files too (but avoid -I. at all costs)
+INCLUDES += -I$(srcdir)
+
+man_MANS = digest_file_auth.8
+libexec_PROGRAMS = digest_file_auth
+digest_file_auth_SOURCES = digest_file_auth.cc \
+ digest_common.h \
+ text_backend.cc \
+ text_backend.h
+
+LDADD = \
+ $(COMPAT_LIB) \
+ $(CRYPTLIB) \
+ $(SSLLIB) \
+ $(XTRA_LIBS)
+
+EXTRA_DIST = digest_file_auth.8 config.test
#define _SQUID_DIGEST_COMMON_H_
#include "config.h"
+#include "hash.h"
+#include "rfc2617.h"
+#include "util.h"
+
#if HAVE_STDIO_H
#include <stdio.h>
#endif
-#if HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#if HAVE_STRING_H
#include <string.h>
#endif
-#if HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#include <crypt.h>
#endif
-#include "util.h"
-#include "hash.h"
-#include "rfc2617.h"
-
typedef struct _request_data {
char *user;
char *realm;
--- /dev/null
+.if !'po4a'hide' .TH digest_file_auth 8
+.
+.SN NAME
+.if !'po4a'hide' .B digest_file_auth
+.if !'po4a'hide' \-
+File based digest authentication helper for Squid.
+..PP
+Version 1.0
+.
+.SH SYNOPSIS
+.if !'po4a'hide' .B digest_file_auth
+.if !'po4a'hide' .B [\-c]
+file
+.
+.SH DESCRIPTION
+.B digest_file_auth
+is an installed binary authentication program for Squid. It handles digest
+authentication protocol and authenticates against a text file backend.
+.
+.SH OPTIONS
+.if !'po4a'hide' .TP 12
+.if !'po4a'hide' .B \-c
+Accept digest hashed passwords rather than plaintext in the password file
+.
+.SH CONFIGURATION
+.PP
+Username database file format:
+.TP 6
+- comment lines are possible and should start with a '#';
+.
+.TP
+- empty or blank lines are possible;
+.
+.TP
+- plaintext entry format is username:password
+.
+.TP
+- HA1 entry format is username:realm:HA1
+.
+.PP
+To build a directory integrated backend, you need to be able to
+calculate the HA1 returned to squid. To avoid storing a plaintext
+password you can calculate
+.B MD5(username:realm:password)
+when the user changes their password, and store the tuple
+.B username:realm:HA1.
+then find the matching
+.B username:realm
+when squid asks for the HA1.
+.PP
+This implementation could be improved by using such a triple for
+the file format. However storing such a triple does little to
+improve security: If compromised the
+.B username:realm:HA1
+combination is "plaintext equivalent" - for the purposes of digest authentication
+they allow the user access. Password syncronisation is not tackled
+by digest - just preventing on the wire compromise.
+.
+.SH AUTHOR
+This program was written by
+.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
+.PP
+Based on prior work by
+.if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl>
+.if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com>
+.PP
+This manual was written by
+.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
+.if !'po4a'hide' .I Amos Jeffries <squid3@treenet.co.nz>
+.
+.SH COPYRIGHT
+This program and documentation is copyright to the authors named above.
+.PP
+Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
+.
+.SH QUESTIONS
+Questions on the usage of this program can be sent to the
+.I Squid Users mailing list
+.if !'po4a'hide' <squid-users@squid-cache.org>
+.
+.SH REPORTING BUGS
+Bug reports need to be made in English.
+See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
+.PP
+Report bugs or bug fixes using http://bugs.squid-cache.org/
+.PP
+Report serious security bugs to
+.I Squid Bugs <squid-bugs@squid-cache.org>
+.PP
+Report ideas for new improvements to the
+.I Squid Developers mailing list
+.if !'po4a'hide' <squid-dev@squid-cache.org>
+.
+.SH SEE ALSO
+.if !'po4a'hide' .BR squid "(8) "
+.br
+The Squid FAQ wiki
+.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
+.br
+The Squid Configuration Manual
+.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
/*
- * digest_pw_auth.c
+ * digest_file_auth.cc
*
* AUTHOR: Robert Collins. Based on ncsa_auth.c by Arjan de Vet
* <Arjan.deVet@adv.iae.nl>
* Copyright (c) 2003 Robert Collins <robertc@squid-cache.org>
*/
+#include "config.h"
#include "digest_common.h"
#include "text_backend.h"
-#define PROGRAM_NAME "digest_pw_auth"
+
+#define PROGRAM_NAME "digest_file_auth"
static void
GetHHA1(RequestData * requestData)
ProcessArguments(argc, argv);
while (fgets(buf, 256, stdin) != NULL)
DoOneRequest(buf);
- exit(0);
+ return 0;
}
static void
my_free(void *p)
{
- user_data *u = p;
+ user_data *u = static_cast<user_data*>(p);
xfree(u->hash.key);
xfree(u->passwd);
xfree(u);
/* initial setup */
hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
if (NULL == hash) {
- fprintf(stderr, "digest_pw_auth: cannot create hash table\n");
+ fprintf(stderr, "digest_file_auth: cannot create hash table\n");
exit(1);
}
f = fopen(passwordFile, "r");
/* We cannot accept plaintext passwords when using HA1 encoding,
* as the passwords may be output to cache.log if debugging is on.
*/
- fprintf(stderr, "digest_pw_auth: ignoring invalid password for %s\n", user);
+ fprintf(stderr, "digest_file_auth: ignoring invalid password for %s\n", user);
continue;
}
- u = xcalloc(1, sizeof(*u));
+ u = static_cast<user_data*>(xcalloc(1, sizeof(*u)));
if (realm) {
int len = strlen(user) + strlen(realm) + 2;
u->hash.key = malloc(len);
- snprintf(u->hash.key, len, "%s:%s", user, realm);
+ snprintf(static_cast<char*>(u->hash.key), len, "%s:%s", user, realm);
} else {
u->hash.key = xstrdup(user);
}
passwdfile = argv[2];
}
if (!passwdfile) {
- fprintf(stderr, "Usage: digest_
pw_auth [OPTIONS] <passwordfile>\n");
+ fprintf(stderr, "Usage: digest_
file_auth [OPTIONS] <passwordfile>\n");
fprintf(stderr, " -c accept digest hashed passwords rather than plaintext in passwordfile\n");
exit(1);
}
if (!hash)
return NULL;
len = snprintf(buf, sizeof(buf), "%s:%s", requestData->user, requestData->realm);
- if (len >= sizeof(buf))
+ if (len >= static_cast<int>(sizeof(buf)))
return NULL;
- u = (user_data *) hash_lookup(hash, buf);
+ u = (user_data*)hash_lookup(hash, buf);
if (u)
return u;
- u = (user_data *) hash_lookup(hash, requestData->user);
+ u = (user_data*)hash_lookup(hash, requestData->user);
return u;
}
+++ /dev/null
-#
-# Makefile for the Squid Object Cache server
-#
-# $Id$
-#
-# Uncomment and customize the following to suit your needs:
-#
-
-include $(top_srcdir)/src/Common.am
-
-## we need our local files too (but avoid -I. at all costs)
-INCLUDES += -I$(srcdir)
-
-
-libexec_PROGRAMS = digest_pw_auth
-digest_pw_auth_SOURCES = digest_pw_auth.c \
- digest_common.h \
- text_backend.c \
- text_backend.h
-
-LDADD = \
- $(top_builddir)/compat/libcompat.la \
- -L$(top_builddir)/lib -lmiscutil \
- $(CRYPTLIB) \
- $(XTRA_LIBS) \
- $(SSLLIB)
-
-EXTRA_DIST = config.test
projects / thirdparty / squid.git / commitdiff
