From: Amos Jeffries Date: Fri, 30 Apr 2010 12:08:54 +0000 (+1200) Subject: Naming upgrade of digest_pw_auth (now digest_file_auth) X-Git-Tag: SQUID_3_2_0_1~252 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=54e8823bf16f1310bcf26d4f5789d4ffc1fc62be;p=thirdparty%2Fsquid.git Naming upgrade of digest_pw_auth (now digest_file_auth) --- diff --git a/configure.in b/configure.in index 10c45b35f4..9eabe54dc8 100644 --- a/configure.in +++ b/configure.in @@ -3808,9 +3808,9 @@ AC_CONFIG_FILES([\ helpers/basic_auth/SMB/Makefile \ helpers/basic_auth/SSPI/Makefile \ helpers/digest_auth/Makefile \ - helpers/digest_auth/password/Makefile \ - helpers/digest_auth/ldap/Makefile \ helpers/digest_auth/eDirectory/Makefile \ + helpers/digest_auth/file/Makefile \ + helpers/digest_auth/ldap/Makefile \ helpers/ntlm_auth/Makefile \ helpers/ntlm_auth/fakeauth/Makefile \ helpers/ntlm_auth/no_check/Makefile \ diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml index a15276c22f..2d5e3906de 100644 --- a/doc/release-notes/release-3.2.sgml +++ b/doc/release-notes/release-3.2.sgml @@ -108,7 +108,7 @@ Most user-facing changes are reflected in squid.conf (see below). Digest Authentication protocol helpers

- (none yet converted) + digest_pw_auth - digest_file_auth - Authenticate against credentials stored in a simple text file. External ACL helpers diff --git a/helpers/digest_auth/Makefile.am b/helpers/digest_auth/Makefile.am index 062cef190b..56dfd86e1f 100644 --- a/helpers/digest_auth/Makefile.am +++ b/helpers/digest_auth/Makefile.am @@ -1,7 +1,7 @@ -# Makefile for digest auth helpers in the Squid Object Cache server -# -# $Id$ -# +## Alphabetical list of sub-directories to distribute with Squid: +DIST_SUBDIRS= \ + eDirectory \ + file \ + ldap -DIST_SUBDIRS = password ldap eDirectory -SUBDIRS = $(DIGEST_AUTH_HELPERS) +SUBDIRS= $(DIGEST_AUTH_HELPERS) diff --git a/helpers/digest_auth/file/Makefile.am b/helpers/digest_auth/file/Makefile.am new file mode 100644 index 0000000000..f0206a419e --- /dev/null +++ b/helpers/digest_auth/file/Makefile.am @@ -0,0 +1,19 @@ +include $(top_srcdir)/src/Common.am + +## we need our local files too (but avoid -I. at all costs) +INCLUDES += -I$(srcdir) + +man_MANS = digest_file_auth.8 +libexec_PROGRAMS = digest_file_auth +digest_file_auth_SOURCES = digest_file_auth.cc \ + digest_common.h \ + text_backend.cc \ + text_backend.h + +LDADD = \ + $(COMPAT_LIB) \ + $(CRYPTLIB) \ + $(SSLLIB) \ + $(XTRA_LIBS) + +EXTRA_DIST = digest_file_auth.8 config.test diff --git a/helpers/digest_auth/password/config.test b/helpers/digest_auth/file/config.test similarity index 100% rename from helpers/digest_auth/password/config.test rename to helpers/digest_auth/file/config.test diff --git a/helpers/digest_auth/password/digest_common.h b/helpers/digest_auth/file/digest_common.h similarity index 90% rename from helpers/digest_auth/password/digest_common.h rename to helpers/digest_auth/file/digest_common.h index 42affb8cc9..bd9a952929 100644 --- a/helpers/digest_auth/password/digest_common.h +++ b/helpers/digest_auth/file/digest_common.h @@ -12,21 +12,19 @@ #define _SQUID_DIGEST_COMMON_H_ #include "config.h" +#include "hash.h" +#include "rfc2617.h" +#include "util.h" + #if HAVE_STDIO_H #include #endif -#if HAVE_STDLIB_H -#include -#endif #if HAVE_UNISTD_H #include #endif #if HAVE_STRING_H #include #endif -#if HAVE_SYS_TYPES_H -#include -#endif #if HAVE_SYS_STAT_H #include #endif @@ -34,10 +32,6 @@ #include #endif -#include "util.h" -#include "hash.h" -#include "rfc2617.h" - typedef struct _request_data { char *user; char *realm; diff --git a/helpers/digest_auth/file/digest_file_auth.8 b/helpers/digest_auth/file/digest_file_auth.8 new file mode 100644 index 0000000000..04a5d6034d --- /dev/null +++ b/helpers/digest_auth/file/digest_file_auth.8 @@ -0,0 +1,101 @@ +.if !'po4a'hide' .TH digest_file_auth 8 +. +.SN NAME +.if !'po4a'hide' .B digest_file_auth +.if !'po4a'hide' \- +File based digest authentication helper for Squid. +..PP +Version 1.0 +. +.SH SYNOPSIS +.if !'po4a'hide' .B digest_file_auth +.if !'po4a'hide' .B [\-c] +file +. +.SH DESCRIPTION +.B digest_file_auth +is an installed binary authentication program for Squid. It handles digest +authentication protocol and authenticates against a text file backend. +. +.SH OPTIONS +.if !'po4a'hide' .TP 12 +.if !'po4a'hide' .B \-c +Accept digest hashed passwords rather than plaintext in the password file +. +.SH CONFIGURATION +.PP +Username database file format: +.TP 6 +- comment lines are possible and should start with a '#'; +. +.TP +- empty or blank lines are possible; +. +.TP +- plaintext entry format is username:password +. +.TP +- HA1 entry format is username:realm:HA1 +. +.PP +To build a directory integrated backend, you need to be able to +calculate the HA1 returned to squid. To avoid storing a plaintext +password you can calculate +.B MD5(username:realm:password) +when the user changes their password, and store the tuple +.B username:realm:HA1. +then find the matching +.B username:realm +when squid asks for the HA1. +.PP +This implementation could be improved by using such a triple for +the file format. However storing such a triple does little to +improve security: If compromised the +.B username:realm:HA1 +combination is "plaintext equivalent" - for the purposes of digest authentication +they allow the user access. Password syncronisation is not tackled +by digest - just preventing on the wire compromise. +. +.SH AUTHOR +This program was written by +.if !'po4a'hide' .I Robert Collins +.PP +Based on prior work by +.if !'po4a'hide' .I Arjan de Vet +.if !'po4a.hide' .I Jon Thackray +.PP +This manual was written by +.if !'po4a'hide' .I Robert Collins +.if !'po4a'hide' .I Amos Jeffries +. +.SH COPYRIGHT +This program and documentation is copyright to the authors named above. +.PP +Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). +. +.SH QUESTIONS +Questions on the usage of this program can be sent to the +.I Squid Users mailing list +.if !'po4a'hide' +. +.SH REPORTING BUGS +Bug reports need to be made in English. +See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. +.PP +Report bugs or bug fixes using http://bugs.squid-cache.org/ +.PP +Report serious security bugs to +.I Squid Bugs +.PP +Report ideas for new improvements to the +.I Squid Developers mailing list +.if !'po4a'hide' +. +.SH SEE ALSO +.if !'po4a'hide' .BR squid "(8) " +.br +The Squid FAQ wiki +.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq +.br +The Squid Configuration Manual +.if !'po4a'hide' http://www.squid-cache.org/Doc/config/ diff --git a/helpers/digest_auth/password/digest_pw_auth.c b/helpers/digest_auth/file/digest_file_auth.cc similarity index 96% rename from helpers/digest_auth/password/digest_pw_auth.c rename to helpers/digest_auth/file/digest_file_auth.cc index 65e6cc6137..2c38e733f7 100644 --- a/helpers/digest_auth/password/digest_pw_auth.c +++ b/helpers/digest_auth/file/digest_file_auth.cc @@ -1,5 +1,5 @@ /* - * digest_pw_auth.c + * digest_file_auth.cc * * AUTHOR: Robert Collins. Based on ncsa_auth.c by Arjan de Vet * @@ -30,9 +30,11 @@ * Copyright (c) 2003 Robert Collins */ +#include "config.h" #include "digest_common.h" #include "text_backend.h" -#define PROGRAM_NAME "digest_pw_auth" + +#define PROGRAM_NAME "digest_file_auth" static void GetHHA1(RequestData * requestData) @@ -94,5 +96,5 @@ main(int argc, char **argv) ProcessArguments(argc, argv); while (fgets(buf, 256, stdin) != NULL) DoOneRequest(buf); - exit(0); + return 0; } diff --git a/helpers/digest_auth/password/text_backend.c b/helpers/digest_auth/file/text_backend.cc similarity index 89% rename from helpers/digest_auth/password/text_backend.c rename to helpers/digest_auth/file/text_backend.cc index a934bbb11c..95f7326bc1 100644 --- a/helpers/digest_auth/password/text_backend.c +++ b/helpers/digest_auth/file/text_backend.cc @@ -48,7 +48,7 @@ typedef struct _user_data { static void my_free(void *p) { - user_data *u = p; + user_data *u = static_cast(p); xfree(u->hash.key); xfree(u->passwd); xfree(u); @@ -71,7 +71,7 @@ read_passwd_file(const char *passwordFile, int isHa1Mode) /* initial setup */ hash = hash_create((HASHCMP *) strcmp, 7921, hash_string); if (NULL == hash) { - fprintf(stderr, "digest_pw_auth: cannot create hash table\n"); + fprintf(stderr, "digest_file_auth: cannot create hash table\n"); exit(1); } f = fopen(passwordFile, "r"); @@ -98,14 +98,14 @@ read_passwd_file(const char *passwordFile, int isHa1Mode) /* We cannot accept plaintext passwords when using HA1 encoding, * as the passwords may be output to cache.log if debugging is on. */ - fprintf(stderr, "digest_pw_auth: ignoring invalid password for %s\n", user); + fprintf(stderr, "digest_file_auth: ignoring invalid password for %s\n", user); continue; } - u = xcalloc(1, sizeof(*u)); + u = static_cast(xcalloc(1, sizeof(*u))); if (realm) { int len = strlen(user) + strlen(realm) + 2; u->hash.key = malloc(len); - snprintf(u->hash.key, len, "%s:%s", user, realm); + snprintf(static_cast(u->hash.key), len, "%s:%s", user, realm); } else { u->hash.key = xstrdup(user); } @@ -131,7 +131,7 @@ TextArguments(int argc, char **argv) passwdfile = argv[2]; } if (!passwdfile) { - fprintf(stderr, "Usage: digest_pw_auth [OPTIONS] \n"); + fprintf(stderr, "Usage: digest_file_auth [OPTIONS] \n"); fprintf(stderr, " -c accept digest hashed passwords rather than plaintext in passwordfile\n"); exit(1); } @@ -157,12 +157,12 @@ GetPassword(RequestData * requestData) if (!hash) return NULL; len = snprintf(buf, sizeof(buf), "%s:%s", requestData->user, requestData->realm); - if (len >= sizeof(buf)) + if (len >= static_cast(sizeof(buf))) return NULL; - u = (user_data *) hash_lookup(hash, buf); + u = (user_data*)hash_lookup(hash, buf); if (u) return u; - u = (user_data *) hash_lookup(hash, requestData->user); + u = (user_data*)hash_lookup(hash, requestData->user); return u; } diff --git a/helpers/digest_auth/password/text_backend.h b/helpers/digest_auth/file/text_backend.h similarity index 100% rename from helpers/digest_auth/password/text_backend.h rename to helpers/digest_auth/file/text_backend.h diff --git a/helpers/digest_auth/password/Makefile.am b/helpers/digest_auth/password/Makefile.am deleted file mode 100644 index 681f0d677b..0000000000 --- a/helpers/digest_auth/password/Makefile.am +++ /dev/null @@ -1,28 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id$ -# -# Uncomment and customize the following to suit your needs: -# - -include $(top_srcdir)/src/Common.am - -## we need our local files too (but avoid -I. at all costs) -INCLUDES += -I$(srcdir) - - -libexec_PROGRAMS = digest_pw_auth -digest_pw_auth_SOURCES = digest_pw_auth.c \ - digest_common.h \ - text_backend.c \ - text_backend.h - -LDADD = \ - $(top_builddir)/compat/libcompat.la \ - -L$(top_builddir)/lib -lmiscutil \ - $(CRYPTLIB) \ - $(XTRA_LIBS) \ - $(SSLLIB) - -EXTRA_DIST = config.test