From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 2 Oct 2009 03:43:06 +0000 (+1300)
Subject: Helpers: Upgrade getpwnam_auth
X-Git-Tag: SQUID_3_2_0_1~677
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=acb775add37f4208865e43a1a66a7d7e93038005;p=thirdparty%2Fsquid.git

Helpers: Upgrade getpwnam_auth

- Rename to basic_getpwnam_auth
- C++ build linked to libcompat
- Adds man(8) page
---

diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml
index 163e9a7c74..920ef83ef8 100644
--- a/doc/release-notes/release-3.2.sgml
+++ b/doc/release-notes/release-3.2.sgml
@@ -53,6 +53,7 @@ Most user-facing changes are reflected in squid.conf (see below).
 <sect2>Basic Authentication protocol helpers
 <itemize>
 	<item>squid_db_auth - basic_db_auth - Retrieve authentication details from a simple SQL database table.
+	<item>getpwnam_auth - basic_getpwname_auth - Authenticate with local system user accounts.
 </itemize>
 
 <sect2>Digest Authentication protocol helpers
diff --git a/helpers/basic_auth/getpwnam/Makefile.am b/helpers/basic_auth/getpwnam/Makefile.am
index c733abd628..2866abb7c2 100644
--- a/helpers/basic_auth/getpwnam/Makefile.am
+++ b/helpers/basic_auth/getpwnam/Makefile.am
@@ -1,22 +1,10 @@
-#
-#  Makefile for the Squid Object Cache server
-#
-#  $Id$
-#
-#  Uncomment and customize the following to suit your needs:
-#
-
 include $(top_srcdir)/src/Common.am
 
-libexec_PROGRAMS = getpwname_auth
-
-getpwname_auth_SOURCES = getpwnam_auth.c 
+libexec_PROGRAMS = basic_getpwname_auth
 
-## we need our local files too (but avoid -I. at all costs)
-INCLUDES += -I$(srcdir)
+basic_getpwname_auth_SOURCES = basic_getpwnam_auth.cc
+basic_getpwname_auth_LDADD = \
+	$(COMPAT_LIB) \
+	$(CRYPTLIB)
 
-LDADD = \
-	$(top_builddir)/compat/libcompat.la \
-	-L$(top_builddir)/lib -lmiscutil \
-	$(CRYPTLIB) \
-	$(XTRA_LIBS)
+man_MANS = basic_getpwname_auth.8
diff --git a/helpers/basic_auth/getpwnam/basic_getpwnam_auth.8 b/helpers/basic_auth/getpwnam/basic_getpwnam_auth.8
new file mode 100644
index 0000000000..f54b329d63
--- /dev/null
+++ b/helpers/basic_auth/getpwnam/basic_getpwnam_auth.8
@@ -0,0 +1,79 @@
+.TH basic_getpwnam_auth 8 "Squid getpwnam Authenticator"
+.
+.SH NAME
+basic_getpwnam_auth - Local Users auth helper for Squid
+.
+.SH SYNOPSIS
+basic_getpwnam_auth
+.
+.SH DESCRIPTION
+This helper allows Squid to authenticate any local user accounts
+to validate the user name and password of Basic HTTP authentication.
+.
+Uses getpwnam() and getspnam() routines for authentication.
+This has the following advantages over the NCSA module:
+.
+.BR Allows authentication of all known local users
+.BR Allows authentication through nsswitch.conf
+.BR can handle NIS(+) requests
+.BR can handle LDAP request
+.BR can handle PAM request
+.
+.SH SQUID.CONF
+.
+.RS
+.B auth_param basic program /path/to/basic_getpwnam_auth
+.RE
+.
+.SH NOTES
+.
+When used for authenticating to local UNIX shadow password databases
+the program must be running as root or else it won't have sufficient
+permissions to access the user password database. Such use of this
+program is not recommended, but if you absolutely need to then make
+the program setuid root
+.RS
+.P
+.B chown root basic_getpwnam_auth
+.BR
+.B chmod u+s basic_getpwnam_auth
+.RE
+.P
+Please note that in such configurations it is also strongly recommended
+that the program is moved into a directory where normal users cannot
+access it, as this mode of operation will allow any local user to
+brute-force other users passwords. Also note the program has not been
+fully audited and the author cannot be held responsible for any security
+issues due to such installations.
+.
+.SH AUTHOR
+Squid basic_getpwnam_auth is written by
+.I Erik Hofman <erik.hofman@a1.nl>
+.I Robin Elfrink <robin@a1.nl>
+.I Giancarlo Razzolini <linux-fan@onda.com.br>
+.
+Based on original code by
+.I Jon Thackray <jrmt@uk.gdscorp.com>.
+.
+This manual is written by
+.I Amos Jeffries <squid3@treenet.co.nz>
+.
+.SH COPYRIGHT
+Squid basic_getpwnam_auth and this manual is Copyright to the authors
+listed above.
+.
+Distributed under the GNU General Public License (GNU GPL) version 2 and later.
+.
+.SH QUESTIONS
+Questions on the usage of this program can be sent to the
+.I Squid Users <squid-users@squid-cache.org>
+mailing list.
+.
+.SH REPORTING BUGS
+Report bugs or bug-fixes to
+.I Squid Bugs <squid-bugs@squid-cache.org>
+or ideas for new improvements to 
+.I Squid Developers <squid-dev@squid-cache.org>
+.
+.SH "SEE ALSO"
+.BR squid (8), basic_pam_auth (8), basic_ncsa_auth (8), basic_ldap_auth (8)
diff --git a/helpers/basic_auth/getpwnam/getpwnam_auth.c b/helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc
similarity index 99%
rename from helpers/basic_auth/getpwnam/getpwnam_auth.c
rename to helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc
index 1d0c1dfc6b..b119ebf67e 100644
--- a/helpers/basic_auth/getpwnam/getpwnam_auth.c
+++ b/helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc
@@ -1,5 +1,5 @@
 /*
- * getpwnam_auth.c
+ * basic_getpwnam_auth.c
  *
  * AUTHOR: Erik Hofman <erik.hofman@a1.nl>
  *         Robin Elfrink <robin@a1.nl>