rfc1738_unescape(user);
rfc1738_unescape(passwd);
if (!validUsername(user)) {
- printf("ERR\n");
+ printf("ERR No such user\n");
continue;
}
tryagain = (ld != NULL);
ld = NULL;
goto recover;
}
- printf("ERR\n");
+ printf("ERR %s\n", ldap_err2string(squid_ldap_errno(ld)));
} else {
printf("OK\n");
}
rfc1738_unescape(passwd);
u = (user_data *)hash_lookup(hash, user);
if (u == NULL) {
- printf("ERR\n");
+ printf("ERR No such user\n");
} else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
printf("OK\n");
} else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) {
printf("OK\n");
} else {
- printf("ERR\n");
+ printf("ERR Wrong password\n");
}
}
exit(0);
if (!nispasswd) {
/* User does not exist */
- printf("ERR\n");
+ printf("ERR No such user\n");
} else if (strcmp(nispasswd, (char *) crypt(passwd, nispasswd)) == 0) {
/* All ok !, thanks... */
printf("OK\n");
} else {
/* Password incorrect */
- printf("ERR\n");
+ printf("ERR Wrong password\n");
}
}
exit(0);
rfc1738_unescape(passwd);
pwd = getpwnam(user);
if (pwd == NULL) {
- printf(ERR);
+ printf("ERR No such user\n");
} else {
if (strcmp(pwd->pw_passwd, (char *) crypt(passwd, pwd->pw_passwd))) {
- printf(ERR);
+ printf("ERR Wrong password\n");
} else {
printf(OK);
}
/*
- * $Id: auth_basic.cc,v 1.37 2005/03/19 15:41:55 serassio Exp $
+ * $Id: auth_basic.cc,v 1.38 2005/04/24 14:00:51 serassio Exp $
*
* DEBUG: section 29 Authenticator
* AUTHOR: Duane Wessels
if (reply) {
if ((t = strchr(reply, ' ')))
- *t = '\0';
+ *t++ = '\0';
if (*reply == '\0')
reply = NULL;
if (reply && (strncasecmp(reply, "OK", 2) == 0))
basic_auth->flags.credentials_ok = 1;
- else
+ else {
basic_auth->flags.credentials_ok = 3;
+ if (t && *t)
+ r->auth_user_request->setDenyMessage(t);
+ }
+
basic_auth->credentials_checkedtime = squid_curtime;
if (cbdataReferenceValidDone(r->data, &cbdata))
/*
- * $Id: auth_digest.cc,v 1.42 2005/04/18 21:52:43 hno Exp $
+ * $Id: auth_digest.cc,v 1.43 2005/04/24 14:00:52 serassio Exp $
*
* DEBUG: section 29 Authenticator
* AUTHOR: Robert Collins
if (strcasecmp(digest_request->response, Response)) {
credentials(Failed);
+ digest_request->setDenyMessage("Incorrect password");
return;
} else {
const char *useragent = httpHeaderGetStr(&request->header, HDR_USER_AGENT);
}
} else {
credentials(Failed);
+ digest_request->setDenyMessage("Incorrect password");
return;
}
digest_user->username());
digest_request->flags.nonce_stale = 1;
credentials(Failed);
+ digest_request->setDenyMessage("Stale nonce");
return;
}
}
if (reply) {
if ((t = strchr(reply, ' ')))
- *t = '\0';
+ *t++ = '\0';
if (*reply == '\0' || *reply == '\n')
reply = NULL;
assert(digest_request);
digest_user = dynamic_cast < digest_user_h * >(auth_user_request->user());
- if (reply && (strncasecmp(reply, "ERR", 3) == 0))
+ if (reply && (strncasecmp(reply, "ERR", 3) == 0)) {
digest_request->credentials(AuthDigestUserRequest::Failed);
- else if (reply) {
+
+ if (t && *t)
+ digest_request->setDenyMessage(t);
+ } else if (reply) {
CvtBin(reply, digest_user->HA1);
digest_user->HA1created = 1;
}
/*
- * $Id: auth_ntlm.cc,v 1.46 2004/12/24 01:03:39 hno Exp $
+ * $Id: auth_ntlm.cc,v 1.47 2005/04/24 14:00:52 serassio Exp $
*
* DEBUG: section 29 NTLM Authenticator
* AUTHOR: Robert Collins
authenticateStateData *r = static_cast<authenticateStateData *>(data);
ntlm_helper_state_t *helperstate;
stateful_helper_callback_t result = S_HELPER_UNKNOWN;
- char *t = NULL;
auth_user_request_t *auth_user_request;
auth_user_t *auth_user;
ntlm_user_t *ntlm_user;
ntlm_request->authserver = NULL;
debug(29, 4) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply);
ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
+ reply += 3;
- if ((t = strchr(reply, ' '))) /* strip after a space */
- *t = '\0';
+ if (*reply)
+ auth_user_request->setDenyMessage(reply);
} else if (strncasecmp(reply, "NA", 2) == 0) {
/* NTLM Helper protocol violation! */
fatal("NTLM Helper returned invalid response \"NA\" - a error message MUST be attached\n");
/* first the standard KK stuff */
debug(29, 4) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply);
- if ((t = strchr(reply, ' '))) /* strip after a space */
- *t = '\0';
-
/* now we mark the helper for resetting. */
helperstate->starve = 1;
ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
+
+ reply += 3;
+
+ if (*reply)
+ auth_user_request->setDenyMessage(reply);
} else {
/* TODO: only work with auth_user here if it exists */
/* TODO: take the request state into consideration */
#
-# $Id: cf.data.pre,v 1.385 2005/03/18 17:17:51 hno Exp $
+# $Id: cf.data.pre,v 1.386 2005/04/24 14:00:45 serassio Exp $
#
#
# SQUID Web Proxy Cache http://www.squid-cache.org/
"program" cmdline
Specify the command for the external authenticator. Such a
program reads a line containing "username password" and replies
- "OK" or "ERR" in an endless loop. If you use an authenticator,
- make sure you have 1 acl of type proxy_auth. By default, the
- basic authentication sheme is not used unless a program is specified.
+ "ERR" in an endless loop. "ERR" responses may optionally be followed
+ by a error description available as %m in the returned error page.
+ If you use an authenticator, make sure you have 1 acl of type proxy_auth.
+ By default, the basic authentication scheme is not used unless a program
+ is specified.
If you want to use the traditional proxy authentication,
jump over to the ../auth_modules/NCSA directory and
replies with the appropriate H(A1) value base64 encoded or
ERR if the user (or his H(A1) hash) does not exists.
See rfc 2616 for the definition of H(A1).
+ "ERR" responses may optionally be followed by a error description
+ available as %m in the returned error page.
By default, the digest authentication is not used unless a
program is specified.
projects / thirdparty / squid.git / commitdiff
