ArchiveOrangemail archive

Squid CVS Messages


squid-cvs.squid-cache.org
(List home) (Recent threads) (2 other Squid lists)

Subscription Options

  • RSS or Atom: Read-only subscription using a browser or aggregator. This is the recommended way if you don't need to send messages to the list. You can learn more about feed syndication and clients here.
  • Conventional: All messages are delivered to your mail address, and you can reply. To subscribe, send an email to the list's subscribe address with "subscribe" in the subject line.
  • Low traffic list: less than 3 messages per day
  • This list contains about 4,401 messages, beginning Nov 2009
  • 0 messages added yesterday
Report the Spam
This button sends a spam report to the moderator. Please use it sparingly. For other removal requests, read this.
Are you sure? yes no

/bzr/squid3/trunk/ r10444: Naming upgrade of digest_pw_auth (now digest_file_auth)

Ad
Amos Jeffries 1272629705Fri, 30 Apr 2010 12:15:05 +0000 (UTC)
=== modified file 'configure.in'
--- a/configure.in	2010-04-27 11:23:10 +0000
+++ b/configure.in	2010-04-30 12:08:54 +0000
@@ -3808,9 +3808,9 @@
 	helpers/basic_auth/SMB/Makefile \
 	helpers/basic_auth/SSPI/Makefile \
 	helpers/digest_auth/Makefile \
-	helpers/digest_auth/password/Makefile \
+	helpers/digest_auth/eDirectory/Makefile \
+	helpers/digest_auth/file/Makefile \
 	helpers/digest_auth/ldap/Makefile \
-	helpers/digest_auth/eDirectory/Makefile \
 	helpers/ntlm_auth/Makefile \
 	helpers/ntlm_auth/fakeauth/Makefile \
 	helpers/ntlm_auth/no_check/Makefile \

=== modified file 'doc/release-notes/release-3.2.sgml'
--- a/doc/release-notes/release-3.2.sgml	2010-03-18 12:30:15 +0000
+++ b/doc/release-notes/release-3.2.sgml	2010-04-30 12:08:54 +0000
@@ -108,7 +108,7 @@ <sect2>Digest Authentication protocol helpers
 <p><itemize>
-	<item>(none yet converted)
+	<item>digest_pw_auth - digest_file_auth - Authenticate against credentials stored in a simple text file.
 </itemize> <sect2>External ACL helpers

=== modified file 'helpers/digest_auth/Makefile.am'
--- a/helpers/digest_auth/Makefile.am	2009-11-12 01:12:50 +0000
+++ b/helpers/digest_auth/Makefile.am	2010-04-30 12:08:54 +0000
@@ -1,7 +1,7 @@
-#  Makefile for digest auth helpers in the Squid Object Cache server
-#
-#  $Id$
-#
+## Alphabetical list of sub-directories to distribute with Squid:
+DIST_SUBDIRS= \
+	eDirectory \
+	file \
+	ldap-DIST_SUBDIRS	= password ldap eDirectory
-SUBDIRS		= $(DIGEST_AUTH_HELPERS)
+SUBDIRS= $(DIGEST_AUTH_HELPERS)

=== renamed directory 'helpers/digest_auth/password' => 'helpers/digest_auth/file'
=== modified file 'helpers/digest_auth/file/Makefile.am'
--- a/helpers/digest_auth/password/Makefile.am	2010-04-14 11:13:32 +0000
+++ b/helpers/digest_auth/file/Makefile.am	2010-04-30 12:08:54 +0000
@@ -1,28 +1,19 @@
-#
-#  Makefile for the Squid Object Cache server
-#
-#  $Id$
-#
-#  Uncomment and customize the following to suit your needs:
-#
-
 include $(top_srcdir)/src/Common.am ## we need our local files too (but avoid -I. at all costs)
 INCLUDES += -I$(srcdir)-
-libexec_PROGRAMS = digest_pw_auth
-digest_pw_auth_SOURCES = digest_pw_auth.c \
+man_MANS = digest_file_auth.8
+libexec_PROGRAMS = digest_file_auth
+digest_file_auth_SOURCES = digest_file_auth.cc \
 	digest_common.h \
-	text_backend.c \
+	text_backend.cc \
 	text_backend.h LDADD = \
-	$(top_builddir)/compat/libcompat.la \
-	-L$(top_builddir)/lib -lmiscutil \
+	$(COMPAT_LIB) \
 	$(CRYPTLIB) \
-	$(XTRA_LIBS) \
-	$(SSLLIB)
+	$(SSLLIB) \
+	$(XTRA_LIBS)-EXTRA_DIST = config.test
+EXTRA_DIST = digest_file_auth.8 config.test

=== modified file 'helpers/digest_auth/file/digest_common.h'
--- a/helpers/digest_auth/password/digest_common.h	2008-10-10 08:02:53 +0000
+++ b/helpers/digest_auth/file/digest_common.h	2010-04-30 12:08:54 +0000
@@ -12,21 +12,19 @@
 #define   _SQUID_DIGEST_COMMON_H_ #include "config.h"
+#include "hash.h"
+#include "rfc2617.h"
+#include "util.h"
+
 #if HAVE_STDIO_H
 #include <stdio.h>
 #endif
-#if HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
 #if HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #if HAVE_STRING_H
 #include <string.h>
 #endif
-#if HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
 #if HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
@@ -34,10 +32,6 @@
 #include <crypt.h>
 #endif-#include "util.h"
-#include "hash.h"
-#include "rfc2617.h"
-
 typedef struct _request_data {
     char *user;
     char *realm;

=== added file 'helpers/digest_auth/file/digest_file_auth.8'
--- a/helpers/digest_auth/file/digest_file_auth.8	1970-01-01 00:00:00 +0000
+++ b/helpers/digest_auth/file/digest_file_auth.8	2010-04-30 12:08:54 +0000
@@ -0,0 +1,101 @@
+.if !'po4a'hide' .TH digest_file_auth 8
+.
+.SN NAME
+.if !'po4a'hide' .B digest_file_auth
+.if !'po4a'hide' \-
+File based digest authentication helper for Squid.
+..PP
+Version 1.0
+.
+.SH SYNOPSIS
+.if !'po4a'hide' .B digest_file_auth
+.if !'po4a'hide' .B [\-c]
+file
+.
+.SH DESCRIPTION
+.B digest_file_auth
+is an installed binary authentication program for Squid. It handles digest 
+authentication protocol and authenticates against a text file backend.
+.
+.SH OPTIONS
+.if !'po4a'hide' .TP 12
+.if !'po4a'hide' .B \-c
+Accept digest hashed passwords rather than plaintext in the password file
+.
+.SH CONFIGURATION
+.PP
+Username database file format:
+.TP 6
+- comment lines are possible and should start with a '#';
+.
+.TP
+- empty or blank lines are possible;
+.
+.TP
+- plaintext entry format is username:password
+.
+.TP
+- HA1 entry format is username:realm:HA1
+.
+.PP
+To build a directory integrated backend, you need to be able to
+calculate the HA1 returned to squid. To avoid storing a plaintext
+password you can calculate 
+.B MD5(username:realm:password) 
+when the user changes their password, and store the tuple 
+.B username:realm:HA1.
+then find the matching 
+.B username:realm 
+when squid asks for the HA1.
+.PP
+This implementation could be improved by using such a triple for
+the file format.  However storing such a triple does little to
+improve security: If compromised the
+.B username:realm:HA1 
+combination is "plaintext equivalent" - for the purposes of digest authentication
+they allow the user access. Password syncronisation is not tackled
+by digest - just preventing on the wire compromise.
+.
+.SH AUTHOR
+This program was written by
+.if !'po4a'hide' .I Robert Collins 
+.PP
+Based on prior work by
+.if !'po4a'hide' .I Arjan de Vet 
+.if !'po4a.hide' .I Jon Thackray 
+.PP
+This manual was written by
+.if !'po4a'hide' .I Robert Collins 
+.if !'po4a'hide' .I Amos Jeffries 
+.
+.SH COPYRIGHT
+This program and documentation is copyright to the authors named above.
+.PP
+Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
+.
+.SH QUESTIONS
+Questions on the usage of this program can be sent to the
+.I Squid Users mailing list
+.if !'po4a'hide' 
+.
+.SH REPORTING BUGS
+Bug reports need to be made in English.
+See http://wiki.squid-cache.org/SquidFaq/BugRepor... for details of what you need to include with your bug report.
+.PP
+Report bugs or bug fixes using http://bugs.squid-cache.org/
+.PP
+Report serious security bugs to
+.I Squid Bugs 
+.PP
+Report ideas for new improvements to the
+.I Squid Developers mailing list
+.if !'po4a'hide' 
+.
+.SH SEE ALSO
+.if !'po4a'hide' .BR squid "(8) "
+.br
+The Squid FAQ wiki
+.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
+.br
+The Squid Configuration Manual
+.if !'po4a'hide' http://www.squid-cache.org/Doc/config/

=== renamed file 'helpers/digest_auth/password/digest_pw_auth.c' => 'helpers/digest_auth/file/digest_file_auth.cc'
--- a/helpers/digest_auth/password/digest_pw_auth.c	2008-10-10 08:02:53 +0000
+++ b/helpers/digest_auth/file/digest_file_auth.cc	2010-04-30 12:08:54 +0000
@@ -1,5 +1,5 @@
 /*
- * digest_pw_auth.c
+ * digest_file_auth.cc
  *
  * AUTHOR: Robert Collins. Based on ncsa_auth.c by Arjan de Vet
  * 
@@ -30,9 +30,11 @@
  * Copyright (c) 2003  Robert Collins  
  */+#include "config.h"
 #include "digest_common.h"
 #include "text_backend.h"
-#define PROGRAM_NAME "digest_pw_auth"
+
+#define PROGRAM_NAME "digest_file_auth" static void
 GetHHA1(RequestData * requestData)
@@ -94,5 +96,5 @@
     ProcessArguments(argc, argv);
     while (fgets(buf, 256, stdin) != NULL)
         DoOneRequest(buf);
-    exit(0);
+    return 0;
 }

=== renamed file 'helpers/digest_auth/password/text_backend.c' => 'helpers/digest_auth/file/text_backend.cc'
--- a/helpers/digest_auth/password/text_backend.c	2010-03-21 03:08:26 +0000
+++ b/helpers/digest_auth/file/text_backend.cc	2010-04-30 12:08:54 +0000
@@ -48,7 +48,7 @@
 static void
 my_free(void *p)
 {
-    user_data *u = p;
+    user_data *u = static_cast<user_data*>(p);
     xfree(u->hash.key);
     xfree(u->passwd);
     xfree(u);
@@ -71,7 +71,7 @@
     /* initial setup */
     hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
     if (NULL == hash) {
-        fprintf(stderr, "digest_pw_auth: cannot create hash table\n");
+        fprintf(stderr, "digest_file_auth: cannot create hash table\n");
         exit(1);
     }
     f = fopen(passwordFile, "r");
@@ -98,14 +98,14 @@
                 /* We cannot accept plaintext passwords when using HA1 encoding,
                  * as the passwords may be output to cache.log if debugging is on.
                  */
-                fprintf(stderr, "digest_pw_auth: ignoring invalid password for %s\n", user);
+                fprintf(stderr, "digest_file_auth: ignoring invalid password for %s\n", user);
                 continue;
             }
-            u = xcalloc(1, sizeof(*u));
+            u = static_cast<user_data*>(xcalloc(1, sizeof(*u)));
             if (realm) {
                 int len = strlen(user) + strlen(realm) + 2;
                 u->hash.key = malloc(len);
-                snprintf(u->hash.key, len, "%s:%s", user, realm);
+                snprintf(static_cast<char*>(u->hash.key), len, "%s:%s", user, realm);
             } else {
                 u->hash.key = xstrdup(user);
             }
@@ -131,7 +131,7 @@
         passwdfile = argv[2];
     }
     if (!passwdfile) {
-        fprintf(stderr, "Usage: digest_pw_auth [OPTIONS] <passwordfile>\n");
+        fprintf(stderr, "Usage: digest_file_auth [OPTIONS] <passwordfile>\n");
         fprintf(stderr, "  -c   accept digest hashed passwords rather than plaintext in passwordfile\n");
         exit(1);
     }
@@ -157,12 +157,12 @@
     if (!hash)
         return NULL;
     len = snprintf(buf, sizeof(buf), "%s:%s", requestData->user, requestData->realm);
-    if (len >= sizeof(buf))
+    if (len >= static_cast<int>(sizeof(buf)))
         return NULL;
-    u = (user_data *) hash_lookup(hash, buf);
+    u = (user_data*)hash_lookup(hash, buf);
     if (u)
         return u;
-    u = (user_data *) hash_lookup(hash, requestData->user);
+    u = (user_data*)hash_lookup(hash, requestData->user);
     return u;
 }
Home | About | Privacy