mail archive Squid CVS Messages
squid-cvs.squid-cache.org
(List home) (Recent threads) (2 other Squid lists)
Subscription Options
- RSS or Atom: Read-only subscription using a browser or aggregator. This is the recommended way if you don't need to send messages to the list. You can learn more about feed syndication and clients here.
- Conventional: All messages are delivered to your mail address, and you can reply. To subscribe, send an email to the list's subscribe address with "subscribe" in the subject line.
- Low traffic list: less than 3 messages per day
- This list contains about 3,682 messages, beginning Nov 2009
- 4 messages added yesterday
Report the Spam
This button sends a spam report to the moderator. Please use it sparingly. For other removal requests, read this.
Are you sure? yes no
/bzr/squid3/trunk/ r10444: Naming upgrade of digest_pw_auth (now digest_file_auth)
Ad
=== modified file 'configure.in'
--- a/configure.in 2010-04-27 11:23:10 +0000
+++ b/configure.in 2010-04-30 12:08:54 +0000
@@ -3808,9 +3808,9 @@
helpers/basic_auth/SMB/Makefile \
helpers/basic_auth/SSPI/Makefile \
helpers/digest_auth/Makefile \
- helpers/digest_auth/password/Makefile \
+ helpers/digest_auth/eDirectory/Makefile \
+ helpers/digest_auth/file/Makefile \
helpers/digest_auth/ldap/Makefile \
- helpers/digest_auth/eDirectory/Makefile \
helpers/ntlm_auth/Makefile \
helpers/ntlm_auth/fakeauth/Makefile \
helpers/ntlm_auth/no_check/Makefile \
=== modified file 'doc/release-notes/release-3.2.sgml'
--- a/doc/release-notes/release-3.2.sgml 2010-03-18 12:30:15 +0000
+++ b/doc/release-notes/release-3.2.sgml 2010-04-30 12:08:54 +0000
@@ -108,7 +108,7 @@ <sect2>Digest Authentication protocol helpers
<p><itemize>
- <item>(none yet converted)
+ <item>digest_pw_auth - digest_file_auth - Authenticate against credentials stored in a simple text file.
</itemize> <sect2>External ACL helpers
=== modified file 'helpers/digest_auth/Makefile.am'
--- a/helpers/digest_auth/Makefile.am 2009-11-12 01:12:50 +0000
+++ b/helpers/digest_auth/Makefile.am 2010-04-30 12:08:54 +0000
@@ -1,7 +1,7 @@
-# Makefile for digest auth helpers in the Squid Object Cache server
-#
-# $Id$
-#
+## Alphabetical list of sub-directories to distribute with Squid:
+DIST_SUBDIRS= \
+ eDirectory \
+ file \
+ ldap-DIST_SUBDIRS = password ldap eDirectory
-SUBDIRS = $(DIGEST_AUTH_HELPERS)
+SUBDIRS= $(DIGEST_AUTH_HELPERS)
=== renamed directory 'helpers/digest_auth/password' => 'helpers/digest_auth/file'
=== modified file 'helpers/digest_auth/file/Makefile.am'
--- a/helpers/digest_auth/password/Makefile.am 2010-04-14 11:13:32 +0000
+++ b/helpers/digest_auth/file/Makefile.am 2010-04-30 12:08:54 +0000
@@ -1,28 +1,19 @@
-#
-# Makefile for the Squid Object Cache server
-#
-# $Id$
-#
-# Uncomment and customize the following to suit your needs:
-#
-
include $(top_srcdir)/src/Common.am ## we need our local files too (but avoid -I. at all costs)
INCLUDES += -I$(srcdir)-
-libexec_PROGRAMS = digest_pw_auth
-digest_pw_auth_SOURCES = digest_pw_auth.c \
+man_MANS = digest_file_auth.8
+libexec_PROGRAMS = digest_file_auth
+digest_file_auth_SOURCES = digest_file_auth.cc \
digest_common.h \
- text_backend.c \
+ text_backend.cc \
text_backend.h LDADD = \
- $(top_builddir)/compat/libcompat.la \
- -L$(top_builddir)/lib -lmiscutil \
+ $(COMPAT_LIB) \
$(CRYPTLIB) \
- $(XTRA_LIBS) \
- $(SSLLIB)
+ $(SSLLIB) \
+ $(XTRA_LIBS)-EXTRA_DIST = config.test
+EXTRA_DIST = digest_file_auth.8 config.test
=== modified file 'helpers/digest_auth/file/digest_common.h'
--- a/helpers/digest_auth/password/digest_common.h 2008-10-10 08:02:53 +0000
+++ b/helpers/digest_auth/file/digest_common.h 2010-04-30 12:08:54 +0000
@@ -12,21 +12,19 @@
#define _SQUID_DIGEST_COMMON_H_ #include "config.h"
+#include "hash.h"
+#include "rfc2617.h"
+#include "util.h"
+
#if HAVE_STDIO_H
#include <stdio.h>
#endif
-#if HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#if HAVE_STRING_H
#include <string.h>
#endif
-#if HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
@@ -34,10 +32,6 @@
#include <crypt.h>
#endif-#include "util.h"
-#include "hash.h"
-#include "rfc2617.h"
-
typedef struct _request_data {
char *user;
char *realm;
=== added file 'helpers/digest_auth/file/digest_file_auth.8'
--- a/helpers/digest_auth/file/digest_file_auth.8 1970-01-01 00:00:00 +0000
+++ b/helpers/digest_auth/file/digest_file_auth.8 2010-04-30 12:08:54 +0000
@@ -0,0 +1,101 @@
+.if !'po4a'hide' .TH digest_file_auth 8
+.
+.SN NAME
+.if !'po4a'hide' .B digest_file_auth
+.if !'po4a'hide' \-
+File based digest authentication helper for Squid.
+..PP
+Version 1.0
+.
+.SH SYNOPSIS
+.if !'po4a'hide' .B digest_file_auth
+.if !'po4a'hide' .B [\-c]
+file
+.
+.SH DESCRIPTION
+.B digest_file_auth
+is an installed binary authentication program for Squid. It handles digest
+authentication protocol and authenticates against a text file backend.
+.
+.SH OPTIONS
+.if !'po4a'hide' .TP 12
+.if !'po4a'hide' .B \-c
+Accept digest hashed passwords rather than plaintext in the password file
+.
+.SH CONFIGURATION
+.PP
+Username database file format:
+.TP 6
+- comment lines are possible and should start with a '#';
+.
+.TP
+- empty or blank lines are possible;
+.
+.TP
+- plaintext entry format is username:password
+.
+.TP
+- HA1 entry format is username:realm:HA1
+.
+.PP
+To build a directory integrated backend, you need to be able to
+calculate the HA1 returned to squid. To avoid storing a plaintext
+password you can calculate
+.B MD5(username:realm:password)
+when the user changes their password, and store the tuple
+.B username:realm:HA1.
+then find the matching
+.B username:realm
+when squid asks for the HA1.
+.PP
+This implementation could be improved by using such a triple for
+the file format. However storing such a triple does little to
+improve security: If compromised the
+.B username:realm:HA1
+combination is "plaintext equivalent" - for the purposes of digest authentication
+they allow the user access. Password syncronisation is not tackled
+by digest - just preventing on the wire compromise.
+.
+.SH AUTHOR
+This program was written by
+.if !'po4a'hide' .I Robert Collins
+.PP
+Based on prior work by
+.if !'po4a'hide' .I Arjan de Vet
+.if !'po4a.hide' .I Jon Thackray
+.PP
+This manual was written by
+.if !'po4a'hide' .I Robert Collins
+.if !'po4a'hide' .I Amos Jeffries
+.
+.SH COPYRIGHT
+This program and documentation is copyright to the authors named above.
+.PP
+Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
+.
+.SH QUESTIONS
+Questions on the usage of this program can be sent to the
+.I Squid Users mailing list
+.if !'po4a'hide'
+.
+.SH REPORTING BUGS
+Bug reports need to be made in English.
+See http://wiki.squid-cache.org/SquidFaq/BugRepor... for details of what you need to include with your bug report.
+.PP
+Report bugs or bug fixes using http://bugs.squid-cache.org/
+.PP
+Report serious security bugs to
+.I Squid Bugs
+.PP
+Report ideas for new improvements to the
+.I Squid Developers mailing list
+.if !'po4a'hide'
+.
+.SH SEE ALSO
+.if !'po4a'hide' .BR squid "(8) "
+.br
+The Squid FAQ wiki
+.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
+.br
+The Squid Configuration Manual
+.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
=== renamed file 'helpers/digest_auth/password/digest_pw_auth.c' => 'helpers/digest_auth/file/digest_file_auth.cc'
--- a/helpers/digest_auth/password/digest_pw_auth.c 2008-10-10 08:02:53 +0000
+++ b/helpers/digest_auth/file/digest_file_auth.cc 2010-04-30 12:08:54 +0000
@@ -1,5 +1,5 @@
/*
- * digest_pw_auth.c
+ * digest_file_auth.cc
*
* AUTHOR: Robert Collins. Based on ncsa_auth.c by Arjan de Vet
*
@@ -30,9 +30,11 @@
* Copyright (c) 2003 Robert Collins
*/+#include "config.h"
#include "digest_common.h"
#include "text_backend.h"
-#define PROGRAM_NAME "digest_pw_auth"
+
+#define PROGRAM_NAME "digest_file_auth" static void
GetHHA1(RequestData * requestData)
@@ -94,5 +96,5 @@
ProcessArguments(argc, argv);
while (fgets(buf, 256, stdin) != NULL)
DoOneRequest(buf);
- exit(0);
+ return 0;
}
=== renamed file 'helpers/digest_auth/password/text_backend.c' => 'helpers/digest_auth/file/text_backend.cc'
--- a/helpers/digest_auth/password/text_backend.c 2010-03-21 03:08:26 +0000
+++ b/helpers/digest_auth/file/text_backend.cc 2010-04-30 12:08:54 +0000
@@ -48,7 +48,7 @@
static void
my_free(void *p)
{
- user_data *u = p;
+ user_data *u = static_cast<user_data*>(p);
xfree(u->hash.key);
xfree(u->passwd);
xfree(u);
@@ -71,7 +71,7 @@
/* initial setup */
hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
if (NULL == hash) {
- fprintf(stderr, "digest_pw_auth: cannot create hash table\n");
+ fprintf(stderr, "digest_file_auth: cannot create hash table\n");
exit(1);
}
f = fopen(passwordFile, "r");
@@ -98,14 +98,14 @@
/* We cannot accept plaintext passwords when using HA1 encoding,
* as the passwords may be output to cache.log if debugging is on.
*/
- fprintf(stderr, "digest_pw_auth: ignoring invalid password for %s\n", user);
+ fprintf(stderr, "digest_file_auth: ignoring invalid password for %s\n", user);
continue;
}
- u = xcalloc(1, sizeof(*u));
+ u = static_cast<user_data*>(xcalloc(1, sizeof(*u)));
if (realm) {
int len = strlen(user) + strlen(realm) + 2;
u->hash.key = malloc(len);
- snprintf(u->hash.key, len, "%s:%s", user, realm);
+ snprintf(static_cast<char*>(u->hash.key), len, "%s:%s", user, realm);
} else {
u->hash.key = xstrdup(user);
}
@@ -131,7 +131,7 @@
passwdfile = argv[2];
}
if (!passwdfile) {
- fprintf(stderr, "Usage: digest_pw_auth [OPTIONS] <passwordfile>\n");
+ fprintf(stderr, "Usage: digest_file_auth [OPTIONS] <passwordfile>\n");
fprintf(stderr, " -c accept digest hashed passwords rather than plaintext in passwordfile\n");
exit(1);
}
@@ -157,12 +157,12 @@
if (!hash)
return NULL;
len = snprintf(buf, sizeof(buf), "%s:%s", requestData->user, requestData->realm);
- if (len >= sizeof(buf))
+ if (len >= static_cast<int>(sizeof(buf)))
return NULL;
- u = (user_data *) hash_lookup(hash, buf);
+ u = (user_data*)hash_lookup(hash, buf);
if (u)
return u;
- u = (user_data *) hash_lookup(hash, requestData->user);
+ u = (user_data*)hash_lookup(hash, requestData->user);
return u;
}