digest_file_auth.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/*
10 * AUTHOR: Robert Collins.
11 *
12 * Based on ncsa_auth.c by Arjan de Vet <Arjan.deVet@adv.iae.nl>
13 *
14 * LDAP backend extension by Flavio Pescuma,
15 * MARA Systems AB <flavio@marasystems.com>
16 *
17 * Example digest authentication program for Squid, based on the original
18 * proxy_auth code from client_side.c, written by
19 * Jon Thackray <jrmt@uk.gdscorp.com>.
20 *
21 * - comment lines are possible and should start with a '#';
22 * - empty or blank lines are possible;
23 * - file format is username:password
24 *
25 * To build a directory integrated backend, you need to be able to
26 * calculate the HA1 returned to squid. To avoid storing a plaintext
27 * password you can calculate MD5(username:realm:password) when the
28 * user changes their password, and store the tuple username:realm:HA1.
29 * then find the matching username:realm when squid asks for the
30 * HA1.
31 *
32 * This implementation could be improved by using such a triple for
33 * the file format. However storing such a triple does little to
34 * improve security: If compromised the username:realm:HA1 combination
35 * is "plaintext equivalent" - for the purposes of digest authentication
36 * they allow the user access. Password synchronization is not tackled
37 * by digest - just preventing on the wire compromise.
38 *
39 * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org>
40 */
41
42#include "squid.h"
46
47static void
48GetHHA1(RequestData * requestData)
49{
50 TextHHA1(requestData);
51}
52
53static void
54ParseBuffer(char *buf, RequestData * requestData)
55{
56 char *p;
57 requestData->parsed = 0;
58 if ((p = strchr(buf, '\n')) != nullptr)
59 *p = '\0'; /* strip \n */
60
61 p = nullptr;
62 requestData->channelId = strtoll(buf, &p, 10);
63 if (*p != ' ') // not a channel-ID
64 requestData->channelId = -1;
65 else
66 buf = ++p;
67
68 if ((requestData->user = strtok(buf, "\"")) == nullptr)
69 return;
70 if ((requestData->realm = strtok(nullptr, "\"")) == nullptr)
71 return;
72 if ((requestData->realm = strtok(nullptr, "\"")) == nullptr)
73 return;
74 requestData->parsed = -1;
75}
76
77static void
78OutputHHA1(RequestData * requestData)
79{
80 requestData->error = 0;
81 GetHHA1(requestData);
82 if (requestData->channelId >= 0)
83 printf("%u ", requestData->channelId);
84 if (requestData->error) {
85 SEND_ERR("message=\"No such user\"");
86 return;
87 }
88 printf("OK ha1=\"%s\"\n", requestData->HHA1);
89}
90
91static void
92DoOneRequest(char *buf)
93{
94 RequestData requestData;
95 ParseBuffer(buf, &requestData);
96 if (!requestData.parsed) {
97 if (requestData.channelId >= 0)
98 printf("%u ", requestData.channelId);
99 SEND_BH("message=\"Invalid line received\"");
100 return;
101 }
102 OutputHHA1(&requestData);
103}
104
105static void
106ProcessArguments(int argc, char **argv)
107{
108 TextArguments(argc, argv);
109}
110
111int
112main(int argc, char **argv)
113{
114 char buf[HELPER_INPUT_BUFFER];
115 setbuf(stdout, nullptr);
116 ProcessArguments(argc, argv);
117 while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != nullptr)
118 DoOneRequest(buf);
119 return EXIT_SUCCESS;
120}
121
#define HELPER_INPUT_BUFFER
Definition: UserRequest.cc:24
static void ParseBuffer(char *buf, RequestData *requestData)
int main(int argc, char **argv)
static void DoOneRequest(char *buf)
static void GetHHA1(RequestData *requestData)
static void ProcessArguments(int argc, char **argv)
static void OutputHHA1(RequestData *requestData)
#define SEND_ERR(x)
#define SEND_BH(x)
int64_t strtoll(const char *nptr, char **endptr, int base)
Definition: strtoll.c:61
void TextArguments(int argc, char **argv)
void TextHHA1(RequestData *requestData)

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors