source: squid-ssl/trunk/fuentes/helpers/basic_auth/DB/basic_db_auth @ 5495

Last change on this file since 5495 was 5495, checked in by Juanma, 21 months ago

Initial release

File size: 5.3 KB
Line 
1#!/usr/bin/perl
2
3use strict;
4use Pod::Usage;
5use Getopt::Long;
6
7=pod
8
9=head1 NAME
10
11 basic_db_auth - Database auth helper for Squid
12
13=head1 SYNOPSIS
14
15 basic_db_auth [options]
16
17=head1 DESCRIPTOIN
18
19This program verifies username & password to a database
20
21=head1 OPTIONS
22
23=over 12
24
25=item B<--debug>
26
27Write debug info to stderr.
28
29=item B<--dsn>
30
31Database DSN. Default "DBI:mysql:database=squid"
32
33=item B<--user>
34
35Database User
36
37=item B<--password>
38
39Database password
40
41=item B<--table>
42
43Database table. Default "passwd".
44
45=item B<--usercol>
46
47Username column. Default "user".
48
49=item B<--passwdcol>
50
51Password column. Default "password".
52
53=item B<--cond>
54
55Condition, defaults to enabled=1. Specify 1 or "" for no condition
56If you use --joomla flag, this condition will be changed to block=0
57
58=item B<--plaintext>
59
60Database contains plain-text passwords
61
62=item B<--md5>
63
64Database contains unsalted md5 passwords
65
66=item B<--salt>
67
68Selects the correct salt to evaluate passwords
69
70=item B<--persist>
71
72Keep a persistent database connection open between queries.
73
74=item B<--joomla>
75
76Tells helper that user database is Joomla DB.  So their unusual salt
77hashing is understood.
78
79=back
80
81=head1 AUTHOR
82
83This program was written by
84I<Henrik Nordstrom <henrik@henriknordstrom.net>> and
85I<Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>>
86
87This manual was written by I<Henrik Nordstrom <henrik@henriknordstrom.net>>
88
89=head1 COPYRIGHT
90
91 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
92 *
93 * Squid software is distributed under GPLv2+ license and includes
94 * contributions from numerous individuals and organizations.
95 * Please see the COPYING and CONTRIBUTORS files for details.
96
97Copyright (C) 2007 Henrik Nordstrom <henrik@henriknordstrom.net>
98Copyright (C) 2010 Luis Daniel Lucio Quiroz <dlucio@okay.com.mx> (Joomla support)
99This program is free software. You may redistribute copies of it under the
100terms of the GNU General Public License version 2, or (at youropinion) any
101later version.
102
103=head1 QUESTIONS
104
105Questions on the usage of this program can be sent to the I<Squid Users mailing list <squid-users@squid-cache.org>>
106
107=head1 REPORTING BUGS
108
109Bug reports need to be made in English.
110See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
111
112Report bugs or bug fixes using http://bugs.squid-cache.org/
113
114Report serious security bugs to I<Squid Bugs <squid-bugs@squid-cache.org>>
115
116Report ideas for new improvements to the I<Squid Developers mailing list <squid-dev@squid-cache.org>>
117
118=head1 SEE ALSO
119
120squid (8), GPL (7),
121
122The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
123
124The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
125
126=cut
127
128use DBI;
129use Digest::MD5 qw(md5 md5_hex md5_base64);
130
131my $dsn = "DBI:mysql:database=squid";
132my $db_user = undef;
133my $db_passwd = undef;
134my $db_table = "passwd";
135my $db_usercol = "user";
136my $db_passwdcol = "password";
137my $db_cond = "enabled = 1";
138my $plaintext = 0;
139my $md5 = 0;
140my $persist = 0;
141my $isjoomla = 0;
142my $debug = 0;
143my $hashsalt = undef;
144
145GetOptions(
146        'dsn=s' => \$dsn,
147        'user=s' => \$db_user,
148        'password=s' => \$db_passwd,
149        'table=s' => \$db_table,
150        'usercol=s' => \$db_usercol,
151        'passwdcol=s' => \$db_passwdcol,
152        'cond=s' => \$db_cond,
153        'plaintext' => \$plaintext,
154        'md5' => \$md5,
155        'persist' => \$persist,
156        'joomla' => \$isjoomla,
157        'debug' => \$debug,
158        'salt=s' => \$hashsalt,
159        );
160
161my ($_dbh, $_sth);
162$db_cond = "block = 0" if $isjoomla;
163
164sub close_db()
165{
166    return if !defined($_dbh);
167    undef $_sth;
168    $_dbh->disconnect();
169    undef $_dbh;
170}
171
172sub open_db()
173{
174    return $_sth if defined $_sth;
175    $_dbh = DBI->connect($dsn, $db_user, $db_passwd);
176    if (!defined $_dbh) {
177        warn ("Could not connect to $dsn\n");
178        my @driver_names = DBI->available_drivers();
179        my $msg = "DSN drivers apparently installed, available:\n";
180        foreach my $dn (@driver_names) {
181                $msg .= "\t$dn";
182        }
183        warn($msg."\n");
184        return undef;
185    }
186    my $sql_query;
187    $sql_query = "SELECT $db_passwdcol FROM $db_table WHERE $db_usercol = ?" . ($db_cond ne "" ? " AND $db_cond" : "");
188    $_sth = $_dbh->prepare($sql_query) || die;
189    return $_sth;
190}
191
192sub check_password($$)
193{
194    my ($password, $key) = @_;
195
196    if ($isjoomla){
197        my $salt;
198        my $key2;
199        ($key2,$salt) = split (/:/, $key);
200        return 1 if md5_hex($password.$salt).':'.$salt eq $key;
201    }
202    else{
203        return 1 if defined $hashsalt && crypt($password, $hashsalt) eq $key;
204        return 1 if crypt($password, $key) eq $key;
205        return 1 if $md5 && md5_hex($password) eq $key;
206        return 1 if $plaintext && $password eq $key;
207    }
208
209    return 0;
210}
211
212sub query_db($) {
213    my ($user) = @_;
214    my ($sth) = open_db() || return undef;
215    if (!$sth->execute($user)) {
216        close_db();
217        open_db() || return undef;
218        $sth->execute($user) || return undef;;
219    }
220    return $sth;
221}
222my $status;
223
224$|=1;
225while (<>) {
226    my ($user, $password) = split;
227    $status = "ERR";
228    $user =~ s/%(..)/pack("H*", $1)/ge;
229    $password =~ s/%(..)/pack("H*", $1)/ge;
230
231    $status = "ERR database error";
232    my $sth = query_db($user) || next;
233    $status = "ERR unknown login";
234    my $row = $sth->fetchrow_arrayref() || next;
235    $status = "ERR login failure";
236    next if (!check_password($password, @$row[0]));
237    $status = "OK";
238} continue {
239    close_db() if (!$persist);
240    print $status . "\n";
241}
Note: See TracBrowser for help on using the repository browser.