1 | /* |
---|
2 | * Copyright (C) 1996-2015 The Squid Software Foundation and contributors |
---|
3 | * |
---|
4 | * Squid software is distributed under GPLv2+ license and includes |
---|
5 | * contributions from numerous individuals and organizations. |
---|
6 | * Please see the COPYING and CONTRIBUTORS files for details. |
---|
7 | */ |
---|
8 | |
---|
9 | /* |
---|
10 | * AUTHOR: Robert Collins. |
---|
11 | * |
---|
12 | * Based on ncsa_auth.c by Arjan de Vet <Arjan.deVet@adv.iae.nl> |
---|
13 | * |
---|
14 | * LDAP backend extension by Flavio Pescuma, |
---|
15 | * MARA Systems AB <flavio@marasystems.com> |
---|
16 | * |
---|
17 | * Example digest authentication program for Squid, based on the original |
---|
18 | * proxy_auth code from client_side.c, written by |
---|
19 | * Jon Thackray <jrmt@uk.gdscorp.com>. |
---|
20 | * |
---|
21 | * - comment lines are possible and should start with a '#'; |
---|
22 | * - empty or blank lines are possible; |
---|
23 | * - file format is username:password |
---|
24 | * |
---|
25 | * To build a directory integrated backend, you need to be able to |
---|
26 | * calculate the HA1 returned to squid. To avoid storing a plaintext |
---|
27 | * password you can calculate MD5(username:realm:password) when the |
---|
28 | * user changes their password, and store the tuple username:realm:HA1. |
---|
29 | * then find the matching username:realm when squid asks for the |
---|
30 | * HA1. |
---|
31 | * |
---|
32 | * This implementation could be improved by using such a triple for |
---|
33 | * the file format. However storing such a triple does little to |
---|
34 | * improve security: If compromised the username:realm:HA1 combination |
---|
35 | * is "plaintext equivalent" - for the purposes of digest authentication |
---|
36 | * they allow the user access. Password syncronisation is not tackled |
---|
37 | * by digest - just preventing on the wire compromise. |
---|
38 | * |
---|
39 | * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org> |
---|
40 | */ |
---|
41 | |
---|
42 | #include "squid.h" |
---|
43 | #include "digest_common.h" |
---|
44 | #include "helpers/defines.h" |
---|
45 | #include "text_backend.h" |
---|
46 | |
---|
47 | static void |
---|
48 | GetHHA1(RequestData * requestData) |
---|
49 | { |
---|
50 | TextHHA1(requestData); |
---|
51 | } |
---|
52 | |
---|
53 | static void |
---|
54 | ParseBuffer(char *buf, RequestData * requestData) |
---|
55 | { |
---|
56 | char *p; |
---|
57 | requestData->parsed = 0; |
---|
58 | if ((p = strchr(buf, '\n')) != NULL) |
---|
59 | *p = '\0'; /* strip \n */ |
---|
60 | |
---|
61 | p = NULL; |
---|
62 | requestData->channelId = strtoll(buf, &p, 10); |
---|
63 | if (*p != ' ') // not a channel-ID |
---|
64 | requestData->channelId = -1; |
---|
65 | else |
---|
66 | buf = ++p; |
---|
67 | |
---|
68 | if ((requestData->user = strtok(buf, "\"")) == NULL) |
---|
69 | return; |
---|
70 | if ((requestData->realm = strtok(NULL, "\"")) == NULL) |
---|
71 | return; |
---|
72 | if ((requestData->realm = strtok(NULL, "\"")) == NULL) |
---|
73 | return; |
---|
74 | requestData->parsed = -1; |
---|
75 | } |
---|
76 | |
---|
77 | static void |
---|
78 | OutputHHA1(RequestData * requestData) |
---|
79 | { |
---|
80 | requestData->error = 0; |
---|
81 | GetHHA1(requestData); |
---|
82 | if (requestData->channelId >= 0) |
---|
83 | printf("%u ", requestData->channelId); |
---|
84 | if (requestData->error) { |
---|
85 | SEND_ERR("message=\"No such user\""); |
---|
86 | return; |
---|
87 | } |
---|
88 | printf("OK ha1=\"%s\"\n", requestData->HHA1); |
---|
89 | } |
---|
90 | |
---|
91 | static void |
---|
92 | DoOneRequest(char *buf) |
---|
93 | { |
---|
94 | RequestData requestData; |
---|
95 | ParseBuffer(buf, &requestData); |
---|
96 | if (!requestData.parsed) { |
---|
97 | if (requestData.channelId >= 0) |
---|
98 | printf("%u ", requestData.channelId); |
---|
99 | SEND_BH("message=\"Invalid line received\""); |
---|
100 | return; |
---|
101 | } |
---|
102 | OutputHHA1(&requestData); |
---|
103 | } |
---|
104 | |
---|
105 | static void |
---|
106 | ProcessArguments(int argc, char **argv) |
---|
107 | { |
---|
108 | TextArguments(argc, argv); |
---|
109 | } |
---|
110 | |
---|
111 | int |
---|
112 | main(int argc, char **argv) |
---|
113 | { |
---|
114 | char buf[HELPER_INPUT_BUFFER]; |
---|
115 | setbuf(stdout, NULL); |
---|
116 | ProcessArguments(argc, argv); |
---|
117 | while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) |
---|
118 | DoOneRequest(buf); |
---|
119 | return 0; |
---|
120 | } |
---|
121 | |
---|