--------------------- PatchSet 11458 Date: 2007/06/02 23:54:19 Author: hno Branch: HEAD Tag: (none) Log: Database auth helper using Perl DBI Members: configure.in:1.423->1.424 helpers/basic_auth/Makefile.am:1.6->1.7 helpers/basic_auth/DB/Makefile.am:INITIAL->1.1 helpers/basic_auth/DB/db_auth.pl:INITIAL->1.1 helpers/basic_auth/DB/passwd.sql:INITIAL->1.1 Index: squid/configure.in =================================================================== RCS file: /cvsroot/squid/squid/configure.in,v retrieving revision 1.423 retrieving revision 1.424 diff -u -r1.423 -r1.424 --- squid/configure.in 20 May 2007 13:45:09 -0000 1.423 +++ squid/configure.in 2 Jun 2007 23:54:19 -0000 1.424 @@ -1,7 +1,7 @@ dnl dnl Configuration input file for Squid dnl -dnl $Id: configure.in,v 1.423 2007/05/20 13:45:09 adrian Exp $ +dnl $Id: configure.in,v 1.424 2007/06/02 23:54:19 hno Exp $ dnl dnl dnl @@ -10,7 +10,7 @@ AM_CONFIG_HEADER(include/autoconf.h) AC_CONFIG_AUX_DIR(cfgaux) AM_INIT_AUTOMAKE -AC_REVISION($Revision: 1.423 $)dnl +AC_REVISION($Revision: 1.424 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -3195,6 +3195,7 @@ helpers/basic_auth/mswin_sspi/Makefile \ helpers/basic_auth/multi-domain-NTLM/Makefile \ helpers/basic_auth/SASL/Makefile \ + helpers/basic_auth/DB/Makefile \ helpers/digest_auth/Makefile \ helpers/digest_auth/password/Makefile \ helpers/digest_auth/ldap/Makefile \ Index: squid/helpers/basic_auth/Makefile.am =================================================================== RCS file: /cvsroot/squid/squid/helpers/basic_auth/Makefile.am,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- squid/helpers/basic_auth/Makefile.am 27 May 2006 08:58:28 -0000 1.6 +++ squid/helpers/basic_auth/Makefile.am 2 Jun 2007 23:54:19 -0000 1.7 @@ -1,7 +1,7 @@ # Makefile for storage modules in the Squid Object Cache server # -# $Id: Makefile.am,v 1.6 2006/05/27 08:58:28 serassio Exp $ +# $Id: Makefile.am,v 1.7 2007/06/02 23:54:19 hno Exp $ # -DIST_SUBDIRS = getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi +DIST_SUBDIRS = getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi DB SUBDIRS = @BASIC_AUTH_HELPERS@ --- /dev/null Sun Jun 3 00:03:29 2007 +++ squid/helpers/basic_auth/DB/Makefile.am Sun Jun 3 00:03:29 2007 @@ -0,0 +1,14 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id: Makefile.am,v 1.1 2007/06/02 23:54:19 hno Exp $ +# +# Uncomment and customize the following to suit your needs: +# + +libexec_SCRIPTS = \ + db_auth.pl + +EXTRA_DIST = \ + db_auth.pl \ + passwd.sql --- /dev/null Sun Jun 3 00:03:29 2007 +++ squid/helpers/basic_auth/DB/db_auth.pl Sun Jun 3 00:03:29 2007 @@ -0,0 +1,125 @@ +#!/usr/bin/perl +use strict; +use DBI; +use Getopt::Long; +use Pod::Usage; + +=pod + +=head1 NAME + +db_auth.pl - Database auth helper for Squid + +=cut + +my $dsn = "DBI:mysql:database=squid"; +my $db_user = undef; +my $db_passwd = undef; +my $db_table = "passwd"; +my $db_usercol = "user"; +my $db_passwdcol = "password"; +my $db_cond = "enabled = 1"; +my $plaintext = 0; + +=pod + +=head1 SYNOPSIS + +db_auth.pl [options] + +=head1 DESCRIPTOIN + +This program verifies username & password to a database + +=over 8 + +=item B<--dsn> + +Database DSN. Default "DBI:mysql:database=squid" + +=item B<--user> + +Database User + +=item B<--password> + +Database password + +=item B<--table> + +Database table. Default "passwd". + +=item B<--usercol> + +Username column. Default "user". + +=item B<--passwdcol> + +Password column. Default "password". + +=item B<--cond> + +Condition, defaults to enabled=1. Specify 1 or "" for no condition + +=item B<--plaintext> + +Database contains plain-text passwords + +=back + +=cut + +GetOptions( + 'dsn=s' => \$dsn, + 'user=s' => \$db_user, + 'password=s' => \$db_passwd, + 'table=s' => \$db_table, + 'usercol=s' => \$db_usercol, + 'passwdcol=s' => \$db_passwdcol, + 'cond=s' => \$db_cond, + 'plaintext' => \$plaintext, + ); + +my $dbh = DBI->connect($dsn, $db_user, $db_passwd) || die ("Could not connect to $dsn\n"); + +my ($sth) = $dbh->prepare("SELECT $db_passwdcol FROM $db_table WHERE $db_usercol = ?" . ($db_cond ne "" ? " AND $db_cond" : "")) || die; + +my $status; + +sub check_password($$) +{ + my ($password, $key) = @_; + + return 1 if crypt($password, $key) eq $key; + + return 1 if $plaintext && $password eq $key; + + return 0; +} +while (<>) { + my ($user, $password) = split; + $status = "ERR"; + $user =~ s/%(..)/pack("H*", $1)/ge; + $password =~ s/%(..)/pack("H*", $1)/ge; + + $status = "ERR internal error"; + $sth->execute($user) || next; + $status = "ERR unknown login"; + my ($row) = $sth->fetchrow_arrayref() || next; + $status = "ERR login failure"; + next if (!check_password($password, @$row[0])); + $status = "OK"; +} continue { + print $status . "\n"; +} + +=pod + +=head1 COPYRIGHT + +Copyright (C) 2007 Henrik Nordstrom +This program is free software. You may redistribute copies of it under the +terms of the GNU General Public License version 2, or (at youropinion) any +later version. + +=cut --- /dev/null Sun Jun 3 00:03:29 2007 +++ squid/helpers/basic_auth/DB/passwd.sql Sun Jun 3 00:03:29 2007 @@ -0,0 +1,8 @@ +CREATE TABLE `passwd` ( + `user` varchar(32) NOT NULL default '', + `password` varchar(35) NOT NULL default '', + `enabled` tinyint(1) NOT NULL default '1', + `fullname` varchar(60) default NULL, + `comment` varchar(60) default NULL, + PRIMARY KEY (`user`) +);