Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 28 May 2010 18:22:57 +1200

Luis Daniel Lucio Quiroz wrote:
> Le jeudi 27 mai 2010 07:30:11, Amos Jeffries a �crit :
>> Luis Daniel Lucio Quiroz wrote:
>>> Le samedi 1 mai 2010 20:57:22, Amos Jeffries a �crit :
>>>> Luis Daniel Lucio Quiroz wrote:
>>>>> Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a �crit :
>>>>>> Luis Daniel Lucio Quiroz wrote:
>>>>>>> Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a �crit :
>>>>>>>> Luis Daniel Lucio Quiroz wrote:
>>>>>>>>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a �crit :
>>>>>>>>>> HI all
>>>>>>>>>>
>>>>>>>>>> As a requirement of one client, he wants to use joomla user
>>>>>>>>>> database to let squid authenticate.
>>>>>>>>>>
>>>>>>>>>> I did patch squid_db_auth that Henrik has written in order to
>>>>>>>>>> support joomla hash conditions.
>>>>>>>>>>
>>>>>>>>>> I did add one usefull option to script
>>>>>>>>>>
>>>>>>>>>> --joomla
>>>>>>>>>>
>>>>>>>>>> in order to activate joomla hashing. Other options are identical.
>>>>>>>>>> Please test :)
>>>>>>>>>>
>>>>>>>>>> Ammos, I'd like if you can include this in 3.1.2
>>>>>>>> Mumble.
>>>>>>>>
>>>>>>>> How do other users feel about it? Useful enough to cross the
>>>>>>>> security bugs and regressions only freeze?
>>>>>>>>
>>>>>>>>>> LD
>>>>>>>>> I have a typo in
>>>>>>>>> my salt
>>>>>>>>>
>>>>>>>>> should be
>>>>>>>>> my $salt
>>>>>>>>>
>>>>>>>>> sorry
>>>>>>>> Can you make the option --md5 instead please?
>>>>>>>>
>>>>>>>> Possibilities are not limited to Joomla and they may change
>>>>>>>> someday.
>>>>>>>>
>>>>>>>> The option needs to be added to the documentation sections of the
>>>>>>>> helper as well.
>>>>>>>>
>>>>>>>> Amos
>>>>>>> I dont get you about "cross the security",
>>>>>> 3.1 is under feature freeze. Anything not a security fix or regression
>>>>>> needs to have some good reasons to be committed.
>>>>>>
>>>>>> I'm trying to stick to the freeze a little more with 3.1 than with
>>>>>> 3.0, to get back into the habit of it. Particularly since we look
>>>>>> like having a good foothold on the track for 12-month releases now.
>>>>>>
>>>>>>> what i did is that --joomla flag do diferent sql request and because
>>>>>>> joomla hass is like this:
>>>>>>> hash:salt
>>>>>>> i did split and compare. by default joomla uses md5 (i'm not a
>>>>>>> joomla master, i dont know when joomla uses other hashings)
>>>>>> I intend to use this auth helper myself for other systems, and there
>>>>>> are others who ask about a DB helper occasionally.
>>>>>>
>>>>>>
>>>>>> Taking a better look at your changes ...
>>>>>>
>>>>>> The first one: db_conf = "block = 0" seems to be useless. All it does
>>>>>> is hard-code a different default value for the --cond option.
>>>>>>
>>>>>> For Joomla the squid.conf should instead contain:
>>>>>> --cond " block=0 "
>>>>>>
>>>>>> Which leaves the salted/non-salted hash change.
>>>>>>
>>>>>> Adding this:
>>>>>> --salt-delimiter D
>>>>>>
>>>>>> To configure character(s) between the hash and salt values. Will not
>>>>>> to lock people into the specific Joomla syntax of colon. There are
>>>>>> examples and tutorials out there for app design that use other
>>>>>> delimiters.
>>>>>>
>>>>>> Doing both of those changes Joomla would be configured with:
>>>>>> ... --cond " block=0 " --salt-delimiter ":"
>>>>>>> if you want, latter i may add also --md5 to store md5 password, and
>>>>>>> --digest- auth to support diggest authentication :) but later jejeje
>>>>>> Amos
>>>>> HI
>>>>> i've just update my patch to fit 3.1.2
>>>>>
>>>>>
>>>>> I hope this could be included since it is based on todays snapshot.
>>>>>
>>>>> Regards,
>>>>>
>>>>> LD
>>>> Thank you.
>>>>
>>>> You still have the --joomla flag. I thought you agreed to call it
>>>> something like the --salt and take the delim character ?
>>>>
>>>> Amos
>>> Amos + team,
>>>
>>> i was adding salt support and i realize of this line
>>>
>>> return 1 if crypt($password, $key) eq $key;
>>>
>>> as far as i know this is impossible, because crypt using a salt wont
>>> be eq to that key,
>>> because there are many scenarios i did let this line in my patch and add
>>> another to use static salt
>>>
>>> I also add a --sql option to let user specify complex querys. As i was
>>> needint it to work with an INNER JOIN.
>>>
>>> I hope you can review it.
>>>
>>> LD
>> I have not found the need for --sql in my experience with complex
>> queries to this helper. The each of the options --usercol , --passcol,
>> --table and --cond can take whole snippets of SQL double-quoted.
>>
>> The rest of the patch is accepted. Will be in Squid-3.1.4.
>>
>> If anyone is interested in further improvements to this helper;
>> Loading the parameters from a secure file instead of having the SQL
>> snippets and DSN login visible on the command line would be useful.
>>
>> Amos
>
> OK, no problem
>
> i was realizing because complex select are more than JOINS, such as UNIONS or
> SELECTS inside SELECTS but not problem. Can you post then how will be so i
> can patch rpms :)
>
> LD

3.1.4 is due out this Sunday.

Oh, Henrik had a question about why "use strict" was removed?

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.3
Received on Fri May 28 2010 - 06:23:13 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 12:00:08 MDT