Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)

From: Luis Daniel Lucio Quiroz <luis.daniel.lucio_at_gmail.com>
Date: Tue, 1 Jun 2010 00:23:22 -0500

Le vendredi 28 mai 2010 01:22:57, Amos Jeffries a �crit :
> Luis Daniel Lucio Quiroz wrote:
> > Le jeudi 27 mai 2010 07:30:11, Amos Jeffries a �crit :
> >> Luis Daniel Lucio Quiroz wrote:
> >>> Le samedi 1 mai 2010 20:57:22, Amos Jeffries a �crit :
> >>>> Luis Daniel Lucio Quiroz wrote:
> >>>>> Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a �crit :
> >>>>>> Luis Daniel Lucio Quiroz wrote:
> >>>>>>> Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a �crit :
> >>>>>>>> Luis Daniel Lucio Quiroz wrote:
> >>>>>>>>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a �crit
:
> >>>>>>>>>> HI all
> >>>>>>>>>>
> >>>>>>>>>> As a requirement of one client, he wants to use joomla user
> >>>>>>>>>> database to let squid authenticate.
> >>>>>>>>>>
> >>>>>>>>>> I did patch squid_db_auth that Henrik has written in order to
> >>>>>>>>>> support joomla hash conditions.
> >>>>>>>>>>
> >>>>>>>>>> I did add one usefull option to script
> >>>>>>>>>>
> >>>>>>>>>> --joomla
> >>>>>>>>>>
> >>>>>>>>>> in order to activate joomla hashing. Other options are
> >>>>>>>>>> identical. Please test :)
> >>>>>>>>>>
> >>>>>>>>>> Ammos, I'd like if you can include this in 3.1.2
> >>>>>>>>
> >>>>>>>> Mumble.
> >>>>>>>>
> >>>>>>>> How do other users feel about it? Useful enough to cross the
> >>>>>>>> security bugs and regressions only freeze?
> >>>>>>>>
> >>>>>>>>>> LD
> >>>>>>>>>
> >>>>>>>>> I have a typo in
> >>>>>>>>> my salt
> >>>>>>>>>
> >>>>>>>>> should be
> >>>>>>>>> my $salt
> >>>>>>>>>
> >>>>>>>>> sorry
> >>>>>>>>
> >>>>>>>> Can you make the option --md5 instead please?
> >>>>>>>>
> >>>>>>>> Possibilities are not limited to Joomla and they may change
> >>>>>>>> someday.
> >>>>>>>>
> >>>>>>>> The option needs to be added to the documentation sections of the
> >>>>>>>> helper as well.
> >>>>>>>>
> >>>>>>>> Amos
> >>>>>>>
> >>>>>>> I dont get you about "cross the security",
> >>>>>>
> >>>>>> 3.1 is under feature freeze. Anything not a security fix or
> >>>>>> regression needs to have some good reasons to be committed.
> >>>>>>
> >>>>>> I'm trying to stick to the freeze a little more with 3.1 than with
> >>>>>> 3.0, to get back into the habit of it. Particularly since we look
> >>>>>> like having a good foothold on the track for 12-month releases now.
> >>>>>>
> >>>>>>> what i did is that --joomla flag do diferent sql request and
> >>>>>>> because joomla hass is like this:
> >>>>>>> hash:salt
> >>>>>>> i did split and compare. by default joomla uses md5 (i'm not a
> >>>>>>> joomla master, i dont know when joomla uses other hashings)
> >>>>>>
> >>>>>> I intend to use this auth helper myself for other systems, and there
> >>>>>> are others who ask about a DB helper occasionally.
> >>>>>>
> >>>>>>
> >>>>>> Taking a better look at your changes ...
> >>>>>>
> >>>>>> The first one: db_conf = "block = 0" seems to be useless. All it
> >>>>>> does is hard-code a different default value for the --cond option.
> >>>>>>
> >>>>>> For Joomla the squid.conf should instead contain:
> >>>>>> --cond " block=0 "
> >>>>>>
> >>>>>> Which leaves the salted/non-salted hash change.
> >>>>>>
> >>>>>> Adding this:
> >>>>>> --salt-delimiter D
> >>>>>>
> >>>>>> To configure character(s) between the hash and salt values. Will
> >>>>>> not to lock people into the specific Joomla syntax of colon. There
> >>>>>> are examples and tutorials out there for app design that use other
> >>>>>> delimiters.
> >>>>>>
> >>>>>> Doing both of those changes Joomla would be configured with:
> >>>>>> ... --cond " block=0 " --salt-delimiter ":"
> >>>>>>>
> >>>>>>> if you want, latter i may add also --md5 to store md5 password, and
> >>>>>>> --digest- auth to support diggest authentication :) but later
> >>>>>>> jejeje
> >>>>>>
> >>>>>> Amos
> >>>>>
> >>>>> HI
> >>>>> i've just update my patch to fit 3.1.2
> >>>>>
> >>>>>
> >>>>> I hope this could be included since it is based on todays snapshot.
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> LD
> >>>>
> >>>> Thank you.
> >>>>
> >>>> You still have the --joomla flag. I thought you agreed to call it
> >>>> something like the --salt and take the delim character ?
> >>>>
> >>>> Amos
> >>>
> >>> Amos + team,
> >>>
> >>> i was adding salt support and i realize of this line
> >>>
> >>> return 1 if crypt($password, $key) eq $key;
> >>>
> >>> as far as i know this is impossible, because crypt using a salt wont
> >>> be eq to that key,
> >>> because there are many scenarios i did let this line in my patch and
> >>> add another to use static salt
> >>>
> >>> I also add a --sql option to let user specify complex querys. As i was
> >>> needint it to work with an INNER JOIN.
> >>>
> >>> I hope you can review it.
> >>>
> >>> LD
> >>
> >> I have not found the need for --sql in my experience with complex
> >> queries to this helper. The each of the options --usercol , --passcol,
> >> --table and --cond can take whole snippets of SQL double-quoted.
> >>
> >> The rest of the patch is accepted. Will be in Squid-3.1.4.
> >>
> >> If anyone is interested in further improvements to this helper;
> >>
> >> Loading the parameters from a secure file instead of having the SQL
> >>
> >> snippets and DSN login visible on the command line would be useful.
> >>
> >> Amos
> >
> > OK, no problem
> >
> > i was realizing because complex select are more than JOINS, such as
> > UNIONS or SELECTS inside SELECTS but not problem. Can you post then how
> > will be so i can patch rpms :)
> >
> > LD
>
> 3.1.4 is due out this Sunday.
>
> Oh, Henrik had a question about why "use strict" was removed?
>
> Amos

strict was removed because at least in mandriva perl, it was complaining about
that some variables didnt exists

i did review all by hand to get rid of spelling mistakes, i know is a good
practice to use strict but in this case it was causing perl to show warn
messages and as a consecuense helper was failling

LD
Received on Tue Jun 01 2010 - 05:22:32 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 12:00:08 MDT