Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : > >> Luis Daniel Lucio Quiroz wrote: > >>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : > >>>> HI all > >>>> > >>>> As a requirement of one client, he wants to use joomla user database > >>>> to let squid authenticate. > >>>> > >>>> I did patch squid_db_auth that Henrik has written in order to support > >>>> joomla hash conditions. > >>>> > >>>> I did add one usefull option to script > >>>> > >>>> --joomla > >>>> > >>>> in order to activate joomla hashing. Other options are identical. > >>>> Please test :) > >>>> > >>>> Ammos, I'd like if you can include this in 3.1.2 > >> > >> Mumble. > >> > >> How do other users feel about it? Useful enough to cross the security > >> bugs and regressions only freeze? > >> > >>>> LD > >>> > >>> I have a typo in > >>> my salt > >>> > >>> should be > >>> my $salt > >>> > >>> sorry > >> > >> Can you make the option --md5 instead please? > >> > >> Possibilities are not limited to Joomla and they may change someday. > >> > >> The option needs to be added to the documentation sections of the helper > >> as well. > >> > >> Amos > > > > I dont get you about "cross the security", > > 3.1 is under feature freeze. Anything not a security fix or regression > needs to have some good reasons to be committed. > > I'm trying to stick to the freeze a little more with 3.1 than with 3.0, > to get back into the habit of it. Particularly since we look like having > a good foothold on the track for 12-month releases now. > > > what i did is that --joomla flag do diferent sql request and because > > joomla hass is like this: > > hash:salt > > i did split and compare. by default joomla uses md5 (i'm not a joomla > > master, i dont know when joomla uses other hashings) > > I intend to use this auth helper myself for other systems, and there are > others who ask about a DB helper occasionally. > > > Taking a better look at your changes ... > > The first one: db_conf = "block = 0" seems to be useless. All it does > is hard-code a different default value for the --cond option. > > For Joomla the squid.conf should instead contain: > --cond " block=0 " > > > Which leaves the salted/non-salted hash change. > Adding this: > > --salt-delimiter D > > To configure character(s) between the hash and salt values. Will not to > lock people into the specific Joomla syntax of colon. There are > examples and tutorials out there for app design that use other delimiters. > > Doing both of those changes Joomla would be configured with: > > ... --cond " block=0 " --salt-delimiter ":" > > > if you want, latter i may add also --md5 to store md5 password, and > > --digest- auth to support diggest authentication :) but later jejeje > > Amos a little hack becuase perl was warning about first disconnect in perl dbh :S
--- helpers/basic_auth/DB/squid_db_auth.in 2010-03-29 12:02:56.000000000 +0200 +++ helpers/basic_auth/DB/squid_db_auth.in.dlucio 2010-04-25 09:57:42.000000000 +0200 @@ -1,8 +1,9 @@ #!@PERL@ -use strict; +#use strict; use DBI; use Getopt::Long; use Pod::Usage; +use Digest::MD5 qw(md5 md5_hex md5_base64); $|=1; =pod @@ -22,6 +23,8 @@ my $db_cond = "enabled = 1"; my $plaintext = 0; my $persist = 0; +my $isjoomla = 0; +my $debug = 0; =pod @@ -62,6 +65,7 @@ =item B<--cond> Condition, defaults to enabled=1. Specify 1 or "" for no condition +If you use --joomla flag, this condition will be changed to block=0 =item B<--plaintext> @@ -71,6 +75,10 @@ Keep a persistent database connection open between queries. +=item B<--joomla> + +Tell helper that user database is joomla db. So salt hasing is understood. + =back =cut @@ -85,13 +93,17 @@ 'cond=s' => \$db_cond, 'plaintext' => \$plaintext, 'persist' => \$persist, + 'joomla' => \$isjoomla, + 'debug' => \$debug, ); -my ($_dbh, $_sth); +$db_cond = "block = 0" if $isjoomla; + sub close_db() { return if !defined($_dbh); + $_sth->finish(); $_dbh->disconnect(); undef $_dbh; undef $_sth; @@ -113,10 +125,17 @@ { my ($password, $key) = @_; - return 1 if crypt($password, $key) eq $key; + if ($isjoomla){ + my $salt; + my $key2; + ($key2,$salt) = split (/:/, $key); + return 1 if md5_hex($password.$salt).':'.$salt eq $key; + } + else{ + return 1 if crypt($password, $key) eq $key; - return 1 if $plaintext && $password eq $key; - + return 1 if $plaintext && $password eq $key; + } return 0; } @@ -155,8 +174,9 @@ =head1 COPYRIGHT Copyright (C) 2007 Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> +Copyright (C) 2010 Luis Daniel Lucio Quiroz <dlucio@xxxxxxxxxxx> (Joomla support) + This program is free software. You may redistribute copies of it under the terms of the GNU General Public License version 2, or (at youropinion) any later version. - =cut