Search squid archive

Re: Re: Joomla DB authentication support hits Squid! :)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Luis Daniel Lucio Quiroz wrote:
Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit :
Luis Daniel Lucio Quiroz wrote:
Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit :
Luis Daniel Lucio Quiroz wrote:
Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit :
Luis Daniel Lucio Quiroz wrote:
Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit :
HI all

As a requirement of one client, he wants to use joomla user database
to let squid authenticate.

I did patch squid_db_auth that Henrik has written in order to
support joomla hash conditions.

I did add one usefull option to script

--joomla

in order to activate joomla hashing.  Other options are identical.
Please test :)

Ammos, I'd like if you can include this in 3.1.2
Mumble.

How do other users feel about it? Useful enough to cross the security
bugs and regressions only freeze?

LD
I have a typo in
my salt

should be
my $salt

sorry
Can you make the option --md5 instead please?

  Possibilities are not limited to Joomla and they may change someday.

The option needs to be added to the documentation sections of the
helper as well.

Amos
I dont get you about "cross the security",
3.1 is under feature freeze. Anything not a security fix or regression
needs to have some good reasons to be committed.

I'm trying to stick to the freeze a little more with 3.1 than with 3.0,
to get back into the habit of it. Particularly since we look like having
a good foothold on the track for 12-month releases now.

what i did is that --joomla flag do diferent sql request and because
joomla hass is like this:
hash:salt
i did split and compare.  by default joomla uses md5 (i'm not a joomla
master, i dont know when joomla uses other hashings)
I intend to use this auth helper myself for other systems, and there are
others who ask about a DB helper occasionally.


Taking a better look at your changes ...

The first one: db_conf = "block = 0"  seems to be useless. All it does
is hard-code a different default value for the --cond option.

   For Joomla the squid.conf should instead contain:
      --cond " block=0 "

Which leaves the salted/non-salted hash change.

Adding this:
   --salt-delimiter D

To configure character(s) between the hash and salt values.  Will not to
lock people into the specific Joomla syntax of colon.  There are
examples and tutorials out there for app design that use other
delimiters.

Doing both of those changes Joomla would be configured with:
   ... --cond " block=0 "  --salt-delimiter ":"
if you want, latter i may add also --md5 to store md5 password, and
--digest- auth to support diggest authentication :) but later jejeje
Amos
HI
i've just update my patch to fit 3.1.2


I hope this could be included since it is based on todays snapshot.

Regards,

LD
Thank you.

You still have the --joomla flag. I thought you agreed to call it
something like the --salt and take the delim character ?

Amos

Amos + team,

i was adding salt support and i realize of this line
 return 1 if crypt($password, $key) eq $key;

as far as i know this is impossible, because crypt using a salt wont be eq to that key, because there are many scenarios i did let this line in my patch and add another to use static salt

I also add a --sql option to let user specify complex querys. As i was needint it to work with an INNER JOIN.

I hope you can review it.

LD


I have not found the need for --sql in my experience with complex queries to this helper. The each of the options --usercol , --passcol, --table and --cond can take whole snippets of SQL double-quoted.

The rest of the patch is accepted. Will be in Squid-3.1.4.

If anyone is interested in further improvements to this helper;
Loading the parameters from a secure file instead of having the SQL snippets and DSN login visible on the command line would be useful.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.3


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux