Le jeudi 27 mai 2010 07:30:11, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit : > >> Luis Daniel Lucio Quiroz wrote: > >>> Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : > >>>> Luis Daniel Lucio Quiroz wrote: > >>>>> Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : > >>>>>> Luis Daniel Lucio Quiroz wrote: > >>>>>>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : > >>>>>>>> HI all > >>>>>>>> > >>>>>>>> As a requirement of one client, he wants to use joomla user > >>>>>>>> database to let squid authenticate. > >>>>>>>> > >>>>>>>> I did patch squid_db_auth that Henrik has written in order to > >>>>>>>> support joomla hash conditions. > >>>>>>>> > >>>>>>>> I did add one usefull option to script > >>>>>>>> > >>>>>>>> --joomla > >>>>>>>> > >>>>>>>> in order to activate joomla hashing. Other options are identical. > >>>>>>>> Please test :) > >>>>>>>> > >>>>>>>> Ammos, I'd like if you can include this in 3.1.2 > >>>>>> > >>>>>> Mumble. > >>>>>> > >>>>>> How do other users feel about it? Useful enough to cross the > >>>>>> security bugs and regressions only freeze? > >>>>>> > >>>>>>>> LD > >>>>>>> > >>>>>>> I have a typo in > >>>>>>> my salt > >>>>>>> > >>>>>>> should be > >>>>>>> my $salt > >>>>>>> > >>>>>>> sorry > >>>>>> > >>>>>> Can you make the option --md5 instead please? > >>>>>> > >>>>>> Possibilities are not limited to Joomla and they may change > >>>>>> someday. > >>>>>> > >>>>>> The option needs to be added to the documentation sections of the > >>>>>> helper as well. > >>>>>> > >>>>>> Amos > >>>>> > >>>>> I dont get you about "cross the security", > >>>> > >>>> 3.1 is under feature freeze. Anything not a security fix or regression > >>>> needs to have some good reasons to be committed. > >>>> > >>>> I'm trying to stick to the freeze a little more with 3.1 than with > >>>> 3.0, to get back into the habit of it. Particularly since we look > >>>> like having a good foothold on the track for 12-month releases now. > >>>> > >>>>> what i did is that --joomla flag do diferent sql request and because > >>>>> joomla hass is like this: > >>>>> hash:salt > >>>>> i did split and compare. by default joomla uses md5 (i'm not a > >>>>> joomla master, i dont know when joomla uses other hashings) > >>>> > >>>> I intend to use this auth helper myself for other systems, and there > >>>> are others who ask about a DB helper occasionally. > >>>> > >>>> > >>>> Taking a better look at your changes ... > >>>> > >>>> The first one: db_conf = "block = 0" seems to be useless. All it does > >>>> is hard-code a different default value for the --cond option. > >>>> > >>>> For Joomla the squid.conf should instead contain: > >>>> --cond " block=0 " > >>>> > >>>> Which leaves the salted/non-salted hash change. > >>>> > >>>> Adding this: > >>>> --salt-delimiter D > >>>> > >>>> To configure character(s) between the hash and salt values. Will not > >>>> to lock people into the specific Joomla syntax of colon. There are > >>>> examples and tutorials out there for app design that use other > >>>> delimiters. > >>>> > >>>> Doing both of those changes Joomla would be configured with: > >>>> ... --cond " block=0 " --salt-delimiter ":" > >>>>> > >>>>> if you want, latter i may add also --md5 to store md5 password, and > >>>>> --digest- auth to support diggest authentication :) but later jejeje > >>>> > >>>> Amos > >>> > >>> HI > >>> i've just update my patch to fit 3.1.2 > >>> > >>> > >>> I hope this could be included since it is based on todays snapshot. > >>> > >>> Regards, > >>> > >>> LD > >> > >> Thank you. > >> > >> You still have the --joomla flag. I thought you agreed to call it > >> something like the --salt and take the delim character ? > >> > >> Amos > > > > Amos + team, > > > > i was adding salt support and i realize of this line > > > > return 1 if crypt($password, $key) eq $key; > > > > as far as i know this is impossible, because crypt using a salt wont > > be eq to that key, > > because there are many scenarios i did let this line in my patch and add > > another to use static salt > > > > I also add a --sql option to let user specify complex querys. As i was > > needint it to work with an INNER JOIN. > > > > I hope you can review it. > > > > LD > > I have not found the need for --sql in my experience with complex > queries to this helper. The each of the options --usercol , --passcol, > --table and --cond can take whole snippets of SQL double-quoted. > > The rest of the patch is accepted. Will be in Squid-3.1.4. > > If anyone is interested in further improvements to this helper; > Loading the parameters from a secure file instead of having the SQL > snippets and DSN login visible on the command line would be useful. > > Amos OK, no problem i was realizing because complex select are more than JOINS, such as UNIONS or SELECTS inside SELECTS but not problem. Can you post then how will be so i can patch rpms :) LD
