Le vendredi 28 mai 2010 01:22:57, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le jeudi 27 mai 2010 07:30:11, Amos Jeffries a écrit : > >> Luis Daniel Lucio Quiroz wrote: > >>> Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit : > >>>> Luis Daniel Lucio Quiroz wrote: > >>>>> Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : > >>>>>> Luis Daniel Lucio Quiroz wrote: > >>>>>>> Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : > >>>>>>>> Luis Daniel Lucio Quiroz wrote: > >>>>>>>>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : > >>>>>>>>>> HI all > >>>>>>>>>> > >>>>>>>>>> As a requirement of one client, he wants to use joomla user > >>>>>>>>>> database to let squid authenticate. > >>>>>>>>>> > >>>>>>>>>> I did patch squid_db_auth that Henrik has written in order to > >>>>>>>>>> support joomla hash conditions. > >>>>>>>>>> > >>>>>>>>>> I did add one usefull option to script > >>>>>>>>>> > >>>>>>>>>> --joomla > >>>>>>>>>> > >>>>>>>>>> in order to activate joomla hashing. Other options are > >>>>>>>>>> identical. Please test :) > >>>>>>>>>> > >>>>>>>>>> Ammos, I'd like if you can include this in 3.1.2 > >>>>>>>> > >>>>>>>> Mumble. > >>>>>>>> > >>>>>>>> How do other users feel about it? Useful enough to cross the > >>>>>>>> security bugs and regressions only freeze? > >>>>>>>> > >>>>>>>>>> LD > >>>>>>>>> > >>>>>>>>> I have a typo in > >>>>>>>>> my salt > >>>>>>>>> > >>>>>>>>> should be > >>>>>>>>> my $salt > >>>>>>>>> > >>>>>>>>> sorry > >>>>>>>> > >>>>>>>> Can you make the option --md5 instead please? > >>>>>>>> > >>>>>>>> Possibilities are not limited to Joomla and they may change > >>>>>>>> someday. > >>>>>>>> > >>>>>>>> The option needs to be added to the documentation sections of the > >>>>>>>> helper as well. > >>>>>>>> > >>>>>>>> Amos > >>>>>>> > >>>>>>> I dont get you about "cross the security", > >>>>>> > >>>>>> 3.1 is under feature freeze. Anything not a security fix or > >>>>>> regression needs to have some good reasons to be committed. > >>>>>> > >>>>>> I'm trying to stick to the freeze a little more with 3.1 than with > >>>>>> 3.0, to get back into the habit of it. Particularly since we look > >>>>>> like having a good foothold on the track for 12-month releases now. > >>>>>> > >>>>>>> what i did is that --joomla flag do diferent sql request and > >>>>>>> because joomla hass is like this: > >>>>>>> hash:salt > >>>>>>> i did split and compare. by default joomla uses md5 (i'm not a > >>>>>>> joomla master, i dont know when joomla uses other hashings) > >>>>>> > >>>>>> I intend to use this auth helper myself for other systems, and there > >>>>>> are others who ask about a DB helper occasionally. > >>>>>> > >>>>>> > >>>>>> Taking a better look at your changes ... > >>>>>> > >>>>>> The first one: db_conf = "block = 0" seems to be useless. All it > >>>>>> does is hard-code a different default value for the --cond option. > >>>>>> > >>>>>> For Joomla the squid.conf should instead contain: > >>>>>> --cond " block=0 " > >>>>>> > >>>>>> Which leaves the salted/non-salted hash change. > >>>>>> > >>>>>> Adding this: > >>>>>> --salt-delimiter D > >>>>>> > >>>>>> To configure character(s) between the hash and salt values. Will > >>>>>> not to lock people into the specific Joomla syntax of colon. There > >>>>>> are examples and tutorials out there for app design that use other > >>>>>> delimiters. > >>>>>> > >>>>>> Doing both of those changes Joomla would be configured with: > >>>>>> ... --cond " block=0 " --salt-delimiter ":" > >>>>>>> > >>>>>>> if you want, latter i may add also --md5 to store md5 password, and > >>>>>>> --digest- auth to support diggest authentication :) but later > >>>>>>> jejeje > >>>>>> > >>>>>> Amos > >>>>> > >>>>> HI > >>>>> i've just update my patch to fit 3.1.2 > >>>>> > >>>>> > >>>>> I hope this could be included since it is based on todays snapshot. > >>>>> > >>>>> Regards, > >>>>> > >>>>> LD > >>>> > >>>> Thank you. > >>>> > >>>> You still have the --joomla flag. I thought you agreed to call it > >>>> something like the --salt and take the delim character ? > >>>> > >>>> Amos > >>> > >>> Amos + team, > >>> > >>> i was adding salt support and i realize of this line > >>> > >>> return 1 if crypt($password, $key) eq $key; > >>> > >>> as far as i know this is impossible, because crypt using a salt wont > >>> be eq to that key, > >>> because there are many scenarios i did let this line in my patch and > >>> add another to use static salt > >>> > >>> I also add a --sql option to let user specify complex querys. As i was > >>> needint it to work with an INNER JOIN. > >>> > >>> I hope you can review it. > >>> > >>> LD > >> > >> I have not found the need for --sql in my experience with complex > >> queries to this helper. The each of the options --usercol , --passcol, > >> --table and --cond can take whole snippets of SQL double-quoted. > >> > >> The rest of the patch is accepted. Will be in Squid-3.1.4. > >> > >> If anyone is interested in further improvements to this helper; > >> > >> Loading the parameters from a secure file instead of having the SQL > >> > >> snippets and DSN login visible on the command line would be useful. > >> > >> Amos > > > > OK, no problem > > > > i was realizing because complex select are more than JOINS, such as > > UNIONS or SELECTS inside SELECTS but not problem. Can you post then how > > will be so i can patch rpms :) > > > > LD > > 3.1.4 is due out this Sunday. > > Oh, Henrik had a question about why "use strict" was removed? > > Amos strict was removed because at least in mandriva perl, it was complaining about that some variables didnt exists i did review all by hand to get rid of spelling mistakes, i know is a good practice to use strict but in this case it was causing perl to show warn messages and as a consecuense helper was failling LD
