[PATCH] (fix digest) + store HHA1 digest hash rather than password

Sean Burford Tue, 04 Feb 2003 23:32:03 -0800

Hi,

The patch I mentioned in my previous message is attached.


I have also attached a patch I made to implement HHA1 password storage
for digest authentication.  The old behaviour is to require plain text
passwords for digest users.  With the HHA1 patch, the HHA1 hash can be
stored in place of the plain text password.  Password file format is:

userone:password
usertwo:{HHA1}ac9e06235a3f403fe5aa6098a39a671f

I'll send a HHA1 hash generator later.  For now, look in cache.log for
the string "digest_pw_auth:" followed by the username and hash after
applying the patch and logging in using the plain text password.

-- 
Sean

diff -rc squid-2.5.STABLE1/src/auth/digest/auth_digest.c squid-2.5.STABLE1.modded/src/auth/digest/auth_digest.c
*** squid-2.5.STABLE1/src/auth/digest/auth_digest.c	Mon Jul 15 09:24:33 2002
--- squid-2.5.STABLE1.modded/src/auth/digest/auth_digest.c	Wed Feb  5 16:00:25 2003
***************
*** 663,671 ****
      digest_user = auth_user->scheme_data;
  
      /* if the check has corrupted the user, just return */
!     if (digest_user->flags.credentials_ok == 3) {
! 	return;
!     }
      assert(auth_user_request->scheme_data != NULL);
      digest_request = auth_user_request->scheme_data;
  
--- 663,671 ----
      digest_user = auth_user->scheme_data;
  
      /* if the check has corrupted the user, just return */
!     //if (digest_user->flags.credentials_ok == 3) {
! 	//return;
!     //}
      assert(auth_user_request->scheme_data != NULL);
      digest_request = auth_user_request->scheme_data;
  
***************
*** 1309,1314 ****
--- 1309,1315 ----
      } else {
  	debug(29, 9) ("authDigestDecodeAuth: Found user '%s' in the user cache as '%p'\n", username, auth_user);
  	digest_user = auth_user->scheme_data;
+ 	digest_user->flags.credentials_ok = 3;
  	xfree(username);
      }
      /*link the request and the user */

diff -rc squid-2.5.STABLE1/helpers/digest_auth/password/digest_pw_auth.c squid-2.5.STABLE1.modded/helpers/digest_auth/password/digest_pw_auth.c
*** squid-2.5.STABLE1/helpers/digest_auth/password/digest_pw_auth.c	Thu Feb  1 08:46:42 2001
--- squid-2.5.STABLE1.modded/helpers/digest_auth/password/digest_pw_auth.c	Wed Feb  5 15:43:56 2003
***************
*** 150,157 ****
  	if (u == NULL) {
  	    printf("ERR\n");
  	} else {
! 	    DigestCalcHA1("md5", user, realm, u->passwd, NULL, NULL, HA1, HHA1);
! 	    printf("%s\n", HHA1);
  	}
      }
      exit(0);
--- 150,165 ----
  	if (u == NULL) {
  	    printf("ERR\n");
  	} else {
!             if(strncmp("{HHA1}", u->passwd, 6))
!             {
!                     DigestCalcHA1("md5", user, realm, u->passwd, NULL, NULL, HA1, HHA1);
!                     printf("%s\n", HHA1);
!                     fprintf(stderr, "digest_pw_auth: %s:{HHA1}%s\n", user, HHA1);
!             }
!             else
!             {
!                     printf("%s\n", &u->passwd[6]);
!             }
  	}
      }
      exit(0);

[PATCH] (fix digest) + store HHA1 digest hash rather than password

Reply via email to