Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit :
> Luis Daniel Lucio Quiroz wrote:
> > Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit :
> >> Luis Daniel Lucio Quiroz wrote:
> >>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit :
> >>>> HI all
> >>>>
> >>>> As a requirement of one client, he wants to use joomla user database
> >>>> to let squid authenticate.
> >>>>
> >>>> I did patch squid_db_auth that Henrik has written in order to support
> >>>> joomla hash conditions.
> >>>>
> >>>> I did add one usefull option to script
> >>>>
> >>>> --joomla
> >>>>
> >>>> in order to activate joomla hashing. Other options are identical.
> >>>> Please test :)
> >>>>
> >>>> Ammos, I'd like if you can include this in 3.1.2
> >>
> >> Mumble.
> >>
> >> How do other users feel about it? Useful enough to cross the security
> >> bugs and regressions only freeze?
> >>
> >>>> LD
> >>>
> >>> I have a typo in
> >>> my salt
> >>>
> >>> should be
> >>> my $salt
> >>>
> >>> sorry
> >>
> >> Can you make the option --md5 instead please?
> >>
> >> Possibilities are not limited to Joomla and they may change someday.
> >>
> >> The option needs to be added to the documentation sections of the helper
> >> as well.
> >>
> >> Amos
> >
> > I dont get you about "cross the security",
>
> 3.1 is under feature freeze. Anything not a security fix or regression
> needs to have some good reasons to be committed.
>
> I'm trying to stick to the freeze a little more with 3.1 than with 3.0,
> to get back into the habit of it. Particularly since we look like having
> a good foothold on the track for 12-month releases now.
>
> > what i did is that --joomla flag do diferent sql request and because
> > joomla hass is like this:
> > hash:salt
> > i did split and compare. by default joomla uses md5 (i'm not a joomla
> > master, i dont know when joomla uses other hashings)
>
> I intend to use this auth helper myself for other systems, and there are
> others who ask about a DB helper occasionally.
>
>
> Taking a better look at your changes ...
>
> The first one: db_conf = "block = 0" seems to be useless. All it does
> is hard-code a different default value for the --cond option.
>
> For Joomla the squid.conf should instead contain:
> --cond " block=0 "
>
>
> Which leaves the salted/non-salted hash change.
> Adding this:
>
> --salt-delimiter D
>
> To configure character(s) between the hash and salt values. Will not to
> lock people into the specific Joomla syntax of colon. There are
> examples and tutorials out there for app design that use other delimiters.
>
> Doing both of those changes Joomla would be configured with:
>
> ... --cond " block=0 " --salt-delimiter ":"
>
> > if you want, latter i may add also --md5 to store md5 password, and
> > --digest- auth to support diggest authentication :) but later jejeje
>
> Amos
HI
i've just update my patch to fit 3.1.2
I hope this could be included since it is based on todays snapshot.
Regards,
LD
--- helpers/basic_auth/DB/squid_db_auth.in 2010-05-01 13:39:52.000000000 +0200
+++ helpers/basic_auth/DB/squid_db_auth.in.dlucio 2010-05-01 17:10:02.000000000 +0200
@@ -1,8 +1,9 @@
#...@perl@
-use strict;
+#use strict;
use DBI;
use Getopt::Long;
use Pod::Usage;
+use Digest::MD5 qw(md5 md5_hex md5_base64);
$|=1;
=pod
@@ -22,6 +23,8 @@
my $db_cond = "enabled = 1";
my $plaintext = 0;
my $persist = 0;
+my $isjoomla = 0;
+my $debug = 0;
=pod
@@ -62,6 +65,7 @@
=item B<--cond>
Condition, defaults to enabled=1. Specify 1 or "" for no condition
+If you use --joomla flag, this condition will be changed to block=0
=item B<--plaintext>
@@ -71,6 +75,10 @@
Keep a persistent database connection open between queries.
+=item B<--joomla>
+
+Tell helper that user database is joomla db. So salt hasing is understood.
+
=back
=cut
@@ -85,9 +93,12 @@
'cond=s' => \$db_cond,
'plaintext' => \$plaintext,
'persist' => \$persist,
+ 'joomla' => \$isjoomla,
+ 'debug' => \$debug,
);
my ($_dbh, $_sth);
+$db_cond = "block = 0" if $isjoomla;
sub close_db()
{
@@ -113,9 +124,17 @@
{
my ($password, $key) = @_;
- return 1 if crypt($password, $key) eq $key;
-
- return 1 if $plaintext && $password eq $key;
+ if ($isjoomla){
+ my $salt;
+ my $key2;
+ ($key2,$salt) = split (/:/, $key);
+ return 1 if md5_hex($password.$salt).':'.$salt eq $key;
+ }
+ else{
+ return 1 if crypt($password, $key) eq $key;
+
+ return 1 if $plaintext && $password eq $key;
+ }
return 0;
}
@@ -155,6 +174,7 @@
=head1 COPYRIGHT
Copyright (C) 2007 Henrik Nordstrom <[email protected]>
+Copyright (C) 2010 Luis Daniel Lucio Quiroz <[email protected]> (Joomla support)
This program is free software. You may redistribute copies of it under the
terms of the GNU General Public License version 2, or (at youropinion) any
later version.
