File 10841.patch of Package squid-beta

---------------------
PatchSet 10841 
Date: 2007/06/02 23:46:00
Author: hno
Branch: HEAD
Tag: (none) 
Log:
Database auth helper using Perl DBI

Members: 
	configure.in:1.455->1.456 
	helpers/basic_auth/Makefile.am:1.7->1.8 
	helpers/basic_auth/DB/Makefile.am:INITIAL->1.1 
	helpers/basic_auth/DB/db_auth.pl:INITIAL->1.1 
	helpers/basic_auth/DB/passwd.sql:INITIAL->1.1 

Index: squid3/configure.in
===================================================================
RCS file: /cvsroot/squid/squid3/configure.in,v
retrieving revision 1.455
retrieving revision 1.456
diff -u -r1.455 -r1.456
--- squid3/configure.in	20 May 2007 04:22:43 -0000	1.455
+++ squid3/configure.in	2 Jun 2007 23:46:00 -0000	1.456
@@ -3291,6 +3291,7 @@
 	helpers/basic_auth/multi-domain-NTLM/Makefile \
 	helpers/basic_auth/SASL/Makefile \
 	helpers/basic_auth/POP3/Makefile \
+	helpers/basic_auth/DB/Makefile \
 	helpers/digest_auth/Makefile \
 	helpers/digest_auth/password/Makefile \
 	helpers/digest_auth/ldap/Makefile \
Index: squid3/helpers/basic_auth/Makefile.am
===================================================================
RCS file: /cvsroot/squid/squid3/helpers/basic_auth/Makefile.am,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- squid3/helpers/basic_auth/Makefile.am	9 Dec 2006 23:28:23 -0000	1.7
+++ squid3/helpers/basic_auth/Makefile.am	2 Jun 2007 23:49:23 -0000	1.8
@@ -1,7 +1,7 @@
 #  Makefile for storage modules in the Squid Object Cache server
 #
-#  $Id: Makefile.am,v 1.7 2006/12/09 23:28:23 hno Exp $
+#  $Id: Makefile.am,v 1.8 2007/06/02 23:49:23 hno Exp $
 #
 
-DIST_SUBDIRS	= getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi POP3
+DIST_SUBDIRS	= getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi POP3 DB
 SUBDIRS		= @BASIC_AUTH_HELPERS@
--- /dev/null	Sat Jun  2 23:49:46 2007
+++ squid3/helpers/basic_auth/DB/Makefile.am	Sat Jun  2 23:49:47 2007
@@ -0,0 +1,14 @@
+#
+#  Makefile for the Squid Object Cache server
+#
+#  $Id: Makefile.am,v 1.1 2007/06/02 23:46:00 hno Exp $
+#
+#  Uncomment and customize the following to suit your needs:
+#
+
+libexec_SCRIPTS	= \
+	db_auth.pl
+
+EXTRA_DIST = \
+	db_auth.pl \
+	passwd.sql
--- /dev/null	Sat Jun  2 23:49:46 2007
+++ squid3/helpers/basic_auth/DB/db_auth.pl	Sat Jun  2 23:49:47 2007
@@ -0,0 +1,125 @@
+#!/usr/bin/perl
+use strict;
+use DBI;
+use Getopt::Long;
+use Pod::Usage;
+
+=pod
+
+=head1 NAME
+
+db_auth.pl - Database auth helper for Squid
+
+=cut
+
+my $dsn = "DBI:mysql:database=squid";
+my $db_user = undef;
+my $db_passwd = undef;
+my $db_table = "passwd";
+my $db_usercol = "user";
+my $db_passwdcol = "password";
+my $db_cond = "enabled = 1";
+my $plaintext = 0;
+
+=pod
+
+=head1 SYNOPSIS
+
+db_auth.pl [options]
+
+=head1 DESCRIPTOIN
+
+This program verifies username & password to a database
+
+=over 8
+
+=item	B<--dsn>
+
+Database DSN. Default "DBI:mysql:database=squid"
+
+=item	B<--user>
+
+Database User
+
+=item	B<--password>
+
+Database password
+
+=item	B<--table>
+
+Database table. Default "passwd".
+
+=item	B<--usercol>
+
+Username column. Default "user".
+
+=item	B<--passwdcol>
+
+Password column. Default "password".
+
+=item	B<--cond>
+
+Condition, defaults to enabled=1. Specify 1 or "" for no condition
+
+=item	B<--plaintext>
+
+Database contains plain-text passwords
+
+=back
+
+=cut
+
+GetOptions(
+	'dsn=s' => \$dsn,
+	'user=s' => \$db_user,
+	'password=s' => \$db_passwd,
+	'table=s' => \$db_table,
+	'usercol=s' => \$db_usercol,
+	'passwdcol=s' => \$db_passwdcol,
+	'cond=s' => \$db_cond,
+	'plaintext' => \$plaintext,
+	);
+
+my $dbh = DBI->connect($dsn, $db_user, $db_passwd) || die ("Could not connect to $dsn\n");
+
+my ($sth) = $dbh->prepare("SELECT $db_passwdcol FROM $db_table WHERE $db_usercol = ?" . ($db_cond ne "" ? " AND $db_cond" : "")) || die;
+
+my $status;
+
+sub check_password($$)
+{
+    my ($password, $key) = @_;
+
+    return 1 if crypt($password, $key) eq $key;
+    
+    return 1 if $plaintext && $password eq $key;
+
+    return 0;
+}
+while (<>) {
+    my ($user, $password) = split;
+    $status = "ERR";
+    $user =~ s/%(..)/pack("H*", $1)/ge;
+    $password =~ s/%(..)/pack("H*", $1)/ge;
+
+    $status = "ERR internal error";
+    $sth->execute($user) || next;
+    $status = "ERR unknown login";
+    my ($row) = $sth->fetchrow_arrayref() || next;
+    $status = "ERR login failure";
+    next if (!check_password($password, @$row[0]));
+    $status = "OK";
+} continue {
+    print $status . "\n";
+}
+
+=pod
+
+=head1 COPYRIGHT
+
+Copyright (C) 2007 Henrik Nordstrom <henrik@henriknordstrom.net>
+This program is free software. You may redistribute copies of it under the
+terms of the GNU General Public License version 2, or (at youropinion) any
+later version.
+
+=cut
--- /dev/null	Sat Jun  2 23:49:46 2007
+++ squid3/helpers/basic_auth/DB/passwd.sql	Sat Jun  2 23:49:47 2007
@@ -0,0 +1,8 @@
+CREATE TABLE `passwd` (
+  `user` varchar(32) NOT NULL default '',
+  `password` varchar(35) NOT NULL default '',
+  `enabled` tinyint(1) NOT NULL default '1',
+  `fullname` varchar(60) default NULL,
+  `comment` varchar(60) default NULL,
+  PRIMARY KEY  (`user`)
+);