Re: Patch for the getpwnam_auth helper
Henrik Nordstrom wrote: mån 2006-07-03 klockan 21:33 -0300 skrev Giancarlo Razzolini: Here it is. Please send any comments, critics or suggestions. Did the patch against the getpwnam.c from 2.6.STABLE1. Also i've started today writing the documentation for it. Applied to Squid-3. Regards Henrik great to hear. I'm almost done with the docs. I'm taking as example the man pages from other helpers, as the squid_ldap_auth, one that i use a lot. :) Thanks, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informática 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 signature.asc Description: OpenPGP digital signature
Re: Patch for the getpwnam_auth helper
mån 2006-07-03 klockan 21:33 -0300 skrev Giancarlo Razzolini: Here it is. Please send any comments, critics or suggestions. Did the patch against the getpwnam.c from 2.6.STABLE1. Also i've started today writing the documentation for it. Applied to Squid-3. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Patch for the getpwnam_auth helper
Henrik Nordstrom wrote: fre 2006-07-21 klockan 17:00 -0300 skrev Giancarlo Razzolini: Not wanting to be too irritating, but you got the patch for the getpwnam helper i sent? Got it, but afraid I momentarily forgot it in a flood of other squid-dev messages.. thanks for the reminder. Also, if so, it will be included (if approved) in the 2.6 branch or in the 3.0 branch? When approved it will go into 3.0 for sure. Not yet sure about 2.6, but it might get there as well as it is not a big change, only making an existing helper extend to more systems. Regards Henrik Thanks. Nice to hear. I am working on the manual of the helper also, already reflecting the changes made on it. :) My regards, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informática 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 signature.asc Description: OpenPGP digital signature
Re: Patch for the getpwnam_auth helper
Hmm. Loos almost good. Problem is that now the helper fails for systems who do have the shadow suite but is not using shadow.. In my experience on those systems getspnam returns NULL and you have to fall back on getpwnam runtime. Regards Henrik First sorry for the late, it were 2 weeks of tests in my university, so i was busiest that never. Now that i'm on vacation from university, i do have more free time. Now, to the patch. For doing what you want, i'll have do do major changes to the code. Because if using shadow, i declare a pointer to the spwd struct, and if using getpwnam, i declare a pointer to the passwd struct. To fail back, i'll have to do some big changes to the code. I'm even thinking in using functions inside the code to do the auth. Want to know if you agree with it or not. My regards, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informática 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 signature.asc Description: OpenPGP digital signature
Re: Patch for the getpwnam_auth helper
mån 2006-07-03 klockan 20:07 -0300 skrev Giancarlo Razzolini: First sorry for the late, it were 2 weeks of tests in my university, so i was busiest that never. Now that i'm on vacation from university, i do have more free time. No problem. Now, to the patch. For doing what you want, i'll have do do major changes to the code. Because if using shadow, i declare a pointer to the spwd struct, and if using getpwnam, i declare a pointer to the passwd struct. To fail back, i'll have to do some big changes to the code. I'm even thinking in using functions inside the code to do the auth. Want to know if you agree with it or not. Didn't look that big to me... a few lines only. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Patch for the getpwnam_auth helper
Henrik Nordstrom wrote:
mån 2006-07-03 klockan 20:07 -0300 skrev Giancarlo Razzolini:
First sorry for the late, it were 2 weeks of tests in my university, so
i was busiest that never. Now that i'm on vacation from university, i do
have more free time.
No problem.
Now, to the patch. For doing what you want, i'll have do do major
changes to the code. Because if using shadow, i declare a pointer to the
spwd struct, and if using getpwnam, i declare a pointer to the passwd
struct. To fail back, i'll have to do some big changes to the code. I'm
even thinking in using functions inside the code to do the auth. Want to
know if you agree with it or not.
Didn't look that big to me... a few lines only.
Regards
Henrik
Here it is. Please send any comments, critics or suggestions. Did the
patch against the getpwnam.c from 2.6.STABLE1. Also i've started today
writing the documentation for it.
Thanks in advance,
--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em Informática
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
--- getpwnam_auth.c 2005-05-17 13:56:27.0 -0300
+++ getpwnam_auth.c.new 2006-07-03 21:07:56.0 -0300
@@ -17,6 +17,11 @@
* + can handle LDAP request
* + can handle PAM request
*
+ * 2006-07: Giancarlo Razzolini [EMAIL PROTECTED]
+ *
+ * Added functionality for doing shadow authentication too,
+ * using the getspnam() function on systems that support it.
+ *
*/
#include config.h
@@ -39,45 +44,86 @@
#if HAVE_PWD_H
#include pwd.h
#endif
+#if HAVE_SHADOW_H
+#include shadow.h
+#endif
#include util.h
#define ERRERR\n
#define OK OK\n
+#if HAVE_PWD_H
+int passwd_auth(char *user, char *passwd)
+{
+ struct passwd *pwd;
+ pwd = getpwnam(user);
+ if (pwd == NULL) {
+return 0; /* User does not exist */
+ } else {
+if (strcmp(pwd-pw_passwd, (char *) crypt(passwd, pwd-pw_passwd))) {
+ return 2; /* Wrong password */
+} else {
+ return 1; /* Authentication Sucessful */
+}
+ }
+}
+#endif
+
+#if HAVE_SHADOW_H
+int shadow_auth(char *user, char *passwd)
+{
+ struct spwd *pwd;
+ pwd = getspnam(user);
+ if (pwd == NULL) {
+return passwd_auth(user, passwd); /* Fall back to passwd_auth */
+ } else {
+if (strcmp(pwd-sp_pwdp, crypt(passwd, pwd-sp_pwdp))) {
+ return 2; /* Wrong password */
+} else {
+ return 1; /* Authentication Sucessful */
+}
+ }
+}
+#endif
+
int
main()
{
-char buf[256];
-struct passwd *pwd;
-char *user, *passwd, *p;
-
-setbuf(stdout, NULL);
-while (fgets(buf, 256, stdin) != NULL) {
-
- if ((p = strchr(buf, '\n')) != NULL)
- *p = '\0'; /* strip \n */
-
- if ((user = strtok(buf, )) == NULL) {
- printf(ERR);
- continue;
- }
- if ((passwd = strtok(NULL, )) == NULL) {
- printf(ERR);
- continue;
- }
- rfc1738_unescape(user);
- rfc1738_unescape(passwd);
- pwd = getpwnam(user);
- if (pwd == NULL) {
- printf(ERR No such user\n);
- } else {
- if (strcmp(pwd-pw_passwd, (char *) crypt(passwd, pwd-pw_passwd)))
{
- printf(ERR Wrong password\n);
- } else {
- printf(OK);
- }
- }
+ int auth = 0;
+ char buf[256];
+ char *user, *passwd, *p;
+
+ setbuf(stdout, NULL);
+ while (fgets(buf, 256, stdin) != NULL) {
+
+if ((p = strchr(buf, '\n')) != NULL)
+ *p = '\0'; /* strip \n */
+
+if ((user = strtok(buf, )) == NULL) {
+ printf(ERR);
+ continue;
+}
+if ((passwd = strtok(NULL, )) == NULL) {
+ printf(ERR);
+ continue;
+}
+rfc1738_unescape(user);
+rfc1738_unescape(passwd);
+#if HAVE_SHADOW_H
+auth = shadow_auth(user, passwd);
+#else
+auth = passwd_auth(user, passwd);
+#endif
+if (auth == 0) {
+ printf(ERR No such user\n);
+} else {
+ if (auth == 2) {
+ printf(ERR Wrong password\n);
+ } else {
+ printf(OK);
+ }
}
-exit(0);
+ }
+ exit(0);
}
75119cf970605c11407e0b9f2724ca4c getpwnam_auth.c.patch
signature.asc
Description: OpenPGP digital signature
Re: Patch for the getpwnam_auth helper
tor 2006-06-08 klockan 14:42 -0300 skrev Giancarlo Razzolini: Hi all, I'm sending the patch for the getpwnam_helper. Now it's more useful for systems that don't have PAM, but want to authenticate from local users (Slackware Linux, amongst others). Hmm. Loos almost good. Problem is that now the helper fails for systems who do have the shadow suite but is not using shadow.. In my experience on those systems getspnam returns NULL and you have to fall back on getpwnam runtime. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Patch for the getpwnam_auth helper
Henrik Nordstrom wrote: tor 2006-06-08 klockan 14:42 -0300 skrev Giancarlo Razzolini: Hi all, I'm sending the patch for the getpwnam_helper. Now it's more useful for systems that don't have PAM, but want to authenticate from local users (Slackware Linux, amongst others). Hmm. Loos almost good. Problem is that now the helper fails for systems who do have the shadow suite but is not using shadow.. In my experience on those systems getspnam returns NULL and you have to fall back on getpwnam runtime. Regards Henrik No problem. Must only add a check for the return of the getspnam(3) call. If it is null, then fall back to the getpwnam(3). Will do it latter today and will resend the patch. And what about the documentation? My regards, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informática 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 signature.asc Description: OpenPGP digital signature
Re: Patch for the getpwnam_auth helper
tor 2006-06-08 klockan 17:51 -0300 skrev Giancarlo Razzolini: No problem. Must only add a check for the return of the getspnam(3) call. If it is null, then fall back to the getpwnam(3). Will do it latter today and will resend the patch. Excellent! And what about the documentation? You are more than welcome to write the missing documentation, or any other documentation you see fit for any Squid component. Documentation is very much missing in Squid... Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
