Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Le mardi 1 juin 2010 10:23:05, Henrik Nordström a écrit : > tis 2010-06-01 klockan 00:23 -0500 skrev Luis Daniel Lucio Quiroz: > > strict was removed because at least in mandriva perl, it was complaining > > about that some variables didnt exists > > Which variabes? > > Regards > Henrik I dont remember, i will check them in a while
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
tis 2010-06-01 klockan 00:23 -0500 skrev Luis Daniel Lucio Quiroz: > strict was removed because at least in mandriva perl, it was complaining > about > that some variables didnt exists Which variabes? Regards Henrik
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Le vendredi 28 mai 2010 01:22:57, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le jeudi 27 mai 2010 07:30:11, Amos Jeffries a écrit : > >> Luis Daniel Lucio Quiroz wrote: > >>> Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : > >> Luis Daniel Lucio Quiroz wrote: > >>> Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : > >> HI all > >> > >> As a requirement of one client, he wants to use joomla user > >> database to let squid authenticate. > >> > >> I did patch squid_db_auth that Henrik has written in order to > >> support joomla hash conditions. > >> > >> I did add one usefull option to script > >> > >> --joomla > >> > >> in order to activate joomla hashing. Other options are > >> identical. Please test :) > >> > >> Ammos, I'd like if you can include this in 3.1.2 > > Mumble. > > How do other users feel about it? Useful enough to cross the > security bugs and regressions only freeze? > > >> LD > > > > I have a typo in > > my salt > > > > should be > > my $salt > > > > sorry > > Can you make the option --md5 instead please? > > Possibilities are not limited to Joomla and they may change > someday. > > The option needs to be added to the documentation sections of the > helper as well. > > Amos > >>> > >>> I dont get you about "cross the security", > >> > >> 3.1 is under feature freeze. Anything not a security fix or > >> regression needs to have some good reasons to be committed. > >> > >> I'm trying to stick to the freeze a little more with 3.1 than with > >> 3.0, to get back into the habit of it. Particularly since we look > >> like having a good foothold on the track for 12-month releases now. > >> > >>> what i did is that --joomla flag do diferent sql request and > >>> because joomla hass is like this: > >>> hash:salt > >>> i did split and compare. by default joomla uses md5 (i'm not a > >>> joomla master, i dont know when joomla uses other hashings) > >> > >> I intend to use this auth helper myself for other systems, and there > >> are others who ask about a DB helper occasionally. > >> > >> > >> Taking a better look at your changes ... > >> > >> The first one: db_conf = "block = 0" seems to be useless. All it > >> does is hard-code a different default value for the --cond option. > >> > >>For Joomla the squid.conf should instead contain: > >> --cond " block=0 " > >> > >> Which leaves the salted/non-salted hash change. > >> > >> Adding this: > >>--salt-delimiter D > >> > >> To configure character(s) between the hash and salt values. Will > >> not to lock people into the specific Joomla syntax of colon. There > >> are examples and tutorials out there for app design that use other > >> delimiters. > >> > >> Doing both of those changes Joomla would be configured with: > >>... --cond " block=0 " --salt-delimiter ":" > >>> > >>> if you want, latter i may add also --md5 to store md5 password, and > >>> --digest- auth to support diggest authentication :) but later > >>> jejeje > >> > >> Amos > > > > HI > > i've just update my patch to fit 3.1.2 > > > > > > I hope this could be included since it is based on todays snapshot. > > > > Regards, > > > > LD > > Thank you. > > You still have the --joomla flag. I thought you agreed to call it > something like the --salt and take the delim character ? > > Amos > >>> > >>> Amos + team, > >>> > >>> i was adding salt support and i realize of this line > >>> > >>> return 1 if crypt($password, $key) eq $key; > >>> > >>> as far as i know this is impossible, becausecrypt using a salt wont > >>> be eq to that key, > >>> because there are many scenarios i did let this line in my patch and > >>> add another to use static salt > >>> > >>> I also add a --sql option to let user specify complex querys. As i was > >>> needint it to work with an INNER JOIN. > >>> > >>> I hope you can review it. > >>> > >>> LD > >> > >> I have not found the need for --sql in my experience with complex > >> queries to this helper. The each of the options --usercol , --passcol, > >> --table and --cond can take whole snippets of SQL double-quoted. > >> > >> The rest of th
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Luis Daniel Lucio Quiroz wrote: Le jeudi 27 mai 2010 07:30:11, Amos Jeffries a écrit : Luis Daniel Lucio Quiroz wrote: Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit : Luis Daniel Lucio Quiroz wrote: Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : Luis Daniel Lucio Quiroz wrote: Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : Luis Daniel Lucio Quiroz wrote: Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : HI all As a requirement of one client, he wants to use joomla user database to let squid authenticate. I did patch squid_db_auth that Henrik has written in order to support joomla hash conditions. I did add one usefull option to script --joomla in order to activate joomla hashing. Other options are identical. Please test :) Ammos, I'd like if you can include this in 3.1.2 Mumble. How do other users feel about it? Useful enough to cross the security bugs and regressions only freeze? LD I have a typo in my salt should be my $salt sorry Can you make the option --md5 instead please? Possibilities are not limited to Joomla and they may change someday. The option needs to be added to the documentation sections of the helper as well. Amos I dont get you about "cross the security", 3.1 is under feature freeze. Anything not a security fix or regression needs to have some good reasons to be committed. I'm trying to stick to the freeze a little more with 3.1 than with 3.0, to get back into the habit of it. Particularly since we look like having a good foothold on the track for 12-month releases now. what i did is that --joomla flag do diferent sql request and because joomla hass is like this: hash:salt i did split and compare. by default joomla uses md5 (i'm not a joomla master, i dont know when joomla uses other hashings) I intend to use this auth helper myself for other systems, and there are others who ask about a DB helper occasionally. Taking a better look at your changes ... The first one: db_conf = "block = 0" seems to be useless. All it does is hard-code a different default value for the --cond option. For Joomla the squid.conf should instead contain: --cond " block=0 " Which leaves the salted/non-salted hash change. Adding this: --salt-delimiter D To configure character(s) between the hash and salt values. Will not to lock people into the specific Joomla syntax of colon. There are examples and tutorials out there for app design that use other delimiters. Doing both of those changes Joomla would be configured with: ... --cond " block=0 " --salt-delimiter ":" if you want, latter i may add also --md5 to store md5 password, and --digest- auth to support diggest authentication :) but later jejeje Amos HI i've just update my patch to fit 3.1.2 I hope this could be included since it is based on todays snapshot. Regards, LD Thank you. You still have the --joomla flag. I thought you agreed to call it something like the --salt and take the delim character ? Amos Amos + team, i was adding salt support and i realize of this line return 1 if crypt($password, $key) eq $key; as far as i know this is impossible, becausecrypt using a salt wont be eq to that key, because there are many scenarios i did let this line in my patch and add another to use static salt I also add a --sql option to let user specify complex querys. As i was needint it to work with an INNER JOIN. I hope you can review it. LD I have not found the need for --sql in my experience with complex queries to this helper. The each of the options --usercol , --passcol, --table and --cond can take whole snippets of SQL double-quoted. The rest of the patch is accepted. Will be in Squid-3.1.4. If anyone is interested in further improvements to this helper; Loading the parameters from a secure file instead of having the SQL snippets and DSN login visible on the command line would be useful. Amos OK, no problem i was realizing because complex select are more than JOINS, such as UNIONS or SELECTS inside SELECTS but not problem. Can you post then how will be so i can patch rpms :) LD 3.1.4 is due out this Sunday. Oh, Henrik had a question about why "use strict" was removed? Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Le jeudi 27 mai 2010 07:30:11, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit : > >> Luis Daniel Lucio Quiroz wrote: > >>> Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : > >> Luis Daniel Lucio Quiroz wrote: > >>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : > HI all > > As a requirement of one client, he wants to use joomla user > database to let squid authenticate. > > I did patch squid_db_auth that Henrik has written in order to > support joomla hash conditions. > > I did add one usefull option to script > > --joomla > > in order to activate joomla hashing. Other options are identical. > Please test :) > > Ammos, I'd like if you can include this in 3.1.2 > >> > >> Mumble. > >> > >> How do other users feel about it? Useful enough to cross the > >> security bugs and regressions only freeze? > >> > LD > >>> > >>> I have a typo in > >>> my salt > >>> > >>> should be > >>> my $salt > >>> > >>> sorry > >> > >> Can you make the option --md5 instead please? > >> > >> Possibilities are not limited to Joomla and they may change > >> someday. > >> > >> The option needs to be added to the documentation sections of the > >> helper as well. > >> > >> Amos > > > > I dont get you about "cross the security", > > 3.1 is under feature freeze. Anything not a security fix or regression > needs to have some good reasons to be committed. > > I'm trying to stick to the freeze a little more with 3.1 than with > 3.0, to get back into the habit of it. Particularly since we look > like having a good foothold on the track for 12-month releases now. > > > what i did is that --joomla flag do diferent sql request and because > > joomla hass is like this: > > hash:salt > > i did split and compare. by default joomla uses md5 (i'm not a > > joomla master, i dont know when joomla uses other hashings) > > I intend to use this auth helper myself for other systems, and there > are others who ask about a DB helper occasionally. > > > Taking a better look at your changes ... > > The first one: db_conf = "block = 0" seems to be useless. All it does > is hard-code a different default value for the --cond option. > > For Joomla the squid.conf should instead contain: > --cond " block=0 " > > Which leaves the salted/non-salted hash change. > > Adding this: > --salt-delimiter D > > To configure character(s) between the hash and salt values. Will not > to lock people into the specific Joomla syntax of colon. There are > examples and tutorials out there for app design that use other > delimiters. > > Doing both of those changes Joomla would be configured with: > ... --cond " block=0 " --salt-delimiter ":" > > > > if you want, latter i may add also --md5 to store md5 password, and > > --digest- auth to support diggest authentication :) but later jejeje > > Amos > >>> > >>> HI > >>> i've just update my patch to fit 3.1.2 > >>> > >>> > >>> I hope this could be included since it is based on todays snapshot. > >>> > >>> Regards, > >>> > >>> LD > >> > >> Thank you. > >> > >> You still have the --joomla flag. I thought you agreed to call it > >> something like the --salt and take the delim character ? > >> > >> Amos > > > > Amos + team, > > > > i was adding salt support and i realize of this line > > > > return 1 if crypt($password, $key) eq $key; > > > > as far as i know this is impossible, becausecrypt using a salt wont > > be eq to that key, > > because there are many scenarios i did let this line in my patch and add > > another to use static salt > > > > I also add a --sql option to let user specify complex querys. As i was > > needint it to work with an INNER JOIN. > > > > I hope you can review it. > > > > LD > > I have not found the need for --sql in my experience with complex > queries to this helper. The each of the options --usercol , --passcol, > --table and --cond can take whole snippets of SQL double-quoted. > > The rest of the patch is accepted. Will be in Squid-3.1.4. > > If anyone is interested in further improvements to this helper; >Loading the parameters from a secure file instead of having the SQL > snippets and DSN login visible on the command line would be useful. > > Amos OK, no problem i was realizing because complex select are more than JOINS, such as UNIONS or SELECTS inside SELECT
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Luis Daniel Lucio Quiroz wrote: Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit : Luis Daniel Lucio Quiroz wrote: Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : Luis Daniel Lucio Quiroz wrote: Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : Luis Daniel Lucio Quiroz wrote: Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : HI all As a requirement of one client, he wants to use joomla user database to let squid authenticate. I did patch squid_db_auth that Henrik has written in order to support joomla hash conditions. I did add one usefull option to script --joomla in order to activate joomla hashing. Other options are identical. Please test :) Ammos, I'd like if you can include this in 3.1.2 Mumble. How do other users feel about it? Useful enough to cross the security bugs and regressions only freeze? LD I have a typo in my salt should be my $salt sorry Can you make the option --md5 instead please? Possibilities are not limited to Joomla and they may change someday. The option needs to be added to the documentation sections of the helper as well. Amos I dont get you about "cross the security", 3.1 is under feature freeze. Anything not a security fix or regression needs to have some good reasons to be committed. I'm trying to stick to the freeze a little more with 3.1 than with 3.0, to get back into the habit of it. Particularly since we look like having a good foothold on the track for 12-month releases now. what i did is that --joomla flag do diferent sql request and because joomla hass is like this: hash:salt i did split and compare. by default joomla uses md5 (i'm not a joomla master, i dont know when joomla uses other hashings) I intend to use this auth helper myself for other systems, and there are others who ask about a DB helper occasionally. Taking a better look at your changes ... The first one: db_conf = "block = 0" seems to be useless. All it does is hard-code a different default value for the --cond option. For Joomla the squid.conf should instead contain: --cond " block=0 " Which leaves the salted/non-salted hash change. Adding this: --salt-delimiter D To configure character(s) between the hash and salt values. Will not to lock people into the specific Joomla syntax of colon. There are examples and tutorials out there for app design that use other delimiters. Doing both of those changes Joomla would be configured with: ... --cond " block=0 " --salt-delimiter ":" if you want, latter i may add also --md5 to store md5 password, and --digest- auth to support diggest authentication :) but later jejeje Amos HI i've just update my patch to fit 3.1.2 I hope this could be included since it is based on todays snapshot. Regards, LD Thank you. You still have the --joomla flag. I thought you agreed to call it something like the --salt and take the delim character ? Amos Amos + team, i was adding salt support and i realize of this line return 1 if crypt($password, $key) eq $key; as far as i know this is impossible, becausecrypt using a salt wont be eq to that key, because there are many scenarios i did let this line in my patch and add another to use static salt I also add a --sql option to let user specify complex querys. As i was needint it to work with an INNER JOIN. I hope you can review it. LD I have not found the need for --sql in my experience with complex queries to this helper. The each of the options --usercol , --passcol, --table and --cond can take whole snippets of SQL double-quoted. The rest of the patch is accepted. Will be in Squid-3.1.4. If anyone is interested in further improvements to this helper; Loading the parameters from a secure file instead of having the SQL snippets and DSN login visible on the command line would be useful. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : > >> Luis Daniel Lucio Quiroz wrote: > >>> Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : > >> HI all > >> > >> As a requirement of one client, he wants to use joomla user database > >> to let squid authenticate. > >> > >> I did patch squid_db_auth that Henrik has written in order to > >> support joomla hash conditions. > >> > >> I did add one usefull option to script > >> > >> --joomla > >> > >> in order to activate joomla hashing. Other options are identical. > >> Please test :) > >> > >> Ammos, I'd like if you can include this in 3.1.2 > > Mumble. > > How do other users feel about it? Useful enough to cross the security > bugs and regressions only freeze? > > >> LD > > > > I have a typo in > > my salt > > > > should be > > my $salt > > > > sorry > > Can you make the option --md5 instead please? > > Possibilities are not limited to Joomla and they may change someday. > > The option needs to be added to the documentation sections of the > helper as well. > > Amos > >>> > >>> I dont get you about "cross the security", > >> > >> 3.1 is under feature freeze. Anything not a security fix or regression > >> needs to have some good reasons to be committed. > >> > >> I'm trying to stick to the freeze a little more with 3.1 than with 3.0, > >> to get back into the habit of it. Particularly since we look like having > >> a good foothold on the track for 12-month releases now. > >> > >>> what i did is that --joomla flag do diferent sql request and because > >>> joomla hass is like this: > >>> hash:salt > >>> i did split and compare. by default joomla uses md5 (i'm not a joomla > >>> master, i dont know when joomla uses other hashings) > >> > >> I intend to use this auth helper myself for other systems, and there are > >> others who ask about a DB helper occasionally. > >> > >> > >> Taking a better look at your changes ... > >> > >> The first one: db_conf = "block = 0" seems to be useless. All it does > >> is hard-code a different default value for the --cond option. > >> > >>For Joomla the squid.conf should instead contain: > >> --cond " block=0 " > >> > >> Which leaves the salted/non-salted hash change. > >> > >> Adding this: > >>--salt-delimiter D > >> > >> To configure character(s) between the hash and salt values. Will not to > >> lock people into the specific Joomla syntax of colon. There are > >> examples and tutorials out there for app design that use other > >> delimiters. > >> > >> Doing both of those changes Joomla would be configured with: > >>... --cond " block=0 " --salt-delimiter ":" > >>> > >>> if you want, latter i may add also --md5 to store md5 password, and > >>> --digest- auth to support diggest authentication :) but later jejeje > >> > >> Amos > > > > HI > > i've just update my patch to fit 3.1.2 > > > > > > I hope this could be included since it is based on todays snapshot. > > > > Regards, > > > > LD > > Thank you. > > You still have the --joomla flag. I thought you agreed to call it > something like the --salt and take the delim character ? > > Amos Amos + team, i was adding salt support and i realize of this line return 1 if crypt($password, $key) eq $key; as far as i know this is impossible, becausecrypt using a salt wont be eq to that key, because there are many scenarios i did let this line in my patch and add another to use static salt I also add a --sql option to let user specify complex querys. As i was needint it to work with an INNER JOIN. I hope you can review it. LD --- helpers/basic_auth/DB/squid_db_auth.in.orig 2010-05-03 18:36:22.0 +0200 +++ helpers/basic_auth/DB/squid_db_auth.in 2010-05-07 22:54:50.0 +0200 @@ -1,8 +1,9 @@ #...@perl@ -use strict; +#use strict; use DBI; use Getopt::Long; use Pod::Usage; +use Digest::MD5 qw(md5 md5_hex md5_base64); $|=1; =pod @@ -22,6 +23,10 @@ my $db_cond = "enabled = 1"; my $plaintext = 0; my $persist = 0; +my $isjoomla = 0; +my $debug = 0; +my $hashsalt = undef; +my $sql = undef; =pod @@ -62,15 +67,30 @@ =item B<--cond> Condition, defaults to enabled=1. Specify 1 or "" for no condition +If you use --joomla flag, this condition will be changed to block=0 =item B<--plaintext> Database contains plain-text passwords +=item B<--salt> + +Selects the correct salt to evaluate passwords + =item B<--persist> Keep a persistent database connection open between queries. +=item B<--joomla> + +Tells helper that user database is joomla db. So salt hasing is +understood. + +=item
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : > >> Luis Daniel Lucio Quiroz wrote: > >>> Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : > >> HI all > >> > >> As a requirement of one client, he wants to use joomla user database > >> to let squid authenticate. > >> > >> I did patch squid_db_auth that Henrik has written in order to > >> support joomla hash conditions. > >> > >> I did add one usefull option to script > >> > >> --joomla > >> > >> in order to activate joomla hashing. Other options are identical. > >> Please test :) > >> > >> Ammos, I'd like if you can include this in 3.1.2 > > Mumble. > > How do other users feel about it? Useful enough to cross the security > bugs and regressions only freeze? > > >> LD > > > > I have a typo in > > my salt > > > > should be > > my $salt > > > > sorry > > Can you make the option --md5 instead please? > > Possibilities are not limited to Joomla and they may change someday. > > The option needs to be added to the documentation sections of the > helper as well. > > Amos > >>> > >>> I dont get you about "cross the security", > >> > >> 3.1 is under feature freeze. Anything not a security fix or regression > >> needs to have some good reasons to be committed. > >> > >> I'm trying to stick to the freeze a little more with 3.1 than with 3.0, > >> to get back into the habit of it. Particularly since we look like having > >> a good foothold on the track for 12-month releases now. > >> > >>> what i did is that --joomla flag do diferent sql request and because > >>> joomla hass is like this: > >>> hash:salt > >>> i did split and compare. by default joomla uses md5 (i'm not a joomla > >>> master, i dont know when joomla uses other hashings) > >> > >> I intend to use this auth helper myself for other systems, and there are > >> others who ask about a DB helper occasionally. > >> > >> > >> Taking a better look at your changes ... > >> > >> The first one: db_conf = "block = 0" seems to be useless. All it does > >> is hard-code a different default value for the --cond option. > >> > >>For Joomla the squid.conf should instead contain: > >> --cond " block=0 " > >> > >> Which leaves the salted/non-salted hash change. > >> > >> Adding this: > >>--salt-delimiter D > >> > >> To configure character(s) between the hash and salt values. Will not to > >> lock people into the specific Joomla syntax of colon. There are > >> examples and tutorials out there for app design that use other > >> delimiters. > >> > >> Doing both of those changes Joomla would be configured with: > >>... --cond " block=0 " --salt-delimiter ":" > >>> > >>> if you want, latter i may add also --md5 to store md5 password, and > >>> --digest- auth to support diggest authentication :) but later jejeje > >> > >> Amos > > > > HI > > i've just update my patch to fit 3.1.2 > > > > > > I hope this could be included since it is based on todays snapshot. > > > > Regards, > > > > LD > > Thank you. > > You still have the --joomla flag. I thought you agreed to call it > something like the --salt and take the delim character ? > > Amos Amos, the fact is that joomla breaks common format in salt normaly in unix forma should be salt:crypted_password, what ever the seperator is, $ for example but in joomla is quite differente crypted:password:salt (always : as separator), joomla in its code can soppurt diferente crypt schemas but it laks on a gui to change it, i fyou want to change joomla schema you must hack code (i did already to change it, thats whay i know that). I will add --salt separator also, but i'd prefere to keep --joomla because this reason i have told This monday i will publish patch then :) (monday my time, i'm gmt-6) Regards, LD
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
I'm ok with adding it to 3.1 as long as its carefully reviewed - which Amos appears to be doing.
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Luis Daniel Lucio Quiroz wrote: Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : Luis Daniel Lucio Quiroz wrote: Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : Luis Daniel Lucio Quiroz wrote: Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : HI all As a requirement of one client, he wants to use joomla user database to let squid authenticate. I did patch squid_db_auth that Henrik has written in order to support joomla hash conditions. I did add one usefull option to script --joomla in order to activate joomla hashing. Other options are identical. Please test :) Ammos, I'd like if you can include this in 3.1.2 Mumble. How do other users feel about it? Useful enough to cross the security bugs and regressions only freeze? LD I have a typo in my salt should be my $salt sorry Can you make the option --md5 instead please? Possibilities are not limited to Joomla and they may change someday. The option needs to be added to the documentation sections of the helper as well. Amos I dont get you about "cross the security", 3.1 is under feature freeze. Anything not a security fix or regression needs to have some good reasons to be committed. I'm trying to stick to the freeze a little more with 3.1 than with 3.0, to get back into the habit of it. Particularly since we look like having a good foothold on the track for 12-month releases now. what i did is that --joomla flag do diferent sql request and because joomla hass is like this: hash:salt i did split and compare. by default joomla uses md5 (i'm not a joomla master, i dont know when joomla uses other hashings) I intend to use this auth helper myself for other systems, and there are others who ask about a DB helper occasionally. Taking a better look at your changes ... The first one: db_conf = "block = 0" seems to be useless. All it does is hard-code a different default value for the --cond option. For Joomla the squid.conf should instead contain: --cond " block=0 " Which leaves the salted/non-salted hash change. Adding this: --salt-delimiter D To configure character(s) between the hash and salt values. Will not to lock people into the specific Joomla syntax of colon. There are examples and tutorials out there for app design that use other delimiters. Doing both of those changes Joomla would be configured with: ... --cond " block=0 " --salt-delimiter ":" if you want, latter i may add also --md5 to store md5 password, and --digest- auth to support diggest authentication :) but later jejeje Amos HI i've just update my patch to fit 3.1.2 I hope this could be included since it is based on todays snapshot. Regards, LD Thank you. You still have the --joomla flag. I thought you agreed to call it something like the --salt and take the delim character ? Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit :
> Luis Daniel Lucio Quiroz wrote:
> > Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit :
> >> Luis Daniel Lucio Quiroz wrote:
> >>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit :
> HI all
>
> As a requirement of one client, he wants to use joomla user database
> to let squid authenticate.
>
> I did patch squid_db_auth that Henrik has written in order to support
> joomla hash conditions.
>
> I did add one usefull option to script
>
> --joomla
>
> in order to activate joomla hashing. Other options are identical.
> Please test :)
>
> Ammos, I'd like if you can include this in 3.1.2
> >>
> >> Mumble.
> >>
> >> How do other users feel about it? Useful enough to cross the security
> >> bugs and regressions only freeze?
> >>
> LD
> >>>
> >>> I have a typo in
> >>> my salt
> >>>
> >>> should be
> >>> my $salt
> >>>
> >>> sorry
> >>
> >> Can you make the option --md5 instead please?
> >>
> >> Possibilities are not limited to Joomla and they may change someday.
> >>
> >> The option needs to be added to the documentation sections of the helper
> >> as well.
> >>
> >> Amos
> >
> > I dont get you about "cross the security",
>
> 3.1 is under feature freeze. Anything not a security fix or regression
> needs to have some good reasons to be committed.
>
> I'm trying to stick to the freeze a little more with 3.1 than with 3.0,
> to get back into the habit of it. Particularly since we look like having
> a good foothold on the track for 12-month releases now.
>
> > what i did is that --joomla flag do diferent sql request and because
> > joomla hass is like this:
> > hash:salt
> > i did split and compare. by default joomla uses md5 (i'm not a joomla
> > master, i dont know when joomla uses other hashings)
>
> I intend to use this auth helper myself for other systems, and there are
> others who ask about a DB helper occasionally.
>
>
> Taking a better look at your changes ...
>
> The first one: db_conf = "block = 0" seems to be useless. All it does
> is hard-code a different default value for the --cond option.
>
>For Joomla the squid.conf should instead contain:
> --cond " block=0 "
>
>
> Which leaves the salted/non-salted hash change.
> Adding this:
>
>--salt-delimiter D
>
> To configure character(s) between the hash and salt values. Will not to
> lock people into the specific Joomla syntax of colon. There are
> examples and tutorials out there for app design that use other delimiters.
>
> Doing both of those changes Joomla would be configured with:
>
>... --cond " block=0 " --salt-delimiter ":"
>
> > if you want, latter i may add also --md5 to store md5 password, and
> > --digest- auth to support diggest authentication :) but later jejeje
>
> Amos
HI
i've just update my patch to fit 3.1.2
I hope this could be included since it is based on todays snapshot.
Regards,
LD
--- helpers/basic_auth/DB/squid_db_auth.in 2010-05-01 13:39:52.0 +0200
+++ helpers/basic_auth/DB/squid_db_auth.in.dlucio 2010-05-01 17:10:02.0 +0200
@@ -1,8 +1,9 @@
#...@perl@
-use strict;
+#use strict;
use DBI;
use Getopt::Long;
use Pod::Usage;
+use Digest::MD5 qw(md5 md5_hex md5_base64);
$|=1;
=pod
@@ -22,6 +23,8 @@
my $db_cond = "enabled = 1";
my $plaintext = 0;
my $persist = 0;
+my $isjoomla = 0;
+my $debug = 0;
=pod
@@ -62,6 +65,7 @@
=item B<--cond>
Condition, defaults to enabled=1. Specify 1 or "" for no condition
+If you use --joomla flag, this condition will be changed to block=0
=item B<--plaintext>
@@ -71,6 +75,10 @@
Keep a persistent database connection open between queries.
+=item B<--joomla>
+
+Tell helper that user database is joomla db. So salt hasing is understood.
+
=back
=cut
@@ -85,9 +93,12 @@
'cond=s' => \$db_cond,
'plaintext' => \$plaintext,
'persist' => \$persist,
+ 'joomla' => \$isjoomla,
+ 'debug' => \$debug,
);
my ($_dbh, $_sth);
+$db_cond = "block = 0" if $isjoomla;
sub close_db()
{
@@ -113,9 +124,17 @@
{
my ($password, $key) = @_;
-return 1 if crypt($password, $key) eq $key;
-
-return 1 if $plaintext && $password eq $key;
+if ($isjoomla){
+my $salt;
+my $key2;
+($key2,$salt) = split (/:/, $key);
+return 1 if md5_hex($password.$salt).':'.$salt eq $key;
+}
+else{
+return 1 if crypt($password, $key) eq $key;
+
+return 1 if $plaintext && $password eq $key;
+}
return 0;
}
@@ -155,6 +174,7 @@
=head1 COPYRIGHT
Copyright (C) 2007 Henrik Nordstrom
+Copyright (C) 2010 Luis Daniel Lucio Quiroz (Joomla support)
This program is free software. You may redistribute copies of it under the
terms of the GNU General Public License version 2, or (at youropinion) any
later version.
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit :
> Luis Daniel Lucio Quiroz wrote:
> > Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit :
> >> Luis Daniel Lucio Quiroz wrote:
> >>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit :
> HI all
>
> As a requirement of one client, he wants to use joomla user database
> to let squid authenticate.
>
> I did patch squid_db_auth that Henrik has written in order to support
> joomla hash conditions.
>
> I did add one usefull option to script
>
> --joomla
>
> in order to activate joomla hashing. Other options are identical.
> Please test :)
>
> Ammos, I'd like if you can include this in 3.1.2
> >>
> >> Mumble.
> >>
> >> How do other users feel about it? Useful enough to cross the security
> >> bugs and regressions only freeze?
> >>
> LD
> >>>
> >>> I have a typo in
> >>> my salt
> >>>
> >>> should be
> >>> my $salt
> >>>
> >>> sorry
> >>
> >> Can you make the option --md5 instead please?
> >>
> >> Possibilities are not limited to Joomla and they may change someday.
> >>
> >> The option needs to be added to the documentation sections of the helper
> >> as well.
> >>
> >> Amos
> >
> > I dont get you about "cross the security",
>
> 3.1 is under feature freeze. Anything not a security fix or regression
> needs to have some good reasons to be committed.
>
> I'm trying to stick to the freeze a little more with 3.1 than with 3.0,
> to get back into the habit of it. Particularly since we look like having
> a good foothold on the track for 12-month releases now.
>
> > what i did is that --joomla flag do diferent sql request and because
> > joomla hass is like this:
> > hash:salt
> > i did split and compare. by default joomla uses md5 (i'm not a joomla
> > master, i dont know when joomla uses other hashings)
>
> I intend to use this auth helper myself for other systems, and there are
> others who ask about a DB helper occasionally.
>
>
> Taking a better look at your changes ...
>
> The first one: db_conf = "block = 0" seems to be useless. All it does
> is hard-code a different default value for the --cond option.
>
>For Joomla the squid.conf should instead contain:
> --cond " block=0 "
>
>
> Which leaves the salted/non-salted hash change.
> Adding this:
>
>--salt-delimiter D
>
> To configure character(s) between the hash and salt values. Will not to
> lock people into the specific Joomla syntax of colon. There are
> examples and tutorials out there for app design that use other delimiters.
>
> Doing both of those changes Joomla would be configured with:
>
>... --cond " block=0 " --salt-delimiter ":"
>
> > if you want, latter i may add also --md5 to store md5 password, and
> > --digest- auth to support diggest authentication :) but later jejeje
>
> Amos
a little hack becuase perl was warning about first disconnect in perl dbh
:S
--- helpers/basic_auth/DB/squid_db_auth.in 2010-03-29 12:02:56.0 +0200
+++ helpers/basic_auth/DB/squid_db_auth.in.dlucio 2010-04-25 09:57:42.0 +0200
@@ -1,8 +1,9 @@
#...@perl@
-use strict;
+#use strict;
use DBI;
use Getopt::Long;
use Pod::Usage;
+use Digest::MD5 qw(md5 md5_hex md5_base64);
$|=1;
=pod
@@ -22,6 +23,8 @@
my $db_cond = "enabled = 1";
my $plaintext = 0;
my $persist = 0;
+my $isjoomla = 0;
+my $debug = 0;
=pod
@@ -62,6 +65,7 @@
=item B<--cond>
Condition, defaults to enabled=1. Specify 1 or "" for no condition
+If you use --joomla flag, this condition will be changed to block=0
=item B<--plaintext>
@@ -71,6 +75,10 @@
Keep a persistent database connection open between queries.
+=item B<--joomla>
+
+Tell helper that user database is joomla db. So salt hasing is understood.
+
=back
=cut
@@ -85,13 +93,17 @@
'cond=s' => \$db_cond,
'plaintext' => \$plaintext,
'persist' => \$persist,
+ 'joomla' => \$isjoomla,
+ 'debug' => \$debug,
);
-my ($_dbh, $_sth);
+$db_cond = "block = 0" if $isjoomla;
+
sub close_db()
{
return if !defined($_dbh);
+$_sth->finish();
$_dbh->disconnect();
undef $_dbh;
undef $_sth;
@@ -113,10 +125,17 @@
{
my ($password, $key) = @_;
-return 1 if crypt($password, $key) eq $key;
+if ($isjoomla){
+my $salt;
+my $key2;
+($key2,$salt) = split (/:/, $key);
+return 1 if md5_hex($password.$salt).':'.$salt eq $key;
+}
+else{
+return 1 if crypt($password, $key) eq $key;
-return 1 if $plaintext && $password eq $key;
-
+return 1 if $plaintext && $password eq $key;
+}
return 0;
}
@@ -155,8 +174,9 @@
=head1 COPYRIGHT
Copyright (C) 2007 Henrik Nordstrom
+Copyright (C) 2010 Luis Daniel Lucio Quiroz (Joomla support)
+
This program is free software. You may redistribute copies of it under the
terms of the GNU General Public License version 2, or (at youropinion) any
later version.
-
=c
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : > >> Luis Daniel Lucio Quiroz wrote: > >>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : > HI all > > As a requirement of one client, he wants to use joomla user database > to let squid authenticate. > > I did patch squid_db_auth that Henrik has written in order to support > joomla hash conditions. > > I did add one usefull option to script > > --joomla > > in order to activate joomla hashing. Other options are identical. > Please test :) > > Ammos, I'd like if you can include this in 3.1.2 > >> > >> Mumble. > >> > >> How do other users feel about it? Useful enough to cross the security > >> bugs and regressions only freeze? > >> > LD > >>> > >>> I have a typo in > >>> my salt > >>> > >>> should be > >>> my $salt > >>> > >>> sorry > >> > >> Can you make the option --md5 instead please? > >> > >> Possibilities are not limited to Joomla and they may change someday. > >> > >> The option needs to be added to the documentation sections of the helper > >> as well. > >> > >> Amos > > > > I dont get you about "cross the security", > > 3.1 is under feature freeze. Anything not a security fix or regression > needs to have some good reasons to be committed. Remember I'm a maintainer, all my changes at distro I do in a sable version we use. :) I hope diff works also in HEAD. > > I'm trying to stick to the freeze a little more with 3.1 than with 3.0, > to get back into the habit of it. Particularly since we look like having > a good foothold on the track for 12-month releases now. > > > what i did is that --joomla flag do diferent sql request and because > > joomla hass is like this: > > hash:salt > > i did split and compare. by default joomla uses md5 (i'm not a joomla > > master, i dont know when joomla uses other hashings) > > I intend to use this auth helper myself for other systems, and there are > others who ask about a DB helper occasionally. > > > Taking a better look at your changes ... > > The first one: db_conf = "block = 0" seems to be useless. All it does > is hard-code a different default value for the --cond option. > >For Joomla the squid.conf should instead contain: > --cond " block=0 " > > > Which leaves the salted/non-salted hash change. > Adding this: > >--salt-delimiter D > > To configure character(s) between the hash and salt values. Will not to > lock people into the specific Joomla syntax of colon. There are > examples and tutorials out there for app design that use other delimiters. > > Doing both of those changes Joomla would be configured with: > >... --cond " block=0 " --salt-delimiter ":" > > > if you want, latter i may add also --md5 to store md5 password, and > > --digest- auth to support diggest authentication :) but later jejeje > > Amos Got it the block=0 condition is a hardcore DB condition that joomla uses. I did add --joomla to hardcore all joomla conditions, bu tI'm agree i will add --salt-delimiter. A+
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Luis Daniel Lucio Quiroz wrote: Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : Luis Daniel Lucio Quiroz wrote: Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : HI all As a requirement of one client, he wants to use joomla user database to let squid authenticate. I did patch squid_db_auth that Henrik has written in order to support joomla hash conditions. I did add one usefull option to script --joomla in order to activate joomla hashing. Other options are identical. Please test :) Ammos, I'd like if you can include this in 3.1.2 Mumble. How do other users feel about it? Useful enough to cross the security bugs and regressions only freeze? LD I have a typo in my salt should be my $salt sorry Can you make the option --md5 instead please? Possibilities are not limited to Joomla and they may change someday. The option needs to be added to the documentation sections of the helper as well. Amos I dont get you about "cross the security", 3.1 is under feature freeze. Anything not a security fix or regression needs to have some good reasons to be committed. I'm trying to stick to the freeze a little more with 3.1 than with 3.0, to get back into the habit of it. Particularly since we look like having a good foothold on the track for 12-month releases now. what i did is that --joomla flag do diferent sql request and because joomla hass is like this: hash:salt i did split and compare. by default joomla uses md5 (i'm not a joomla master, i dont know when joomla uses other hashings) I intend to use this auth helper myself for other systems, and there are others who ask about a DB helper occasionally. Taking a better look at your changes ... The first one: db_conf = "block = 0" seems to be useless. All it does is hard-code a different default value for the --cond option. For Joomla the squid.conf should instead contain: --cond " block=0 " Which leaves the salted/non-salted hash change. Adding this: --salt-delimiter D To configure character(s) between the hash and salt values. Will not to lock people into the specific Joomla syntax of colon. There are examples and tutorials out there for app design that use other delimiters. Doing both of those changes Joomla would be configured with: ... --cond " block=0 " --salt-delimiter ":" if you want, latter i may add also --md5 to store md5 password, and --digest- auth to support diggest authentication :) but later jejeje Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit :
> Luis Daniel Lucio Quiroz wrote:
> > Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit :
> >> HI all
> >>
> >> As a requirement of one client, he wants to use joomla user database to
> >> let squid authenticate.
> >>
> >> I did patch squid_db_auth that Henrik has written in order to support
> >> joomla hash conditions.
> >>
> >> I did add one usefull option to script
> >>
> >> --joomla
> >>
> >> in order to activate joomla hashing. Other options are identical.
> >> Please test :)
> >>
> >> Ammos, I'd like if you can include this in 3.1.2
>
> Mumble.
>
> How do other users feel about it? Useful enough to cross the security
> bugs and regressions only freeze?
>
> >> LD
> >
> > I have a typo in
> > my salt
> >
> > should be
> > my $salt
> >
> > sorry
>
> Can you make the option --md5 instead please?
> Possibilities are not limited to Joomla and they may change someday.
>
> The option needs to be added to the documentation sections of the helper
> as well.
>
> Amos
I did fix some warnings
it works,
tested with joomla 1.5.14 :)
--- helpers/basic_auth/DB/squid_db_auth.in 2010-03-29 12:02:56.0 +0200
+++ helpers/basic_auth/DB/squid_db_auth.in.dlucio 2010-04-23 05:04:40.0 +0200
@@ -1,8 +1,9 @@
#...@perl@
-use strict;
+#use strict;
use DBI;
use Getopt::Long;
use Pod::Usage;
+use Digest::MD5 qw(md5 md5_hex md5_base64);
$|=1;
=pod
@@ -22,6 +23,8 @@
my $db_cond = "enabled = 1";
my $plaintext = 0;
my $persist = 0;
+my $isjoomla = 0;
+my $debug = 0;
=pod
@@ -62,6 +65,7 @@
=item B<--cond>
Condition, defaults to enabled=1. Specify 1 or "" for no condition
+If you use --joomla flag, this condition will be changed to block=0
=item B<--plaintext>
@@ -71,6 +75,10 @@
Keep a persistent database connection open between queries.
+=item B<--joomla>
+
+Tell helper that user database is joomla db. So salt hasing is understood.
+
=back
=cut
@@ -85,14 +93,18 @@
'cond=s' => \$db_cond,
'plaintext' => \$plaintext,
'persist' => \$persist,
+ 'joomla' => \$isjoomla,
+ 'debug' => \$debug,
);
-my ($_dbh, $_sth);
+$db_cond = "block = 0" if $isjoomla;
+
sub close_db()
{
return if !defined($_dbh);
$_dbh->disconnect();
+$_sth->finish();
undef $_dbh;
undef $_sth;
}
@@ -113,10 +125,17 @@
{
my ($password, $key) = @_;
-return 1 if crypt($password, $key) eq $key;
+if ($isjoomla){
+my $salt;
+my $key2;
+($key2,$salt) = split (/:/, $key);
+return 1 if md5_hex($password.$salt).':'.$salt eq $key;
+}
+else{
+return 1 if crypt($password, $key) eq $key;
-return 1 if $plaintext && $password eq $key;
-
+return 1 if $plaintext && $password eq $key;
+}
return 0;
}
@@ -155,8 +174,9 @@
=head1 COPYRIGHT
Copyright (C) 2007 Henrik Nordstrom
+Copyright (C) 2010 Luis Daniel Lucio Quiroz (Joomla support)
+
This program is free software. You may redistribute copies of it under the
terms of the GNU General Public License version 2, or (at youropinion) any
later version.
-
=cut
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit : > Luis Daniel Lucio Quiroz wrote: > > Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : > >> HI all > >> > >> As a requirement of one client, he wants to use joomla user database to > >> let squid authenticate. > >> > >> I did patch squid_db_auth that Henrik has written in order to support > >> joomla hash conditions. > >> > >> I did add one usefull option to script > >> > >> --joomla > >> > >> in order to activate joomla hashing. Other options are identical. > >> Please test :) > >> > >> Ammos, I'd like if you can include this in 3.1.2 > > Mumble. > > How do other users feel about it? Useful enough to cross the security > bugs and regressions only freeze? > > >> LD > > > > I have a typo in > > my salt > > > > should be > > my $salt > > > > sorry > > Can you make the option --md5 instead please? > Possibilities are not limited to Joomla and they may change someday. > > The option needs to be added to the documentation sections of the helper > as well. > > Amos I dont get you about "cross the security", what i did is that --joomla flag do diferent sql request and because joomla hass is like this: hash:salt i did split and compare. by default joomla uses md5 (i'm not a joomla master, i dont know when joomla uses other hashings) if you want, latter i may add also --md5 to store md5 password, and --digest- auth to support diggest authentication :) but later jejeje
Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)
Luis Daniel Lucio Quiroz wrote: Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit : HI all As a requirement of one client, he wants to use joomla user database to let squid authenticate. I did patch squid_db_auth that Henrik has written in order to support joomla hash conditions. I did add one usefull option to script --joomla in order to activate joomla hashing. Other options are identical. Please test :) Ammos, I'd like if you can include this in 3.1.2 Mumble. How do other users feel about it? Useful enough to cross the security bugs and regressions only freeze? LD I have a typo in my salt should be my $salt sorry Can you make the option --md5 instead please? Possibilities are not limited to Joomla and they may change someday. The option needs to be added to the documentation sections of the helper as well. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
