Re: Basic bourne shell-based authenticator module

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 13 Feb 2003 13:12:04 +0100

Try this instead

#!/bin/sh
PASSWORDFILE="/usr/local/etc/squid/users.txt"
while read AUTH; do
  if grep -q -x -F "$AUTH" $PASSWORDFILE; then
    echo OK
  else
    echo ERR
  fi
done

The "while read .." makes the helper exit when Squid asks it to
(shutdown or log rotate).

the "if grep -q .." simplifies things a little.

the "grep -F" flag fixes a security issue with your script. normally
grep uses regex matching which you do not want here..

If you have many users I would advise to just rewrite the NCSA module to
use plaintext instead.. (one line change)

Regards
Henrik

BSD Freak wrote:
>
> Hi all,
>
> I am have written a very basic squid authenticator module. Code is as
> follows:
>
> #!/bin/sh
> PASSWORDFILE="/usr/local/etc/squid/users.txt"
> TEST="123"
> while [ ! -z $TEST ]
> do
> read AUTH
> if [ ! -z "`grep -x "$AUTH" $PASSWORDFILE`" ]; then
> echo "OK"
> else
> echo "ERR"
> fi
> done
>
> It all works fine and authenticates users from a plain text file
> (/usr/local/etc/squid/users.txt) whose format is:
>
> user password
> user password
>
> The only problem is that the authenicator module processes that squid
> spawns don't get killed when squid is killed. It also seems to keep
> opening many more authenicator module processes while it runs even
> though I have limited it toi 5 children in squid.conf.
>
> Any suggestions?
>
> Many thanks in advance......
>
> ---------------------------------------------------------------------
> Would you like to receive faxes to your personal email address?
> You can with mBox. Visit http://www.mbox.com.au/fax
Received on Thu Feb 13 2003 - 05:22:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:15 MST