Re: [squid-users] auth problems

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 26 Apr 2001 00:23:31 +0200

You are missing a fflush() call on nonexisting logins.

It is simpler to simply disable buffering than to try to cover all cases
with fflush(). At the top of the program instert:

  setbuf(stdout, NULL);

Please note that the Squid sources already include a getpwnam
authenticator, but it might be a fun experience to write yet another one
so I won't stop you ;-)

--
Henrik Nordstrom
Squid Hacker
Petter Lindqvist wrote:
> 
> I can get squid to work as I want when not using any auth module.
> As I can't find any auth module that works as I want, I wrote an own
> according to the instructions I've found. But I'm not sure it works
> exactly as it should. It denies bad passwords, but when I've entered a
> correct one the connections just hangs, and nothing more happens.
> 
> My auth module looks like this and it should let anyone in who has login
> permissions on the squid host computer:
> (Feel free to include a corrected version of this auth module in coming
> releases of squid, just mention my mail adress as author or something.)
> 
> #include <stdio.h>
> #include <sys/types.h>
> #include <pwd.h>
> #include <unistd.h>
> 
> int main()
> {
>   struct passwd *pw;
>   char login[512],pass[512];
>   FILE *fh;
>   while((scanf("%s%s",login,pass))==2)
>     {
>       pw=getpwnam(login);
>       if(!pw)
>         {
>           printf("ERR\n");
>         }
>       else
>         {
>           if(strcmp(crypt(pass,pw->pw_passwd),pw->pw_passwd))
>             {
>               printf("ERR\n");
>             }
>           else
>             {
>               printf("OK\n");
>             }
>           fflush(stdout);
>         }
>     }
>   return 0;
> }
> 
> Config file that works without the auth module above:
> 
> http_port 2046
> cache_dir ufs /usr/local/squid/cache 100 16 256
> cache_access_log /usr/local/squid/logs/access.log
> cache_log /usr/local/squid/logs/cache.log
> cache_store_log /usr/local/squid/logs/store.log
> dns_nameservers none
> unlinkd_program /usr/pkg/libexec/unlinkd
> pinger_program /usr/pkg/libexec/pinger
> acl all src 0.0.0.0/0.0.0.0
> no_cache deny all
> 
> authenticate_program /usr/local/bin/nis_auth
> proxy_auth_realm www.hig.se proxy
> acl nis proxy_auth REQUIRED
> http_access allow nis
> http_access deny all
> 
> cache_effective_user nobody
> cache_effective_group nogroup
> cache_mgr petter@hig.se
Received on Wed Apr 25 2001 - 17:05:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:36 MST