Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)

From: Luis Daniel Lucio Quiroz <luis.daniel.lucio_at_gmail.com>
Date: Thu, 27 May 2010 11:16:08 -0500

Le jeudi 27 mai 2010 07:30:11, Amos Jeffries a écrit :
> Luis Daniel Lucio Quiroz wrote:
> > Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit :
> >> Luis Daniel Lucio Quiroz wrote:
> >>> Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit :
> >>>> Luis Daniel Lucio Quiroz wrote:
> >>>>> Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit :
> >>>>>> Luis Daniel Lucio Quiroz wrote:
> >>>>>>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit :
> >>>>>>>> HI all
> >>>>>>>>
> >>>>>>>> As a requirement of one client, he wants to use joomla user
> >>>>>>>> database to let squid authenticate.
> >>>>>>>>
> >>>>>>>> I did patch squid_db_auth that Henrik has written in order to
> >>>>>>>> support joomla hash conditions.
> >>>>>>>>
> >>>>>>>> I did add one usefull option to script
> >>>>>>>>
> >>>>>>>> --joomla
> >>>>>>>>
> >>>>>>>> in order to activate joomla hashing. Other options are identical.
> >>>>>>>> Please test :)
> >>>>>>>>
> >>>>>>>> Ammos, I'd like if you can include this in 3.1.2
> >>>>>>
> >>>>>> Mumble.
> >>>>>>
> >>>>>> How do other users feel about it? Useful enough to cross the
> >>>>>> security bugs and regressions only freeze?
> >>>>>>
> >>>>>>>> LD
> >>>>>>>
> >>>>>>> I have a typo in
> >>>>>>> my salt
> >>>>>>>
> >>>>>>> should be
> >>>>>>> my $salt
> >>>>>>>
> >>>>>>> sorry
> >>>>>>
> >>>>>> Can you make the option --md5 instead please?
> >>>>>>
> >>>>>> Possibilities are not limited to Joomla and they may change
> >>>>>> someday.
> >>>>>>
> >>>>>> The option needs to be added to the documentation sections of the
> >>>>>> helper as well.
> >>>>>>
> >>>>>> Amos
> >>>>>
> >>>>> I dont get you about "cross the security",
> >>>>
> >>>> 3.1 is under feature freeze. Anything not a security fix or regression
> >>>> needs to have some good reasons to be committed.
> >>>>
> >>>> I'm trying to stick to the freeze a little more with 3.1 than with
> >>>> 3.0, to get back into the habit of it. Particularly since we look
> >>>> like having a good foothold on the track for 12-month releases now.
> >>>>
> >>>>> what i did is that --joomla flag do diferent sql request and because
> >>>>> joomla hass is like this:
> >>>>> hash:salt
> >>>>> i did split and compare. by default joomla uses md5 (i'm not a
> >>>>> joomla master, i dont know when joomla uses other hashings)
> >>>>
> >>>> I intend to use this auth helper myself for other systems, and there
> >>>> are others who ask about a DB helper occasionally.
> >>>>
> >>>>
> >>>> Taking a better look at your changes ...
> >>>>
> >>>> The first one: db_conf = "block = 0" seems to be useless. All it does
> >>>> is hard-code a different default value for the --cond option.
> >>>>
> >>>> For Joomla the squid.conf should instead contain:
> >>>> --cond " block=0 "
> >>>>
> >>>> Which leaves the salted/non-salted hash change.
> >>>>
> >>>> Adding this:
> >>>> --salt-delimiter D
> >>>>
> >>>> To configure character(s) between the hash and salt values. Will not
> >>>> to lock people into the specific Joomla syntax of colon. There are
> >>>> examples and tutorials out there for app design that use other
> >>>> delimiters.
> >>>>
> >>>> Doing both of those changes Joomla would be configured with:
> >>>> ... --cond " block=0 " --salt-delimiter ":"
> >>>>>
> >>>>> if you want, latter i may add also --md5 to store md5 password, and
> >>>>> --digest- auth to support diggest authentication :) but later jejeje
> >>>>
> >>>> Amos
> >>>
> >>> HI
> >>> i've just update my patch to fit 3.1.2
> >>>
> >>>
> >>> I hope this could be included since it is based on todays snapshot.
> >>>
> >>> Regards,
> >>>
> >>> LD
> >>
> >> Thank you.
> >>
> >> You still have the --joomla flag. I thought you agreed to call it
> >> something like the --salt and take the delim character ?
> >>
> >> Amos
> >
> > Amos + team,
> >
> > i was adding salt support and i realize of this line
> >
> > return 1 if crypt($password, $key) eq $key;
> >
> > as far as i know this is impossible, because crypt using a salt wont
> > be eq to that key,
> > because there are many scenarios i did let this line in my patch and add
> > another to use static salt
> >
> > I also add a --sql option to let user specify complex querys. As i was
> > needint it to work with an INNER JOIN.
> >
> > I hope you can review it.
> >
> > LD
>
> I have not found the need for --sql in my experience with complex
> queries to this helper. The each of the options --usercol , --passcol,
> --table and --cond can take whole snippets of SQL double-quoted.
>
> The rest of the patch is accepted. Will be in Squid-3.1.4.
>
> If anyone is interested in further improvements to this helper;
> Loading the parameters from a secure file instead of having the SQL
> snippets and DSN login visible on the command line would be useful.
>
> Amos

OK, no problem

i was realizing because complex select are more than JOINS, such as UNIONS or
SELECTS inside SELECTS but not problem. Can you post then how will be so i
can patch rpms :)

LD
Received on Thu May 27 2010 - 16:15:30 MDT

This archive was generated by hypermail 2.2.0 : Fri May 28 2010 - 12:00:06 MDT