cat /usr/lib64/squid/squid_db_auth

[danny@ip-172-31-21-147 ~]$ sudo cat /usr/lib64/squid/squid_db_auth
use strict;
use DBI;
use Getopt::Long;
use Pod::Usage;
use Digest::MD5 qw(md5 md5_hex md5_base64);


=head1 NAME

squid_db_auth - Database auth helper for Squid


my $dsn = "DBI:mysql:database=squid";
my $db_user = undef;
my $db_passwd = undef;
my $db_table = "passwd";
my $db_usercol = "user";
my $db_passwdcol = "password";
my $db_cond = "enabled = 1";
my $plaintext = 0;
my $md5 = 0;
my $persist = 0;
my $isjoomla = 0;
my $debug = 0;
my $hashsalt = undef;



squid_db_auth [options]


This program verifies username & password to a database

=over 8

=item B<--dsn>

Database DSN. Default "DBI:mysql:database=squid"

=item B<--user>

Database User

=item B<--password>

Database password

=item B<--table>

Database table. Default "passwd".

=item B<--usercol>

Username column. Default "user".

=item B<--passwdcol>

Password column. Default "password".

=item B<--cond>

Condition, defaults to enabled=1. Specify 1 or "" for no condition
If you use --joomla flag, this condition will be changed to block=0

=item B<--plaintext>

Database contains plain-text passwords

=item B<--md5>

Database contains unsalted md5 passwords

=item B<--salt>

Selects the correct salt to evaluate passwords

=item B<--persist>

Keep a persistent database connection open between queries.

=item B<--joomla>

Tells helper that user database is Joomla DB. So their unusual salt
hashing is understood.



'dsn=s' => \$dsn,
'user=s' => \$db_user,
'password=s' => \$db_passwd,
'table=s' => \$db_table,
'usercol=s' => \$db_usercol,
'passwdcol=s' => \$db_passwdcol,
'cond=s' => \$db_cond,
'plaintext' => \$plaintext,
'md5' => \$md5,
'persist' => \$persist,
'joomla' => \$isjoomla,
'debug' => \$debug,
'salt=s' => \$hashsalt,

my ($_dbh, $_sth);
$db_cond = "block = 0" if $isjoomla;

sub close_db()
return if !defined($_dbh);
undef $_sth;
undef $_dbh;

sub open_db()
return $_sth if defined $_sth;
$_dbh = DBI->connect($dsn, $db_user, $db_passwd);
if (!defined $_dbh) {
warn ("Could not connect to $dsn\n");
return undef;
my $sql_query;
$sql_query = "SELECT $db_passwdcol FROM $db_table WHERE $db_usercol = ?" . ($db_cond ne "" ? " AND $db_cond" : "");
$_sth = $_dbh->prepare($sql_query) || die;
return $_sth;

sub check_password($$)
my ($password, $key) = @_;

if ($isjoomla){
my $salt;
my $key2;
($key2,$salt) = split (/:/, $key);
return 1 if md5_hex($password.$salt).':'.$salt eq $key;
return 1 if defined $hashsalt && crypt($password, $hashsalt) eq $key;
return 1 if crypt($password, $key) eq $key;
return 1 if $md5 && md5_hex($password) eq $key;
return 1 if $plaintext && $password eq $key;

return 0;

sub query_db($) {
my ($user) = @_;
my ($sth) = open_db() || return undef;
if (!$sth->execute($user)) {
open_db() || return undef;
$sth->execute($user) || return undef;;
return $sth;
my $status;

while (<>) {
my ($user, $password) = split;
$status = "ERR";
$user =~ s/%(..)/pack("H*", $1)/ge;
$password =~ s/%(..)/pack("H*", $1)/ge;

$status = "ERR database error";
my $sth = query_db($user) || next;
$status = "ERR unknown login";
my $row = $sth->fetchrow_arrayref() || next;
$status = "ERR login failure";
next if (!check_password($password, @$row[0]));
$status = "OK";
} continue {
close_db() if (!$persist);
print $status . "\n";



Copyright (C) 2007 Henrik Nordstrom <>
Copyright (C) 2010 Luis Daniel Lucio Quiroz <> (Joomla support)
This program is free software. You may redistribute copies of it under the
terms of the GNU General Public License version 2, or (at youropinion) any
later version.


posted @ 2014-10-28 09:35  chromebook  阅读(370)  评论(0编辑  收藏  举报