From 158f30cd7dda33befd059a646055d1e346fd0f42 Mon Sep 17 00:00:00 2001 From: "jan@unixpapa.com" Date: Wed, 12 Oct 2011 14:45:22 +0000 Subject: [PATCH] Deleting various old example authenticators available elsewhere --- mod_authnz_external/CHANGES | 3 + mod_authnz_external/README | 53 ++--- mod_authnz_external/mysql/README | 17 -- mod_authnz_external/mysql/mysql-auth.pl | 89 -------- mod_authnz_external/radius/README | 12 -- mod_authnz_external/sybase/README | 12 -- .../sybase/mod_auth_external_sybase.c | 197 ------------------ 7 files changed, 32 insertions(+), 351 deletions(-) delete mode 100644 mod_authnz_external/mysql/README delete mode 100644 mod_authnz_external/mysql/mysql-auth.pl delete mode 100644 mod_authnz_external/radius/README delete mode 100644 mod_authnz_external/sybase/README delete mode 100644 mod_authnz_external/sybase/mod_auth_external_sybase.c diff --git a/mod_authnz_external/CHANGES b/mod_authnz_external/CHANGES index 8cf7156..e4a637c 100644 --- a/mod_authnz_external/CHANGES +++ b/mod_authnz_external/CHANGES @@ -1,5 +1,8 @@ v3.3.1 (Jan Wolter - ) ---------------------------------------------- + * Deleted most of the sample authenticators from the distribution. They + are mostly old and crufty or available elsewhere. No need to clutter + the main distribution with them. * Added code to support caching authentications with mod_authn_socache. This is enabled by the "AuthExternalProvideCache On" directive. diff --git a/mod_authnz_external/README b/mod_authnz_external/README index fe5b5ff..2a50361 100644 --- a/mod_authnz_external/README +++ b/mod_authnz_external/README @@ -179,8 +179,8 @@ but there are more ways to screw up your security by doing them badly than we could possibly list. See the file AUTHENTICATORS for more information on implementing authenticators. -Example External Authentication Routines in this Distribution: --------------------------------------------------------------- +Example Authentication Routines in this Distribution: +----------------------------------------------------- test/ Several small dummy external authentication programs written in Perl. @@ -188,39 +188,44 @@ Example External Authentication Routines in this Distribution: any user whose password and login name are identical. They write lots of debugging info to the error_log file. - Author and Maintainer: Jan Wolter + Author and Maintainer: Jan Wolter http://unixpapa.com/ - mysql/ +Example Authentication Routines Formerly Included in this Distribution: +----------------------------------------------------------------------- +In the interest of cleaning up the distribution, several other examples +that were formerly distributed with this module are now only available +separately. + + pwauth + A C program for authenticating out of unix shadow password files or + PAM. + + Author and Maintainer: Jan Wolter http://unixpapa.com/ + Available from: http://code.google.com/p/pwauth/ + + MYSQL-auth A Perl program for authenticating out of a MySQL database. This is written in Perl using the DBI interface, so it could be trivially adapted to work with any other SQL database server that has a DBI interface (that is to say all of them). Author and Maintainer: Anders Nordby - http://anders.fix.no/software/#unix - -The "pwauth" authenticator for unix shadow password files or PAM which -was previously included in this distribution is now in a separate package, -available from http://www.unixpapa.com/pwauth/. - -Example Hardcoded Internal Authentication Routines in this Distribution: ------------------------------------------------------------------------- + Available From: http://anders.fix.no/software/#unix - sybase/ - A function that queries a sybase database and compares the passwords - for said user. + sybase-internal-auth + An example of a hardcoded internal authentication function for use with + mod_auth_external or mod_authnz_external. It's designed for doing + authentication out of a sybase database, which these days would be better + done using mod_authn_dbd. - Author: - Unmaintained. + Author: + Available From: http://code.google.com/p/mod-auth-external/downloads -The radius client previously distributed with mod_auth_external has been -removed from the distribution because of possible license problems. Get it -from http://unixpapa.com/software/mae_radius.tar.gz if you want it, but -mod_auth_radius is a better choice. + mae-radius + Another example or a hardcoded internal authentication function. + This does radius authentication. It may not be fully open source. -If you have programs or functions you have coded and would like to add them -to the examples collection on the next release please email them to -jan@unixpapa.com and include a short description. + Available From: http://unixpapa.com/software/mae_radius.tar.gz Checkpassword Authenticators ---------------------------- diff --git a/mod_authnz_external/mysql/README b/mod_authnz_external/mysql/README deleted file mode 100644 index 760f803..0000000 --- a/mod_authnz_external/mysql/README +++ /dev/null @@ -1,17 +0,0 @@ -The MySQL auth program is by Anders Nordby who maintains it -at http://anders.fix.no/software/#unix - -See the header of the auth-mysql.pl file for the author's notes. - -This require the Perl DBI/DBD libraries for mysql: - http://cpan.valueclick.com/modules/by-category/07_Database_Interfaces/DBI/ - http://cpan.valueclick.com/modules/by-category/07_Database_Interfaces/DBD/ - -Configuration is mostly by editing the definitions at the front of the -mysql-auth.pl. - -In the likely event that your SQL tables have different field names, you'll -also have to edit the SQL query in the call to $dbh->prepare(). - -If you want to use a database server other than MySQL, you'll need the DBD -library for that database and you'll need to change the DBI->connect() call. diff --git a/mod_authnz_external/mysql/mysql-auth.pl b/mod_authnz_external/mysql/mysql-auth.pl deleted file mode 100644 index da6be4d..0000000 --- a/mod_authnz_external/mysql/mysql-auth.pl +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -Tw -# MySQL-auth version 1.0 -# Anders Nordby , 2002-01-20 -# This script is usable for authenticating users against a MySQL database with -# the Apache module mod_auth_external or mod_authnz_external. See -# http://unixpapa.com/mod_auth_external/ for mod_auth_external. -# -# Updates to this script will be made available on: -# http://anders.fix.no/software/#unix - -my $dbhost="localhost"; -my $dbuser="validator"; -my $dbpw="whatagoodpassword"; -my $dbname="funkydb"; -my $dbport="3306"; -my $mychars="01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_,."; - -# Below this, only the SQL query should be interesting to modify for users. - -use DBI; - -sub validchars -{ - # 0: string 1: valid characters - my $streng = $_[0]; - - my $ok = 1; - my $i = 0; - while ($ok && $i < length($_[0])) { - if (index($_[1], substr($_[0],$i,1)) == -1) { - $ok = 0; - } - $i++; - } - return($ok); -} - -# Get the name of this program -$prog= join ' ',$0,@ARGV; -$logprefix='[' . scalar localtime . '] ' . $prog; - -# Get the user name -$user= ; -chomp $user; - -# Get the password name -$pass= ; -chomp $pass; - -# check for valid characters -if (!validchars($user, $mychars) || !validchars($pass, $mychars)) { - print STDERR "$logprefix: invalid characters used in login/password - Rejected\n"; - exit 1; -} - -# check for password in mysql database -#if -my $dbh = DBI->connect("DBI:mysql:database=$dbname:host=$dbhost:port=$dbport",$dbuser,$dbpw,{PrintError=>0}); - -if (!$dbh) { - print STDERR "$logprefix: could not connect to database - Rejected\n"; - exit 1; -} - -my $dbq = $dbh->prepare("select username as username, password as password from users where username=?;"); -$dbq->bind_param(1, $user); -$dbq->execute; - -my $row = $dbq->fetchrow_hashref(); - -if ($row->{username} eq "") { - print STDERR "$logprefix: could not find user $user - Rejected\n"; - exit 1; -} -if ($row->{password} eq "") { - print STDERR "$logprefix: empty password for user $user - Rejected\n"; - exit 1; -} - -if ($row->{password} eq crypt($pass,substr($row->{password},0,2))) { - print STDERR "$logprefix: password for user $user matches - Accepted\n"; - exit 0; -} else { - print STDERR "$logprefix: password for user $user does not match - Rejected\n"; - exit 1; -} - -$dbq->finish; -$dbh->disconnect; diff --git a/mod_authnz_external/radius/README b/mod_authnz_external/radius/README deleted file mode 100644 index f8a9dd4..0000000 --- a/mod_authnz_external/radius/README +++ /dev/null @@ -1,12 +0,0 @@ -Older versions of mod_auth_external included an example of a hard -coded internal authentication function which was designed for -authenticating from a Radius server. - -It is no longer included in the mod_auth_external distribution because -its license did not appear to be a full open source license. - -People interested in a radius authenticator, should probably look into -mod_auth_radius. - -For the time being, the old contents of this directory will be available -from http://unixpapa.com/software/mae_radius.tar.gz diff --git a/mod_authnz_external/sybase/README b/mod_authnz_external/sybase/README deleted file mode 100644 index 2166f0a..0000000 --- a/mod_authnz_external/sybase/README +++ /dev/null @@ -1,12 +0,0 @@ -This is a hardcoded internal authentication function for use with -mod_auth_external or mod_authnz_external. It supports authenticating -from a Sybase database using the DB lib interface. - -It assumes the existence of a table named "users" in your database, with -fields named "login" and "passwd" which are both adequately large varchar -types. Passwords are stored as plain text, which Jan Wolter considers a -grevious mistake. Better to encrypt them with something like crypt(3). - -Author: - -This code is not being maintained. diff --git a/mod_authnz_external/sybase/mod_auth_external_sybase.c b/mod_authnz_external/sybase/mod_auth_external_sybase.c deleted file mode 100644 index dff4390..0000000 --- a/mod_authnz_external/sybase/mod_auth_external_sybase.c +++ /dev/null @@ -1,197 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1997 Societe Generale. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by Societe Generale" - * - * 4. The name "Societe Generale" must not be used to endorse or - * promote products derived from this software without prior written - * permission. - * - * 5. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Societe Generale" - * - * THIS SOFTWARE IS PROVIDED BY SOCIETE GENERALE ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SOCIETE GENERALE - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -/* mod_auth_external_sybase.c 1.2 - apache authentication using - * mod_auth_external HARCODE extension. - * - * To edit this file, use 3-characters tabs. - * - * REVISIONS: - * 1.0: br, may 15 1997 - * 1.1: br, may 21 1997 - * added some log facilities, due to PASS variable problem... - * 1.2: br, june 5 1997 - * updated code to use mod_auth_external HARDCODE extension - * changed log usage - * - * TO DO: - * - check for sybase failures, and eventually try new connexions - * - add config file facility - * - permit multiple config files - * - */ - -#undef STATUS /* to permit correct apache compilation */ - -#include /* for those who like comments */ -#include -#include -#include -#include -#include -#include -#include -#include - -/* sybase constants: ugly, but they will *NEVER* change... - */ -#define DBUSER "cleopatra" /* user */ -#define DBPASS "noufnouf" /* passwd */ -#define DBNAME "ISIS" /* basename */ - -#define LOGFILE "/var/log/www/checkpass" /* to log USER/PASS info */ - -/* openbase() - open database... - * - * return value: - * NULL: cannot access database - * other: DBPROCESS id. - * - */ -DBPROCESS *openbase() -{ - LOGINREC *login = NULL; - - if (dbinit() == FAIL) /* get login */ - return NULL; - login = dblogin(); - - DBSETLUSER(login, DBUSER); /* set user & passwd database access */ - DBSETLPWD(login, DBPASS); - - return dbopen(login, DBNAME); /* open connexion */ -} - -/* sybasecheck(user, passwd, conf) - * char *passwd, *passwd, *conf; - * - */ -sybasecheck(user, pass, conf) - char *user, *pass, *conf; -{ - static DBPROCESS *dbproc = NULL; - char gotpass[256]; - int debug = 1; /* change this and recompile to have some - * debugging - */ - int status; - FILE *debugfile = NULL; - - if (debug) { /* open log file */ - debugfile = fopen(LOGFILE, "a+"); - } - if (debugfile) { - fprintf(debugfile, "sybasecheck: USER = <%s> ", - user? user: ""); - fprintf(debugfile, "PASS = <%s> ", pass? pass: ""); - } - - if (user && pass) { /* got something? */ - if (!dbproc) { - dbproc = openbase(); /* open database */ - if (debugfile) { - fprintf(debugfile, " [%d]: opened base [%#x] ", - (int) getpid(), dbproc); - } - } - else { - if (debugfile) { - fprintf(debugfile, " [%d]: base [%#x] ", - (int) getpid(), dbproc); - } - } - - if (dbproc) { - /* we generate sql request. It looks like: - * select passwd from users where login=$USER - */ - dbfcmd(dbproc, "select passwd from users where login = \"%s\"", user); - - if (dbsqlexec(dbproc) == SUCCEED) { - - if (dbresults(dbproc) == SUCCEED) { - - /* we bind the results to gotpasss string & check if we - * got something... - */ - if ((dbbind(dbproc, 1, NTBSTRINGBIND, - sizeof(gotpass), gotpass) == SUCCEED) && - ((status = dbnextrow(dbproc)) != FAIL) && - (status != NO_MORE_ROWS)) { - - if (debugfile) { - fprintf(debugfile, "GOTPASS = <%s>\n", - gotpass? gotpass: ""); - fclose(debugfile); - } - - /* ok: compare result to PASS variable, and exit - */ - return(strcmp(gotpass, pass)? 1: 0); - } - - /* all rest are sybase errors... - */ - else - if (debugfile) - fprintf(debugfile, "error accessing database.\n"); - } - else - if (debugfile) - fprintf(debugfile, "error dbresults.\n"); - } - else { - if (debugfile) - fprintf(debugfile, "error in dbsqlexec.\n"); - } - } - else - if (debugfile) - fprintf(debugfile, "error in dbopen.\n"); - } - if (debugfile) - fclose(debugfile); - - return (1); - -} - -- 2.50.1