[thirdparty/squid.git] / helpers / basic_auth / SMB / basic_smb_auth.cc

/*
 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 *  basic_smb_auth - SMB proxy authentication module
 *  Copyright (C) 1998  Richard Huveneers <richard@hekkihek.hacom.nl>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 */

#include "squid.h"
#include "helpers/defines.h"
#include "rfc1738.h"
#include "util.h"

#include <cstring>

#define NMB_UNICAST		1
#define NMB_BROADCAST	2

struct SMBDOMAIN {
    const char *name;		/* domain name */
    const char *sname;		/* match this with user input */
    const char *passthrough;	/* pass-through authentication */
    const char *nmbaddr;	/* name service address */
    int nmbcast;		/* broadcast or unicast */
    char *authshare;		/* share name of auth file */
    const char *authfile;	/* pathname of auth file */
    struct SMBDOMAIN *next;	/* linked list */
};

struct SMBDOMAIN *firstdom = NULL;
struct SMBDOMAIN *lastdom = NULL;

/*
 * escape the backslash character, since it has a special meaning
 * to the read command of the bourne shell.
 */

void
print_esc(FILE * p, char *s)
{
    char buf[HELPER_INPUT_BUFFER];
    char *t;
    int i = 0;

    for (t = s; *t != '\0'; ++t) {
        /*
         * NP: The shell escaping permits 'i' to jump up to 2 octets per loop,
         *     so ensure we have at least 3 free.
         */
        if (i > HELPER_INPUT_BUFFER-3) {
            buf[i] = '\0';
            (void) fputs(buf, p);
            i = 0;
        }
        if (*t == '\\')
            buf[i++] = '\\';

        buf[i] = *t;
        ++i;
    }

    if (i > 0) {
        buf[i] = '\0';
        (void) fputs(buf, p);
    }
}

int
main(int argc, char *argv[])
{
    int i;
    char buf[HELPER_INPUT_BUFFER];
    struct SMBDOMAIN *dom;
    char *s;
    char *user;
    char *pass;
    char *domname;
    FILE *p;
    const char *shcmd;

    /* make standard output line buffered */
    if (setvbuf(stdout, NULL, _IOLBF, 0) != 0)
        return 1;

    /* parse command line arguments */
    for (i = 1; i < argc; ++i) {
        if (strcmp(argv[i], "-d") == 0) {
            debug_enabled = 1;
            continue;
        }
        /* the next options require an argument */
        if (i + 1 == argc)
            break;

        if (strcmp(argv[i], "-W") == 0) {
            if ((dom = (struct SMBDOMAIN *) malloc(sizeof(struct SMBDOMAIN))) == NULL)
                return 1;

            dom->name = dom->sname = argv[++i];
            dom->passthrough = "";
            dom->nmbaddr = "";
            dom->nmbcast = NMB_BROADCAST;
            dom->authshare = (char *)"NETLOGON";
            dom->authfile = "proxyauth";
            dom->next = NULL;

            /* append to linked list */
            if (lastdom != NULL)
                lastdom->next = dom;
            else
                firstdom = dom;

            lastdom = dom;
            continue;
        }
        if (strcmp(argv[i], "-w") == 0) {
            if (lastdom != NULL)
                lastdom->sname = argv[++i];
            continue;
        }
        if (strcmp(argv[i], "-P") == 0) {
            if (lastdom != NULL)
                lastdom->passthrough = argv[++i];
            continue;
        }
        if (strcmp(argv[i], "-B") == 0) {
            if (lastdom != NULL) {
                lastdom->nmbaddr = argv[++i];
                lastdom->nmbcast = NMB_BROADCAST;
            }
            continue;
        }
        if (strcmp(argv[i], "-U") == 0) {
            if (lastdom != NULL) {
                lastdom->nmbaddr = argv[++i];
                lastdom->nmbcast = NMB_UNICAST;
            }
            continue;
        }
        if (strcmp(argv[i], "-S") == 0) {
            if (lastdom != NULL) {
                if ((lastdom->authshare = xstrdup(argv[++i])) == NULL)
                    return 1;

                /* convert backslashes to forward slashes */
                for (s = lastdom->authshare; *s != '\0'; ++s)
                    if (*s == '\\')
                        *s = '/';

                /* strip leading forward slash from share name */
                if (*lastdom->authshare == '/')
                    ++lastdom->authshare;

                if ((s = strchr(lastdom->authshare, '/')) != NULL) {
                    *s = '\0';
                    lastdom->authfile = s + 1;
                }
            }
            continue;
        }
    }

    shcmd = debug_enabled ? HELPERSCRIPT : HELPERSCRIPT " > /dev/null 2>&1";

    while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {

        if ((s = strchr(buf, '\n')) == NULL)
            continue;
        *s = '\0';

        if ((s = strchr(buf, ' ')) == NULL) {
            SEND_ERR("");
            continue;
        }
        *s = '\0';

        user = buf;
        pass = s + 1;
        domname = NULL;

        rfc1738_unescape(user);
        rfc1738_unescape(pass);

        if ((s = strchr(user, '\\')) != NULL) {
            *s = '\0';
            domname = user;
            user = s + 1;
        }
        /* match domname with linked list */
        if (domname != NULL && strlen(domname) > 0) {
            for (dom = firstdom; dom != NULL; dom = dom->next)
                if (strcasecmp(dom->sname, domname) == 0)
                    break;
        } else
            dom = firstdom;

        if (dom == NULL) {
            SEND_ERR("");
            continue;
        }
        if ((p = popen(shcmd, "w")) == NULL) {
            SEND_ERR("");
            continue;
        }
        (void) fprintf(p, "%s\n", dom->name);
        (void) fprintf(p, "%s\n", dom->passthrough);
        (void) fprintf(p, "%s\n", dom->nmbaddr);
        (void) fprintf(p, "%d\n", dom->nmbcast);
        (void) fprintf(p, "%s\n", dom->authshare);
        (void) fprintf(p, "%s\n", dom->authfile);
        (void) fprintf(p, "%s\n", user);
        /* the password can contain special characters */
        print_esc(p, pass);
        (void) fputc('\n', p);
        (void) fflush(p);

        if (pclose(p) == 0)
            SEND_OK("");
        else
            SEND_ERR("");
    }				/* while (1) */
    return 0;
}
Commit	Line	Data
5b95b903 AJ	1	/*
	2	* Copyright (C) 1996-2014 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
94439e4e	9	/*
5a48ed18	10	* basic_smb_auth - SMB proxy authentication module
94439e4e	11	* Copyright (C) 1998 Richard Huveneers <richard@hekkihek.hacom.nl>
	12	*
	13	* This program is free software; you can redistribute it and/or modify
	14	* it under the terms of the GNU General Public License as published by
	15	* the Free Software Foundation; either version 2 of the License, or
	16	* (at your option) any later version.
	17	*
	18	* This program is distributed in the hope that it will be useful,
	19	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	20	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	21	* GNU General Public License for more details.
	22	*
	23	* You should have received a copy of the GNU General Public License
	24	* along with this program; if not, write to the Free Software
94439e4e	25	*/
5b95b903	26
f7f3304a	27	#include "squid.h"
e673ba3a	28	#include "helpers/defines.h"
5a48ed18 AJ	29	#include "rfc1738.h"
5a48ed18 AJ	30	#include "util.h"
94439e4e	31
074d6a40	32	#include <cstring>
94439e4e	33
94439e4e	34	#define NMB_UNICAST 1
	35	#define NMB_BROADCAST 2
	36
	37	struct SMBDOMAIN {
4327acf1 HN	38	const char name; / domain name */
	39	const char sname; / match this with user input */
	40	const char passthrough; / pass-through authentication */
	41	const char nmbaddr; / name service address */
94439e4e	42	int nmbcast; /* broadcast or unicast */
94439e4e	43	char authshare; / share name of auth file */
4327acf1	44	const char authfile; / pathname of auth file */
94439e4e	45	struct SMBDOMAIN next; / linked list */
	46	};
	47
	48	struct SMBDOMAIN *firstdom = NULL;
	49	struct SMBDOMAIN *lastdom = NULL;
	50
	51	/*
	52	* escape the backslash character, since it has a special meaning
	53	* to the read command of the bourne shell.
	54	*/
	55
	56	void
	57	print_esc(FILE * p, char *s)
	58	{
e673ba3a	59	char buf[HELPER_INPUT_BUFFER];
94439e4e	60	char *t;
	61	int i = 0;
	62
755494da	63	for (t = s; *t != '\0'; ++t) {
1137dfd5 AJ	64	/*
	65	* NP: The shell escaping permits 'i' to jump up to 2 octets per loop,
	66	* so ensure we have at least 3 free.
	67	*/
	68	if (i > HELPER_INPUT_BUFFER-3) {
26ac0430 AJ	69	buf[i] = '\0';
	70	(void) fputs(buf, p);
	71	i = 0;
	72	}
	73	if (*t == '\\')
	74	buf[i++] = '\\';
94439e4e	75
f207fe64 FC	76	buf[i] = *t;
f207fe64 FC	77	++i;
94439e4e	78	}
	79
	80	if (i > 0) {
26ac0430 AJ	81	buf[i] = '\0';
26ac0430 AJ	82	(void) fputs(buf, p);
94439e4e	83	}
	84	}
	85
	86	int
	87	main(int argc, char *argv[])
	88	{
	89	int i;
e673ba3a	90	char buf[HELPER_INPUT_BUFFER];
94439e4e	91	struct SMBDOMAIN *dom;
	92	char *s;
	93	char *user;
	94	char *pass;
	95	char *domname;
	96	FILE *p;
4327acf1	97	const char *shcmd;
94439e4e	98
	99	/* make standard output line buffered */
	100	if (setvbuf(stdout, NULL, _IOLBF, 0) != 0)
26ac0430	101	return 1;
94439e4e	102
94439e4e	103	/* parse command line arguments */
755494da	104	for (i = 1; i < argc; ++i) {
26ac0430	105	if (strcmp(argv[i], "-d") == 0) {
e673ba3a	106	debug_enabled = 1;
26ac0430 AJ	107	continue;
	108	}
	109	/* the next options require an argument */
	110	if (i + 1 == argc)
	111	break;
94439e4e	112
26ac0430 AJ	113	if (strcmp(argv[i], "-W") == 0) {
	114	if ((dom = (struct SMBDOMAIN *) malloc(sizeof(struct SMBDOMAIN))) == NULL)
	115	return 1;
94439e4e	116
26ac0430 AJ	117	dom->name = dom->sname = argv[++i];
	118	dom->passthrough = "";
	119	dom->nmbaddr = "";
	120	dom->nmbcast = NMB_BROADCAST;
4327acf1	121	dom->authshare = (char *)"NETLOGON";
26ac0430 AJ	122	dom->authfile = "proxyauth";
26ac0430 AJ	123	dom->next = NULL;
94439e4e	124
26ac0430 AJ	125	/* append to linked list */
	126	if (lastdom != NULL)
	127	lastdom->next = dom;
	128	else
	129	firstdom = dom;
94439e4e	130
26ac0430 AJ	131	lastdom = dom;
	132	continue;
	133	}
	134	if (strcmp(argv[i], "-w") == 0) {
	135	if (lastdom != NULL)
	136	lastdom->sname = argv[++i];
	137	continue;
	138	}
	139	if (strcmp(argv[i], "-P") == 0) {
	140	if (lastdom != NULL)
	141	lastdom->passthrough = argv[++i];
	142	continue;
	143	}
	144	if (strcmp(argv[i], "-B") == 0) {
	145	if (lastdom != NULL) {
	146	lastdom->nmbaddr = argv[++i];
	147	lastdom->nmbcast = NMB_BROADCAST;
	148	}
	149	continue;
	150	}
	151	if (strcmp(argv[i], "-U") == 0) {
	152	if (lastdom != NULL) {
	153	lastdom->nmbaddr = argv[++i];
	154	lastdom->nmbcast = NMB_UNICAST;
	155	}
	156	continue;
	157	}
	158	if (strcmp(argv[i], "-S") == 0) {
	159	if (lastdom != NULL) {
bb85e424	160	if ((lastdom->authshare = xstrdup(argv[++i])) == NULL)
26ac0430	161	return 1;
94439e4e	162
26ac0430	163	/* convert backslashes to forward slashes */
755494da	164	for (s = lastdom->authshare; *s != '\0'; ++s)
26ac0430 AJ	165	if (*s == '\\')
26ac0430 AJ	166	*s = '/';
94439e4e	167
26ac0430 AJ	168	/* strip leading forward slash from share name */
26ac0430 AJ	169	if (*lastdom->authshare == '/')
755494da	170	++lastdom->authshare;
94439e4e	171
26ac0430 AJ	172	if ((s = strchr(lastdom->authshare, '/')) != NULL) {
	173	*s = '\0';
	174	lastdom->authfile = s + 1;
	175	}
	176	}
	177	continue;
	178	}
94439e4e	179	}
94439e4e	180
e673ba3a	181	shcmd = debug_enabled ? HELPERSCRIPT : HELPERSCRIPT " > /dev/null 2>&1";
94439e4e	182
e673ba3a	183	while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
94439e4e	184
26ac0430 AJ	185	if ((s = strchr(buf, '\n')) == NULL)
	186	continue;
	187	*s = '\0';
94439e4e	188
26ac0430	189	if ((s = strchr(buf, ' ')) == NULL) {
e673ba3a	190	SEND_ERR("");
26ac0430 AJ	191	continue;
	192	}
	193	*s = '\0';
94439e4e	194
26ac0430 AJ	195	user = buf;
	196	pass = s + 1;
	197	domname = NULL;
94439e4e	198
26ac0430 AJ	199	rfc1738_unescape(user);
26ac0430 AJ	200	rfc1738_unescape(pass);
25858293	201
26ac0430 AJ	202	if ((s = strchr(user, '\\')) != NULL) {
	203	*s = '\0';
	204	domname = user;
	205	user = s + 1;
	206	}
	207	/* match domname with linked list */
	208	if (domname != NULL && strlen(domname) > 0) {
	209	for (dom = firstdom; dom != NULL; dom = dom->next)
	210	if (strcasecmp(dom->sname, domname) == 0)
	211	break;
	212	} else
	213	dom = firstdom;
94439e4e	214
26ac0430	215	if (dom == NULL) {
e673ba3a	216	SEND_ERR("");
26ac0430 AJ	217	continue;
	218	}
	219	if ((p = popen(shcmd, "w")) == NULL) {
e673ba3a	220	SEND_ERR("");
26ac0430 AJ	221	continue;
	222	}
	223	(void) fprintf(p, "%s\n", dom->name);
	224	(void) fprintf(p, "%s\n", dom->passthrough);
	225	(void) fprintf(p, "%s\n", dom->nmbaddr);
	226	(void) fprintf(p, "%d\n", dom->nmbcast);
	227	(void) fprintf(p, "%s\n", dom->authshare);
	228	(void) fprintf(p, "%s\n", dom->authfile);
	229	(void) fprintf(p, "%s\n", user);
	230	/* the password can contain special characters */
	231	print_esc(p, pass);
	232	(void) fputc('\n', p);
	233	(void) fflush(p);
94439e4e	234
26ac0430	235	if (pclose(p) == 0)
e673ba3a	236	SEND_OK("");
26ac0430	237	else
e673ba3a	238	SEND_ERR("");
94439e4e	239	} /* while (1) */
	240	return 0;
	241	}