[thirdparty/squid.git] / src / auth / basic / SMB / basic_smb_auth.sh

#!/bin/sh
#
## Copyright (C) 1996-2020 The Squid Software Foundation and contributors
##
## Squid software is distributed under GPLv2+ license and includes
## contributions from numerous individuals and organizations.
## Please see the COPYING and CONTRIBUTORS files for details.
##
# smb_auth - SMB proxy authentication module
# Copyright (C) 1998  Richard Huveneers <richard@hekkihek.hacom.nl>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

read DOMAINNAME
read PASSTHROUGH
read NMBADDR
read NMBCAST
read AUTHSHARE
read AUTHFILE
read SMBUSER
read -r SMBPASS

# Find domain controller
echo "Domain name: $DOMAINNAME"
if [ -n "$PASSTHROUGH" ]
then
  echo "Pass-through authentication: yes: $PASSTHROUGH"
else
  echo "Pass-through authentication: no"
  PASSTHROUGH="$DOMAINNAME"
fi
if [ -n "$NMBADDR" ]
then
  if [ "$NMBCAST" = "1" ]
  then
    addropt="-U $NMBADDR -R"
  else
    addropt="-B $NMBADDR"
  fi
else
  addropt=""
fi
echo "Query address options: $addropt"
dcip=`nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
echo "Domain controller IP address: $dcip"
[ -n "$dcip" ] || exit 1

# All right, we have the IP address of a domain controller,
# but we need its name too
dcname=`nmblookup -A $dcip | awk '$2 == "<00>" { print $1 ; exit }'`
echo "Domain controller NETBIOS name: $dcname"
[ -n "$dcname" ] || exit 1

# Pass password to smbclient through environment. Not really safe.
# NOTE: this differs from what the smbclient documentation says.
#       But works when the smbclient documented way does not.
USER="$SMBUSER"
PASSWD="$SMBPASS"
export USER
export PASSWD

# Read the contents of the file $AUTHFILE on the $AUTHSHARE share
authfilebs=`echo "$AUTHFILE" | tr / '\\\\'`
authinfo=`smbclient "//$dcname/$AUTHSHARE" -I $dcip -d 0 -E -W "$DOMAINNAME" -c "get $authfilebs -" 2>/dev/null`
echo "Contents of //$dcname/$AUTHSHARE/$AUTHFILE: $authinfo"

# Allow for both \n and \r\n end-of-line termination
[ "$authinfo" = "allow" -o "$authinfo" = "allow\r" ] || exit 1
exit 0
Commit	Line	Data
94439e4e	1	#!/bin/sh
94439e4e	2	#
77b1029d	3	## Copyright (C) 1996-2020 The Squid Software Foundation and contributors
5b95b903 AJ	4	##
	5	## Squid software is distributed under GPLv2+ license and includes
	6	## contributions from numerous individuals and organizations.
	7	## Please see the COPYING and CONTRIBUTORS files for details.
	8	##
94439e4e	9	# smb_auth - SMB proxy authentication module
	10	# Copyright (C) 1998 Richard Huveneers <richard@hekkihek.hacom.nl>
	11	#
	12	# This program is free software; you can redistribute it and/or modify
	13	# it under the terms of the GNU General Public License as published by
	14	# the Free Software Foundation; either version 2 of the License, or
	15	# (at your option) any later version.
	16	#
	17	# This program is distributed in the hope that it will be useful,
	18	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	# GNU General Public License for more details.
	21	#
	22	# You should have received a copy of the GNU General Public License
	23	# along with this program; if not, write to the Free Software
	24	# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	25
	26	read DOMAINNAME
	27	read PASSTHROUGH
	28	read NMBADDR
	29	read NMBCAST
	30	read AUTHSHARE
	31	read AUTHFILE
	32	read SMBUSER
d65bfaba	33	read -r SMBPASS
94439e4e	34
	35	# Find domain controller
	36	echo "Domain name: $DOMAINNAME"
	37	if [ -n "$PASSTHROUGH" ]
	38	then
	39	echo "Pass-through authentication: yes: $PASSTHROUGH"
	40	else
	41	echo "Pass-through authentication: no"
	42	PASSTHROUGH="$DOMAINNAME"
	43	fi
	44	if [ -n "$NMBADDR" ]
	45	then
	46	if [ "$NMBCAST" = "1" ]
	47	then
	48	addropt="-U $NMBADDR -R"
	49	else
	50	addropt="-B $NMBADDR"
	51	fi
	52	else
	53	addropt=""
	54	fi
	55	echo "Query address options: $addropt"
986ea17b	56	dcip=`nmblookup $addropt "$PASSTHROUGH#1c" \| awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
94439e4e	57	echo "Domain controller IP address: $dcip"
	58	[ -n "$dcip" ] \|\| exit 1
	59
	60	# All right, we have the IP address of a domain controller,
	61	# but we need its name too
90c2083a	62	dcname=`nmblookup -A $dcip \| awk '$2 == "<00>" { print $1 ; exit }'`
94439e4e	63	echo "Domain controller NETBIOS name: $dcname"
	64	[ -n "$dcname" ] \|\| exit 1
	65
	66	# Pass password to smbclient through environment. Not really safe.
f334d758 UDP	67	# NOTE: this differs from what the smbclient documentation says.
	68	# But works when the smbclient documented way does not.
	69	USER="$SMBUSER"
	70	PASSWD="$SMBPASS"
94439e4e	71	export USER
f334d758	72	export PASSWD
94439e4e	73
	74	# Read the contents of the file $AUTHFILE on the $AUTHSHARE share
	75	authfilebs=`echo "$AUTHFILE" \| tr / '\\\\'`
90c2083a	76	authinfo=`smbclient "//$dcname/$AUTHSHARE" -I $dcip -d 0 -E -W "$DOMAINNAME" -c "get $authfilebs -" 2>/dev/null`
94439e4e	77	echo "Contents of //$dcname/$AUTHSHARE/$AUTHFILE: $authinfo"
	78
	79	# Allow for both \n and \r\n end-of-line termination
	80	[ "$authinfo" = "allow" -o "$authinfo" = "allow\r" ] \|\| exit 1
	81	exit 0