]>
Commit | Line | Data |
---|---|---|
94439e4e | 1 | #!/bin/sh |
2 | # | |
77b1029d | 3 | ## Copyright (C) 1996-2020 The Squid Software Foundation and contributors |
5b95b903 AJ |
4 | ## |
5 | ## Squid software is distributed under GPLv2+ license and includes | |
6 | ## contributions from numerous individuals and organizations. | |
7 | ## Please see the COPYING and CONTRIBUTORS files for details. | |
8 | ## | |
94439e4e | 9 | # smb_auth - SMB proxy authentication module |
10 | # Copyright (C) 1998 Richard Huveneers <richard@hekkihek.hacom.nl> | |
11 | # | |
12 | # This program is free software; you can redistribute it and/or modify | |
13 | # it under the terms of the GNU General Public License as published by | |
14 | # the Free Software Foundation; either version 2 of the License, or | |
15 | # (at your option) any later version. | |
16 | # | |
17 | # This program is distributed in the hope that it will be useful, | |
18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | # GNU General Public License for more details. | |
21 | # | |
22 | # You should have received a copy of the GNU General Public License | |
23 | # along with this program; if not, write to the Free Software | |
24 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
25 | ||
26 | read DOMAINNAME | |
27 | read PASSTHROUGH | |
28 | read NMBADDR | |
29 | read NMBCAST | |
30 | read AUTHSHARE | |
31 | read AUTHFILE | |
32 | read SMBUSER | |
d65bfaba | 33 | read -r SMBPASS |
94439e4e | 34 | |
35 | # Find domain controller | |
36 | echo "Domain name: $DOMAINNAME" | |
37 | if [ -n "$PASSTHROUGH" ] | |
38 | then | |
39 | echo "Pass-through authentication: yes: $PASSTHROUGH" | |
40 | else | |
41 | echo "Pass-through authentication: no" | |
42 | PASSTHROUGH="$DOMAINNAME" | |
43 | fi | |
44 | if [ -n "$NMBADDR" ] | |
45 | then | |
46 | if [ "$NMBCAST" = "1" ] | |
47 | then | |
48 | addropt="-U $NMBADDR -R" | |
49 | else | |
50 | addropt="-B $NMBADDR" | |
51 | fi | |
52 | else | |
53 | addropt="" | |
54 | fi | |
55 | echo "Query address options: $addropt" | |
986ea17b | 56 | dcip=`nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` |
94439e4e | 57 | echo "Domain controller IP address: $dcip" |
58 | [ -n "$dcip" ] || exit 1 | |
59 | ||
60 | # All right, we have the IP address of a domain controller, | |
61 | # but we need its name too | |
90c2083a | 62 | dcname=`nmblookup -A $dcip | awk '$2 == "<00>" { print $1 ; exit }'` |
94439e4e | 63 | echo "Domain controller NETBIOS name: $dcname" |
64 | [ -n "$dcname" ] || exit 1 | |
65 | ||
66 | # Pass password to smbclient through environment. Not really safe. | |
f334d758 UDP |
67 | # NOTE: this differs from what the smbclient documentation says. |
68 | # But works when the smbclient documented way does not. | |
69 | USER="$SMBUSER" | |
70 | PASSWD="$SMBPASS" | |
94439e4e | 71 | export USER |
f334d758 | 72 | export PASSWD |
94439e4e | 73 | |
74 | # Read the contents of the file $AUTHFILE on the $AUTHSHARE share | |
75 | authfilebs=`echo "$AUTHFILE" | tr / '\\\\'` | |
90c2083a | 76 | authinfo=`smbclient "//$dcname/$AUTHSHARE" -I $dcip -d 0 -E -W "$DOMAINNAME" -c "get $authfilebs -" 2>/dev/null` |
94439e4e | 77 | echo "Contents of //$dcname/$AUTHSHARE/$AUTHFILE: $authinfo" |
78 | ||
79 | # Allow for both \n and \r\n end-of-line termination | |
80 | [ "$authinfo" = "allow" -o "$authinfo" = "allow\r" ] || exit 1 | |
81 | exit 0 |