[thirdparty/squid.git] / src / auth / basic / SMB_LM / msntauth.cc

/*
 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 * MSNT - Microsoft Windows NT domain squid authenticator module
 * Version 2.0 by Stellar-X Pty Ltd, Antonino Iannella
 * Sun Sep  2 14:39:53 CST 2001
 *
 * Modified to act as a Squid authenticator module.
 * Removed all Pike stuff.
 * Returns OK for a successful authentication, or ERR upon error.
 *
 * Uses code from -
 * Andrew Tridgell 1997
 * Richard Sharpe 1996
 * Bill Welliver 1999
 * Duane Wessels 2000 (wessels@squid-cache.org)
 *
 * Released under GNU Public License
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
#include "squid.h"
#include "rfc1738.h"
#include "util.h"

#include <csignal>
#include <cstring>
#include <iostream>
#include <string>
#include <vector> //todo: turn into multimap
#include <syslog.h>

#include "auth/basic/SMB_LM/msntauth.h"
#include "auth/basic/SMB_LM/valid.h"

static char msntauth_version[] = "Msntauth v3.0.0 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 2002-2014";

struct domaincontroller {
    std::string domain;
    std::string server;
};
typedef std::vector<domaincontroller> domaincontrollers_t;
domaincontrollers_t domaincontrollers;

bool
validate_user(char *username, char *password)
{
    for (domaincontrollers_t::iterator dc = domaincontrollers.begin(); dc != domaincontrollers.end(); ++dc) {
        //std::cerr << "testing against " << dc->server << std::endl;
        const int rv = Valid_User(username, password, dc->server.c_str(), NULL, dc->domain.c_str());
        //std::cerr << "check result: " << rv << std::endl;
        if (rv == NTV_NO_ERROR)
            return true;
    }
    return false;
}

static char instructions[] = "Usage instructions: basic_nsnt_auth <domainname>/<domaincontroller> [<domainname>/<domaincontroller> ...]";
void
display_usage_instructions()
{
    using std::endl;
    std::cerr << msntauth_version << endl << instructions << endl << endl;
}

// arguments: domain/server_name [domain/server_name ...]
int
main(int argc, char **argv)
{
    char username[256];
    char password[256];
    char wstr[256];
    int err = 0;

    openlog("basic_smb_lm_auth", LOG_PID, LOG_USER);
    setbuf(stdout, NULL);

    for (int j = 1; j < argc; ++j) {
        std::string arg = argv[j];
        size_t pos=arg.find('/');
        if (arg.find('/',pos+1) != std::string::npos) {
            std::cerr << "Error: can't understand domain controller specification '"
                      << arg << "'. Ignoring" << std::endl;
        }
        domaincontroller dc;
        dc.domain = arg.substr(0,pos);
        dc.server = arg.substr(pos+1);
        if (dc.domain.length() == 0 || dc.server.length() == 0) {
            std::cerr << "Error: invalid domain specification in '" << arg <<
                      "'. Ignoring." << std::endl;
            exit(1);
        }
        domaincontrollers.push_back(dc);
    }
    if (domaincontrollers.empty()) {
        display_usage_instructions();
        std::cerr << "Error: no domain controllers specified" << std::endl;
        exit(1);
    }

    while (1) {
        int n;
        /* Read whole line from standard input. Terminate on break. */
        memset(wstr, '\0', sizeof(wstr));
        if (fgets(wstr, 255, stdin) == NULL)
            break;
        /* ignore this line if we didn't get the end-of-line marker */
        if (NULL == strchr(wstr, '\n')) {
            err = 1;
            continue;
        }
        if (err) {
            syslog(LOG_WARNING, "oversized message");
            puts("ERR");
            err = 0;
            continue;
        }

        /*
         * extract username and password.
         */
        username[0] = '\0';
        password[0] = '\0';
        n = sscanf(wstr, "%s %[^\n]", username, password);
        if (2 != n) {
            puts("ERR");
            continue;
        }
        /* Check for invalid or blank entries */
        if ((username[0] == '\0') || (password[0] == '\0')) {
            puts("ERR");
            continue;
        }

        rfc1738_unescape(username);
        rfc1738_unescape(password);

        if (validate_user(username, password)) {
            puts("OK");
        } else {
            syslog(LOG_INFO, "'%s' login failed", username);
            puts("ERR");
        }
        err = 0;
    }

    return 0;
}
Commit	Line	Data
5b95b903	1	/*
4ac4a490	2	* Copyright (C) 1996-2017 The Squid Software Foundation and contributors
5b95b903 AJ	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
94439e4e	9	/*
94439e4e	10	* MSNT - Microsoft Windows NT domain squid authenticator module
6d73604c	11	* Version 2.0 by Stellar-X Pty Ltd, Antonino Iannella
6d73604c	12	* Sun Sep 2 14:39:53 CST 2001
26ac0430	13	*
94439e4e	14	* Modified to act as a Squid authenticator module.
	15	* Removed all Pike stuff.
	16	* Returns OK for a successful authentication, or ERR upon error.
26ac0430	17	*
94439e4e	18	* Uses code from -
	19	* Andrew Tridgell 1997
	20	* Richard Sharpe 1996
	21	* Bill Welliver 1999
6d73604c	22	* Duane Wessels 2000 (wessels@squid-cache.org)
26ac0430	23	*
94439e4e	24	* Released under GNU Public License
26ac0430	25	*
94439e4e	26	* This program is free software; you can redistribute it and/or modify
	27	* it under the terms of the GNU General Public License as published by
	28	* the Free Software Foundation; either version 2 of the License, or
	29	* (at your option) any later version.
26ac0430	30	*
94439e4e	31	* This program is distributed in the hope that it will be useful,
	32	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	33	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	34	* GNU General Public License for more details.
26ac0430	35	*
94439e4e	36	* You should have received a copy of the GNU General Public License
	37	* along with this program; if not, write to the Free Software
	38	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	39	*/
f7f3304a	40	#include "squid.h"
1fa9b1a7	41	#include "rfc1738.h"
60dbdd1f	42	#include "util.h"
60dbdd1f	43
074d6a40 AJ	44	#include <csignal>
074d6a40 AJ	45	#include <cstring>
1de9145c FC	46	#include <iostream>
	47	#include <string>
	48	#include <vector> //todo: turn into multimap
94439e4e	49	#include <syslog.h>
94439e4e	50
03901cf8 AJ	51	#include "auth/basic/SMB_LM/msntauth.h"
03901cf8 AJ	52	#include "auth/basic/SMB_LM/valid.h"
6d73604c	53
bb521715	54	static char msntauth_version[] = "Msntauth v3.0.0 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 2002-2014";
94439e4e	55
1de9145c	56	struct domaincontroller {
ae81e9ec FC	57	std::string domain;
ae81e9ec FC	58	std::string server;
1de9145c	59	};
ae81e9ec FC	60	typedef std::vector<domaincontroller> domaincontrollers_t;
ae81e9ec FC	61	domaincontrollers_t domaincontrollers;
94439e4e	62
1de9145c FC	63	bool
	64	validate_user(char username, char password)
	65	{
ae81e9ec FC	66	for (domaincontrollers_t::iterator dc = domaincontrollers.begin(); dc != domaincontrollers.end(); ++dc) {
	67	//std::cerr << "testing against " << dc->server << std::endl;
	68	const int rv = Valid_User(username, password, dc->server.c_str(), NULL, dc->domain.c_str());
	69	//std::cerr << "check result: " << rv << std::endl;
	70	if (rv == NTV_NO_ERROR)
	71	return true;
	72	}
	73	return false;
1de9145c	74	}
ae81e9ec	75
bb521715 FC	76	static char instructions[] = "Usage instructions: basic_nsnt_auth <domainname>/<domaincontroller> [<domainname>/<domaincontroller> ...]";
	77	void
	78	display_usage_instructions()
	79	{
	80	using std::endl;
	81	std::cerr << msntauth_version << endl << instructions << endl << endl;
	82	}
94439e4e	83
ae81e9ec	84	// arguments: domain/server_name [domain/server_name ...]
94439e4e	85	int
eb073b3b	86	main(int argc, char **argv)
94439e4e	87	{
	88	char username[256];
	89	char password[256];
	90	char wstr[256];
811c6e76	91	int err = 0;
94439e4e	92
8f0e29d2	93	openlog("basic_smb_lm_auth", LOG_PID, LOG_USER);
eb073b3b	94	setbuf(stdout, NULL);
eb073b3b	95
1de9145c	96	for (int j = 1; j < argc; ++j) {
ae81e9ec FC	97	std::string arg = argv[j];
	98	size_t pos=arg.find('/');
	99	if (arg.find('/',pos+1) != std::string::npos) {
	100	std::cerr << "Error: can't understand domain controller specification '"
bb521715	101	<< arg << "'. Ignoring" << std::endl;
26ac0430	102	}
ee0ef6b3 FC	103	domaincontroller dc;
	104	dc.domain = arg.substr(0,pos);
	105	dc.server = arg.substr(pos+1);
ae81e9ec FC	106	if (dc.domain.length() == 0 \|\| dc.server.length() == 0) {
ae81e9ec FC	107	std::cerr << "Error: invalid domain specification in '" << arg <<
bb521715	108	"'. Ignoring." << std::endl;
ae81e9ec FC	109	exit(1);
	110	}
	111	domaincontrollers.push_back(dc);
	112	}
	113	if (domaincontrollers.empty()) {
bb521715	114	display_usage_instructions();
ae81e9ec FC	115	std::cerr << "Error: no domain controllers specified" << std::endl;
ae81e9ec FC	116	exit(1);
94439e4e	117	}
94439e4e	118
94439e4e	119	while (1) {
26ac0430 AJ	120	int n;
	121	/* Read whole line from standard input. Terminate on break. */
	122	memset(wstr, '\0', sizeof(wstr));
	123	if (fgets(wstr, 255, stdin) == NULL)
	124	break;
	125	/* ignore this line if we didn't get the end-of-line marker */
	126	if (NULL == strchr(wstr, '\n')) {
	127	err = 1;
	128	continue;
	129	}
	130	if (err) {
	131	syslog(LOG_WARNING, "oversized message");
27759484 AJ	132	puts("ERR");
	133	err = 0;
	134	continue;
26ac0430	135	}
94439e4e	136
26ac0430 AJ	137	/*
26ac0430 AJ	138	* extract username and password.
26ac0430 AJ	139	*/
	140	username[0] = '\0';
	141	password[0] = '\0';
	142	n = sscanf(wstr, "%s %[^\n]", username, password);
	143	if (2 != n) {
	144	puts("ERR");
	145	continue;
	146	}
	147	/* Check for invalid or blank entries */
	148	if ((username[0] == '\0') \|\| (password[0] == '\0')) {
	149	puts("ERR");
	150	continue;
	151	}
94439e4e	152
26ac0430 AJ	153	rfc1738_unescape(username);
26ac0430 AJ	154	rfc1738_unescape(password);
9bbd1655	155
1de9145c	156	if (validate_user(username, password)) {
26ac0430	157	puts("OK");
1de9145c	158	} else {
26ac0430	159	syslog(LOG_INFO, "'%s' login failed", username);
26ac0430 AJ	160	puts("ERR");
	161	}
	162	err = 0;
94439e4e	163	}
	164
	165	return 0;
	166	}
f53969cc	167