helpers/basic_auth/MSNT/msntauth.cc

   1 /*
   2  * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /*
  10  * MSNT - Microsoft Windows NT domain squid authenticator module
  11  * Version 2.0 by Stellar-X Pty Ltd, Antonino Iannella
  12  * Sun Sep  2 14:39:53 CST 2001
  13  *
  14  * Modified to act as a Squid authenticator module.
  15  * Removed all Pike stuff.
  16  * Returns OK for a successful authentication, or ERR upon error.
  17  *
  18  * Uses code from -
  19  * Andrew Tridgell 1997
  20  * Richard Sharpe 1996
  21  * Bill Welliver 1999
  22  * Duane Wessels 2000 (wessels@squid-cache.org)
  23  *
  24  * Released under GNU Public License
  25  *
  26  * This program is free software; you can redistribute it and/or modify
  27  * it under the terms of the GNU General Public License as published by
  28  * the Free Software Foundation; either version 2 of the License, or
  29  * (at your option) any later version.
  30  *
  31  * This program is distributed in the hope that it will be useful,
  32  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  33  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  34  * GNU General Public License for more details.
  35  *
  36  * You should have received a copy of the GNU General Public License
  37  * along with this program; if not, write to the Free Software
  38  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  39  */
  40 #include "squid.h"
  41 #include "rfc1738.h"
  42 #include "util.h"
  43
  44 #include <csignal>
  45 #include <cstring>
  46 #include <syslog.h>
  47
  48 #include "msntauth.h"
  49
  50 extern char version[];
  51 char msntauth_version[] = "Msntauth v2.0.3 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 26 Jun 2002";
  52
  53 /* Main program for simple authentication.
  54  * Reads the denied user file. Sets alarm timer.
  55  * Scans and checks for Squid input, and attempts to validate the user.
  56  */
  57
  58 int
  59 main(int argc, char **argv)
  60 {
  61     char username[256];
  62     char password[256];
  63     char wstr[256];
  64     int err = 0;
  65
  66     openlog("msnt_auth", LOG_PID, LOG_USER);
  67     setbuf(stdout, NULL);
  68
  69     /* Read configuration file. Abort wildly if error. */
  70     if (OpenConfigFile() == 1)
  71         return 1;
  72
  73     /*
  74      * Read denied and allowed user files.
  75      * If they fails, there is a serious problem.
  76      * Check syslog messages. Deny all users while in this state.
  77      * The msntauth process should then be killed.
  78      */
  79     if ((Read_denyusers() == 1) || (Read_allowusers() == 1)) {
  80         while (1) {
  81             memset(wstr, '\0', sizeof(wstr));
  82             if (fgets(wstr, 255, stdin) == NULL)
  83                 break;
  84             puts("ERR");
  85         }
  86         return 1;
  87     }
  88
  89     /*
  90      * Make Check_forchange() the handle for HUP signals.
  91      * Don't use alarms any more. I don't think it was very
  92      * portable between systems.
  93      * XXX this should be sigaction()
  94      */
  95     signal(SIGHUP, Check_forchange);
  96
  97     while (1) {
  98         int n;
  99         /* Read whole line from standard input. Terminate on break. */
 100         memset(wstr, '\0', sizeof(wstr));
 101         if (fgets(wstr, 255, stdin) == NULL)
 102             break;
 103         /* ignore this line if we didn't get the end-of-line marker */
 104         if (NULL == strchr(wstr, '\n')) {
 105             err = 1;
 106             continue;
 107         }
 108         if (err) {
 109             syslog(LOG_WARNING, "oversized message");
 110             puts("ERR");
 111             err = 0;
 112             continue;
 113         }
 114
 115         /*
 116          * extract username and password.
 117          * XXX is sscanf() safe?
 118          */
 119         username[0] = '\0';
 120         password[0] = '\0';
 121         n = sscanf(wstr, "%s %[^\n]", username, password);
 122         if (2 != n) {
 123             puts("ERR");
 124             continue;
 125         }
 126         /* Check for invalid or blank entries */
 127         if ((username[0] == '\0') || (password[0] == '\0')) {
 128             puts("ERR");
 129             continue;
 130         }
 131         Checktimer();           /* Check if the user lists have changed */
 132
 133         rfc1738_unescape(username);
 134         rfc1738_unescape(password);
 135
 136         /*
 137          * Check if user is explicitly denied or allowed.
 138          * If user passes both checks, they can be authenticated.
 139          */
 140         if (Check_user(username) == 1) {
 141             syslog(LOG_INFO, "'%s' denied", username);
 142             puts("ERR");
 143         } else if (QueryServers(username, password) == 0)
 144             puts("OK");
 145         else {
 146             syslog(LOG_INFO, "'%s' login failed", username);
 147             puts("ERR");
 148         }
 149         err = 0;
 150     }
 151
 152     return 0;
 153 }