helpers/basic_auth/SSPI/basic_sspi_auth.cc

   1 /*
   2   NT_auth -  Version 2.0
   3
   4   Returns OK for a successful authentication, or ERR upon error.
   5
   6   Guido Serassio, Torino - Italy
   7
   8   Uses code from -
   9     Antonino Iannella 2000
  10     Andrew Tridgell 1997
  11     Richard Sharpe 1996
  12     Bill Welliver 1999
  13
  14  * Distributed freely under the terms of the GNU General Public License,
  15  * version 2. See the file COPYING for licensing details
  16  *
  17  * This program is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU General Public License for more details.
  21
  22  * You should have received a copy of the GNU General Public License
  23  * along with this program; if not, write to the Free Software
  24  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  25 */
  26
  27 #include "squid.h"
  28 #include "helpers/defines.h"
  29 #include "rfc1738.h"
  30 #include "util.h"
  31 #include "valid.h"
  32
  33 #if GETOPT_H
  34 #include <getopt.h>
  35 #endif
  36
  37 /* Check if we try to compile on a Windows Platform */
  38 #if !_SQUID_WINDOWS_
  39 /* NON Windows Platform !!! */
  40 #error NON WINDOWS PLATFORM
  41 #endif
  42
  43 static char NTGroup[256];
  44 char * NTAllowedGroup;
  45 char * NTDisAllowedGroup;
  46 int UseDisallowedGroup = 0;
  47 int UseAllowedGroup = 0;
  48 int debug_enabled = 0;
  49
  50 /*
  51  * options:
  52  * -A can specify a Windows Local Group name allowed to authenticate.
  53  * -D can specify a Windows Local Group name not allowed to authenticate.
  54  * -O can specify the default Domain against to authenticate.
  55  */
  56 static void
  57 usage(const char *name)
  58 {
  59     fprintf(stderr, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
  60             "-A can specify a Windows Local Group name allowed to authenticate\n"
  61             "-D can specify a Windows Local Group name not allowed to authenticate\n"
  62             "-O can specify the default Domain against to authenticate\n"
  63             "-d enable debugging.\n"
  64             "-h this message\n\n",
  65             name);
  66 }
  67
  68 void
  69 process_options(int argc, char *argv[])
  70 {
  71     int opt;
  72     while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
  73         switch (opt) {
  74         case 'A':
  75             safe_free(NTAllowedGroup);
  76             NTAllowedGroup=xstrdup(optarg);
  77             UseAllowedGroup = 1;
  78             break;
  79         case 'D':
  80             safe_free(NTDisAllowedGroup);
  81             NTDisAllowedGroup=xstrdup(optarg);
  82             UseDisallowedGroup = 1;
  83             break;
  84         case 'O':
  85             strncpy(Default_NTDomain, optarg, DNLEN);
  86             break;
  87         case 'd':
  88             debug_enabled = 1;
  89             break;
  90         case 'h':
  91             usage(argv[0]);
  92             exit(0);
  93         case '?':
  94             opt = optopt;
  95             /* fall thru to default */
  96         default:
  97             fprintf(stderr, "FATAL: Unknown option: -%c\n", opt);
  98             usage(argv[0]);
  99             exit(1);
 100         }
 101     }
 102 }
 103
 104 /* Main program for simple authentication.
 105    Scans and checks for Squid input, and attempts to validate the user.
 106 */
 107 int
 108 main(int argc, char **argv)
 109 {
 110     char wstr[HELPER_INPUT_BUFFER];
 111     char username[256];
 112     char password[256];
 113     char *p;
 114     int err = 0;
 115
 116     process_options(argc, argv);
 117
 118     if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) {
 119         fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n");
 120         exit(1);
 121     }
 122     debug("SSPI initialized OK\n");
 123
 124     atexit(UnloadSecurityDll);
 125
 126     /* initialize FDescs */
 127     setbuf(stdout, NULL);
 128     setbuf(stderr, NULL);
 129
 130     while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) {
 131
 132         if (NULL == strchr(wstr, '\n')) {
 133             err = 1;
 134             continue;
 135         }
 136         if (err) {
 137             SEND_ERR("Oversized message");
 138             err = 0;
 139             fflush(stdout);
 140             continue;
 141         }
 142
 143         if ((p = strchr(wstr, '\n')) != NULL)
 144             *p = '\0';          /* strip \n */
 145         if ((p = strchr(wstr, '\r')) != NULL)
 146             *p = '\0';          /* strip \r */
 147         /* Clear any current settings */
 148         username[0] = '\0';
 149         password[0] = '\0';
 150         sscanf(wstr, "%s %s", username, password);      /* Extract parameters */
 151
 152         debug("Got %s from Squid\n", wstr);
 153
 154         /* Check for invalid or blank entries */
 155         if ((username[0] == '\0') || (password[0] == '\0')) {
 156             SEND_ERR("Invalid Request");
 157             fflush(stdout);
 158             continue;
 159         }
 160         rfc1738_unescape(username);
 161         rfc1738_unescape(password);
 162
 163         debug("Trying to validate; %s %s\n", username, password);
 164
 165         if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
 166             SEND_OK("");
 167         else
 168             SEND_ERR(errormsg);
 169         err = 0;
 170         fflush(stdout);
 171     }
 172     return 0;
 173 }