helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc

   1 /*
   2  * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /*
  10  * basic_getpwnam_auth.c
  11  *
  12  * AUTHOR: Erik Hofman <erik.hofman@a1.nl>
  13  *         Robin Elfrink <robin@a1.nl>
  14  *
  15  * Example authentication program for Squid, based on the
  16  * original proxy_auth code from client_side.c, written by
  17  * Jon Thackray <jrmt@uk.gdscorp.com>.
  18  *
  19  * Uses getpwnam() routines for authentication.
  20  * This has the following advantages over the NCSA module:
  21  *
  22  * - Allow authentication of all know local users
  23  * - Allows authentication through nsswitch.conf
  24  *   + can handle NIS(+) requests
  25  *   + can handle LDAP request
  26  *   + can handle PAM request
  27  *
  28  * 2006-07: Giancarlo Razzolini <linux-fan@onda.com.br>
  29  *
  30  * Added functionality for doing shadow authentication too,
  31  * using the getspnam() function on systems that support it.
  32  *
  33  */
  34
  35 #include "squid.h"
  36 #include "helpers/defines.h"
  37 #include "rfc1738.h"
  38
  39 #include <cstdlib>
  40 #include <cstring>
  41 #if HAVE_UNISTD_H
  42 #include <unistd.h>
  43 #endif
  44 #if HAVE_CRYPT_H
  45 #include <crypt.h>
  46 #endif
  47 #if HAVE_PWD_H
  48 #include <pwd.h>
  49 #endif
  50 #if HAVE_SHADOW_H
  51 #include <shadow.h>
  52 #endif
  53
  54 static int
  55 passwd_auth(char *user, char *passwd)
  56 {
  57     struct passwd *pwd;
  58     pwd = getpwnam(user);
  59     if (pwd == NULL) {
  60         return 0;       /* User does not exist */
  61     } else {
  62         if (strcmp(pwd->pw_passwd, (char *) crypt(passwd, pwd->pw_passwd))) {
  63             return 2;       /* Wrong password */
  64         } else {
  65             return 1;       /* Authentication Sucessful */
  66         }
  67     }
  68 }
  69
  70 #if HAVE_SHADOW_H
  71 static int
  72 shadow_auth(char *user, char *passwd)
  73 {
  74     struct spwd *pwd;
  75     pwd = getspnam(user);
  76     if (pwd == NULL) {
  77         return passwd_auth(user, passwd);   /* Fall back to passwd_auth */
  78     } else {
  79         if (strcmp(pwd->sp_pwdp, crypt(passwd, pwd->sp_pwdp))) {
  80             return 2;       /* Wrong password */
  81         } else {
  82             return 1;       /* Authentication Sucessful */
  83         }
  84     }
  85 }
  86 #endif
  87
  88 int
  89 main(int argc, char **argv)
  90 {
  91     int auth = 0;
  92     char buf[HELPER_INPUT_BUFFER];
  93     char *user, *passwd, *p;
  94
  95     setbuf(stdout, NULL);
  96     while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
  97
  98         if ((p = strchr(buf, '\n')) != NULL)
  99             *p = '\0';      /* strip \n */
 100
 101         if ((user = strtok(buf, " ")) == NULL) {
 102             SEND_ERR("No Username");
 103             continue;
 104         }
 105         if ((passwd = strtok(NULL, "")) == NULL) {
 106             SEND_ERR("No Password");
 107             continue;
 108         }
 109         rfc1738_unescape(user);
 110         rfc1738_unescape(passwd);
 111 #if HAVE_SHADOW_H
 112         auth = shadow_auth(user, passwd);
 113 #else
 114         auth = passwd_auth(user, passwd);
 115 #endif
 116         if (auth == 0) {
 117             SEND_ERR("No such user");
 118         } else {
 119             if (auth == 2) {
 120                 SEND_ERR("Wrong password");
 121             } else {
 122                 SEND_OK("");
 123             }
 124         }
 125     }
 126     return 0;
 127 }
 128