src/auth/basic/SMB/basic_smb_auth.sh

   1 #!/bin/sh
   2 #
   3 ## Copyright (C) 1996-2022 The Squid Software Foundation and contributors
   4 ##
   5 ## Squid software is distributed under GPLv2+ license and includes
   6 ## contributions from numerous individuals and organizations.
   7 ## Please see the COPYING and CONTRIBUTORS files for details.
   8 ##
   9 # smb_auth - SMB proxy authentication module
  10 # Copyright (C) 1998  Richard Huveneers <richard@hekkihek.hacom.nl>
  11 #
  12 # This program is free software; you can redistribute it and/or modify
  13 # it under the terms of the GNU General Public License as published by
  14 # the Free Software Foundation; either version 2 of the License, or
  15 # (at your option) any later version.
  16 #
  17 # This program is distributed in the hope that it will be useful,
  18 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  19 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20 # GNU General Public License for more details.
  21 #
  22 # You should have received a copy of the GNU General Public License
  23 # along with this program; if not, write to the Free Software
  24 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  25
  26 read DOMAINNAME
  27 read PASSTHROUGH
  28 read NMBADDR
  29 read NMBCAST
  30 read AUTHSHARE
  31 read AUTHFILE
  32 read SMBUSER
  33 read -r SMBPASS
  34
  35 # Find domain controller
  36 echo "Domain name: $DOMAINNAME"
  37 if [ -n "$PASSTHROUGH" ]
  38 then
  39   echo "Pass-through authentication: yes: $PASSTHROUGH"
  40 else
  41   echo "Pass-through authentication: no"
  42   PASSTHROUGH="$DOMAINNAME"
  43 fi
  44 if [ -n "$NMBADDR" ]
  45 then
  46   if [ "$NMBCAST" = "1" ]
  47   then
  48     addropt="-U $NMBADDR -R"
  49   else
  50     addropt="-B $NMBADDR"
  51   fi
  52 else
  53   addropt=""
  54 fi
  55 echo "Query address options: $addropt"
  56 dcip=`nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
  57 echo "Domain controller IP address: $dcip"
  58 [ -n "$dcip" ] || exit 1
  59
  60 # All right, we have the IP address of a domain controller,
  61 # but we need its name too
  62 dcname=`nmblookup -A $dcip | awk '$2 == "<00>" { print $1 ; exit }'`
  63 echo "Domain controller NETBIOS name: $dcname"
  64 [ -n "$dcname" ] || exit 1
  65
  66 # Pass password to smbclient through environment. Not really safe.
  67 # NOTE: this differs from what the smbclient documentation says.
  68 #       But works when the smbclient documented way does not.
  69 USER="$SMBUSER"
  70 PASSWD="$SMBPASS"
  71 export USER
  72 export PASSWD
  73
  74 # Read the contents of the file $AUTHFILE on the $AUTHSHARE share
  75 authfilebs=`echo "$AUTHFILE" | tr / '\\\\'`
  76 authinfo=`smbclient "//$dcname/$AUTHSHARE" -I $dcip -d 0 -E -W "$DOMAINNAME" -c "get $authfilebs -" 2>/dev/null`
  77 echo "Contents of //$dcname/$AUTHSHARE/$AUTHFILE: $authinfo"
  78
  79 # Allow for both \n and \r\n end-of-line termination
  80 [ "$authinfo" = "allow" -o "$authinfo" = "allow
" ] || exit 1
  81 exit 0