src/auth/basic/SMB_LM/msntauth.cc

   1 /*
   2  * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /*
  10  * MSNT - Microsoft Windows NT domain squid authenticator module
  11  * Version 2.0 by Stellar-X Pty Ltd, Antonino Iannella
  12  * Sun Sep  2 14:39:53 CST 2001
  13  *
  14  * Modified to act as a Squid authenticator module.
  15  * Removed all Pike stuff.
  16  * Returns OK for a successful authentication, or ERR upon error.
  17  *
  18  * Uses code from -
  19  * Andrew Tridgell 1997
  20  * Richard Sharpe 1996
  21  * Bill Welliver 1999
  22  * Duane Wessels 2000 (wessels@squid-cache.org)
  23  *
  24  * Released under GNU Public License
  25  *
  26  * This program is free software; you can redistribute it and/or modify
  27  * it under the terms of the GNU General Public License as published by
  28  * the Free Software Foundation; either version 2 of the License, or
  29  * (at your option) any later version.
  30  *
  31  * This program is distributed in the hope that it will be useful,
  32  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  33  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  34  * GNU General Public License for more details.
  35  *
  36  * You should have received a copy of the GNU General Public License
  37  * along with this program; if not, write to the Free Software
  38  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  39  */
  40 #include "squid.h"
  41 #include "rfc1738.h"
  42 #include "util.h"
  43
  44 #include <csignal>
  45 #include <cstring>
  46 #include <iostream>
  47 #include <string>
  48 #include <vector> //todo: turn into multimap
  49 #include <syslog.h>
  50
  51 #include "auth/basic/SMB_LM/msntauth.h"
  52 #include "auth/basic/SMB_LM/valid.h"
  53
  54 static char msntauth_version[] = "Msntauth v3.0.0 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 2002-2014";
  55
  56 struct domaincontroller {
  57     std::string domain;
  58     std::string server;
  59 };
  60 typedef std::vector<domaincontroller> domaincontrollers_t;
  61 domaincontrollers_t domaincontrollers;
  62
  63 bool
  64 validate_user(char *username, char *password)
  65 {
  66     for (domaincontrollers_t::iterator dc = domaincontrollers.begin(); dc != domaincontrollers.end(); ++dc) {
  67         //std::cerr << "testing against " << dc->server << std::endl;
  68         const int rv = Valid_User(username, password, dc->server.c_str(), NULL, dc->domain.c_str());
  69         //std::cerr << "check result: " << rv << std::endl;
  70         if (rv == NTV_NO_ERROR)
  71             return true;
  72     }
  73     return false;
  74 }
  75
  76 static char instructions[] = "Usage instructions: basic_nsnt_auth <domainname>/<domaincontroller> [<domainname>/<domaincontroller> ...]";
  77 void
  78 display_usage_instructions()
  79 {
  80     using std::endl;
  81     std::cerr << msntauth_version << endl << instructions << endl << endl;
  82 }
  83
  84 // arguments: domain/server_name [domain/server_name ...]
  85 int
  86 main(int argc, char **argv)
  87 {
  88     char username[256];
  89     char password[256];
  90     char wstr[256];
  91     int err = 0;
  92
  93     openlog("basic_smb_lm_auth", LOG_PID, LOG_USER);
  94     setbuf(stdout, NULL);
  95
  96     for (int j = 1; j < argc; ++j) {
  97         std::string arg = argv[j];
  98         size_t pos=arg.find('/');
  99         if (arg.find('/',pos+1) != std::string::npos) {
 100             std::cerr << "Error: can't understand domain controller specification '"
 101                       << arg << "'. Ignoring" << std::endl;
 102         }
 103         domaincontroller dc;
 104         dc.domain = arg.substr(0,pos);
 105         dc.server = arg.substr(pos+1);
 106         if (dc.domain.length() == 0 || dc.server.length() == 0) {
 107             std::cerr << "Error: invalid domain specification in '" << arg <<
 108                       "'. Ignoring." << std::endl;
 109             exit(EXIT_FAILURE);
 110         }
 111         domaincontrollers.push_back(dc);
 112     }
 113     if (domaincontrollers.empty()) {
 114         display_usage_instructions();
 115         std::cerr << "Error: no domain controllers specified" << std::endl;
 116         exit(EXIT_FAILURE);
 117     }
 118
 119     while (1) {
 120         int n;
 121         /* Read whole line from standard input. Terminate on break. */
 122         memset(wstr, '\0', sizeof(wstr));
 123         if (fgets(wstr, 255, stdin) == NULL)
 124             break;
 125         /* ignore this line if we didn't get the end-of-line marker */
 126         if (NULL == strchr(wstr, '\n')) {
 127             err = 1;
 128             continue;
 129         }
 130         if (err) {
 131             syslog(LOG_WARNING, "oversized message");
 132             puts("ERR");
 133             err = 0;
 134             continue;
 135         }
 136
 137         /*
 138          * extract username and password.
 139          */
 140         username[0] = '\0';
 141         password[0] = '\0';
 142         n = sscanf(wstr, "%s %[^\n]", username, password);
 143         if (2 != n) {
 144             puts("ERR");
 145             continue;
 146         }
 147         /* Check for invalid or blank entries */
 148         if ((username[0] == '\0') || (password[0] == '\0')) {
 149             puts("ERR");
 150             continue;
 151         }
 152
 153         rfc1738_unescape(username);
 154         rfc1738_unescape(password);
 155
 156         if (validate_user(username, password)) {
 157             puts("OK");
 158         } else {
 159             syslog(LOG_INFO, "'%s' login failed", username);
 160             puts("ERR");
 161         }
 162         err = 0;
 163     }
 164
 165     return EXIT_SUCCESS;
 166 }
 167