src/auth/basic/getpwnam/basic_getpwnam_auth.cc

   1 /*
   2  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /*
  10  * basic_getpwnam_auth.c
  11  *
  12  * AUTHOR: Erik Hofman <erik.hofman@a1.nl>
  13  *         Robin Elfrink <robin@a1.nl>
  14  *
  15  * Example authentication program for Squid, based on the
  16  * original proxy_auth code from client_side.c, written by
  17  * Jon Thackray <jrmt@uk.gdscorp.com>.
  18  *
  19  * Uses getpwnam() routines for authentication.
  20  * This has the following advantages over the NCSA module:
  21  *
  22  * - Allow authentication of all know local users
  23  * - Allows authentication through nsswitch.conf
  24  *   + can handle NIS(+) requests
  25  *   + can handle LDAP request
  26  *   + can handle PAM request
  27  *
  28  * 2006-07: Giancarlo Razzolini <linux-fan@onda.com.br>
  29  *
  30  * Added functionality for doing shadow authentication too,
  31  * using the getspnam() function on systems that support it.
  32  *
  33  */
  34
  35 #include "squid.h"
  36 #include "helper/protocol_defines.h"
  37 #include "rfc1738.h"
  38
  39 #include <cstdlib>
  40 #include <cstring>
  41 #if HAVE_UNISTD_H
  42 #include <unistd.h>
  43 #endif
  44 #if HAVE_CRYPT_H
  45 #include <crypt.h>
  46 #endif
  47 #if HAVE_PWD_H
  48 #include <pwd.h>
  49 #endif
  50 #if HAVE_SHADOW_H
  51 #include <shadow.h>
  52 #endif
  53
  54 static int
  55 passwd_auth(char *user, char *passwd)
  56 {
  57     struct passwd *pwd;
  58     pwd = getpwnam(user);
  59     if (pwd == NULL) {
  60         return 0;       /* User does not exist */
  61     } else {
  62         char *crypted = crypt(passwd, pwd->pw_passwd);
  63         if (!crypted || strcmp(pwd->pw_passwd, crypted)) {
  64             return 2;       /* Wrong password */
  65         } else {
  66             return 1;       /* Authentication Sucessful */
  67         }
  68     }
  69 }
  70
  71 #if HAVE_SHADOW_H
  72 static int
  73 shadow_auth(char *user, char *passwd)
  74 {
  75     struct spwd *pwd;
  76     pwd = getspnam(user);
  77     if (pwd == NULL) {
  78         return passwd_auth(user, passwd);   /* Fall back to passwd_auth */
  79     } else {
  80         char *crypted = crypt(passwd, pwd->sp_pwdp);
  81         if (!crypted || strcmp(pwd->sp_pwdp, crypted)) {
  82             return 2;       /* Wrong password */
  83         } else {
  84             return 1;       /* Authentication Sucessful */
  85         }
  86     }
  87 }
  88 #endif
  89
  90 int
  91 main(int, char **)
  92 {
  93     int auth = 0;
  94     char buf[HELPER_INPUT_BUFFER];
  95     char *user, *passwd, *p;
  96
  97     setbuf(stdout, NULL);
  98     while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
  99
 100         if ((p = strchr(buf, '\n')) != NULL)
 101             *p = '\0';      /* strip \n */
 102
 103         if ((user = strtok(buf, " ")) == NULL) {
 104             SEND_ERR("No Username");
 105             continue;
 106         }
 107         if ((passwd = strtok(NULL, "")) == NULL) {
 108             SEND_ERR("No Password");
 109             continue;
 110         }
 111         rfc1738_unescape(user);
 112         rfc1738_unescape(passwd);
 113 #if HAVE_SHADOW_H
 114         auth = shadow_auth(user, passwd);
 115 #else
 116         auth = passwd_auth(user, passwd);
 117 #endif
 118         if (auth == 0) {
 119             SEND_ERR("No such user");
 120         } else {
 121             if (auth == 2) {
 122                 SEND_ERR("Wrong password");
 123             } else {
 124                 SEND_OK("");
 125             }
 126         }
 127     }
 128     return EXIT_SUCCESS;
 129 }
 130