[thirdparty/squid.git] / helpers / basic_auth / MSNT / msntauth.cc

/*
 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 * MSNT - Microsoft Windows NT domain squid authenticator module
 * Version 2.0 by Stellar-X Pty Ltd, Antonino Iannella
 * Sun Sep  2 14:39:53 CST 2001
 *
 * Modified to act as a Squid authenticator module.
 * Removed all Pike stuff.
 * Returns OK for a successful authentication, or ERR upon error.
 *
 * Uses code from -
 * Andrew Tridgell 1997
 * Richard Sharpe 1996
 * Bill Welliver 1999
 * Duane Wessels 2000 (wessels@squid-cache.org)
 *
 * Released under GNU Public License
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
#include "squid.h"
#include "rfc1738.h"
#include "util.h"

#include <csignal>
#include <cstring>
#include <syslog.h>

#include "msntauth.h"

extern char version[];
char msntauth_version[] = "Msntauth v2.0.3 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 26 Jun 2002";

/* Main program for simple authentication.
 * Reads the denied user file. Sets alarm timer.
 * Scans and checks for Squid input, and attempts to validate the user.
 */

int
main(int argc, char **argv)
{
    char username[256];
    char password[256];
    char wstr[256];
    int err = 0;

    openlog("msnt_auth", LOG_PID, LOG_USER);
    setbuf(stdout, NULL);

    /* Read configuration file. Abort wildly if error. */
    if (OpenConfigFile() == 1)
        return 1;

    /*
     * Read denied and allowed user files.
     * If they fails, there is a serious problem.
     * Check syslog messages. Deny all users while in this state.
     * The msntauth process should then be killed.
     */
    if ((Read_denyusers() == 1) || (Read_allowusers() == 1)) {
        while (1) {
            memset(wstr, '\0', sizeof(wstr));
            if (fgets(wstr, 255, stdin) == NULL)
                break;
            puts("ERR");
        }
        return 1;
    }

    /*
     * Make Check_forchange() the handle for HUP signals.
     * Don't use alarms any more. I don't think it was very
     * portable between systems.
     * XXX this should be sigaction()
     */
    signal(SIGHUP, Check_forchange);

    while (1) {
        int n;
        /* Read whole line from standard input. Terminate on break. */
        memset(wstr, '\0', sizeof(wstr));
        if (fgets(wstr, 255, stdin) == NULL)
            break;
        /* ignore this line if we didn't get the end-of-line marker */
        if (NULL == strchr(wstr, '\n')) {
            err = 1;
            continue;
        }
        if (err) {
            syslog(LOG_WARNING, "oversized message");
            puts("ERR");
            err = 0;
            continue;
        }

        /*
         * extract username and password.
         * XXX is sscanf() safe?
         */
        username[0] = '\0';
        password[0] = '\0';
        n = sscanf(wstr, "%s %[^\n]", username, password);
        if (2 != n) {
            puts("ERR");
            continue;
        }
        /* Check for invalid or blank entries */
        if ((username[0] == '\0') || (password[0] == '\0')) {
            puts("ERR");
            continue;
        }
        Checktimer();		/* Check if the user lists have changed */

        rfc1738_unescape(username);
        rfc1738_unescape(password);

        /*
         * Check if user is explicitly denied or allowed.
         * If user passes both checks, they can be authenticated.
         */
        if (Check_user(username) == 1) {
            syslog(LOG_INFO, "'%s' denied", username);
            puts("ERR");
        } else if (QueryServers(username, password) == 0)
            puts("OK");
        else {
            syslog(LOG_INFO, "'%s' login failed", username);
            puts("ERR");
        }
        err = 0;
    }

    return 0;
}
Commit	Line	Data
5b95b903 AJ	1	/*
	2	* Copyright (C) 1996-2014 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
94439e4e	9	/*
94439e4e	10	* MSNT - Microsoft Windows NT domain squid authenticator module
6d73604c	11	* Version 2.0 by Stellar-X Pty Ltd, Antonino Iannella
6d73604c	12	* Sun Sep 2 14:39:53 CST 2001
26ac0430	13	*
94439e4e	14	* Modified to act as a Squid authenticator module.
	15	* Removed all Pike stuff.
	16	* Returns OK for a successful authentication, or ERR upon error.
26ac0430	17	*
94439e4e	18	* Uses code from -
	19	* Andrew Tridgell 1997
	20	* Richard Sharpe 1996
	21	* Bill Welliver 1999
6d73604c	22	* Duane Wessels 2000 (wessels@squid-cache.org)
26ac0430	23	*
94439e4e	24	* Released under GNU Public License
26ac0430	25	*
94439e4e	26	* This program is free software; you can redistribute it and/or modify
	27	* it under the terms of the GNU General Public License as published by
	28	* the Free Software Foundation; either version 2 of the License, or
	29	* (at your option) any later version.
26ac0430	30	*
94439e4e	31	* This program is distributed in the hope that it will be useful,
	32	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	33	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	34	* GNU General Public License for more details.
26ac0430	35	*
94439e4e	36	* You should have received a copy of the GNU General Public License
	37	* along with this program; if not, write to the Free Software
	38	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	39	*/
f7f3304a	40	#include "squid.h"
1fa9b1a7	41	#include "rfc1738.h"
60dbdd1f	42	#include "util.h"
60dbdd1f	43
074d6a40 AJ	44	#include <csignal>
074d6a40 AJ	45	#include <cstring>
94439e4e	46	#include <syslog.h>
94439e4e	47
b40a659a	48	#include "msntauth.h"
6d73604c	49
b40a659a	50	extern char version[];
5d0299ec	51	char msntauth_version[] = "Msntauth v2.0.3 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 26 Jun 2002";
94439e4e	52
	53	/* Main program for simple authentication.
	54	* Reads the denied user file. Sets alarm timer.
	55	* Scans and checks for Squid input, and attempts to validate the user.
	56	*/
	57
	58	int
eb073b3b	59	main(int argc, char **argv)
94439e4e	60	{
	61	char username[256];
	62	char password[256];
	63	char wstr[256];
811c6e76	64	int err = 0;
94439e4e	65
eb073b3b	66	openlog("msnt_auth", LOG_PID, LOG_USER);
	67	setbuf(stdout, NULL);
	68
94439e4e	69	/* Read configuration file. Abort wildly if error. */
94439e4e	70	if (OpenConfigFile() == 1)
26ac0430	71	return 1;
94439e4e	72
eb073b3b	73	/*
eb073b3b	74	* Read denied and allowed user files.
94439e4e	75	* If they fails, there is a serious problem.
94439e4e	76	* Check syslog messages. Deny all users while in this state.
eb073b3b	77	* The msntauth process should then be killed.
eb073b3b	78	*/
94439e4e	79	if ((Read_denyusers() == 1) \|\| (Read_allowusers() == 1)) {
26ac0430 AJ	80	while (1) {
26ac0430 AJ	81	memset(wstr, '\0', sizeof(wstr));
27759484 AJ	82	if (fgets(wstr, 255, stdin) == NULL)
27759484 AJ	83	break;
26ac0430 AJ	84	puts("ERR");
26ac0430 AJ	85	}
27759484	86	return 1;
94439e4e	87	}
27759484	88
eb073b3b	89	/*
eb073b3b	90	* Make Check_forchange() the handle for HUP signals.
94439e4e	91	* Don't use alarms any more. I don't think it was very
eb073b3b	92	* portable between systems.
	93	* XXX this should be sigaction()
	94	*/
94439e4e	95	signal(SIGHUP, Check_forchange);
	96
	97	while (1) {
26ac0430 AJ	98	int n;
	99	/* Read whole line from standard input. Terminate on break. */
	100	memset(wstr, '\0', sizeof(wstr));
	101	if (fgets(wstr, 255, stdin) == NULL)
	102	break;
	103	/* ignore this line if we didn't get the end-of-line marker */
	104	if (NULL == strchr(wstr, '\n')) {
	105	err = 1;
	106	continue;
	107	}
	108	if (err) {
	109	syslog(LOG_WARNING, "oversized message");
27759484 AJ	110	puts("ERR");
	111	err = 0;
	112	continue;
26ac0430	113	}
94439e4e	114
26ac0430 AJ	115	/*
	116	* extract username and password.
	117	* XXX is sscanf() safe?
	118	*/
	119	username[0] = '\0';
	120	password[0] = '\0';
	121	n = sscanf(wstr, "%s %[^\n]", username, password);
	122	if (2 != n) {
	123	puts("ERR");
	124	continue;
	125	}
	126	/* Check for invalid or blank entries */
	127	if ((username[0] == '\0') \|\| (password[0] == '\0')) {
	128	puts("ERR");
	129	continue;
	130	}
	131	Checktimer(); /* Check if the user lists have changed */
94439e4e	132
26ac0430 AJ	133	rfc1738_unescape(username);
26ac0430 AJ	134	rfc1738_unescape(password);
9bbd1655	135
26ac0430 AJ	136	/*
	137	* Check if user is explicitly denied or allowed.
	138	* If user passes both checks, they can be authenticated.
	139	*/
	140	if (Check_user(username) == 1) {
	141	syslog(LOG_INFO, "'%s' denied", username);
	142	puts("ERR");
	143	} else if (QueryServers(username, password) == 0)
	144	puts("OK");
	145	else {
	146	syslog(LOG_INFO, "'%s' login failed", username);
26ac0430 AJ	147	puts("ERR");
	148	}
	149	err = 0;
94439e4e	150	}
	151
	152	return 0;
	153	}