]>
Commit | Line | Data |
---|---|---|
5b95b903 AJ |
1 | /* |
2 | * Copyright (C) 1996-2014 The Squid Software Foundation and contributors | |
3 | * | |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
94439e4e | 9 | /* |
10 | * MSNT - Microsoft Windows NT domain squid authenticator module | |
6d73604c | 11 | * Version 2.0 by Stellar-X Pty Ltd, Antonino Iannella |
12 | * Sun Sep 2 14:39:53 CST 2001 | |
26ac0430 | 13 | * |
94439e4e | 14 | * Modified to act as a Squid authenticator module. |
15 | * Removed all Pike stuff. | |
16 | * Returns OK for a successful authentication, or ERR upon error. | |
26ac0430 | 17 | * |
94439e4e | 18 | * Uses code from - |
19 | * Andrew Tridgell 1997 | |
20 | * Richard Sharpe 1996 | |
21 | * Bill Welliver 1999 | |
6d73604c | 22 | * Duane Wessels 2000 (wessels@squid-cache.org) |
26ac0430 | 23 | * |
94439e4e | 24 | * Released under GNU Public License |
26ac0430 | 25 | * |
94439e4e | 26 | * This program is free software; you can redistribute it and/or modify |
27 | * it under the terms of the GNU General Public License as published by | |
28 | * the Free Software Foundation; either version 2 of the License, or | |
29 | * (at your option) any later version. | |
26ac0430 | 30 | * |
94439e4e | 31 | * This program is distributed in the hope that it will be useful, |
32 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
33 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
34 | * GNU General Public License for more details. | |
26ac0430 | 35 | * |
94439e4e | 36 | * You should have received a copy of the GNU General Public License |
37 | * along with this program; if not, write to the Free Software | |
38 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
39 | */ | |
f7f3304a | 40 | #include "squid.h" |
1fa9b1a7 | 41 | #include "rfc1738.h" |
60dbdd1f | 42 | #include "util.h" |
43 | ||
074d6a40 AJ |
44 | #include <csignal> |
45 | #include <cstring> | |
94439e4e | 46 | #include <syslog.h> |
94439e4e | 47 | |
b40a659a | 48 | #include "msntauth.h" |
6d73604c | 49 | |
b40a659a | 50 | extern char version[]; |
5d0299ec | 51 | char msntauth_version[] = "Msntauth v2.0.3 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 26 Jun 2002"; |
94439e4e | 52 | |
53 | /* Main program for simple authentication. | |
54 | * Reads the denied user file. Sets alarm timer. | |
55 | * Scans and checks for Squid input, and attempts to validate the user. | |
56 | */ | |
57 | ||
58 | int | |
eb073b3b | 59 | main(int argc, char **argv) |
94439e4e | 60 | { |
61 | char username[256]; | |
62 | char password[256]; | |
63 | char wstr[256]; | |
811c6e76 | 64 | int err = 0; |
94439e4e | 65 | |
eb073b3b | 66 | openlog("msnt_auth", LOG_PID, LOG_USER); |
67 | setbuf(stdout, NULL); | |
68 | ||
94439e4e | 69 | /* Read configuration file. Abort wildly if error. */ |
70 | if (OpenConfigFile() == 1) | |
26ac0430 | 71 | return 1; |
94439e4e | 72 | |
eb073b3b | 73 | /* |
74 | * Read denied and allowed user files. | |
94439e4e | 75 | * If they fails, there is a serious problem. |
76 | * Check syslog messages. Deny all users while in this state. | |
eb073b3b | 77 | * The msntauth process should then be killed. |
78 | */ | |
94439e4e | 79 | if ((Read_denyusers() == 1) || (Read_allowusers() == 1)) { |
26ac0430 AJ |
80 | while (1) { |
81 | memset(wstr, '\0', sizeof(wstr)); | |
27759484 AJ |
82 | if (fgets(wstr, 255, stdin) == NULL) |
83 | break; | |
26ac0430 AJ |
84 | puts("ERR"); |
85 | } | |
27759484 | 86 | return 1; |
94439e4e | 87 | } |
27759484 | 88 | |
eb073b3b | 89 | /* |
90 | * Make Check_forchange() the handle for HUP signals. | |
94439e4e | 91 | * Don't use alarms any more. I don't think it was very |
eb073b3b | 92 | * portable between systems. |
93 | * XXX this should be sigaction() | |
94 | */ | |
94439e4e | 95 | signal(SIGHUP, Check_forchange); |
96 | ||
97 | while (1) { | |
26ac0430 AJ |
98 | int n; |
99 | /* Read whole line from standard input. Terminate on break. */ | |
100 | memset(wstr, '\0', sizeof(wstr)); | |
101 | if (fgets(wstr, 255, stdin) == NULL) | |
102 | break; | |
103 | /* ignore this line if we didn't get the end-of-line marker */ | |
104 | if (NULL == strchr(wstr, '\n')) { | |
105 | err = 1; | |
106 | continue; | |
107 | } | |
108 | if (err) { | |
109 | syslog(LOG_WARNING, "oversized message"); | |
27759484 AJ |
110 | puts("ERR"); |
111 | err = 0; | |
112 | continue; | |
26ac0430 | 113 | } |
94439e4e | 114 | |
26ac0430 AJ |
115 | /* |
116 | * extract username and password. | |
117 | * XXX is sscanf() safe? | |
118 | */ | |
119 | username[0] = '\0'; | |
120 | password[0] = '\0'; | |
121 | n = sscanf(wstr, "%s %[^\n]", username, password); | |
122 | if (2 != n) { | |
123 | puts("ERR"); | |
124 | continue; | |
125 | } | |
126 | /* Check for invalid or blank entries */ | |
127 | if ((username[0] == '\0') || (password[0] == '\0')) { | |
128 | puts("ERR"); | |
129 | continue; | |
130 | } | |
131 | Checktimer(); /* Check if the user lists have changed */ | |
94439e4e | 132 | |
26ac0430 AJ |
133 | rfc1738_unescape(username); |
134 | rfc1738_unescape(password); | |
9bbd1655 | 135 | |
26ac0430 AJ |
136 | /* |
137 | * Check if user is explicitly denied or allowed. | |
138 | * If user passes both checks, they can be authenticated. | |
139 | */ | |
140 | if (Check_user(username) == 1) { | |
141 | syslog(LOG_INFO, "'%s' denied", username); | |
142 | puts("ERR"); | |
143 | } else if (QueryServers(username, password) == 0) | |
144 | puts("OK"); | |
145 | else { | |
146 | syslog(LOG_INFO, "'%s' login failed", username); | |
26ac0430 AJ |
147 | puts("ERR"); |
148 | } | |
149 | err = 0; | |
94439e4e | 150 | } |
151 | ||
152 | return 0; | |
153 | } |