[thirdparty/squid.git] / helpers / basic_auth / NCSA / ncsa_auth.c

/*
 * ncsa_auth.c
 *
 * AUTHOR: Arjan de Vet <Arjan.deVet@adv.iae.nl>
 *
 * Example authentication program for Squid, based on the original
 * proxy_auth code from client_side.c, written by
 * Jon Thackray <jrmt@uk.gdscorp.com>.
 *
 * Uses a NCSA httpd style password file for authentication with the
 * following improvements suggested by various people:
 *
 * - comment lines are possible and should start with a '#';
 * - empty or blank lines are possible;
 * - extra fields in the password file are ignored; this makes it
 *   possible to use a Unix password file but I do not recommend that.
 *
 */

#include "config.h"
#if HAVE_STDIO_H
#include <stdio.h>
#endif
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#if HAVE_STRING_H
#include <string.h>
#endif
#if HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#if HAVE_CRYPT_H
#include <crypt.h>
#endif

#include "util.h"
#include "hash.h"
#include "crypt_md5.h"

static hash_table *hash = NULL;
static HASHFREE my_free;

typedef struct _user_data {
    /* first two items must be same as hash_link */
    char *user;
    struct _user_data *next;
    char *passwd;
} user_data;

static void
my_free(void *p)
{
    user_data *u = p;
    xfree(u->user);
    xfree(u->passwd);
    xfree(u);
}

static void
read_passwd_file(const char *passwdfile)
{
    FILE *f;
    char buf[8192];
    user_data *u;
    char *user;
    char *passwd;
    if (hash != NULL) {
	hashFreeItems(hash, my_free);
	hashFreeMemory(hash);
    }
    /* initial setup */
    hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
    if (NULL == hash) {
	fprintf(stderr, "ncsa_auth: cannot create hash table\n");
	exit(1);
    }
    f = fopen(passwdfile, "r");
    if (NULL == f) {
	fprintf(stderr, "%s: %s\n", passwdfile, xstrerror());
	exit(1);
    }
    while (fgets(buf, 8192, f) != NULL) {
	if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
	    (buf[0] == '\n'))
	    continue;
	user = strtok(buf, ":\n\r");
	passwd = strtok(NULL, ":\n\r");
	if ((strlen(user) > 0) && passwd) {
	    u = xmalloc(sizeof(*u));
	    u->user = xstrdup(user);
	    u->passwd = xstrdup(passwd);
	    hash_join(hash, (hash_link *) u);
	}
    }
    fclose(f);
}

int
main(int argc, char **argv)
{
    struct stat sb;
    time_t change_time = -1;
    char buf[256];
    char *user, *passwd, *p;
    user_data *u;
    setbuf(stdout, NULL);
    if (argc != 2) {
	fprintf(stderr, "Usage: ncsa_auth <passwordfile>\n");
	exit(1);
    }
    if (stat(argv[1], &sb) != 0) {
	fprintf(stderr, "cannot stat %s\n", argv[1]);
	exit(1);
    }
    while (fgets(buf, 256, stdin) != NULL) {
	if ((p = strchr(buf, '\n')) != NULL)
	    *p = '\0';		/* strip \n */
	if (stat(argv[1], &sb) == 0) {
	    if (sb.st_mtime != change_time) {
		read_passwd_file(argv[1]);
		change_time = sb.st_mtime;
	    }
	}
	if ((user = strtok(buf, " ")) == NULL) {
	    printf("ERR\n");
	    continue;
	}
	if ((passwd = strtok(NULL, "")) == NULL) {
	    printf("ERR\n");
	    continue;
	}
	rfc1738_unescape(user);
	rfc1738_unescape(passwd);
	u = (user_data *) hash_lookup(hash, user);
	if (u == NULL) {
	    printf("ERR No such user\n");
	} else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
	    printf("OK\n");
	} else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) {
	    printf("OK\n");
	} else {
	    printf("ERR Wrong password\n");
	}
    }
    if (hash != NULL) {
	hashFreeItems(hash, my_free);
	hashFreeMemory(hash);
    }
    exit(0);
}
Commit	Line	Data
94439e4e	1	/*
	2	* ncsa_auth.c
	3	*
	4	* AUTHOR: Arjan de Vet <Arjan.deVet@adv.iae.nl>
	5	*
	6	* Example authentication program for Squid, based on the original
	7	* proxy_auth code from client_side.c, written by
	8	* Jon Thackray <jrmt@uk.gdscorp.com>.
	9	*
	10	* Uses a NCSA httpd style password file for authentication with the
	11	* following improvements suggested by various people:
	12	*
	13	* - comment lines are possible and should start with a '#';
	14	* - empty or blank lines are possible;
	15	* - extra fields in the password file are ignored; this makes it
	16	* possible to use a Unix password file but I do not recommend that.
	17	*
	18	*/
	19
	20	#include "config.h"
	21	#if HAVE_STDIO_H
	22	#include <stdio.h>
	23	#endif
	24	#if HAVE_STDLIB_H
	25	#include <stdlib.h>
	26	#endif
	27	#if HAVE_UNISTD_H
	28	#include <unistd.h>
	29	#endif
	30	#if HAVE_STRING_H
	31	#include <string.h>
	32	#endif
	33	#if HAVE_SYS_TYPES_H
	34	#include <sys/types.h>
	35	#endif
	36	#if HAVE_SYS_STAT_H
	37	#include <sys/stat.h>
	38	#endif
	39	#if HAVE_CRYPT_H
	40	#include <crypt.h>
	41	#endif
	42
	43	#include "util.h"
	44	#include "hash.h"
363a8ce8	45	#include "crypt_md5.h"
94439e4e	46
	47	static hash_table *hash = NULL;
	48	static HASHFREE my_free;
	49
	50	typedef struct _user_data {
	51	/* first two items must be same as hash_link */
	52	char *user;
	53	struct _user_data *next;
	54	char *passwd;
	55	} user_data;
	56
	57	static void
	58	my_free(void *p)
	59	{
	60	user_data *u = p;
	61	xfree(u->user);
	62	xfree(u->passwd);
	63	xfree(u);
	64	}
	65
	66	static void
	67	read_passwd_file(const char *passwdfile)
	68	{
	69	FILE *f;
	70	char buf[8192];
	71	user_data *u;
	72	char *user;
	73	char *passwd;
	74	if (hash != NULL) {
	75	hashFreeItems(hash, my_free);
5fb27788	76	hashFreeMemory(hash);
94439e4e	77	}
	78	/* initial setup */
	79	hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
	80	if (NULL == hash) {
	81	fprintf(stderr, "ncsa_auth: cannot create hash table\n");
	82	exit(1);
	83	}
	84	f = fopen(passwdfile, "r");
a2897c13	85	if (NULL == f) {
	86	fprintf(stderr, "%s: %s\n", passwdfile, xstrerror());
	87	exit(1);
	88	}
94439e4e	89	while (fgets(buf, 8192, f) != NULL) {
	90	if ((buf[0] == '#') \|\| (buf[0] == ' ') \|\| (buf[0] == '\t') \|\|
	91	(buf[0] == '\n'))
	92	continue;
07f9c91c	93	user = strtok(buf, ":\n\r");
07f9c91c	94	passwd = strtok(NULL, ":\n\r");
94439e4e	95	if ((strlen(user) > 0) && passwd) {
	96	u = xmalloc(sizeof(*u));
	97	u->user = xstrdup(user);
	98	u->passwd = xstrdup(passwd);
	99	hash_join(hash, (hash_link *) u);
	100	}
	101	}
	102	fclose(f);
	103	}
	104
	105	int
	106	main(int argc, char **argv)
	107	{
	108	struct stat sb;
407e1c93	109	time_t change_time = -1;
94439e4e	110	char buf[256];
	111	char user, passwd, *p;
	112	user_data *u;
	113	setbuf(stdout, NULL);
	114	if (argc != 2) {
	115	fprintf(stderr, "Usage: ncsa_auth <passwordfile>\n");
	116	exit(1);
	117	}
	118	if (stat(argv[1], &sb) != 0) {
	119	fprintf(stderr, "cannot stat %s\n", argv[1]);
	120	exit(1);
	121	}
	122	while (fgets(buf, 256, stdin) != NULL) {
	123	if ((p = strchr(buf, '\n')) != NULL)
	124	p = '\0'; / strip \n */
	125	if (stat(argv[1], &sb) == 0) {
	126	if (sb.st_mtime != change_time) {
	127	read_passwd_file(argv[1]);
	128	change_time = sb.st_mtime;
	129	}
	130	}
	131	if ((user = strtok(buf, " ")) == NULL) {
	132	printf("ERR\n");
	133	continue;
	134	}
	135	if ((passwd = strtok(NULL, "")) == NULL) {
	136	printf("ERR\n");
	137	continue;
	138	}
9bbd1655	139	rfc1738_unescape(user);
9bbd1655	140	rfc1738_unescape(passwd);
5fb27788	141	u = (user_data *) hash_lookup(hash, user);
94439e4e	142	if (u == NULL) {
0a0c70cd	143	printf("ERR No such user\n");
363a8ce8	144	} else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
	145	printf("OK\n");
	146	} else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) {
94439e4e	147	printf("OK\n");
363a8ce8	148	} else {
0a0c70cd	149	printf("ERR Wrong password\n");
94439e4e	150	}
94439e4e	151	}
5fb27788	152	if (hash != NULL) {
	153	hashFreeItems(hash, my_free);
	154	hashFreeMemory(hash);
	155	}
94439e4e	156	exit(0);
94439e4e	157	}