]>
Commit | Line | Data |
---|---|---|
5b95b903 | 1 | /* |
bde978a6 | 2 | * Copyright (C) 1996-2015 The Squid Software Foundation and contributors |
5b95b903 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
94439e4e | 9 | /* |
5a48ed18 | 10 | * basic_smb_auth - SMB proxy authentication module |
94439e4e | 11 | * Copyright (C) 1998 Richard Huveneers <richard@hekkihek.hacom.nl> |
12 | * | |
13 | * This program is free software; you can redistribute it and/or modify | |
14 | * it under the terms of the GNU General Public License as published by | |
15 | * the Free Software Foundation; either version 2 of the License, or | |
16 | * (at your option) any later version. | |
17 | * | |
18 | * This program is distributed in the hope that it will be useful, | |
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | * GNU General Public License for more details. | |
22 | * | |
23 | * You should have received a copy of the GNU General Public License | |
24 | * along with this program; if not, write to the Free Software | |
94439e4e | 25 | */ |
5b95b903 | 26 | |
f7f3304a | 27 | #include "squid.h" |
e673ba3a | 28 | #include "helpers/defines.h" |
5a48ed18 AJ |
29 | #include "rfc1738.h" |
30 | #include "util.h" | |
94439e4e | 31 | |
074d6a40 | 32 | #include <cstring> |
94439e4e | 33 | |
f53969cc SM |
34 | #define NMB_UNICAST 1 |
35 | #define NMB_BROADCAST 2 | |
94439e4e | 36 | |
37 | struct SMBDOMAIN { | |
f53969cc SM |
38 | const char *name; /* domain name */ |
39 | const char *sname; /* match this with user input */ | |
40 | const char *passthrough; /* pass-through authentication */ | |
41 | const char *nmbaddr; /* name service address */ | |
42 | int nmbcast; /* broadcast or unicast */ | |
43 | char *authshare; /* share name of auth file */ | |
44 | const char *authfile; /* pathname of auth file */ | |
45 | struct SMBDOMAIN *next; /* linked list */ | |
94439e4e | 46 | }; |
47 | ||
48 | struct SMBDOMAIN *firstdom = NULL; | |
49 | struct SMBDOMAIN *lastdom = NULL; | |
50 | ||
51 | /* | |
52 | * escape the backslash character, since it has a special meaning | |
53 | * to the read command of the bourne shell. | |
54 | */ | |
55 | ||
56 | void | |
57 | print_esc(FILE * p, char *s) | |
58 | { | |
e673ba3a | 59 | char buf[HELPER_INPUT_BUFFER]; |
94439e4e | 60 | char *t; |
61 | int i = 0; | |
62 | ||
755494da | 63 | for (t = s; *t != '\0'; ++t) { |
1137dfd5 AJ |
64 | /* |
65 | * NP: The shell escaping permits 'i' to jump up to 2 octets per loop, | |
66 | * so ensure we have at least 3 free. | |
67 | */ | |
68 | if (i > HELPER_INPUT_BUFFER-3) { | |
26ac0430 AJ |
69 | buf[i] = '\0'; |
70 | (void) fputs(buf, p); | |
71 | i = 0; | |
72 | } | |
73 | if (*t == '\\') | |
74 | buf[i++] = '\\'; | |
94439e4e | 75 | |
f207fe64 FC |
76 | buf[i] = *t; |
77 | ++i; | |
94439e4e | 78 | } |
79 | ||
80 | if (i > 0) { | |
26ac0430 AJ |
81 | buf[i] = '\0'; |
82 | (void) fputs(buf, p); | |
94439e4e | 83 | } |
84 | } | |
85 | ||
86 | int | |
87 | main(int argc, char *argv[]) | |
88 | { | |
89 | int i; | |
e673ba3a | 90 | char buf[HELPER_INPUT_BUFFER]; |
94439e4e | 91 | struct SMBDOMAIN *dom; |
92 | char *s; | |
93 | char *user; | |
94 | char *pass; | |
95 | char *domname; | |
96 | FILE *p; | |
4327acf1 | 97 | const char *shcmd; |
94439e4e | 98 | |
99 | /* make standard output line buffered */ | |
100 | if (setvbuf(stdout, NULL, _IOLBF, 0) != 0) | |
26ac0430 | 101 | return 1; |
94439e4e | 102 | |
103 | /* parse command line arguments */ | |
755494da | 104 | for (i = 1; i < argc; ++i) { |
26ac0430 | 105 | if (strcmp(argv[i], "-d") == 0) { |
e673ba3a | 106 | debug_enabled = 1; |
26ac0430 AJ |
107 | continue; |
108 | } | |
109 | /* the next options require an argument */ | |
110 | if (i + 1 == argc) | |
111 | break; | |
94439e4e | 112 | |
26ac0430 AJ |
113 | if (strcmp(argv[i], "-W") == 0) { |
114 | if ((dom = (struct SMBDOMAIN *) malloc(sizeof(struct SMBDOMAIN))) == NULL) | |
115 | return 1; | |
94439e4e | 116 | |
26ac0430 AJ |
117 | dom->name = dom->sname = argv[++i]; |
118 | dom->passthrough = ""; | |
119 | dom->nmbaddr = ""; | |
120 | dom->nmbcast = NMB_BROADCAST; | |
4327acf1 | 121 | dom->authshare = (char *)"NETLOGON"; |
26ac0430 AJ |
122 | dom->authfile = "proxyauth"; |
123 | dom->next = NULL; | |
94439e4e | 124 | |
26ac0430 AJ |
125 | /* append to linked list */ |
126 | if (lastdom != NULL) | |
127 | lastdom->next = dom; | |
128 | else | |
129 | firstdom = dom; | |
94439e4e | 130 | |
26ac0430 AJ |
131 | lastdom = dom; |
132 | continue; | |
133 | } | |
134 | if (strcmp(argv[i], "-w") == 0) { | |
135 | if (lastdom != NULL) | |
136 | lastdom->sname = argv[++i]; | |
137 | continue; | |
138 | } | |
139 | if (strcmp(argv[i], "-P") == 0) { | |
140 | if (lastdom != NULL) | |
141 | lastdom->passthrough = argv[++i]; | |
142 | continue; | |
143 | } | |
144 | if (strcmp(argv[i], "-B") == 0) { | |
145 | if (lastdom != NULL) { | |
146 | lastdom->nmbaddr = argv[++i]; | |
147 | lastdom->nmbcast = NMB_BROADCAST; | |
148 | } | |
149 | continue; | |
150 | } | |
151 | if (strcmp(argv[i], "-U") == 0) { | |
152 | if (lastdom != NULL) { | |
153 | lastdom->nmbaddr = argv[++i]; | |
154 | lastdom->nmbcast = NMB_UNICAST; | |
155 | } | |
156 | continue; | |
157 | } | |
158 | if (strcmp(argv[i], "-S") == 0) { | |
159 | if (lastdom != NULL) { | |
bb85e424 | 160 | if ((lastdom->authshare = xstrdup(argv[++i])) == NULL) |
26ac0430 | 161 | return 1; |
94439e4e | 162 | |
26ac0430 | 163 | /* convert backslashes to forward slashes */ |
755494da | 164 | for (s = lastdom->authshare; *s != '\0'; ++s) |
26ac0430 AJ |
165 | if (*s == '\\') |
166 | *s = '/'; | |
94439e4e | 167 | |
26ac0430 AJ |
168 | /* strip leading forward slash from share name */ |
169 | if (*lastdom->authshare == '/') | |
755494da | 170 | ++lastdom->authshare; |
94439e4e | 171 | |
26ac0430 AJ |
172 | if ((s = strchr(lastdom->authshare, '/')) != NULL) { |
173 | *s = '\0'; | |
174 | lastdom->authfile = s + 1; | |
175 | } | |
176 | } | |
177 | continue; | |
178 | } | |
94439e4e | 179 | } |
180 | ||
e673ba3a | 181 | shcmd = debug_enabled ? HELPERSCRIPT : HELPERSCRIPT " > /dev/null 2>&1"; |
94439e4e | 182 | |
e673ba3a | 183 | while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) { |
94439e4e | 184 | |
26ac0430 AJ |
185 | if ((s = strchr(buf, '\n')) == NULL) |
186 | continue; | |
187 | *s = '\0'; | |
94439e4e | 188 | |
26ac0430 | 189 | if ((s = strchr(buf, ' ')) == NULL) { |
e673ba3a | 190 | SEND_ERR(""); |
26ac0430 AJ |
191 | continue; |
192 | } | |
193 | *s = '\0'; | |
94439e4e | 194 | |
26ac0430 AJ |
195 | user = buf; |
196 | pass = s + 1; | |
197 | domname = NULL; | |
94439e4e | 198 | |
26ac0430 AJ |
199 | rfc1738_unescape(user); |
200 | rfc1738_unescape(pass); | |
25858293 | 201 | |
26ac0430 AJ |
202 | if ((s = strchr(user, '\\')) != NULL) { |
203 | *s = '\0'; | |
204 | domname = user; | |
205 | user = s + 1; | |
206 | } | |
207 | /* match domname with linked list */ | |
208 | if (domname != NULL && strlen(domname) > 0) { | |
209 | for (dom = firstdom; dom != NULL; dom = dom->next) | |
210 | if (strcasecmp(dom->sname, domname) == 0) | |
211 | break; | |
212 | } else | |
213 | dom = firstdom; | |
94439e4e | 214 | |
26ac0430 | 215 | if (dom == NULL) { |
e673ba3a | 216 | SEND_ERR(""); |
26ac0430 AJ |
217 | continue; |
218 | } | |
219 | if ((p = popen(shcmd, "w")) == NULL) { | |
e673ba3a | 220 | SEND_ERR(""); |
26ac0430 AJ |
221 | continue; |
222 | } | |
223 | (void) fprintf(p, "%s\n", dom->name); | |
224 | (void) fprintf(p, "%s\n", dom->passthrough); | |
225 | (void) fprintf(p, "%s\n", dom->nmbaddr); | |
226 | (void) fprintf(p, "%d\n", dom->nmbcast); | |
227 | (void) fprintf(p, "%s\n", dom->authshare); | |
228 | (void) fprintf(p, "%s\n", dom->authfile); | |
229 | (void) fprintf(p, "%s\n", user); | |
230 | /* the password can contain special characters */ | |
231 | print_esc(p, pass); | |
232 | (void) fputc('\n', p); | |
233 | (void) fflush(p); | |
94439e4e | 234 | |
26ac0430 | 235 | if (pclose(p) == 0) |
e673ba3a | 236 | SEND_OK(""); |
26ac0430 | 237 | else |
e673ba3a | 238 | SEND_ERR(""); |
f53969cc | 239 | } /* while (1) */ |
94439e4e | 240 | return 0; |
241 | } | |
f53969cc | 242 |