[thirdparty/squid.git] / helpers / basic_auth / SMB / smb_auth.sh

#!/bin/sh
#
# smb_auth - SMB proxy authentication module
# Copyright (C) 1998  Richard Huveneers <richard@hekkihek.hacom.nl>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

read DOMAINNAME
read PASSTHROUGH
read NMBADDR
read NMBCAST
read AUTHSHARE
read AUTHFILE
read SMBUSER
read SMBPASS

# Find domain controller
echo "Domain name: $DOMAINNAME"
if [ -n "$PASSTHROUGH" ]
then
  echo "Pass-through authentication: yes: $PASSTHROUGH"
else
  echo "Pass-through authentication: no"
  PASSTHROUGH="$DOMAINNAME"
fi
if [ -n "$NMBADDR" ]
then
  if [ "$NMBCAST" = "1" ]
  then
    addropt="-U $NMBADDR -R"
  else
    addropt="-B $NMBADDR"
  fi
else
  addropt=""
fi
echo "Query address options: $addropt"
dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
echo "Domain controller IP address: $dcip"
[ -n "$dcip" ] || exit 1

# All right, we have the IP address of a domain controller,
# but we need its name too
dcname=`$SAMBAPREFIX/bin/nmblookup -A $dcip | awk '$2 == "<00>" { print $1 ; exit }'`
echo "Domain controller NETBIOS name: $dcname"
[ -n "$dcname" ] || exit 1

# Pass password to smbclient through environment. Not really safe.
USER="$SMBUSER%$SMBPASS"
export USER

# Read the contents of the file $AUTHFILE on the $AUTHSHARE share
authfilebs=`echo "$AUTHFILE" | tr / '\\\\'`
authinfo=`$SAMBAPREFIX/bin/smbclient "//$dcname/$AUTHSHARE" -I $dcip -d 0 -E -W "$DOMAINNAME" -c "get $authfilebs -" 2>/dev/null`
echo "Contents of //$dcname/$AUTHSHARE/$AUTHFILE: $authinfo"

# Allow for both \n and \r\n end-of-line termination
[ "$authinfo" = "allow" -o "$authinfo" = "allow\r" ] || exit 1
exit 0
Commit	Line	Data
94439e4e	1	#!/bin/sh
	2	#
	3	# smb_auth - SMB proxy authentication module
	4	# Copyright (C) 1998 Richard Huveneers <richard@hekkihek.hacom.nl>
	5	#
	6	# This program is free software; you can redistribute it and/or modify
	7	# it under the terms of the GNU General Public License as published by
	8	# the Free Software Foundation; either version 2 of the License, or
	9	# (at your option) any later version.
	10	#
	11	# This program is distributed in the hope that it will be useful,
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	# GNU General Public License for more details.
	15	#
	16	# You should have received a copy of the GNU General Public License
	17	# along with this program; if not, write to the Free Software
	18	# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	19
	20	read DOMAINNAME
	21	read PASSTHROUGH
	22	read NMBADDR
	23	read NMBCAST
	24	read AUTHSHARE
	25	read AUTHFILE
	26	read SMBUSER
	27	read SMBPASS
	28
	29	# Find domain controller
	30	echo "Domain name: $DOMAINNAME"
	31	if [ -n "$PASSTHROUGH" ]
	32	then
	33	echo "Pass-through authentication: yes: $PASSTHROUGH"
	34	else
	35	echo "Pass-through authentication: no"
	36	PASSTHROUGH="$DOMAINNAME"
	37	fi
	38	if [ -n "$NMBADDR" ]
	39	then
	40	if [ "$NMBCAST" = "1" ]
	41	then
	42	addropt="-U $NMBADDR -R"
	43	else
	44	addropt="-B $NMBADDR"
	45	fi
	46	else
	47	addropt=""
	48	fi
	49	echo "Query address options: $addropt"
	50	dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" \| awk '/^[0-9.]+ / { print $1 ; exit }'`
	51	echo "Domain controller IP address: $dcip"
	52	[ -n "$dcip" ] \|\| exit 1
	53
	54	# All right, we have the IP address of a domain controller,
	55	# but we need its name too
	56	dcname=`$SAMBAPREFIX/bin/nmblookup -A $dcip \| awk '$2 == "<00>" { print $1 ; exit }'`
	57	echo "Domain controller NETBIOS name: $dcname"
	58	[ -n "$dcname" ] \|\| exit 1
	59
	60	# Pass password to smbclient through environment. Not really safe.
	61	USER="$SMBUSER%$SMBPASS"
	62	export USER
	63
	64	# Read the contents of the file $AUTHFILE on the $AUTHSHARE share
65	authfilebs=`echo "$AUTHFILE" \| tr / '\\\\'`
66	authinfo=`$SAMBAPREFIX/bin/smbclient "//$dcname/$AUTHSHARE" -I $dcip -d 0 -E -W "$DOMAINNAME" -c "get $authfilebs -" 2>/dev/null`
67	echo "Contents of //$dcname/$AUTHSHARE/$AUTHFILE: $authinfo"
68
69	# Allow for both \n and \r\n end-of-line termination
70	[ "$authinfo" = "allow" -o "$authinfo" = "allow\r" ] \|\| exit 1
71	exit 0