[thirdparty/squid.git] / helpers / basic_auth / SSPI / basic_sspi_auth.cc

/*
  NT_auth -  Version 2.0

  Returns OK for a successful authentication, or ERR upon error.

  Guido Serassio, Torino - Italy

  Uses code from -
    Antonino Iannella 2000
    Andrew Tridgell 1997
    Richard Sharpe 1996
    Bill Welliver 1999

 * Distributed freely under the terms of the GNU General Public License,
 * version 2. See the file COPYING for licensing details
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.

 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
*/

#include "squid.h"
#include "helpers/defines.h"
#include "util.h"

#if HAVE_STDIO_H
#include <stdio.h>
#endif
#if GETOPT_H
#include <getopt.h>
#endif

/* Check if we try to compile on a Windows Platform */
#if !_SQUID_WINDOWS_
/* NON Windows Platform !!! */
#error NON WINDOWS PLATFORM
#endif

#include "valid.h"

static char NTGroup[256];
char * NTAllowedGroup;
char * NTDisAllowedGroup;
int UseDisallowedGroup = 0;
int UseAllowedGroup = 0;
int debug_enabled = 0;

/*
 * options:
 * -A can specify a Windows Local Group name allowed to authenticate.
 * -D can specify a Windows Local Group name not allowed to authenticate.
 * -O can specify the default Domain against to authenticate.
 */
char *my_program_name = NULL;

void
usage()
{
    fprintf(stderr, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
            "-A can specify a Windows Local Group name allowed to authenticate\n"
            "-D can specify a Windows Local Group name not allowed to authenticate\n"
            "-O can specify the default Domain against to authenticate\n"
            "-d enable debugging.\n"
            "-h this message\n\n",
            my_program_name);
}

void
process_options(int argc, char *argv[])
{
    int opt;
    while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
        switch (opt) {
        case 'A':
            safe_free(NTAllowedGroup);
            NTAllowedGroup=xstrdup(optarg);
            UseAllowedGroup = 1;
            break;
        case 'D':
            safe_free(NTDisAllowedGroup);
            NTDisAllowedGroup=xstrdup(optarg);
            UseDisallowedGroup = 1;
            break;
        case 'O':
            strncpy(Default_NTDomain, optarg, DNLEN);
            break;
        case 'd':
            debug_enabled = 1;
            break;
        case 'h':
            usage(argv[0]);
            exit(0);
        case '?':
            opt = optopt;
            /* fall thru to default */
        default:
            fprintf(stderr, "FATAL: Unknown option: -%c\n", opt);
            usage();
            exit(1);
        }
    }
}

/* Main program for simple authentication.
   Scans and checks for Squid input, and attempts to validate the user.
*/
int
main(int argc, char **argv)
{
    char wstr[HELPER_INPUT_BUFFER];
    char username[256];
    char password[256];
    char *p;
    int err = 0;

    my_program_name = argv[0];
    process_options(argc, argv);

    if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) {
        fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n");
        exit(1);
    }
    debug("SSPI initialized OK\n");

    atexit(UnloadSecurityDll);

    /* initialize FDescs */
    setbuf(stdout, NULL);
    setbuf(stderr, NULL);

    while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) {

        if (NULL == strchr(wstr, '\n')) {
            err = 1;
            continue;
        }
        if (err) {
            SEND_ERR("Oversized message");
            err = 0;
            fflush(stdout);
            continue;
        }

        if ((p = strchr(wstr, '\n')) != NULL)
            *p = '\0';		/* strip \n */
        if ((p = strchr(wstr, '\r')) != NULL)
            *p = '\0';		/* strip \r */
        /* Clear any current settings */
        username[0] = '\0';
        password[0] = '\0';
        sscanf(wstr, "%s %s", username, password);	/* Extract parameters */

        debug("Got %s from Squid\n", wstr);

        /* Check for invalid or blank entries */
        if ((username[0] == '\0') || (password[0] == '\0')) {
            SEND_ERR("Invalid Request");
            fflush(stdout);
            continue;
        }
        rfc1738_unescape(username);
        rfc1738_unescape(password);

        debug("Trying to validate; %s %s\n", username, password);

        if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
            SEND_OK("");
        else
            SEND_ERR(errormsg);
        err = 0;
        fflush(stdout);
    }
    return 0;
}
Commit	Line	Data
6e785d85	1	/*
	2	NT_auth - Version 2.0
	3
	4	Returns OK for a successful authentication, or ERR upon error.
	5
	6	Guido Serassio, Torino - Italy
	7
	8	Uses code from -
	9	Antonino Iannella 2000
	10	Andrew Tridgell 1997
	11	Richard Sharpe 1996
	12	Bill Welliver 1999
	13
	14	* Distributed freely under the terms of the GNU General Public License,
	15	* version 2. See the file COPYING for licensing details
	16	*
	17	* This program is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU General Public License for more details.
26ac0430	21
6e785d85	22	* You should have received a copy of the GNU General Public License
	23	* along with this program; if not, write to the Free Software
	24	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	25	*/
	26
f7f3304a	27	#include "squid.h"
43fed740	28	#include "helpers/defines.h"
5a48ed18 AJ	29	#include "util.h"
	30
	31	#if HAVE_STDIO_H
26ac0430	32	#include <stdio.h>
5a48ed18 AJ	33	#endif
5a48ed18 AJ	34	#if GETOPT_H
26ac0430	35	#include <getopt.h>
5a48ed18	36	#endif
6e785d85	37
6e785d85	38	/* Check if we try to compile on a Windows Platform */
be266cb2 AJ	39	#if !_SQUID_WINDOWS_
	40	/* NON Windows Platform !!! */
	41	#error NON WINDOWS PLATFORM
	42	#endif
6e785d85	43
	44	#include "valid.h"
	45
	46	static char NTGroup[256];
	47	char * NTAllowedGroup;
	48	char * NTDisAllowedGroup;
	49	int UseDisallowedGroup = 0;
	50	int UseAllowedGroup = 0;
	51	int debug_enabled = 0;
	52
	53	/*
	54	* options:
	55	* -A can specify a Windows Local Group name allowed to authenticate.
	56	* -D can specify a Windows Local Group name not allowed to authenticate.
	57	* -O can specify the default Domain against to authenticate.
	58	*/
	59	char *my_program_name = NULL;
	60
	61	void
	62	usage()
	63	{
43fed740	64	fprintf(stderr, "Usage:\n%s [-A\|D UserGroup][-O DefaultDomain][-d]\n"
26ac0430 AJ	65	"-A can specify a Windows Local Group name allowed to authenticate\n"
	66	"-D can specify a Windows Local Group name not allowed to authenticate\n"
	67	"-O can specify the default Domain against to authenticate\n"
	68	"-d enable debugging.\n"
	69	"-h this message\n\n",
43fed740	70	my_program_name);
6e785d85	71	}
	72
	73	void
	74	process_options(int argc, char *argv[])
	75	{
43fed740	76	int opt;
6e785d85	77	while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
26ac0430 AJ	78	switch (opt) {
	79	case 'A':
	80	safe_free(NTAllowedGroup);
	81	NTAllowedGroup=xstrdup(optarg);
	82	UseAllowedGroup = 1;
	83	break;
	84	case 'D':
	85	safe_free(NTDisAllowedGroup);
	86	NTDisAllowedGroup=xstrdup(optarg);
	87	UseDisallowedGroup = 1;
	88	break;
	89	case 'O':
	90	strncpy(Default_NTDomain, optarg, DNLEN);
	91	break;
	92	case 'd':
	93	debug_enabled = 1;
	94	break;
	95	case 'h':
	96	usage(argv[0]);
	97	exit(0);
	98	case '?':
	99	opt = optopt;
	100	/* fall thru to default */
	101	default:
43fed740 AJ	102	fprintf(stderr, "FATAL: Unknown option: -%c\n", opt);
	103	usage();
	104	exit(1);
26ac0430	105	}
6e785d85	106	}
6e785d85	107	}
	108
	109	/* Main program for simple authentication.
	110	Scans and checks for Squid input, and attempts to validate the user.
	111	*/
6e785d85	112	int
6e785d85	113	main(int argc, char **argv)
6e785d85	114	{
43fed740	115	char wstr[HELPER_INPUT_BUFFER];
6e785d85	116	char username[256];
	117	char password[256];
	118	char *p;
	119	int err = 0;
	120
	121	my_program_name = argv[0];
	122	process_options(argc, argv);
	123
6e785d85	124	if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) {
43fed740	125	fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n");
26ac0430	126	exit(1);
6e785d85	127	}
	128	debug("SSPI initialized OK\n");
	129
	130	atexit(UnloadSecurityDll);
	131
26ac0430	132	/* initialize FDescs */
6e785d85	133	setbuf(stdout, NULL);
	134	setbuf(stderr, NULL);
	135
43fed740	136	while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) {
26ac0430 AJ	137
	138	if (NULL == strchr(wstr, '\n')) {
	139	err = 1;
	140	continue;
	141	}
	142	if (err) {
43fed740 AJ	143	SEND_ERR("Oversized message");
	144	err = 0;
	145	fflush(stdout);
	146	continue;
26ac0430 AJ	147	}
	148
	149	if ((p = strchr(wstr, '\n')) != NULL)
	150	p = '\0'; / strip \n */
	151	if ((p = strchr(wstr, '\r')) != NULL)
	152	p = '\0'; / strip \r */
	153	/* Clear any current settings */
	154	username[0] = '\0';
	155	password[0] = '\0';
	156	sscanf(wstr, "%s %s", username, password); /* Extract parameters */
6e785d85	157
	158	debug("Got %s from Squid\n", wstr);
	159
26ac0430 AJ	160	/* Check for invalid or blank entries */
26ac0430 AJ	161	if ((username[0] == '\0') \|\| (password[0] == '\0')) {
43fed740	162	SEND_ERR("Invalid Request");
26ac0430 AJ	163	fflush(stdout);
	164	continue;
	165	}
	166	rfc1738_unescape(username);
	167	rfc1738_unescape(password);
6e785d85	168
	169	debug("Trying to validate; %s %s\n", username, password);
	170
26ac0430	171	if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
43fed740	172	SEND_OK("");
26ac0430	173	else
43fed740	174	SEND_ERR(errormsg);
26ac0430 AJ	175	err = 0;
26ac0430 AJ	176	fflush(stdout);
6e785d85	177	}
	178	return 0;
	179	}