]>
Commit | Line | Data |
---|---|---|
6e785d85 | 1 | /* |
2 | NT_auth - Version 2.0 | |
3 | ||
4 | Returns OK for a successful authentication, or ERR upon error. | |
5 | ||
6 | Guido Serassio, Torino - Italy | |
7 | ||
8 | Uses code from - | |
9 | Antonino Iannella 2000 | |
10 | Andrew Tridgell 1997 | |
11 | Richard Sharpe 1996 | |
12 | Bill Welliver 1999 | |
13 | ||
14 | * Distributed freely under the terms of the GNU General Public License, | |
15 | * version 2. See the file COPYING for licensing details | |
16 | * | |
17 | * This program is distributed in the hope that it will be useful, | |
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | * GNU General Public License for more details. | |
26ac0430 | 21 | |
6e785d85 | 22 | * You should have received a copy of the GNU General Public License |
23 | * along with this program; if not, write to the Free Software | |
24 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
25 | */ | |
26 | ||
f7f3304a | 27 | #include "squid.h" |
43fed740 | 28 | #include "helpers/defines.h" |
5a48ed18 AJ |
29 | #include "util.h" |
30 | ||
31 | #if HAVE_STDIO_H | |
26ac0430 | 32 | #include <stdio.h> |
5a48ed18 AJ |
33 | #endif |
34 | #if GETOPT_H | |
26ac0430 | 35 | #include <getopt.h> |
5a48ed18 | 36 | #endif |
6e785d85 | 37 | |
38 | /* Check if we try to compile on a Windows Platform */ | |
be266cb2 AJ |
39 | #if !_SQUID_WINDOWS_ |
40 | /* NON Windows Platform !!! */ | |
41 | #error NON WINDOWS PLATFORM | |
42 | #endif | |
6e785d85 | 43 | |
44 | #include "valid.h" | |
45 | ||
46 | static char NTGroup[256]; | |
47 | char * NTAllowedGroup; | |
48 | char * NTDisAllowedGroup; | |
49 | int UseDisallowedGroup = 0; | |
50 | int UseAllowedGroup = 0; | |
51 | int debug_enabled = 0; | |
52 | ||
53 | /* | |
54 | * options: | |
55 | * -A can specify a Windows Local Group name allowed to authenticate. | |
56 | * -D can specify a Windows Local Group name not allowed to authenticate. | |
57 | * -O can specify the default Domain against to authenticate. | |
58 | */ | |
59 | char *my_program_name = NULL; | |
60 | ||
61 | void | |
62 | usage() | |
63 | { | |
43fed740 | 64 | fprintf(stderr, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n" |
26ac0430 AJ |
65 | "-A can specify a Windows Local Group name allowed to authenticate\n" |
66 | "-D can specify a Windows Local Group name not allowed to authenticate\n" | |
67 | "-O can specify the default Domain against to authenticate\n" | |
68 | "-d enable debugging.\n" | |
69 | "-h this message\n\n", | |
43fed740 | 70 | my_program_name); |
6e785d85 | 71 | } |
72 | ||
73 | void | |
74 | process_options(int argc, char *argv[]) | |
75 | { | |
43fed740 | 76 | int opt; |
6e785d85 | 77 | while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) { |
26ac0430 AJ |
78 | switch (opt) { |
79 | case 'A': | |
80 | safe_free(NTAllowedGroup); | |
81 | NTAllowedGroup=xstrdup(optarg); | |
82 | UseAllowedGroup = 1; | |
83 | break; | |
84 | case 'D': | |
85 | safe_free(NTDisAllowedGroup); | |
86 | NTDisAllowedGroup=xstrdup(optarg); | |
87 | UseDisallowedGroup = 1; | |
88 | break; | |
89 | case 'O': | |
90 | strncpy(Default_NTDomain, optarg, DNLEN); | |
91 | break; | |
92 | case 'd': | |
93 | debug_enabled = 1; | |
94 | break; | |
95 | case 'h': | |
96 | usage(argv[0]); | |
97 | exit(0); | |
98 | case '?': | |
99 | opt = optopt; | |
100 | /* fall thru to default */ | |
101 | default: | |
43fed740 AJ |
102 | fprintf(stderr, "FATAL: Unknown option: -%c\n", opt); |
103 | usage(); | |
104 | exit(1); | |
26ac0430 | 105 | } |
6e785d85 | 106 | } |
6e785d85 | 107 | } |
108 | ||
109 | /* Main program for simple authentication. | |
110 | Scans and checks for Squid input, and attempts to validate the user. | |
111 | */ | |
6e785d85 | 112 | int |
113 | main(int argc, char **argv) | |
6e785d85 | 114 | { |
43fed740 | 115 | char wstr[HELPER_INPUT_BUFFER]; |
6e785d85 | 116 | char username[256]; |
117 | char password[256]; | |
118 | char *p; | |
119 | int err = 0; | |
120 | ||
121 | my_program_name = argv[0]; | |
122 | process_options(argc, argv); | |
123 | ||
6e785d85 | 124 | if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) { |
43fed740 | 125 | fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n"); |
26ac0430 | 126 | exit(1); |
6e785d85 | 127 | } |
128 | debug("SSPI initialized OK\n"); | |
129 | ||
130 | atexit(UnloadSecurityDll); | |
131 | ||
26ac0430 | 132 | /* initialize FDescs */ |
6e785d85 | 133 | setbuf(stdout, NULL); |
134 | setbuf(stderr, NULL); | |
135 | ||
43fed740 | 136 | while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) { |
26ac0430 AJ |
137 | |
138 | if (NULL == strchr(wstr, '\n')) { | |
139 | err = 1; | |
140 | continue; | |
141 | } | |
142 | if (err) { | |
43fed740 AJ |
143 | SEND_ERR("Oversized message"); |
144 | err = 0; | |
145 | fflush(stdout); | |
146 | continue; | |
26ac0430 AJ |
147 | } |
148 | ||
149 | if ((p = strchr(wstr, '\n')) != NULL) | |
150 | *p = '\0'; /* strip \n */ | |
151 | if ((p = strchr(wstr, '\r')) != NULL) | |
152 | *p = '\0'; /* strip \r */ | |
153 | /* Clear any current settings */ | |
154 | username[0] = '\0'; | |
155 | password[0] = '\0'; | |
156 | sscanf(wstr, "%s %s", username, password); /* Extract parameters */ | |
6e785d85 | 157 | |
158 | debug("Got %s from Squid\n", wstr); | |
159 | ||
26ac0430 AJ |
160 | /* Check for invalid or blank entries */ |
161 | if ((username[0] == '\0') || (password[0] == '\0')) { | |
43fed740 | 162 | SEND_ERR("Invalid Request"); |
26ac0430 AJ |
163 | fflush(stdout); |
164 | continue; | |
165 | } | |
166 | rfc1738_unescape(username); | |
167 | rfc1738_unescape(password); | |
6e785d85 | 168 | |
169 | debug("Trying to validate; %s %s\n", username, password); | |
170 | ||
26ac0430 | 171 | if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR) |
43fed740 | 172 | SEND_OK(""); |
26ac0430 | 173 | else |
43fed740 | 174 | SEND_ERR(errormsg); |
26ac0430 AJ |
175 | err = 0; |
176 | fflush(stdout); | |
6e785d85 | 177 | } |
178 | return 0; | |
179 | } |