[thirdparty/squid.git] / helpers / basic_auth / SSPI / basic_sspi_auth.cc

/*
  NT_auth -  Version 2.0

  Returns OK for a successful authentication, or ERR upon error.

  Guido Serassio, Torino - Italy

  Uses code from -
    Antonino Iannella 2000
    Andrew Tridgell 1997
    Richard Sharpe 1996
    Bill Welliver 1999

 * Distributed freely under the terms of the GNU General Public License,
 * version 2. See the file COPYING for licensing details
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.

 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
*/

#include "config.h"
#include "util.h"

#if HAVE_STDIO_H
#include <stdio.h>
#endif
#if GETOPT_H
#include <getopt.h>
#endif

/* Check if we try to compile on a Windows Platform */
#if defined(_SQUID_CYGWIN_) || defined(_SQUID_MSWIN_)

#include "valid.h"

static char NTGroup[256];
char * NTAllowedGroup;
char * NTDisAllowedGroup;
int UseDisallowedGroup = 0;
int UseAllowedGroup = 0;
int debug_enabled = 0;

/*
 * options:
 * -A can specify a Windows Local Group name allowed to authenticate.
 * -D can specify a Windows Local Group name not allowed to authenticate.
 * -O can specify the default Domain against to authenticate.
 */
char *my_program_name = NULL;

void
usage()
{
    fprintf(stderr,
            "%s usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
            "-A can specify a Windows Local Group name allowed to authenticate\n"
            "-D can specify a Windows Local Group name not allowed to authenticate\n"
            "-O can specify the default Domain against to authenticate\n"
            "-d enable debugging.\n"
            "-h this message\n\n",
            my_program_name, my_program_name);
}

void
process_options(int argc, char *argv[])
{
    int opt, had_error = 0;
    while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
        switch (opt) {
        case 'A':
            safe_free(NTAllowedGroup);
            NTAllowedGroup=xstrdup(optarg);
            UseAllowedGroup = 1;
            break;
        case 'D':
            safe_free(NTDisAllowedGroup);
            NTDisAllowedGroup=xstrdup(optarg);
            UseDisallowedGroup = 1;
            break;
        case 'O':
            strncpy(Default_NTDomain, optarg, DNLEN);
            break;
        case 'd':
            debug_enabled = 1;
            break;
        case 'h':
            usage(argv[0]);
            exit(0);
        case '?':
            opt = optopt;
            /* fall thru to default */
        default:
            fprintf(stderr, "Unknown option: -%c. Exiting\n", opt);
            had_error = 1;
        }
    }
    if (had_error) {
        usage();
        exit(1);
    }
}

/* Main program for simple authentication.
   Scans and checks for Squid input, and attempts to validate the user.
*/

int
main(int argc, char **argv)

{
    char wstr[256];
    char username[256];
    char password[256];
    char *p;
    int err = 0;

    my_program_name = argv[0];
    process_options(argc, argv);

    debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);

    if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) {
        fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n");
        exit(1);
    }
    debug("SSPI initialized OK\n");

    atexit(UnloadSecurityDll);

    /* initialize FDescs */
    setbuf(stdout, NULL);
    setbuf(stderr, NULL);

    while (1) {
        /* Read whole line from standard input. Terminate on break. */
        if (fgets(wstr, 255, stdin) == NULL)
            break;

        if (NULL == strchr(wstr, '\n')) {
            err = 1;
            continue;
        }
        if (err) {
            fprintf(stderr, "Oversized message\n");
            puts("ERR");
            goto error;
        }

        if ((p = strchr(wstr, '\n')) != NULL)
            *p = '\0';		/* strip \n */
        if ((p = strchr(wstr, '\r')) != NULL)
            *p = '\0';		/* strip \r */
        /* Clear any current settings */
        username[0] = '\0';
        password[0] = '\0';
        sscanf(wstr, "%s %s", username, password);	/* Extract parameters */

        debug("Got %s from Squid\n", wstr);

        /* Check for invalid or blank entries */
        if ((username[0] == '\0') || (password[0] == '\0')) {
            fprintf(stderr, "Invalid Request\n");
            puts("ERR");
            fflush(stdout);
            continue;
        }
        rfc1738_unescape(username);
        rfc1738_unescape(password);

        debug("Trying to validate; %s %s\n", username, password);

        if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
            puts("OK");
        else
            printf("ERR %s\n", errormsg);
error:
        err = 0;
        fflush(stdout);
    }
    return 0;
}

#else  /* NON Windows Platform !!! */

#error NON WINDOWS PLATFORM

#endif
Commit	Line	Data
6e785d85	1	/*
	2	NT_auth - Version 2.0
	3
	4	Returns OK for a successful authentication, or ERR upon error.
	5
	6	Guido Serassio, Torino - Italy
	7
	8	Uses code from -
	9	Antonino Iannella 2000
	10	Andrew Tridgell 1997
	11	Richard Sharpe 1996
	12	Bill Welliver 1999
	13
	14	* Distributed freely under the terms of the GNU General Public License,
	15	* version 2. See the file COPYING for licensing details
	16	*
	17	* This program is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU General Public License for more details.
26ac0430	21
6e785d85	22	* You should have received a copy of the GNU General Public License
	23	* along with this program; if not, write to the Free Software
	24	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	25	*/
	26
	27	#include "config.h"
5a48ed18 AJ	28	#include "util.h"
	29
	30	#if HAVE_STDIO_H
26ac0430	31	#include <stdio.h>
5a48ed18 AJ	32	#endif
5a48ed18 AJ	33	#if GETOPT_H
26ac0430	34	#include <getopt.h>
5a48ed18	35	#endif
6e785d85	36
	37	/* Check if we try to compile on a Windows Platform */
	38	#if defined(_SQUID_CYGWIN_) \|\| defined(_SQUID_MSWIN_)
	39
	40	#include "valid.h"
	41
	42	static char NTGroup[256];
	43	char * NTAllowedGroup;
	44	char * NTDisAllowedGroup;
	45	int UseDisallowedGroup = 0;
	46	int UseAllowedGroup = 0;
	47	int debug_enabled = 0;
	48
	49	/*
	50	* options:
	51	* -A can specify a Windows Local Group name allowed to authenticate.
	52	* -D can specify a Windows Local Group name not allowed to authenticate.
	53	* -O can specify the default Domain against to authenticate.
	54	*/
	55	char *my_program_name = NULL;
	56
	57	void
	58	usage()
	59	{
	60	fprintf(stderr,
26ac0430 AJ	61	"%s usage:\n%s [-A\|D UserGroup][-O DefaultDomain][-d]\n"
	62	"-A can specify a Windows Local Group name allowed to authenticate\n"
	63	"-D can specify a Windows Local Group name not allowed to authenticate\n"
	64	"-O can specify the default Domain against to authenticate\n"
	65	"-d enable debugging.\n"
	66	"-h this message\n\n",
	67	my_program_name, my_program_name);
6e785d85	68	}
	69
	70	void
	71	process_options(int argc, char *argv[])
	72	{
	73	int opt, had_error = 0;
	74	while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
26ac0430 AJ	75	switch (opt) {
	76	case 'A':
	77	safe_free(NTAllowedGroup);
	78	NTAllowedGroup=xstrdup(optarg);
	79	UseAllowedGroup = 1;
	80	break;
	81	case 'D':
	82	safe_free(NTDisAllowedGroup);
	83	NTDisAllowedGroup=xstrdup(optarg);
	84	UseDisallowedGroup = 1;
	85	break;
	86	case 'O':
	87	strncpy(Default_NTDomain, optarg, DNLEN);
	88	break;
	89	case 'd':
	90	debug_enabled = 1;
	91	break;
	92	case 'h':
	93	usage(argv[0]);
	94	exit(0);
	95	case '?':
	96	opt = optopt;
	97	/* fall thru to default */
	98	default:
	99	fprintf(stderr, "Unknown option: -%c. Exiting\n", opt);
	100	had_error = 1;
	101	}
6e785d85	102	}
6e785d85	103	if (had_error) {
26ac0430 AJ	104	usage();
26ac0430 AJ	105	exit(1);
6e785d85	106	}
	107	}
	108
	109	/* Main program for simple authentication.
	110	Scans and checks for Squid input, and attempts to validate the user.
	111	*/
	112
	113	int
	114	main(int argc, char **argv)
	115
	116	{
	117	char wstr[256];
	118	char username[256];
	119	char password[256];
	120	char *p;
	121	int err = 0;
	122
	123	my_program_name = argv[0];
	124	process_options(argc, argv);
	125
	126	debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
	127
	128	if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) {
26ac0430 AJ	129	fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n");
26ac0430 AJ	130	exit(1);
6e785d85	131	}
	132	debug("SSPI initialized OK\n");
	133
	134	atexit(UnloadSecurityDll);
	135
26ac0430	136	/* initialize FDescs */
6e785d85	137	setbuf(stdout, NULL);
	138	setbuf(stderr, NULL);
	139
	140	while (1) {
26ac0430 AJ	141	/* Read whole line from standard input. Terminate on break. */
	142	if (fgets(wstr, 255, stdin) == NULL)
	143	break;
	144
	145	if (NULL == strchr(wstr, '\n')) {
	146	err = 1;
	147	continue;
	148	}
	149	if (err) {
	150	fprintf(stderr, "Oversized message\n");
6e785d85	151	puts("ERR");
26ac0430 AJ	152	goto error;
	153	}
	154
	155	if ((p = strchr(wstr, '\n')) != NULL)
	156	p = '\0'; / strip \n */
	157	if ((p = strchr(wstr, '\r')) != NULL)
	158	p = '\0'; / strip \r */
	159	/* Clear any current settings */
	160	username[0] = '\0';
	161	password[0] = '\0';
	162	sscanf(wstr, "%s %s", username, password); /* Extract parameters */
6e785d85	163
	164	debug("Got %s from Squid\n", wstr);
	165
26ac0430 AJ	166	/* Check for invalid or blank entries */
	167	if ((username[0] == '\0') \|\| (password[0] == '\0')) {
	168	fprintf(stderr, "Invalid Request\n");
	169	puts("ERR");
	170	fflush(stdout);
	171	continue;
	172	}
	173	rfc1738_unescape(username);
	174	rfc1738_unescape(password);
6e785d85	175
	176	debug("Trying to validate; %s %s\n", username, password);
	177
26ac0430 AJ	178	if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
	179	puts("OK");
	180	else
6e785d85	181	printf("ERR %s\n", errormsg);
6e785d85	182	error:
26ac0430 AJ	183	err = 0;
26ac0430 AJ	184	fflush(stdout);
6e785d85	185	}
	186	return 0;
	187	}
	188
	189	#else /* NON Windows Platform !!! */
	190
	191	#error NON WINDOWS PLATFORM
	192
	193	#endif