]>
Commit | Line | Data |
---|---|---|
6e785d85 | 1 | /* |
2 | NT_auth - Version 2.0 | |
3 | ||
4 | Returns OK for a successful authentication, or ERR upon error. | |
5 | ||
6 | Guido Serassio, Torino - Italy | |
7 | ||
8 | Uses code from - | |
9 | Antonino Iannella 2000 | |
10 | Andrew Tridgell 1997 | |
11 | Richard Sharpe 1996 | |
12 | Bill Welliver 1999 | |
13 | ||
14 | * Distributed freely under the terms of the GNU General Public License, | |
15 | * version 2. See the file COPYING for licensing details | |
16 | * | |
17 | * This program is distributed in the hope that it will be useful, | |
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | * GNU General Public License for more details. | |
26ac0430 | 21 | |
6e785d85 | 22 | * You should have received a copy of the GNU General Public License |
23 | * along with this program; if not, write to the Free Software | |
24 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
25 | */ | |
26 | ||
27 | #include "config.h" | |
5a48ed18 AJ |
28 | #include "util.h" |
29 | ||
30 | #if HAVE_STDIO_H | |
26ac0430 | 31 | #include <stdio.h> |
5a48ed18 AJ |
32 | #endif |
33 | #if GETOPT_H | |
26ac0430 | 34 | #include <getopt.h> |
5a48ed18 | 35 | #endif |
6e785d85 | 36 | |
37 | /* Check if we try to compile on a Windows Platform */ | |
38 | #if defined(_SQUID_CYGWIN_) || defined(_SQUID_MSWIN_) | |
39 | ||
40 | #include "valid.h" | |
41 | ||
42 | static char NTGroup[256]; | |
43 | char * NTAllowedGroup; | |
44 | char * NTDisAllowedGroup; | |
45 | int UseDisallowedGroup = 0; | |
46 | int UseAllowedGroup = 0; | |
47 | int debug_enabled = 0; | |
48 | ||
49 | /* | |
50 | * options: | |
51 | * -A can specify a Windows Local Group name allowed to authenticate. | |
52 | * -D can specify a Windows Local Group name not allowed to authenticate. | |
53 | * -O can specify the default Domain against to authenticate. | |
54 | */ | |
55 | char *my_program_name = NULL; | |
56 | ||
57 | void | |
58 | usage() | |
59 | { | |
60 | fprintf(stderr, | |
26ac0430 AJ |
61 | "%s usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n" |
62 | "-A can specify a Windows Local Group name allowed to authenticate\n" | |
63 | "-D can specify a Windows Local Group name not allowed to authenticate\n" | |
64 | "-O can specify the default Domain against to authenticate\n" | |
65 | "-d enable debugging.\n" | |
66 | "-h this message\n\n", | |
67 | my_program_name, my_program_name); | |
6e785d85 | 68 | } |
69 | ||
70 | void | |
71 | process_options(int argc, char *argv[]) | |
72 | { | |
73 | int opt, had_error = 0; | |
74 | while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) { | |
26ac0430 AJ |
75 | switch (opt) { |
76 | case 'A': | |
77 | safe_free(NTAllowedGroup); | |
78 | NTAllowedGroup=xstrdup(optarg); | |
79 | UseAllowedGroup = 1; | |
80 | break; | |
81 | case 'D': | |
82 | safe_free(NTDisAllowedGroup); | |
83 | NTDisAllowedGroup=xstrdup(optarg); | |
84 | UseDisallowedGroup = 1; | |
85 | break; | |
86 | case 'O': | |
87 | strncpy(Default_NTDomain, optarg, DNLEN); | |
88 | break; | |
89 | case 'd': | |
90 | debug_enabled = 1; | |
91 | break; | |
92 | case 'h': | |
93 | usage(argv[0]); | |
94 | exit(0); | |
95 | case '?': | |
96 | opt = optopt; | |
97 | /* fall thru to default */ | |
98 | default: | |
99 | fprintf(stderr, "Unknown option: -%c. Exiting\n", opt); | |
100 | had_error = 1; | |
101 | } | |
6e785d85 | 102 | } |
103 | if (had_error) { | |
26ac0430 AJ |
104 | usage(); |
105 | exit(1); | |
6e785d85 | 106 | } |
107 | } | |
108 | ||
109 | /* Main program for simple authentication. | |
110 | Scans and checks for Squid input, and attempts to validate the user. | |
111 | */ | |
112 | ||
113 | int | |
114 | main(int argc, char **argv) | |
115 | ||
116 | { | |
117 | char wstr[256]; | |
118 | char username[256]; | |
119 | char password[256]; | |
120 | char *p; | |
121 | int err = 0; | |
122 | ||
123 | my_program_name = argv[0]; | |
124 | process_options(argc, argv); | |
125 | ||
126 | debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name); | |
127 | ||
128 | if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) { | |
26ac0430 AJ |
129 | fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n"); |
130 | exit(1); | |
6e785d85 | 131 | } |
132 | debug("SSPI initialized OK\n"); | |
133 | ||
134 | atexit(UnloadSecurityDll); | |
135 | ||
26ac0430 | 136 | /* initialize FDescs */ |
6e785d85 | 137 | setbuf(stdout, NULL); |
138 | setbuf(stderr, NULL); | |
139 | ||
140 | while (1) { | |
26ac0430 AJ |
141 | /* Read whole line from standard input. Terminate on break. */ |
142 | if (fgets(wstr, 255, stdin) == NULL) | |
143 | break; | |
144 | ||
145 | if (NULL == strchr(wstr, '\n')) { | |
146 | err = 1; | |
147 | continue; | |
148 | } | |
149 | if (err) { | |
150 | fprintf(stderr, "Oversized message\n"); | |
6e785d85 | 151 | puts("ERR"); |
26ac0430 AJ |
152 | goto error; |
153 | } | |
154 | ||
155 | if ((p = strchr(wstr, '\n')) != NULL) | |
156 | *p = '\0'; /* strip \n */ | |
157 | if ((p = strchr(wstr, '\r')) != NULL) | |
158 | *p = '\0'; /* strip \r */ | |
159 | /* Clear any current settings */ | |
160 | username[0] = '\0'; | |
161 | password[0] = '\0'; | |
162 | sscanf(wstr, "%s %s", username, password); /* Extract parameters */ | |
6e785d85 | 163 | |
164 | debug("Got %s from Squid\n", wstr); | |
165 | ||
26ac0430 AJ |
166 | /* Check for invalid or blank entries */ |
167 | if ((username[0] == '\0') || (password[0] == '\0')) { | |
168 | fprintf(stderr, "Invalid Request\n"); | |
169 | puts("ERR"); | |
170 | fflush(stdout); | |
171 | continue; | |
172 | } | |
173 | rfc1738_unescape(username); | |
174 | rfc1738_unescape(password); | |
6e785d85 | 175 | |
176 | debug("Trying to validate; %s %s\n", username, password); | |
177 | ||
26ac0430 AJ |
178 | if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR) |
179 | puts("OK"); | |
180 | else | |
6e785d85 | 181 | printf("ERR %s\n", errormsg); |
182 | error: | |
26ac0430 AJ |
183 | err = 0; |
184 | fflush(stdout); | |
6e785d85 | 185 | } |
186 | return 0; | |
187 | } | |
188 | ||
189 | #else /* NON Windows Platform !!! */ | |
190 | ||
191 | #error NON WINDOWS PLATFORM | |
192 | ||
193 | #endif |