[thirdparty/squid.git] / helpers / external_acl / wbinfo_group / wbinfo_group.pl

#!/usr/bin/perl -w
#
# external_acl helper to Squid to verify NT Domain group
# membership using wbinfo
#
# This program is put in the public domain by Jerry Murdock 
# <jmurdock@itraktech.com>. It is distributed in the hope that it will
# be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Author:
#   Jerry Murdock <jmurdock@itraktech.com>
#
# Version history:
#   2005-12-26 Guido Serassio <guido.serassio@acmeconsulting.it>
#               Add '-d' command line debugging option
#
#   2005-12-24 Guido Serassio <guido.serassio@acmeconsulting.it>
#               Fix for wbinfo from Samba 3.0.21
#
#   2004-08-15 Henrik Nordstrom <hno@squid-cache.org>
#		Helper protocol changed to URL escaped in Squid-3.0
#
#   2005-06-28 Arno Streuli <astreuli@gmail.com>
#               Add multi group check
#
#   2002-07-05 Jerry Murdock <jmurdock@itraktech.com>
#		Initial release


#
# Globals
#
use vars qw/ %opt /;

# Disable output buffering
$|=1;           

sub debug {
	print STDERR "@_\n" if $opt{d};
}

#
# Check if a user belongs to a group
#
sub check {
        local($user, $group) = @_;
        $groupSID = `wbinfo -n "$group" | cut -d" " -f1`;
        chop  $groupSID;
        $groupGID = `wbinfo -Y $groupSID`;
        chop $groupGID;
        &debug( "User:  -$user-\nGroup: -$group-\nSID:   -$groupSID-\nGID:   -$groupGID-");
        return 'OK' if(`wbinfo -r \Q$user\E` =~ /^$groupGID$/m);
        return 'ERR';
}

#
# Command line options processing
#
sub init()
{
    use Getopt::Std;
    my $opt_string = 'hd';
    getopts( "$opt_string", \%opt ) or usage();
    usage() if $opt{h};
}

#
# Message about this program and how to use it
#
sub usage()
{
	print "Usage: wbinfo_group.pl -dh\n";
	print "\t-d enable debugging\n";
	print "\t-h print the help\n";
	exit;
}

init();
print STDERR "Debugging mode ON.\n" if $opt{d};

#
# Main loop
#
while (<STDIN>) {
        chop;
	&debug ("Got $_ from squid");
        ($user, @groups) = split(/\s+/);
	$user =~ s/%([0-9a-fA-F][0-9a-fA-F])/pack("c",hex($1))/eg;
 	# test for each group squid send in it's request
 	foreach $group (@groups) {
		$group =~ s/%([0-9a-fA-F][0-9a-fA-F])/pack("c",hex($1))/eg;
 		$ans = &check($user, $group);
 		last if $ans eq "OK";
 	}
	&debug ("Sending $ans to squid");
	print "$ans\n";
}
Commit	Line	Data
ee28ce13	1	#!/usr/bin/perl -w
	2	#
	3	# external_acl helper to Squid to verify NT Domain group
	4	# membership using wbinfo
	5	#
	6	# This program is put in the public domain by Jerry Murdock
	7	# <jmurdock@itraktech.com>. It is distributed in the hope that it will
	8	# be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
	9	# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	10	#
	11	# Author:
	12	# Jerry Murdock <jmurdock@itraktech.com>
	13	#
	14	# Version history:
47ea0413	15	# 2005-12-26 Guido Serassio <guido.serassio@acmeconsulting.it>
	16	# Add '-d' command line debugging option
	17	#
585e63cb	18	# 2005-12-24 Guido Serassio <guido.serassio@acmeconsulting.it>
	19	# Fix for wbinfo from Samba 3.0.21
	20	#
1958420a	21	# 2004-08-15 Henrik Nordstrom <hno@squid-cache.org>
1958420a	22	# Helper protocol changed to URL escaped in Squid-3.0
ee28ce13	23	#
d617cf18	24	# 2005-06-28 Arno Streuli <astreuli@gmail.com>
d617cf18	25	# Add multi group check
585e63cb	26	#
	27	# 2002-07-05 Jerry Murdock <jmurdock@itraktech.com>
	28	# Initial release
d617cf18	29
ee28ce13	30
47ea0413	31	#
	32	# Globals
	33	#
	34	use vars qw/ %opt /;
	35
ee28ce13	36	# Disable output buffering
	37	$\|=1;
	38
	39	sub debug {
47ea0413	40	print STDERR "@_\n" if $opt{d};
ee28ce13	41	}
	42
	43	#
	44	# Check if a user belongs to a group
	45	#
	46	sub check {
	47	local($user, $group) = @_;
585e63cb	48	$groupSID = `wbinfo -n "$group" \| cut -d" " -f1`;
ee28ce13	49	chop $groupSID;
	50	$groupGID = `wbinfo -Y $groupSID`;
	51	chop $groupGID;
	52	&debug( "User: -$user-\nGroup: -$group-\nSID: -$groupSID-\nGID: -$groupGID-");
	53	return 'OK' if(`wbinfo -r \Q$user\E` =~ /^$groupGID$/m);
	54	return 'ERR';
	55	}
	56
47ea0413	57	#
	58	# Command line options processing
	59	#
	60	sub init()
	61	{
	62	use Getopt::Std;
	63	my $opt_string = 'hd';
	64	getopts( "$opt_string", \%opt ) or usage();
	65	usage() if $opt{h};
	66	}
	67
	68	#
	69	# Message about this program and how to use it
	70	#
	71	sub usage()
	72	{
	73	print "Usage: wbinfo_group.pl -dh\n";
	74	print "\t-d enable debugging\n";
	75	print "\t-h print the help\n";
	76	exit;
	77	}
	78
	79	init();
	80	print STDERR "Debugging mode ON.\n" if $opt{d};
	81
ee28ce13	82	#
	83	# Main loop
	84	#
	85	while (<STDIN>) {
	86	chop;
	87	&debug ("Got $_ from squid");
d617cf18	88	($user, @groups) = split(/\s+/);
1958420a	89	$user =~ s/%([0-9a-fA-F][0-9a-fA-F])/pack("c",hex($1))/eg;
d617cf18	90	# test for each group squid send in it's request
	91	foreach $group (@groups) {
	92	$group =~ s/%([0-9a-fA-F][0-9a-fA-F])/pack("c",hex($1))/eg;
	93	$ans = &check($user, $group);
	94	last if $ans eq "OK";
	95	}
ee28ce13	96	&debug ("Sending $ans to squid");
	97	print "$ans\n";
	98	}
	99