]>
Commit | Line | Data |
---|---|---|
ee28ce13 | 1 | #!/usr/bin/perl -w |
2 | # | |
3 | # external_acl helper to Squid to verify NT Domain group | |
4 | # membership using wbinfo | |
5 | # | |
6 | # This program is put in the public domain by Jerry Murdock | |
7 | # <jmurdock@itraktech.com>. It is distributed in the hope that it will | |
8 | # be useful, but WITHOUT ANY WARRANTY; without even the implied warranty | |
9 | # of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
10 | # | |
11 | # Author: | |
12 | # Jerry Murdock <jmurdock@itraktech.com> | |
13 | # | |
14 | # Version history: | |
47ea0413 | 15 | # 2005-12-26 Guido Serassio <guido.serassio@acmeconsulting.it> |
16 | # Add '-d' command line debugging option | |
17 | # | |
585e63cb | 18 | # 2005-12-24 Guido Serassio <guido.serassio@acmeconsulting.it> |
19 | # Fix for wbinfo from Samba 3.0.21 | |
20 | # | |
1958420a | 21 | # 2004-08-15 Henrik Nordstrom <hno@squid-cache.org> |
22 | # Helper protocol changed to URL escaped in Squid-3.0 | |
ee28ce13 | 23 | # |
d617cf18 | 24 | # 2005-06-28 Arno Streuli <astreuli@gmail.com> |
25 | # Add multi group check | |
585e63cb | 26 | # |
27 | # 2002-07-05 Jerry Murdock <jmurdock@itraktech.com> | |
28 | # Initial release | |
d617cf18 | 29 | |
ee28ce13 | 30 | |
47ea0413 | 31 | # |
32 | # Globals | |
33 | # | |
34 | use vars qw/ %opt /; | |
35 | ||
ee28ce13 | 36 | # Disable output buffering |
37 | $|=1; | |
38 | ||
39 | sub debug { | |
47ea0413 | 40 | print STDERR "@_\n" if $opt{d}; |
ee28ce13 | 41 | } |
42 | ||
43 | # | |
44 | # Check if a user belongs to a group | |
45 | # | |
46 | sub check { | |
47 | local($user, $group) = @_; | |
585e63cb | 48 | $groupSID = `wbinfo -n "$group" | cut -d" " -f1`; |
ee28ce13 | 49 | chop $groupSID; |
50 | $groupGID = `wbinfo -Y $groupSID`; | |
51 | chop $groupGID; | |
52 | &debug( "User: -$user-\nGroup: -$group-\nSID: -$groupSID-\nGID: -$groupGID-"); | |
53 | return 'OK' if(`wbinfo -r \Q$user\E` =~ /^$groupGID$/m); | |
54 | return 'ERR'; | |
55 | } | |
56 | ||
47ea0413 | 57 | # |
58 | # Command line options processing | |
59 | # | |
60 | sub init() | |
61 | { | |
62 | use Getopt::Std; | |
63 | my $opt_string = 'hd'; | |
64 | getopts( "$opt_string", \%opt ) or usage(); | |
65 | usage() if $opt{h}; | |
66 | } | |
67 | ||
68 | # | |
69 | # Message about this program and how to use it | |
70 | # | |
71 | sub usage() | |
72 | { | |
73 | print "Usage: wbinfo_group.pl -dh\n"; | |
74 | print "\t-d enable debugging\n"; | |
75 | print "\t-h print the help\n"; | |
76 | exit; | |
77 | } | |
78 | ||
79 | init(); | |
80 | print STDERR "Debugging mode ON.\n" if $opt{d}; | |
81 | ||
ee28ce13 | 82 | # |
83 | # Main loop | |
84 | # | |
85 | while (<STDIN>) { | |
86 | chop; | |
87 | &debug ("Got $_ from squid"); | |
d617cf18 | 88 | ($user, @groups) = split(/\s+/); |
1958420a | 89 | $user =~ s/%([0-9a-fA-F][0-9a-fA-F])/pack("c",hex($1))/eg; |
d617cf18 | 90 | # test for each group squid send in it's request |
91 | foreach $group (@groups) { | |
92 | $group =~ s/%([0-9a-fA-F][0-9a-fA-F])/pack("c",hex($1))/eg; | |
93 | $ans = &check($user, $group); | |
94 | last if $ans eq "OK"; | |
95 | } | |
ee28ce13 | 96 | &debug ("Sending $ans to squid"); |
97 | print "$ans\n"; | |
98 | } | |
99 |