[thirdparty/squid.git] / helpers / negotiate_auth / wrapper / negotiate_wrapper.cc

/*
 * -----------------------------------------------------------------------------
 *
 * Author: Markus Moeller (markus_moeller at compuserve.com)
 *
 * Copyright (C) 2011 Markus Moeller. All rights reserved.
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
 *
 * -----------------------------------------------------------------------------
 */
/*
 * Hosted at http://sourceforge.net/projects/squidkerbauth
 */

#include "config.h"
#include "nw_base64.h"

#if HAVE_STRING_H
#include <string.h>
#endif
#if HAVE_STDIO_H
#include <stdio.h>
#endif
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif
#if HAVE_NETDB_H
#include <netdb.h>
#endif
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#if HAVE_TIME_H
#include <time.h>
#endif
#if HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
#if HAVE_ERRNO_H
#include <errno.h>
#endif

#if !defined(HAVE_DECL_XMALLOC) || !HAVE_DECL_XMALLOC
#define xmalloc malloc
#endif
#if !defined(HAVE_DECL_XSTRDUP) || !HAVE_DECL_XSTRDUP
#define xstrdup strdup
#endif
#if !defined(HAVE_DECL_XFREE) || !HAVE_DECL_XFREE
#define xfree free
#endif

#undef PROGRAM
#define PROGRAM "negotiate_wrapper"
#undef VERSION
#define VERSION "1.0.1"

#ifndef MAX_AUTHTOKEN_LEN
#define MAX_AUTHTOKEN_LEN   65535
#endif

static const unsigned char ntlmProtocol[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0};

static const char *
LogTime()
{
    struct tm *tm;
    struct timeval now;
    static time_t last_t = 0;
    static char buf[128];

    gettimeofday(&now, NULL);
    if (now.tv_sec != last_t) {
        tm = localtime((time_t *) & now.tv_sec);
        strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm);
        last_t = now.tv_sec;
    }
    return buf;
}

void usage(void)
{
    fprintf(stderr, "Usage: \n");
    fprintf(stderr, "negotiate_wrapper [-h] [-d] --ntlm ntlm helper + arguments --kerberos kerberos helper + arguments\n");
    fprintf(stderr, "-h help\n");
    fprintf(stderr, "-d full debug\n");
    fprintf(stderr, "--ntlm full ntlm helper path with arguments\n");
    fprintf(stderr, "--kerberos full kerberos helper path with arguments\n");
}

int
main(int argc, char *const argv[])
{
    char buf[MAX_AUTHTOKEN_LEN];
    char tbuff[MAX_AUTHTOKEN_LEN];
    char buff[MAX_AUTHTOKEN_LEN+2];
    char *c, *p;
    static int err = 0;
    int opt, debug = 0;
    int length;
    int nstart = 0, kstart = 0;
    int nend = 0, kend = 0;
    char *token;
    char **nargs, **kargs;
    int i,j;
    int fpid;
    FILE *FDKIN,*FDKOUT;
    FILE *FDNIN,*FDNOUT;
    int pkin[2];
    int pkout[2];
    int pnin[2];
    int pnout[2];

    setbuf(stdout, NULL);
    setbuf(stdin, NULL);

    if (argc ==1 || !strncasecmp(argv[1],"-h",2)) {
        usage();
        return 0;
    }

    j = 1;
    if (!strncasecmp(argv[1],"-d",2)) {
        debug = 1;
        j = 2;
    }

    for (i=j; i<argc; i++) {
        if (!strncasecmp(argv[i],"--ntlm",6))
            nstart = i;
        if (!strncasecmp(argv[i],"--kerberos",10))
            kstart = i;
    }
    if (nstart > kstart) {
        kend = nstart-1;
        nend = argc-1;
    } else {
        kend = argc-1;
        nend = kstart-1;
    }
    if (nstart == 0 || kstart == 0 || kend-kstart <= 0 || nend-nstart <= 0 ) {
        usage();
        return 0;
    }

    if (debug)
        fprintf(stderr, "%s| %s: Starting version %s\n", LogTime(), PROGRAM,
                VERSION);

    if ((nargs = (char **)xmalloc((nend-nstart+1)*sizeof(char *))) == NULL) {
        fprintf(stderr, "%s| %s: Error allocating memory for ntlm helper\n", LogTime(), PROGRAM);
        return 1;
    }
    memcpy(nargs,argv+nstart+1,(nend-nstart)*sizeof(char *));
    nargs[nend-nstart]=NULL;
    if (debug) {
        fprintf(stderr, "%s| %s: NTLM command: ", LogTime(), PROGRAM);
        for (i=0; i<nend-nstart; i++)
            fprintf(stderr, "%s ", nargs[i]);
        fprintf(stderr, "\n");
    }
    if ((kargs = (char **)xmalloc((kend-kstart+1)*sizeof(char *))) == NULL) {
        fprintf(stderr, "%s| %s: Error allocating memory for kerberos helper\n", LogTime(), PROGRAM);
        return 1;
    }
    memcpy(kargs,argv+kstart+1,(kend-kstart)*sizeof(char *));
    kargs[kend-kstart]=NULL;
    if (debug) {
        fprintf(stderr, "%s| %s: Kerberos command: ", LogTime(), PROGRAM);
        for (i=0; i<kend-kstart; i++)
            fprintf(stderr, "%s ", kargs[i]);
        fprintf(stderr, "\n");
    }
    /*
       Fork Kerberos helper and NTLM helper and manage IO to send NTLM requests
       to the right helper. squid must keep session state
    */

    pipe(pkin);
    pipe(pkout);

    if  (( fpid = vfork()) < 0 ) {
        fprintf(stderr, "%s| %s: Failed first fork\n", LogTime(), PROGRAM);
        return 1;
    }

    if ( fpid == 0 ) {
        /* First Child for Kerberos helper */

        close(pkin[1]);
        dup2(pkin[0],STDIN_FILENO);
        close(pkin[0]);

        close(pkout[0]);
        dup2(pkout[1],STDOUT_FILENO);
        close(pkout[1]);

        setbuf(stdin, NULL);
        setbuf(stdout, NULL);

        execv(kargs[0], kargs);
        fprintf(stderr, "%s| %s: Failed execv for %s: %s\n", LogTime(), PROGRAM, kargs[0], strerror(errno));
        return 1;

    }

    close(pkin[0]);
    close(pkout[1]);

    pipe(pnin);
    pipe(pnout);

    if  (( fpid = vfork()) < 0 ) {
        fprintf(stderr, "%s| %s: Failed second fork\n", LogTime(), PROGRAM);
        return 1;
    }

    if ( fpid == 0 ) {
        /* Second Child for NTLM helper */

        close(pnin[1]);
        dup2(pnin[0],STDIN_FILENO);
        close(pnin[0]);

        close(pnout[0]);
        dup2(pnout[1],STDOUT_FILENO);
        close(pnout[1]);

        setbuf(stdin, NULL);
        setbuf(stdout, NULL);

        execv(nargs[0], nargs);
        fprintf(stderr, "%s| %s: Failed execv for %s: %s\n", LogTime(), PROGRAM, nargs[0], strerror(errno));
        return 1;
    }

    close(pnin[0]);
    close(pnout[1]);

    FDKIN=fdopen(pkin[1],"w");
    FDKOUT=fdopen(pkout[0],"r");

    FDNIN=fdopen(pnin[1],"w");
    FDNOUT=fdopen(pnout[0],"r");

    if (!FDKIN || !FDKOUT || !FDNIN || !FDNOUT) {
        fprintf(stderr, "%s| %s: Could not assign streams for FDKIN/FDKOUT/FDNIN/FDNOUT %d/%d/%d/%d\n",
                LogTime(), PROGRAM, FDKIN, FDKOUT, FDNIN, FDNOUT);
        return 1;
    }

    setbuf(FDKIN, NULL);
    setbuf(FDKOUT, NULL);
    setbuf(FDNIN, NULL);
    setbuf(FDNOUT, NULL);


    while (1) {
        if (fgets(buf, sizeof(buf) - 1, stdin) == NULL) {
            if (ferror(stdin)) {
                if (debug)
                    fprintf(stderr,
                            "%s| %s: fgets() failed! dying..... errno=%d (%s)\n",
                            LogTime(), PROGRAM, ferror(stdin),
                            strerror(ferror(stdin)));

                fprintf(stdout, "BH input error\n");
                return 1;        /* BIIG buffer */
            }
            fprintf(stdout, "BH input error\n");
            return 0;
        }
        c = static_cast<char*>(memchr(buf, '\n', sizeof(buf) - 1));
        if (c) {
            *c = '\0';
            length = c - buf;
        } else {
            err = 1;
        }
        if (err) {
            if (debug)
                fprintf(stderr, "%s| %s: Oversized message\n", LogTime(),
                        PROGRAM);
            fprintf(stdout, "BH Oversized message\n");
            err = 0;
            continue;
        }
        if (debug)
            fprintf(stderr, "%s| %s: Got '%s' from squid (length: %d).\n",
                    LogTime(), PROGRAM, buf, length);

        if (buf[0] == '\0') {
            if (debug)
                fprintf(stderr, "%s| %s: Invalid request\n", LogTime(),
                        PROGRAM);
            fprintf(stdout, "BH Invalid request\n");
            continue;
        }
        if (strlen(buf) < 2) {
            if (debug)
                fprintf(stderr, "%s| %s: Invalid request [%s]\n", LogTime(),
                        PROGRAM, buf);
            fprintf(stdout, "BH Invalid request\n");
            continue;
        }
        if (!strncmp(buf, "QQ", 2)) {
            fprintf(stdout, "BH quit command\n");
            return 0;
        }
        if (strncmp(buf, "YR", 2) && strncmp(buf, "KK", 2)) {
            if (debug)
                fprintf(stderr, "%s| %s: Invalid request [%s]\n", LogTime(),
                        PROGRAM, buf);
            fprintf(stdout, "BH Invalid request\n");
            continue;
        }
        if (strlen(buf) <= 3) {
            if (debug)
                fprintf(stderr, "%s| %s: Invalid negotiate request [%s]\n",
                        LogTime(), PROGRAM, buf);
            fprintf(stdout, "BH Invalid negotiate request\n");
            continue;
        }
        length = nw_base64_decode_len(buf + 3);
        if (debug)
            fprintf(stderr, "%s| %s: Decode '%s' (decoded length: %d).\n",
                    LogTime(), PROGRAM, buf + 3, (int) length);

        if ((token = (char *)xmalloc(length)) == NULL) {
            fprintf(stderr, "%s| %s: Error allocating memory for token\n", LogTime(), PROGRAM);
            return 1;
        }

        nw_base64_decode(token, buf + 3, length);

        if ((length >= sizeof ntlmProtocol + 1) &&
                (!memcmp(token, ntlmProtocol, sizeof ntlmProtocol))) {
            free(token);
            if (debug)
                fprintf(stderr, "%s| %s: received type %d NTLM token\n",
                        LogTime(), PROGRAM, (int) *((unsigned char *) token +
                                                    sizeof ntlmProtocol));
            fprintf(FDNIN, "%s\n",buf);
            if (fgets(tbuff, sizeof(tbuff) - 1, FDNOUT) == NULL) {
                if (ferror(FDNOUT)) {
                    fprintf(stderr,
                            "fgets() failed! dying..... errno=%d (%s)\n",
                            ferror(FDNOUT), strerror(ferror(FDNOUT)));
                    return 1;
                }
                fprintf(stderr, "%s| %s: Error reading NTLM helper response\n",
                        LogTime(), PROGRAM);
                return 0;
            }
            /*
                   Need to translate NTLM reply to Negotiate reply
                   AF user => AF blob user
               NA reason => NA blob reason
               Set blob to '='
                */
            if (strlen(tbuff) >= 3 && (!strncmp(tbuff,"AF ",3) || !strncmp(tbuff,"NA ",3))) {
                int i;
                strncpy(buff,tbuff,3);
                buff[3]='=';
                for (i=2; i<=strlen(tbuff); i++)
                    buff[i+2] = tbuff[i];
            } else {
                strcpy(buff,tbuff);
            }
        } else {
            free(token);
            if (debug)
                fprintf(stderr, "%s| %s: received Kerberos token\n",
                        LogTime(), PROGRAM);

            fprintf(FDKIN, "%s\n",buf);
            if (fgets(buff, sizeof(buff) - 1, FDKOUT) == NULL) {
                if (ferror(FDKOUT)) {
                    fprintf(stderr,
                            "fgets() failed! dying..... errno=%d (%s)\n",
                            ferror(FDKOUT), strerror(ferror(FDKOUT)));
                    return 1;
                }
                fprintf(stderr, "%s| %s: Error reading Kerberos helper response\n",
                        LogTime(), PROGRAM);
                return 0;
            }
        }
        fprintf(stdout,"%s",buff);
        if (debug)
            fprintf(stderr, "%s| %s: Return '%s'\n",
                    LogTime(), PROGRAM, buff);
    }

    return 1;
}
Commit	Line	Data
eb3dea38 MM	1	/*
	2	* -----------------------------------------------------------------------------
	3	*
	4	* Author: Markus Moeller (markus_moeller at compuserve.com)
	5	*
	6	* Copyright (C) 2011 Markus Moeller. All rights reserved.
	7	*
	8	* This program is free software; you can redistribute it and/or modify
	9	* it under the terms of the GNU General Public License as published by
	10	* the Free Software Foundation; either version 2 of the License, or
	11	* (at your option) any later version.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
	21	*
	22	* -----------------------------------------------------------------------------
	23	*/
	24	/*
	25	* Hosted at http://sourceforge.net/projects/squidkerbauth
	26	*/
	27
	28	#include "config.h"
	29	#include "nw_base64.h"
	30
	31	#if HAVE_STRING_H
	32	#include <string.h>
	33	#endif
	34	#if HAVE_STDIO_H
	35	#include <stdio.h>
	36	#endif
	37	#if HAVE_STDLIB_H
	38	#include <stdlib.h>
	39	#endif
	40	#if HAVE_NETDB_H
	41	#include <netdb.h>
	42	#endif
	43	#if HAVE_UNISTD_H
	44	#include <unistd.h>
	45	#endif
	46	#if HAVE_TIME_H
	47	#include <time.h>
	48	#endif
	49	#if HAVE_SYS_TIME_H
	50	#include <sys/time.h>
	51	#endif
	52	#if HAVE_ERRNO_H
	53	#include <errno.h>
	54	#endif
	55
	56	#if !defined(HAVE_DECL_XMALLOC) \|\| !HAVE_DECL_XMALLOC
	57	#define xmalloc malloc
	58	#endif
	59	#if !defined(HAVE_DECL_XSTRDUP) \|\| !HAVE_DECL_XSTRDUP
	60	#define xstrdup strdup
	61	#endif
	62	#if !defined(HAVE_DECL_XFREE) \|\| !HAVE_DECL_XFREE
	63	#define xfree free
	64	#endif
65
66	#undef PROGRAM
67	#define PROGRAM "negotiate_wrapper"
68	#undef VERSION
69	#define VERSION "1.0.1"
70
71	#ifndef MAX_AUTHTOKEN_LEN
72	#define MAX_AUTHTOKEN_LEN 65535
73	#endif
74
75	static const unsigned char ntlmProtocol[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0};
76
77	static const char *
78	LogTime()
79	{
80	struct tm *tm;
81	struct timeval now;
82	static time_t last_t = 0;
83	static char buf[128];
84
85	gettimeofday(&now, NULL);
86	if (now.tv_sec != last_t) {
87	tm = localtime((time_t *) & now.tv_sec);
88	strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm);
89	last_t = now.tv_sec;
90	}
91	return buf;
92	}
93
94	void usage(void)
95	{
96	fprintf(stderr, "Usage: \n");
97	fprintf(stderr, "negotiate_wrapper [-h] [-d] --ntlm ntlm helper + arguments --kerberos kerberos helper + arguments\n");
98	fprintf(stderr, "-h help\n");
99	fprintf(stderr, "-d full debug\n");
100	fprintf(stderr, "--ntlm full ntlm helper path with arguments\n");
101	fprintf(stderr, "--kerberos full kerberos helper path with arguments\n");
102	}
103
104	int
105	main(int argc, char *const argv[])
106	{
107	char buf[MAX_AUTHTOKEN_LEN];
108	char tbuff[MAX_AUTHTOKEN_LEN];
109	char buff[MAX_AUTHTOKEN_LEN+2];
110	char c, p;
111	static int err = 0;
112	int opt, debug = 0;
113	int length;
114	int nstart = 0, kstart = 0;
115	int nend = 0, kend = 0;
116	char *token;
117	char nargs, kargs;
118	int i,j;
119	int fpid;
120	FILE FDKIN,FDKOUT;
121	FILE FDNIN,FDNOUT;
122	int pkin[2];
123	int pkout[2];
124	int pnin[2];
125	int pnout[2];
126
127	setbuf(stdout, NULL);
128	setbuf(stdin, NULL);
129
130	if (argc ==1 \|\| !strncasecmp(argv[1],"-h",2)) {
131	usage();
132	return 0;
133	}
134
135	j = 1;
136	if (!strncasecmp(argv[1],"-d",2)) {
137	debug = 1;
138	j = 2;
139	}
140
141	for (i=j; i<argc; i++) {
142	if (!strncasecmp(argv[i],"--ntlm",6))
143	nstart = i;
144	if (!strncasecmp(argv[i],"--kerberos",10))
145	kstart = i;
146	}
147	if (nstart > kstart) {
148	kend = nstart-1;
149	nend = argc-1;
150	} else {
151	kend = argc-1;
152	nend = kstart-1;
153	}
154	if (nstart == 0 \|\| kstart == 0 \|\| kend-kstart <= 0 \|\| nend-nstart <= 0 ) {
155	usage();
156	return 0;
157	}
158
159	if (debug)
160	fprintf(stderr, "%s\| %s: Starting version %s\n", LogTime(), PROGRAM,
161	VERSION);
162
163	if ((nargs = (char *)xmalloc((nend-nstart+1)sizeof(char *))) == NULL) {
164	fprintf(stderr, "%s\| %s: Error allocating memory for ntlm helper\n", LogTime(), PROGRAM);
165	return 1;
166	}
167	memcpy(nargs,argv+nstart+1,(nend-nstart)sizeof(char ));
168	nargs[nend-nstart]=NULL;
169	if (debug) {
170	fprintf(stderr, "%s\| %s: NTLM command: ", LogTime(), PROGRAM);
171	for (i=0; i<nend-nstart; i++)
172	fprintf(stderr, "%s ", nargs[i]);
173	fprintf(stderr, "\n");
174	}
175	if ((kargs = (char *)xmalloc((kend-kstart+1)sizeof(char *))) == NULL) {
176	fprintf(stderr, "%s\| %s: Error allocating memory for kerberos helper\n", LogTime(), PROGRAM);
177	return 1;
178	}
179	memcpy(kargs,argv+kstart+1,(kend-kstart)sizeof(char ));
180	kargs[kend-kstart]=NULL;
181	if (debug) {
182	fprintf(stderr, "%s\| %s: Kerberos command: ", LogTime(), PROGRAM);
183	for (i=0; i<kend-kstart; i++)
184	fprintf(stderr, "%s ", kargs[i]);
185	fprintf(stderr, "\n");
186	}
187	/*
188	Fork Kerberos helper and NTLM helper and manage IO to send NTLM requests
189	to the right helper. squid must keep session state
190	*/
191
192	pipe(pkin);
193	pipe(pkout);
194
195	if (( fpid = vfork()) < 0 ) {
196	fprintf(stderr, "%s\| %s: Failed first fork\n", LogTime(), PROGRAM);
197	return 1;
198	}
199
200	if ( fpid == 0 ) {
201	/* First Child for Kerberos helper */
202
203	close(pkin[1]);
204	dup2(pkin[0],STDIN_FILENO);
205	close(pkin[0]);
206
207	close(pkout[0]);
208	dup2(pkout[1],STDOUT_FILENO);
209	close(pkout[1]);
210
211	setbuf(stdin, NULL);
212	setbuf(stdout, NULL);
213
214	execv(kargs[0], kargs);
215	fprintf(stderr, "%s\| %s: Failed execv for %s: %s\n", LogTime(), PROGRAM, kargs[0], strerror(errno));
216	return 1;
217
218	}
219
220	close(pkin[0]);
221	close(pkout[1]);
222
223	pipe(pnin);
224	pipe(pnout);
225
226	if (( fpid = vfork()) < 0 ) {
227	fprintf(stderr, "%s\| %s: Failed second fork\n", LogTime(), PROGRAM);
228	return 1;
229	}
230
231	if ( fpid == 0 ) {
232	/* Second Child for NTLM helper */
233
234	close(pnin[1]);
235	dup2(pnin[0],STDIN_FILENO);
236	close(pnin[0]);
237
238	close(pnout[0]);
239	dup2(pnout[1],STDOUT_FILENO);
240	close(pnout[1]);
241
242	setbuf(stdin, NULL);
243	setbuf(stdout, NULL);
244
245	execv(nargs[0], nargs);
246	fprintf(stderr, "%s\| %s: Failed execv for %s: %s\n", LogTime(), PROGRAM, nargs[0], strerror(errno));
247	return 1;
248	}
249
250	close(pnin[0]);
251	close(pnout[1]);
252
253	FDKIN=fdopen(pkin[1],"w");
254	FDKOUT=fdopen(pkout[0],"r");
255
256	FDNIN=fdopen(pnin[1],"w");
257	FDNOUT=fdopen(pnout[0],"r");
258
259	if (!FDKIN \|\| !FDKOUT \|\| !FDNIN \|\| !FDNOUT) {
260	fprintf(stderr, "%s\| %s: Could not assign streams for FDKIN/FDKOUT/FDNIN/FDNOUT %d/%d/%d/%d\n",
261	LogTime(), PROGRAM, FDKIN, FDKOUT, FDNIN, FDNOUT);
262	return 1;
263	}
264
265	setbuf(FDKIN, NULL);
266	setbuf(FDKOUT, NULL);
267	setbuf(FDNIN, NULL);
268	setbuf(FDNOUT, NULL);
269
270
271	while (1) {
272	if (fgets(buf, sizeof(buf) - 1, stdin) == NULL) {
273	if (ferror(stdin)) {
274	if (debug)
275	fprintf(stderr,
276	"%s\| %s: fgets() failed! dying..... errno=%d (%s)\n",
277	LogTime(), PROGRAM, ferror(stdin),
278	strerror(ferror(stdin)));
279
280	fprintf(stdout, "BH input error\n");
281	return 1; /* BIIG buffer */
282	}
283	fprintf(stdout, "BH input error\n");
284	return 0;
285	}
286	c = static_cast<char*>(memchr(buf, '\n', sizeof(buf) - 1));
287	if (c) {
288	*c = '\0';
289	length = c - buf;
290	} else {
291	err = 1;
292	}
293	if (err) {
294	if (debug)
295	fprintf(stderr, "%s\| %s: Oversized message\n", LogTime(),
296	PROGRAM);
297	fprintf(stdout, "BH Oversized message\n");
298	err = 0;
299	continue;
300	}
301	if (debug)
302	fprintf(stderr, "%s\| %s: Got '%s' from squid (length: %d).\n",
303	LogTime(), PROGRAM, buf, length);
304
305	if (buf[0] == '\0') {
306	if (debug)
307	fprintf(stderr, "%s\| %s: Invalid request\n", LogTime(),
308	PROGRAM);
309	fprintf(stdout, "BH Invalid request\n");
310	continue;
311	}
312	if (strlen(buf) < 2) {
313	if (debug)
314	fprintf(stderr, "%s\| %s: Invalid request [%s]\n", LogTime(),
315	PROGRAM, buf);
316	fprintf(stdout, "BH Invalid request\n");
317	continue;
318	}
319	if (!strncmp(buf, "QQ", 2)) {
320	fprintf(stdout, "BH quit command\n");
321	return 0;
322	}
323	if (strncmp(buf, "YR", 2) && strncmp(buf, "KK", 2)) {
324	if (debug)
325	fprintf(stderr, "%s\| %s: Invalid request [%s]\n", LogTime(),
326	PROGRAM, buf);
327	fprintf(stdout, "BH Invalid request\n");
328	continue;
329	}
330	if (strlen(buf) <= 3) {
331	if (debug)
332	fprintf(stderr, "%s\| %s: Invalid negotiate request [%s]\n",
333	LogTime(), PROGRAM, buf);
334	fprintf(stdout, "BH Invalid negotiate request\n");
335	continue;
336	}
337	length = nw_base64_decode_len(buf + 3);
338	if (debug)
339	fprintf(stderr, "%s\| %s: Decode '%s' (decoded length: %d).\n",
340	LogTime(), PROGRAM, buf + 3, (int) length);
341
342	if ((token = (char *)xmalloc(length)) == NULL) {
343	fprintf(stderr, "%s\| %s: Error allocating memory for token\n", LogTime(), PROGRAM);
344	return 1;
345	}
346
347	nw_base64_decode(token, buf + 3, length);
348
349	if ((length >= sizeof ntlmProtocol + 1) &&
350	(!memcmp(token, ntlmProtocol, sizeof ntlmProtocol))) {
351	free(token);
352	if (debug)
353	fprintf(stderr, "%s\| %s: received type %d NTLM token\n",
354	LogTime(), PROGRAM, (int) ((unsigned char ) token +
355	sizeof ntlmProtocol));
356	fprintf(FDNIN, "%s\n",buf);
357	if (fgets(tbuff, sizeof(tbuff) - 1, FDNOUT) == NULL) {
358	if (ferror(FDNOUT)) {
359	fprintf(stderr,
360	"fgets() failed! dying..... errno=%d (%s)\n",
361	ferror(FDNOUT), strerror(ferror(FDNOUT)));
362	return 1;
363	}
364	fprintf(stderr, "%s\| %s: Error reading NTLM helper response\n",
365	LogTime(), PROGRAM);
366	return 0;
367	}
368	/*
369	Need to translate NTLM reply to Negotiate reply
370	AF user => AF blob user
371	NA reason => NA blob reason
372	Set blob to '='
373	*/
374	if (strlen(tbuff) >= 3 && (!strncmp(tbuff,"AF ",3) \|\| !strncmp(tbuff,"NA ",3))) {
375	int i;
376	strncpy(buff,tbuff,3);
377	buff[3]='=';
378	for (i=2; i<=strlen(tbuff); i++)
379	buff[i+2] = tbuff[i];
380	} else {
381	strcpy(buff,tbuff);
382	}
383	} else {
384	free(token);
385	if (debug)
386	fprintf(stderr, "%s\| %s: received Kerberos token\n",
387	LogTime(), PROGRAM);
388
389	fprintf(FDKIN, "%s\n",buf);
390	if (fgets(buff, sizeof(buff) - 1, FDKOUT) == NULL) {
391	if (ferror(FDKOUT)) {
392	fprintf(stderr,
393	"fgets() failed! dying..... errno=%d (%s)\n",
394	ferror(FDKOUT), strerror(ferror(FDKOUT)));
395	return 1;
396	}
397	fprintf(stderr, "%s\| %s: Error reading Kerberos helper response\n",
398	LogTime(), PROGRAM);
399	return 0;
400	}
401	}
402	fprintf(stdout,"%s",buff);
403	if (debug)
404	fprintf(stderr, "%s\| %s: Return '%s'\n",
405	LogTime(), PROGRAM, buff);
406	}
407
408	return 1;
409	}