]>
Commit | Line | Data |
---|---|---|
5b95b903 | 1 | /* |
bf95c10a | 2 | * Copyright (C) 1996-2022 The Squid Software Foundation and contributors |
5b95b903 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
4e2c57a0 | 9 | /* |
4e2c57a0 | 10 | * SASL authenticator module for Squid. |
11 | * Copyright (C) 2002 Ian Castle <ian.castle@coldcomfortfarm.net> | |
12 | * | |
13 | * This program is free software; you can redistribute it and/or modify | |
14 | * it under the terms of the GNU General Public License as published by | |
15 | * the Free Software Foundation; either version 2 of the License, or | |
16 | * (at your option) any later version. | |
17 | * | |
18 | * This program is distributed in the hope that it will be useful, | |
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | * GNU General Public License for more details. | |
22 | * | |
23 | * You should have received a copy of the GNU General Public License | |
24 | * along with this program; if not, write to the Free Software | |
25 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
26 | * | |
27 | * Install instructions: | |
28 | * | |
29 | * This program authenticates users against using cyrus-sasl | |
30 | * | |
31 | * Compile this program with: gcc -Wall -o sasl_auth sasl_auth.c -lsasl | |
2adff954 | 32 | * or with SASL2: gcc -Wall -o sasl_auth sasl_auth.c -lsasl2 |
4e2c57a0 | 33 | * |
34 | */ | |
f7f3304a | 35 | #include "squid.h" |
079b1d0f | 36 | #include "helper/protocol_defines.h" |
5a48ed18 AJ |
37 | #include "rfc1738.h" |
38 | #include "util.h" | |
39 | ||
074d6a40 AJ |
40 | #include <cerrno> |
41 | #include <cstdlib> | |
42 | #include <cstring> | |
32d002cb | 43 | #if HAVE_SASL_SASL_H |
2adff954 | 44 | #include <sasl/sasl.h> |
45 | #else | |
46 | #include <sasl.h> | |
47 | #endif | |
48 | ||
f53969cc | 49 | #define APP_NAME_SASL "basic_sasl_auth" |
4e2c57a0 | 50 | |
51 | int | |
ced8def3 | 52 | main(int, char *argv[]) |
4e2c57a0 | 53 | { |
43fed740 | 54 | char line[HELPER_INPUT_BUFFER]; |
26ac0430 | 55 | char *username, *password; |
2adff954 | 56 | #if SASL_VERSION_MAJOR < 2 |
26ac0430 | 57 | const char *errstr; |
2adff954 | 58 | #endif |
4e2c57a0 | 59 | |
26ac0430 | 60 | int rc; |
aee3523a | 61 | sasl_conn_t *conn = nullptr; |
26ac0430 AJ |
62 | |
63 | /* make standard output line buffered */ | |
aee3523a | 64 | setvbuf(stdout, nullptr, _IOLBF, 0); |
26ac0430 | 65 | |
aee3523a | 66 | rc = sasl_server_init( nullptr, APP_NAME_SASL ); |
26ac0430 AJ |
67 | |
68 | if ( rc != SASL_OK ) { | |
aee3523a | 69 | fprintf(stderr, "FATAL: %d %s\n", rc, sasl_errstring(rc, nullptr, nullptr )); |
24885773 | 70 | exit(EXIT_FAILURE); |
26ac0430 AJ |
71 | } |
72 | ||
73 | #if SASL_VERSION_MAJOR < 2 | |
74 | rc = sasl_server_new( APP_NAME_SASL, NULL, NULL, NULL, 0, &conn ); | |
75 | #else | |
aee3523a | 76 | rc = sasl_server_new( APP_NAME_SASL, nullptr, nullptr, nullptr, nullptr, nullptr, 0, &conn ); |
26ac0430 AJ |
77 | #endif |
78 | ||
79 | if ( rc != SASL_OK ) { | |
aee3523a | 80 | fprintf(stderr, "FATAL: %d %s\n", rc, sasl_errstring(rc, nullptr, nullptr )); |
24885773 | 81 | exit(EXIT_FAILURE); |
26ac0430 AJ |
82 | } |
83 | ||
43fed740 | 84 | while ( fgets( line, HELPER_INPUT_BUFFER, stdin )) { |
26ac0430 AJ |
85 | username = &line[0]; |
86 | password = strchr( line, '\n' ); | |
43fed740 AJ |
87 | if (!password) { |
88 | debug("ERROR: %s: Unexpected input '%s'\n", argv[0], line); | |
89 | SEND_ERR("Unexpected Empty Input"); | |
26ac0430 AJ |
90 | continue; |
91 | } | |
92 | *password = '\0'; | |
93 | password = strchr ( line, ' ' ); | |
43fed740 AJ |
94 | if (!password) { |
95 | debug("ERROR: %s: Unexpected input '%s' (no password)\n", argv[0], line ); | |
96 | SEND_ERR("No Password"); | |
26ac0430 AJ |
97 | continue; |
98 | } | |
f207fe64 FC |
99 | *password = '\0'; |
100 | ++password; | |
26ac0430 AJ |
101 | |
102 | rfc1738_unescape(username); | |
103 | rfc1738_unescape(password); | |
104 | ||
105 | #if SASL_VERSION_MAJOR < 2 | |
106 | rc = sasl_checkpass(conn, username, strlen(username), password, strlen(password), &errstr); | |
107 | #else | |
108 | rc = sasl_checkpass(conn, username, strlen(username), password, strlen(password)); | |
109 | #endif | |
110 | ||
111 | if ( rc != SASL_OK ) { | |
112 | #if SASL_VERSION_MAJOR < 2 | |
113 | if ( errstr ) { | |
43fed740 | 114 | debug("errstr %s\n", errstr); |
26ac0430 AJ |
115 | } |
116 | if ( rc != SASL_BADAUTH ) { | |
43fed740 AJ |
117 | debug("ERROR: %d %s\n", rc, sasl_errstring(rc, NULL, NULL)); |
118 | SEND_ERR(sasl_errstring(rc, NULL, NULL)); | |
119 | } else | |
26ac0430 | 120 | #endif |
43fed740 | 121 | SEND_ERR(""); |
26ac0430 | 122 | } else { |
43fed740 | 123 | SEND_OK(""); |
26ac0430 | 124 | } |
26ac0430 AJ |
125 | } |
126 | ||
43fed740 | 127 | sasl_dispose(&conn); |
26ac0430 | 128 | sasl_done(); |
24885773 | 129 | return EXIT_SUCCESS; |
4e2c57a0 | 130 | } |
f53969cc | 131 |