]>
Commit | Line | Data |
---|---|---|
5b95b903 | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
5b95b903 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
94439e4e | 9 | /* |
10 | * MSNT - Microsoft Windows NT domain squid authenticator module | |
6d73604c | 11 | * Version 2.0 by Stellar-X Pty Ltd, Antonino Iannella |
12 | * Sun Sep 2 14:39:53 CST 2001 | |
26ac0430 | 13 | * |
94439e4e | 14 | * Modified to act as a Squid authenticator module. |
15 | * Removed all Pike stuff. | |
16 | * Returns OK for a successful authentication, or ERR upon error. | |
26ac0430 | 17 | * |
94439e4e | 18 | * Uses code from - |
19 | * Andrew Tridgell 1997 | |
20 | * Richard Sharpe 1996 | |
21 | * Bill Welliver 1999 | |
6d73604c | 22 | * Duane Wessels 2000 (wessels@squid-cache.org) |
26ac0430 | 23 | * |
94439e4e | 24 | * Released under GNU Public License |
26ac0430 | 25 | * |
94439e4e | 26 | * This program is free software; you can redistribute it and/or modify |
27 | * it under the terms of the GNU General Public License as published by | |
28 | * the Free Software Foundation; either version 2 of the License, or | |
29 | * (at your option) any later version. | |
26ac0430 | 30 | * |
94439e4e | 31 | * This program is distributed in the hope that it will be useful, |
32 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
33 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
34 | * GNU General Public License for more details. | |
26ac0430 | 35 | * |
94439e4e | 36 | * You should have received a copy of the GNU General Public License |
37 | * along with this program; if not, write to the Free Software | |
38 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
39 | */ | |
f7f3304a | 40 | #include "squid.h" |
1fa9b1a7 | 41 | #include "rfc1738.h" |
60dbdd1f | 42 | #include "util.h" |
43 | ||
074d6a40 AJ |
44 | #include <csignal> |
45 | #include <cstring> | |
1de9145c FC |
46 | #include <iostream> |
47 | #include <string> | |
48 | #include <vector> //todo: turn into multimap | |
94439e4e | 49 | #include <syslog.h> |
94439e4e | 50 | |
03901cf8 AJ |
51 | #include "auth/basic/SMB_LM/msntauth.h" |
52 | #include "auth/basic/SMB_LM/valid.h" | |
6d73604c | 53 | |
bb521715 | 54 | static char msntauth_version[] = "Msntauth v3.0.0 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 2002-2014"; |
94439e4e | 55 | |
1de9145c | 56 | struct domaincontroller { |
ae81e9ec FC |
57 | std::string domain; |
58 | std::string server; | |
1de9145c | 59 | }; |
ae81e9ec FC |
60 | typedef std::vector<domaincontroller> domaincontrollers_t; |
61 | domaincontrollers_t domaincontrollers; | |
94439e4e | 62 | |
1de9145c FC |
63 | bool |
64 | validate_user(char *username, char *password) | |
65 | { | |
ae81e9ec FC |
66 | for (domaincontrollers_t::iterator dc = domaincontrollers.begin(); dc != domaincontrollers.end(); ++dc) { |
67 | //std::cerr << "testing against " << dc->server << std::endl; | |
68 | const int rv = Valid_User(username, password, dc->server.c_str(), NULL, dc->domain.c_str()); | |
69 | //std::cerr << "check result: " << rv << std::endl; | |
70 | if (rv == NTV_NO_ERROR) | |
71 | return true; | |
72 | } | |
73 | return false; | |
1de9145c | 74 | } |
ae81e9ec | 75 | |
bb521715 FC |
76 | static char instructions[] = "Usage instructions: basic_nsnt_auth <domainname>/<domaincontroller> [<domainname>/<domaincontroller> ...]"; |
77 | void | |
78 | display_usage_instructions() | |
79 | { | |
80 | using std::endl; | |
81 | std::cerr << msntauth_version << endl << instructions << endl << endl; | |
82 | } | |
94439e4e | 83 | |
ae81e9ec | 84 | // arguments: domain/server_name [domain/server_name ...] |
94439e4e | 85 | int |
eb073b3b | 86 | main(int argc, char **argv) |
94439e4e | 87 | { |
88 | char username[256]; | |
89 | char password[256]; | |
90 | char wstr[256]; | |
811c6e76 | 91 | int err = 0; |
94439e4e | 92 | |
8f0e29d2 | 93 | openlog("basic_smb_lm_auth", LOG_PID, LOG_USER); |
eb073b3b | 94 | setbuf(stdout, NULL); |
95 | ||
1de9145c | 96 | for (int j = 1; j < argc; ++j) { |
ae81e9ec FC |
97 | std::string arg = argv[j]; |
98 | size_t pos=arg.find('/'); | |
99 | if (arg.find('/',pos+1) != std::string::npos) { | |
100 | std::cerr << "Error: can't understand domain controller specification '" | |
bb521715 | 101 | << arg << "'. Ignoring" << std::endl; |
26ac0430 | 102 | } |
ee0ef6b3 FC |
103 | domaincontroller dc; |
104 | dc.domain = arg.substr(0,pos); | |
105 | dc.server = arg.substr(pos+1); | |
ae81e9ec FC |
106 | if (dc.domain.length() == 0 || dc.server.length() == 0) { |
107 | std::cerr << "Error: invalid domain specification in '" << arg << | |
bb521715 | 108 | "'. Ignoring." << std::endl; |
ae81e9ec FC |
109 | exit(1); |
110 | } | |
111 | domaincontrollers.push_back(dc); | |
112 | } | |
113 | if (domaincontrollers.empty()) { | |
bb521715 | 114 | display_usage_instructions(); |
ae81e9ec FC |
115 | std::cerr << "Error: no domain controllers specified" << std::endl; |
116 | exit(1); | |
94439e4e | 117 | } |
94439e4e | 118 | |
119 | while (1) { | |
26ac0430 AJ |
120 | int n; |
121 | /* Read whole line from standard input. Terminate on break. */ | |
122 | memset(wstr, '\0', sizeof(wstr)); | |
123 | if (fgets(wstr, 255, stdin) == NULL) | |
124 | break; | |
125 | /* ignore this line if we didn't get the end-of-line marker */ | |
126 | if (NULL == strchr(wstr, '\n')) { | |
127 | err = 1; | |
128 | continue; | |
129 | } | |
130 | if (err) { | |
131 | syslog(LOG_WARNING, "oversized message"); | |
27759484 AJ |
132 | puts("ERR"); |
133 | err = 0; | |
134 | continue; | |
26ac0430 | 135 | } |
94439e4e | 136 | |
26ac0430 AJ |
137 | /* |
138 | * extract username and password. | |
26ac0430 AJ |
139 | */ |
140 | username[0] = '\0'; | |
141 | password[0] = '\0'; | |
142 | n = sscanf(wstr, "%s %[^\n]", username, password); | |
143 | if (2 != n) { | |
144 | puts("ERR"); | |
145 | continue; | |
146 | } | |
147 | /* Check for invalid or blank entries */ | |
148 | if ((username[0] == '\0') || (password[0] == '\0')) { | |
149 | puts("ERR"); | |
150 | continue; | |
151 | } | |
94439e4e | 152 | |
26ac0430 AJ |
153 | rfc1738_unescape(username); |
154 | rfc1738_unescape(password); | |
9bbd1655 | 155 | |
1de9145c | 156 | if (validate_user(username, password)) { |
26ac0430 | 157 | puts("OK"); |
1de9145c | 158 | } else { |
26ac0430 | 159 | syslog(LOG_INFO, "'%s' login failed", username); |
26ac0430 AJ |
160 | puts("ERR"); |
161 | } | |
162 | err = 0; | |
94439e4e | 163 | } |
164 | ||
165 | return 0; | |
166 | } | |
f53969cc | 167 |