]>
Commit | Line | Data |
---|---|---|
5b95b903 | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
5b95b903 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
6e785d85 | 9 | /* |
10 | NT_auth - Version 2.0 | |
11 | ||
12 | Returns OK for a successful authentication, or ERR upon error. | |
13 | ||
14 | Guido Serassio, Torino - Italy | |
15 | ||
16 | Uses code from - | |
17 | Antonino Iannella 2000 | |
18 | Andrew Tridgell 1997 | |
19 | Richard Sharpe 1996 | |
20 | Bill Welliver 1999 | |
21 | ||
22 | * Distributed freely under the terms of the GNU General Public License, | |
da07f754 | 23 | * version 2 or later. See the file COPYING for licensing details |
6e785d85 | 24 | * |
25 | * This program is distributed in the hope that it will be useful, | |
26 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
27 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
28 | * GNU General Public License for more details. | |
26ac0430 | 29 | |
6e785d85 | 30 | * You should have received a copy of the GNU General Public License |
31 | * along with this program; if not, write to the Free Software | |
32 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
33 | */ | |
34 | ||
f7f3304a | 35 | #include "squid.h" |
03901cf8 | 36 | #include "auth/basic/SSPI/valid.h" |
079b1d0f | 37 | #include "helper/protocol_defines.h" |
1f7c83ca | 38 | #include "rfc1738.h" |
5a48ed18 AJ |
39 | #include "util.h" |
40 | ||
5a48ed18 | 41 | #if GETOPT_H |
26ac0430 | 42 | #include <getopt.h> |
5a48ed18 | 43 | #endif |
6e785d85 | 44 | |
45 | /* Check if we try to compile on a Windows Platform */ | |
be266cb2 AJ |
46 | #if !_SQUID_WINDOWS_ |
47 | /* NON Windows Platform !!! */ | |
48 | #error NON WINDOWS PLATFORM | |
49 | #endif | |
6e785d85 | 50 | |
6e785d85 | 51 | static char NTGroup[256]; |
52 | char * NTAllowedGroup; | |
53 | char * NTDisAllowedGroup; | |
54 | int UseDisallowedGroup = 0; | |
55 | int UseAllowedGroup = 0; | |
56 | int debug_enabled = 0; | |
57 | ||
58 | /* | |
59 | * options: | |
60 | * -A can specify a Windows Local Group name allowed to authenticate. | |
61 | * -D can specify a Windows Local Group name not allowed to authenticate. | |
62 | * -O can specify the default Domain against to authenticate. | |
63 | */ | |
1f7c83ca AJ |
64 | static void |
65 | usage(const char *name) | |
6e785d85 | 66 | { |
43fed740 | 67 | fprintf(stderr, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n" |
26ac0430 AJ |
68 | "-A can specify a Windows Local Group name allowed to authenticate\n" |
69 | "-D can specify a Windows Local Group name not allowed to authenticate\n" | |
70 | "-O can specify the default Domain against to authenticate\n" | |
71 | "-d enable debugging.\n" | |
72 | "-h this message\n\n", | |
1f7c83ca | 73 | name); |
6e785d85 | 74 | } |
75 | ||
76 | void | |
77 | process_options(int argc, char *argv[]) | |
78 | { | |
43fed740 | 79 | int opt; |
6e785d85 | 80 | while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) { |
26ac0430 AJ |
81 | switch (opt) { |
82 | case 'A': | |
83 | safe_free(NTAllowedGroup); | |
84 | NTAllowedGroup=xstrdup(optarg); | |
85 | UseAllowedGroup = 1; | |
86 | break; | |
87 | case 'D': | |
88 | safe_free(NTDisAllowedGroup); | |
89 | NTDisAllowedGroup=xstrdup(optarg); | |
90 | UseDisallowedGroup = 1; | |
91 | break; | |
92 | case 'O': | |
93 | strncpy(Default_NTDomain, optarg, DNLEN); | |
94 | break; | |
95 | case 'd': | |
96 | debug_enabled = 1; | |
97 | break; | |
98 | case 'h': | |
99 | usage(argv[0]); | |
100 | exit(0); | |
101 | case '?': | |
102 | opt = optopt; | |
f53969cc | 103 | /* fall thru to default */ |
26ac0430 | 104 | default: |
43fed740 | 105 | fprintf(stderr, "FATAL: Unknown option: -%c\n", opt); |
1f7c83ca | 106 | usage(argv[0]); |
43fed740 | 107 | exit(1); |
26ac0430 | 108 | } |
6e785d85 | 109 | } |
6e785d85 | 110 | } |
111 | ||
112 | /* Main program for simple authentication. | |
113 | Scans and checks for Squid input, and attempts to validate the user. | |
114 | */ | |
6e785d85 | 115 | int |
116 | main(int argc, char **argv) | |
6e785d85 | 117 | { |
43fed740 | 118 | char wstr[HELPER_INPUT_BUFFER]; |
6e785d85 | 119 | char username[256]; |
120 | char password[256]; | |
121 | char *p; | |
122 | int err = 0; | |
123 | ||
6e785d85 | 124 | process_options(argc, argv); |
125 | ||
6e785d85 | 126 | if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) { |
43fed740 | 127 | fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n"); |
26ac0430 | 128 | exit(1); |
6e785d85 | 129 | } |
130 | debug("SSPI initialized OK\n"); | |
131 | ||
132 | atexit(UnloadSecurityDll); | |
133 | ||
26ac0430 | 134 | /* initialize FDescs */ |
6e785d85 | 135 | setbuf(stdout, NULL); |
136 | setbuf(stderr, NULL); | |
137 | ||
43fed740 | 138 | while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) { |
26ac0430 AJ |
139 | |
140 | if (NULL == strchr(wstr, '\n')) { | |
141 | err = 1; | |
142 | continue; | |
143 | } | |
144 | if (err) { | |
43fed740 AJ |
145 | SEND_ERR("Oversized message"); |
146 | err = 0; | |
147 | fflush(stdout); | |
148 | continue; | |
26ac0430 AJ |
149 | } |
150 | ||
151 | if ((p = strchr(wstr, '\n')) != NULL) | |
f53969cc | 152 | *p = '\0'; /* strip \n */ |
26ac0430 | 153 | if ((p = strchr(wstr, '\r')) != NULL) |
f53969cc | 154 | *p = '\0'; /* strip \r */ |
26ac0430 AJ |
155 | /* Clear any current settings */ |
156 | username[0] = '\0'; | |
157 | password[0] = '\0'; | |
f53969cc | 158 | sscanf(wstr, "%s %s", username, password); /* Extract parameters */ |
6e785d85 | 159 | |
160 | debug("Got %s from Squid\n", wstr); | |
161 | ||
26ac0430 AJ |
162 | /* Check for invalid or blank entries */ |
163 | if ((username[0] == '\0') || (password[0] == '\0')) { | |
43fed740 | 164 | SEND_ERR("Invalid Request"); |
26ac0430 AJ |
165 | fflush(stdout); |
166 | continue; | |
167 | } | |
168 | rfc1738_unescape(username); | |
169 | rfc1738_unescape(password); | |
6e785d85 | 170 | |
171 | debug("Trying to validate; %s %s\n", username, password); | |
172 | ||
26ac0430 | 173 | if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR) |
43fed740 | 174 | SEND_OK(""); |
26ac0430 | 175 | else |
43fed740 | 176 | SEND_ERR(errormsg); |
26ac0430 AJ |
177 | err = 0; |
178 | fflush(stdout); | |
6e785d85 | 179 | } |
180 | return 0; | |
181 | } | |
f53969cc | 182 |