]>
Commit | Line | Data |
---|---|---|
5b95b903 | 1 | /* |
77b1029d | 2 | * Copyright (C) 1996-2020 The Squid Software Foundation and contributors |
5b95b903 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
94439e4e | 9 | /* |
acb775ad | 10 | * basic_getpwnam_auth.c |
94439e4e | 11 | * |
12 | * AUTHOR: Erik Hofman <erik.hofman@a1.nl> | |
13 | * Robin Elfrink <robin@a1.nl> | |
14 | * | |
15 | * Example authentication program for Squid, based on the | |
16 | * original proxy_auth code from client_side.c, written by | |
17 | * Jon Thackray <jrmt@uk.gdscorp.com>. | |
18 | * | |
19 | * Uses getpwnam() routines for authentication. | |
20 | * This has the following advantages over the NCSA module: | |
26ac0430 | 21 | * |
94439e4e | 22 | * - Allow authentication of all know local users |
23 | * - Allows authentication through nsswitch.conf | |
24 | * + can handle NIS(+) requests | |
25 | * + can handle LDAP request | |
26 | * + can handle PAM request | |
27 | * | |
b5e4d7d4 | 28 | * 2006-07: Giancarlo Razzolini <linux-fan@onda.com.br> |
26ac0430 | 29 | * |
b5e4d7d4 | 30 | * Added functionality for doing shadow authentication too, |
31 | * using the getspnam() function on systems that support it. | |
32 | * | |
94439e4e | 33 | */ |
34 | ||
f7f3304a | 35 | #include "squid.h" |
079b1d0f | 36 | #include "helper/protocol_defines.h" |
1fa9b1a7 | 37 | #include "rfc1738.h" |
94439e4e | 38 | |
074d6a40 AJ |
39 | #include <cstdlib> |
40 | #include <cstring> | |
94439e4e | 41 | #if HAVE_UNISTD_H |
42 | #include <unistd.h> | |
43 | #endif | |
94439e4e | 44 | #if HAVE_CRYPT_H |
45 | #include <crypt.h> | |
46 | #endif | |
47 | #if HAVE_PWD_H | |
48 | #include <pwd.h> | |
49 | #endif | |
b5e4d7d4 | 50 | #if HAVE_SHADOW_H |
51 | #include <shadow.h> | |
52 | #endif | |
94439e4e | 53 | |
26ac0430 | 54 | static int |
b5e4d7d4 | 55 | passwd_auth(char *user, char *passwd) |
56 | { | |
57 | struct passwd *pwd; | |
58 | pwd = getpwnam(user); | |
59 | if (pwd == NULL) { | |
f53969cc | 60 | return 0; /* User does not exist */ |
b5e4d7d4 | 61 | } else { |
b643cd09 AJ |
62 | char *crypted = crypt(passwd, pwd->pw_passwd); |
63 | if (!crypted || strcmp(pwd->pw_passwd, crypted)) { | |
f53969cc | 64 | return 2; /* Wrong password */ |
26ac0430 | 65 | } else { |
f53969cc | 66 | return 1; /* Authentication Sucessful */ |
26ac0430 | 67 | } |
b5e4d7d4 | 68 | } |
69 | } | |
70 | ||
71 | #if HAVE_SHADOW_H | |
26ac0430 | 72 | static int |
b5e4d7d4 | 73 | shadow_auth(char *user, char *passwd) |
74 | { | |
75 | struct spwd *pwd; | |
76 | pwd = getspnam(user); | |
77 | if (pwd == NULL) { | |
f53969cc | 78 | return passwd_auth(user, passwd); /* Fall back to passwd_auth */ |
b5e4d7d4 | 79 | } else { |
b643cd09 AJ |
80 | char *crypted = crypt(passwd, pwd->sp_pwdp); |
81 | if (!crypted || strcmp(pwd->sp_pwdp, crypted)) { | |
f53969cc | 82 | return 2; /* Wrong password */ |
26ac0430 | 83 | } else { |
f53969cc | 84 | return 1; /* Authentication Sucessful */ |
26ac0430 | 85 | } |
b5e4d7d4 | 86 | } |
87 | } | |
88 | #endif | |
89 | ||
94439e4e | 90 | int |
ced8def3 | 91 | main(int, char **) |
94439e4e | 92 | { |
b5e4d7d4 | 93 | int auth = 0; |
43fed740 | 94 | char buf[HELPER_INPUT_BUFFER]; |
94439e4e | 95 | char *user, *passwd, *p; |
96 | ||
97 | setbuf(stdout, NULL); | |
43fed740 | 98 | while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) { |
94439e4e | 99 | |
26ac0430 | 100 | if ((p = strchr(buf, '\n')) != NULL) |
f53969cc | 101 | *p = '\0'; /* strip \n */ |
94439e4e | 102 | |
26ac0430 | 103 | if ((user = strtok(buf, " ")) == NULL) { |
43fed740 | 104 | SEND_ERR("No Username"); |
26ac0430 AJ |
105 | continue; |
106 | } | |
107 | if ((passwd = strtok(NULL, "")) == NULL) { | |
43fed740 | 108 | SEND_ERR("No Password"); |
26ac0430 AJ |
109 | continue; |
110 | } | |
111 | rfc1738_unescape(user); | |
112 | rfc1738_unescape(passwd); | |
b5e4d7d4 | 113 | #if HAVE_SHADOW_H |
26ac0430 | 114 | auth = shadow_auth(user, passwd); |
b5e4d7d4 | 115 | #else |
26ac0430 | 116 | auth = passwd_auth(user, passwd); |
b5e4d7d4 | 117 | #endif |
26ac0430 | 118 | if (auth == 0) { |
43fed740 | 119 | SEND_ERR("No such user"); |
26ac0430 AJ |
120 | } else { |
121 | if (auth == 2) { | |
43fed740 | 122 | SEND_ERR("Wrong password"); |
26ac0430 | 123 | } else { |
43fed740 | 124 | SEND_OK(""); |
26ac0430 AJ |
125 | } |
126 | } | |
94439e4e | 127 | } |
24885773 | 128 | return EXIT_SUCCESS; |
94439e4e | 129 | } |
f53969cc | 130 |