[thirdparty/squid.git] / src / auth / basic / getpwnam / basic_getpwnam_auth.cc

/*
 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 * basic_getpwnam_auth.c
 *
 * AUTHOR: Erik Hofman <erik.hofman@a1.nl>
 *         Robin Elfrink <robin@a1.nl>
 *
 * Example authentication program for Squid, based on the
 * original proxy_auth code from client_side.c, written by
 * Jon Thackray <jrmt@uk.gdscorp.com>.
 *
 * Uses getpwnam() routines for authentication.
 * This has the following advantages over the NCSA module:
 *
 * - Allow authentication of all know local users
 * - Allows authentication through nsswitch.conf
 *   + can handle NIS(+) requests
 *   + can handle LDAP request
 *   + can handle PAM request
 *
 * 2006-07: Giancarlo Razzolini <linux-fan@onda.com.br>
 *
 * Added functionality for doing shadow authentication too,
 * using the getspnam() function on systems that support it.
 *
 */

#include "squid.h"
#include "helper/protocol_defines.h"
#include "rfc1738.h"

#include <cstdlib>
#include <cstring>
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#if HAVE_CRYPT_H
#include <crypt.h>
#endif
#if HAVE_PWD_H
#include <pwd.h>
#endif
#if HAVE_SHADOW_H
#include <shadow.h>
#endif

static int
passwd_auth(char *user, char *passwd)
{
    struct passwd *pwd;
    pwd = getpwnam(user);
    if (pwd == NULL) {
        return 0;       /* User does not exist */
    } else {
        char *crypted = crypt(passwd, pwd->pw_passwd);
        if (!crypted || strcmp(pwd->pw_passwd, crypted)) {
            return 2;       /* Wrong password */
        } else {
            return 1;       /* Authentication Sucessful */
        }
    }
}

#if HAVE_SHADOW_H
static int
shadow_auth(char *user, char *passwd)
{
    struct spwd *pwd;
    pwd = getspnam(user);
    if (pwd == NULL) {
        return passwd_auth(user, passwd);   /* Fall back to passwd_auth */
    } else {
        char *crypted = crypt(passwd, pwd->sp_pwdp);
        if (!crypted || strcmp(pwd->sp_pwdp, crypted)) {
            return 2;       /* Wrong password */
        } else {
            return 1;       /* Authentication Sucessful */
        }
    }
}
#endif

int
main(int, char **)
{
    int auth = 0;
    char buf[HELPER_INPUT_BUFFER];
    char *user, *passwd, *p;

    setbuf(stdout, NULL);
    while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {

        if ((p = strchr(buf, '\n')) != NULL)
            *p = '\0';      /* strip \n */

        if ((user = strtok(buf, " ")) == NULL) {
            SEND_ERR("No Username");
            continue;
        }
        if ((passwd = strtok(NULL, "")) == NULL) {
            SEND_ERR("No Password");
            continue;
        }
        rfc1738_unescape(user);
        rfc1738_unescape(passwd);
#if HAVE_SHADOW_H
        auth = shadow_auth(user, passwd);
#else
        auth = passwd_auth(user, passwd);
#endif
        if (auth == 0) {
            SEND_ERR("No such user");
        } else {
            if (auth == 2) {
                SEND_ERR("Wrong password");
            } else {
                SEND_OK("");
            }
        }
    }
    return 0;
}
Commit	Line	Data
5b95b903	1	/*
4ac4a490	2	* Copyright (C) 1996-2017 The Squid Software Foundation and contributors
5b95b903 AJ	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
94439e4e	9	/*
acb775ad	10	* basic_getpwnam_auth.c
94439e4e	11	*
	12	* AUTHOR: Erik Hofman <erik.hofman@a1.nl>
	13	* Robin Elfrink <robin@a1.nl>
	14	*
	15	* Example authentication program for Squid, based on the
	16	* original proxy_auth code from client_side.c, written by
	17	* Jon Thackray <jrmt@uk.gdscorp.com>.
	18	*
	19	* Uses getpwnam() routines for authentication.
	20	* This has the following advantages over the NCSA module:
26ac0430	21	*
94439e4e	22	* - Allow authentication of all know local users
	23	* - Allows authentication through nsswitch.conf
	24	* + can handle NIS(+) requests
	25	* + can handle LDAP request
	26	* + can handle PAM request
	27	*
b5e4d7d4	28	* 2006-07: Giancarlo Razzolini <linux-fan@onda.com.br>
26ac0430	29	*
b5e4d7d4	30	* Added functionality for doing shadow authentication too,
	31	* using the getspnam() function on systems that support it.
	32	*
94439e4e	33	*/
94439e4e	34
f7f3304a	35	#include "squid.h"
079b1d0f	36	#include "helper/protocol_defines.h"
1fa9b1a7	37	#include "rfc1738.h"
94439e4e	38
074d6a40 AJ	39	#include <cstdlib>
074d6a40 AJ	40	#include <cstring>
94439e4e	41	#if HAVE_UNISTD_H
	42	#include <unistd.h>
	43	#endif
94439e4e	44	#if HAVE_CRYPT_H
	45	#include <crypt.h>
	46	#endif
	47	#if HAVE_PWD_H
	48	#include <pwd.h>
	49	#endif
b5e4d7d4	50	#if HAVE_SHADOW_H
	51	#include <shadow.h>
	52	#endif
94439e4e	53
26ac0430	54	static int
b5e4d7d4	55	passwd_auth(char user, char passwd)
	56	{
	57	struct passwd *pwd;
	58	pwd = getpwnam(user);
	59	if (pwd == NULL) {
f53969cc	60	return 0; /* User does not exist */
b5e4d7d4	61	} else {
b643cd09 AJ	62	char *crypted = crypt(passwd, pwd->pw_passwd);
b643cd09 AJ	63	if (!crypted \|\| strcmp(pwd->pw_passwd, crypted)) {
f53969cc	64	return 2; /* Wrong password */
26ac0430	65	} else {
f53969cc	66	return 1; /* Authentication Sucessful */
26ac0430	67	}
b5e4d7d4	68	}
	69	}
	70
	71	#if HAVE_SHADOW_H
26ac0430	72	static int
b5e4d7d4	73	shadow_auth(char user, char passwd)
	74	{
	75	struct spwd *pwd;
	76	pwd = getspnam(user);
	77	if (pwd == NULL) {
f53969cc	78	return passwd_auth(user, passwd); /* Fall back to passwd_auth */
b5e4d7d4	79	} else {
b643cd09 AJ	80	char *crypted = crypt(passwd, pwd->sp_pwdp);
b643cd09 AJ	81	if (!crypted \|\| strcmp(pwd->sp_pwdp, crypted)) {
f53969cc	82	return 2; /* Wrong password */
26ac0430	83	} else {
f53969cc	84	return 1; /* Authentication Sucessful */
26ac0430	85	}
b5e4d7d4	86	}
	87	}
	88	#endif
	89
94439e4e	90	int
ced8def3	91	main(int, char **)
94439e4e	92	{
b5e4d7d4	93	int auth = 0;
43fed740	94	char buf[HELPER_INPUT_BUFFER];
94439e4e	95	char user, passwd, *p;
	96
	97	setbuf(stdout, NULL);
43fed740	98	while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
94439e4e	99
26ac0430	100	if ((p = strchr(buf, '\n')) != NULL)
f53969cc	101	p = '\0'; / strip \n */
94439e4e	102
26ac0430	103	if ((user = strtok(buf, " ")) == NULL) {
43fed740	104	SEND_ERR("No Username");
26ac0430 AJ	105	continue;
	106	}
	107	if ((passwd = strtok(NULL, "")) == NULL) {
43fed740	108	SEND_ERR("No Password");
26ac0430 AJ	109	continue;
	110	}
	111	rfc1738_unescape(user);
	112	rfc1738_unescape(passwd);
b5e4d7d4	113	#if HAVE_SHADOW_H
26ac0430	114	auth = shadow_auth(user, passwd);
b5e4d7d4	115	#else
26ac0430	116	auth = passwd_auth(user, passwd);
b5e4d7d4	117	#endif
26ac0430	118	if (auth == 0) {
43fed740	119	SEND_ERR("No such user");
26ac0430 AJ	120	} else {
26ac0430 AJ	121	if (auth == 2) {
43fed740	122	SEND_ERR("Wrong password");
26ac0430	123	} else {
43fed740	124	SEND_OK("");
26ac0430 AJ	125	}
26ac0430 AJ	126	}
94439e4e	127	}
43fed740	128	return 0;
94439e4e	129	}
f53969cc	130