]>
git.ipfire.org Git - thirdparty/squid.git/blob - helpers/basic_auth/MSNT/confload.cc
2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
11 * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd
12 * Released under GPL, see COPYING-2.0 for details.
14 * These routines load the msntauth configuration file.
15 * It stores the servers to query, sets the denied and
16 * allowed user files, and provides the
17 * authenticating function.
20 /* Squid provides a number of portability overrides */
28 #include <sys/param.h>
34 /* Path to configuration file */
36 #define SYSCONFDIR "/usr/local/squid/etc"
38 #define CONFIGFILE SYSCONFDIR "/msntauth.conf"
40 /* Maximum number of servers to query. This number can be increased. */
44 extern char Denyuserpath
[MAXPATHLEN
]; /* MAXPATHLEN defined in param.h */
45 extern char Allowuserpath
[MAXPATHLEN
];
47 typedef struct _ServerTuple
{
50 char domain
[NTHOSTLEN
];
53 ServerTuple ServerArray
[MAXSERVERS
]; /* Array of servers to query */
54 int Serversqueried
= 0; /* Number of servers queried */
58 static void ProcessLine(char *);
59 static void AddServer(char *, char *, char *);
60 static int QueryServerForUser(int, char *, char *);
63 * Opens and reads the configuration file.
64 * Returns 0 on success, or 1 for error.
71 char Confbuf
[2049]; /* Line reading buffer */
73 /* Initialise defaults */
76 memset(ServerArray
, '\0', sizeof(ServerArray
));
77 memset(Denyuserpath
, '\0', MAXPATHLEN
);
78 memset(Allowuserpath
, '\0', MAXPATHLEN
);
81 if ((ConfigFile
= fopen(CONFIGFILE
, "r")) == NULL
) {
82 syslog(LOG_ERR
, "OpenConfigFile: Failed to open %s.", CONFIGFILE
);
83 syslog(LOG_ERR
, "%s", strerror(errno
));
86 /* Read in, one line at a time */
87 while (!feof(ConfigFile
)) {
89 if (NULL
== fgets(Confbuf
, 2048, ConfigFile
))
97 * Check that at least one server is being queried. Report error if not.
98 * Denied and allowed user files are hardcoded, so it's fine if they're
99 * not set in the confugration file.
101 if (Serversqueried
== 0) {
102 syslog(LOG_ERR
, "OpenConfigFile: No servers set in %s. At least one is needed.", CONFIGFILE
);
108 /* Parses a configuration file line. */
111 ProcessLine(char *Linebuf
)
118 /* Ignore empty lines */
119 if (strlen(Linebuf
) == 0)
122 /* Break up on whitespaces */
123 if ((Directive
= strtok(Linebuf
, " \t\n")) == NULL
)
126 /* Check for a comment line. If found, stop . */
127 if (Directive
[0] == '#')
130 /* Check for server line. Check for 3 parameters. */
131 if (strcmp(Directive
, "server") == 0) {
132 Param1
= strtok(NULL
, " \t\n");
133 if (NULL
== Param1
) {
134 syslog(LOG_ERR
, "ProcessLine: 'server' missing PDC parameter.");
137 Param2
= strtok(NULL
, " \t\n");
138 if (NULL
== Param2
) {
139 syslog(LOG_ERR
, "ProcessLine: 'server' missing BDC parameter.");
142 Param3
= strtok(NULL
, " \t\n");
143 if (NULL
== Param3
) {
144 syslog(LOG_ERR
, "ProcessLine: 'server' missing domain parameter.");
147 AddServer(Param1
, Param2
, Param3
);
150 /* Check for denyusers line */
151 if (strcmp(Directive
, "denyusers") == 0) {
152 Param1
= strtok(NULL
, " \t\n");
154 if (NULL
== Param1
) {
155 syslog(LOG_ERR
, "ProcessLine: A 'denyusers' line needs a filename parameter.");
158 memset(Denyuserpath
, '\0', MAXPATHLEN
);
159 strncpy(Denyuserpath
, Param1
, MAXPATHLEN
- 1);
162 /* Check for allowusers line */
163 if (strcmp(Directive
, "allowusers") == 0) {
164 Param1
= strtok(NULL
, " \t\n");
166 if (NULL
== Param1
) {
167 syslog(LOG_ERR
, "ProcessLine: An 'allowusers' line needs a filename parameter.");
170 memset(Allowuserpath
, '\0', MAXPATHLEN
);
171 strncpy(Allowuserpath
, Param1
, MAXPATHLEN
- 1);
174 /* Reports error for unknown line */
175 syslog(LOG_ERR
, "ProcessLine: Ignoring '%s' line.", Directive
);
179 * Adds a server to query to the server array.
180 * Checks if the server IP is resolvable.
181 * Checks if the number of servers to query is not exceeded.
182 * Does not allow parameters longer than NTHOSTLEN.
186 AddServer(char *ParamPDC
, char *ParamBDC
, char *ParamDomain
)
188 if (Serversqueried
== MAXSERVERS
) {
189 syslog(LOG_ERR
, "AddServer: Ignoring '%s' server line; "
190 "too many servers.", ParamPDC
);
193 if (gethostbyname(ParamPDC
) == NULL
) {
194 syslog(LOG_ERR
, "AddServer: Ignoring host '%s'. "
195 "Cannot resolve its address.", ParamPDC
);
198 if (gethostbyname(ParamBDC
) == NULL
) {
199 syslog(LOG_USER
| LOG_ERR
, "AddServer: Ignoring host '%s'. "
200 "Cannot resolve its address.", ParamBDC
);
203 /* NOTE: ServerArray is zeroed in OpenConfigFile() */
204 assert(Serversqueried
< MAXSERVERS
);
205 strncpy(ServerArray
[Serversqueried
].pdc
, ParamPDC
, NTHOSTLEN
- 1);
206 strncpy(ServerArray
[Serversqueried
].bdc
, ParamBDC
, NTHOSTLEN
- 1);
207 strncpy(ServerArray
[Serversqueried
].domain
, ParamDomain
, NTHOSTLEN
- 1);
212 * Cycles through all servers to query.
213 * Returns 0 if one server could authenticate the user.
214 * Returns 1 if no server authenticated the user.
218 QueryServers(char *username
, char *password
)
221 for (i
= 0; i
< Serversqueried
; ++i
) {
222 if (0 == QueryServerForUser(i
, username
, password
))
229 * Attempts to authenticate the user with one server.
230 * Logs syslog messages for different errors.
231 * Returns 0 on success, non-zero on failure.
234 /* Define for systems which don't support it, like Solaris */
236 #define LOG_AUTHPRIV LOG_AUTH
240 QueryServerForUser(int x
, char *username
, char *password
)
244 result
= Valid_User(username
, password
, ServerArray
[x
].pdc
,
245 ServerArray
[x
].bdc
, ServerArray
[x
].domain
);
247 switch (result
) { /* Write any helpful syslog messages */
251 syslog(LOG_AUTHPRIV
| LOG_INFO
, "Server error when checking %s.",
255 syslog(LOG_AUTHPRIV
| LOG_INFO
, "Protocol error when checking %s.",
259 syslog(LOG_AUTHPRIV
| LOG_INFO
, "Authentication failed for %s.",
267 /* Valid_User return codes -
269 * 0 - User authenticated successfully.
271 * 2 - Protocol error.
272 * 3 - Logon error; Incorrect password or username given.