]>
git.ipfire.org Git - thirdparty/squid.git/blob - helpers/basic_auth/MSNT/confload.cc
e04365ed700bc5f9e80a2a167d4830079bbbfca7
4 * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd
5 * Released under GPL, see COPYING-2.0 for details.
7 * These routines load the msntauth configuration file.
8 * It stores the servers to query, sets the denied and
9 * allowed user files, and provides the
10 * authenticating function.
13 /* Squid provides a number of portability overrides */
21 #include <sys/param.h>
28 /* Path to configuration file */
30 #define SYSCONFDIR "/usr/local/squid/etc"
32 #define CONFIGFILE SYSCONFDIR "/msntauth.conf"
34 /* Maximum number of servers to query. This number can be increased. */
38 extern char Denyuserpath
[MAXPATHLEN
]; /* MAXPATHLEN defined in param.h */
39 extern char Allowuserpath
[MAXPATHLEN
];
41 typedef struct _ServerTuple
{
44 char domain
[NTHOSTLEN
];
47 ServerTuple ServerArray
[MAXSERVERS
]; /* Array of servers to query */
48 int Serversqueried
= 0; /* Number of servers queried */
52 static void ProcessLine(char *);
53 static void AddServer(char *, char *, char *);
54 static int QueryServerForUser(int, char *, char *);
57 * Opens and reads the configuration file.
58 * Returns 0 on success, or 1 for error.
65 char Confbuf
[2049]; /* Line reading buffer */
67 /* Initialise defaults */
70 memset(ServerArray
, '\0', sizeof(ServerArray
));
71 memset(Denyuserpath
, '\0', MAXPATHLEN
);
72 memset(Allowuserpath
, '\0', MAXPATHLEN
);
75 if ((ConfigFile
= fopen(CONFIGFILE
, "r")) == NULL
) {
76 syslog(LOG_ERR
, "OpenConfigFile: Failed to open %s.", CONFIGFILE
);
77 syslog(LOG_ERR
, "%s", strerror(errno
));
80 /* Read in, one line at a time */
81 while (!feof(ConfigFile
)) {
83 if (NULL
== fgets(Confbuf
, 2048, ConfigFile
))
90 * Check that at least one server is being queried. Report error if not.
91 * Denied and allowed user files are hardcoded, so it's fine if they're
92 * not set in the confugration file.
94 if (Serversqueried
== 0) {
95 syslog(LOG_ERR
, "OpenConfigFile: No servers set in %s. At least one is needed.", CONFIGFILE
);
102 /* Parses a configuration file line. */
105 ProcessLine(char *Linebuf
)
112 /* Ignore empty lines */
113 if (strlen(Linebuf
) == 0)
116 /* Break up on whitespaces */
117 if ((Directive
= strtok(Linebuf
, " \t\n")) == NULL
)
120 /* Check for a comment line. If found, stop . */
121 if (Directive
[0] == '#')
124 /* Check for server line. Check for 3 parameters. */
125 if (strcasecmp(Directive
, "server") == 0) {
126 Param1
= strtok(NULL
, " \t\n");
127 if (NULL
== Param1
) {
128 syslog(LOG_ERR
, "ProcessLine: 'server' missing PDC parameter.");
131 Param2
= strtok(NULL
, " \t\n");
132 if (NULL
== Param2
) {
133 syslog(LOG_ERR
, "ProcessLine: 'server' missing BDC parameter.");
136 Param3
= strtok(NULL
, " \t\n");
137 if (NULL
== Param3
) {
138 syslog(LOG_ERR
, "ProcessLine: 'server' missing domain parameter.");
141 AddServer(Param1
, Param2
, Param3
);
144 /* Check for denyusers line */
145 if (strcasecmp(Directive
, "denyusers") == 0) {
146 Param1
= strtok(NULL
, " \t\n");
148 if (NULL
== Param1
) {
149 syslog(LOG_ERR
, "ProcessLine: A 'denyusers' line needs a filename parameter.");
152 memset(Denyuserpath
, '\0', MAXPATHLEN
);
153 strncpy(Denyuserpath
, Param1
, MAXPATHLEN
- 1);
156 /* Check for allowusers line */
157 if (strcasecmp(Directive
, "allowusers") == 0) {
158 Param1
= strtok(NULL
, " \t\n");
160 if (NULL
== Param1
) {
161 syslog(LOG_ERR
, "ProcessLine: An 'allowusers' line needs a filename parameter.");
164 memset(Allowuserpath
, '\0', MAXPATHLEN
);
165 strncpy(Allowuserpath
, Param1
, MAXPATHLEN
- 1);
168 /* Reports error for unknown line */
169 syslog(LOG_ERR
, "ProcessLine: Ignoring '%s' line.", Directive
);
173 * Adds a server to query to the server array.
174 * Checks if the server IP is resolvable.
175 * Checks if the number of servers to query is not exceeded.
176 * Does not allow parameters longer than NTHOSTLEN.
180 AddServer(char *ParamPDC
, char *ParamBDC
, char *ParamDomain
)
182 if (Serversqueried
== MAXSERVERS
) {
183 syslog(LOG_ERR
, "AddServer: Ignoring '%s' server line; "
184 "too many servers.", ParamPDC
);
187 if (gethostbyname(ParamPDC
) == NULL
) {
188 syslog(LOG_ERR
, "AddServer: Ignoring host '%s'. "
189 "Cannot resolve its address.", ParamPDC
);
192 if (gethostbyname(ParamBDC
) == NULL
) {
193 syslog(LOG_USER
| LOG_ERR
, "AddServer: Ignoring host '%s'. "
194 "Cannot resolve its address.", ParamBDC
);
197 /* NOTE: ServerArray is zeroed in OpenConfigFile() */
198 assert(Serversqueried
< MAXSERVERS
);
199 strncpy(ServerArray
[Serversqueried
].pdc
, ParamPDC
, NTHOSTLEN
- 1);
200 strncpy(ServerArray
[Serversqueried
].bdc
, ParamBDC
, NTHOSTLEN
- 1);
201 strncpy(ServerArray
[Serversqueried
].domain
, ParamDomain
, NTHOSTLEN
- 1);
206 * Cycles through all servers to query.
207 * Returns 0 if one server could authenticate the user.
208 * Returns 1 if no server authenticated the user.
212 QueryServers(char *username
, char *password
)
215 for (i
= 0; i
< Serversqueried
; i
++) {
216 if (0 == QueryServerForUser(i
, username
, password
))
223 * Attempts to authenticate the user with one server.
224 * Logs syslog messages for different errors.
225 * Returns 0 on success, non-zero on failure.
228 /* Define for systems which don't support it, like Solaris */
230 #define LOG_AUTHPRIV LOG_AUTH
234 QueryServerForUser(int x
, char *username
, char *password
)
238 result
= Valid_User(username
, password
, ServerArray
[x
].pdc
,
239 ServerArray
[x
].bdc
, ServerArray
[x
].domain
);
241 switch (result
) { /* Write any helpful syslog messages */
245 syslog(LOG_AUTHPRIV
| LOG_INFO
, "Server error when checking %s.",
249 syslog(LOG_AUTHPRIV
| LOG_INFO
, "Protocol error when checking %s.",
253 syslog(LOG_AUTHPRIV
| LOG_INFO
, "Authentication failed for %s.",
261 /* Valid_User return codes -
263 * 0 - User authenticated successfully.
265 * 2 - Protocol error.
266 * 3 - Logon error; Incorrect password or username given.