helpers/basic_auth/NCSA/basic_ncsa_auth.cc

   1 /*
   2  * ncsa_auth.c
   3  *
   4  * AUTHOR: Arjan de Vet <Arjan.deVet@adv.iae.nl>
   5  *
   6  * Example authentication program for Squid, based on the original
   7  * proxy_auth code from client_side.c, written by
   8  * Jon Thackray <jrmt@uk.gdscorp.com>.
   9  *
  10  * Uses a NCSA httpd style password file for authentication with the
  11  * following improvements suggested by various people:
  12  *
  13  * - comment lines are possible and should start with a '#';
  14  * - empty or blank lines are possible;
  15  * - extra fields in the password file are ignored; this makes it
  16  *   possible to use a Unix password file but I do not recommend that.
  17  *
  18  */
  19
  20 #include "config.h"
  21
  22 #if HAVE_STDIO_H
  23 #include <stdio.h>
  24 #endif
  25 #if HAVE_STDLIB_H
  26 #include <stdlib.h>
  27 #endif
  28 #if HAVE_UNISTD_H
  29 #include <unistd.h>
  30 #endif
  31 #if HAVE_STRING_H
  32 #include <string.h>
  33 #endif
  34 #if HAVE_SYS_TYPES_H
  35 #include <sys/types.h>
  36 #endif
  37 #if HAVE_SYS_STAT_H
  38 #include <sys/stat.h>
  39 #endif
  40 #if HAVE_CRYPT_H
  41 #include <crypt.h>
  42 #endif
  43
  44 #include "util.h"
  45 #include "hash.h"
  46 #include "crypt_md5.h"
  47
  48 static hash_table *hash = NULL;
  49 static HASHFREE my_free;
  50
  51 typedef struct _user_data {
  52     /* first two items must be same as hash_link */
  53     char *user;
  54     struct _user_data *next;
  55     char *passwd;
  56 } user_data;
  57
  58 static void
  59 my_free(void *p)
  60 {
  61     user_data *u = static_cast<user_data*>(p);
  62     xfree(u->user);
  63     xfree(u->passwd);
  64     xfree(u);
  65 }
  66
  67 static void
  68 read_passwd_file(const char *passwdfile)
  69 {
  70     FILE *f;
  71     char buf[8192];
  72     user_data *u;
  73     char *user;
  74     char *passwd;
  75     if (hash != NULL) {
  76         hashFreeItems(hash, my_free);
  77         hashFreeMemory(hash);
  78     }
  79     /* initial setup */
  80     hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
  81     if (NULL == hash) {
  82         fprintf(stderr, "ncsa_auth: cannot create hash table\n");
  83         exit(1);
  84     }
  85     f = fopen(passwdfile, "r");
  86     if (NULL == f) {
  87         fprintf(stderr, "%s: %s\n", passwdfile, xstrerror());
  88         exit(1);
  89     }
  90     while (fgets(buf, 8192, f) != NULL) {
  91         if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
  92                 (buf[0] == '\n'))
  93             continue;
  94         user = strtok(buf, ":\n\r");
  95         passwd = strtok(NULL, ":\n\r");
  96         if ((strlen(user) > 0) && passwd) {
  97             u = static_cast<user_data*>(xmalloc(sizeof(*u)));
  98             u->user = xstrdup(user);
  99             u->passwd = xstrdup(passwd);
 100             hash_join(hash, (hash_link *) u);
 101         }
 102     }
 103     fclose(f);
 104 }
 105
 106 int
 107 main(int argc, char **argv)
 108 {
 109     struct stat sb;
 110     time_t change_time = -1;
 111     char buf[256];
 112     char *user, *passwd, *p;
 113     user_data *u;
 114     setbuf(stdout, NULL);
 115     if (argc != 2) {
 116         fprintf(stderr, "Usage: ncsa_auth <passwordfile>\n");
 117         exit(1);
 118     }
 119     if (stat(argv[1], &sb) != 0) {
 120         fprintf(stderr, "cannot stat %s\n", argv[1]);
 121         exit(1);
 122     }
 123     while (fgets(buf, 256, stdin) != NULL) {
 124         if ((p = strchr(buf, '\n')) != NULL)
 125             *p = '\0';          /* strip \n */
 126         if (stat(argv[1], &sb) == 0) {
 127             if (sb.st_mtime != change_time) {
 128                 read_passwd_file(argv[1]);
 129                 change_time = sb.st_mtime;
 130             }
 131         }
 132         if ((user = strtok(buf, " ")) == NULL) {
 133             printf("ERR\n");
 134             continue;
 135         }
 136         if ((passwd = strtok(NULL, "")) == NULL) {
 137             printf("ERR\n");
 138             continue;
 139         }
 140         rfc1738_unescape(user);
 141         rfc1738_unescape(passwd);
 142         u = (user_data *) hash_lookup(hash, user);
 143         if (u == NULL) {
 144             printf("ERR No such user\n");
 145 #if HAVE_CRYPT
 146         } else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
 147             printf("OK\n");
 148 #endif
 149         } else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) {
 150             printf("OK\n");
 151         } else if (strcmp(u->passwd, (char *) md5sum(passwd)) == 0) {   /* md5 without salt and magic strings - Added by Ramon de Carvalho and Rodrigo Rubira Branco */
 152             printf("OK\n");
 153         } else {
 154             printf("ERR Wrong password\n");
 155         }
 156     }
 157     if (hash != NULL) {
 158         hashFreeItems(hash, my_free);
 159         hashFreeMemory(hash);
 160     }
 161     exit(0);
 162 }