helpers/basic_auth/NCSA/basic_ncsa_auth.cc

   1 /*
   2  * AUTHOR: Arjan de Vet <Arjan.deVet@adv.iae.nl>
   3  *
   4  * Example authentication program for Squid, based on the original
   5  * proxy_auth code from client_side.c, written by
   6  * Jon Thackray <jrmt@uk.gdscorp.com>.
   7  *
   8  * Uses a NCSA httpd style password file for authentication with the
   9  * following improvements suggested by various people:
  10  *
  11  * - comment lines are possible and should start with a '#';
  12  * - empty or blank lines are possible;
  13  * - extra fields in the password file are ignored; this makes it
  14  *   possible to use a Unix password file but I do not recommend that.
  15  *
  16  *  MD5 without salt and magic strings - Added by Ramon de Carvalho and Rodrigo Rubira Branco
  17  */
  18
  19 #include "squid.h"
  20 #include "crypt_md5.h"
  21 #include "hash.h"
  22 #include "helpers/defines.h"
  23 #include "rfc1738.h"
  24 #include "util.h"
  25
  26 #if HAVE_STDIO_H
  27 #include <stdio.h>
  28 #endif
  29 #if HAVE_UNISTD_H
  30 #include <unistd.h>
  31 #endif
  32 #if HAVE_STRING_H
  33 #include <string.h>
  34 #endif
  35 #if HAVE_SYS_STAT_H
  36 #include <sys/stat.h>
  37 #endif
  38 #if HAVE_CRYPT_H
  39 #include <crypt.h>
  40 #endif
  41 #if HAVE_ERRNO_H
  42 #include <errno.h>
  43 #endif
  44
  45 static hash_table *hash = NULL;
  46 static HASHFREE my_free;
  47
  48 typedef struct _user_data {
  49     /* first two items must be same as hash_link */
  50     char *user;
  51     struct _user_data *next;
  52     char *passwd;
  53 } user_data;
  54
  55 static void
  56 my_free(void *p)
  57 {
  58     user_data *u = static_cast<user_data*>(p);
  59     xfree(u->user);
  60     xfree(u->passwd);
  61     xfree(u);
  62 }
  63
  64 static void
  65 read_passwd_file(const char *passwdfile)
  66 {
  67     FILE *f;
  68     char buf[8192];
  69     user_data *u;
  70     char *user;
  71     char *passwd;
  72     if (hash != NULL) {
  73         hashFreeItems(hash, my_free);
  74         hashFreeMemory(hash);
  75     }
  76     /* initial setup */
  77     hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
  78     if (NULL == hash) {
  79         fprintf(stderr, "FATAL: Cannot create hash table\n");
  80         exit(1);
  81     }
  82     f = fopen(passwdfile, "r");
  83     if (NULL == f) {
  84         fprintf(stderr, "FATAL: %s: %s\n", passwdfile, xstrerror());
  85         exit(1);
  86     }
  87     while (fgets(buf, 8192, f) != NULL) {
  88         if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
  89                 (buf[0] == '\n'))
  90             continue;
  91         user = strtok(buf, ":\n\r");
  92         passwd = strtok(NULL, ":\n\r");
  93         if ((strlen(user) > 0) && passwd) {
  94             u = static_cast<user_data*>(xmalloc(sizeof(*u)));
  95             u->user = xstrdup(user);
  96             u->passwd = xstrdup(passwd);
  97             hash_join(hash, (hash_link *) u);
  98         }
  99     }
 100     fclose(f);
 101 }
 102
 103 int
 104 main(int argc, char **argv)
 105 {
 106     struct stat sb;
 107     time_t change_time = -1;
 108     char buf[HELPER_INPUT_BUFFER];
 109     char *user, *passwd, *p;
 110     user_data *u;
 111     setbuf(stdout, NULL);
 112     if (argc != 2) {
 113         fprintf(stderr, "Usage: ncsa_auth <passwordfile>\n");
 114         exit(1);
 115     }
 116     if (stat(argv[1], &sb) != 0) {
 117         fprintf(stderr, "FATAL: cannot stat %s\n", argv[1]);
 118         exit(1);
 119     }
 120     while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
 121         if ((p = strchr(buf, '\n')) != NULL)
 122             *p = '\0';          /* strip \n */
 123         if (stat(argv[1], &sb) == 0) {
 124             if (sb.st_mtime != change_time) {
 125                 read_passwd_file(argv[1]);
 126                 change_time = sb.st_mtime;
 127             }
 128         }
 129         if ((user = strtok(buf, " ")) == NULL) {
 130             SEND_ERR("");
 131             continue;
 132         }
 133         if ((passwd = strtok(NULL, "")) == NULL) {
 134             SEND_ERR("");
 135             continue;
 136         }
 137         rfc1738_unescape(user);
 138         rfc1738_unescape(passwd);
 139         u = (user_data *) hash_lookup(hash, user);
 140         if (u == NULL) {
 141             SEND_ERR("No such user");
 142 #if HAVE_CRYPT
 143         } else if (strlen(passwd) <= 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
 144             // Bug 3107: crypt() DES functionality silently truncates long passwords.
 145             SEND_OK("");
 146         } else if (strlen(passwd) > 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
 147             // Bug 3107: crypt() DES functionality silently truncates long passwords.
 148             SEND_ERR("Password too long. Only 8 characters accepted.");
 149 #endif
 150         } else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) {
 151             SEND_OK("");
 152         } else if (strcmp(u->passwd, (char *) md5sum(passwd)) == 0) {
 153             SEND_OK("");
 154         } else {
 155             SEND_ERR("Wrong password");
 156         }
 157     }
 158     if (hash != NULL) {
 159         hashFreeItems(hash, my_free);
 160         hashFreeMemory(hash);
 161     }
 162     exit(0);
 163 }