helpers/basic_auth/SSPI/basic_sspi_auth.cc

   1 /*
   2   NT_auth -  Version 2.0
   3
   4   Returns OK for a successful authentication, or ERR upon error.
   5
   6   Guido Serassio, Torino - Italy
   7
   8   Uses code from -
   9     Antonino Iannella 2000
  10     Andrew Tridgell 1997
  11     Richard Sharpe 1996
  12     Bill Welliver 1999
  13
  14  * Distributed freely under the terms of the GNU General Public License,
  15  * version 2. See the file COPYING for licensing details
  16  *
  17  * This program is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU General Public License for more details.
  21
  22  * You should have received a copy of the GNU General Public License
  23  * along with this program; if not, write to the Free Software
  24  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  25 */
  26
  27 #include "config.h"
  28 #include "helpers/defines.h"
  29 #include "util.h"
  30
  31 #if HAVE_STDIO_H
  32 #include <stdio.h>
  33 #endif
  34 #if GETOPT_H
  35 #include <getopt.h>
  36 #endif
  37
  38 /* Check if we try to compile on a Windows Platform */
  39 #if !_SQUID_WINDOWS_
  40 /* NON Windows Platform !!! */
  41 #error NON WINDOWS PLATFORM
  42 #endif
  43
  44 #include "valid.h"
  45
  46 static char NTGroup[256];
  47 char * NTAllowedGroup;
  48 char * NTDisAllowedGroup;
  49 int UseDisallowedGroup = 0;
  50 int UseAllowedGroup = 0;
  51 int debug_enabled = 0;
  52
  53 /*
  54  * options:
  55  * -A can specify a Windows Local Group name allowed to authenticate.
  56  * -D can specify a Windows Local Group name not allowed to authenticate.
  57  * -O can specify the default Domain against to authenticate.
  58  */
  59 char *my_program_name = NULL;
  60
  61 void
  62 usage()
  63 {
  64     fprintf(stderr, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
  65             "-A can specify a Windows Local Group name allowed to authenticate\n"
  66             "-D can specify a Windows Local Group name not allowed to authenticate\n"
  67             "-O can specify the default Domain against to authenticate\n"
  68             "-d enable debugging.\n"
  69             "-h this message\n\n",
  70             my_program_name);
  71 }
  72
  73 void
  74 process_options(int argc, char *argv[])
  75 {
  76     int opt;
  77     while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
  78         switch (opt) {
  79         case 'A':
  80             safe_free(NTAllowedGroup);
  81             NTAllowedGroup=xstrdup(optarg);
  82             UseAllowedGroup = 1;
  83             break;
  84         case 'D':
  85             safe_free(NTDisAllowedGroup);
  86             NTDisAllowedGroup=xstrdup(optarg);
  87             UseDisallowedGroup = 1;
  88             break;
  89         case 'O':
  90             strncpy(Default_NTDomain, optarg, DNLEN);
  91             break;
  92         case 'd':
  93             debug_enabled = 1;
  94             break;
  95         case 'h':
  96             usage(argv[0]);
  97             exit(0);
  98         case '?':
  99             opt = optopt;
 100             /* fall thru to default */
 101         default:
 102             fprintf(stderr, "FATAL: Unknown option: -%c\n", opt);
 103             usage();
 104             exit(1);
 105         }
 106     }
 107 }
 108
 109 /* Main program for simple authentication.
 110    Scans and checks for Squid input, and attempts to validate the user.
 111 */
 112 int
 113 main(int argc, char **argv)
 114 {
 115     char wstr[HELPER_INPUT_BUFFER];
 116     char username[256];
 117     char password[256];
 118     char *p;
 119     int err = 0;
 120
 121     my_program_name = argv[0];
 122     process_options(argc, argv);
 123
 124     if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) {
 125         fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n");
 126         exit(1);
 127     }
 128     debug("SSPI initialized OK\n");
 129
 130     atexit(UnloadSecurityDll);
 131
 132     /* initialize FDescs */
 133     setbuf(stdout, NULL);
 134     setbuf(stderr, NULL);
 135
 136     while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) {
 137
 138         if (NULL == strchr(wstr, '\n')) {
 139             err = 1;
 140             continue;
 141         }
 142         if (err) {
 143             SEND_ERR("Oversized message");
 144             err = 0;
 145             fflush(stdout);
 146             continue;
 147         }
 148
 149         if ((p = strchr(wstr, '\n')) != NULL)
 150             *p = '\0';          /* strip \n */
 151         if ((p = strchr(wstr, '\r')) != NULL)
 152             *p = '\0';          /* strip \r */
 153         /* Clear any current settings */
 154         username[0] = '\0';
 155         password[0] = '\0';
 156         sscanf(wstr, "%s %s", username, password);      /* Extract parameters */
 157
 158         debug("Got %s from Squid\n", wstr);
 159
 160         /* Check for invalid or blank entries */
 161         if ((username[0] == '\0') || (password[0] == '\0')) {
 162             SEND_ERR("Invalid Request");
 163             fflush(stdout);
 164             continue;
 165         }
 166         rfc1738_unescape(username);
 167         rfc1738_unescape(password);
 168
 169         debug("Trying to validate; %s %s\n", username, password);
 170
 171         if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
 172             SEND_OK("");
 173         else
 174             SEND_ERR(errormsg);
 175         err = 0;
 176         fflush(stdout);
 177     }
 178     return 0;
 179 }