]>
git.ipfire.org Git - thirdparty/squid.git/blob - helpers/external_acl/unix_group/check_group.cc
4 * This is a helper for the external ACL interface for Squid Cache
5 * Copyright (C) 2002 Rodrigo Albani de Campos (rodrigo@geekbunker.org)
7 * It reads STDIN looking for a username that matches a specified group
8 * Returns `OK' if the user belongs to the group or `ERR' otherwise, as
9 * described on http://devel.squid-cache.org/external_acl/config.html
10 * To compile this program, use:
12 * gcc -o check_group check_group.c
14 * Author: Rodrigo Albani de Campos
15 * E-Mail: rodrigo@geekbunker.org
17 * This program is free software; you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, write to the Free Software
29 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
33 * Removed group number limitation and fixed related uninitialized
34 * pointer reference (Bug #2813)
36 * Revision 1.7 2004/08/15 00:29:33 hno
37 * helper protocol changed to URL-escaped strings in Squid-3.0
39 * Revision 1.6 2002/08/12 15:48:32 hno
40 * imported strwordtok from Squid, added man page, some minor fixes
42 * Revision 1.5 2002/07/27 14:26:49 rcampos
43 * allow groups to be sent on stdin
45 * Revision 1.4 2002/04/17 01:58:48 camposr
46 * minor corrections in the getopt
48 * Revision 1.3 2002/04/17 01:43:17 camposr
51 * Revision 1.2 2002/04/17 01:32:16 camposr
52 * all main routines ready
54 * Revision 1.1 2002/04/16 05:02:32 camposr
59 #include "helpers/defines.h"
83 * Verify if user's primary group matches groupname
84 * Returns 0 if user is not on the group
88 validate_user_pw(char *username
, char *groupname
)
93 if ((p
= getpwnam(username
)) == NULL
) {
94 /* Returns an error if user does not exist in the /etc/passwd */
95 fprintf(stderr
, "ERROR: User does not exist '%s'\n", username
);
98 /* Verify if the this is the primary user group */
99 if ((g
= getgrgid(p
->pw_gid
)) != NULL
) {
100 if ((strcmp(groupname
, g
->gr_name
)) == 0)
109 validate_user_gr(char *username
, char *groupname
)
112 * Verify if the user belongs to groupname as listed in the
117 if ((g
= getgrnam(groupname
)) == NULL
) {
118 fprintf(stderr
, "ERROR: Group does not exist '%s'\n", groupname
);
121 while (*(g
->gr_mem
) != NULL
) {
122 if (strcmp(*((g
->gr_mem
)++), username
) == 0) {
133 fprintf(stderr
, "Usage: %s -g group1 [-g group2 ...] [-p] [-s]\n\n",
135 fprintf(stderr
, "-g group\n");
137 " The group name or id that the user must belong in order to\n");
139 " be allowed to authenticate.\n");
141 "-p Verify primary user group as well\n");
143 "-s Strip NT domain from usernames\n");
148 main(int argc
, char *argv
[])
150 char *user
, *suser
, *p
;
151 char buf
[HELPER_INPUT_BUFFER
];
152 char **grents
= NULL
;
153 int check_pw
= 0, ch
, ngroups
= 0, i
, j
= 0, strip_dm
= 0;
155 /* make standard output line buffered */
156 setvbuf(stdout
, NULL
, _IOLBF
, 0);
158 /* get user options */
159 while ((ch
= getopt(argc
, argv
, "dspg:")) != -1) {
171 grents
= (char**)realloc(grents
, sizeof(*grents
) * (ngroups
+1));
172 grents
[ngroups
] = optarg
;
176 if (xisprint(optopt
)) {
177 fprintf(stderr
, "Unknown option '-%c'.\n", optopt
);
179 fprintf(stderr
, "Unknown option character `\\x%x'.\n", optopt
);
188 fprintf(stderr
, "FATAL: Unknown option '%s'\n", argv
[optind
]);
192 while (fgets(buf
, HELPER_INPUT_BUFFER
, stdin
)) {
194 if ((p
= strchr(buf
, '\n')) == NULL
) {
195 /* too large message received.. skip and deny */
196 fprintf(stderr
, "ERROR: %s: Too large: %s\n", argv
[0], buf
);
197 while (fgets(buf
, sizeof(buf
), stdin
)) {
198 fprintf(stderr
, "ERROR: %s: Too large..: %s\n", argv
[0], buf
);
199 if (strchr(buf
, '\n') != NULL
)
202 SEND_ERR("Username Input too large.");
206 if ((p
= strtok(buf
, " ")) == NULL
) {
207 SEND_ERR("No username given.");
211 rfc1738_unescape(user
);
212 if (user
&& strip_dm
) {
213 suser
= strchr(user
, '\\');
214 if (!suser
) suser
= strchr(user
, '/');
215 if (suser
&& suser
[1]) user
= suser
+ 1;
217 /* check groups supplied by Squid */
218 while ((p
= strtok(NULL
, " ")) != NULL
) {
221 j
+= validate_user_pw(user
, p
);
222 j
+= validate_user_gr(user
, p
);
226 /* check groups supplied on the command line */
227 for (i
= 0; i
< ngroups
; ++i
) {
229 j
+= validate_user_pw(user
, grents
[i
]);
231 j
+= validate_user_gr(user
, grents
[i
]);