]> git.ipfire.org Git - thirdparty/squid.git/blob - helpers/ntlm_auth/fake/ntlm_fake_auth.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge form trunk
[thirdparty/squid.git] / helpers / ntlm_auth / fake / ntlm_fake_auth.cc
1 /*
2 * $Id$
3 *
4 * AUTHOR: Andrew Doran <ad@interlude.eu.org>
5 * AUTHOR: Robert Collins <rbtcollins@hotmail.com>
6 * AUTHOR: Guido Serassio: <guido.serassio@acmeconsulting.it>
7 *
8 * SQUID Web Proxy Cache http://www.squid-cache.org/
9 * ----------------------------------------------------------
10 *
11 * Squid is the result of efforts by numerous individuals from
12 * the Internet community; see the CONTRIBUTORS file for full
13 * details. Many organizations have provided support for Squid's
14 * development; see the SPONSORS file for full details. Squid is
15 * Copyrighted (C) 2001 by the Regents of the University of
16 * California; see the COPYRIGHT file for full details. Squid
17 * incorporates software developed and/or copyrighted by other
18 * sources; see the CREDITS file for full details.
19 *
20 * This program is free software; you can redistribute it and/or modify
21 * it under the terms of the GNU General Public License as published by
22 * the Free Software Foundation; either version 2 of the License, or
23 * (at your option) any later version.
24 *
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
29 *
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
33 *
34 */
35 /*
36 * Example ntlm authentication program for Squid, based on the
37 * original proxy_auth code from client_side.c, written by
38 * Jon Thackray <jrmt@uk.gdscorp.com>. Initial ntlm code by
39 * Andrew Doran <ad@interlude.eu.org>.
40 *
41 * This code gets the username and returns it. No validation is done.
42 * and by the way: it is a complete patch-up. Use the "real thing" NTLMSSP
43 * if you can.
44 *
45 * Revised by Guido Serassio: <guido.serassio@acmeconsulting.it>
46 *
47 * - Added negotiation of UNICODE char support
48 * - More detailed debugging info
49 *
50 */
51
52 /* undefine this to have strict protocol adherence. You don't really need
53 * that though */
54 #define IGNORANCE_IS_BLISS
55
56 #include "config.h"
57 #include "base64.h"
58 #include "helpers/defines.h"
59 #include "ntlmauth/ntlmauth.h"
60 #include "ntlmauth/support_bits.cci"
61 //#include "util.h"
62
63 #if HAVE_CTYPE_H
64 #include <ctype.h>
65 #endif
66 #if HAVE_STRING_H
67 #include <string.h>
68 #endif
69 #if HAVE_CRYPT_H
70 #include <crypt.h>
71 #endif
72 #if HAVE_PWD_H
73 #include <pwd.h>
74 #endif
75 #if HAVE_GETOPT_H
76 #include <getopt.h>
77 #endif
78
79 /* A couple of harmless helper macros */
80 #define SEND(X) debug("sending '%s' to squid\n",X); printf(X "\n");
81 #ifdef __GNUC__
82 #define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
83 #define SEND4(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
84 #else
85 /* no gcc, no debugging. varargs macros are a gcc extension */
86 #define SEND2(X,Y) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
87 #define SEND4(X,Y,Z,W) debug("sending '" X "' to squid\n",Y,Z); printf(X "\n",Y,Z);
88 #endif
89
90 const char *authenticate_ntlm_domain = "WORKGROUP";
91 int strip_domain_enabled = 0;
92 int NTLM_packet_debug_enabled = 0;
93
94 /*
95 * options:
96 * -d enable debugging.
97 * -v enable verbose NTLM packet debugging.
98 * -l if specified, changes behavior on failures to last-ditch.
99 */
100 char *my_program_name = NULL;
101
102 static void
103 usage(void)
104 {
105 fprintf(stderr,
106 "Usage: %s [-d] [-v] [-h]\n"
107 " -d enable debugging.\n"
108 " -S strip domain from username.\n"
109 " -v enable verbose NTLM packet debugging.\n"
110 " -h this message\n\n",
111 my_program_name);
112 }
113
114 static void
115 process_options(int argc, char *argv[])
116 {
117 int opt, had_error = 0;
118
119 opterr = 0;
120 while (-1 != (opt = getopt(argc, argv, "hdvS"))) {
121 switch (opt) {
122 case 'd':
123 debug_enabled = 1;
124 break;
125 case 'v':
126 debug_enabled = 1;
127 NTLM_packet_debug_enabled = 1;
128 break;
129 case 'S':
130 strip_domain_enabled = 1;
131 break;
132 case 'h':
133 usage();
134 exit(0);
135 case '?':
136 opt = optopt;
137 /* fall thru to default */
138 default:
139 fprintf(stderr, "unknown option: -%c. Exiting\n", opt);
140 usage();
141 had_error = 1;
142 }
143 }
144 if (had_error)
145 exit(1);
146 }
147
148 int
149 main(int argc, char *argv[])
150 {
151 char buf[HELPER_INPUT_BUFFER];
152 int buflen = 0;
153 char user[NTLM_MAX_FIELD_LENGTH], domain[NTLM_MAX_FIELD_LENGTH];
154 char *p;
155 ntlmhdr *packet = NULL;
156 char helper_command[3];
157 int len;
158 char *data = NULL;
159
160 setbuf(stdout, NULL);
161 setbuf(stderr, NULL);
162
163 my_program_name = argv[0];
164
165 process_options(argc, argv);
166
167 debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
168
169 while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
170 user[0] = '\0'; /*no user code */
171 domain[0] = '\0'; /*no domain code */
172
173 if ((p = strchr(buf, '\n')) != NULL)
174 *p = '\0'; /* strip \n */
175 buflen = strlen(buf); /* keep this so we only scan the buffer for \0 once per loop */
176 if (buflen > 3)
177 packet = (ntlmhdr*)base64_decode(buf + 3);
178 if (buflen > 3 && NTLM_packet_debug_enabled) {
179 strncpy(helper_command, buf, 2);
180 helper_command[2] = '\0';
181 debug("Got '%s' from Squid with data:\n", helper_command);
182 hex_dump((unsigned char*)packet, ((buflen - 3) * 3) / 4);
183 } else
184 debug("Got '%s' from Squid\n", buf);
185
186 if (strncasecmp(buf, "YR", 2) == 0) {
187 char nonce[NTLM_NONCE_LEN];
188 ntlm_challenge chal;
189 ntlm_make_nonce(nonce);
190 if (buflen > 3) {
191 ntlm_negotiate *nego = (ntlm_negotiate *)packet;
192 ntlm_make_challenge(&chal, authenticate_ntlm_domain, NULL, nonce, NTLM_NONCE_LEN, nego->flags);
193 } else {
194 ntlm_make_challenge(&chal, authenticate_ntlm_domain, NULL, nonce, NTLM_NONCE_LEN, NTLM_NEGOTIATE_ASCII);
195 }
196 // TODO: find out what this context means, and why only the fake auth helper contains it.
197 chal.context_high = htole32(0x003a<<16);
198
199 len = sizeof(chal) - sizeof(chal.payload) + le16toh(chal.target.maxlen);
200 data = (char *) base64_encode_bin((char *) &chal, len);
201 if (NTLM_packet_debug_enabled) {
202 printf("TT %s\n", data);
203 debug("sending 'TT' to squid with data:\n");
204 hex_dump((unsigned char *)&chal, len);
205 } else
206 SEND2("TT %s", data);
207 } else if (strncasecmp(buf, "KK ", 3) == 0) {
208 if (!packet) {
209 SEND("BH received KK with no data! user=");
210 } else if (ntlm_validate_packet(packet, NTLM_AUTHENTICATE) == NTLM_ERR_NONE) {
211 if (ntlm_unpack_auth((ntlm_authenticate *)packet, user, domain, (buflen-3)) == NTLM_ERR_NONE) {
212 lc(user);
213 lc(domain);
214 if (strip_domain_enabled) {
215 SEND2("AF %s", user);
216 } else {
217 SEND4("AF %s%s%s", domain, (*domain?"\\":""), user);
218 }
219 } else {
220 lc(user);
221 lc(domain);
222 SEND4("NA invalid credentials, user=%s%s%s", domain, (*domain?"\\":""), user);
223 }
224 } else {
225 SEND("BH wrong packet type! user=");
226 }
227 }
228 }
229 exit(0);
230 }
Mirror of https://github.com/squid-cache/squid.git