]> git.ipfire.org Git - thirdparty/squid.git/blob - helpers/ntlm_auth/fake/ntlm_fake_auth.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix fake NTLM auth symbol clash on ERR/OK macros
[thirdparty/squid.git] / helpers / ntlm_auth / fake / ntlm_fake_auth.cc
1 /*
2 * $Id$
3 *
4 * AUTHOR: Andrew Doran <ad@interlude.eu.org>
5 * AUTHOR: Robert Collins <rbtcollins@hotmail.com>
6 * AUTHOR: Guido Serassio: <guido.serassio@acmeconsulting.it>
7 *
8 * SQUID Web Proxy Cache http://www.squid-cache.org/
9 * ----------------------------------------------------------
10 *
11 * Squid is the result of efforts by numerous individuals from
12 * the Internet community; see the CONTRIBUTORS file for full
13 * details. Many organizations have provided support for Squid's
14 * development; see the SPONSORS file for full details. Squid is
15 * Copyrighted (C) 2001 by the Regents of the University of
16 * California; see the COPYRIGHT file for full details. Squid
17 * incorporates software developed and/or copyrighted by other
18 * sources; see the CREDITS file for full details.
19 *
20 * This program is free software; you can redistribute it and/or modify
21 * it under the terms of the GNU General Public License as published by
22 * the Free Software Foundation; either version 2 of the License, or
23 * (at your option) any later version.
24 *
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
29 *
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
33 *
34 */
35 /*
36 * Example ntlm authentication program for Squid, based on the
37 * original proxy_auth code from client_side.c, written by
38 * Jon Thackray <jrmt@uk.gdscorp.com>. Initial ntlm code by
39 * Andrew Doran <ad@interlude.eu.org>.
40 *
41 * This code gets the username and returns it. No validation is done.
42 * and by the way: it is a complete patch-up. Use the "real thing" NTLMSSP
43 * if you can.
44 *
45 * Revised by Guido Serassio: <guido.serassio@acmeconsulting.it>
46 *
47 * - Added negotiation of UNICODE char support
48 * - More detailed debugging info
49 *
50 */
51
52 /* undefine this to have strict protocol adherence. You don't really need
53 * that though */
54 #define IGNORANCE_IS_BLISS
55
56 #include "config.h"
57 #include "helpers/defines.h"
58 #include "libntlmauth/ntlmauth.h"
59 #include "libntlmauth/support_bits.cci"
60 #include "util.h"
61
62 #if HAVE_CTYPE_H
63 #include <ctype.h>
64 #endif
65 #if HAVE_STRING_H
66 #include <string.h>
67 #endif
68 #if HAVE_CRYPT_H
69 #include <crypt.h>
70 #endif
71 #if HAVE_PWD_H
72 #include <pwd.h>
73 #endif
74 #if HAVE_GETOPT_H
75 #include <getopt.h>
76 #endif
77
78 /* A couple of harmless helper macros */
79 #define SEND(X) debug("sending '%s' to squid\n",X); printf(X "\n");
80 #ifdef __GNUC__
81 #define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
82 #define SEND3(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
83 #else
84 /* no gcc, no debugging. varargs macros are a gcc extension */
85 #define SEND2(X,Y) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
86 #define SEND3(X,Y,Z) debug("sending '" X "' to squid\n",Y,Z); printf(X "\n",Y,Z);
87 #endif
88
89 const char *authenticate_ntlm_domain = "WORKGROUP";
90 int strip_domain_enabled = 0;
91 int NTLM_packet_debug_enabled = 0;
92
93 /*
94 * options:
95 * -d enable debugging.
96 * -v enable verbose NTLM packet debugging.
97 * -l if specified, changes behavior on failures to last-ditch.
98 */
99 char *my_program_name = NULL;
100
101 static void
102 usage(void)
103 {
104 fprintf(stderr,
105 "Usage: %s [-d] [-v] [-h]\n"
106 " -d enable debugging.\n"
107 " -S strip domain from username.\n"
108 " -v enable verbose NTLM packet debugging.\n"
109 " -h this message\n\n",
110 my_program_name);
111 }
112
113 static void
114 process_options(int argc, char *argv[])
115 {
116 int opt, had_error = 0;
117
118 opterr = 0;
119 while (-1 != (opt = getopt(argc, argv, "hdvS"))) {
120 switch (opt) {
121 case 'd':
122 debug_enabled = 1;
123 break;
124 case 'v':
125 debug_enabled = 1;
126 NTLM_packet_debug_enabled = 1;
127 break;
128 case 'S':
129 strip_domain_enabled = 1;
130 break;
131 case 'h':
132 usage();
133 exit(0);
134 case '?':
135 opt = optopt;
136 /* fall thru to default */
137 default:
138 fprintf(stderr, "unknown option: -%c. Exiting\n", opt);
139 usage();
140 had_error = 1;
141 }
142 }
143 if (had_error)
144 exit(1);
145 }
146
147 int
148 main(int argc, char *argv[])
149 {
150 char buf[HELEPR_INPUT_BUFFER];
151 int buflen = 0;
152 char user[NTLM_MAX_FIELD_LENGTH], domain[NTLM_MAX_FIELD_LENGTH];
153 char *p;
154 ntlmhdr *packet = NULL;
155 char helper_command[3];
156 int len;
157 char *data = NULL;
158
159 setbuf(stdout, NULL);
160 setbuf(stderr, NULL);
161
162 my_program_name = argv[0];
163
164 process_options(argc, argv);
165
166 debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
167
168 while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
169 user[0] = '\0'; /*no user code */
170 domain[0] = '\0'; /*no domain code */
171
172 if ((p = strchr(buf, '\n')) != NULL)
173 *p = '\0'; /* strip \n */
174 buflen = strlen(buf); /* keep this so we only scan the buffer for \0 once per loop */
175 if (buflen > 3)
176 packet = (ntlmhdr*)base64_decode(buf + 3);
177 if (buflen > 3 && NTLM_packet_debug_enabled) {
178 strncpy(helper_command, buf, 2);
179 helper_command[2] = '\0';
180 debug("Got '%s' from Squid with data:\n", helper_command);
181 hex_dump((unsigned char*)packet, ((buflen - 3) * 3) / 4);
182 } else
183 debug("Got '%s' from Squid\n", buf);
184
185 if (strncasecmp(buf, "YR", 2) == 0) {
186 char nonce[NTLM_NONCE_LEN];
187 ntlm_challenge chal;
188 ntlm_make_nonce(nonce);
189 if (buflen > 3) {
190 ntlm_negotiate *nego = (ntlm_negotiate *)packet;
191 ntlm_make_challenge(&chal, authenticate_ntlm_domain, NULL, nonce, NTLM_NONCE_LEN, nego->flags);
192 } else {
193 ntlm_make_challenge(&chal, authenticate_ntlm_domain, NULL, nonce, NTLM_NONCE_LEN, NTLM_NEGOTIATE_ASCII);
194 }
195 // TODO: find out what this context means, and why only the fake auth helper contains it.
196 chal.context_high = htole32(0x003a<<16);
197
198 len = sizeof(chal) - sizeof(chal.payload) + le16toh(chal.target.maxlen);
199 data = (char *) base64_encode_bin((char *) &chal, len);
200 if (NTLM_packet_debug_enabled) {
201 printf("TT %s\n", data);
202 debug("sending 'TT' to squid with data:\n");
203 hex_dump((unsigned char *)&chal, len);
204 } else
205 SEND2("TT %s", data);
206 } else if (strncasecmp(buf, "KK ", 3) == 0) {
207 if (!packet) {
208 SEND("BH received KK with no data! user=");
209 } else if (ntlm_validate_packet(packet, NTLM_AUTHENTICATE) == NTLM_ERR_NONE) {
210 if (ntlm_unpack_auth((ntlm_authenticate *)packet, user, domain, (buflen-3)) == NTLM_ERR_NONE) {
211 lc(user);
212 lc(domain);
213 if (strip_domain_enabled) {
214 SEND2("AF %s", user);
215 } else {
216 SEND3("AF %s%s%s", domain, (*domain?"\\":""), user);
217 }
218 } else {
219 lc(user);
220 lc(domain);
221 SEND3("NA invalid credentials, user=%s%s%s", domain, (*domain?"\\":""), user);
222 }
223 } else {
224 SEND("BH wrong packet type! user=");
225 }
226 }
227 }
228 exit(0);
229 }
Mirror of https://github.com/squid-cache/squid.git