]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/auth/basic/SSPI/basic_sspi_auth.cc
2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
12 Returns OK for a successful authentication, or ERR upon error.
14 Guido Serassio, Torino - Italy
17 Antonino Iannella 2000
22 * Distributed freely under the terms of the GNU General Public License,
23 * version 2 or later. See the file COPYING for licensing details
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
36 #include "auth/basic/SSPI/valid.h"
37 #include "helper/protocol_defines.h"
45 /* Check if we try to compile on a Windows Platform */
47 /* NON Windows Platform !!! */
48 #error NON WINDOWS PLATFORM
51 static char NTGroup
[256];
52 char * NTAllowedGroup
;
53 char * NTDisAllowedGroup
;
54 int UseDisallowedGroup
= 0;
55 int UseAllowedGroup
= 0;
56 int debug_enabled
= 0;
60 * -A can specify a Windows Local Group name allowed to authenticate.
61 * -D can specify a Windows Local Group name not allowed to authenticate.
62 * -O can specify the default Domain against to authenticate.
65 usage(const char *name
)
67 fprintf(stderr
, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
68 "-A can specify a Windows Local Group name allowed to authenticate\n"
69 "-D can specify a Windows Local Group name not allowed to authenticate\n"
70 "-O can specify the default Domain against to authenticate\n"
71 "-d enable debugging.\n"
72 "-h this message\n\n",
77 process_options(int argc
, char *argv
[])
80 while (-1 != (opt
= getopt(argc
, argv
, "dhA:D:O:"))) {
83 safe_free(NTAllowedGroup
);
84 NTAllowedGroup
=xstrdup(optarg
);
88 safe_free(NTDisAllowedGroup
);
89 NTDisAllowedGroup
=xstrdup(optarg
);
90 UseDisallowedGroup
= 1;
93 strncpy(Default_NTDomain
, optarg
, DNLEN
);
103 /* fall thru to default */
105 fprintf(stderr
, "FATAL: Unknown option: -%c\n", opt
);
112 /* Main program for simple authentication.
113 Scans and checks for Squid input, and attempts to validate the user.
116 main(int argc
, char **argv
)
118 char wstr
[HELPER_INPUT_BUFFER
];
124 process_options(argc
, argv
);
126 if (LoadSecurityDll(SSP_BASIC
, NTLM_PACKAGE_NAME
) == NULL
) {
127 fprintf(stderr
, "FATAL: can't initialize SSPI, exiting.\n");
130 debug("SSPI initialized OK\n");
132 atexit(UnloadSecurityDll
);
134 /* initialize FDescs */
135 setbuf(stdout
, NULL
);
136 setbuf(stderr
, NULL
);
138 while (fgets(wstr
, HELPER_INPUT_BUFFER
, stdin
) != NULL
) {
140 if (NULL
== strchr(wstr
, '\n')) {
145 SEND_ERR("Oversized message");
151 if ((p
= strchr(wstr
, '\n')) != NULL
)
152 *p
= '\0'; /* strip \n */
153 if ((p
= strchr(wstr
, '\r')) != NULL
)
154 *p
= '\0'; /* strip \r */
155 /* Clear any current settings */
158 sscanf(wstr
, "%s %s", username
, password
); /* Extract parameters */
160 debug("Got %s from Squid\n", wstr
);
162 /* Check for invalid or blank entries */
163 if ((username
[0] == '\0') || (password
[0] == '\0')) {
164 SEND_ERR("Invalid Request");
168 rfc1738_unescape(username
);
169 rfc1738_unescape(password
);
171 debug("Trying to validate; %s %s\n", username
, password
);
173 if (Valid_User(username
, password
, NTGroup
) == NTV_NO_ERROR
)