on URL-escaped strings rather than quoted words..
#
# Makefile for the ip_user external_acl helper by Rodrigo Campos
#
-# $Id: Makefile.am,v 1.3 2003/01/23 00:36:01 robertc Exp $
+# $Id: Makefile.am,v 1.4 2004/08/14 22:54:52 hno Exp $
#
# Uncomment and customize the following to suit your needs:
#
# sysconf_DATA =
-LDADD = @XTRA_LIBS@
-
-INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_srcdir)/src/
+LDADD = -L$(top_builddir)/lib -lmiscutil @XTRA_LIBS@
+INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include
-/* $Id: main.c,v 1.3 2003/01/23 00:36:01 robertc Exp $
+/* $Id: main.c,v 1.4 2004/08/14 22:54:52 hno Exp $
* Copyright (C) 2002 Rodrigo Campos
*
* This program is free software; you can redistribute it and/or modify
#include "ip_user.h"
-
+#include "util.h"
void
usage (char *program_name)
current_entry = load_dict (FH);
while (fgets (line, sizeof (line), stdin)) {
- if ((cp = strchr (line, '\n')) != NULL) {
- *cp = '\0';
+ if ((cp = strchr (line, '\n')) == NULL) {
+ /* too large message received.. skip and deny */
+ fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], line);
+ while (fgets(line, sizeof(line), stdin)) {
+ fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], line);
+ if (strchr(line, '\n') != NULL)
+ break;
+ }
+ goto error;
}
- if ((cp = strtok (line, " \t")) != NULL) {
- address = cp;
- username = strtok (NULL, " \t");
- } else {
- fprintf (stderr, "helper: unable to read tokens\n");
- printf ("ERR\n");
- continue;
+ *cp = '\0';
+ address = strtok (line, " \t");
+ username = strtok (NULL, " \t");
+ if (!address || !username) {
+ fprintf (stderr, "%s: unable to read tokens\n", argv[0]);
+ goto error;
}
+ rfc1738_unescape(address);
+ rfc1738_unescape(username);
#ifdef DEBUG
printf ("result: %d\n",
dict_lookup (current_entry, username, address));
if ((dict_lookup (current_entry, username, address)) != 0) {
printf ("OK\n");
} else {
+error:
printf ("ERR\n");
}
-
-
}
+Version 2.15
+
+2004-08-15 Henrik Nordstrom <hno@squid-cache.org>
+ Helper format changed in Squid-3.0 to use URL escaped
+ strings. Simplifies things a bit and well known encoding.
+
+Version 2.14
+
+2004-03-02 Henrik Nordstrom <hno@squid-cache.org>
+ Added -d (debug) flag
+
+2004-02-09 Henrik Nordstrom <hno@squid-cache.org>
+ -E and -S options mismatch
+
+2004-01-08 Henrik Nordstrom <hno@squid-cache.org>
+ Increase buffer size when reading group lookups from Squid
+
Version 2.13
-2003-01-05 Henrik Nordstrom <hno@squid-cache.org>
+2004-01-05 Henrik Nordstrom <hno@squid-cache.org>
Corrected TLS mode (-Z)
Version 2.12
#
# Makefile for the Squid LDAP authentication helper
#
-# $Id: Makefile.am,v 1.4 2003/01/23 00:36:05 robertc Exp $
+# $Id: Makefile.am,v 1.5 2004/08/14 22:54:53 hno Exp $
#
# Uncomment and customize the following to suit your needs:
#
-libexec_PROGRAMS = squid_ldap_group
-man_MANS = squid_ldap_group.8
-EXTRA_DIST = squid_ldap_group.8
+libexec_PROGRAMS = squid_ldap_group
+man_MANS = squid_ldap_group.8
+EXTRA_DIST = squid_ldap_group.8
squid_ldap_group_SOURCES = squid_ldap_group.c
-LDADD = -lldap -llber $(XTRA_LIBS)
+LDADD = -L$(top_builddir)/lib -lmiscutil -lldap -llber @XTRA_LIBS@
+INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include
#include <sys/time.h>
#endif
+#include "util.h"
+
#define PROGRAM_NAME "squid_ldap_group"
/* Globals */
#endif
#endif
-static char *
-strwordtok(char *buf, char **t)
-{
- unsigned char *word = NULL;
- unsigned char *p = (unsigned char *) buf;
- unsigned char *d;
- unsigned char ch;
- int quoted = 0;
- if (!p)
- p = (unsigned char *) *t;
- if (!p)
- goto error;
- while (*p && isspace(*p))
- p++;
- if (!*p)
- goto error;
- word = d = p;
- while ((ch = *p)) {
- switch (ch) {
- case '\\':
- p++;
- *d++ = ch = *p;
- if (ch)
- p++;
- break;
- case '"':
- quoted = !quoted;
- p++;
- break;
- default:
- if (!quoted && isspace(*p)) {
- p++;
- goto done;
- }
- *d++ = *p++;
- break;
- }
- }
- done:
- *d++ = '\0';
- error:
- *t = (char *) p;
- return (char *) word;
-}
-
int
main(int argc, char **argv)
{
int port = LDAP_PORT;
int use_extension_dn = 0;
int strip_nt_domain = 0;
+ int err = 0;
setbuf(stdout, NULL);
exit(1);
}
while (fgets(buf, 256, stdin) != NULL) {
- char *tptr;
int found = 0;
- user = strwordtok(buf, &tptr);
- if (user && strip_nt_domain) {
+ if (!strchr(buf, '\n')) {
+ /* too large message received.. skip and deny */
+ fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf);
+ while (fgets(buf, sizeof(buf), stdin)) {
+ fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf);
+ if (strchr(buf, '\n') != NULL)
+ break;
+ }
+ goto error;
+ }
+ user = strtok(buf, " \n");
+ if (!user) {
+ fprintf(stderr, "%s: Invalid request\n", argv[0]);
+ goto error;
+ }
+ rfc1738_unescape(user);
+ if (strip_nt_domain) {
char *u = strchr(user, '\\');
if (!u)
u = strchr(user, '/');
if (u && u[1])
user = u + 1;
}
- if (use_extension_dn)
- extension_dn = strwordtok(NULL, &tptr);
+ if (use_extension_dn) {
+ extension_dn = strtok(NULL, " \n");
+ if (!extension_dn) {
+ fprintf(stderr, "%s: Invalid request\n", argv[0]);
+ goto error;
+ }
+ rfc1738_unescape(extension_dn);
+ }
- while (!found && user && (group = strwordtok(NULL, &tptr)) != NULL) {
+ while (!found && user && (group = strtok(NULL, " \n")) != NULL) {
+ rfc1738_unescape(group);
recover:
if (ld == NULL) {
}
if (found)
printf("OK\n");
- else
+ else {
+error:
printf("ERR\n");
+}
if (ld != NULL) {
if (!persistent || (squid_ldap_errno(ld) != LDAP_SUCCESS && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS)) {
tryagain = 1;
}
}
+ err = 0;
}
if (ld)
ldap_unbind(ld);
#
# Makefile for the Squid LDAP authentication helper
#
-# $Id: Makefile.am,v 1.3 2003/01/23 00:36:12 robertc Exp $
+# $Id: Makefile.am,v 1.4 2004/08/14 22:54:53 hno Exp $
#
# Uncomment and customize the following to suit your needs:
#
-libexec_PROGRAMS = squid_unix_group
-man_MANS = squid_unix_group.8
-EXTRA_DIST = squid_unix_group.8
+libexec_PROGRAMS = squid_unix_group
+man_MANS = squid_unix_group.8
+EXTRA_DIST = squid_unix_group.8
squid_unix_group_SOURCES = check_group.c
+
+LDADD = -L$(top_builddir)/lib -lmiscutil @XTRA_LIBS@
+INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include
/*
- * $Id: check_group.c,v 1.3 2003/01/23 00:36:13 robertc Exp $
+ * $Id: check_group.c,v 1.4 2004/08/14 22:54:53 hno Exp $
*
* This is a helper for the external ACL interface for Squid Cache
* Copyright (C) 2002 Rodrigo Albani de Campos (rodrigo@geekbunker.org)
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
*
* Change Log:
+ * Revision 1.7 2004/08/15 00:29:33 hno
+ * helper protocol changed to URL-escaped strings in Squid-3.0
+ *
* Revision 1.6 2002/08/12 15:48:32 hno
* imported strwordtok from Squid, added man page, some minor fixes
*
#include <pwd.h>
#include <ctype.h>
+#include "util.h"
#define BUFSIZE 8192 /* the stdin buffer size */
#define MAX_GROUP 10 /* maximum number of groups specified
* on the command line */
-
-/*
- * Library function to split external_acl messages into tokens
- * Copied from the Squid sources
- */
-static char *
-strwordtok(char *buf, char **t)
-{
- unsigned char *word = NULL;
- unsigned char *p = (unsigned char *) buf;
- unsigned char *d;
- unsigned char ch;
- int quoted = 0;
- if (!p)
- p = (unsigned char *) *t;
- if (!p)
- goto error;
- while (*p && isspace(*p))
- p++;
- if (!*p)
- goto error;
- word = d = p;
- while ((ch = *p)) {
- switch (ch) {
- case '\\':
- p++;
- *d++ = ch = *p;
- if (ch)
- p++;
- break;
- case '"':
- quoted = !quoted;
- p++;
- break;
- default:
- if (!quoted && isspace(*p)) {
- p++;
- goto done;
- }
- *d++ = *p++;
- break;
- }
- }
- done:
- *d++ = '\0';
- error:
- *t = (char *) p;
- return (char *) word;
-}
-
-
/*
* Verify if userĀ“s primary group matches groupname
* Returns 0 if user is not on the group
int
main(int argc, char *argv[])
{
- char *user, *p, *t;
+ char *user, *p;
char buf[BUFSIZE];
char *grents[MAX_GROUP];
int check_pw = 0, ch, i = 0, j = 0;
usage(argv[0]);
exit(1);
}
- while (fgets(buf, BUFSIZE, stdin)) {
+ while (fgets(buf, sizeof(buf), stdin)) {
j = 0;
- if ((p = strchr(buf, '\n')) != NULL) {
- *p = '\0';
- } else {
+ if ((p = strchr(buf, '\n')) == NULL) {
/* too large message received.. skip and deny */
fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf);
- while (fgets(buf, BUFSIZE, stdin)) {
+ while (fgets(buf, sizeof(buf), stdin)) {
fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf);
if (strchr(buf, '\n') != NULL)
break;
}
goto error;
}
- if ((p = strwordtok(buf, &t)) == NULL) {
+ *p = '\0';
+ if ((p = strtok(buf, " ")) == NULL) {
goto error;
} else {
user = p;
+ rfc1738_unescape(user);
/* check groups supplied by Squid */
- while ((p = strwordtok(NULL, &t)) != NULL) {
+ while ((p = strtok(NULL, " ")) != NULL) {
+ rfc1738_unescape(p);
if (check_pw == 1)
j += validate_user_pw(user, p);
# Jerry Murdock <jmurdock@itraktech.com>
#
# Version history:
+# 2004-08-15 Henrik Nordstrom <hno@squid-cache.org>
+# Helper protocol changed to URL escaped in Squid-3.0
# 2002-07-05 Jerry Murdock <jmurdock@itraktech.com>
# Initial release
#
-# external_acl uses shell style lines in it's protocol
-require 'shellwords.pl';
-
# Disable output buffering
$|=1;
while (<STDIN>) {
chop;
&debug ("Got $_ from squid");
- ($user, $group) = &shellwords;
+ ($user, $group) = split(/\s+/);
+ $user =~ s/%([0-9a-fA-F][0-9a-fA-F])/pack("c",hex($1))/eg;
+ $group =~ s/%([0-9a-fA-F][0-9a-fA-F])/pack("c",hex($1))/eg;
$ans = &check($user, $group);
&debug ("Sending $ans to squid");
print "$ans\n";
#
# Makefile for the wb_group external_acl helper
#
-# $Id: Makefile.am,v 1.6 2003/05/16 14:36:19 hno Exp $
+# $Id: Makefile.am,v 1.7 2004/08/14 22:54:53 hno Exp $
#
libexec_PROGRAMS = wb_group
wb_group_SOURCES = wb_check_group.c wb_common.c wbntlm.h wb_common.h
EXTRA_DIST = readme.txt
-INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_srcdir)/src -I@SAMBASOURCES@
-LDADD = -L$(top_builddir)/lib $(XTRA_LIBS)
+
+LDADD = -L$(top_builddir)/lib -lmiscutil @XTRA_LIBS@
+INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include -I@SAMBASOURCES@
*
* History:
*
+ * Version 1.21
+ * 15-08-2004 Henrik Nordstrom
+ * Helper protocol changed to use URL escaped strings in Squid-3.0
* Version 1.20
* 10-05-2003 Roberto Moreda
* Added support for domain-qualified group Microsoft notation
pid_t mypid;
static int use_case_insensitive_compare=0;
-static char *
-strwordtok(char *buf, char **t)
-{
- unsigned char *word = NULL;
- unsigned char *p = (unsigned char *) buf;
- unsigned char *d;
- unsigned char ch;
- int quoted = 0;
- if (!p)
- p = (unsigned char *) *t;
- if (!p)
- goto error;
- while (*p && isspace(*p))
- p++;
- if (!*p)
- goto error;
- word = d = p;
- while ((ch = *p)) {
- switch (ch) {
- case '\\':
- p++;
- *d++ = ch = *p;
- if (ch)
- p++;
- break;
- case '"':
- quoted = !quoted;
- p++;
- break;
- default:
- if (!quoted && isspace(*p)) {
- p++;
- goto done;
- }
- *d++ = *p++;
- break;
- }
- }
- done:
- *d++ = '\0';
- error:
- *t = (char *) p;
- return (char *) word;
-}
-
-
static int strCaseCmp (const char *s1, const char *s2)
{
while (*s1 && toupper (*s1) == toupper (*s2)) s1++, s2++;
int
main (int argc, char *argv[])
{
- char *p, *t;
+ char *p;
char buf[BUFSIZE];
char *username;
char *group;
- int err = 0;
const char *groups[512];
int n;
check_winbindd();
/* Main Loop */
- while (fgets (buf, BUFSIZE, stdin))
+ while (fgets (buf, sizeof(buf), stdin))
{
if (NULL == strchr(buf, '\n')) {
- err = 1;
- continue;
- }
- if (err) {
- warn("Oversized message\n");
+ /* too large message received.. skip and deny */
+ fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf);
+ while (fgets(buf, sizeof(buf), stdin)) {
+ fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf);
+ if (strchr(buf, '\n') != NULL)
+ break;
+ }
goto error;
}
goto error;
}
- username = strwordtok(buf, &t);
- for (n = 0; (group = strwordtok(NULL, &t)) != NULL; n++)
+ username = strtok(buf, " ");
+ for (n = 0; (group = strtok(NULL, " ")) != NULL; n++) {
+ rfc1738_unescape(group);
groups[n] = group;
+ }
groups[n] = NULL;
if (NULL == username) {
warn("Invalid Request\n");
goto error;
}
+ rfc1738_unescape(username);
if (Valid_Groups(username, groups)) {
printf ("OK\n");
error:
printf ("ERR\n");
}
- err = 0;
}
return 0;
}
projects / thirdparty / squid.git / commitdiff
