Rip out most of the configuration file logic

diff --git a/helpers/basic_auth/MSNT/Makefile.am b/helpers/basic_auth/MSNT/Makefile.am
index c01522bdf162da9eb7111b0efc71f55a0cf4b2dd..63b41920ec8696990a9d2230fd4bb3dce22ac7af 100644 (file)
--- a/helpers/basic_auth/MSNT/Makefile.am
+++ b/helpers/basic_auth/MSNT/Makefile.am
@@ -12,13 +12,8 @@ MSNTAUTH_CONF = $(sysconfdir)/msntauth.conf
 libexec_PROGRAMS = basic_msnt_auth
 
 basic_msnt_auth_SOURCES = \
-       allowusers.cc \
-       confload.cc \
-       denyusers.cc \
        msntauth.cc \
        msntauth.h \
-       usersfile.cc \
-       usersfile.h \
        valid.cc \
        valid.h
 

diff --git a/helpers/basic_auth/MSNT/allowusers.cc b/helpers/basic_auth/MSNT/allowusers.cc
deleted file mode 100644 (file)
index d5963ec..0000000
--- a/helpers/basic_auth/MSNT/allowusers.cc
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/*
- * allowusers.c
- * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd
- * Released under GPL, see COPYING-2.0 for details.
- *
- * These routines are to allow users attempting to use the proxy which
- * have been explicitly allowed by the system administrator.
- * The code originated from denyusers.c.
- */
-
-#include "squid.h"
-#include "msntauth.h"
-#include "usersfile.h"
-
-#include <cstdlib>
-#include <cstring>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/param.h>
-
-static usersfile AllowUsers;
-static int init = 0;
-
-/* shared */
-char Allowuserpath[MAXPATHLEN];        /* MAXPATHLEN defined in param.h */
-
-int
-Read_allowusers(void)
-{
-    if (!init) {
-        memset(&AllowUsers, '\0', sizeof(AllowUsers));
-        init = 1;
-    }
-    if (*Allowuserpath)
-        return Read_usersfile(Allowuserpath, &AllowUsers);
-    else
-        return 0;
-}
-
-int
-Check_ifuserallowed(char *ConnectingUser)
-{
-    return Check_userlist(&AllowUsers, ConnectingUser);
-}
-
-void
-Check_forallowchange(void)
-{
-    Check_forfilechange(&AllowUsers);
-}

diff --git a/helpers/basic_auth/MSNT/msntauth.cc b/helpers/basic_auth/MSNT/msntauth.cc
index 9390fd340c6b627077a700afc4eaba9ed26a42cf..808f5a54bdd1443853e089590b6c23d3efb087c9 100644 (file)
--- a/helpers/basic_auth/MSNT/msntauth.cc
+++ b/helpers/basic_auth/MSNT/msntauth.cc
@@ -43,18 +43,34 @@
 
 #include <csignal>
 #include <cstring>
+#include <iostream>
+#include <string>
+#include <vector> //todo: turn into multimap
 #include <syslog.h>
 
 #include "msntauth.h"
+#include "valid.h"
 
 extern char version[];
-char msntauth_version[] = "Msntauth v2.0.3 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 26 Jun 2002";
+char msntauth_version[] = "Msntauth v2.0.3 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 2002-2014";
 
-/* Main program for simple authentication.
- * Reads the denied user file. Sets alarm timer.
- * Scans and checks for Squid input, and attempts to validate the user.
- */
+//todo: turn into a multimap
+struct domaincontroller {
+       std::string domain;
+       std::string server;
+};
+std::vector<domaincontroller> domaincontrollers;
 
+bool
+validate_user(char *username, char *password)
+{
+       for (domaincontroller dc : domaincontrollers) {
+               if (Valid_User(username, password, dc.server.c_str(), NULL, dc.domain.c_str()))
+                       return true;
+       }
+       return false;
+}
+// arguments: domain/server_name
 int
 main(int argc, char **argv)
 {
@@ -66,34 +82,25 @@ main(int argc, char **argv)
     openlog("msnt_auth", LOG_PID, LOG_USER);
     setbuf(stdout, NULL);
 
-    /* Read configuration file. Abort wildly if error. */
-    if (OpenConfigFile() == 1)
-        return 1;
-
-    /*
-     * Read denied and allowed user files.
-     * If they fails, there is a serious problem.
-     * Check syslog messages. Deny all users while in this state.
-     * The msntauth process should then be killed.
-     */
-    if ((Read_denyusers() == 1) || (Read_allowusers() == 1)) {
-        while (1) {
-            memset(wstr, '\0', sizeof(wstr));
-            if (fgets(wstr, 255, stdin) == NULL)
-                break;
-            puts("ERR");
-        }
-        return 1;
+    for (int j = 1; j < argc; ++j) {
+       std::string arg = argv[j];
+       size_t pos=arg.find('/');
+       if (arg.find('/',pos+1)) {
+               std::cerr << "Error: can't understand domain controller specification '"
+                               << arg << '"' << std::endl;
+               exit(1);
+       }
+       domaincontroller dc;
+       dc.domain = arg.substr(0,pos);
+       dc.server = arg.substr(pos+1);
+       if (dc.domain.length() == 0 || dc.server.length() == 0) {
+               std::cerr << "Error: invalid domain specification in '" << arg <<
+                               "'" << std::endl;
+               exit(1);
+       }
+       domaincontrollers.push_back(dc);
     }
 
-    /*
-     * Make Check_forchange() the handle for HUP signals.
-     * Don't use alarms any more. I don't think it was very
-     * portable between systems.
-     * XXX this should be sigaction()
-     */
-    signal(SIGHUP, Check_forchange);
-
     while (1) {
         int n;
         /* Read whole line from standard input. Terminate on break. */
@@ -114,7 +121,6 @@ main(int argc, char **argv)
 
         /*
          * extract username and password.
-         * XXX is sscanf() safe?
          */
         username[0] = '\0';
         password[0] = '\0';
@@ -128,21 +134,13 @@ main(int argc, char **argv)
             puts("ERR");
             continue;
         }
-        Checktimer();          /* Check if the user lists have changed */
 
         rfc1738_unescape(username);
         rfc1738_unescape(password);
 
-        /*
-         * Check if user is explicitly denied or allowed.
-         * If user passes both checks, they can be authenticated.
-         */
-        if (Check_user(username) == 1) {
-            syslog(LOG_INFO, "'%s' denied", username);
-            puts("ERR");
-        } else if (QueryServers(username, password) == 0)
+        if (validate_user(username, password)) {
             puts("OK");
-        else {
+        } else {
             syslog(LOG_INFO, "'%s' login failed", username);
             puts("ERR");
         }

diff --git a/helpers/basic_auth/MSNT/msntauth.h b/helpers/basic_auth/MSNT/msntauth.h
index b18f24428c30414e1e64bbdaf4d2e3d5a16367fd..d8b9fbcd5f94ee8f18faabf30e9af8937828ec07 100644 (file)
--- a/helpers/basic_auth/MSNT/msntauth.h
+++ b/helpers/basic_auth/MSNT/msntauth.h
@@ -9,15 +9,7 @@
 #ifndef _SQUID_HELPERS_BASIC_AUTH_MSNT_MSNTAUTH_H
 #define _SQUID_HELPERS_BASIC_AUTH_MSNT_MSNTAUTH_H
 
-extern int OpenConfigFile(void);
 extern int QueryServers(char *, char *);
-extern void Checktimer(void);
-extern "C" void Check_forchange(int);
-extern int Read_denyusers(void);
-extern int Read_allowusers(void);
-extern int Check_user(char *);
-extern int QueryServers(char *, char *);
-extern int Check_ifuserallowed(char *ConnectingUser);
 extern void Check_forallowchange(void);
 
 #endif /* _SQUID_HELPERS_BASIC_AUTH_MSNT_MSNTAUTH_H */

diff --git a/helpers/basic_auth/MSNT/valid.cc b/helpers/basic_auth/MSNT/valid.cc
index e5b124a9f773f32c5fd80fd2120b2a84f1f6bc10..775fca58cc95c2f41521c6d7e7dd306608861b40 100644 (file)
--- a/helpers/basic_auth/MSNT/valid.cc
+++ b/helpers/basic_auth/MSNT/valid.cc
@@ -19,11 +19,13 @@
 #include "smblib/smblib.h"
 #include "valid.h"
 
+
+//TODO: remove BACKUP
 int
-Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN)
+Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *BACKUP, const char *DOMAIN)
 {
     const char *supportedDialects[] = {"PC NETWORK PROGRAM 1.0",
-                                       "MICROSOFT NETWORKS 1.03",
+                                       "MICchecROSOFT NETWORKS 1.03",
                                        "MICROSOFT NETWORKS 3.0",
                                        "LANMAN1.0",
                                        "LM1.2X002",

diff --git a/helpers/basic_auth/MSNT/valid.h b/helpers/basic_auth/MSNT/valid.h
index 07539277d91b349dfcb5b6b759d4a95e77fe0948..40ca4820a5c87df879c26622e3f6cc3bfd9fb7a5 100644 (file)
--- a/helpers/basic_auth/MSNT/valid.h
+++ b/helpers/basic_auth/MSNT/valid.h
@@ -15,6 +15,6 @@
 #define NTV_PROTOCOL_ERROR 2
 #define NTV_LOGON_ERROR 3
 
-int Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN);
+int Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *BACKUP, const char *DOMAIN);
 
 #endif

diff --git a/helpers/basic_auth/SSPI/valid.cc b/helpers/basic_auth/SSPI/valid.cc
index a0650e1bd1227f13ef64710dd9f961f1c7ee95ab..40e58c2c3b7cfacc53e3db36d8ec91405cd04f31 100644 (file)
--- a/helpers/basic_auth/SSPI/valid.cc
+++ b/helpers/basic_auth/SSPI/valid.cc
@@ -123,66 +123,3 @@ Valid_Group(char *UserName, char *Group)
         NetApiBufferFree(pBuf);
     return result;
 }
-
-/* Valid_User return codes -
-   0 - User authenticated successfully.
-   1 - Server error.
-   2 - Group membership error.
-   3 - Logon error; Incorrect password or username given.
-*/
-
-int
-Valid_User(char *UserName, char *Password, char *Group)
-{
-    int result = NTV_SERVER_ERROR;
-    size_t i;
-    char NTDomain[256];
-    char *domain_qualify = NULL;
-    char DomainUser[256];
-    char User[256];
-
-    errormsg = NTV_SERVER_ERROR_MSG;
-    strncpy(NTDomain, UserName, sizeof(NTDomain));
-
-    for (i=0; i < strlen(NTV_VALID_DOMAIN_SEPARATOR); ++i) {
-        if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[i])) != NULL)
-            break;
-    }
-    if (domain_qualify == NULL) {
-        strcpy(User, NTDomain);
-        strcpy(NTDomain, Default_NTDomain);
-    } else {
-        strcpy(User, domain_qualify + 1);
-        domain_qualify[0] = '\0';
-    }
-    /* Log the client on to the local computer. */
-    if (!SSP_LogonUser(User, Password, NTDomain)) {
-        result = NTV_LOGON_ERROR;
-        errormsg = NTV_LOGON_ERROR_MSG;
-        debug("%s\n", errormsg);
-    } else {
-        result = NTV_NO_ERROR;
-        if (strcmp(NTDomain, NTV_DEFAULT_DOMAIN) == 0)
-            strcpy(DomainUser, User);
-        else {
-            strcpy(DomainUser, NTDomain);
-            strcat(DomainUser, "\\");
-            strcat(DomainUser, User);
-        }
-        if (UseAllowedGroup) {
-            if (!Valid_Group(DomainUser, NTAllowedGroup)) {
-                result = NTV_GROUP_ERROR;
-                errormsg = NTV_GROUP_ERROR_MSG;
-                debug("%s\n", errormsg);
-            }
-        }
-        if (UseDisallowedGroup) {
-            if (Valid_Group(DomainUser, NTDisAllowedGroup)) {
-                result = NTV_GROUP_ERROR;
-                errormsg = NTV_GROUP_ERROR_MSG;
-                debug("%s\n", errormsg);
-            }
-        }
-    }
-    return result;
-}

diff --git a/helpers/basic_auth/SSPI/valid.h b/helpers/basic_auth/SSPI/valid.h
index ea78c9fa0c191684169714276b855bb73f8ac68a..5ace2792defd3b39d0e578754d76eaaa6d86a9fd 100644 (file)
--- a/helpers/basic_auth/SSPI/valid.h
+++ b/helpers/basic_auth/SSPI/valid.h
@@ -91,6 +91,4 @@ debug(char *format,...)
 }
 #endif /* __GNUC__ */
 
-int Valid_User(char *,char *, char *);
-
 #endif

diff --git a/lib/smblib/smblib.c b/lib/smblib/smblib.c
index 7b0b84181f47740de832994e5f6439291d27813b..cb5b89bb3be2adea3458fbcc89f469c3bb24fa58 100644 (file)
--- a/lib/smblib/smblib.c
+++ b/lib/smblib/smblib.c
@@ -99,7 +99,7 @@ SMB_Handle_Type SMB_Create_Con_Handle()
 /* or anything else ...                                                  */
 
 SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type Con_Handle,
-                                   char *server, const char *NTdomain)
+                                   const char *server, const char *NTdomain)
 
 {
     SMB_Handle_Type con;

diff --git a/lib/smblib/smblib.h b/lib/smblib/smblib.h
index ccbd28225e7470a5cad9b8e1b159f8a112e0c57c..d4ce2b82531c9eaa96e3a72826b4bb20218b855d 100644 (file)
--- a/lib/smblib/smblib.h
+++ b/lib/smblib/smblib.h
@@ -50,7 +50,7 @@ extern "C" {
     /* Connect to a server, but do not do a tree con etc ... */
 
     SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type Con_Handle,
-                                       char *server,
+                                       const char *server,
                                        const char *NTdomain);
 
     /* Connect to a server and give us back a handle. If Con == NULL, create */