include $(top_srcdir)/src/Common.am
-MSNTAUTH_CONF = $(sysconfdir)/msntauth.conf
-
libexec_PROGRAMS = basic_msnt_auth
basic_msnt_auth_SOURCES = \
valid.h
EXTRA_DIST = \
- msntauth.conf.default \
msntauth-v2.0.lsm \
README.html \
required.m4
-sysconf_DATA = \
- msntauth.conf.default
-
-CFLAGS += -DSYSCONFDIR=\"$(sysconfdir)\"
-CXXFLAGS += -DSYSCONFDIR=\"$(sysconfdir)\"
LDADD = \
$(top_builddir)/lib/smblib/libsmblib.la \
$(top_builddir)/lib/rfcnb/librfcnb.la \
## we need our local files too (but avoid -I. at all costs)
AM_CPPFLAGS += -I$(srcdir) -I$(top_srcdir)/lib
-
-
-install-data-local: msntauth.conf.default
- @if test -f $(DESTDIR)$(MSNTAUTH_CONF) ; then \
- echo "$@ will not overwrite existing $(DESTDIR)$(MSNTAUTH_CONF)" ; \
- else \
- echo "$(INSTALL_DATA) $(srcdir)/msntauth.conf.default $(DESTDIR)$(MSNTAUTH_CONF)" ; \
- $(INSTALL_DATA) $(srcdir)/msntauth.conf.default $(DESTDIR)$(MSNTAUTH_CONF) ; \
- fi
-
-uninstall-local:
- @$(SHELL) $(top_srcdir)/scripts/remove-cfg.sh "$(RM)" $(DESTDIR)$(MSNTAUTH_CONF)
- $(RM) -f $(DESTDIR)$(MSNTAUTH_CONF).default
-
+++ /dev/null
-/*
- * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/*
- * confload.c
- * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd
- * Released under GPL, see COPYING-2.0 for details.
- *
- * These routines load the msntauth configuration file.
- * It stores the servers to query, sets the denied and
- * allowed user files, and provides the
- * authenticating function.
- */
-
-/* Squid provides a number of portability overrides */
-#include "squid.h"
-
-#include <cassert>
-#include <cerrno>
-#include <cstdlib>
-#include <cstring>
-#include <syslog.h>
-#include <sys/param.h>
-#include <netdb.h>
-
-#include "msntauth.h"
-#include "valid.h"
-
-/* Path to configuration file */
-#ifndef SYSCONFDIR
-#define SYSCONFDIR "/usr/local/squid/etc"
-#endif
-#define CONFIGFILE SYSCONFDIR "/msntauth.conf"
-
-/* Maximum number of servers to query. This number can be increased. */
-#define MAXSERVERS 5
-#define NTHOSTLEN 65
-
-extern char Denyuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */
-extern char Allowuserpath[MAXPATHLEN];
-
-typedef struct _ServerTuple {
- char pdc[NTHOSTLEN];
- char bdc[NTHOSTLEN];
- char domain[NTHOSTLEN];
-} ServerTuple;
-
-ServerTuple ServerArray[MAXSERVERS]; /* Array of servers to query */
-int Serversqueried = 0; /* Number of servers queried */
-
-/* Declarations */
-
-static void ProcessLine(char *);
-static void AddServer(char *, char *, char *);
-static int QueryServerForUser(int, char *, char *);
-
-/*
- * Opens and reads the configuration file.
- * Returns 0 on success, or 1 for error.
- */
-
-int
-OpenConfigFile(void)
-{
- FILE *ConfigFile;
- char Confbuf[2049]; /* Line reading buffer */
-
- /* Initialise defaults */
-
- Serversqueried = 0;
- memset(ServerArray, '\0', sizeof(ServerArray));
- memset(Denyuserpath, '\0', MAXPATHLEN);
- memset(Allowuserpath, '\0', MAXPATHLEN);
-
- /* Open file */
- if ((ConfigFile = fopen(CONFIGFILE, "r")) == NULL) {
- syslog(LOG_ERR, "OpenConfigFile: Failed to open %s.", CONFIGFILE);
- syslog(LOG_ERR, "%s", strerror(errno));
- return 1;
- }
- /* Read in, one line at a time */
- while (!feof(ConfigFile)) {
- Confbuf[0] = '\0';
- if (NULL == fgets(Confbuf, 2048, ConfigFile))
- break;
- Confbuf[2048] = '\0';
- ProcessLine(Confbuf);
- }
- fclose(ConfigFile);
-
- /*
- * Check that at least one server is being queried. Report error if not.
- * Denied and allowed user files are hardcoded, so it's fine if they're
- * not set in the confugration file.
- */
- if (Serversqueried == 0) {
- syslog(LOG_ERR, "OpenConfigFile: No servers set in %s. At least one is needed.", CONFIGFILE);
- return 1;
- }
- return 0;
-}
-
-/* Parses a configuration file line. */
-
-static void
-ProcessLine(char *Linebuf)
-{
- char *Directive;
- char *Param1;
- char *Param2;
- char *Param3;
-
- /* Ignore empty lines */
- if (strlen(Linebuf) == 0)
- return;
-
- /* Break up on whitespaces */
- if ((Directive = strtok(Linebuf, " \t\n")) == NULL)
- return;
-
- /* Check for a comment line. If found, stop . */
- if (Directive[0] == '#')
- return;
-
- /* Check for server line. Check for 3 parameters. */
- if (strcmp(Directive, "server") == 0) {
- Param1 = strtok(NULL, " \t\n");
- if (NULL == Param1) {
- syslog(LOG_ERR, "ProcessLine: 'server' missing PDC parameter.");
- return;
- }
- Param2 = strtok(NULL, " \t\n");
- if (NULL == Param2) {
- syslog(LOG_ERR, "ProcessLine: 'server' missing BDC parameter.");
- return;
- }
- Param3 = strtok(NULL, " \t\n");
- if (NULL == Param3) {
- syslog(LOG_ERR, "ProcessLine: 'server' missing domain parameter.");
- return;
- }
- AddServer(Param1, Param2, Param3);
- return;
- }
- /* Check for denyusers line */
- if (strcmp(Directive, "denyusers") == 0) {
- Param1 = strtok(NULL, " \t\n");
-
- if (NULL == Param1) {
- syslog(LOG_ERR, "ProcessLine: A 'denyusers' line needs a filename parameter.");
- return;
- }
- memset(Denyuserpath, '\0', MAXPATHLEN);
- strncpy(Denyuserpath, Param1, MAXPATHLEN - 1);
- return;
- }
- /* Check for allowusers line */
- if (strcmp(Directive, "allowusers") == 0) {
- Param1 = strtok(NULL, " \t\n");
-
- if (NULL == Param1) {
- syslog(LOG_ERR, "ProcessLine: An 'allowusers' line needs a filename parameter.");
- return;
- }
- memset(Allowuserpath, '\0', MAXPATHLEN);
- strncpy(Allowuserpath, Param1, MAXPATHLEN - 1);
- return;
- }
- /* Reports error for unknown line */
- syslog(LOG_ERR, "ProcessLine: Ignoring '%s' line.", Directive);
-}
-
-/*
- * Adds a server to query to the server array.
- * Checks if the server IP is resolvable.
- * Checks if the number of servers to query is not exceeded.
- * Does not allow parameters longer than NTHOSTLEN.
- */
-
-void
-AddServer(char *ParamPDC, char *ParamBDC, char *ParamDomain)
-{
- if (Serversqueried == MAXSERVERS) {
- syslog(LOG_ERR, "AddServer: Ignoring '%s' server line; "
- "too many servers.", ParamPDC);
- return;
- }
- if (gethostbyname(ParamPDC) == NULL) {
- syslog(LOG_ERR, "AddServer: Ignoring host '%s'. "
- "Cannot resolve its address.", ParamPDC);
- return;
- }
- if (gethostbyname(ParamBDC) == NULL) {
- syslog(LOG_USER | LOG_ERR, "AddServer: Ignoring host '%s'. "
- "Cannot resolve its address.", ParamBDC);
- return;
- }
- /* NOTE: ServerArray is zeroed in OpenConfigFile() */
- assert(Serversqueried < MAXSERVERS);
- strncpy(ServerArray[Serversqueried].pdc, ParamPDC, NTHOSTLEN - 1);
- strncpy(ServerArray[Serversqueried].bdc, ParamBDC, NTHOSTLEN - 1);
- strncpy(ServerArray[Serversqueried].domain, ParamDomain, NTHOSTLEN - 1);
- ++Serversqueried;
-}
-
-/*
- * Cycles through all servers to query.
- * Returns 0 if one server could authenticate the user.
- * Returns 1 if no server authenticated the user.
- */
-
-int
-QueryServers(char *username, char *password)
-{
- int i;
- for (i = 0; i < Serversqueried; ++i) {
- if (0 == QueryServerForUser(i, username, password))
- return 0;
- }
- return 1;
-}
-
-/*
- * Attempts to authenticate the user with one server.
- * Logs syslog messages for different errors.
- * Returns 0 on success, non-zero on failure.
- */
-
-/* Define for systems which don't support it, like Solaris */
-#ifndef LOG_AUTHPRIV
-#define LOG_AUTHPRIV LOG_AUTH
-#endif
-
-static int
-QueryServerForUser(int x, char *username, char *password)
-{
- int result = 1;
-
- result = Valid_User(username, password, ServerArray[x].pdc,
- ServerArray[x].bdc, ServerArray[x].domain);
-
- switch (result) { /* Write any helpful syslog messages */
- case 0:
- break;
- case 1:
- syslog(LOG_AUTHPRIV | LOG_INFO, "Server error when checking %s.",
- username);
- break;
- case 2:
- syslog(LOG_AUTHPRIV | LOG_INFO, "Protocol error when checking %s.",
- username);
- break;
- case 3:
- syslog(LOG_AUTHPRIV | LOG_INFO, "Authentication failed for %s.",
- username);
- break;
- }
-
- return result;
-}
-
-/* Valid_User return codes -
- *
- * 0 - User authenticated successfully.
- * 1 - Server error.
- * 2 - Protocol error.
- * 3 - Logon error; Incorrect password or username given.
- */
+++ /dev/null
-/*
- * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/*
- * denyusers.c
- * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd
- * Released under GPL, see COPYING-2.0 for details.
- *
- * These routines are to block users attempting to use the proxy which
- * have been explicitly denied by the system administrator.
- * Routines at the bottom also use the allowed user functions.
- */
-
-#include "squid.h"
-#include "msntauth.h"
-#include "usersfile.h"
-
-#include <cstdlib>
-#include <cstring>
-#include <ctime>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/param.h>
-
-static usersfile DenyUsers;
-static int init = 0;
-
-/* shared */
-char Denyuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */
-
-int
-Read_denyusers(void)
-{
- if (!init) {
- memset(&DenyUsers, '\0', sizeof(DenyUsers));
- init = 1;
- }
- if (*Denyuserpath)
- return Read_usersfile(Denyuserpath, &DenyUsers);
- else
- return 0;
-}
-
-static void
-Check_fordenychange(void)
-{
- Check_forfilechange(&DenyUsers);
-}
-
-/*
- * Check to see if the username provided by Squid appears in the denied
- * user list. Returns 0 if the user was not found, and 1 if they were.
- */
-
-static int
-Check_ifuserdenied(char *ConnectingUser)
-{
- /* If user string is empty, deny */
- if (ConnectingUser[0] == '\0')
- return 1;
-
- /* If denied user list is empty, allow */
- if (DenyUsers.Inuse == 0)
- return 0;
-
- return Check_userlist(&DenyUsers, ConnectingUser);
-}
-
-/*
- * Decides if a user is denied or allowed.
- * If they have been denied, or not allowed, return 1.
- * Else return 0.
- */
-
-int
-Check_user(char *ConnectingUser)
-{
- if (Check_ifuserdenied(ConnectingUser) == 1)
- return 1;
-
- if (Check_ifuserallowed(ConnectingUser) == 0)
- return 1;
-
- return 0;
-}
-
-/*
- * Checks the denied and allowed user files for change.
- * This function is invoked when a SIGHUP signal is received.
- * It is also run after every 60 seconds, at the next request.
- */
-
-void
-Check_forchange(int signal)
-{
- Check_fordenychange();
- Check_forallowchange();
-}
-
-/*
- * Checks the timer. If longer than 1 minute has passed since the last
- * time someone has accessed the proxy, then check for changes in the
- * denied user file. If longer than one minute hasn't passed, return.
- */
-
-void
-Checktimer()
-{
- static time_t Lasttime; /* The last time the timer was checked */
- static time_t Currenttime; /* The current time */
-
- Currenttime = time(NULL);
-
- /* If timeout has expired, check the denied user file, else return */
- if (difftime(Currenttime, Lasttime) < 60)
- return;
- else {
- Check_forchange(-1);
- Lasttime = Currenttime;
- }
-}
+++ /dev/null
-/*
- * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/*
- * usersfile.c
- * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd
- * Released under GPL, see COPYING-2.0 for details.
- *
- * These routines are to allow users attempting to use the proxy which
- * have been explicitly allowed by the system administrator.
- * The code originated from denyusers.c.
- */
-
-#include "squid.h"
-#include "util.h"
-
-#include <cctype>
-#include <cerrno>
-#include <cstring>
-#include <ctime>
-#include <syslog.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <fcntl.h>
-
-#include "usersfile.h"
-
-#define NAMELEN 50 /* Maximum username length */
-
-static int
-name_cmp(const void *a, const void *b)
-{
- const char * const *A = static_cast<const char * const *>(a);
- const char * const *B = static_cast<const char * const *>(b);
- return strcasecmp(*A, *B);
-}
-
-static void
-free_names(usersfile * uf)
-{
- int i;
- for (i = 0; i < uf->Inuse; ++i) {
- if (uf->names[i])
- free(uf->names[i]);
- uf->names[i] = NULL;
- }
- uf->Inuse = 0;
-}
-
-/*
- * Reads a file of usernames and stuffs them into an array
- * of strings.
- * Returns 0 if the user list was successfully loaded,
- * and 1 in case of error.
- */
-
-int
-Read_usersfile(const char *path, usersfile * uf)
-{
- FILE *fp;
- struct stat FileBuf;
- char buf[1024];
-
- free_names(uf);
-
- if (NULL == path) {
- path = uf->path;
- } else {
- if (uf->path)
- free(uf->path);
- uf->path = xstrdup(path);
- }
-
- /* Open the users file. Report any errors. */
- fp = fopen(path, "r");
- if (NULL == fp) {
- uf->LMT = 0;
- if (errno == ENOENT)
- return 0;
- syslog(LOG_ERR, "%s: %s", path, strerror(errno));
- return 1;
- }
- /* Stat the file. If it does not exist, save the size as zero.
- * Clear the allowed user string. Return. */
- if (fstat(fileno(fp), &FileBuf) < 0) {
- syslog(LOG_ERR, "%s: %s", path, strerror(errno));
- fclose(fp);
- return 1;
- }
- /* If it exists, save the modification time and size */
- uf->LMT = FileBuf.st_mtime;
-
- /* Handle the special case of a zero length file */
- if (FileBuf.st_size == 0) {
- fclose(fp);
- return 0;
- }
-
- /*
- * Read the file into memory
- * XXX assumes one username per input line
- */
- while (fgets(buf, 1024, fp) != NULL) {
- /* ensure no names longer than our limit */
- buf[NAMELEN] = '\0';
- /* skip bad input lines */
- if (NULL == strtok(buf, "\r\n"))
- continue;
- /* grow the list if necessary */
- if (0 == uf->Alloc) {
- uf->Alloc = 256;
- uf->names = static_cast<char**>(calloc(uf->Alloc, sizeof(*uf->names)));
- } else if (uf->Inuse == uf->Alloc) {
- uf->Alloc = uf->Alloc << 1;
- uf->names = static_cast<char**>(realloc(uf->names, uf->Alloc * sizeof(*uf->names)));
- /* zero out the newly allocated memory */
- memset(&uf->names[uf->Alloc >> 1],
- '\0',
- (uf->Alloc >> 1) * sizeof(*uf->names));
- }
- uf->names[uf->Inuse] = xstrdup(buf);
- ++uf->Inuse;
- }
- fclose(fp);
- fp = NULL;
-
- /* sort the names for searching */
- qsort(uf->names, uf->Inuse, sizeof(*uf->names), name_cmp);
-
- return 0;
-}
-
-/*
- * Check to see if the username provided by Squid appears in the
- * user list. Returns 0 if the user was not found, and 1 if they were.
- */
-
-int
-Check_userlist(usersfile * uf, char *User)
-{
- void *p;
-
- /* Empty users are always in the list */
- if (User[0] == '\0')
- return 1;
-
- /* If allowed user list is empty, allow all users.
- * If no users are supposed to be using the proxy, stop squid instead. */
- if (0 == uf->Inuse)
- return 1;
-
- /* Check if username string is found in the allowed user list.
- * If so, allow. If not, deny. Reconstruct the username
- * to have whitespace, to avoid finding wrong string subsets. */
-
- p = bsearch(&User,
- uf->names,
- uf->Inuse,
- sizeof(*uf->names),
- name_cmp);
- if (NULL == p) {
- return 0;
- }
- return 1;
-}
-
-/*
- * Checks if there has been a change in a users file.
- * If the modification time has changed, then reload the user list.
- */
-void
-Check_forfilechange(usersfile * uf)
-{
- struct stat ChkBuf; /* Stat data buffer */
-
- /* Stat the allowed users file. If it cannot be accessed, return. */
-
- if (uf->path == NULL)
- return;
-
- if (stat(uf->path, &ChkBuf) < 0) {
- if (errno == ENOENT) {
- uf->LMT = 0;
- free_names(uf);
- } else { /* Report error when accessing file */
- syslog(LOG_ERR, "%s: %s", uf->path, strerror(errno));
- }
- return;
- }
- /* return if no change */
- if (ChkBuf.st_mtime == uf->LMT)
- return;
-
- /*
- * The file changed, so re-read it.
- */
- syslog(LOG_INFO, "Check_forfilechange: Reloading user list '%s'.", uf->path);
- Read_usersfile(NULL, uf);
-}
+++ /dev/null
-/*
- * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-typedef struct {
- char *path;
- char **names;
- int Alloc;
- int Inuse;
- time_t LMT;
-} usersfile;
-
-int Read_usersfile(const char *path, usersfile * uf);
-int Check_userlist(usersfile * uf, char *User);
-void Check_forfilechange(usersfile * uf);
projects / thirdparty / squid.git / commitdiff
