src/auth/basic/RADIUS/Makefile
src/auth/basic/SASL/Makefile
src/auth/basic/SMB/Makefile
- src/auth/basic/SMB_LM/Makefile
src/auth/basic/SSPI/Makefile
src/auth/digest/Makefile
src/auth/digest/eDirectory/Makefile
<sect1>Helper changes
<p>
<descrip>
+ <p>Removed <em>basic_smb_lm_auth</em> NTLM authentication helper.
+ Use the <em>ntlm_auth</em> helper from the Samba project instead.
+
<p>Removed <em>ext_lm_group_acl</em> external acl helper. No product
currently on the market suports the LanManager protocol
in their default configuration.
<sect1>Changes to existing options<label id="modifiedoptions">
<p>
<descrip>
+ <tag>--enable-auth-basic=</tag>
+ <p>Removed <em>SMB_LM</em> helper, in favour of the <em>ntlm_auth</em>
+ alternative offered by the Samba project.
+
<tag>--enable-auth-ntlm=</tag>
<p>Removed <em>SMB_LM</em> helper, in favour of the <em>ntlm_auth</em>
alternative offered by the Samba project.
RADIUS \
SASL \
SMB \
- SMB_LM \
SSPI
SUBDIRS = $(BASIC_AUTH_HELPERS)
+++ /dev/null
-## Copyright (C) 1996-2023 The Squid Software Foundation and contributors
-##
-## Squid software is distributed under GPLv2+ license and includes
-## contributions from numerous individuals and organizations.
-## Please see the COPYING and CONTRIBUTORS files for details.
-##
-
-include $(top_srcdir)/src/Common.am
-
-libexec_PROGRAMS= basic_smb_lm_auth
-
-basic_smb_lm_auth_SOURCES = \
- msntauth.cc \
- msntauth.h \
- valid.cc \
- valid.h
-basic_smb_lm_auth_LDADD= \
- $(top_builddir)/lib/smblib/libsmblib.la \
- $(top_builddir)/lib/rfcnb/librfcnb.la \
- $(top_builddir)/lib/libmiscencoding.la \
- $(COMPAT_LIB) \
- $(XTRA_LIBS)
-
-EXTRA_DIST= \
- msntauth-v2.0.lsm \
- README.html \
- required.m4
+++ /dev/null
-<HTML>
-<HEAD>
-<TITLE>MSNTAUTH readme</TITLE>
-</HEAD>
-<BODY BGCOLOR="#FFFFFF">
-
-<!--
-If you require this document in text form, download the
-HTML-text package from http://members.tripod.com/stellarx.
--->
-
-<H1>
-MSNT Auth v3.0.0<BR>
-Squid web proxy NT authentication module<BR>
-Modified by the Squid HTTP Proxy team<BR>
-Original release by Antonino Iannella, Stellar-X Pty Ltd<BR>
-</H1>
-
-<H2>Contents</H2>
-
-<UL>
-<LI> <A HREF="#introduction">Introduction</A>
-<LI> <A HREF="#installation">Installation</A>
-<LI> <A HREF="#configuration">Configuration</A>
-<LI> <A HREF="#squid">Squid.conf changes</A>
-<LI> <A HREF="#testing">Testing</A>
-<LI> <A HREF="#contact">Support details</A>
-</UL>
-
-<A NAME="introduction"><H2>Introduction</H2>
-
-<P>
-This is an authentication module for the Squid proxy server
-to use an NT domain server.
-
-<P>
-It originates from the Samba and SMB packages by Andrew Tridgell
-and Richard Sharpe. It is sourced from the Pike
-authentication module by William Welliver (hwellive@intersil.com),
-and the SMB 1.0.1 libraries.
-Releases up to version 2.0.3 were created by Antonino Iannella
-(antonino@rager.com.au, http://stellarx.tripod.com).
-The module is now distributed with Squid, and is maintained by the
-Squid proxy team as an Open Source effort.
-Msntauth is released under the GNU General Public License.
-
-<P>
-<i>basic_msnt_auth</i> follows the standard Squid basic authentication helper protocol.
-See <a href="https://wiki.squid-cache.org/Features/AddonHelpers#basic-scheme"
->https://wiki.squid-cache.org/Features/AddonHelpers#basic-scheme</a> for details.
-Problems are logged to syslog.
-
-<P>
-Msntauth works in environments with NT domain controllers on
-Windows (TM) NT 4, 2000, and Samba. It only uses the ancient <i>Lanman</i> protocol,
-the authenticating systems must be configured to accept it.
-
-<A NAME="installation"><H2>Installation</H2>
-
-<P>
-Msntauth will be compiled when you compile Squid, using
-their autoconf system.
-Refer to Squid documentation for details.
-If the build is suitable, you can skip this section.
-
-<A NAME="configuration"><H2>Configuration</H2>
-
-<P>
-As of version 3.0.0, a configuration file is no longer needed.
-The specification of the domains and domain controllers to use is
-passed as a list of arguments on the command line.
-
-The syntax is:
-<PRE>
-basic_msnt_auth domain1/domaincontroller1 [domain2/domaincontroller2 ...]
-</PRE>
-An arbitrary number of domain controllers can be specified, for any number of daomains.
-Domain controllers will be attempted in the same order they are configured, until
-any of them successfully authenticates the user passed by squid. If all domain
-controllers fail to authenticate the user, then access is denied.
-Domain controllers can be specified by their NetBios name.
-
-<P>
-<B>WARNING!</B> this means that a wrong password will be attempted a number of times.
-Watch out for domain lock-out policies!
-
-<A NAME="squid"><H2>Squid.conf changes</H2>
-
-<P>
-Refer to Squid documentation for the required changes to squid.conf.
-You will need to set the following lines to enable authentication for
-your access list -
-
-<PRE>
- acl <I>yourACL</I> proxy_auth REQUIRED
- http_access allow password
- http_access allow <I>yourACL</I>
- http_access deny all
-</PRE>
-
-<P>
-You will also need to review the following directives. The number of
-msntauth children spawned is set with authenticate_children.
-The number of children needed is site-dependent, so some
-experimentation may be required to find the best number.
-There should be no visible delay in performance with Squid once
-msntauth is in use.
-
-Please see <A href="http://www.squid-cache.org/Doc/config/auth_param/"
->http://www.squid-cache.org/Doc/config/auth_param/</A> or your <TT>squid.conf.default</TT>
-file to check how to configure squid to make use of this helper.
-
-<A NAME="testing"><H2>Testing</H2>
-
-<P>
-I strongly urge that Msntauth is tested prior to being used in a
-production environment. It may behave differently on different platforms.
-To test it, run it from the command line, and enter username and password
-pairs separated by a space.
-
-<P>
-It should behave in the following way -
-<PRE>
- - Press ENTER to get an OK or ERR message.
- - Make sure pressing CTRL-D behaves the same as a carriage return.
- - Make sure pressing CTRL-C aborts the program.
- - Test that entering no details does not result in an OK or ERR message.
- - Test that entering an invalid username and password results in
- an ERR message. Note that if NT guest user access is allowed on
- the PDC, an OK message may be returned instead of ERR.
- - Test that entering an valid username and password results in an OK message.
- Try usernames which are and aren't in the denied/allowed user files,
- if they're in use.
- - Test that entering a guest username and password returns the correct response.
-</PRE>
-
-<P>
-If the above didn't work as expected, you may need to modify the main()
-function in msntauth.c. Inform the Squid maintainers of any problems.
-
-<P>
-Usernames and passwords are expected to be URL-encoded (see RFC 1738 for details)
-
-<A NAME="contact"><H2>Support details</H2>
-
-<P>
-Refer to the Squid website at http://www.squid-cache.org.
-You can submit problems or fixes using the Squid project's Bugzilla database.
-
-</BODY>
-</HTML>
+++ /dev/null
-Begin3
-Title: msntauth
-Version: 2.0
-Entered-date: 01SEP01
-Description: Squid web proxy NT domain authentication module
-Keywords: Squid WWW proxy SMB NT domain authentication module source
-Author: antonino@rager.com.au (Antonino Iannella)
-Maintained-by: antonino@rager.com.au (Antonino Iannella)
-Primary-site: sunsite.unc.edu /pub/Linux/system/network/misc
- msntauth-v2.0.tgz
-Original-site: http://members.tripod.com/stellarx
-Copying-policy: GPL
-End
+++ /dev/null
-/*
- * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/*
- * MSNT - Microsoft Windows NT domain squid authenticator module
- * Version 2.0 by Stellar-X Pty Ltd, Antonino Iannella
- * Sun Sep 2 14:39:53 CST 2001
- *
- * Modified to act as a Squid authenticator module.
- * Removed all Pike stuff.
- * Returns OK for a successful authentication, or ERR upon error.
- *
- * Uses code from -
- * Andrew Tridgell 1997
- * Richard Sharpe 1996
- * Bill Welliver 1999
- * Duane Wessels 2000 (wessels@squid-cache.org)
- *
- * Released under GNU Public License
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-#include "squid.h"
-#include "rfc1738.h"
-#include "util.h"
-
-#include <csignal>
-#include <cstring>
-#include <iostream>
-#include <string>
-#include <vector>
-#include <syslog.h>
-
-#include "auth/basic/SMB_LM/msntauth.h"
-#include "auth/basic/SMB_LM/valid.h"
-
-static char msntauth_version[] = "Msntauth v3.0.0 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 2002-2014";
-
-struct domaincontroller {
- std::string domain;
- std::string server;
-};
-typedef std::vector<domaincontroller> domaincontrollers_t;
-domaincontrollers_t domaincontrollers;
-
-static bool
-validate_user(char *username, char *password)
-{
- for (domaincontrollers_t::iterator dc = domaincontrollers.begin(); dc != domaincontrollers.end(); ++dc) {
- //std::cerr << "testing against " << dc->server << std::endl;
- const int rv = Valid_User(username, password, dc->server.c_str(), nullptr, dc->domain.c_str());
- //std::cerr << "check result: " << rv << std::endl;
- if (rv == NTV_NO_ERROR)
- return true;
- }
- return false;
-}
-
-static char instructions[] = "Usage instructions: basic_nsnt_auth <domainname>/<domaincontroller> [<domainname>/<domaincontroller> ...]";
-static void
-display_usage_instructions()
-{
- using std::endl;
- std::cerr << msntauth_version << endl << instructions << endl << endl;
-}
-
-// arguments: domain/server_name [domain/server_name ...]
-int
-main(int argc, char **argv)
-{
- char username[256];
- char password[256];
- char wstr[256];
- int err = 0;
-
- openlog("basic_smb_lm_auth", LOG_PID, LOG_USER);
- setbuf(stdout, nullptr);
-
- for (int j = 1; j < argc; ++j) {
- std::string arg = argv[j];
- size_t pos=arg.find('/');
- if (arg.find('/',pos+1) != std::string::npos) {
- std::cerr << "Error: can't understand domain controller specification '"
- << arg << "'. Ignoring" << std::endl;
- }
- domaincontroller dc;
- dc.domain = arg.substr(0,pos);
- dc.server = arg.substr(pos+1);
- if (dc.domain.length() == 0 || dc.server.length() == 0) {
- std::cerr << "Error: invalid domain specification in '" << arg <<
- "'. Ignoring." << std::endl;
- exit(EXIT_FAILURE);
- }
- domaincontrollers.push_back(dc);
- }
- if (domaincontrollers.empty()) {
- display_usage_instructions();
- std::cerr << "Error: no domain controllers specified" << std::endl;
- exit(EXIT_FAILURE);
- }
-
- while (1) {
- int n;
- /* Read whole line from standard input. Terminate on break. */
- memset(wstr, '\0', sizeof(wstr));
- if (fgets(wstr, 255, stdin) == NULL)
- break;
- /* ignore this line if we didn't get the end-of-line marker */
- if (NULL == strchr(wstr, '\n')) {
- err = 1;
- continue;
- }
- if (err) {
- syslog(LOG_WARNING, "oversized message");
- puts("ERR");
- err = 0;
- continue;
- }
-
- /*
- * extract username and password.
- */
- username[0] = '\0';
- password[0] = '\0';
- n = sscanf(wstr, "%s %[^\n]", username, password);
- if (2 != n) {
- puts("ERR");
- continue;
- }
- /* Check for invalid or blank entries */
- if ((username[0] == '\0') || (password[0] == '\0')) {
- puts("ERR");
- continue;
- }
-
- rfc1738_unescape(username);
- rfc1738_unescape(password);
-
- if (validate_user(username, password)) {
- puts("OK");
- } else {
- syslog(LOG_INFO, "'%s' login failed", username);
- puts("ERR");
- }
- err = 0;
- }
-
- return EXIT_SUCCESS;
-}
-
+++ /dev/null
-/*
- * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#ifndef SQUID_SRC_AUTH_BASIC_SMB_LM_MSNTAUTH_H
-#define SQUID_SRC_AUTH_BASIC_SMB_LM_MSNTAUTH_H
-
-extern int QueryServers(char *, char *);
-extern void Check_forallowchange(void);
-
-#endif /* SQUID_SRC_AUTH_BASIC_SMB_LM_MSNTAUTH_H */
-
+++ /dev/null
-## Copyright (C) 1996-2023 The Squid Software Foundation and contributors
-##
-## Squid software is distributed under GPLv2+ license and includes
-## contributions from numerous individuals and organizations.
-## Please see the COPYING and CONTRIBUTORS files for details.
-##
-
-# DONT build this helper on Windows
-# DONT build this helper by default
-AS_IF([test "x$auto_helpers" != "xyes"],[
- BUILD_HELPER="SMB_LM"
- AC_CHECK_HEADERS([w32api/windows.h windows.h],[BUILD_HELPER=""])
- AS_IF([test "x$BUILD_HELPER" = "xSMB_LM"],[require_smblib="yes"])
-])
+++ /dev/null
-/*
- * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#include "squid.h"
-#include "auth/basic/SMB_LM/valid.h"
-#include "smblib/smblib.h"
-
-#if HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#if HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#if HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-
-// BACKUP is unused
-int
-Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *, const char *DOMAIN)
-{
- const char *supportedDialects[] = {"PC NETWORK PROGRAM 1.0",
- "MICROSOFT NETWORKS 1.03",
- "MICROSOFT NETWORKS 3.0",
- "LANMAN1.0",
- "LM1.2X002",
- "Samba",
- "NT LM 0.12",
- "NT LANMAN 1.0",
- NULL
- };
- SMB_Handle_Type con;
-
- SMB_Init();
- con = SMB_Connect_Server(nullptr, SERVER, DOMAIN);
- if (con == NULL) {
- return (NTV_SERVER_ERROR);
- }
- if (SMB_Negotiate(con, supportedDialects) < 0) { /* An error */
- SMB_Discon(con, 0);
- return (NTV_PROTOCOL_ERROR);
- }
- if (SMB_Logon_Server(con, USERNAME, PASSWORD, nullptr, 0) < 0) {
- SMB_Discon(con, 0);
- return (NTV_LOGON_ERROR);
- }
- SMB_Discon(con, 0);
- return (NTV_NO_ERROR);
-}
-
+++ /dev/null
-/*
- * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#ifndef SQUID_SRC_AUTH_BASIC_SMB_LM_VALID_H
-#define SQUID_SRC_AUTH_BASIC_SMB_LM_VALID_H
-/* SMB User verification function */
-
-#define NTV_NO_ERROR 0
-#define NTV_SERVER_ERROR 1
-#define NTV_PROTOCOL_ERROR 2
-#define NTV_LOGON_ERROR 3
-
-int Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *BACKUP, const char *DOMAIN);
-
-#endif /* SQUID_SRC_AUTH_BASIC_SMB_LM_VALID_H */
-
SQUID_CHECK_HELPER([RADIUS],[auth/basic])
SQUID_CHECK_HELPER([SASL],[auth/basic])
SQUID_CHECK_HELPER([SMB],[auth/basic])
- SQUID_CHECK_HELPER([SMB_LM],[auth/basic])
SQUID_CHECK_HELPER([SSPI],[auth/basic])
SQUID_CHECK_HELPER([fake],[auth/basic])
SQUID_CHECK_HELPER([getpwnam],[auth/basic])
projects / thirdparty / squid.git / commitdiff
