From: hno <> Date: Sun, 15 Aug 2004 04:54:52 +0000 (+0000) Subject: external_acl helpers updated to use the new protocol format based X-Git-Tag: SQUID_3_0_PRE4~1074 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1958420ab5c704cef4debfc8300b7a756cedc002;p=thirdparty%2Fsquid.git external_acl helpers updated to use the new protocol format based on URL-escaped strings rather than quoted words.. --- diff --git a/helpers/external_acl/ip_user/Makefile.am b/helpers/external_acl/ip_user/Makefile.am index 798df2a093..8748e8afa6 100644 --- a/helpers/external_acl/ip_user/Makefile.am +++ b/helpers/external_acl/ip_user/Makefile.am @@ -1,7 +1,7 @@ # # Makefile for the ip_user external_acl helper by Rodrigo Campos # -# $Id: Makefile.am,v 1.3 2003/01/23 00:36:01 robertc Exp $ +# $Id: Makefile.am,v 1.4 2004/08/14 22:54:52 hno Exp $ # # Uncomment and customize the following to suit your needs: # @@ -24,7 +24,5 @@ EXTRA_DIST = \ # sysconf_DATA = -LDADD = @XTRA_LIBS@ - -INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \ - -I$(top_srcdir)/src/ +LDADD = -L$(top_builddir)/lib -lmiscutil @XTRA_LIBS@ +INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include diff --git a/helpers/external_acl/ip_user/main.c b/helpers/external_acl/ip_user/main.c index c692edbf6a..7b6bbe28a3 100644 --- a/helpers/external_acl/ip_user/main.c +++ b/helpers/external_acl/ip_user/main.c @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.3 2003/01/23 00:36:01 robertc Exp $ +/* $Id: main.c,v 1.4 2004/08/14 22:54:52 hno Exp $ * Copyright (C) 2002 Rodrigo Campos * * This program is free software; you can redistribute it and/or modify @@ -25,7 +25,7 @@ #include "ip_user.h" - +#include "util.h" void usage (char *program_name) @@ -65,17 +65,25 @@ main (int argc, char *argv[]) current_entry = load_dict (FH); while (fgets (line, sizeof (line), stdin)) { - if ((cp = strchr (line, '\n')) != NULL) { - *cp = '\0'; + if ((cp = strchr (line, '\n')) == NULL) { + /* too large message received.. skip and deny */ + fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], line); + while (fgets(line, sizeof(line), stdin)) { + fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], line); + if (strchr(line, '\n') != NULL) + break; + } + goto error; } - if ((cp = strtok (line, " \t")) != NULL) { - address = cp; - username = strtok (NULL, " \t"); - } else { - fprintf (stderr, "helper: unable to read tokens\n"); - printf ("ERR\n"); - continue; + *cp = '\0'; + address = strtok (line, " \t"); + username = strtok (NULL, " \t"); + if (!address || !username) { + fprintf (stderr, "%s: unable to read tokens\n", argv[0]); + goto error; } + rfc1738_unescape(address); + rfc1738_unescape(username); #ifdef DEBUG printf ("result: %d\n", dict_lookup (current_entry, username, address)); @@ -83,10 +91,9 @@ main (int argc, char *argv[]) if ((dict_lookup (current_entry, username, address)) != 0) { printf ("OK\n"); } else { +error: printf ("ERR\n"); } - - } diff --git a/helpers/external_acl/ldap_group/ChangeLog b/helpers/external_acl/ldap_group/ChangeLog index 562266aa43..7914e6cb68 100644 --- a/helpers/external_acl/ldap_group/ChangeLog +++ b/helpers/external_acl/ldap_group/ChangeLog @@ -1,6 +1,23 @@ +Version 2.15 + +2004-08-15 Henrik Nordstrom + Helper format changed in Squid-3.0 to use URL escaped + strings. Simplifies things a bit and well known encoding. + +Version 2.14 + +2004-03-02 Henrik Nordstrom + Added -d (debug) flag + +2004-02-09 Henrik Nordstrom + -E and -S options mismatch + +2004-01-08 Henrik Nordstrom + Increase buffer size when reading group lookups from Squid + Version 2.13 -2003-01-05 Henrik Nordstrom +2004-01-05 Henrik Nordstrom Corrected TLS mode (-Z) Version 2.12 diff --git a/helpers/external_acl/ldap_group/Makefile.am b/helpers/external_acl/ldap_group/Makefile.am index 829b31b1f7..5a9d44b0f1 100644 --- a/helpers/external_acl/ldap_group/Makefile.am +++ b/helpers/external_acl/ldap_group/Makefile.am @@ -1,14 +1,15 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.am,v 1.4 2003/01/23 00:36:05 robertc Exp $ +# $Id: Makefile.am,v 1.5 2004/08/14 22:54:53 hno Exp $ # # Uncomment and customize the following to suit your needs: # -libexec_PROGRAMS = squid_ldap_group -man_MANS = squid_ldap_group.8 -EXTRA_DIST = squid_ldap_group.8 +libexec_PROGRAMS = squid_ldap_group +man_MANS = squid_ldap_group.8 +EXTRA_DIST = squid_ldap_group.8 squid_ldap_group_SOURCES = squid_ldap_group.c -LDADD = -lldap -llber $(XTRA_LIBS) +LDADD = -L$(top_builddir)/lib -lmiscutil -lldap -llber @XTRA_LIBS@ +INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include diff --git a/helpers/external_acl/ldap_group/squid_ldap_group.c b/helpers/external_acl/ldap_group/squid_ldap_group.c index 3074a03e6e..8280a8d3ee 100644 --- a/helpers/external_acl/ldap_group/squid_ldap_group.c +++ b/helpers/external_acl/ldap_group/squid_ldap_group.c @@ -43,6 +43,8 @@ #include #endif +#include "util.h" + #define PROGRAM_NAME "squid_ldap_group" /* Globals */ @@ -162,51 +164,6 @@ squid_ldap_memfree(char *p) #endif #endif -static char * -strwordtok(char *buf, char **t) -{ - unsigned char *word = NULL; - unsigned char *p = (unsigned char *) buf; - unsigned char *d; - unsigned char ch; - int quoted = 0; - if (!p) - p = (unsigned char *) *t; - if (!p) - goto error; - while (*p && isspace(*p)) - p++; - if (!*p) - goto error; - word = d = p; - while ((ch = *p)) { - switch (ch) { - case '\\': - p++; - *d++ = ch = *p; - if (ch) - p++; - break; - case '"': - quoted = !quoted; - p++; - break; - default: - if (!quoted && isspace(*p)) { - p++; - goto done; - } - *d++ = *p++; - break; - } - } - done: - *d++ = '\0'; - error: - *t = (char *) p; - return (char *) word; -} - int main(int argc, char **argv) { @@ -218,6 +175,7 @@ main(int argc, char **argv) int port = LDAP_PORT; int use_extension_dn = 0; int strip_nt_domain = 0; + int err = 0; setbuf(stdout, NULL); @@ -430,20 +388,41 @@ main(int argc, char **argv) exit(1); } while (fgets(buf, 256, stdin) != NULL) { - char *tptr; int found = 0; - user = strwordtok(buf, &tptr); - if (user && strip_nt_domain) { + if (!strchr(buf, '\n')) { + /* too large message received.. skip and deny */ + fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf); + while (fgets(buf, sizeof(buf), stdin)) { + fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf); + if (strchr(buf, '\n') != NULL) + break; + } + goto error; + } + user = strtok(buf, " \n"); + if (!user) { + fprintf(stderr, "%s: Invalid request\n", argv[0]); + goto error; + } + rfc1738_unescape(user); + if (strip_nt_domain) { char *u = strchr(user, '\\'); if (!u) u = strchr(user, '/'); if (u && u[1]) user = u + 1; } - if (use_extension_dn) - extension_dn = strwordtok(NULL, &tptr); + if (use_extension_dn) { + extension_dn = strtok(NULL, " \n"); + if (!extension_dn) { + fprintf(stderr, "%s: Invalid request\n", argv[0]); + goto error; + } + rfc1738_unescape(extension_dn); + } - while (!found && user && (group = strwordtok(NULL, &tptr)) != NULL) { + while (!found && user && (group = strtok(NULL, " \n")) != NULL) { + rfc1738_unescape(group); recover: if (ld == NULL) { @@ -528,8 +507,10 @@ main(int argc, char **argv) } if (found) printf("OK\n"); - else + else { +error: printf("ERR\n"); +} if (ld != NULL) { if (!persistent || (squid_ldap_errno(ld) != LDAP_SUCCESS && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS)) { @@ -539,6 +520,7 @@ main(int argc, char **argv) tryagain = 1; } } + err = 0; } if (ld) ldap_unbind(ld); diff --git a/helpers/external_acl/unix_group/Makefile.am b/helpers/external_acl/unix_group/Makefile.am index b471458c4a..51d0dcb8e9 100644 --- a/helpers/external_acl/unix_group/Makefile.am +++ b/helpers/external_acl/unix_group/Makefile.am @@ -1,12 +1,15 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.am,v 1.3 2003/01/23 00:36:12 robertc Exp $ +# $Id: Makefile.am,v 1.4 2004/08/14 22:54:53 hno Exp $ # # Uncomment and customize the following to suit your needs: # -libexec_PROGRAMS = squid_unix_group -man_MANS = squid_unix_group.8 -EXTRA_DIST = squid_unix_group.8 +libexec_PROGRAMS = squid_unix_group +man_MANS = squid_unix_group.8 +EXTRA_DIST = squid_unix_group.8 squid_unix_group_SOURCES = check_group.c + +LDADD = -L$(top_builddir)/lib -lmiscutil @XTRA_LIBS@ +INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include diff --git a/helpers/external_acl/unix_group/check_group.c b/helpers/external_acl/unix_group/check_group.c index 37539ea33b..5f6805d895 100644 --- a/helpers/external_acl/unix_group/check_group.c +++ b/helpers/external_acl/unix_group/check_group.c @@ -1,5 +1,5 @@ /* - * $Id: check_group.c,v 1.3 2003/01/23 00:36:13 robertc Exp $ + * $Id: check_group.c,v 1.4 2004/08/14 22:54:53 hno Exp $ * * This is a helper for the external ACL interface for Squid Cache * Copyright (C) 2002 Rodrigo Albani de Campos (rodrigo@geekbunker.org) @@ -29,6 +29,9 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * Change Log: + * Revision 1.7 2004/08/15 00:29:33 hno + * helper protocol changed to URL-escaped strings in Squid-3.0 + * * Revision 1.6 2002/08/12 15:48:32 hno * imported strwordtok from Squid, added man page, some minor fixes * @@ -58,62 +61,12 @@ #include #include +#include "util.h" #define BUFSIZE 8192 /* the stdin buffer size */ #define MAX_GROUP 10 /* maximum number of groups specified * on the command line */ - -/* - * Library function to split external_acl messages into tokens - * Copied from the Squid sources - */ -static char * -strwordtok(char *buf, char **t) -{ - unsigned char *word = NULL; - unsigned char *p = (unsigned char *) buf; - unsigned char *d; - unsigned char ch; - int quoted = 0; - if (!p) - p = (unsigned char *) *t; - if (!p) - goto error; - while (*p && isspace(*p)) - p++; - if (!*p) - goto error; - word = d = p; - while ((ch = *p)) { - switch (ch) { - case '\\': - p++; - *d++ = ch = *p; - if (ch) - p++; - break; - case '"': - quoted = !quoted; - p++; - break; - default: - if (!quoted && isspace(*p)) { - p++; - goto done; - } - *d++ = *p++; - break; - } - } - done: - *d++ = '\0'; - error: - *t = (char *) p; - return (char *) word; -} - - /* * Verify if userĀ“s primary group matches groupname * Returns 0 if user is not on the group @@ -181,7 +134,7 @@ usage(char *program) int main(int argc, char *argv[]) { - char *user, *p, *t; + char *user, *p; char buf[BUFSIZE]; char *grents[MAX_GROUP]; int check_pw = 0, ch, i = 0, j = 0; @@ -224,26 +177,27 @@ main(int argc, char *argv[]) usage(argv[0]); exit(1); } - while (fgets(buf, BUFSIZE, stdin)) { + while (fgets(buf, sizeof(buf), stdin)) { j = 0; - if ((p = strchr(buf, '\n')) != NULL) { - *p = '\0'; - } else { + if ((p = strchr(buf, '\n')) == NULL) { /* too large message received.. skip and deny */ fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf); - while (fgets(buf, BUFSIZE, stdin)) { + while (fgets(buf, sizeof(buf), stdin)) { fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf); if (strchr(buf, '\n') != NULL) break; } goto error; } - if ((p = strwordtok(buf, &t)) == NULL) { + *p = '\0'; + if ((p = strtok(buf, " ")) == NULL) { goto error; } else { user = p; + rfc1738_unescape(user); /* check groups supplied by Squid */ - while ((p = strwordtok(NULL, &t)) != NULL) { + while ((p = strtok(NULL, " ")) != NULL) { + rfc1738_unescape(p); if (check_pw == 1) j += validate_user_pw(user, p); diff --git a/helpers/external_acl/wbinfo_group/wbinfo_group.pl b/helpers/external_acl/wbinfo_group/wbinfo_group.pl index 5089433216..d03a333571 100644 --- a/helpers/external_acl/wbinfo_group/wbinfo_group.pl +++ b/helpers/external_acl/wbinfo_group/wbinfo_group.pl @@ -12,13 +12,12 @@ # Jerry Murdock # # Version history: +# 2004-08-15 Henrik Nordstrom +# Helper protocol changed to URL escaped in Squid-3.0 # 2002-07-05 Jerry Murdock # Initial release # -# external_acl uses shell style lines in it's protocol -require 'shellwords.pl'; - # Disable output buffering $|=1; @@ -47,7 +46,9 @@ sub check { while () { chop; &debug ("Got $_ from squid"); - ($user, $group) = &shellwords; + ($user, $group) = split(/\s+/); + $user =~ s/%([0-9a-fA-F][0-9a-fA-F])/pack("c",hex($1))/eg; + $group =~ s/%([0-9a-fA-F][0-9a-fA-F])/pack("c",hex($1))/eg; $ans = &check($user, $group); &debug ("Sending $ans to squid"); print "$ans\n"; diff --git a/helpers/external_acl/winbind_group/Makefile.am b/helpers/external_acl/winbind_group/Makefile.am index 46766b4e1e..b03ee12611 100755 --- a/helpers/external_acl/winbind_group/Makefile.am +++ b/helpers/external_acl/winbind_group/Makefile.am @@ -1,12 +1,12 @@ # # Makefile for the wb_group external_acl helper # -# $Id: Makefile.am,v 1.6 2003/05/16 14:36:19 hno Exp $ +# $Id: Makefile.am,v 1.7 2004/08/14 22:54:53 hno Exp $ # libexec_PROGRAMS = wb_group wb_group_SOURCES = wb_check_group.c wb_common.c wbntlm.h wb_common.h EXTRA_DIST = readme.txt -INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \ - -I$(top_srcdir)/src -I@SAMBASOURCES@ -LDADD = -L$(top_builddir)/lib $(XTRA_LIBS) + +LDADD = -L$(top_builddir)/lib -lmiscutil @XTRA_LIBS@ +INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include -I@SAMBASOURCES@ diff --git a/helpers/external_acl/winbind_group/wb_check_group.c b/helpers/external_acl/winbind_group/wb_check_group.c index 3ff1ca51b0..e7ffe704d3 100755 --- a/helpers/external_acl/winbind_group/wb_check_group.c +++ b/helpers/external_acl/winbind_group/wb_check_group.c @@ -31,6 +31,9 @@ * * History: * + * Version 1.21 + * 15-08-2004 Henrik Nordstrom + * Helper protocol changed to use URL escaped strings in Squid-3.0 * Version 1.20 * 10-05-2003 Roberto Moreda * Added support for domain-qualified group Microsoft notation @@ -79,52 +82,6 @@ const char *myname; pid_t mypid; static int use_case_insensitive_compare=0; -static char * -strwordtok(char *buf, char **t) -{ - unsigned char *word = NULL; - unsigned char *p = (unsigned char *) buf; - unsigned char *d; - unsigned char ch; - int quoted = 0; - if (!p) - p = (unsigned char *) *t; - if (!p) - goto error; - while (*p && isspace(*p)) - p++; - if (!*p) - goto error; - word = d = p; - while ((ch = *p)) { - switch (ch) { - case '\\': - p++; - *d++ = ch = *p; - if (ch) - p++; - break; - case '"': - quoted = !quoted; - p++; - break; - default: - if (!quoted && isspace(*p)) { - p++; - goto done; - } - *d++ = *p++; - break; - } - } - done: - *d++ = '\0'; - error: - *t = (char *) p; - return (char *) word; -} - - static int strCaseCmp (const char *s1, const char *s2) { while (*s1 && toupper (*s1) == toupper (*s2)) s1++, s2++; @@ -317,11 +274,10 @@ check_winbindd() int main (int argc, char *argv[]) { - char *p, *t; + char *p; char buf[BUFSIZE]; char *username; char *group; - int err = 0; const char *groups[512]; int n; @@ -348,14 +304,16 @@ main (int argc, char *argv[]) check_winbindd(); /* Main Loop */ - while (fgets (buf, BUFSIZE, stdin)) + while (fgets (buf, sizeof(buf), stdin)) { if (NULL == strchr(buf, '\n')) { - err = 1; - continue; - } - if (err) { - warn("Oversized message\n"); + /* too large message received.. skip and deny */ + fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf); + while (fgets(buf, sizeof(buf), stdin)) { + fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf); + if (strchr(buf, '\n') != NULL) + break; + } goto error; } @@ -371,15 +329,18 @@ main (int argc, char *argv[]) goto error; } - username = strwordtok(buf, &t); - for (n = 0; (group = strwordtok(NULL, &t)) != NULL; n++) + username = strtok(buf, " "); + for (n = 0; (group = strtok(NULL, " ")) != NULL; n++) { + rfc1738_unescape(group); groups[n] = group; + } groups[n] = NULL; if (NULL == username) { warn("Invalid Request\n"); goto error; } + rfc1738_unescape(username); if (Valid_Groups(username, groups)) { printf ("OK\n"); @@ -387,7 +348,6 @@ main (int argc, char *argv[]) error: printf ("ERR\n"); } - err = 0; } return 0; }