From: Francesco Chemolli Date: Sat, 20 Dec 2014 08:00:35 +0000 (+0100) Subject: Rip out most of the configuration file logic X-Git-Tag: merge-candidate-3-v1~410^2~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1de9145cbe289e2883c184ca6799be8be097207a;p=thirdparty%2Fsquid.git Rip out most of the configuration file logic --- diff --git a/helpers/basic_auth/MSNT/Makefile.am b/helpers/basic_auth/MSNT/Makefile.am index c01522bdf1..63b41920ec 100644 --- a/helpers/basic_auth/MSNT/Makefile.am +++ b/helpers/basic_auth/MSNT/Makefile.am @@ -12,13 +12,8 @@ MSNTAUTH_CONF = $(sysconfdir)/msntauth.conf libexec_PROGRAMS = basic_msnt_auth basic_msnt_auth_SOURCES = \ - allowusers.cc \ - confload.cc \ - denyusers.cc \ msntauth.cc \ msntauth.h \ - usersfile.cc \ - usersfile.h \ valid.cc \ valid.h diff --git a/helpers/basic_auth/MSNT/allowusers.cc b/helpers/basic_auth/MSNT/allowusers.cc deleted file mode 100644 index d5963ec8de..0000000000 --- a/helpers/basic_auth/MSNT/allowusers.cc +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (C) 1996-2014 The Squid Software Foundation and contributors - * - * Squid software is distributed under GPLv2+ license and includes - * contributions from numerous individuals and organizations. - * Please see the COPYING and CONTRIBUTORS files for details. - */ - -/* - * allowusers.c - * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd - * Released under GPL, see COPYING-2.0 for details. - * - * These routines are to allow users attempting to use the proxy which - * have been explicitly allowed by the system administrator. - * The code originated from denyusers.c. - */ - -#include "squid.h" -#include "msntauth.h" -#include "usersfile.h" - -#include -#include -#include -#include -#include - -static usersfile AllowUsers; -static int init = 0; - -/* shared */ -char Allowuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */ - -int -Read_allowusers(void) -{ - if (!init) { - memset(&AllowUsers, '\0', sizeof(AllowUsers)); - init = 1; - } - if (*Allowuserpath) - return Read_usersfile(Allowuserpath, &AllowUsers); - else - return 0; -} - -int -Check_ifuserallowed(char *ConnectingUser) -{ - return Check_userlist(&AllowUsers, ConnectingUser); -} - -void -Check_forallowchange(void) -{ - Check_forfilechange(&AllowUsers); -} diff --git a/helpers/basic_auth/MSNT/msntauth.cc b/helpers/basic_auth/MSNT/msntauth.cc index 9390fd340c..808f5a54bd 100644 --- a/helpers/basic_auth/MSNT/msntauth.cc +++ b/helpers/basic_auth/MSNT/msntauth.cc @@ -43,18 +43,34 @@ #include #include +#include +#include +#include //todo: turn into multimap #include #include "msntauth.h" +#include "valid.h" extern char version[]; -char msntauth_version[] = "Msntauth v2.0.3 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 26 Jun 2002"; +char msntauth_version[] = "Msntauth v2.0.3 (C) 2 Sep 2001 Stellar-X Antonino Iannella.\nModified by the Squid HTTP Proxy team 2002-2014"; -/* Main program for simple authentication. - * Reads the denied user file. Sets alarm timer. - * Scans and checks for Squid input, and attempts to validate the user. - */ +//todo: turn into a multimap +struct domaincontroller { + std::string domain; + std::string server; +}; +std::vector domaincontrollers; +bool +validate_user(char *username, char *password) +{ + for (domaincontroller dc : domaincontrollers) { + if (Valid_User(username, password, dc.server.c_str(), NULL, dc.domain.c_str())) + return true; + } + return false; +} +// arguments: domain/server_name int main(int argc, char **argv) { @@ -66,34 +82,25 @@ main(int argc, char **argv) openlog("msnt_auth", LOG_PID, LOG_USER); setbuf(stdout, NULL); - /* Read configuration file. Abort wildly if error. */ - if (OpenConfigFile() == 1) - return 1; - - /* - * Read denied and allowed user files. - * If they fails, there is a serious problem. - * Check syslog messages. Deny all users while in this state. - * The msntauth process should then be killed. - */ - if ((Read_denyusers() == 1) || (Read_allowusers() == 1)) { - while (1) { - memset(wstr, '\0', sizeof(wstr)); - if (fgets(wstr, 255, stdin) == NULL) - break; - puts("ERR"); - } - return 1; + for (int j = 1; j < argc; ++j) { + std::string arg = argv[j]; + size_t pos=arg.find('/'); + if (arg.find('/',pos+1)) { + std::cerr << "Error: can't understand domain controller specification '" + << arg << '"' << std::endl; + exit(1); + } + domaincontroller dc; + dc.domain = arg.substr(0,pos); + dc.server = arg.substr(pos+1); + if (dc.domain.length() == 0 || dc.server.length() == 0) { + std::cerr << "Error: invalid domain specification in '" << arg << + "'" << std::endl; + exit(1); + } + domaincontrollers.push_back(dc); } - /* - * Make Check_forchange() the handle for HUP signals. - * Don't use alarms any more. I don't think it was very - * portable between systems. - * XXX this should be sigaction() - */ - signal(SIGHUP, Check_forchange); - while (1) { int n; /* Read whole line from standard input. Terminate on break. */ @@ -114,7 +121,6 @@ main(int argc, char **argv) /* * extract username and password. - * XXX is sscanf() safe? */ username[0] = '\0'; password[0] = '\0'; @@ -128,21 +134,13 @@ main(int argc, char **argv) puts("ERR"); continue; } - Checktimer(); /* Check if the user lists have changed */ rfc1738_unescape(username); rfc1738_unescape(password); - /* - * Check if user is explicitly denied or allowed. - * If user passes both checks, they can be authenticated. - */ - if (Check_user(username) == 1) { - syslog(LOG_INFO, "'%s' denied", username); - puts("ERR"); - } else if (QueryServers(username, password) == 0) + if (validate_user(username, password)) { puts("OK"); - else { + } else { syslog(LOG_INFO, "'%s' login failed", username); puts("ERR"); } diff --git a/helpers/basic_auth/MSNT/msntauth.h b/helpers/basic_auth/MSNT/msntauth.h index b18f24428c..d8b9fbcd5f 100644 --- a/helpers/basic_auth/MSNT/msntauth.h +++ b/helpers/basic_auth/MSNT/msntauth.h @@ -9,15 +9,7 @@ #ifndef _SQUID_HELPERS_BASIC_AUTH_MSNT_MSNTAUTH_H #define _SQUID_HELPERS_BASIC_AUTH_MSNT_MSNTAUTH_H -extern int OpenConfigFile(void); extern int QueryServers(char *, char *); -extern void Checktimer(void); -extern "C" void Check_forchange(int); -extern int Read_denyusers(void); -extern int Read_allowusers(void); -extern int Check_user(char *); -extern int QueryServers(char *, char *); -extern int Check_ifuserallowed(char *ConnectingUser); extern void Check_forallowchange(void); #endif /* _SQUID_HELPERS_BASIC_AUTH_MSNT_MSNTAUTH_H */ diff --git a/helpers/basic_auth/MSNT/valid.cc b/helpers/basic_auth/MSNT/valid.cc index e5b124a9f7..775fca58cc 100644 --- a/helpers/basic_auth/MSNT/valid.cc +++ b/helpers/basic_auth/MSNT/valid.cc @@ -19,11 +19,13 @@ #include "smblib/smblib.h" #include "valid.h" + +//TODO: remove BACKUP int -Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN) +Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *BACKUP, const char *DOMAIN) { const char *supportedDialects[] = {"PC NETWORK PROGRAM 1.0", - "MICROSOFT NETWORKS 1.03", + "MICchecROSOFT NETWORKS 1.03", "MICROSOFT NETWORKS 3.0", "LANMAN1.0", "LM1.2X002", diff --git a/helpers/basic_auth/MSNT/valid.h b/helpers/basic_auth/MSNT/valid.h index 07539277d9..40ca4820a5 100644 --- a/helpers/basic_auth/MSNT/valid.h +++ b/helpers/basic_auth/MSNT/valid.h @@ -15,6 +15,6 @@ #define NTV_PROTOCOL_ERROR 2 #define NTV_LOGON_ERROR 3 -int Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN); +int Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *BACKUP, const char *DOMAIN); #endif diff --git a/helpers/basic_auth/SSPI/valid.cc b/helpers/basic_auth/SSPI/valid.cc index a0650e1bd1..40e58c2c3b 100644 --- a/helpers/basic_auth/SSPI/valid.cc +++ b/helpers/basic_auth/SSPI/valid.cc @@ -123,66 +123,3 @@ Valid_Group(char *UserName, char *Group) NetApiBufferFree(pBuf); return result; } - -/* Valid_User return codes - - 0 - User authenticated successfully. - 1 - Server error. - 2 - Group membership error. - 3 - Logon error; Incorrect password or username given. -*/ - -int -Valid_User(char *UserName, char *Password, char *Group) -{ - int result = NTV_SERVER_ERROR; - size_t i; - char NTDomain[256]; - char *domain_qualify = NULL; - char DomainUser[256]; - char User[256]; - - errormsg = NTV_SERVER_ERROR_MSG; - strncpy(NTDomain, UserName, sizeof(NTDomain)); - - for (i=0; i < strlen(NTV_VALID_DOMAIN_SEPARATOR); ++i) { - if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[i])) != NULL) - break; - } - if (domain_qualify == NULL) { - strcpy(User, NTDomain); - strcpy(NTDomain, Default_NTDomain); - } else { - strcpy(User, domain_qualify + 1); - domain_qualify[0] = '\0'; - } - /* Log the client on to the local computer. */ - if (!SSP_LogonUser(User, Password, NTDomain)) { - result = NTV_LOGON_ERROR; - errormsg = NTV_LOGON_ERROR_MSG; - debug("%s\n", errormsg); - } else { - result = NTV_NO_ERROR; - if (strcmp(NTDomain, NTV_DEFAULT_DOMAIN) == 0) - strcpy(DomainUser, User); - else { - strcpy(DomainUser, NTDomain); - strcat(DomainUser, "\\"); - strcat(DomainUser, User); - } - if (UseAllowedGroup) { - if (!Valid_Group(DomainUser, NTAllowedGroup)) { - result = NTV_GROUP_ERROR; - errormsg = NTV_GROUP_ERROR_MSG; - debug("%s\n", errormsg); - } - } - if (UseDisallowedGroup) { - if (Valid_Group(DomainUser, NTDisAllowedGroup)) { - result = NTV_GROUP_ERROR; - errormsg = NTV_GROUP_ERROR_MSG; - debug("%s\n", errormsg); - } - } - } - return result; -} diff --git a/helpers/basic_auth/SSPI/valid.h b/helpers/basic_auth/SSPI/valid.h index ea78c9fa0c..5ace2792de 100644 --- a/helpers/basic_auth/SSPI/valid.h +++ b/helpers/basic_auth/SSPI/valid.h @@ -91,6 +91,4 @@ debug(char *format,...) } #endif /* __GNUC__ */ -int Valid_User(char *,char *, char *); - #endif diff --git a/lib/smblib/smblib.c b/lib/smblib/smblib.c index 7b0b84181f..cb5b89bb3b 100644 --- a/lib/smblib/smblib.c +++ b/lib/smblib/smblib.c @@ -99,7 +99,7 @@ SMB_Handle_Type SMB_Create_Con_Handle() /* or anything else ... */ SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type Con_Handle, - char *server, const char *NTdomain) + const char *server, const char *NTdomain) { SMB_Handle_Type con; diff --git a/lib/smblib/smblib.h b/lib/smblib/smblib.h index ccbd28225e..d4ce2b8253 100644 --- a/lib/smblib/smblib.h +++ b/lib/smblib/smblib.h @@ -50,7 +50,7 @@ extern "C" { /* Connect to a server, but do not do a tree con etc ... */ SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type Con_Handle, - char *server, + const char *server, const char *NTdomain); /* Connect to a server and give us back a handle. If Con == NULL, create */