From: Amos Jeffries Date: Sun, 23 Aug 2009 02:43:26 +0000 (-0600) Subject: SourceFormat: mswin_sspi helper X-Git-Tag: SQUID_3_2_0_1~769 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2f7be300e1a596e5fbc66a74c129eef744197ce6;p=thirdparty%2Fsquid.git SourceFormat: mswin_sspi helper --- diff --git a/helpers/negotiate_auth/mswin_sspi/libnegotiatessp.c b/helpers/negotiate_auth/mswin_sspi/libnegotiatessp.c index b5b367ebdc..7d40a8b667 100644 --- a/helpers/negotiate_auth/mswin_sspi/libnegotiatessp.c +++ b/helpers/negotiate_auth/mswin_sspi/libnegotiatessp.c @@ -8,7 +8,7 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - + * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. @@ -22,7 +22,7 @@ typedef unsigned char uchar; #include #endif -void +void hex_dump(void *data, int size) { /* dumps size bytes of *data to stdout. Looks like: @@ -32,54 +32,50 @@ hex_dump(void *data, int size) */ if (!data) - return; + return; if (debug_enabled) { - unsigned char *p = data; - unsigned char c; - int n; - char bytestr[4] = - {0}; - char addrstr[10] = - {0}; - char hexstr[16 * 3 + 5] = - {0}; - char charstr[16 * 1 + 5] = - {0}; - for (n = 1; n <= size; n++) { - if (n % 16 == 1) { - /* store address for this line */ - snprintf(addrstr, sizeof(addrstr), "%.4x", - ((unsigned int) p - (unsigned int) data)); - } - c = *p; - if (xisalnum(c) == 0) { - c = '.'; - } - /* store hex str (for left side) */ - snprintf(bytestr, sizeof(bytestr), "%02X ", *p); - strncat(hexstr, bytestr, sizeof(hexstr) - strlen(hexstr) - 1); + unsigned char *p = data; + unsigned char c; + int n; + char bytestr[4] = {0}; + char addrstr[10] = {0}; + char hexstr[16 * 3 + 5] = {0}; + char charstr[16 * 1 + 5] = {0}; + for (n = 1; n <= size; n++) { + if (n % 16 == 1) { + /* store address for this line */ + snprintf(addrstr, sizeof(addrstr), "%.4x", + ((unsigned int) p - (unsigned int) data)); + } + c = *p; + if (xisalnum(c) == 0) { + c = '.'; + } + /* store hex str (for left side) */ + snprintf(bytestr, sizeof(bytestr), "%02X ", *p); + strncat(hexstr, bytestr, sizeof(hexstr) - strlen(hexstr) - 1); - /* store char str (for right side) */ - snprintf(bytestr, sizeof(bytestr), "%c", c); - strncat(charstr, bytestr, sizeof(charstr) - strlen(charstr) - 1); + /* store char str (for right side) */ + snprintf(bytestr, sizeof(bytestr), "%c", c); + strncat(charstr, bytestr, sizeof(charstr) - strlen(charstr) - 1); - if (n % 16 == 0) { - /* line completed */ - fprintf(stderr, "[%4.4s] %-50.50s %s\n", addrstr, hexstr, charstr); - hexstr[0] = 0; - charstr[0] = 0; - } else if (n % 8 == 0) { - /* half line: add whitespaces */ - strncat(hexstr, " ", sizeof(hexstr) - strlen(hexstr) - 1); - strncat(charstr, " ", sizeof(charstr) - strlen(charstr) - 1); - } - p++; /* next byte */ - } + if (n % 16 == 0) { + /* line completed */ + fprintf(stderr, "[%4.4s] %-50.50s %s\n", addrstr, hexstr, charstr); + hexstr[0] = 0; + charstr[0] = 0; + } else if (n % 8 == 0) { + /* half line: add whitespaces */ + strncat(hexstr, " ", sizeof(hexstr) - strlen(hexstr) - 1); + strncat(charstr, " ", sizeof(charstr) - strlen(charstr) - 1); + } + p++; /* next byte */ + } - if (strlen(hexstr) > 0) { - /* print rest of buffer if not empty */ - fprintf(stderr, "[%4.4s] %-50.50s %s\n", addrstr, hexstr, charstr); - } + if (strlen(hexstr) > 0) { + /* print rest of buffer if not empty */ + fprintf(stderr, "[%4.4s] %-50.50s %s\n", addrstr, hexstr, charstr); + } } } diff --git a/helpers/negotiate_auth/mswin_sspi/negotiate.h b/helpers/negotiate_auth/mswin_sspi/negotiate.h index d546f84ced..e04aa06aaa 100644 --- a/helpers/negotiate_auth/mswin_sspi/negotiate.h +++ b/helpers/negotiate_auth/mswin_sspi/negotiate.h @@ -67,21 +67,21 @@ debug(char *format,...) #if FAIL_DEBUG if (debug_enabled || fail_debug_enabled) { #else - if (debug_enabled) { +if (debug_enabled) { #endif - va_list args; + va_list args; - va_start(args,format); - fprintf(stderr, "negotiate-auth[%d]: ",getpid()); - vfprintf(stderr, format, args); - va_end(args); + va_start(args,format); + fprintf(stderr, "negotiate-auth[%d]: ",getpid()); + vfprintf(stderr, format, args); + va_end(args); #if FAIL_DEBUG - fail_debug_enabled = 0; + fail_debug_enabled = 0; #endif - } + } #endif /* _SQUID_MSWIN_ */ #endif /* DEBUG */ - } +} #endif /* __GNUC__ */ diff --git a/helpers/negotiate_auth/mswin_sspi/negotiate_auth.c b/helpers/negotiate_auth/mswin_sspi/negotiate_auth.c index 80756d0bf0..e9e73746a7 100644 --- a/helpers/negotiate_auth/mswin_sspi/negotiate_auth.c +++ b/helpers/negotiate_auth/mswin_sspi/negotiate_auth.c @@ -60,8 +60,8 @@ uc(char *string) { char *p = string, c; while ((c = *p)) { - *p = xtoupper(c); - p++; + *p = xtoupper(c); + p++; } } @@ -71,8 +71,8 @@ lc(char *string) { char *p = string, c; while ((c = *p)) { - *p = xtolower(c); - p++; + *p = xtolower(c); + p++; } } @@ -96,11 +96,11 @@ void usage() { fprintf(stderr, - "Usage: %s [-d] [-v] [-h]\n" - " -d enable debugging.\n" - " -v enable verbose Negotiate packet debugging.\n" - " -h this message\n\n", - my_program_name); + "Usage: %s [-d] [-v] [-h]\n" + " -d enable debugging.\n" + " -v enable verbose Negotiate packet debugging.\n" + " -h this message\n\n", + my_program_name); } @@ -111,28 +111,28 @@ process_options(int argc, char *argv[]) opterr = 0; while (-1 != (opt = getopt(argc, argv, "hdv"))) { - switch (opt) { - case 'd': - debug_enabled = 1; - break; - case 'v': - debug_enabled = 1; - Negotiate_packet_debug_enabled = 1; - break; - case 'h': - usage(); - exit(0); - case '?': - opt = optopt; - /* fall thru to default */ - default: - fprintf(stderr, "unknown option: -%c. Exiting\n", opt); - usage(); - had_error = 1; - } + switch (opt) { + case 'd': + debug_enabled = 1; + break; + case 'v': + debug_enabled = 1; + Negotiate_packet_debug_enabled = 1; + break; + case 'h': + usage(); + exit(0); + case '?': + opt = optopt; + /* fall thru to default */ + default: + fprintf(stderr, "unknown option: -%c. Exiting\n", opt); + usage(); + had_error = 1; + } } if (had_error) - exit(1); + exit(1); } int @@ -147,149 +147,149 @@ manage_request() static char cred[SSP_MAX_CRED_LEN + 1]; BOOL Done = FALSE; - try_again: +try_again: if (fgets(buf, BUFFER_SIZE, stdin) == NULL) - return 0; + return 0; c = memchr(buf, '\n', BUFFER_SIZE); /* safer against overrun than strchr */ if (c) { - if (oversized) { - helperfail("illegal request received"); - fprintf(stderr, "Illegal request received: '%s'\n", buf); - return 1; - } - *c = '\0'; + if (oversized) { + helperfail("illegal request received"); + fprintf(stderr, "Illegal request received: '%s'\n", buf); + return 1; + } + *c = '\0'; } else { - fprintf(stderr, "No newline in '%s'\n", buf); - oversized = 1; - goto try_again; + fprintf(stderr, "No newline in '%s'\n", buf); + oversized = 1; + goto try_again; } if ((strlen(buf) > 3) && Negotiate_packet_debug_enabled) { - decoded = base64_decode(buf + 3); - strncpy(helper_command, buf, 2); - debug("Got '%s' from Squid with data:\n", helper_command); - hex_dump(decoded, ((strlen(buf) - 3) * 3) / 4); + decoded = base64_decode(buf + 3); + strncpy(helper_command, buf, 2); + debug("Got '%s' from Squid with data:\n", helper_command); + hex_dump(decoded, ((strlen(buf) - 3) * 3) / 4); } else - debug("Got '%s' from Squid\n", buf); + debug("Got '%s' from Squid\n", buf); if (memcmp(buf, "YR ", 3) == 0) { /* refresh-request */ - /* figure out what we got */ - decoded = base64_decode(buf + 3); - /* Note: we don't need to manage memory at this point, since - * base64_decode returns a pointer to static storage. - */ - if (!decoded) { /* decoding failure, return error */ - SEND("NA * Packet format error, couldn't base64-decode"); - return 1; - } - /* Obtain server blob against SSPI */ - plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */ - c = (char *) SSP_MakeNegotiateBlob(decoded, plen, &Done, &status, cred); + /* figure out what we got */ + decoded = base64_decode(buf + 3); + /* Note: we don't need to manage memory at this point, since + * base64_decode returns a pointer to static storage. + */ + if (!decoded) { /* decoding failure, return error */ + SEND("NA * Packet format error, couldn't base64-decode"); + return 1; + } + /* Obtain server blob against SSPI */ + plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */ + c = (char *) SSP_MakeNegotiateBlob(decoded, plen, &Done, &status, cred); - if (status == SSP_OK) { - if (Done) { - lc(cred); /* let's lowercase them for our convenience */ - have_serverblob = 0; - Done = FALSE; - if (Negotiate_packet_debug_enabled) { - decoded = base64_decode(c); - debug("sending 'AF' %s to squid with data:\n", cred); - if (c != NULL) - hex_dump(decoded, (strlen(c) * 3) / 4); - else - fprintf(stderr, "No data available.\n"); - printf("AF %s %s\n", c, cred); - } else - SEND3("AF %s %s", c, cred); - } else { - if (Negotiate_packet_debug_enabled) { - decoded = base64_decode(c); - debug("sending 'TT' to squid with data:\n"); - hex_dump(decoded, (strlen(c) * 3) / 4); - printf("TT %s\n", c); - } else { - SEND2("TT %s", c); - } - have_serverblob = 1; - } - } else - helperfail("can't obtain server blob"); - return 1; + if (status == SSP_OK) { + if (Done) { + lc(cred); /* let's lowercase them for our convenience */ + have_serverblob = 0; + Done = FALSE; + if (Negotiate_packet_debug_enabled) { + decoded = base64_decode(c); + debug("sending 'AF' %s to squid with data:\n", cred); + if (c != NULL) + hex_dump(decoded, (strlen(c) * 3) / 4); + else + fprintf(stderr, "No data available.\n"); + printf("AF %s %s\n", c, cred); + } else + SEND3("AF %s %s", c, cred); + } else { + if (Negotiate_packet_debug_enabled) { + decoded = base64_decode(c); + debug("sending 'TT' to squid with data:\n"); + hex_dump(decoded, (strlen(c) * 3) / 4); + printf("TT %s\n", c); + } else { + SEND2("TT %s", c); + } + have_serverblob = 1; + } + } else + helperfail("can't obtain server blob"); + return 1; } if (memcmp(buf, "KK ", 3) == 0) { /* authenticate-request */ - if (!have_serverblob) { - helperfail("invalid server blob"); - return 1; - } - /* figure out what we got */ - decoded = base64_decode(buf + 3); - /* Note: we don't need to manage memory at this point, since - * base64_decode returns a pointer to static storage. - */ - if (!decoded) { /* decoding failure, return error */ - SEND("NA * Packet format error, couldn't base64-decode"); - return 1; - } - /* check against SSPI */ - plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */ - c = (char *) SSP_ValidateNegotiateCredentials(decoded, plen, &Done, &status, cred); + if (!have_serverblob) { + helperfail("invalid server blob"); + return 1; + } + /* figure out what we got */ + decoded = base64_decode(buf + 3); + /* Note: we don't need to manage memory at this point, since + * base64_decode returns a pointer to static storage. + */ + if (!decoded) { /* decoding failure, return error */ + SEND("NA * Packet format error, couldn't base64-decode"); + return 1; + } + /* check against SSPI */ + plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */ + c = (char *) SSP_ValidateNegotiateCredentials(decoded, plen, &Done, &status, cred); - if (status == SSP_ERROR) { + if (status == SSP_ERROR) { #if FAIL_DEBUG - fail_debug_enabled = 1; + fail_debug_enabled = 1; #endif - FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, - NULL, - GetLastError(), - MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ - (LPTSTR) & ErrorMessage, - 0, - NULL); - if (ErrorMessage[strlen(ErrorMessage) - 1] == '\n') - ErrorMessage[strlen(ErrorMessage) - 1] = '\0'; - if (ErrorMessage[strlen(ErrorMessage) - 1] == '\r') - ErrorMessage[strlen(ErrorMessage) - 1] = '\0'; - SEND2("NA * %s", ErrorMessage); - LocalFree(ErrorMessage); - return 1; - } - if (Done) { - lc(cred); /* let's lowercase them for our convenience */ - have_serverblob = 0; - Done = FALSE; - if (Negotiate_packet_debug_enabled) { - decoded = base64_decode(c); - debug("sending 'AF' %s to squid with data:\n", cred); - if (c != NULL) - hex_dump(decoded, (strlen(c) * 3) / 4); - else - fprintf(stderr, "No data available.\n"); - printf("AF %s %s\n", c, cred); - } else { - SEND3("AF %s %s", c, cred); - } - return 1; - } else { - if (Negotiate_packet_debug_enabled) { - decoded = base64_decode(c); - debug("sending 'TT' to squid with data:\n"); - hex_dump(decoded, (strlen(c) * 3) / 4); - printf("TT %s\n", c); - } else - SEND2("TT %s", c); - return 1; - } + FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | + FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, + GetLastError(), + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ + (LPTSTR) & ErrorMessage, + 0, + NULL); + if (ErrorMessage[strlen(ErrorMessage) - 1] == '\n') + ErrorMessage[strlen(ErrorMessage) - 1] = '\0'; + if (ErrorMessage[strlen(ErrorMessage) - 1] == '\r') + ErrorMessage[strlen(ErrorMessage) - 1] = '\0'; + SEND2("NA * %s", ErrorMessage); + LocalFree(ErrorMessage); + return 1; + } + if (Done) { + lc(cred); /* let's lowercase them for our convenience */ + have_serverblob = 0; + Done = FALSE; + if (Negotiate_packet_debug_enabled) { + decoded = base64_decode(c); + debug("sending 'AF' %s to squid with data:\n", cred); + if (c != NULL) + hex_dump(decoded, (strlen(c) * 3) / 4); + else + fprintf(stderr, "No data available.\n"); + printf("AF %s %s\n", c, cred); + } else { + SEND3("AF %s %s", c, cred); + } + return 1; + } else { + if (Negotiate_packet_debug_enabled) { + decoded = base64_decode(c); + debug("sending 'TT' to squid with data:\n"); + hex_dump(decoded, (strlen(c) * 3) / 4); + printf("TT %s\n", c); + } else + SEND2("TT %s", c); + return 1; + } } else { /* not an auth-request */ - helperfail("illegal request received"); - fprintf(stderr, "Illegal request received: '%s'\n", buf); - return 1; + helperfail("illegal request received"); + fprintf(stderr, "Illegal request received: '%s'\n", buf); + return 1; } helperfail("detected protocol error"); return 1; -/********* END ********/ + /********* END ********/ } int @@ -302,8 +302,8 @@ main(int argc, char *argv[]) debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name); if (LoadSecurityDll(SSP_NTLM, NEGOTIATE_PACKAGE_NAME) == NULL) { - fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n"); - exit(1); + fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n"); + exit(1); } debug("SSPI initialized OK\n"); @@ -314,7 +314,7 @@ main(int argc, char *argv[]) setbuf(stderr, NULL); while (manage_request()) { - /* everything is done within manage_request */ + /* everything is done within manage_request */ } exit(0); }