From: Amos Jeffries Date: Mon, 28 Jun 2010 10:56:49 +0000 (+1200) Subject: Pull out the basic helper API definitions for sharing X-Git-Tag: SQUID_3_2_0_1~110 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43fed740b24c9b64720ba589782c48694ce55c7d;p=thirdparty%2Fsquid.git Pull out the basic helper API definitions for sharing --- diff --git a/helpers/Makefile.am b/helpers/Makefile.am index aa4675c24f..95a5a9d70d 100644 --- a/helpers/Makefile.am +++ b/helpers/Makefile.am @@ -6,3 +6,5 @@ SUBDIRS = \ negotiate_auth \ ntlm_auth \ url_rewrite + +EXTRA_DIST = defines.h diff --git a/helpers/basic_auth/NCSA/basic_ncsa_auth.cc b/helpers/basic_auth/NCSA/basic_ncsa_auth.cc index 2f49f45ec7..19fb48e383 100644 --- a/helpers/basic_auth/NCSA/basic_ncsa_auth.cc +++ b/helpers/basic_auth/NCSA/basic_ncsa_auth.cc @@ -1,6 +1,4 @@ /* - * ncsa_auth.c - * * AUTHOR: Arjan de Vet * * Example authentication program for Squid, based on the original @@ -18,23 +16,21 @@ */ #include "config.h" +#include "crypt_md5.h" +#include "hash.h" +#include "helpers/defines.h" #include "rfc1738.h" +#include "util.h" #if HAVE_STDIO_H #include #endif -#if HAVE_STDLIB_H -#include -#endif #if HAVE_UNISTD_H #include #endif #if HAVE_STRING_H #include #endif -#if HAVE_SYS_TYPES_H -#include -#endif #if HAVE_SYS_STAT_H #include #endif @@ -42,10 +38,6 @@ #include #endif -#include "util.h" -#include "hash.h" -#include "crypt_md5.h" - static hash_table *hash = NULL; static HASHFREE my_free; @@ -80,12 +72,12 @@ read_passwd_file(const char *passwdfile) /* initial setup */ hash = hash_create((HASHCMP *) strcmp, 7921, hash_string); if (NULL == hash) { - fprintf(stderr, "ncsa_auth: cannot create hash table\n"); + fprintf(stderr, "FATAL: Cannot create hash table\n"); exit(1); } f = fopen(passwdfile, "r"); if (NULL == f) { - fprintf(stderr, "%s: %s\n", passwdfile, xstrerror()); + fprintf(stderr, "FATAL: %s: %s\n", passwdfile, xstrerror()); exit(1); } while (fgets(buf, 8192, f) != NULL) { @@ -109,7 +101,7 @@ main(int argc, char **argv) { struct stat sb; time_t change_time = -1; - char buf[256]; + char buf[HELPER_INPUT_BUFFER]; char *user, *passwd, *p; user_data *u; setbuf(stdout, NULL); @@ -118,10 +110,10 @@ main(int argc, char **argv) exit(1); } if (stat(argv[1], &sb) != 0) { - fprintf(stderr, "cannot stat %s\n", argv[1]); + fprintf(stderr, "FATAL: cannot stat %s\n", argv[1]); exit(1); } - while (fgets(buf, 256, stdin) != NULL) { + while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) { if ((p = strchr(buf, '\n')) != NULL) *p = '\0'; /* strip \n */ if (stat(argv[1], &sb) == 0) { @@ -131,28 +123,28 @@ main(int argc, char **argv) } } if ((user = strtok(buf, " ")) == NULL) { - printf("ERR\n"); + SEND_ERR(""); continue; } if ((passwd = strtok(NULL, "")) == NULL) { - printf("ERR\n"); + SEND_ERR(""); continue; } rfc1738_unescape(user); rfc1738_unescape(passwd); u = (user_data *) hash_lookup(hash, user); if (u == NULL) { - printf("ERR No such user\n"); + SEND_ERR("No such user"); #if HAVE_CRYPT } else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) { - printf("OK\n"); + SEND_OK(""); #endif } else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) { - printf("OK\n"); + SEND_OK(""); } else if (strcmp(u->passwd, (char *) md5sum(passwd)) == 0) { /* md5 without salt and magic strings - Added by Ramon de Carvalho and Rodrigo Rubira Branco */ - printf("OK\n"); + SEND_OK(""); } else { - printf("ERR Wrong password\n"); + SEND_ERR("Wrong password"); } } if (hash != NULL) { diff --git a/helpers/basic_auth/PAM/basic_pam_auth.cc b/helpers/basic_auth/PAM/basic_pam_auth.cc index 006e1ab880..5b52cdfdab 100644 --- a/helpers/basic_auth/PAM/basic_pam_auth.cc +++ b/helpers/basic_auth/PAM/basic_pam_auth.cc @@ -67,7 +67,7 @@ */ #define SQUID_NO_ALLOC_PROTECT 1 #include "config.h" - +#include "helpers/defines.h" #include "rfc1738.h" #include "util.h" @@ -93,9 +93,6 @@ #include #endif -#define BUFSIZE 8192 - - /* The default PAM service name */ #ifndef DEFAULT_SQUID_PAM_SERVICE #define DEFAULT_SQUID_PAM_SERVICE "squid" @@ -120,7 +117,7 @@ static int password_conversation(int num_msg, PAM_CONV_FUNC_CONST_PARM struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { if (num_msg != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF) { - fprintf(stderr, "ERROR: Unexpected PAM converstaion '%d/%s'\n", msg[0]->msg_style, msg[0]->msg); + debug("ERROR: Unexpected PAM converstaion '%d/%s'\n", msg[0]->msg_style, msg[0]->msg); return PAM_CONV_ERR; } #if _SQUID_SOLARIS_ @@ -132,12 +129,12 @@ password_conversation(int num_msg, PAM_CONV_FUNC_CONST_PARM struct pam_message * } #endif if (!appdata_ptr) { - fprintf(stderr, "ERROR: No password available to password_converstation!\n"); + debug("ERROR: No password available to password_converstation!\n"); return PAM_CONV_ERR; } *resp = static_cast(calloc(num_msg, sizeof(struct pam_response))); if (!*resp) { - fprintf(stderr, "ERROR: Out of memory!\n"); + debug("ERROR: Out of memory!\n"); return PAM_CONV_ERR; } (*resp)[0].resp = xstrdup((char *) appdata_ptr); @@ -170,7 +167,7 @@ main(int argc, char *argv[]) int retval = PAM_SUCCESS; char *user; char *password_buf; - char buf[BUFSIZE]; + char buf[HELPER_INPUT_BUFFER]; time_t pamh_created = 0; int ttl = DEFAULT_SQUID_PAM_TTL; const char *service = DEFAULT_SQUID_PAM_SERVICE; @@ -197,29 +194,29 @@ main(int argc, char *argv[]) no_acct_mgmt = 1; break; default: - fprintf(stderr, "Unknown getopt value '%c'\n", ch); + fprintf(stderr, "FATAL: Unknown getopt value '%c'\n", ch); usage(argv[0]); exit(1); } } start: if (optind < argc) { - fprintf(stderr, "Unknown option '%s'\n", argv[optind]); + fprintf(stderr, "FATAL: Unknown option '%s'\n", argv[optind]); usage(argv[0]); exit(1); } - while (fgets(buf, BUFSIZE, stdin)) { + while (fgets(buf, HELPER_INPUT_BUFFER, stdin)) { user = buf; password_buf = strchr(buf, '\n'); if (!password_buf) { - fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf); + debug("ERROR: %s: Unexpected input '%s'\n", argv[0], buf); goto error; } *password_buf = '\0'; password_buf = strchr(buf, ' '); if (!password_buf) { - fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf); + debug("ERROR: %s: Unexpected input '%s'\n", argv[0], buf); goto error; } *password_buf++ = '\0'; @@ -237,7 +234,7 @@ start: /* Create PAM connection */ retval = pam_start(service, user, &conv, &pamh); if (retval != PAM_SUCCESS) { - fprintf(stderr, "ERROR: failed to create PAM authenticator\n"); + debug("ERROR: failed to create PAM authenticator\n"); goto error; } } else if (!pamh || (time(NULL) - pamh_created) >= ttl || pamh_created > time(NULL)) { @@ -245,14 +242,14 @@ start: if (pamh) { retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { - fprintf(stderr, "WARNING: failed to release PAM authenticator\n"); + debug("WARNING: failed to release PAM authenticator\n"); } pamh = NULL; } /* Initialize persistent PAM connection */ retval = pam_start(service, "squid@", &conv, &pamh); if (retval != PAM_SUCCESS) { - fprintf(stderr, "ERROR: failed to create PAM authenticator\n"); + debug("ERROR: failed to create PAM authenticator\n"); goto error; } pamh_created = time(NULL); @@ -270,10 +267,10 @@ start: if (retval == PAM_SUCCESS && !no_acct_mgmt) retval = pam_acct_mgmt(pamh, 0); if (retval == PAM_SUCCESS) { - fprintf(stdout, "OK\n"); + SEND_OK(""); } else { error: - fprintf(stdout, "ERR\n"); + SEND_ERR(""); } /* cleanup */ retval = PAM_SUCCESS; @@ -286,7 +283,7 @@ error: if (ttl == 0 || retval != PAM_SUCCESS) { retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { - fprintf(stderr, "WARNING: failed to release PAM authenticator\n"); + debug("WARNING: failed to release PAM authenticator\n"); } pamh = NULL; } @@ -296,7 +293,7 @@ error: retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { pamh = NULL; - fprintf(stderr, "ERROR: failed to release PAM authenticator\n"); + debug("ERROR: failed to release PAM authenticator\n"); } } return 0; diff --git a/helpers/basic_auth/RADIUS/basic_radius_auth.cc b/helpers/basic_auth/RADIUS/basic_radius_auth.cc index 51fc29c50a..94a6f0b4a5 100644 --- a/helpers/basic_auth/RADIUS/basic_radius_auth.cc +++ b/helpers/basic_auth/RADIUS/basic_radius_auth.cc @@ -45,10 +45,11 @@ * and many others */ -#include "config.h" -#include "md5.h" -#include "radius.h" -#include "radius-util.h" +#include "config.h" +#include "helpers/defines.h" +#include "md5.h" +#include "radius.h" +#include "radius-util.h" #if HAVE_SYS_SOCKET_H #include @@ -93,9 +94,10 @@ #include #endif +/* AYJ: helper input buffer may be a lot larger than this used to expect... */ #define MAXPWNAM 254 #define MAXPASS 254 -#define MAXLINE 254 +#define MAXLINE 254 static void md5_calc(uint8_t out[16], void *in, size_t len); @@ -177,9 +179,7 @@ result_recv(u_int32_t host, u_short udp_port, char *buffer, int length) totallen = ntohs(auth->length); if (totallen != length) { - fprintf(stderr, - "basic_radius_auth: Received invalid reply length from server (want %d/ got %d)\n", - totallen, length); + debug("Received invalid reply length from server (want %d/ got %d)\n", totallen, length); return -1; } if (auth->id != request_id) { @@ -194,7 +194,7 @@ result_recv(u_int32_t host, u_short udp_port, char *buffer, int length) md5_calc(calc_digest, (unsigned char *) auth, length + secretlen); if (memcmp(reply_digest, calc_digest, AUTH_VECTOR_LEN) != 0) { - fprintf(stderr, "Warning: Received invalid reply digest from server\n"); + debug("WARNING: Received invalid reply digest from server\n"); return -1; } if (auth->code != PW_AUTHENTICATION_ACK) @@ -448,7 +448,7 @@ main(int argc, char **argv) char username[MAXPWNAM]; char passwd[MAXPASS]; char *ptr; - char authstring[MAXLINE]; + char buf[HELPER_INPUT_BUFFER]; const char *cfname = NULL; int err = 0; socklen_t salen; @@ -482,16 +482,16 @@ main(int argc, char **argv) if (cfname) { if (rad_auth_config(cfname) < 0) { - fprintf(stderr, "%s: can't open configuration file '%s'.\n", argv[0], cfname); + fprintf(stderr, "FATAL: %s: can't open configuration file '%s'.\n", argv[0], cfname); exit(1); } } if (!*server) { - fprintf(stderr, "%s: Server not specified\n", argv[0]); + fprintf(stderr, "FATAL: %s: Server not specified\n", argv[0]); exit(1); } if (!*secretkey) { - fprintf(stderr, "%s: Shared secret not specified\n", argv[0]); + fprintf(stderr, "FATAL: %s: Shared secret not specified\n", argv[0]); exit(1); } #ifdef _SQUID_MSWIN_ @@ -514,7 +514,7 @@ main(int argc, char **argv) /* Get the IP address of the authentication server */ if ((auth_ipaddr = get_ipaddr(server)) == 0) { - fprintf(stderr, "Couldn't find host %s\n", server); + fprintf(stderr, "FATAL: %s: Couldn't find host %s\n", argv[0], server); exit(1); } sockfd = socket(AF_INET, SOCK_DGRAM, 0); @@ -540,31 +540,31 @@ main(int argc, char **argv) fcntl(sockfd, F_SETFL, fcntl(sockfd, F_GETFL, 0) | O_NONBLOCK); #endif nas_ipaddr = ntohl(salocal.sin_addr.s_addr); - while (fgets(authstring, MAXLINE, stdin) != NULL) { + while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) { char *end; /* protect me form to long lines */ - if ((end = strchr(authstring, '\n')) == NULL) { + if ((end = strchr(buf, '\n')) == NULL) { err = 1; continue; } if (err) { - printf("ERR\n"); + SEND_ERR(""); err = 0; continue; } - if (strlen(authstring) > MAXLINE) { - printf("ERR\n"); + if (strlen(buf) > HELPER_INPUT_BUFFER) { + SEND_ERR(""); continue; } /* Strip off the trailing newline */ *end = '\0'; /* Parse out the username and password */ - ptr = authstring; + ptr = buf; while (isspace(*ptr)) ptr++; if ((end = strchr(ptr, ' ')) == NULL) { - printf("ERR\n"); /* No password */ + SEND_ERR("No password"); continue; } *end = '\0'; @@ -575,9 +575,9 @@ main(int argc, char **argv) urldecode(passwd, ptr, MAXPASS); if (authenticate(sockfd, username, passwd)) - printf("OK\n"); + SEND_OK(""); else - printf("ERR\n"); + SEND_ERR(""); } close(sockfd); exit(1); diff --git a/helpers/basic_auth/SASL/basic_sasl_auth.cc b/helpers/basic_auth/SASL/basic_sasl_auth.cc index 51dc6df7cf..ef0001ea42 100644 --- a/helpers/basic_auth/SASL/basic_sasl_auth.cc +++ b/helpers/basic_auth/SASL/basic_sasl_auth.cc @@ -27,6 +27,7 @@ * */ #include "config.h" +#include "helpers/defines.h" #include "rfc1738.h" #include "util.h" @@ -53,7 +54,7 @@ int main(int argc, char *argv[]) { - char line[8192]; + char line[HELPER_INPUT_BUFFER]; char *username, *password; #if SASL_VERSION_MAJOR < 2 const char *errstr; @@ -68,8 +69,7 @@ main(int argc, char *argv[]) rc = sasl_server_init( NULL, APP_NAME_SASL ); if ( rc != SASL_OK ) { - fprintf( stderr, "error %d %s\n", rc, sasl_errstring(rc, NULL, NULL )); - fprintf( stdout, "ERR\n" ); + fprintf(stderr, "FATAL: %d %s\n", rc, sasl_errstring(rc, NULL, NULL )); return 1; } @@ -80,24 +80,23 @@ main(int argc, char *argv[]) #endif if ( rc != SASL_OK ) { - fprintf( stderr, "error %d %s\n", rc, sasl_errstring(rc, NULL, NULL )); - fprintf( stdout, "ERR\n" ); + fprintf(stderr, "FATAL: %d %s\n", rc, sasl_errstring(rc, NULL, NULL )); return 1; } - while ( fgets( line, sizeof( line ), stdin )) { + while ( fgets( line, HELPER_INPUT_BUFFER, stdin )) { username = &line[0]; password = strchr( line, '\n' ); - if ( !password) { - fprintf( stderr, "authenticator: Unexpected input '%s'\n", line ); - fprintf( stdout, "ERR\n" ); + if (!password) { + debug("ERROR: %s: Unexpected input '%s'\n", argv[0], line); + SEND_ERR("Unexpected Empty Input"); continue; } *password = '\0'; password = strchr ( line, ' ' ); - if ( !password) { - fprintf( stderr, "authenticator: Unexpected input '%s'\n", line ); - fprintf( stdout, "ERR\n" ); + if (!password) { + debug("ERROR: %s: Unexpected input '%s' (no password)\n", argv[0], line ); + SEND_ERR("No Password"); continue; } *password++ = '\0'; @@ -114,21 +113,20 @@ main(int argc, char *argv[]) if ( rc != SASL_OK ) { #if SASL_VERSION_MAJOR < 2 if ( errstr ) { - fprintf( stderr, "errstr %s\n", errstr ); + debug("errstr %s\n", errstr); } if ( rc != SASL_BADAUTH ) { - fprintf( stderr, "error %d %s\n", rc, sasl_errstring(rc, NULL, NULL )); - } + debug("ERROR: %d %s\n", rc, sasl_errstring(rc, NULL, NULL)); + SEND_ERR(sasl_errstring(rc, NULL, NULL)); + } else #endif - fprintf( stdout, "ERR\n" ); + SEND_ERR(""); } else { - fprintf( stdout, "OK\n" ); + SEND_OK(""); } - } - sasl_dispose( &conn ); + sasl_dispose(&conn); sasl_done(); - return 0; } diff --git a/helpers/basic_auth/SSPI/basic_sspi_auth.cc b/helpers/basic_auth/SSPI/basic_sspi_auth.cc index adcefe9b3a..855c973b71 100644 --- a/helpers/basic_auth/SSPI/basic_sspi_auth.cc +++ b/helpers/basic_auth/SSPI/basic_sspi_auth.cc @@ -25,6 +25,7 @@ */ #include "config.h" +#include "helpers/defines.h" #include "util.h" #if HAVE_STDIO_H @@ -57,20 +58,19 @@ char *my_program_name = NULL; void usage() { - fprintf(stderr, - "%s usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n" + fprintf(stderr, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n" "-A can specify a Windows Local Group name allowed to authenticate\n" "-D can specify a Windows Local Group name not allowed to authenticate\n" "-O can specify the default Domain against to authenticate\n" "-d enable debugging.\n" "-h this message\n\n", - my_program_name, my_program_name); + my_program_name); } void process_options(int argc, char *argv[]) { - int opt, had_error = 0; + int opt; while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) { switch (opt) { case 'A': @@ -96,25 +96,20 @@ process_options(int argc, char *argv[]) opt = optopt; /* fall thru to default */ default: - fprintf(stderr, "Unknown option: -%c. Exiting\n", opt); - had_error = 1; + fprintf(stderr, "FATAL: Unknown option: -%c\n", opt); + usage(); + exit(1); } } - if (had_error) { - usage(); - exit(1); - } } /* Main program for simple authentication. Scans and checks for Squid input, and attempts to validate the user. */ - int main(int argc, char **argv) - { - char wstr[256]; + char wstr[HELPER_INPUT_BUFFER]; char username[256]; char password[256]; char *p; @@ -123,10 +118,8 @@ main(int argc, char **argv) my_program_name = argv[0]; process_options(argc, argv); - debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name); - if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) { - fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n"); + fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n"); exit(1); } debug("SSPI initialized OK\n"); @@ -137,19 +130,17 @@ main(int argc, char **argv) setbuf(stdout, NULL); setbuf(stderr, NULL); - while (1) { - /* Read whole line from standard input. Terminate on break. */ - if (fgets(wstr, 255, stdin) == NULL) - break; + while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) { if (NULL == strchr(wstr, '\n')) { err = 1; continue; } if (err) { - fprintf(stderr, "Oversized message\n"); - puts("ERR"); - goto error; + SEND_ERR("Oversized message"); + err = 0; + fflush(stdout); + continue; } if ((p = strchr(wstr, '\n')) != NULL) @@ -165,8 +156,7 @@ main(int argc, char **argv) /* Check for invalid or blank entries */ if ((username[0] == '\0') || (password[0] == '\0')) { - fprintf(stderr, "Invalid Request\n"); - puts("ERR"); + SEND_ERR("Invalid Request"); fflush(stdout); continue; } @@ -176,10 +166,9 @@ main(int argc, char **argv) debug("Trying to validate; %s %s\n", username, password); if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR) - puts("OK"); + SEND_OK(""); else - printf("ERR %s\n", errormsg); -error: + SEND_ERR(errormsg); err = 0; fflush(stdout); } diff --git a/helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc b/helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc index a75b8b4f07..c05f2e04d5 100644 --- a/helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc +++ b/helpers/basic_auth/getpwnam/basic_getpwnam_auth.cc @@ -25,7 +25,9 @@ */ #include "config.h" +#include "helpers/defines.h" #include "rfc1738.h" +#include "util.h" #if HAVE_STDIO_H #include @@ -49,11 +51,6 @@ #include #endif -#include "util.h" - -#define ERR "ERR\n" -#define OK "OK\n" - static int passwd_auth(char *user, char *passwd) { @@ -92,21 +89,21 @@ int main(int argc, char **argv) { int auth = 0; - char buf[256]; + char buf[HELPER_INPUT_BUFFER]; char *user, *passwd, *p; setbuf(stdout, NULL); - while (fgets(buf, 256, stdin) != NULL) { + while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) { if ((p = strchr(buf, '\n')) != NULL) *p = '\0'; /* strip \n */ if ((user = strtok(buf, " ")) == NULL) { - printf(ERR); + SEND_ERR("No Username"); continue; } if ((passwd = strtok(NULL, "")) == NULL) { - printf(ERR); + SEND_ERR("No Password"); continue; } rfc1738_unescape(user); @@ -117,14 +114,14 @@ main(int argc, char **argv) auth = passwd_auth(user, passwd); #endif if (auth == 0) { - printf("ERR No such user\n"); + SEND_ERR("No such user"); } else { if (auth == 2) { - printf("ERR Wrong password\n"); + SEND_ERR("Wrong password"); } else { - printf(OK); + SEND_OK(""); } } } - exit(0); + return 0; } diff --git a/helpers/defines.h b/helpers/defines.h new file mode 100644 index 0000000000..9cd7fbcd08 --- /dev/null +++ b/helpers/defines.h @@ -0,0 +1,19 @@ +#ifndef __SQUID_HELPERS_DEFINES_H +#define __SQUID_HELPERS_DEFINES_H + +/* + * This file contains several macro definitions which are + * useful and shared between helpers. + */ + +#define HELPER_INPUT_BUFFER 8196 + +#define safe_free(x) if (x) { free(x); x = NULL; } + +/* send OK result to Squid with a string parameter. */ +#define SEND_OK(x) fprintf(stdout, "OK %s\n",x) + +/* send ERR result to Squid with a string parameter. */ +#define SEND_ERR(x) fprintf(stdout, "ERR %s\n",x) + +#endif /* __SQUID_HELPERS_DEFINES_H */