From: Amos Jeffries Date: Tue, 30 Dec 2014 10:22:29 +0000 (-0800) Subject: basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth X-Git-Tag: merge-candidate-3-v1~407 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b0ab4ab35d311f3b616f98ad5b53e14b1eb11c01;p=thirdparty%2Fsquid.git basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth This helper consisted of a Perl script requiring special Perl SMB:Authen module and Samba nmblookup helper to operate. It performs the same operations as basic_smb_lm_auth helper, so is not actually needed. It also contains a slightly ambiguous copyright license as it was published to the squid-users mailing list in effective Public Domain free for any use, but without explicit statement to the fact. --- diff --git a/configure.ac b/configure.ac index 6dc92e7641..50660c6a83 100644 --- a/configure.ac +++ b/configure.ac @@ -3814,7 +3814,6 @@ AC_CONFIG_FILES([ helpers/basic_auth/fake/Makefile helpers/basic_auth/getpwnam/Makefile helpers/basic_auth/LDAP/Makefile - helpers/basic_auth/MSNT-multi-domain/Makefile helpers/basic_auth/NCSA/Makefile helpers/basic_auth/NIS/Makefile helpers/basic_auth/PAM/Makefile diff --git a/doc/release-notes/release-3.6.sgml b/doc/release-notes/release-3.6.sgml index fdb1c65b03..5977357d0a 100644 --- a/doc/release-notes/release-3.6.sgml +++ b/doc/release-notes/release-3.6.sgml @@ -78,12 +78,16 @@ various client/server workarounds specific to SSLv2 are removed. MSNT Helper changes

The authentication helper previously known as basic_msnt_auth has - been renamed to basc_smb_lm_auth to reflect that it only performs + been renamed to basic_smb_lm_auth to reflect that it only performs SMB LanMan protocol(s) instead of modern ActiveDirectory protocols.

The basic_smb_lm_auth helper is also deprecated and will be removed in a later Squid version. +

The basic_msnt_multi_domain_auth helper has been removed. The + basic_smb_lm_auth helper performs the same actions without extra + Perl and Samba dependencies. + Changes to squid.conf since Squid-3.5

diff --git a/helpers/basic_auth/MSNT-multi-domain/Makefile.am b/helpers/basic_auth/MSNT-multi-domain/Makefile.am deleted file mode 100644 index 5c78ba368e..0000000000 --- a/helpers/basic_auth/MSNT-multi-domain/Makefile.am +++ /dev/null @@ -1,23 +0,0 @@ -## Copyright (C) 1996-2014 The Squid Software Foundation and contributors -## -## Squid software is distributed under GPLv2+ license and includes -## contributions from numerous individuals and organizations. -## Please see the COPYING and CONTRIBUTORS files for details. -## - -include $(top_srcdir)/src/Common.am - -libexec_SCRIPTS = basic_msnt_multi_domain_auth -man_MANS= basic_msnt_multi_domain_auth.8 -EXTRA_DIST= \ - basic_msnt_multi_domain_auth.8 \ - basic_msnt_multi_domain_auth.pl.in \ - required.m4 - -basic_msnt_multi_domain_auth: basic_msnt_multi_domain_auth.pl.in - $(subst_perlshell) - -basic_msnt_multi_domain_auth.8: basic_msnt_multi_domain_auth - pod2man basic_msnt_multi_domain_auth basic_msnt_multi_domain_auth.8 - -CLEANFILES += basic_msnt_multi_domain_auth basic_msnt_multi_domain_auth.8 diff --git a/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.pl.in b/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.pl.in deleted file mode 100755 index b32139b36b..0000000000 --- a/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.pl.in +++ /dev/null @@ -1,217 +0,0 @@ -#!@PERL@ - -use strict; -use Pod::Usage; -use Getopt::Long; - -=pod - -=head1 NAME - - basic_msnt_multi_domain_auth - -=head1 SYNOPSIS - - basic_msnt_multi_domain_auth [options] - -=head1 DESCRIPTION - -B is a Squid authenticator to check -user credentials against multiple NT domains using B. - -The user is expected to enter his/her credentials as domain\username -or domain/username (in analogy to what MS-Proxy does). - -Requires Authen::SMB from CPAN and Samba if you need to perform NETBIOS -queries. - -=head1 OPTIONS - -=over 12 - -=item B<--debug> - -Write debug info to stderr. - -=item B<--wins-server> - -Use the named WINS server. - - Default: broadcast will be attempted. - -=item B<--no-fqdn> - -Some servers don't like to be called by their fully qualified name. -Define this if you wish to call them ONLY by their hostname. - -=item B<--no-rdns> - -Some servers really really want to be called by address. - -=back - -=head1 AUTHOR - -This program was written by I> - -This manual was written by I> - -=head1 COPYRIGHT - - * Copyright (C) 1996-2014 The Squid Software Foundation and contributors - * - * Squid software is distributed under GPLv2+ license and includes - * contributions from numerous individuals and organizations. - * Please see the COPYING and CONTRIBUTORS files for details. - -=head1 QUESTIONS - -Questions on the usage of this program can be sent to the I> - -=head1 REPORTING BUGS - -Bug reports need to be made in English. -See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. - -Report bugs or bug fixes using http://bugs.squid-cache.org/ - -Report serious security bugs to I> - -Report ideas for new improvements to the I> - -=head1 SEE ALSO - -squid (8), GPL (7), - -The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq - -The Squid Configuration Manual http://www.squid-cache.org/Doc/config/ - -=cut - -#to force using some DC for some domains, fill in this hash. -#the key is a regexp matched against the domain name -# the value is an array ref with PDC and BDC. -# the order the names are matched in is UNDEFINED. -#i.e.: -# %controllers = ( "domain" => ["pdc","bdc"]); - -#%controllers = ( ".*" => ["pdcname","bdcname"]); - -#no more user-serviceable parts - -use Authen::Smb; - -#variables: -# %pdc used to cache the domain -> pdc_ip values. IT NEVER EXPIRES! - -my $debug = undef; -my $wins_server = undef; -my $no_rdns = undef; -my $no_fqdn = undef; - -GetOptions( - 'debug' => \$debug, - 'wins-server=s' => $wins_server, - 'no-fqdn' => $no_fqdn, - 'no-rdns' => $no_rdns - ); - -$|=1; -while (<>) { - chomp; - if (! m;^(\S+)(/|%5c)(\S+)\s(\S+)$; ) { #parse the line - print "ERR\n"; - next; - } - $domain=$1; - $user=$3; - $pass=$4; - $domain =~ s/%([0-9a-f][0-9a-f])/pack("H2",$1)/gie; - $user =~ s/%([0-9a-f][0-9a-f])/pack("H2",$1)/gie; - $pass =~ s/%([0-9a-f][0-9a-f])/pack("H2",$1)/gie; - print STDERR "domain: $domain, user: $user, pass=$pass\n" - if (defined ($debug)); - # check out that we know the PDC address - if (!$pdc{$domain}) { - ($pdc,$bdc)=&discover_dc($domain); - if ($pdc) { - $pdc{$domain}=$pdc; - $bdc{$domain}=$bdc; - } - } - $pdc=$pdc{$domain}; - $bdc=$bdc{$domain}; - if (!$pdc) { - #a pdc was not found - print "ERR\n"; - print STDERR "No PDC found\n" if (defined($debug)); - next; - } - - print STDERR "querying '$pdc' and '$bdc' for user '$domain\\$user', ". - "pass $pass\n" if (defined($debug)); - $result=Authen::Smb::authen($user,$pass,$pdc,$bdc,$domain); - print STDERR "result is: $nt_results{$result} ($result)\n" - if (defined($debug)); - if ($result == NTV_NO_ERROR) { - print STDERR ("OK for user '$domain\\$user'\n") if (defined($debug)); - print ("OK\n"); - } else { - print STDERR "Could not authenticate user '$domain\\$user'\n"; - print ("ERR\n"); - } -} - -#why do Microsoft servers have to be so damn picky and convoluted? -sub discover_dc { - my $domain = shift @_; - my ($pdc, $bdc, $lookupstring, $datum); - - foreach (keys %controllers) { - if ($domain =~ /$_/) { - print STDERR "DCs forced by user: $_ => ". - join(',',@{$controllers{$_}}). - "\n" if (defined($debug)); - return @{$controllers{$_}}; - } - } - $lookupstring="nmblookup"; - $lookupstring.=" -R -U $wins_server" if (defined($wins_server)); - $lookupstring.=" -T" unless (defined($no_rdns)); - $lookupstring.=" '$domain#1c'"; - print STDERR "Discovering PDC: $lookupstring\n" - if (defined($debug)); - #discover the PDC address - open(PDC,"$lookupstring|"); - while () { - print STDERR "response line: $_" if (defined($debug)); - if (m|(.*), (\d+\.\d+\.\d+\.\d+)|) { - $datum=$1; - print STDERR "matched $datum\n" if (defined($debug)); - if (defined($no_fqdn) && $datum =~ /^([^.]+)\..*/) { - $datum=$1; - print STDERR "stripped domain name: $datum\n" if (defined($debug)); - } - } elsif (m|^(\d+\.\d+\.\d+\.\d+)|) { - $datum=$1; - } else { - #no data here, go to next line - next; - } - if ($datum) { - if ($pdc) { - $bdc=$datum; - print STDERR "BDC is $datum\n" if (defined($debug)); - last; - } else { - $pdc=$datum; - print STDERR "PDC is $datum\n" if (defined($debug)); - } - last; - } - } - close(PDC); - return ($pdc,$bdc) if ($pdc); - return 0; -} diff --git a/helpers/basic_auth/MSNT-multi-domain/required.m4 b/helpers/basic_auth/MSNT-multi-domain/required.m4 deleted file mode 100755 index ce18d0acb3..0000000000 --- a/helpers/basic_auth/MSNT-multi-domain/required.m4 +++ /dev/null @@ -1,10 +0,0 @@ -## Copyright (C) 1996-2014 The Squid Software Foundation and contributors -## -## Squid software is distributed under GPLv2+ license and includes -## contributions from numerous individuals and organizations. -## Please see the COPYING and CONTRIBUTORS files for details. -## - -if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then - BUILD_HELPER="MSNT-multi-domain" -fi diff --git a/helpers/basic_auth/Makefile.am b/helpers/basic_auth/Makefile.am index c97d5136ae..c188b67567 100644 --- a/helpers/basic_auth/Makefile.am +++ b/helpers/basic_auth/Makefile.am @@ -11,7 +11,6 @@ DIST_SUBDIRS = \ fake \ getpwnam \ LDAP \ - MSNT-multi-domain \ NCSA \ NIS \ PAM \ diff --git a/helpers/basic_auth/modules.m4 b/helpers/basic_auth/modules.m4 index 91cb4e7042..2910fb8e82 100644 --- a/helpers/basic_auth/modules.m4 +++ b/helpers/basic_auth/modules.m4 @@ -44,9 +44,6 @@ if test "x$enable_auth_basic" != "xno" ; then elif test "x$helper" = "xLDAP" ; then m4_include([helpers/basic_auth/LDAP/required.m4]) - elif test "x$helper" = "xMSNT-multi-domain" ; then - m4_include([helpers/basic_auth/MSNT-multi-domain/required.m4]) - elif test "x$helper" = "xNCSA" ; then m4_include([helpers/basic_auth/NCSA/required.m4])