negotiate_auth \
ntlm_auth \
url_rewrite
+
+EXTRA_DIST = defines.h
/*
- * ncsa_auth.c
- *
* AUTHOR: Arjan de Vet <Arjan.deVet@adv.iae.nl>
*
* Example authentication program for Squid, based on the original
*/
#include "config.h"
+#include "crypt_md5.h"
+#include "hash.h"
+#include "helpers/defines.h"
#include "rfc1738.h"
+#include "util.h"
#if HAVE_STDIO_H
#include <stdio.h>
#endif
-#if HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#if HAVE_STRING_H
#include <string.h>
#endif
-#if HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#include <crypt.h>
#endif
-#include "util.h"
-#include "hash.h"
-#include "crypt_md5.h"
-
static hash_table *hash = NULL;
static HASHFREE my_free;
/* initial setup */
hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
if (NULL == hash) {
- fprintf(stderr, "ncsa_auth: cannot create hash table\n");
+ fprintf(stderr, "FATAL: Cannot create hash table\n");
exit(1);
}
f = fopen(passwdfile, "r");
if (NULL == f) {
- fprintf(stderr, "%s: %s\n", passwdfile, xstrerror());
+ fprintf(stderr, "FATAL: %s: %s\n", passwdfile, xstrerror());
exit(1);
}
while (fgets(buf, 8192, f) != NULL) {
{
struct stat sb;
time_t change_time = -1;
- char buf[256];
+ char buf[HELPER_INPUT_BUFFER];
char *user, *passwd, *p;
user_data *u;
setbuf(stdout, NULL);
exit(1);
}
if (stat(argv[1], &sb) != 0) {
- fprintf(stderr, "cannot stat %s\n", argv[1]);
+ fprintf(stderr, "FATAL: cannot stat %s\n", argv[1]);
exit(1);
}
- while (fgets(buf, 256, stdin) != NULL) {
+ while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
if ((p = strchr(buf, '\n')) != NULL)
*p = '\0'; /* strip \n */
if (stat(argv[1], &sb) == 0) {
}
}
if ((user = strtok(buf, " ")) == NULL) {
- printf("ERR\n");
+ SEND_ERR("");
continue;
}
if ((passwd = strtok(NULL, "")) == NULL) {
- printf("ERR\n");
+ SEND_ERR("");
continue;
}
rfc1738_unescape(user);
rfc1738_unescape(passwd);
u = (user_data *) hash_lookup(hash, user);
if (u == NULL) {
- printf("ERR No such user\n");
+ SEND_ERR("No such user");
#if HAVE_CRYPT
} else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
- printf("OK\n");
+ SEND_OK("");
#endif
} else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) {
- printf("OK\n");
+ SEND_OK("");
} else if (strcmp(u->passwd, (char *) md5sum(passwd)) == 0) { /* md5 without salt and magic strings - Added by Ramon de Carvalho and Rodrigo Rubira Branco */
- printf("OK\n");
+ SEND_OK("");
} else {
- printf("ERR Wrong password\n");
+ SEND_ERR("Wrong password");
}
}
if (hash != NULL) {
*/
#define SQUID_NO_ALLOC_PROTECT 1
#include "config.h"
-
+#include "helpers/defines.h"
#include "rfc1738.h"
#include "util.h"
#include <security/pam_appl.h>
#endif
-#define BUFSIZE 8192
-
-
/* The default PAM service name */
#ifndef DEFAULT_SQUID_PAM_SERVICE
#define DEFAULT_SQUID_PAM_SERVICE "squid"
password_conversation(int num_msg, PAM_CONV_FUNC_CONST_PARM struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
{
if (num_msg != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF) {
- fprintf(stderr, "ERROR: Unexpected PAM converstaion '%d/%s'\n", msg[0]->msg_style, msg[0]->msg);
+ debug("ERROR: Unexpected PAM converstaion '%d/%s'\n", msg[0]->msg_style, msg[0]->msg);
return PAM_CONV_ERR;
}
#if _SQUID_SOLARIS_
}
#endif
if (!appdata_ptr) {
- fprintf(stderr, "ERROR: No password available to password_converstation!\n");
+ debug("ERROR: No password available to password_converstation!\n");
return PAM_CONV_ERR;
}
*resp = static_cast<struct pam_response *>(calloc(num_msg, sizeof(struct pam_response)));
if (!*resp) {
- fprintf(stderr, "ERROR: Out of memory!\n");
+ debug("ERROR: Out of memory!\n");
return PAM_CONV_ERR;
}
(*resp)[0].resp = xstrdup((char *) appdata_ptr);
int retval = PAM_SUCCESS;
char *user;
char *password_buf;
- char buf[BUFSIZE];
+ char buf[HELPER_INPUT_BUFFER];
time_t pamh_created = 0;
int ttl = DEFAULT_SQUID_PAM_TTL;
const char *service = DEFAULT_SQUID_PAM_SERVICE;
no_acct_mgmt = 1;
break;
default:
- fprintf(stderr, "Unknown getopt value '%c'\n", ch);
+ fprintf(stderr, "FATAL: Unknown getopt value '%c'\n", ch);
usage(argv[0]);
exit(1);
}
}
start:
if (optind < argc) {
- fprintf(stderr, "Unknown option '%s'\n", argv[optind]);
+ fprintf(stderr, "FATAL: Unknown option '%s'\n", argv[optind]);
usage(argv[0]);
exit(1);
}
- while (fgets(buf, BUFSIZE, stdin)) {
+ while (fgets(buf, HELPER_INPUT_BUFFER, stdin)) {
user = buf;
password_buf = strchr(buf, '\n');
if (!password_buf) {
- fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf);
+ debug("ERROR: %s: Unexpected input '%s'\n", argv[0], buf);
goto error;
}
*password_buf = '\0';
password_buf = strchr(buf, ' ');
if (!password_buf) {
- fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf);
+ debug("ERROR: %s: Unexpected input '%s'\n", argv[0], buf);
goto error;
}
*password_buf++ = '\0';
/* Create PAM connection */
retval = pam_start(service, user, &conv, &pamh);
if (retval != PAM_SUCCESS) {
- fprintf(stderr, "ERROR: failed to create PAM authenticator\n");
+ debug("ERROR: failed to create PAM authenticator\n");
goto error;
}
} else if (!pamh || (time(NULL) - pamh_created) >= ttl || pamh_created > time(NULL)) {
if (pamh) {
retval = pam_end(pamh, retval);
if (retval != PAM_SUCCESS) {
- fprintf(stderr, "WARNING: failed to release PAM authenticator\n");
+ debug("WARNING: failed to release PAM authenticator\n");
}
pamh = NULL;
}
/* Initialize persistent PAM connection */
retval = pam_start(service, "squid@", &conv, &pamh);
if (retval != PAM_SUCCESS) {
- fprintf(stderr, "ERROR: failed to create PAM authenticator\n");
+ debug("ERROR: failed to create PAM authenticator\n");
goto error;
}
pamh_created = time(NULL);
if (retval == PAM_SUCCESS && !no_acct_mgmt)
retval = pam_acct_mgmt(pamh, 0);
if (retval == PAM_SUCCESS) {
- fprintf(stdout, "OK\n");
+ SEND_OK("");
} else {
error:
- fprintf(stdout, "ERR\n");
+ SEND_ERR("");
}
/* cleanup */
retval = PAM_SUCCESS;
if (ttl == 0 || retval != PAM_SUCCESS) {
retval = pam_end(pamh, retval);
if (retval != PAM_SUCCESS) {
- fprintf(stderr, "WARNING: failed to release PAM authenticator\n");
+ debug("WARNING: failed to release PAM authenticator\n");
}
pamh = NULL;
}
retval = pam_end(pamh, retval);
if (retval != PAM_SUCCESS) {
pamh = NULL;
- fprintf(stderr, "ERROR: failed to release PAM authenticator\n");
+ debug("ERROR: failed to release PAM authenticator\n");
}
}
return 0;
* and many others
*/
-#include "config.h"
-#include "md5.h"
-#include "radius.h"
-#include "radius-util.h"
+#include "config.h"
+#include "helpers/defines.h"
+#include "md5.h"
+#include "radius.h"
+#include "radius-util.h"
#if HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#include <errno.h>
#endif
+/* AYJ: helper input buffer may be a lot larger than this used to expect... */
#define MAXPWNAM 254
#define MAXPASS 254
-#define MAXLINE 254
+#define MAXLINE 254
static void md5_calc(uint8_t out[16], void *in, size_t len);
totallen = ntohs(auth->length);
if (totallen != length) {
- fprintf(stderr,
- "basic_radius_auth: Received invalid reply length from server (want %d/ got %d)\n",
- totallen, length);
+ debug("Received invalid reply length from server (want %d/ got %d)\n", totallen, length);
return -1;
}
if (auth->id != request_id) {
md5_calc(calc_digest, (unsigned char *) auth, length + secretlen);
if (memcmp(reply_digest, calc_digest, AUTH_VECTOR_LEN) != 0) {
- fprintf(stderr, "Warning: Received invalid reply digest from server\n");
+ debug("WARNING: Received invalid reply digest from server\n");
return -1;
}
if (auth->code != PW_AUTHENTICATION_ACK)
char username[MAXPWNAM];
char passwd[MAXPASS];
char *ptr;
- char authstring[MAXLINE];
+ char buf[HELPER_INPUT_BUFFER];
const char *cfname = NULL;
int err = 0;
socklen_t salen;
if (cfname) {
if (rad_auth_config(cfname) < 0) {
- fprintf(stderr, "%s: can't open configuration file '%s'.\n", argv[0], cfname);
+ fprintf(stderr, "FATAL: %s: can't open configuration file '%s'.\n", argv[0], cfname);
exit(1);
}
}
if (!*server) {
- fprintf(stderr, "%s: Server not specified\n", argv[0]);
+ fprintf(stderr, "FATAL: %s: Server not specified\n", argv[0]);
exit(1);
}
if (!*secretkey) {
- fprintf(stderr, "%s: Shared secret not specified\n", argv[0]);
+ fprintf(stderr, "FATAL: %s: Shared secret not specified\n", argv[0]);
exit(1);
}
#ifdef _SQUID_MSWIN_
/* Get the IP address of the authentication server */
if ((auth_ipaddr = get_ipaddr(server)) == 0) {
- fprintf(stderr, "Couldn't find host %s\n", server);
+ fprintf(stderr, "FATAL: %s: Couldn't find host %s\n", argv[0], server);
exit(1);
}
sockfd = socket(AF_INET, SOCK_DGRAM, 0);
fcntl(sockfd, F_SETFL, fcntl(sockfd, F_GETFL, 0) | O_NONBLOCK);
#endif
nas_ipaddr = ntohl(salocal.sin_addr.s_addr);
- while (fgets(authstring, MAXLINE, stdin) != NULL) {
+ while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
char *end;
/* protect me form to long lines */
- if ((end = strchr(authstring, '\n')) == NULL) {
+ if ((end = strchr(buf, '\n')) == NULL) {
err = 1;
continue;
}
if (err) {
- printf("ERR\n");
+ SEND_ERR("");
err = 0;
continue;
}
- if (strlen(authstring) > MAXLINE) {
- printf("ERR\n");
+ if (strlen(buf) > HELPER_INPUT_BUFFER) {
+ SEND_ERR("");
continue;
}
/* Strip off the trailing newline */
*end = '\0';
/* Parse out the username and password */
- ptr = authstring;
+ ptr = buf;
while (isspace(*ptr))
ptr++;
if ((end = strchr(ptr, ' ')) == NULL) {
- printf("ERR\n"); /* No password */
+ SEND_ERR("No password");
continue;
}
*end = '\0';
urldecode(passwd, ptr, MAXPASS);
if (authenticate(sockfd, username, passwd))
- printf("OK\n");
+ SEND_OK("");
else
- printf("ERR\n");
+ SEND_ERR("");
}
close(sockfd);
exit(1);
*
*/
#include "config.h"
+#include "helpers/defines.h"
#include "rfc1738.h"
#include "util.h"
int
main(int argc, char *argv[])
{
- char line[8192];
+ char line[HELPER_INPUT_BUFFER];
char *username, *password;
#if SASL_VERSION_MAJOR < 2
const char *errstr;
rc = sasl_server_init( NULL, APP_NAME_SASL );
if ( rc != SASL_OK ) {
- fprintf( stderr, "error %d %s\n", rc, sasl_errstring(rc, NULL, NULL ));
- fprintf( stdout, "ERR\n" );
+ fprintf(stderr, "FATAL: %d %s\n", rc, sasl_errstring(rc, NULL, NULL ));
return 1;
}
#endif
if ( rc != SASL_OK ) {
- fprintf( stderr, "error %d %s\n", rc, sasl_errstring(rc, NULL, NULL ));
- fprintf( stdout, "ERR\n" );
+ fprintf(stderr, "FATAL: %d %s\n", rc, sasl_errstring(rc, NULL, NULL ));
return 1;
}
- while ( fgets( line, sizeof( line ), stdin )) {
+ while ( fgets( line, HELPER_INPUT_BUFFER, stdin )) {
username = &line[0];
password = strchr( line, '\n' );
- if ( !password) {
- fprintf( stderr, "authenticator: Unexpected input '%s'\n", line );
- fprintf( stdout, "ERR\n" );
+ if (!password) {
+ debug("ERROR: %s: Unexpected input '%s'\n", argv[0], line);
+ SEND_ERR("Unexpected Empty Input");
continue;
}
*password = '\0';
password = strchr ( line, ' ' );
- if ( !password) {
- fprintf( stderr, "authenticator: Unexpected input '%s'\n", line );
- fprintf( stdout, "ERR\n" );
+ if (!password) {
+ debug("ERROR: %s: Unexpected input '%s' (no password)\n", argv[0], line );
+ SEND_ERR("No Password");
continue;
}
*password++ = '\0';
if ( rc != SASL_OK ) {
#if SASL_VERSION_MAJOR < 2
if ( errstr ) {
- fprintf( stderr, "errstr %s\n", errstr );
+ debug("errstr %s\n", errstr);
}
if ( rc != SASL_BADAUTH ) {
- fprintf( stderr, "error %d %s\n", rc, sasl_errstring(rc, NULL, NULL ));
- }
+ debug("ERROR: %d %s\n", rc, sasl_errstring(rc, NULL, NULL));
+ SEND_ERR(sasl_errstring(rc, NULL, NULL));
+ } else
#endif
- fprintf( stdout, "ERR\n" );
+ SEND_ERR("");
} else {
- fprintf( stdout, "OK\n" );
+ SEND_OK("");
}
-
}
- sasl_dispose( &conn );
+ sasl_dispose(&conn);
sasl_done();
-
return 0;
}
*/
#include "config.h"
+#include "helpers/defines.h"
#include "util.h"
#if HAVE_STDIO_H
void
usage()
{
- fprintf(stderr,
- "%s usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
+ fprintf(stderr, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
"-A can specify a Windows Local Group name allowed to authenticate\n"
"-D can specify a Windows Local Group name not allowed to authenticate\n"
"-O can specify the default Domain against to authenticate\n"
"-d enable debugging.\n"
"-h this message\n\n",
- my_program_name, my_program_name);
+ my_program_name);
}
void
process_options(int argc, char *argv[])
{
- int opt, had_error = 0;
+ int opt;
while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
switch (opt) {
case 'A':
opt = optopt;
/* fall thru to default */
default:
- fprintf(stderr, "Unknown option: -%c. Exiting\n", opt);
- had_error = 1;
+ fprintf(stderr, "FATAL: Unknown option: -%c\n", opt);
+ usage();
+ exit(1);
}
}
- if (had_error) {
- usage();
- exit(1);
- }
}
/* Main program for simple authentication.
Scans and checks for Squid input, and attempts to validate the user.
*/
-
int
main(int argc, char **argv)
-
{
- char wstr[256];
+ char wstr[HELPER_INPUT_BUFFER];
char username[256];
char password[256];
char *p;
my_program_name = argv[0];
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
-
if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) {
- fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n");
+ fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n");
exit(1);
}
debug("SSPI initialized OK\n");
setbuf(stdout, NULL);
setbuf(stderr, NULL);
- while (1) {
- /* Read whole line from standard input. Terminate on break. */
- if (fgets(wstr, 255, stdin) == NULL)
- break;
+ while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) {
if (NULL == strchr(wstr, '\n')) {
err = 1;
continue;
}
if (err) {
- fprintf(stderr, "Oversized message\n");
- puts("ERR");
- goto error;
+ SEND_ERR("Oversized message");
+ err = 0;
+ fflush(stdout);
+ continue;
}
if ((p = strchr(wstr, '\n')) != NULL)
/* Check for invalid or blank entries */
if ((username[0] == '\0') || (password[0] == '\0')) {
- fprintf(stderr, "Invalid Request\n");
- puts("ERR");
+ SEND_ERR("Invalid Request");
fflush(stdout);
continue;
}
debug("Trying to validate; %s %s\n", username, password);
if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
- puts("OK");
+ SEND_OK("");
else
- printf("ERR %s\n", errormsg);
-error:
+ SEND_ERR(errormsg);
err = 0;
fflush(stdout);
}
*/
#include "config.h"
+#include "helpers/defines.h"
#include "rfc1738.h"
+#include "util.h"
#if HAVE_STDIO_H
#include <stdio.h>
#include <shadow.h>
#endif
-#include "util.h"
-
-#define ERR "ERR\n"
-#define OK "OK\n"
-
static int
passwd_auth(char *user, char *passwd)
{
main(int argc, char **argv)
{
int auth = 0;
- char buf[256];
+ char buf[HELPER_INPUT_BUFFER];
char *user, *passwd, *p;
setbuf(stdout, NULL);
- while (fgets(buf, 256, stdin) != NULL) {
+ while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
if ((p = strchr(buf, '\n')) != NULL)
*p = '\0'; /* strip \n */
if ((user = strtok(buf, " ")) == NULL) {
- printf(ERR);
+ SEND_ERR("No Username");
continue;
}
if ((passwd = strtok(NULL, "")) == NULL) {
- printf(ERR);
+ SEND_ERR("No Password");
continue;
}
rfc1738_unescape(user);
auth = passwd_auth(user, passwd);
#endif
if (auth == 0) {
- printf("ERR No such user\n");
+ SEND_ERR("No such user");
} else {
if (auth == 2) {
- printf("ERR Wrong password\n");
+ SEND_ERR("Wrong password");
} else {
- printf(OK);
+ SEND_OK("");
}
}
}
- exit(0);
+ return 0;
}
--- /dev/null
+#ifndef __SQUID_HELPERS_DEFINES_H
+#define __SQUID_HELPERS_DEFINES_H
+
+/*
+ * This file contains several macro definitions which are
+ * useful and shared between helpers.
+ */
+
+#define HELPER_INPUT_BUFFER 8196
+
+#define safe_free(x) if (x) { free(x); x = NULL; }
+
+/* send OK result to Squid with a string parameter. */
+#define SEND_OK(x) fprintf(stdout, "OK %s\n",x)
+
+/* send ERR result to Squid with a string parameter. */
+#define SEND_ERR(x) fprintf(stdout, "ERR %s\n",x)
+
+#endif /* __SQUID_HELPERS_DEFINES_H */
projects / thirdparty / squid.git / commitdiff
