* Use rfc1738 escapes for negotiate_kerberos logging and kerberos_ldap_group.
* Include the option for kerberos_ldap_group to read group information from
stdin (squid config file list) instead of a command line argument.
ext_kerberos_ldap_group_acl_LDFLAGS =
ext_kerberos_ldap_group_acl_LDADD = \
+ $(top_builddir)/lib/libmiscencoding.la \
$(COMPAT_LIB) \
$(LDAPLIB) \
$(LBERLIB) \
#include "squid.h"
#include "helpers/defines.h"
#include "util.h"
+#include "rfc1738.h"
#ifdef HAVE_LDAP
main(int argc, char *const argv[])
{
char buf[6400];
- char *user, *domain;
+ char *user, *domain, *group;
+ char *up=NULL, *dp=NULL, *np=NULL;
char *nuser, *nuser8 = NULL, *netbios;
char *c;
int opt;
}
debug((char *) "%s| %s: INFO: Starting version %s\n", LogTime(), PROGRAM, KERBEROS_LDAP_GROUP_VERSION);
+ int gopt = 0;
if (create_gd(&margs)) {
- debug((char *) "%s| %s: FATAL: Error in group list: %s\n", LogTime(), PROGRAM, margs.glist ? margs.glist : "NULL");
- SEND_ERR("");
- clean_args(&margs);
- exit(1);
+ if ( margs.glist != NULL ) {
+ debug((char *) "%s| %s: FATAL: Error in group list: %s\n", LogTime(), PROGRAM, margs.glist ? margs.glist : "NULL");
+ SEND_ERR("");
+ clean_args(&margs);
+ exit(1);
+ } else {
+ debug((char *) "%s| %s: INFO: no group list given expect it from stdin\n", LogTime(), PROGRAM);
+ gopt = 1;
+ }
}
if (create_nd(&margs)) {
debug((char *) "%s| %s: FATAL: Error in netbios list: %s\n", LogTime(), PROGRAM, margs.nlist ? margs.nlist : "NULL");
if (c) {
*c = '\0';
} else {
- SEND_ERR("");
+ SEND_ERR("Invalid input. CR missing");
debug((char *) "%s| %s: ERR\n", LogTime(), PROGRAM);
continue;
}
- user = buf;
+ user = strtok(buf, " \n");
+ if (!user) {
+ debug((char *) "%s| %s: INFO: No Username given\n", LogTime(), PROGRAM);
+ SEND_ERR("Invalid request. No Username");
+ continue;
+ }
+ rfc1738_unescape(user);
nuser = strchr(user, '\\');
if (!nuser)
nuser8 = strstr(user, "%5C");
nuser = nuser8 + 3;
}
netbios = user;
+ up = xstrdup(rfc1738_escape(nuser));
+ np = xstrdup(rfc1738_escape(netbios));
if (debug_enabled)
- debug((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, nuser, netbios);
+ debug((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, up, np);
else
- log((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, nuser, netbios);
+ log((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, up, np);
domain = get_netbios_name(&margs, netbios);
user = nuser;
+ xfree(up);
+ xfree(np);
} else if (domain) {
strup(domain);
*domain = '\0';
++domain;
}
+ up = xstrdup(rfc1738_escape(user));
+ if (domain)
+ dp = xstrdup(rfc1738_escape(domain));
if (!domain && margs.ddomain) {
domain = xstrdup(margs.ddomain);
if (debug_enabled)
- debug((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, user, domain);
+ debug((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, up, dp);
else
- log((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, user, domain);
+ log((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, up, dp);
}
if (debug_enabled)
- debug((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, user, domain ? domain : "NULL");
+ debug((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, up, domain ? dp : "NULL");
else
- log((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, user, domain ? domain : "NULL");
+ log((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, up, domain ? dp : "NULL");
+ xfree(up);
+ xfree(dp);
if (!strcmp(user, "QQ") && domain && !strcmp(domain, "QQ")) {
clean_args(&margs);
exit(-1);
}
+ if (gopt) {
+ if ((group = strtok(NULL, " \n")) != NULL) {
+ debug((char *) "%s| %s: INFO: Read group list %s from stdin\n", LogTime(), PROGRAM, group);
+ rfc1738_unescape(group);
+ if (margs.groups) {
+ clean_gd(margs.groups);
+ margs.groups = NULL;
+ }
+ margs.glist = xstrdup(group);
+ if (create_gd(&margs)) {
+ SEND_ERR("Error in group list");
+ debug((char *) "%s| %s: FATAL: Error in group list: %s\n", LogTime(), PROGRAM, margs.glist ? margs.glist : "NULL");
+ continue;
+ }
+ } else {
+ SEND_ERR("No group list received on stdin");
+ debug((char *) "%s| %s: FATAL: No group list received on stdin\n", LogTime(), PROGRAM);
+ continue;
+ }
+ }
if (check_memberof(&margs, user, domain)) {
SEND_OK("");
debug((char *) "%s| %s: DEBUG: OK\n", LogTime(), PROGRAM);
return gdsp;
}
+void
+free_gd(struct gdstruct *gdsp)
+{
+ while (gdsp) {
+ struct gdstruct *gdspn = gdsp->next;
+ xfree(gdsp->group);
+ xfree(gdsp->domain);
+ xfree(gdsp);
+ gdsp = gdspn;
+ }
+}
+
char *utf8dup(struct main_args *margs);
char *
char *
hex_utf_char(struct main_args *margs, int flag)
{
- char *up;
- char *upd;
- char *ul;
- int a, n, nl, ival, ichar;
+ int ival, ichar;
int iUTF2, iUTF3, iUTF4;
- if (flag) {
- up = margs->ulist;
- } else {
- up = margs->tlist;
- }
-
+ char *up = (flag ? margs->ulist : margs->tlist);
if (!up)
return NULL;
- upd = strrchr(up, '@');
- if (upd)
- a = upd - up;
- else
- a = strlen(up);
+ char *upd = strrchr(up, '@');
+ size_t a = (upd ? (upd - up) : strlen(up) );
- ul = (char *) xmalloc(strlen(up));
- n = 0;
- nl = 0;
+ char *ul = (char *) xmalloc(strlen(up)+1);
+ size_t n = 0;
+ int nl = 0;
iUTF2 = 0;
iUTF3 = 0;
iUTF4 = 0;
- while (n < (int) strlen(up)) {
+ while (n < strlen(up)) {
if (flag && n == a)
break;
if (up[n] == '@') {
ichar = (ival - 48) * 16;
else {
debug((char *) "%s| %s: WARNING: Invalid Hex value %c\n", LogTime(), PROGRAM, ival);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
if (n == a - 1) {
debug((char *) "%s| %s: WARNING: Invalid Hex UTF-8 string %s\n", LogTime(), PROGRAM, up);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
++n;
ichar = ichar + ival - 48;
else {
debug((char *) "%s| %s: WARNING: Invalid Hex value %c\n", LogTime(), PROGRAM, ival);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
ul[nl] = ichar;
ul[nl + 1] = '\0';
debug((char *) "%s| %s: WARNING: Invalid UTF-8 sequence for Unicode %s\n", LogTime(), PROGRAM, ul);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
} else if (iUTF3) {
ul[nl] = ichar;
ul[nl + 1] = '\0';
debug((char *) "%s| %s: WARNING: Invalid UTF-8 sequence for Unicode %s\n", LogTime(), PROGRAM, ul);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
} else if (iUTF4) {
ul[nl] = ichar;
ul[nl + 1] = '\0';
debug((char *) "%s| %s: WARNING: Invalid UTF-8 sequence for Unicode %s\n", LogTime(), PROGRAM, ul);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
} else if (ichar < 0x80) {
ul[nl] = ichar;
ul[nl + 1] = '\0';
debug((char *) "%s| %s: WARNING: Invalid UTF-8 sequence for Unicode %s\n", LogTime(), PROGRAM, ul);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
++n;
if (iUTF2 || iUTF3 || iUTF4) {
debug((char *) "%s| %s: INFO: iUTF2: %d iUTF3: %d iUTF4: %d\n", LogTime(), PROGRAM, iUTF2, iUTF3, iUTF4);
debug((char *) "%s| %s: WARNING: Invalid UTF-8 sequence for Unicode %s\n", LogTime(), PROGRAM, ul);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
if (flag && upd)
create_gd(struct main_args *margs)
{
char *gp, *dp;
- char *hp1, *hp2, *up;
char *p;
struct gdstruct *gdsp = NULL, *gdspn = NULL;
/*
*
*
*/
- hp1 = hex_utf_char(margs, 0);
- hp2 = hex_utf_char(margs, 1);
- up = utf8dup(margs);
+ char *hp1 = hex_utf_char(margs, 0);
+ char *hp2 = hex_utf_char(margs, 1);
+ char *up = utf8dup(margs);
+
+ // NP: will point to the start of a temporary assembly buffer used by 'p' and 'gp'
+ // for catenation of the hp1, hp2, and up buffer contents from above.
+ // necessary for xfree() because both p and gp move over the assembly area
+ char *gpbuf = NULL;
+
+ // release the allocated UTF decoding buffers
+#define cleanup() { \
+ xfree(gpbuf); \
+ xfree(hp1); \
+ xfree(hp2); \
+ xfree(up); \
+ free_gd(gdsp); \
+ }
+
p = up;
if (hp1) {
if (hp2) {
if (up) {
- p = (char *) xmalloc(strlen(up) + strlen(hp1) + strlen(hp2) + 2);
+ gpbuf = p = (char *) xmalloc(strlen(up) + strlen(hp1) + strlen(hp2) + 2);
strcpy(p, up);
strcat(p, ":");
strcat(p, hp1);
strcat(p, ":");
strcat(p, hp2);
} else {
- p = (char *) xmalloc(strlen(hp1) + strlen(hp2) + 1);
+ gpbuf = p = (char *) xmalloc(strlen(hp1) + strlen(hp2) + 1);
strcpy(p, hp1);
strcat(p, ":");
strcat(p, hp2);
}
} else {
if (up) {
- p = (char *) xmalloc(strlen(up) + strlen(hp1) + 1);
+ gpbuf = p = (char *) xmalloc(strlen(up) + strlen(hp1) + 1);
strcpy(p, up);
strcat(p, ":");
strcat(p, hp1);
} else {
if (hp2) {
if (up) {
- p = (char *) xmalloc(strlen(up) + strlen(hp2) + 1);
+ gpbuf = p = (char *) xmalloc(strlen(up) + strlen(hp2) + 1);
strcpy(p, up);
strcat(p, ":");
strcat(p, hp2);
if (!p) {
debug((char *) "%s| %s: ERROR: No groups defined.\n", LogTime(), PROGRAM);
+ cleanup();
return (1);
}
while (*p) { /* loop over group list */
if (*p == '@') { /* end of group name - start of domain name */
if (p == gp) { /* empty group name not allowed */
debug((char *) "%s| %s: ERROR: No group defined for domain %s\n", LogTime(), PROGRAM, p);
+ cleanup();
return (1);
}
+ if (dp) { /* end of domain name - twice */
+ debug((char *) "%s| %s: @ is not allowed in group name %s@%s\n",LogTime(), PROGRAM,gp,dp);
+ cleanup();
+ return(1);
+ }
*p = '\0';
++p;
gdsp = init_gd();
- gdsp->group = gp;
- if (gdspn) /* Have already an existing structure */
- gdsp->next = gdspn;
+ gdsp->group = xstrdup(gp);
+ gdsp->next = gdspn;
dp = p; /* after @ starts new domain name */
} else if (*p == ':') { /* end of group name or end of domain name */
if (p == gp) { /* empty group name not allowed */
debug((char *) "%s| %s: ERROR: No group defined for domain %s\n", LogTime(), PROGRAM, p);
+ cleanup();
return (1);
}
*p = '\0';
dp = NULL;
} else { /* end of group name and no domain name */
gdsp = init_gd();
- gdsp->group = gp;
- if (gdspn) /* Have already an existing structure */
- gdsp->next = gdspn;
+ gdsp->group = xstrdup(gp);
+ gdsp->next = gdspn;
}
gdspn = gdsp;
gp = p; /* after : starts new group name */
}
if (p == gp) { /* empty group name not allowed */
debug((char *) "%s| %s: ERROR: No group defined for domain %s\n", LogTime(), PROGRAM, p);
+ cleanup();
return (1);
}
if (dp) { /* end of domain name */
gdsp->domain = xstrdup(dp);
} else { /* end of group name and no domain name */
gdsp = init_gd();
- gdsp->group = gp;
+ gdsp->group = xstrdup(gp);
if (gdspn) /* Have already an existing structure */
gdsp->next = gdspn;
}
debug((char *) "%s| %s: INFO: Group %s Domain %s\n", LogTime(), PROGRAM, gdsp->group, gdsp->domain ? gdsp->domain : "NULL");
margs->groups = gdsp;
+ gdsp = NULL; // prevent the cleanup() deallocating it.
+ cleanup();
return (0);
}
#endif
search_exp = (char *) xmalloc(strlen(filter) + strlen(ldap_filter_esc) + 1);
snprintf(search_exp, strlen(filter) + strlen(ldap_filter_esc) + 1, filter, ldap_filter_esc);
- if (ldap_filter_esc)
- xfree(ldap_filter_esc);
+ xfree(ldap_filter_esc);
if (depth > margs->mdepth) {
debug((char *) "%s| %s: DEBUG: Max search depth reached %d>%d\n", LogTime(), PROGRAM, depth, margs->mdepth);
+ xfree(search_exp);
return 0;
}
debug((char *) "%s| %s: DEBUG: Search ldap server with bind path %s and filter : %s\n", LogTime(), PROGRAM, bindp, search_exp);
rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE,
search_exp, NULL, 0,
NULL, NULL, &searchtime, 0, &res);
- if (search_exp)
- xfree(search_exp);
+ xfree(search_exp);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error searching ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
rc = ldap_url_parse(ldapuri, &url);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error while parsing url: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
- if (ldapuri)
- xfree(ldapuri);
- if (url)
- xfree(url);
+ xfree(ldapuri);
+ xfree(url);
return NULL;
}
#else
#error "No URL parsing function"
#endif
- if (url) {
- xfree(url);
- url = NULL;
- }
+ safe_free(url);
rc = ldap_initialize(&ld, ldapuri);
- if (ldapuri)
- xfree(ldapuri);
+ xfree(ldapuri);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error while initialising connection to ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
ldap_unbind(ld);
rc = ldap_url_parse(ldapuri, &url);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error while parsing url: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
- if (ldapuri)
- xfree(ldapuri);
- if (url)
- xfree(url);
+ xfree(ldapuri);
+ xfree(url);
return NULL;
}
#else
#error "No URL parsing function"
#endif
- if (url) {
- xfree(url);
- url = NULL;
- }
+ safe_free(url);
rc = ldap_initialize(&ld, ldapuri);
- if (ldapuri)
- xfree(ldapuri);
+ xfree(ldapuri);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error while initialising connection to ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
ldap_unbind(ld);
continue;
}
lcreds = (ldap_creds *) xmalloc(sizeof(struct ldap_creds));
- lcreds->dn = bindp ? xstrdup(bindp) : NULL;
+ lcreds->dn = NULL;
lcreds->pw = margs->ssl ? xstrdup(margs->ssl) : NULL;
ldap_set_rebind_proc(ld, ldap_sasl_rebind, (char *) lcreds);
if (ld != NULL) {
port = atoi(p);
}
nhosts = get_hostname_list(margs, &hlist, 0, host);
- if (host)
- xfree(host);
- host = NULL;
+ safe_free(host);
for (i = 0; i < nhosts; ++i) {
ld = tool_ldap_open(margs, hlist[i].host, port, ssl);
}
nhosts = free_hostname_list(&hlist, nhosts);
- if (bindp)
- xfree(bindp);
+ xfree(bindp);
if (margs->lbind) {
bindp = xstrdup(margs->lbind);
} else {
search_exp = (char *) xmalloc(strlen(filter) + strlen(ldap_filter_esc) + 1);
snprintf(search_exp, strlen(filter) + strlen(ldap_filter_esc) + 1, filter, ldap_filter_esc);
- if (ldap_filter_esc)
- xfree(ldap_filter_esc);
+ xfree(ldap_filter_esc);
debug((char *) "%s| %s: DEBUG: Search ldap server with bind path %s and filter : %s\n", LogTime(), PROGRAM, bindp, search_exp);
rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE,
search_exp, NULL, 0,
NULL, NULL, &searchtime, 0, &res);
- if (search_exp)
- xfree(search_exp);
+ xfree(search_exp);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error searching ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
search_exp = (char *) xmalloc(strlen(filter) + strlen(ldap_filter_esc) + 1);
snprintf(search_exp, strlen(filter) + strlen(ldap_filter_esc) + 1, filter, ldap_filter_esc);
- if (ldap_filter_esc)
- xfree(ldap_filter_esc);
+ xfree(ldap_filter_esc);
debug((char *) "%s| %s: DEBUG: Search ldap server with bind path %s and filter: %s\n", LogTime(), PROGRAM, bindp, search_exp);
rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE,
search_exp, NULL, 0,
NULL, NULL, &searchtime, 0, &res);
- if (search_exp)
- xfree(search_exp);
+ xfree(search_exp);
debug((char *) "%s| %s: DEBUG: Found %d ldap entr%s\n", LogTime(), PROGRAM, ldap_count_entries(ld, res), ldap_count_entries(ld, res) > 1 || ldap_count_entries(ld, res) == 0 ? "ies" : "y");
search_exp = (char *) xmalloc(strlen(filter) + strlen(ldap_filter_esc) + 1);
snprintf(search_exp, strlen(filter) + strlen(ldap_filter_esc) + 1, filter, ldap_filter_esc);
- if (ldap_filter_esc)
- xfree(ldap_filter_esc);
+ xfree(ldap_filter_esc);
debug((char *) "%s| %s: DEBUG: Search ldap server with bind path %s and filter: %s\n", LogTime(), PROGRAM, bindp, search_exp);
rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE,
search_exp, NULL, 0,
NULL, NULL, &searchtime, 0, &res);
- if (search_exp)
- xfree(search_exp);
+ xfree(search_exp);
max_attr_2 = get_attributes(margs, ld, res, ATTRIBUTE, &attr_value_2);
/*
debug((char *) "%s| %s: DEBUG: Users primary group %s %s\n", LogTime(), PROGRAM, retval ? "matches" : "does not match", group);
- } else
+ } else {
+ ldap_msgfree(res);
debug((char *) "%s| %s: DEBUG: Did not find ldap entry for group %s\n", LogTime(), PROGRAM, group);
+ }
/*
* Cleanup
*/
krb5_cleanup();
#endif
if (lcreds) {
- if (lcreds->dn)
- xfree(lcreds->dn);
- if (lcreds->pw)
- xfree(lcreds->pw);
+ xfree(lcreds->dn);
+ xfree(lcreds->pw);
xfree(lcreds);
}
- if (bindp)
- xfree(bindp);
- bindp = NULL;
+ xfree(bindp);
return (retval);
-
}
#endif
return lssp;
}
+void
+free_ls(struct lsstruct *lssp)
+{
+ while (lssp) {
+ struct lsstruct *lsspn = lssp->next;
+ xfree(lssp->lserver);
+ xfree(lssp->domain);
+ xfree(lssp);
+ lssp = lsspn;
+ }
+}
+
int
create_ls(struct main_args *margs)
{
if (*p == '@') { /* end of group name - start of domain name */
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No ldap servers defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_ls(lssp);
return (1);
}
+ if (dp) { /* end of domain name - twice */
+ debug((char *) "%s| %s: @ is not allowed in server name %s@%s\n",LogTime(), PROGRAM,np,dp);
+ free_ls(lssp);
+ return(1);
+ }
*p = '\0';
++p;
lssp = init_ls();
lssp->lserver = xstrdup(np);
- if (lsspn) /* Have already an existing structure */
- lssp->next = lsspn;
+ lssp->next = lsspn;
dp = p; /* after @ starts new domain name */
} else if (*p == ':') { /* end of group name or end of domain name */
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No ldap servers defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_ls(lssp);
return (1);
}
*p = '\0';
} else { /* end of group name and no domain name */
lssp = init_ls();
lssp->lserver = xstrdup(np);
- if (lsspn) /* Have already an existing structure */
- lssp->next = lsspn;
+ lssp->next = lsspn;
}
lsspn = lssp;
np = p; /* after : starts new group name */
}
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No ldap servers defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_ls(lssp);
return (1);
}
if (dp) { /* end of domain name */
return ndsp;
}
+void
+free_nd(struct ndstruct *ndsp)
+{
+ while (ndsp) {
+ struct ndstruct *ndspn = ndsp->next;
+ xfree(ndsp->netbios);
+ xfree(ndsp->domain);
+ xfree(ndsp);
+ ndsp = ndspn;
+ }
+}
+
int
create_nd(struct main_args *margs)
{
if (*p == '@') { /* end of group name - start of domain name */
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No netbios name defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_nd(ndsp);
return (1);
}
+ if (dp) { /* end of domain name - twice */
+ debug((char *) "%s| %s: @ is not allowed in netbios name %s@%s\n",LogTime(), PROGRAM,np,dp);
+ free_nd(ndsp);
+ return(1);
+ }
*p = '\0';
++p;
ndsp = init_nd();
ndsp->netbios = xstrdup(np);
- if (ndspn) /* Have already an existing structure */
- ndsp->next = ndspn;
+ ndsp->next = ndspn;
dp = p; /* after @ starts new domain name */
} else if (*p == ':') { /* end of group name or end of domain name */
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No netbios name defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_nd(ndsp);
return (1);
}
*p = '\0';
} else { /* end of group name and no domain name */
ndsp = init_nd();
ndsp->netbios = xstrdup(np);
- if (ndspn) /* Have already an existing structure */
- ndsp->next = ndspn;
+ ndsp->next = ndspn;
}
ndspn = ndsp;
np = p; /* after : starts new group name */
if (!ndsp->domain || !strcmp(ndsp->domain, "")) {
debug((char *) "%s| %s: DEBUG: No domain defined for netbios name %s\n", LogTime(), PROGRAM, ndsp->netbios);
+ free_nd(ndsp);
return (1);
}
debug((char *) "%s| %s: DEBUG: Netbios name %s Domain %s\n", LogTime(), PROGRAM, ndsp->netbios, ndsp->domain);
}
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No netbios name defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_nd(ndsp);
return (1);
}
if (dp) { /* end of domain name */
} else { /* end of group name and no domain name */
ndsp = init_nd();
ndsp->netbios = xstrdup(np);
- if (ndspn) /* Have already an existing structure */
- ndsp->next = ndspn;
+ ndsp->next = ndspn;
}
if (!ndsp->domain || !strcmp(ndsp->domain, "")) {
debug((char *) "%s| %s: DEBUG: No domain defined for netbios name %s\n", LogTime(), PROGRAM, ndsp->netbios);
+ free_nd(ndsp);
return (1);
}
debug((char *) "%s| %s: DEBUG: Netbios name %s Domain %s\n", LogTime(), PROGRAM, ndsp->netbios, ndsp->domain);
if ((len = res_search(service, ns_c_in, ns_t_srv, (u_char *) buffer, PACKETSZ_MULT * NS_PACKETSZ)) < 0) {
error((char *) "%s| %s: ERROR: Error while resolving service record %s with res_search\n", LogTime(), PROGRAM, service);
nsError(h_errno, service);
- goto cleanup;
+ goto finalise;
}
} else {
- goto cleanup;
+ goto finalise;
}
}
if (len > PACKETSZ_MULT * NS_PACKETSZ) {
if ((len = res_search(service, ns_c_in, ns_t_srv, (u_char *) buffer, len)) < 0) {
error((char *) "%s| %s: ERROR: Error while resolving service record %s with res_search\n", LogTime(), PROGRAM, service);
nsError(h_errno, service);
- goto cleanup;
+ goto finalise;
}
if (len > olen) {
error((char *) "%s| %s: ERROR: Reply to big: buffer: %d reply length: %d\n", LogTime(), PROGRAM, olen, len);
- goto cleanup;
+ goto finalise;
}
}
p = buffer;
p += 6 * NS_INT16SZ; /* Header(6*16bit) = id + flags + 4*section count */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < header size\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
if ((size = dn_expand(buffer, buffer + len, p, name, sysconf(_SC_HOST_NAME_MAX))) < 0) {
error((char *) "%s| %s: ERROR: Error while expanding query name with dn_expand: %s\n", LogTime(), PROGRAM, strerror(errno));
- goto cleanup;
+ goto finalise;
}
p += size; /* Query name */
p += 2 * NS_INT16SZ; /* Query type + class (2*16bit) */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < header + query name,type,class \n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
while (p < buffer + len) {
if ((size = dn_expand(buffer, buffer + len, p, name, sysconf(_SC_HOST_NAME_MAX))) < 0) {
error((char *) "%s| %s: ERROR: Error while expanding answer name with dn_expand: %s\n", LogTime(), PROGRAM, strerror(errno));
- goto cleanup;
+ goto finalise;
}
p += size; /* Resource Record name */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < header + query name,type,class + answer name\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
NS_GET16(type, p); /* RR type (16bit) */
p += NS_INT16SZ + NS_INT32SZ; /* RR class + ttl (16bit+32bit) */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < header + query name,type,class + answer name + RR type,class,ttl\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
NS_GET16(rdlength, p); /* RR data length (16bit) */
if (type == ns_t_srv) { /* SRV record */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < header + query name,type,class + answer name + RR type,class,ttl + RR data length\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
NS_GET16(priority, p); /* Priority (16bit) */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < SRV RR + priority\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
NS_GET16(weight, p); /* Weight (16bit) */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < SRV RR + priority + weight\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
NS_GET16(port, p); /* Port (16bit) */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < SRV RR + priority + weight + port\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
if ((size = dn_expand(buffer, buffer + len, p, host, NS_MAXDNAME)) < 0) {
error((char *) "%s| %s: ERROR: Error while expanding SRV RR name with dn_expand: %s\n", LogTime(), PROGRAM, strerror(errno));
- goto cleanup;
+ goto finalise;
}
debug((char *) "%s| %s: DEBUG: Resolved SRV %s record to %s\n", LogTime(), PROGRAM, service, host);
hp = (struct hstruct *) xrealloc(hp, sizeof(struct hstruct) * (nh + 1));
}
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < SRV RR + priority + weight + port + name\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
}
if (p != buffer + len) {
#else
error((char *) "%s| %s: ERROR: Inconsistence message length: %d!=0\n", LogTime(), PROGRAM, buffer + len - p);
#endif
- goto cleanup;
+ goto finalise;
}
-cleanup:
+finalise:
nhosts = get_hostname_list(margs, &hp, nh, domain);
debug("%s| %s: DEBUG: Adding %s to list\n", LogTime(), PROGRAM, domain);
hp[nhosts].weight = -2;
++nhosts;
+cleanup:
/* Remove duplicates */
for (i = 0; i < nhosts; ++i) {
for (j = i + 1; j < nhosts; ++j) {
char *sasl_realm = NULL;
char *sasl_authc_id = NULL;
char *sasl_authz_id = NULL;
-#ifdef HAVE_SUN_LDAP_SDK
char *sasl_mech = (char *) "GSSAPI";
-#else
- char *sasl_mech = NULL;
-#endif
/*
* Force encryption
*/
* Hosted at http://sourceforge.net/projects/squidkerbauth
*/
#include "squid.h"
+#include "rfc1738.h"
#include "compat/getaddrinfo.h"
#include "compat/getnameinfo.h"
*p = '\0';
}
fprintf(stdout, "AF %s %s\n", token, user);
- debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, token, user);
+ debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, token, rfc1738_escape(user));
if (log)
fprintf(stderr, "%s| %s: INFO: User %s authenticated\n", LogTime(),
- PROGRAM, user);
+ PROGRAM, rfc1738_escape(user));
goto cleanup;
} else {
if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log))
*p = '\0';
}
fprintf(stdout, "AF %s %s\n", "AA==", user);
- debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, "AA==", user);
+ debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, "AA==", rfc1738_escape(user));
if (log)
fprintf(stderr, "%s| %s: INFO: User %s authenticated\n", LogTime(),
- PROGRAM, user);
+ PROGRAM, rfc1738_escape(user));
}
cleanup:
projects / thirdparty / squid.git / commitdiff
