with this code.
denyusers.c and allowusers.c have a fair amount of nearly identical code.
I moved these functions to a new file, called usersfile.[ch]. I didn't
really want to add another source file, but....
The list of allowed/denied users were formerly stored as whitespace
separated tokens in a single char buffer. The code used strstr() to
search for matches. This was awkward because the search key had to
be surrounded by space characters. The new code uses and array
of char buffers -- one for each name. The new code uses qsort() and
bsearch().
The old code was more robust with the input file. You could put multiple
names on a single line. Due to the way the names were stored, it didn't
matter. The new code is less robust. It requires one name per line,
and no leading whitespace.
Names longer than NAMELEN are now truncated.
Added an openlog() call and Removed LOG_USER from syslog() calls.
No longer use scanf() in some places.
There is some weird logic about what to do if an allow/deny file
does not exist, or exists but cannot be read, or was read once but
cannot be read later. I hope it still works the same.
replaced some strcpy() calls with memset() and strncpy().
Fixed a strange usage of ServerArray[] that started at index 1?
#ifdefd-out some debugging code that included fprintfs to stderr, but
was apparently never called.
Rewrote some signal handling stuff to use sigaction() (and fall back
to signal()) and removed calls to sigvec().
#
# Makefile for the Squid Object Cache server
#
-# $Id: Makefile.am,v 1.4 2002/05/20 02:03:55 hno Exp $
+# $Id: Makefile.am,v 1.5 2002/06/19 22:53:56 wessels Exp $
#
# Uncomment and customize the following to suit your needs:
#
msnt_auth_SOURCES = md4.c rfcnb-io.c rfcnb-util.c session.c msntauth.c \
msntauth.h smbdes.c smbencrypt.c smblib-util.c smblib.c \
valid.c denyusers.c allowusers.c confload.c \
+ usersfile.c \
byteorder.h rfcnb-common.h rfcnb-error.h rfcnb.h \
rfcnb-io.h rfcnb-priv.h rfcnb-util.h smblib-common.h \
smblib.h smblib-priv.h std-defines.h std-includes.h valid.h
#
# Makefile for the Squid Object Cache server
#
-# $Id: Makefile.in,v 1.13 2002/05/20 02:05:32 hno Exp $
+# $Id: Makefile.in,v 1.14 2002/06/19 22:53:56 wessels Exp $
#
# Uncomment and customize the following to suit your needs:
#
msnt_auth_SOURCES = md4.c rfcnb-io.c rfcnb-util.c session.c msntauth.c \
msntauth.h smbdes.c smbencrypt.c smblib-util.c smblib.c \
valid.c denyusers.c allowusers.c confload.c \
+ usersfile.c \
byteorder.h rfcnb-common.h rfcnb-error.h rfcnb.h \
rfcnb-io.h rfcnb-priv.h rfcnb-util.h smblib-common.h \
smblib.h smblib-priv.h std-defines.h std-includes.h valid.h
rfcnb-util.$(OBJEXT) session.$(OBJEXT) msntauth.$(OBJEXT) \
smbdes.$(OBJEXT) smbencrypt.$(OBJEXT) smblib-util.$(OBJEXT) \
smblib.$(OBJEXT) valid.$(OBJEXT) denyusers.$(OBJEXT) \
- allowusers.$(OBJEXT) confload.$(OBJEXT)
+ allowusers.$(OBJEXT) confload.$(OBJEXT) usersfile.$(OBJEXT)
msnt_auth_OBJECTS = $(am_msnt_auth_OBJECTS)
msnt_auth_LDADD = $(LDADD)
msnt_auth_DEPENDENCIES =
@AMDEP_TRUE@ $(DEPDIR)/rfcnb-util.Po $(DEPDIR)/session.Po \
@AMDEP_TRUE@ $(DEPDIR)/smbdes.Po $(DEPDIR)/smbencrypt.Po \
@AMDEP_TRUE@ $(DEPDIR)/smblib-util.Po $(DEPDIR)/smblib.Po \
-@AMDEP_TRUE@ $(DEPDIR)/valid.Po
+@AMDEP_TRUE@ $(DEPDIR)/usersfile.Po $(DEPDIR)/valid.Po
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/smbencrypt.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/smblib-util.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/smblib.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/usersfile.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/valid.Po@am__quote@
distclean-depend:
* The code originated from denyusers.c.
*/
-#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
#include <unistd.h>
-#include <sys/stat.h>
-#include <errno.h>
-#include <time.h>
-#include <ctype.h>
+#include <sys/types.h>
#include <sys/param.h>
+#include "usersfile.h"
-#define NAMELEN 50 /* Maximum username length */
-
-/* Global variables */
-
-char *AllowedUsers; /* Pointer to string of allowed users */
-off_t AllowUserSize; /* Size of allowed users file */
-struct stat FileBuf; /* Stat data buffer */
-time_t LastModTime; /* Last allowed user file modification time */
+static usersfile AllowUsers;
+static int init = 0;
+/* shared */
char Allowuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */
-/* Function declarations */
-
-int Read_allowusers();
-int Check_ifuserallowed(char *);
-void Checkforchange();
-void Checktimer();
-
-/*
- * Reads the allowed users file for all users to be permitted.
- * Returns 0 if the user list was successfully loaded,
- * and 1 in case of error.
- * Logs any messages to the syslog daemon.
- */
-
int
-Read_allowusers()
+Read_allowusers(void)
{
- FILE *AFile; /* Allowed users file pointer */
- off_t APos = 0; /* File counter */
- char AChar; /* Character buffer */
-
- /* Stat the file. If it does not exist, save the size as zero.
- * Clear the allowed user string. Return. */
- if (stat(Allowuserpath, &FileBuf) == -1) {
- if (errno == ENOENT) {
- LastModTime = (time_t) 0;
- AllowUserSize = 0;
- free(AllowedUsers);
- AllowedUsers = malloc(sizeof(char));
- AllowedUsers[0] = '\0';
- return 0;
- } else {
- syslog(LOG_USER | LOG_ERR, strerror(errno));
- return 1;
- }
- }
- /* If it exists, save the modification time and size */
- LastModTime = FileBuf.st_mtime;
- AllowUserSize = FileBuf.st_size;
-
- /* Handle the special case of a zero length file */
- if (AllowUserSize == 0) {
- free(AllowedUsers);
- AllowedUsers = malloc(sizeof(char));
- AllowedUsers[0] = '\0';
- return 0;
- }
- /* Free and allocate space for a string to store the allowed usernames */
- free(AllowedUsers);
-
- if ((AllowedUsers = malloc(sizeof(char) * (AllowUserSize + 3))) == NULL) {
- syslog(LOG_USER | LOG_ERR, "Read_allowusers: malloc(AllowedUsers) failed.");
- return 1;
- }
- /* Open the allowed users file. Report any errors. */
-
- if ((AFile = fopen(Allowuserpath, "r")) == NULL) {
- syslog(LOG_USER | LOG_ERR, "Read_allowusers: Failed to open allowed user file.");
- syslog(LOG_USER | LOG_ERR, strerror(errno));
- return 1;
+ if (!init) {
+ memset(&AllowUsers, '\0', sizeof(AllowUsers));
+ init = 1;
}
- /* Read user names into the AllowedUsers string.
- * Make sure each string is delimited by a space. */
-
- AllowedUsers[APos++] = ' ';
-
- while (!feof(AFile)) {
- if ((AChar = fgetc(AFile)) == EOF)
- break;
- else {
- if (isspace(AChar))
- AllowedUsers[APos++] = ' ';
- else
- AllowedUsers[APos++] = toupper(AChar);
- }
- }
-
- AllowedUsers[APos++] = ' ';
- AllowedUsers[APos] = '\0';
- fclose(AFile);
- return 0;
+ return Read_usersfile(Allowuserpath, &AllowUsers);
}
-/*
- * Check to see if the username provided by Squid appears in the allowed
- * user list. Returns 0 if the user was not found, and 1 if they were.
- */
-
int
Check_ifuserallowed(char *ConnectingUser)
{
- static char CUBuf[NAMELEN + 1];
- static char CUBuf1[NAMELEN + 1];
- static int x;
- static char AllowMsg[256];
-
- /* If user string is empty, allow */
- if (ConnectingUser[0] == '\0')
- return 1;
-
- /* If allowed user list is empty, allow all users.
- * If no users are supposed to be using the proxy, stop squid instead. */
- if (AllowUserSize == 0)
- return 1;
-
- /* Check if username string is found in the allowed user list.
- * If so, allow. If not, deny. Reconstruct the username
- * to have whitespace, to avoid finding wrong string subsets. */
-
- sscanf(ConnectingUser, " %s ", CUBuf1);
- sprintf(CUBuf, " %s ", CUBuf1);
-
- for (x = 0; x <= strlen(CUBuf); x++)
- CUBuf[x] = toupper(CUBuf[x]);
-
- if (strstr(AllowedUsers, CUBuf) != NULL)
- return 1;
- else { /* If NULL, they are not allowed to use the proxy */
- sprintf(AllowMsg, "Did not allow access to user '%s'.", CUBuf1);
- syslog(LOG_USER | LOG_ERR, AllowMsg);
- return 0;
- }
+ return Check_userlist(&AllowUsers, ConnectingUser);
}
-/*
- * Checks if there has been a change in the allowed users file.
- * If the modification time has changed, then reload the allowed user list.
- * This function is called by the SIGHUP signal handler.
- */
-
void
-Check_forallowchange()
+Check_forallowchange(void)
{
- struct stat ChkBuf; /* Stat data buffer */
-
- /* Stat the allowed users file. If it cannot be accessed, return. */
-
- if (stat(Allowuserpath, &ChkBuf) == -1) {
- if (errno == ENOENT) {
- LastModTime = (time_t) 0;
- AllowUserSize = 0;
- free(AllowedUsers);
- AllowedUsers = malloc(sizeof(char));
- AllowedUsers[0] = '\0';
- return;
- } else { /* Report error when accessing file */
- syslog(LOG_USER | LOG_ERR, strerror(errno));
- return;
- }
- }
- /* If found, compare the modification time with the previously-recorded
- * modification time.
- * If the modification time has changed, reload the allowed user list.
- * Log a message of its actions. */
-
- if (ChkBuf.st_mtime != LastModTime) {
- syslog(LOG_USER | LOG_INFO, "Check_forallowchange: Reloading allowed user list.");
- Read_allowusers();
- }
+ Check_forfilechange(&AllowUsers);
}
#include <errno.h>
#include <sys/param.h>
#include <netdb.h>
+#include <assert.h>
#include "msntauth.h"
#include "valid.h"
-#define CONFIGFILE "/usr/local/squid/etc/msntauth.conf" /* Path to configuration file */
+/* Path to configuration file */
+#define CONFIGFILE "/usr/local/squid/etc/msntauth.conf"
#define DENYUSERSDEFAULT "/usr/local/squid/etc/denyusers"
#define ALLOWUSERSDEFAULT "/usr/local/squid/etc/allowusers"
-#define MAXSERVERS 5 /* Maximum number of servers to query. This number can be increased. */
+/* Maximum number of servers to query. This number can be increased. */
+#define MAXSERVERS 5
#define NTHOSTLEN 65
extern char Denyuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */
/* Initialise defaults */
Serversqueried = 0;
- strcpy(Denyuserpath, DENYUSERSDEFAULT);
- strcpy(Allowuserpath, ALLOWUSERSDEFAULT);
+ memset(ServerArray, '\0', sizeof(ServerArray));
+ memset(Denyuserpath, '\0', MAXPATHLEN);
+ memset(Allowuserpath, '\0', MAXPATHLEN);
+ strncpy(Denyuserpath, DENYUSERSDEFAULT, MAXPATHLEN - 1);
+ strncpy(Allowuserpath, ALLOWUSERSDEFAULT, MAXPATHLEN - 1);
/* Open file */
if ((ConfigFile = fopen(CONFIGFILE, "r")) == NULL) {
- syslog(LOG_USER | LOG_ERR, "OpenConfigFile: Failed to open %s.", CONFIGFILE);
- syslog(LOG_USER | LOG_ERR, strerror(errno));
+ syslog(LOG_ERR, "OpenConfigFile: Failed to open %s.", CONFIGFILE);
+ syslog(LOG_ERR, "%s", strerror(errno));
return 1;
}
/* Read in, one line at a time */
-
while (!feof(ConfigFile)) {
Confbuf[0] = '\0';
- fgets(Confbuf, 2049, ConfigFile);
+ if (NULL == fgets(Confbuf, 2048, ConfigFile))
+ break;
+ Confbuf[2048] = '\0';
ProcessLine(Confbuf);
}
- /* Check that at least one server is being queried. Report error if not.
+ /*
+ * Check that at least one server is being queried. Report error if not.
* Denied and allowed user files are hardcoded, so it's fine if they're
- * not set in the confugration file. */
-
+ * not set in the confugration file.
+ */
if (Serversqueried == 0) {
- syslog(LOG_USER | LOG_ERR, "OpenConfigFile: No servers set in %s. At least one is needed.", CONFIGFILE);
+ syslog(LOG_ERR, "OpenConfigFile: No servers set in %s. At least one is needed.", CONFIGFILE);
return 1;
}
fclose(ConfigFile);
/* Check for server line. Check for 3 parameters. */
if (strcasecmp(Directive, "server") == 0) {
Param1 = strtok(NULL, " \t\n");
+ if (NULL == Param1) {
+ syslog(LOG_ERR, "ProcessLine: 'server' missing PDC parameter.");
+ return;
+ }
Param2 = strtok(NULL, " \t\n");
+ if (NULL == Param2) {
+ syslog(LOG_ERR, "ProcessLine: 'server' missing BDC parameter.");
+ return;
+ }
Param3 = strtok(NULL, " \t\n");
-
- if ((Param1[0] == '\0') ||
- (Param2[0] == '\0') ||
- (Param3[0] == '\0')) {
- syslog(LOG_USER | LOG_ERR, "ProcessLine: A 'server' line needs PDC, BDC, and domain parameters.");
+ if (NULL == Param3) {
+ syslog(LOG_ERR, "ProcessLine: 'server' missing domain parameter.");
return;
}
AddServer(Param1, Param2, Param3);
if (strcasecmp(Directive, "denyusers") == 0) {
Param1 = strtok(NULL, " \t\n");
- if (Param1[0] == '\0') {
- syslog(LOG_USER | LOG_ERR, "ProcessLine: A 'denyusers' line needs a filename parameter.");
+ if (NULL == Param1) {
+ syslog(LOG_ERR, "ProcessLine: A 'denyusers' line needs a filename parameter.");
return;
}
- strcpy(Denyuserpath, Param1);
+ memset(Denyuserpath, '\0', MAXPATHLEN);
+ strncpy(Denyuserpath, Param1, MAXPATHLEN - 1);
return;
}
/* Check for allowusers line */
if (strcasecmp(Directive, "allowusers") == 0) {
Param1 = strtok(NULL, " \t\n");
- if (Param1[0] == '\0') {
- syslog(LOG_USER | LOG_ERR, "ProcessLine: An 'allowusers' line needs a filename parameter.");
+ if (NULL == Param1) {
+ syslog(LOG_ERR, "ProcessLine: An 'allowusers' line needs a filename parameter.");
return;
}
- strcpy(Allowuserpath, Param1);
+ memset(Allowuserpath, '\0', MAXPATHLEN);
+ strncpy(Allowuserpath, Param1, MAXPATHLEN - 1);
return;
}
/* Reports error for unknown line */
- syslog(LOG_USER | LOG_ERR, "ProcessLine: Ignoring '%s' line.", Directive);
+ syslog(LOG_ERR, "ProcessLine: Ignoring '%s' line.", Directive);
}
/*
void
AddServer(char *ParamPDC, char *ParamBDC, char *ParamDomain)
{
- if (Serversqueried + 1 > MAXSERVERS) {
- syslog(LOG_USER | LOG_ERR, "AddServer: Ignoring '%s' server line; too many servers.", ParamPDC);
+ if (Serversqueried == MAXSERVERS) {
+ syslog(LOG_ERR, "AddServer: Ignoring '%s' server line; "
+ "too many servers.", ParamPDC);
return;
}
- if (gethostbyname(ParamPDC) == (struct hostent *) NULL) {
- syslog(LOG_USER | LOG_ERR, "AddServer: Ignoring host '%s'. Cannot resolve its address.", ParamPDC);
+ if (gethostbyname(ParamPDC) == NULL) {
+ syslog(LOG_ERR, "AddServer: Ignoring host '%s'. "
+ "Cannot resolve its address.", ParamPDC);
return;
}
- if (gethostbyname(ParamBDC) == (struct hostent *) NULL) {
- syslog(LOG_USER | LOG_ERR, "AddServer: Ignoring host '%s'. Cannot resolve its address.", ParamBDC);
+ if (gethostbyname(ParamBDC) == NULL) {
+ syslog(LOG_USER | LOG_ERR, "AddServer: Ignoring host '%s'. "
+ "Cannot resolve its address.", ParamBDC);
return;
}
+ /* NOTE: ServerArray is zeroed in OpenConfigFile() */
+ assert(Serversqueried < MAXSERVERS);
+ strncpy(ServerArray[Serversqueried].pdc, ParamPDC, NTHOSTLEN - 1);
+ strncpy(ServerArray[Serversqueried].bdc, ParamBDC, NTHOSTLEN - 1);
+ strncpy(ServerArray[Serversqueried].domain, ParamDomain, NTHOSTLEN - 1);
Serversqueried++;
- strncpy(ServerArray[Serversqueried].pdc, ParamPDC, NTHOSTLEN);
- strncpy(ServerArray[Serversqueried].bdc, ParamBDC, NTHOSTLEN);
- strncpy(ServerArray[Serversqueried].domain, ParamDomain, NTHOSTLEN);
- ServerArray[Serversqueried].pdc[NTHOSTLEN - 1] = '\0';
- ServerArray[Serversqueried].bdc[NTHOSTLEN - 1] = '\0';
- ServerArray[Serversqueried].domain[NTHOSTLEN - 1] = '\0';
}
/*
int
QueryServers(char *username, char *password)
{
- int Queryresult = 1; /* Default result is an error */
- int x = 1;
-
- while (x <= Serversqueried) { /* Query one server. Change Queryresult if user passed. */
- if (QueryServerForUser(x++, username, password) == 0) {
- Queryresult = 0;
- break;
- }
+ int i;
+ for (i = 0; i < Serversqueried; i++) {
+ if (0 == QueryServerForUser(i, username, password))
+ return 0;
}
-
- return Queryresult;
+ return 1;
}
/*
#define LOG_AUTHPRIV LOG_AUTH
#endif
-int
+static int
QueryServerForUser(int x, char *username, char *password)
{
int result = 1;
case 0:
break;
case 1:
- syslog(LOG_AUTHPRIV | LOG_INFO, "Server error when checking %s.", username);
+ syslog(LOG_AUTHPRIV | LOG_INFO, "Server error when checking %s.",
+ username);
break;
case 2:
- syslog(LOG_AUTHPRIV | LOG_INFO, "Protocol error when checking %s.", username);
+ syslog(LOG_AUTHPRIV | LOG_INFO, "Protocol error when checking %s.",
+ username);
break;
case 3:
- syslog(LOG_AUTHPRIV | LOG_INFO, "Authentication failed for %s.", username);
+ syslog(LOG_AUTHPRIV | LOG_INFO, "Authentication failed for %s.",
+ username);
+ break;
}
return result;
* Routines at the bottom also use the allowed user functions.
*/
-#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
#include <unistd.h>
-#include <sys/stat.h>
-#include <errno.h>
#include <time.h>
-#include <ctype.h>
+#include <sys/types.h>
#include <sys/param.h>
+#include "usersfile.h"
-#define NAMELEN 50 /* Maximum username length */
+extern int Check_ifuserallowed(const char *);
+extern void Check_forallowchange(void);
-/* Global variables */
-
-char *DeniedUsers; /* Pointer to string of denied users */
-off_t DenyUserSize; /* Size of denied user file */
-struct stat FileBuf; /* Stat data buffer */
-time_t LastModTime; /* Last denied user file modification time */
+static usersfile DenyUsers;
+static int init = 0;
+/* shared */
char Denyuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */
-/* Function declarations */
-
-int Read_denyusers();
-int Check_ifuserdenied(char *);
-int Check_user(char *);
-void Checktimer();
-void Check_forchange();
-void Check_fordenychange();
-extern void Check_forallowchange(); /* For allowed users */
-extern int Check_ifuserallowed(char *);
-
-/*
- * Reads Denyuserpath for all users to be excluded.
- * Returns 0 if the user list was successfully loaded,
- * and 1 in case of error.
- * Logs any messages to the syslog daemon.
- */
-
int
-Read_denyusers()
+Read_denyusers(void)
{
- FILE *DFile; /* Denied user file pointer */
- off_t DPos = 0; /* File counter */
- char DChar; /* Character buffer */
-
- /* Stat the file. If it does not exist, save the size as zero.
- * Clear the denied user string. Return. */
- if (stat(Denyuserpath, &FileBuf) == -1) {
- if (errno == ENOENT) {
- LastModTime = (time_t) 0;
- DenyUserSize = 0;
- free(DeniedUsers);
- DeniedUsers = malloc(sizeof(char));
- DeniedUsers[0] = '\0';
- return 0;
- } else {
- syslog(LOG_USER | LOG_ERR, strerror(errno));
- return 1;
- }
- }
- /* If it exists, save the modification time and size */
- LastModTime = FileBuf.st_mtime;
- DenyUserSize = FileBuf.st_size;
-
- /* Handle the special case of a zero length file */
- if (DenyUserSize == 0) {
- free(DeniedUsers);
- DeniedUsers = malloc(sizeof(char));
- DeniedUsers[0] = '\0';
- return 0;
- }
- /* Free and allocate space for a string to store the denied usernames */
- free(DeniedUsers);
-
- if ((DeniedUsers = malloc(sizeof(char) * (DenyUserSize + 3))) == NULL) {
- syslog(LOG_USER | LOG_ERR, "Read_denyusers: malloc(DeniedUsers) failed.");
- return 1;
- }
- /* Open the denied user file. Report any errors. */
-
- if ((DFile = fopen(Denyuserpath, "r")) == NULL) {
- syslog(LOG_USER | LOG_ERR, "Read_denyusers: Failed to open denied user file.");
- syslog(LOG_USER | LOG_ERR, strerror(errno));
- return 1;
- }
- /* Read user names into the DeniedUsers string.
- * Make sure each string is delimited by a space. */
-
- DeniedUsers[DPos++] = ' ';
-
- while (!feof(DFile)) {
- if ((DChar = fgetc(DFile)) == EOF)
- break;
- else {
- if (isspace(DChar))
- DeniedUsers[DPos++] = ' ';
- else
- DeniedUsers[DPos++] = toupper(DChar);
- }
+ if (!init) {
+ memset(&DenyUsers, '\0', sizeof(DenyUsers));
+ init = 1;
}
+ return Read_usersfile(Denyuserpath, &DenyUsers);
+}
- DeniedUsers[DPos++] = ' ';
- DeniedUsers[DPos] = '\0';
- fclose(DFile);
- return 0;
+void
+Check_fordenychange(void)
+{
+ Check_forfilechange(&DenyUsers);
}
+
/*
* Check to see if the username provided by Squid appears in the denied
* user list. Returns 0 if the user was not found, and 1 if they were.
int
Check_ifuserdenied(char *ConnectingUser)
{
- static char CUBuf[NAMELEN + 1];
- static char CUBuf1[NAMELEN + 1];
- static int x;
- static char DenyMsg[256];
-
/* If user string is empty, deny */
if (ConnectingUser[0] == '\0')
return 1;
/* If denied user list is empty, allow */
- if (DenyUserSize == 0)
+ if (DenyUsers.Inuse == 0)
return 0;
- /* Check if username string is found in the denied user list.
- * If so, deny. If not, allow. Reconstruct the username
- * to have whitespace, to avoid finding wrong string subsets. */
-
- sscanf(ConnectingUser, " %s ", CUBuf1);
- sprintf(CUBuf, " %s ", CUBuf1);
-
- for (x = 0; x <= strlen(CUBuf); x++)
- CUBuf[x] = toupper(CUBuf[x]);
-
- if (strstr(DeniedUsers, CUBuf) == NULL)
- return 0;
- else {
- sprintf(DenyMsg, "Denied access to user '%s'.", CUBuf1);
- syslog(LOG_USER | LOG_ERR, DenyMsg);
- return 1;
- }
-}
-
-/*
- * Checks if there has been a change in the denied user file.
- * If the modification time has changed, then reload the denied user list.
- * This function is called by the SIGHUP signal handler.
- */
-
-void
-Check_fordenychange()
-{
- struct stat ChkBuf; /* Stat data buffer */
-
- /* Stat the denied user file. If it cannot be accessed, return. */
-
- if (stat(Denyuserpath, &ChkBuf) == -1) {
- if (errno == ENOENT) {
- LastModTime = (time_t) 0;
- DenyUserSize = 0;
- free(DeniedUsers);
- DeniedUsers = malloc(sizeof(char));
- DeniedUsers[0] = '\0';
- return;
- } else { /* Report error when accessing file */
- syslog(LOG_USER | LOG_ERR, strerror(errno));
- return;
- }
- }
- /* If found, compare the modification time with the previously-recorded
- * modification time.
- * If the modification time has changed, reload the denied user list.
- * Log a message of its actions. */
-
- if (ChkBuf.st_mtime != LastModTime) {
- syslog(LOG_USER | LOG_INFO, "Check_fordenychange: Reloading denied user list.");
- Read_denyusers();
- }
+ return Check_userlist(&DenyUsers, ConnectingUser);
}
/*
*/
int
-main()
+main(int argc, char **argv)
{
char username[256];
char password[256];
char wstr[256];
+ openlog("msnt_auth", LOG_PID, LOG_USER);
+ setbuf(stdout, NULL);
+
/* Read configuration file. Abort wildly if error. */
if (OpenConfigFile() == 1)
return 1;
- /* Read denied and allowed user files.
+ /*
+ * Read denied and allowed user files.
* If they fails, there is a serious problem.
* Check syslog messages. Deny all users while in this state.
- * The msntauth process should then be killed. */
-
+ * The msntauth process should then be killed.
+ */
if ((Read_denyusers() == 1) || (Read_allowusers() == 1)) {
while (1) {
+ memset(wstr, '\0', sizeof(wstr));
fgets(wstr, 255, stdin);
puts("ERR");
- fflush(stdout);
}
}
- /* Make Check_forchange() the handle for HUP signals.
+ /*
+ * Make Check_forchange() the handle for HUP signals.
* Don't use alarms any more. I don't think it was very
- * portable between systems. */
+ * portable between systems.
+ * XXX this should be sigaction()
+ */
signal(SIGHUP, Check_forchange);
while (1) {
+ int n;
/* Read whole line from standard input. Terminate on break. */
+ memset(wstr, '\0', sizeof(wstr));
if (fgets(wstr, 255, stdin) == NULL)
break;
+ /* ignore this line if we didn't get the end-of-line marker */
+ if (NULL == strchr(wstr, '\n'))
+ break;
- /* Clear any current settings. Read new ones. Use \n as a
- * convenient EOL marker which is not even there. */
+ /*
+ * extract username and password.
+ * XXX is sscanf() safe?
+ */
username[0] = '\0';
password[0] = '\0';
- sscanf(wstr, "%s %[^\n]", username, password); /* Extract parameters */
-
+ n = sscanf(wstr, "%s %[^\n]", username, password);
+ if (2 != n) {
+ puts("ERR");
+ continue;
+ }
/* Check for invalid or blank entries */
if ((username[0] == '\0') || (password[0] == '\0')) {
puts("ERR");
- fflush(stdout);
continue;
}
Checktimer(); /* Check if the user lists have changed */
- /* Check if user is explicitly denied or allowed.
- * If user passes both checks, they can be authenticated. */
-
+ /*
+ * Check if user is explicitly denied or allowed.
+ * If user passes both checks, they can be authenticated.
+ */
if (Check_user(username) == 1)
puts("ERR");
- else {
- if (QueryServers(username, password) == 0)
- puts("OK");
- else
- puts("ERR");
- }
-
- fflush(stdout);
+ else if (QueryServers(username, password) == 0)
+ puts("OK");
+ else
+ puts("ERR");
}
return 0;
#include <sys/uio.h>
#include <sys/signal.h>
#include <string.h>
+#include <syslog.h>
+#include <signal.h>
int RFCNB_Timeout = 0; /* Timeout in seconds ... */
void
rfcnb_alarm(int sig)
{
-
- fprintf(stderr, "IO Timed out ...\n");
-
+ syslog(LOG_ERR, "%s:%d: IO Timed out ...\n", __FILE__, __LINE__);
}
/* Set timeout value and setup signal handling */
int
RFCNB_Set_Timeout(int seconds)
{
-#ifdef __GLIBC__
- int temp;
-#endif
- /* If we are on a Bezerkeley system, use sigvec, else sigaction */
-#ifndef SA_RESTART
- struct sigvec invec, outvec;
-#else
- struct sigaction inact, outact;
+#ifdef SA_RESTART
+ struct sigaction sa;
#endif
-
+ int x;
RFCNB_Timeout = seconds;
-
- if (RFCNB_Timeout > 0) { /* Set up handler to ignore but not restart */
-
-#ifndef SA_RESTART
- invec.sv_handler = (void (*)()) rfcnb_alarm;
- invec.sv_mask = 0;
- invec.sv_flags = SV_INTERRUPT;
-
- if (sigvec(SIGALRM, &invec, &outvec) < 0)
- return (-1);
-#else
- inact.sa_handler = (void (*)()) rfcnb_alarm;
-#ifdef SOLARIS
- /* Solaris seems to have an array of vectors ... */
- inact.sa_mask.__sigbits[0] = 0;
- inact.sa_mask.__sigbits[1] = 0;
- inact.sa_mask.__sigbits[2] = 0;
- inact.sa_mask.__sigbits[3] = 0;
+ if (RFCNB_Timeout <= 0)
+ return 0;
+#ifdef SA_RESTART
+ sa.sa_handler = rfcnb_alarm;
+ sa.sa_flags = 0;
+ sigemptyset(&sa.sa_mask);
+ x = sigaction(SIGALRM, &sa, NULL);
+ ;
#else
-#ifdef __GLIBC__
- for (temp = 0; temp < 32; temp++)
- inact.sa_mask.__val[temp] = 0;
-#else
- /* AI - If you have problems with this line, contact the author */
- /* AI - This is the old line: inact.sa_mask = 0; */
- memset(&inact.sa_mask, 0, sizeof(inact.sa_mask));
-#endif
+ signal(SIGALRM, rfcnb_alarm);
#endif
- inact.sa_flags = 0; /* Don't restart */
-
- if (sigaction(SIGALRM, &inact, &outact) < 0)
- return (-1);
-
-#endif
-
+ if (x < 0) {
+ syslog(LOG_ERR, "%s:%d: signal/sigaction: %s", __FILE__, __LINE__, strerror(errno));
+ return -1;
}
- return (0);
-
+ return 0;
}
-/* Discard the rest of an incoming packet as we do not have space for it
- * in the buffer we allocated or were passed ... */
+
+/*
+ * Discard the rest of an incoming packet as we do not have space for it
+ * in the buffer we allocated or were passed ...
+ */
int
RFCNB_Discard_Rest(struct RFCNB_Con *con, int len)
{
char temp[100]; /* Read into here */
- int rest, this_read, bytes_read;
+ int rest;
+ int this_read;
+ int bytes_read;
/* len is the amount we should read */
int
RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len)
{
- int len_sent, tot_sent, this_len;
- struct RFCNB_Pkt *pkt_ptr;
+ int len_sent = 0;
+ int tot_sent = 0;
+ int this_len;
+ int i = 0;
+ struct RFCNB_Pkt *pkt_ptr = pkt;
char *this_data;
- int i;
struct iovec io_list[10]; /* We should never have more */
/* If we do, this will blow up ... */
/* Try to send the data ... We only send as many bytes as len claims */
/* We should try to stuff it into an IOVEC and send as one write */
-
- pkt_ptr = pkt;
- len_sent = tot_sent = 0; /* Nothing sent so far */
- i = 0;
-
while ((pkt_ptr != NULL) & (i < 10)) { /* Watch that magic number! */
this_len = pkt_ptr->len;
}
+#ifdef RFCNB_DEBUG
/* Print a string of bytes in HEX etc */
void
fprintf(fd, "\n");
}
+#endif
/* Get a packet of size n */
{
RFCNB_Pkt *pkt;
- if ((pkt = (struct RFCNB_Pkt *) malloc(sizeof(struct RFCNB_Pkt))) == NULL) {
-
+ if ((pkt = malloc(sizeof(struct RFCNB_Pkt))) == NULL) {
RFCNB_errno = RFCNBE_NoSpace;
RFCNB_saved_errno = errno;
return (NULL);
-
}
pkt->next = NULL;
pkt->len = n;
if (n == 0)
return (pkt);
- if ((pkt->data = (char *) malloc(n)) == NULL) {
-
+ if ((pkt->data = malloc(n)) == NULL) {
RFCNB_errno = RFCNBE_NoSpace;
RFCNB_saved_errno = errno;
free(pkt);
return (NULL);
-
}
return (pkt);
RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt)
{
struct RFCNB_Pkt *pkt_next;
- char *data_ptr;
while (pkt != NULL) {
pkt_next = pkt->next;
- data_ptr = pkt->data;
-
- if (data_ptr != NULL)
- free(data_ptr);
+ if (pkt->data != NULL)
+ free(pkt->data);
free(pkt);
}
+#ifdef RFCNB_DEBUG
/* Print an RFCNB packet */
void
}
}
+#endif
/* Resolve a name into an address */
projects / thirdparty / squid.git / commitdiff
