From: Amos Jeffries Date: Thu, 8 Jul 2010 11:58:30 +0000 (+1200) Subject: Helpers: unify auth helpers use of debug and HELPER_INPUT_BUFFER X-Git-Tag: SQUID_3_2_0_1~76 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e673ba3a911ca99cdeaf2fda6606a26568416aa9;p=thirdparty%2Fsquid.git Helpers: unify auth helpers use of debug and HELPER_INPUT_BUFFER --- diff --git a/helpers/basic_auth/LDAP/basic_ldap_auth.cc b/helpers/basic_auth/LDAP/basic_ldap_auth.cc index 1e78bc324e..061aee8e3d 100644 --- a/helpers/basic_auth/LDAP/basic_ldap_auth.cc +++ b/helpers/basic_auth/LDAP/basic_ldap_auth.cc @@ -148,7 +148,6 @@ static int sslinit = 0; #endif static int connect_timeout = 0; static int timelimit = LDAP_NO_LIMIT; -static int debug_mode = 0; /* Added for TLS support and version 3 */ static int use_tls = 0; @@ -496,7 +495,7 @@ main(int argc, char **argv) break; #endif case 'd': - debug_mode++; + debug_enabled = 1; break; default: fprintf(stderr, PROGRAM_NAME ": ERROR: Unknown command line option '%c'\n", option); @@ -650,8 +649,7 @@ checkLDAP(LDAP * persistent_ld, const char *userid, const char *password, const /* LDAP can't bind with a blank password. Seen as "anonymous" * and always granted access */ - if (debug_mode) - fprintf(stderr, "Blank password given\n"); + debug("Blank password given\n"); return 1; } if (searchfilter) { @@ -677,16 +675,14 @@ checkLDAP(LDAP * persistent_ld, const char *userid, const char *password, const } } snprintf(filter, sizeof(filter), searchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login); - if (debug_mode) - fprintf(stderr, "user filter '%s', searchbase '%s'\n", filter, basedn); + debug("user filter '%s', searchbase '%s'\n", filter, basedn); rc = ldap_search_s(search_ld, basedn, searchscope, filter, searchattr, 1, &res); if (rc != LDAP_SUCCESS) { if (noreferrals && rc == LDAP_PARTIAL_RESULTS) { /* Everything is fine. This is expected when referrals * are disabled. */ - if (debug_mode) - fprintf(stderr, "noreferrals && rc == LDAP_PARTIAL_RESULTS\n"); + debug("noreferrals && rc == LDAP_PARTIAL_RESULTS\n"); } else { fprintf(stderr, PROGRAM_NAME ": WARNING, LDAP search error '%s'\n", ldap_err2string(rc)); #if defined(NETSCAPE_SSL) @@ -701,8 +697,7 @@ checkLDAP(LDAP * persistent_ld, const char *userid, const char *password, const } entry = ldap_first_entry(search_ld, res); if (!entry) { - if (debug_mode) - fprintf(stderr, "Ldap search returned nothing\n"); + debug("Ldap search returned nothing\n"); ret = 1; goto search_done; } @@ -735,8 +730,7 @@ search_done: snprintf(dn, sizeof(dn), "%s=%s,%s", userattr, userid, basedn); } - if (debug_mode) - fprintf(stderr, "attempting to authenticate user '%s'\n", dn); + debug("attempting to authenticate user '%s'\n", dn); if (!bind_ld && !bind_once) bind_ld = persistent_ld; if (!bind_ld) diff --git a/helpers/basic_auth/RADIUS/basic_radius_auth.cc b/helpers/basic_auth/RADIUS/basic_radius_auth.cc index 94a6f0b4a5..072460c577 100644 --- a/helpers/basic_auth/RADIUS/basic_radius_auth.cc +++ b/helpers/basic_auth/RADIUS/basic_radius_auth.cc @@ -119,7 +119,6 @@ static u_int32_t auth_ipaddr; static int retries = 30; char progname[] = "basic_radius_auth"; -int debug_flag = 0; #ifdef _SQUID_MSWIN_ void @@ -456,6 +455,9 @@ main(int argc, char **argv) while ((c = getopt(argc, argv, "h:p:f:w:i:t:")) != -1) { switch (c) { + case 'd': + debug_enabled = 1; + break; case 'f': cfname = optarg; break; diff --git a/helpers/basic_auth/SMB/basic_smb_auth.cc b/helpers/basic_auth/SMB/basic_smb_auth.cc index c215724dd6..d7a93a5944 100644 --- a/helpers/basic_auth/SMB/basic_smb_auth.cc +++ b/helpers/basic_auth/SMB/basic_smb_auth.cc @@ -42,6 +42,7 @@ */ #define SQUID_NO_ALLOC_PROTECT 1 #include "config.h" +#include "helpers/defines.h" #include "rfc1738.h" #include "util.h" @@ -53,7 +54,6 @@ #endif -#define BUFSIZE 256 #define NMB_UNICAST 1 #define NMB_BROADCAST 2 @@ -79,12 +79,12 @@ struct SMBDOMAIN *lastdom = NULL; void print_esc(FILE * p, char *s) { - char buf[256]; + char buf[HELPER_INPUT_BUFFER]; char *t; int i = 0; for (t = s; *t != '\0'; t++) { - if (i > 250) { + if (i > HELPER_INPUT_BUFFER-2) { buf[i] = '\0'; (void) fputs(buf, p); i = 0; @@ -105,14 +105,13 @@ int main(int argc, char *argv[]) { int i; - char buf[BUFSIZE]; + char buf[HELPER_INPUT_BUFFER]; struct SMBDOMAIN *dom; char *s; char *user; char *pass; char *domname; FILE *p; - int debug = 0; const char *shcmd; /* make standard output line buffered */ @@ -122,7 +121,7 @@ main(int argc, char *argv[]) /* parse command line arguments */ for (i = 1; i < argc; i++) { if (strcmp(argv[i], "-d") == 0) { - debug = 1; + debug_enabled = 1; continue; } /* the next options require an argument */ @@ -197,22 +196,20 @@ main(int argc, char *argv[]) } } - shcmd = debug ? HELPERSCRIPT : HELPERSCRIPT " > /dev/null 2>&1"; + shcmd = debug_enabled ? HELPERSCRIPT : HELPERSCRIPT " > /dev/null 2>&1"; /* pass to helper script */ if (putenv((char *)"SAMBAPREFIX=" SAMBAPREFIX) != 0) return 1; - while (1) { - if (fgets(buf, BUFSIZE, stdin) == NULL) - break; + while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) { if ((s = strchr(buf, '\n')) == NULL) continue; *s = '\0'; if ((s = strchr(buf, ' ')) == NULL) { - (void) printf("ERR\n"); + SEND_ERR(""); continue; } *s = '\0'; @@ -238,11 +235,11 @@ main(int argc, char *argv[]) dom = firstdom; if (dom == NULL) { - (void) printf("ERR\n"); + SEND_ERR(""); continue; } if ((p = popen(shcmd, "w")) == NULL) { - (void) printf("ERR\n"); + SEND_ERR(""); continue; } (void) fprintf(p, "%s\n", dom->name); @@ -258,10 +255,9 @@ main(int argc, char *argv[]) (void) fflush(p); if (pclose(p) == 0) - (void) printf("OK\n"); + SEND_OK(""); else - (void) printf("ERR\n"); - + SEND_ERR(""); } /* while (1) */ return 0; } diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc index 015f894db9..69f54cdeee 100644 --- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc +++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc @@ -79,7 +79,7 @@ #endif int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, - const char *function, int debug, int log); + const char *function, int log); char *gethost_name(void); static const char *LogTime(void); @@ -148,7 +148,7 @@ gethost_name(void) int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, - const char *function, int debug, int log) + const char *function, int log) { if (GSS_ERROR(major_status)) { OM_uint32 maj_stat, min_stat; @@ -192,9 +192,7 @@ check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, } gss_release_buffer(&min_stat, &status_string); } - if (debug) - fprintf(stderr, "%s| %s: ERROR: %s failed: %s\n", LogTime(), PROGRAM, - function, buf); + debug("%s| %s: ERROR: %s failed: %s\n", LogTime(), PROGRAM, function, buf); fprintf(stdout, "BH %s failed: %s\n", function, buf); if (log) fprintf(stderr, "%s| %s: INFO: User not authenticated\n", LogTime(), @@ -214,7 +212,7 @@ main(int argc, char *const argv[]) char *user = NULL; int length = 0; static int err = 0; - int opt, debug = 0, log = 0, norealm = 0; + int opt, log = 0, norealm = 0; OM_uint32 ret_flags = 0, spnego_flag = 0; char *service_name = (char *) "HTTP", *host_name = NULL; char *token = NULL; @@ -237,7 +235,7 @@ main(int argc, char *const argv[]) while (-1 != (opt = getopt(argc, argv, "dirs:h"))) { switch (opt) { case 'd': - debug = 1; + debug_enabled = 1; break; case 'i': log = 1; @@ -266,9 +264,7 @@ main(int argc, char *const argv[]) } } - if (debug) - fprintf(stderr, "%s| %s: INFO: Starting version %s\n", LogTime(), PROGRAM, - SQUID_KERB_AUTH_VERSION); + debug("%s| %s: INFO: Starting version %s\n", LogTime(), PROGRAM, SQUID_KERB_AUTH_VERSION); if (service_principal && strcasecmp(service_principal, "GSS_C_NO_NAME")) { service.value = service_principal; service.length = strlen((char *) service.value); @@ -290,11 +286,9 @@ main(int argc, char *const argv[]) while (1) { if (fgets(buf, sizeof(buf) - 1, stdin) == NULL) { if (ferror(stdin)) { - if (debug) - fprintf(stderr, - "%s| %s: FATAL: fgets() failed! dying..... errno=%d (%s)\n", - LogTime(), PROGRAM, ferror(stdin), - strerror(ferror(stdin))); + debug("%s| %s: FATAL: fgets() failed! dying..... errno=%d (%s)\n", + LogTime(), PROGRAM, ferror(stdin), + strerror(ferror(stdin))); fprintf(stdout, "BH input error\n"); exit(1); /* BIIG buffer */ @@ -311,30 +305,22 @@ main(int argc, char *const argv[]) err = 1; } if (err) { - if (debug) - fprintf(stderr, "%s| %s: ERROR: Oversized message\n", LogTime(), - PROGRAM); + debug("%s| %s: ERROR: Oversized message\n", LogTime(), PROGRAM); fprintf(stdout, "BH Oversized message\n"); err = 0; continue; } - if (debug) - fprintf(stderr, "%s| %s: DEBUG: Got '%s' from squid (length: %d).\n", - LogTime(), PROGRAM, buf, length); + debug("%s| %s: DEBUG: Got '%s' from squid (length: %d).\n", LogTime(), PROGRAM, buf, length); if (buf[0] == '\0') { - if (debug) - fprintf(stderr, "%s| %s: ERROR: Invalid request\n", LogTime(), - PROGRAM); + debug("%s| %s: ERROR: Invalid request\n", LogTime(), PROGRAM); fprintf(stdout, "BH Invalid request\n"); continue; } if (strlen(buf) < 2) { - if (debug) - fprintf(stderr, "%s| %s: ERROR: Invalid request [%s]\n", LogTime(), - PROGRAM, buf); + debug("%s| %s: ERROR: Invalid request [%s]\n", LogTime(), PROGRAM, buf); fprintf(stdout, "BH Invalid request\n"); continue; } @@ -375,9 +361,7 @@ main(int argc, char *const argv[]) } if (strncmp(buf, "YR", 2) && strncmp(buf, "KK", 2)) { - if (debug) - fprintf(stderr, "%s| %s: ERROR: Invalid request [%s]\n", LogTime(), - PROGRAM, buf); + debug("%s| %s: ERROR: Invalid request [%s]\n", LogTime(), PROGRAM, buf); fprintf(stdout, "BH Invalid request\n"); continue; } @@ -388,17 +372,14 @@ main(int argc, char *const argv[]) } if (strlen(buf) <= 3) { - if (debug) - fprintf(stderr, "%s| %s: ERROR: Invalid negotiate request [%s]\n", - LogTime(), PROGRAM, buf); + debug("%s| %s: ERROR: Invalid negotiate request [%s]\n", LogTime(), PROGRAM, buf); fprintf(stdout, "BH Invalid negotiate request\n"); continue; } input_token.length = ska_base64_decode_len(buf + 3); - if (debug) - fprintf(stderr, "%s| %s: DEBUG: Decode '%s' (decoded length: %d).\n", - LogTime(), PROGRAM, buf + 3, (int) input_token.length); + debug("%s| %s: DEBUG: Decode '%s' (decoded length: %d).\n", + LogTime(), PROGRAM, buf + 3, (int) input_token.length); input_token.value = xmalloc(input_token.length); ska_base64_decode((char*)input_token.value, buf + 3, input_token.length); @@ -406,11 +387,10 @@ main(int argc, char *const argv[]) if ((input_token.length >= sizeof ntlmProtocol + 1) && (!memcmp(input_token.value, ntlmProtocol, sizeof ntlmProtocol))) { - if (debug) - fprintf(stderr, "%s| %s: WARNING: received type %d NTLM token\n", - LogTime(), PROGRAM, - (int) *((unsigned char *) input_token.value + - sizeof ntlmProtocol)); + debug("%s| %s: WARNING: received type %d NTLM token\n", + LogTime(), PROGRAM, + (int) *((unsigned char *) input_token.value + + sizeof ntlmProtocol)); fprintf(stdout, "BH received type %d NTLM token\n", (int) *((unsigned char *) input_token.value + sizeof ntlmProtocol)); @@ -431,15 +411,13 @@ main(int argc, char *const argv[]) gss_nt_service_name, &server_name); } - if (check_gss_err(major_status, minor_status, "gss_import_name()", - debug, log)) + if (check_gss_err(major_status, minor_status, "gss_import_name()", log)) goto cleanup; major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, &server_creds, NULL, NULL); - if (check_gss_err(major_status, minor_status, "gss_acquire_cred()", - debug, log)) + if (check_gss_err(major_status, minor_status, "gss_acquire_cred()", log)) goto cleanup; major_status = gss_accept_sec_context(&minor_status, @@ -455,9 +433,7 @@ main(int argc, char *const argv[]) spnegoTokenLength = output_token.length; token = (char*)xmalloc(ska_base64_encode_len(spnegoTokenLength)); if (token == NULL) { - if (debug) - fprintf(stderr, "%s| %s: ERROR: Not enough memory\n", LogTime(), - PROGRAM); + debug("%s| %s: ERROR: Not enough memory\n", LogTime(), PROGRAM); fprintf(stdout, "BH Not enough memory\n"); goto cleanup; } @@ -465,13 +441,10 @@ main(int argc, char *const argv[]) ska_base64_encode(token, (const char *) spnegoToken, ska_base64_encode_len(spnegoTokenLength), spnegoTokenLength); - if (check_gss_err(major_status, minor_status, - "gss_accept_sec_context()", debug, log)) + if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log)) goto cleanup; if (major_status & GSS_S_CONTINUE_NEEDED) { - if (debug) - fprintf(stderr, "%s| %s: INFO: continuation needed\n", LogTime(), - PROGRAM); + debug("%s| %s: INFO: continuation needed\n", LogTime(), PROGRAM); fprintf(stdout, "TT %s\n", token); goto cleanup; } @@ -480,14 +453,11 @@ main(int argc, char *const argv[]) gss_display_name(&minor_status, client_name, &output_token, NULL); - if (check_gss_err(major_status, minor_status, "gss_display_name()", - debug, log)) + if (check_gss_err(major_status, minor_status, "gss_display_name()", log)) goto cleanup; user = (char*)xmalloc(output_token.length + 1); if (user == NULL) { - if (debug) - fprintf(stderr, "%s| %s: ERROR: Not enough memory\n", LogTime(), - PROGRAM); + debug("%s| %s: ERROR: Not enough memory\n", LogTime(), PROGRAM); fprintf(stdout, "BH Not enough memory\n"); goto cleanup; } @@ -497,21 +467,16 @@ main(int argc, char *const argv[]) *p = '\0'; } fprintf(stdout, "AF %s %s\n", token, user); - if (debug) - fprintf(stderr, "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, token, - user); + debug("%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, token, user); if (log) fprintf(stderr, "%s| %s: INFO: User %s authenticated\n", LogTime(), PROGRAM, user); goto cleanup; } else { - if (check_gss_err(major_status, minor_status, - "gss_accept_sec_context()", debug, log)) + if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log)) goto cleanup; if (major_status & GSS_S_CONTINUE_NEEDED) { - if (debug) - fprintf(stderr, "%s| %s: INFO: continuation needed\n", LogTime(), - PROGRAM); + debug("%s| %s: INFO: continuation needed\n", LogTime(), PROGRAM); fprintf(stdout, "NA %s\n", token); goto cleanup; } @@ -520,17 +485,14 @@ main(int argc, char *const argv[]) gss_display_name(&minor_status, client_name, &output_token, NULL); - if (check_gss_err(major_status, minor_status, "gss_display_name()", - debug, log)) + if (check_gss_err(major_status, minor_status, "gss_display_name()", log)) goto cleanup; /* * Return dummy token AA. May need an extra return tag then AF */ user = (char*)xmalloc(output_token.length + 1); if (user == NULL) { - if (debug) - fprintf(stderr, "%s| %s: ERROR: Not enough memory\n", LogTime(), - PROGRAM); + debug("%s| %s: ERROR: Not enough memory\n", LogTime(), PROGRAM); fprintf(stdout, "BH Not enough memory\n"); goto cleanup; } @@ -540,9 +502,7 @@ main(int argc, char *const argv[]) *p = '\0'; } fprintf(stdout, "AF %s %s\n", "AA==", user); - if (debug) - fprintf(stderr, "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, - "AA==", user); + debug("%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, "AA==", user); if (log) fprintf(stderr, "%s| %s: INFO: User %s authenticated\n", LogTime(), PROGRAM, user); diff --git a/helpers/url_rewrite/fake/fake.cc b/helpers/url_rewrite/fake/fake.cc index 5e0ae9164f..936d2fb959 100644 --- a/helpers/url_rewrite/fake/fake.cc +++ b/helpers/url_rewrite/fake/fake.cc @@ -13,6 +13,7 @@ */ #include "config.h" +#include "helpers/defines.h" #if HAVE_CSTRING #include @@ -21,15 +22,12 @@ #include #endif -#define BUFFER_SIZE 10240 - /** * options: * -d enable debugging. * -h interface help. */ char *my_program_name = NULL; -int print_debug_messages = 0; static void usage(void) @@ -50,7 +48,7 @@ process_options(int argc, char *argv[]) while (-1 != (opt = getopt(argc, argv, "hd"))) { switch (opt) { case 'd': - print_debug_messages = 1; + debug_enabled = 1; break; case 'h': usage(); @@ -71,7 +69,7 @@ process_options(int argc, char *argv[]) int main(int argc, char *argv[]) { - char buf[BUFFER_SIZE]; + char buf[HELPER_INPUT_BUFFER]; int buflen = 0; setbuf(stdout, NULL); @@ -83,7 +81,7 @@ main(int argc, char *argv[]) debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name); - while (fgets(buf, BUFFER_SIZE, stdin) != NULL) { + while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) { char *p; if ((p = strchr(buf, '\n')) != NULL) {