Fixed a DoS condition.
<P>
The denied user file is set using the 'denyusers' directive
-in msntauth.h. The denied user file
+in msntauth.conf. The denied user file
contains a list of usernames in no particular structure or form.
If the file does not exist, no users are denied.
The file must be readable by the web proxy user.
<P>
The allowed user file is set using the 'allowusers' directive
-in msntauth.h.
+in msntauth.conf.
If the file does not exist or if empty, all users are allowed.
<P>
memset(&AllowUsers, '\0', sizeof(AllowUsers));
init = 1;
}
- return Read_usersfile(Allowuserpath, &AllowUsers);
+ if (*Allowuserpath)
+ return Read_usersfile(Allowuserpath, &AllowUsers);
+ else
+ return 0;
}
int
#define SYSCONFDIR "/usr/local/squid/etc"
#endif
#define CONFIGFILE SYSCONFDIR "/msntauth.conf"
-#define DENYUSERSDEFAULT SYSCONFDIR "/denyusers"
-#define ALLOWUSERSDEFAULT SYSCONFDIR "/allowusers"
/* Maximum number of servers to query. This number can be increased. */
#define MAXSERVERS 5
memset(ServerArray, '\0', sizeof(ServerArray));
memset(Denyuserpath, '\0', MAXPATHLEN);
memset(Allowuserpath, '\0', MAXPATHLEN);
- strncpy(Denyuserpath, DENYUSERSDEFAULT, MAXPATHLEN - 1);
- strncpy(Allowuserpath, ALLOWUSERSDEFAULT, MAXPATHLEN - 1);
/* Open file */
if ((ConfigFile = fopen(CONFIGFILE, "r")) == NULL) {
memset(&DenyUsers, '\0', sizeof(DenyUsers));
init = 1;
}
- return Read_usersfile(Denyuserpath, &DenyUsers);
+ if (*Denyuserpath)
+ return Read_usersfile(Denyuserpath, &DenyUsers);
+ else
+ return 0;
}
static void
char username[256];
char password[256];
char wstr[256];
+ int err = 0;
openlog("msnt_auth", LOG_PID, LOG_USER);
setbuf(stdout, NULL);
if (fgets(wstr, 255, stdin) == NULL)
break;
/* ignore this line if we didn't get the end-of-line marker */
- if (NULL == strchr(wstr, '\n'))
- break;
+ if (NULL == strchr(wstr, '\n')) {
+ err = 1;
+ continue;
+ }
+ if (err)
+ goto error;
/*
* extract username and password.
puts("ERR");
else if (QueryServers(username, password) == 0)
puts("OK");
- else
+ else {
+error:
puts("ERR");
+ }
+ err = 0;
}
return 0;
projects / thirdparty / squid.git / commitdiff
