helpers/ntlm_auth/SSPI/Makefile \
helpers/negotiate_auth/Makefile \
helpers/negotiate_auth/kerberos/Makefile \
- helpers/negotiate_auth/mswin_sspi/Makefile \
+ helpers/negotiate_auth/SSPI/Makefile \
helpers/external_acl/Makefile \
helpers/external_acl/ip_user/Makefile \
helpers/external_acl/ldap_group/Makefile \
<sect2>Negotiate Authentication protocol helpers
<p><itemize>
+ <item>mswin_sspi - negotiate_sspi_auth - Authenticate with a Windows Domain Controller using SSPI.
<item>squid_kerb_auth - negotiate_kerberos_auth - Authenticate with Kerberos servers.
</itemize>
-DIST_SUBDIRS = mswin_sspi kerberos
+DIST_SUBDIRS = kerberos SSPI
SUBDIRS = $(NEGOTIATE_AUTH_HELPERS)
--- /dev/null
+include $(top_srcdir)/src/Common.am
+
+libexec_PROGRAMS = negotiate_sspi_auth
+
+negotiate_sspi_auth_SOURCES = negotiate_sspi_auth.cc
+
+LDADD = \
+ -L$(top_builddir)/lib -lsspwin32 \
+ $(COMPAT_LIB) \
+ -ladvapi32 \
+ $(XTRA_LIBS)
+
+EXTRA_DIST = readme.txt config.test
-
/*
- * mswin_negotiate_auth: helper for Negotiate Authentication for Squid Cache
+ * negotiate_sspi_auth: helper for Negotiate Authentication for Squid Cache
*
* (C)2005 Guido Serassio - Acme Consulting S.r.l.
*
*
*
*/
-
+#include "config.h"
+#include "helpers/defines.h"
+#include "libntlmauth/support_bits.cci"
+#include "sspwin32.h"
#include "util.h"
+
+#include <windows.h>
+#include <sspi.h>
+#include <security.h>
#if HAVE_GETOPT_H
#include <getopt.h>
#endif
-#include "negotiate.h"
#if HAVE_CTYPE_H
#include <ctype.h>
#endif
-#define BUFFER_SIZE 10240
-
-int debug_enabled = 0;
int Negotiate_packet_debug_enabled = 0;
-
static int have_serverblob;
-/* makes a null-terminated string upper-case. Changes CONTENTS! */
-void
-uc(char *string)
-{
- char *p = string, c;
- while ((c = *p)) {
- *p = xtoupper(c);
- p++;
- }
-}
-
-/* makes a null-terminated string lower-case. Changes CONTENTS! */
-static void
-lc(char *string)
-{
- char *p = string, c;
- while ((c = *p)) {
- *p = xtolower(c);
- p++;
- }
-}
-
-void
-helperfail(const char *reason)
-{
-#if FAIL_DEBUG
- fail_debug_enabled = 1;
+/* A couple of harmless helper macros */
+#define SEND(X) debug("sending '%s' to squid\n",X); printf(X "\n");
+#ifdef __GNUC__
+#define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
+#define SEND3(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
+#else
+/* no gcc, no debugging. varargs macros are a gcc extension */
+#define SEND2(X,Y) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
+#define SEND3(X,Y,Z) debug("sending '" X "' to squid\n",Y,Z); printf(X "\n",Y,Z);
#endif
- SEND2("BH %s", reason);
-}
+
+char *negotiate_check_auth(SSP_blobP auth, int auth_length);
/*
* options:
my_program_name);
}
-
void
process_options(int argc, char *argv[])
{
opt = optopt;
/* fall thru to default */
default:
- fprintf(stderr, "unknown option: -%c. Exiting\n", opt);
+ fprintf(stderr, "ERROR: unknown option: -%c. Exiting\n", opt);
usage();
had_error = 1;
}
int
manage_request()
{
- char buf[BUFFER_SIZE];
+ char buf[HELPER_INPUT_BUFFER];
char helper_command[3];
char *c, *decoded;
int plen, status;
BOOL Done = FALSE;
try_again:
- if (fgets(buf, BUFFER_SIZE, stdin) == NULL)
+ if (fgets(buf, HELPER_INPUT_BUFFER, stdin))
return 0;
- c = memchr(buf, '\n', BUFFER_SIZE); /* safer against overrun than strchr */
+ c = memchr(buf, '\n', HELPER_INPUT_BUFFER); /* safer against overrun than strchr */
if (c) {
if (oversized) {
- helperfail("illegal request received");
- fprintf(stderr, "Illegal request received: '%s'\n", buf);
+ SEND("BH illegal request received");
+ fprintf(stderr, "ERROR: Illegal request received: '%s'\n", buf);
return 1;
}
*c = '\0';
have_serverblob = 1;
}
} else
- helperfail("can't obtain server blob");
+ SEND("BH can't obtain server blob");
return 1;
}
if (memcmp(buf, "KK ", 3) == 0) { /* authenticate-request */
if (!have_serverblob) {
- helperfail("invalid server blob");
+ SEND("BH invalid server blob");
return 1;
}
/* figure out what we got */
c = (char *) SSP_ValidateNegotiateCredentials(decoded, plen, &Done, &status, cred);
if (status == SSP_ERROR) {
-#if FAIL_DEBUG
- fail_debug_enabled = 1;
-#endif
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
}
} else { /* not an auth-request */
- helperfail("illegal request received");
+ SEND("BH illegal request received");
fprintf(stderr, "Illegal request received: '%s'\n", buf);
return 1;
}
- helperfail("detected protocol error");
+ SEND("BH detected protocol error");
return 1;
/********* END ********/
}
debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
if (LoadSecurityDll(SSP_NTLM, NEGOTIATE_PACKAGE_NAME) == NULL) {
- fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n");
+ fprintf(stderr, "FATAL: %s: can't initialize SSPI, exiting.\n", argv[0]);
exit(1);
}
debug("SSPI initialized OK\n");
+++ /dev/null
-#
-# Makefile for the Squid Object Cache server
-#
-# $Id$
-#
-
-include $(top_srcdir)/src/Common.am
-
-## we need our local files too (but avoid -I. at all costs)
-INCLUDES += -I$(srcdir)
-
-
-libexec_PROGRAMS = mswin_negotiate_auth
-
-mswin_negotiate_auth_SOURCES = libnegotiatessp.c negotiate_auth.c negotiate.h
-
-LDADD = \
- -L$(top_builddir)/lib -lsspwin32 \
- $(COMPAT_LIB) \
- -ladvapi32 \
- $(XTRA_LIBS)
-
-EXTRA_DIST = readme.txt config.test
+++ /dev/null
-/*
- * (C) 2005 Guido Serassio <guido.serassio@acmeconsulting.it>
- * Based on previous work of Francesco Chemolli and Robert Collins
- * Distributed freely under the terms of the GNU General Public License,
- * version 2. See the file COPYING for licensing details
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
- */
-
-typedef unsigned char uchar;
-
-#include "util.h"
-#include "negotiate.h"
-#if HAVE_CTYPE_H
-#include <ctype.h>
-#endif
-
-void
-hex_dump(void *data, int size)
-{
- /* dumps size bytes of *data to stdout. Looks like:
- * [0000] 75 6E 6B 6E 6F 77 6E 20
- * 30 FF 00 00 00 00 39 00 unknown 0.....9.
- * (in a single line of course)
- */
-
- if (!data)
- return;
-
- if (debug_enabled) {
- unsigned char *p = data;
- unsigned char c;
- int n;
- char bytestr[4] = {0};
- char addrstr[10] = {0};
- char hexstr[16 * 3 + 5] = {0};
- char charstr[16 * 1 + 5] = {0};
- for (n = 1; n <= size; n++) {
- if (n % 16 == 1) {
- /* store address for this line */
- snprintf(addrstr, sizeof(addrstr), "%.4x",
- ((unsigned int) p - (unsigned int) data));
- }
- c = *p;
- if (xisalnum(c) == 0) {
- c = '.';
- }
- /* store hex str (for left side) */
- snprintf(bytestr, sizeof(bytestr), "%02X ", *p);
- strncat(hexstr, bytestr, sizeof(hexstr) - strlen(hexstr) - 1);
-
- /* store char str (for right side) */
- snprintf(bytestr, sizeof(bytestr), "%c", c);
- strncat(charstr, bytestr, sizeof(charstr) - strlen(charstr) - 1);
-
- if (n % 16 == 0) {
- /* line completed */
- fprintf(stderr, "[%4.4s] %-50.50s %s\n", addrstr, hexstr, charstr);
- hexstr[0] = 0;
- charstr[0] = 0;
- } else if (n % 8 == 0) {
- /* half line: add whitespaces */
- strncat(hexstr, " ", sizeof(hexstr) - strlen(hexstr) - 1);
- strncat(charstr, " ", sizeof(charstr) - strlen(charstr) - 1);
- }
- p++; /* next byte */
- }
-
- if (strlen(hexstr) > 0) {
- /* print rest of buffer if not empty */
- fprintf(stderr, "[%4.4s] %-50.50s %s\n", addrstr, hexstr, charstr);
- }
- }
-}
+++ /dev/null
-/*
- * (C) 2005 Guido Serassio <guido.serassio@acmeconsulting.it>
- * Based on previous work of Francesco Chemolli, Robert Collins and Andrew Doran
- *
- * Distributed freely under the terms of the GNU General Public License,
- * version 2. See the file COPYING for licensing details
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
- */
-
-#ifndef _NEGOTIATE_H_
-#define _NEGOTIATE_H_
-
-#include "sspwin32.h"
-#include <windows.h>
-#include <sspi.h>
-#include <security.h>
-#undef debug
-
-/************* CONFIGURATION ***************/
-/*
- * define this if you want debugging
- */
-#ifndef DEBUG
-#define DEBUG
-#endif
-
-#define FAIL_DEBUG 0
-
-/************* END CONFIGURATION ***************/
-
-#include <sys/types.h>
-
-extern int debug_enabled;
-#if FAIL_DEBUG
-extern int fail_debug_enabled;
-#endif
-
-/* Debugging stuff */
-
-#ifdef __GNUC__ /* this is really a gcc-ism */
-#ifdef DEBUG
-#include <stdio.h>
-#include <unistd.h>
-static char *__foo;
-#define debug(X...) if (debug_enabled) { \
- fprintf(stderr,"ntlm-auth[%d](%s:%d): ", getpid(), \
- ((__foo=strrchr(__FILE__,'/'))==NULL?__FILE__:__foo+1),\
- __LINE__);\
- fprintf(stderr,X); }
-#else /* DEBUG */
-#define debug(X...) /* */
-#endif /* DEBUG */
-#else /* __GNUC__ */
-static void
-debug(char *format,...)
-{
-#ifdef DEBUG
-#ifdef _SQUID_MSWIN_
-#if FAIL_DEBUG
- if (debug_enabled || fail_debug_enabled) {
-#else
-if (debug_enabled) {
-#endif
- va_list args;
-
- va_start(args,format);
- fprintf(stderr, "negotiate-auth[%d]: ",getpid());
- vfprintf(stderr, format, args);
- va_end(args);
-#if FAIL_DEBUG
- fail_debug_enabled = 0;
-#endif
- }
-#endif /* _SQUID_MSWIN_ */
-#endif /* DEBUG */
-}
-#endif /* __GNUC__ */
-
-
-/* A couple of harmless helper macros */
-#define SEND(X) debug("sending '%s' to squid\n",X); printf(X "\n");
-#ifdef __GNUC__
-#define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
-#define SEND3(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
-#else
-/* no gcc, no debugging. varargs macros are a gcc extension */
-#define SEND2(X,Y) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y);
-#define SEND3(X,Y,Z) debug("sending '" X "' to squid\n",Y,Z); printf(X "\n",Y,Z);
-#endif
-
-extern void uc(char *);
-
-extern char *negotiate_check_auth(SSP_blobP auth, int auth_length);
-extern void hex_dump(void *, int);
-
-#define safe_free(x) if (x) { free(x); x = NULL; }
-
-#endif /* _NEGOTIATE_H_ */
for f in `ls -1 ${tmpdir}/doc/manuals/*.1 ${tmpdir}/doc/manuals/*.8 2>/dev/null` ; do
cat ${f} | groff -E -Thtml -mandoc >${f}.html
done
- sh -c "cd ${tmpdir}/doc/manuals && tar -zcf $PWD/${PACKAGE}-${VERSION}-${date}-manuals.tar.gz *.html *.1 *.8"
+ sh -c "cd ${tmpdir}/doc/manuals && tar -zcf ${PWD}/${PACKAGE}-${VERSION}-${date}-manuals.tar.gz *.html *.1 *.8"
echo ${PACKAGE}-${VERSION}-${date}-manuals.tar.gz >>${tag}.out
fi
projects / thirdparty / squid.git / commitdiff
