From: hno <> Date: Fri, 12 Sep 2003 16:13:22 +0000 (+0000) Subject: From 2.5: winbind update to X-Git-Tag: SQUID_3_0_PRE4~1212 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fe54cd2b105e66a4979be3553e20ec4c26e152f4;p=thirdparty%2Fsquid.git From 2.5: winbind update to * Don't complain with errors in cache.log on normal restarts * Give winbind a little time to start if not running already --- diff --git a/helpers/basic_auth/winbind/wb_basic_auth.c b/helpers/basic_auth/winbind/wb_basic_auth.c index 326a31c049..5ba849d8a0 100644 --- a/helpers/basic_auth/winbind/wb_basic_auth.c +++ b/helpers/basic_auth/winbind/wb_basic_auth.c @@ -31,7 +31,6 @@ char debug_enabled=0; char *myname; pid_t mypid; -int err = 0; NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, @@ -99,31 +98,24 @@ process_options(int argc, char *argv[]) return; } -void manage_request(void) +int manage_request(void) { char buf[BUFFER_SIZE+1]; int length; char *c, *user, *pass; - if (fgets(buf, BUFFER_SIZE, stdin) == NULL) { - warn("fgets() failed! dying..... errno=%d (%s)\n", errno, - strerror(errno)); - exit(1); /* BIIG buffer */ - } - + if (fgets(buf, BUFFER_SIZE, stdin) == NULL) + return 0; + c=memchr(buf,'\n',BUFFER_SIZE); if (c) { *c = '\0'; length = c-buf; } else { - err = 1; - return; - } - if (err) { warn("Oversized message\n"); + fgets(buf, BUFFER_SIZE, stdin); SEND("ERR"); - err = 0; - return; + return 1; } debug("Got '%s' from squid (length: %d).\n",buf,length); @@ -131,7 +123,7 @@ void manage_request(void) if (buf[0] == '\0') { warn("Invalid Request\n"); SEND("ERR"); - return; + return 1; } user=buf; @@ -140,7 +132,7 @@ void manage_request(void) if (!pass) { warn("Password not found. Denying access\n"); SEND("ERR"); - return; + return 1; } *pass='\0'; pass++; @@ -149,6 +141,29 @@ void manage_request(void) rfc1738_unescape(pass); do_authenticate(user,pass); + return 1; +} + +void +check_winbindd() +{ + NSS_STATUS r; + int retry=10; + struct winbindd_request request; + struct winbindd_response response; + do { + r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); + if (r != NSS_STATUS_SUCCESS) + retry--; + } while (r != NSS_STATUS_SUCCESS && retry); + if (r != NSS_STATUS_SUCCESS) { + warn("Can't contact winbindd. Dying\n"); + exit(1); + } + if (response.data.interface_version != WINBIND_INTERFACE_VERSION) { + warn("Winbind protocol mismatch. Align squid and samba. Dying\n"); + exit(1); + } } @@ -170,8 +185,10 @@ int main (int argc, char ** argv) setbuf(stdout, NULL); setbuf(stderr, NULL); - while(1) { - manage_request(); + check_winbindd(); + + while(manage_request()) { + /* everything is done within manage_request */ } return 0; } diff --git a/helpers/external_acl/winbind_group/wb_check_group.c b/helpers/external_acl/winbind_group/wb_check_group.c index 266423350d..3ff1ca51b0 100755 --- a/helpers/external_acl/winbind_group/wb_check_group.c +++ b/helpers/external_acl/winbind_group/wb_check_group.c @@ -292,6 +292,28 @@ process_options(int argc, char *argv[]) return; } +void +check_winbindd() +{ + NSS_STATUS r; + int retry=10; + struct winbindd_request request; + struct winbindd_response response; + do { + r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); + if (r != NSS_STATUS_SUCCESS) + retry--; + } while (r != NSS_STATUS_SUCCESS && retry); + if (r != NSS_STATUS_SUCCESS) { + warn("Can't contact winbindd. Dying\n"); + exit(1); + } + if (response.data.interface_version != WINBIND_INTERFACE_VERSION) { + warn("Winbind protocol mismatch. Align squid and samba. Dying\n"); + exit(1); + } +} + int main (int argc, char *argv[]) { @@ -323,6 +345,8 @@ main (int argc, char *argv[]) if (use_case_insensitive_compare) debug("Warning: running in case insensitive mode !!!\n"); + check_winbindd(); + /* Main Loop */ while (fgets (buf, BUFSIZE, stdin)) { diff --git a/helpers/ntlm_auth/winbind/wb_ntlm_auth.c b/helpers/ntlm_auth/winbind/wb_ntlm_auth.c index d0df732054..5c47b65eb5 100644 --- a/helpers/ntlm_auth/winbind/wb_ntlm_auth.c +++ b/helpers/ntlm_auth/winbind/wb_ntlm_auth.c @@ -261,7 +261,7 @@ do_authenticate(ntlm_authenticate * auth, int auth_length) return; /* useless */ } -void +int manage_request(char *target_domain) { char buf[BUFFER_SIZE + 1]; @@ -271,18 +271,15 @@ manage_request(char *target_domain) try_again: - if (fgets(buf, BUFFER_SIZE, stdin) == NULL) { - warn("fgets() failed! dying..... errno=%d (%s)\n", errno, - strerror(errno)); - exit(1); /* BIIG buffer */ - } + if (fgets(buf, BUFFER_SIZE, stdin) == NULL) + return 0; c = memchr(buf, '\n', BUFFER_SIZE); if (c) { if (oversized) { helperfail("illegal request received"); warn("Illegal request received: '%s'\n", buf); - return; + return 1; } *c = '\0'; } @@ -296,44 +293,44 @@ try_again: if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ sendchallenge(ntlm_make_challenge(target_domain, NULL, build_challenge(), CHALLENGE_LEN)); - return; + return 1; } if (strncmp(buf, "KK ", 3) != 0) { /* not an auth-request */ helperfail("illegal request received"); warn("Illegal request received: '%s'\n", buf); - return; + return 1; } /* At this point I'm sure it's a KK */ decoded = base64_decode(buf + 3); if (!decoded) { /* decoding failure, return error */ authfail("-", "-", "Auth-format error, base64-decoding error"); - return; + return 1; } fast_header = (struct _ntlmhdr *) decoded; /* sanity-check: it IS a NTLMSSP packet, isn't it? */ if (memcmp(fast_header->signature, "NTLMSSP", 8) != 0) { authfail("-", "-", "Broken NTLM packet, missing NTLMSSP signature"); - return; + return 1; } /* Understand what we got */ switch le32toh(fast_header->type) { case NTLM_NEGOTIATE: authfail("-", "-", "Received neg-request while expecting auth packet"); - return; + return 1; case NTLM_CHALLENGE: authfail("-", "-", "Received challenge. Refusing to abide"); - return; + return 1; case NTLM_AUTHENTICATE: do_authenticate((ntlm_authenticate *) decoded, (strlen(buf) - 3) * 3 / 4); - return; + return 1; default: helperfail("Unknown authentication packet type"); - return; + return 1; } /* notreached */ - return; + return 1; } static char * @@ -410,9 +407,14 @@ void check_winbindd() { NSS_STATUS r; + int retry=10; struct winbindd_request request; struct winbindd_response response; - r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); + do { + r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); + if (r != NSS_STATUS_SUCCESS) + retry--; + } while (r != NSS_STATUS_SUCCESS && retry); if (r != NSS_STATUS_SUCCESS) { warn("Can't contact winbindd. Dying\n"); exit(1); @@ -451,8 +453,8 @@ main(int argc, char **argv) setbuf(stdout, NULL); setbuf(stderr, NULL); init_random(); - while (1) { - manage_request(target_domain); + while (manage_request(target_domain)) { + /* everything is done within manage_request */ } return 0; }