basic_getpwnam_auth.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/*
10 * basic_getpwnam_auth.c
11 *
12 * AUTHOR: Erik Hofman <erik.hofman@a1.nl>
13 * Robin Elfrink <robin@a1.nl>
14 *
15 * Example authentication program for Squid, based on the
16 * original proxy_auth code from client_side.c, written by
17 * Jon Thackray <jrmt@uk.gdscorp.com>.
18 *
19 * Uses getpwnam() routines for authentication.
20 * This has the following advantages over the NCSA module:
21 *
22 * - Allow authentication of all know local users
23 * - Allows authentication through nsswitch.conf
24 * + can handle NIS(+) requests
25 * + can handle LDAP request
26 * + can handle PAM request
27 *
28 * 2006-07: Giancarlo Razzolini <linux-fan@onda.com.br>
29 *
30 * Added functionality for doing shadow authentication too,
31 * using the getspnam() function on systems that support it.
32 *
33 */
34
35#include "squid.h"
37#include "rfc1738.h"
38
39#include <cstdlib>
40#include <cstring>
41#if HAVE_UNISTD_H
42#include <unistd.h>
43#endif
44#if HAVE_CRYPT_H
45#include <crypt.h>
46#endif
47#if HAVE_PWD_H
48#include <pwd.h>
49#endif
50#if HAVE_SHADOW_H
51#include <shadow.h>
52#endif
53
54static int
55passwd_auth(char *user, char *passwd)
56{
57 struct passwd *pwd;
58 pwd = getpwnam(user);
59 if (pwd == nullptr) {
60 return 0; /* User does not exist */
61 } else {
62 char *crypted = crypt(passwd, pwd->pw_passwd);
63 if (!crypted || strcmp(pwd->pw_passwd, crypted)) {
64 return 2; /* Wrong password */
65 } else {
66 return 1; /* Authentication Successful */
67 }
68 }
69}
70
71#if HAVE_SHADOW_H
72static int
73shadow_auth(char *user, char *passwd)
74{
75 struct spwd *pwd;
76 pwd = getspnam(user);
77 if (pwd == nullptr) {
78 return passwd_auth(user, passwd); /* Fall back to passwd_auth */
79 } else {
80 char *crypted = crypt(passwd, pwd->sp_pwdp);
81 if (!crypted || strcmp(pwd->sp_pwdp, crypted)) {
82 return 2; /* Wrong password */
83 } else {
84 return 1; /* Authentication Successful */
85 }
86 }
87}
88#endif
89
90int
91main(int, char **)
92{
93 int auth = 0;
94 char buf[HELPER_INPUT_BUFFER];
95 char *user, *passwd, *p;
96
97 setbuf(stdout, nullptr);
98 while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != nullptr) {
99
100 if ((p = strchr(buf, '\n')) != nullptr)
101 *p = '\0'; /* strip \n */
102
103 if ((user = strtok(buf, " ")) == nullptr) {
104 SEND_ERR("No Username");
105 continue;
106 }
107 if ((passwd = strtok(nullptr, "")) == nullptr) {
108 SEND_ERR("No Password");
109 continue;
110 }
111 rfc1738_unescape(user);
112 rfc1738_unescape(passwd);
113#if HAVE_SHADOW_H
114 auth = shadow_auth(user, passwd);
115#else
116 auth = passwd_auth(user, passwd);
117#endif
118 if (auth == 0) {
119 SEND_ERR("No such user");
120 } else {
121 if (auth == 2) {
122 SEND_ERR("Wrong password");
123 } else {
124 SEND_OK("");
125 }
126 }
127 }
128 return EXIT_SUCCESS;
129}
130
#define HELPER_INPUT_BUFFER
Definition: UserRequest.cc:24
int main(int, char **)
static int passwd_auth(char *user, char *passwd)
char * crypt(const char *wort, const char *salt)
Definition: encrypt.c:240
#define SEND_ERR(x)
#define SEND_OK(x)
void rfc1738_unescape(char *url)
Definition: rfc1738.c:146

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors