basic_sspi_auth.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /*
10  NT_auth - Version 2.0
11 
12  Returns OK for a successful authentication, or ERR upon error.
13 
14  Guido Serassio, Torino - Italy
15 
16  Uses code from -
17  Antonino Iannella 2000
18  Andrew Tridgell 1997
19  Richard Sharpe 1996
20  Bill Welliver 1999
21 
22  * Distributed freely under the terms of the GNU General Public License,
23  * version 2 or later. See the file COPYING for licensing details
24  *
25  * This program is distributed in the hope that it will be useful,
26  * but WITHOUT ANY WARRANTY; without even the implied warranty of
27  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28  * GNU General Public License for more details.
29 
30  * You should have received a copy of the GNU General Public License
31  * along with this program; if not, write to the Free Software
32  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
33 */
34 
35 #include "squid.h"
36 #include "auth/basic/SSPI/valid.h"
38 #include "rfc1738.h"
39 #include "util.h"
40 
41 #if GETOPT_H
42 #include <getopt.h>
43 #endif
44 
45 /* Check if we try to compile on a Windows Platform */
46 #if !_SQUID_WINDOWS_
47 /* NON Windows Platform !!! */
48 #error NON WINDOWS PLATFORM
49 #endif
50 
51 static char NTGroup[256];
56 int debug_enabled = 0;
57 
58 /*
59  * options:
60  * -A can specify a Windows Local Group name allowed to authenticate.
61  * -D can specify a Windows Local Group name not allowed to authenticate.
62  * -O can specify the default Domain against to authenticate.
63  */
64 static void
65 usage(const char *name)
66 {
67  fprintf(stderr, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
68  "-A can specify a Windows Local Group name allowed to authenticate\n"
69  "-D can specify a Windows Local Group name not allowed to authenticate\n"
70  "-O can specify the default Domain against to authenticate\n"
71  "-d enable debugging.\n"
72  "-h this message\n\n",
73  name);
74 }
75 
76 void
77 process_options(int argc, char *argv[])
78 {
79  int opt;
80  while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
81  switch (opt) {
82  case 'A':
85  UseAllowedGroup = 1;
86  break;
87  case 'D':
91  break;
92  case 'O':
93  strncpy(Default_NTDomain, optarg, DNLEN);
94  break;
95  case 'd':
96  debug_enabled = 1;
97  break;
98  case 'h':
99  usage(argv[0]);
100  exit(EXIT_SUCCESS);
101  case '?':
102  opt = optopt;
103  /* fall thru to default */
104  default:
105  fprintf(stderr, "FATAL: Unknown option: -%c\n", opt);
106  usage(argv[0]);
107  exit(EXIT_FAILURE);
108  }
109  }
110 }
111 
112 /* Main program for simple authentication.
113  Scans and checks for Squid input, and attempts to validate the user.
114 */
115 int
116 main(int argc, char **argv)
117 {
118  char wstr[HELPER_INPUT_BUFFER];
119  char username[256];
120  char password[256];
121  char *p;
122  int err = 0;
123 
124  process_options(argc, argv);
125 
126  if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) {
127  fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n");
128  exit(EXIT_FAILURE);
129  }
130  debug("SSPI initialized OK\n");
131 
132  atexit(UnloadSecurityDll);
133 
134  /* initialize FDescs */
135  setbuf(stdout, NULL);
136  setbuf(stderr, NULL);
137 
138  while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) {
139 
140  if (NULL == strchr(wstr, '\n')) {
141  err = 1;
142  continue;
143  }
144  if (err) {
145  SEND_ERR("Oversized message");
146  err = 0;
147  fflush(stdout);
148  continue;
149  }
150 
151  if ((p = strchr(wstr, '\n')) != NULL)
152  *p = '\0'; /* strip \n */
153  if ((p = strchr(wstr, '\r')) != NULL)
154  *p = '\0'; /* strip \r */
155  /* Clear any current settings */
156  username[0] = '\0';
157  password[0] = '\0';
158  sscanf(wstr, "%s %s", username, password); /* Extract parameters */
159 
160  debug("Got %s from Squid\n", wstr);
161 
162  /* Check for invalid or blank entries */
163  if ((username[0] == '\0') || (password[0] == '\0')) {
164  SEND_ERR("Invalid Request");
165  fflush(stdout);
166  continue;
167  }
168  rfc1738_unescape(username);
169  rfc1738_unescape(password);
170 
171  debug("Trying to validate; %s %s\n", username, password);
172 
173  if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
174  SEND_OK("");
175  else
177  err = 0;
178  fflush(stdout);
179  }
180  return EXIT_SUCCESS;
181 }
182 
char * NTAllowedGroup
HMODULE LoadSecurityDll(int mode, const char *SSP_Package)
Definition: sspwin32.cc:84
#define xstrdup
#define safe_free(x)
Definition: xalloc.h:73
static char NTGroup[256]
char * p
Definition: membanger.c:43
#define NTV_NO_ERROR
Definition: valid.h:13
#define SEND_OK(x)
#define HELPER_INPUT_BUFFER
Definition: UserRequest.cc:26
const char * errormsg
Definition: valid.cc:52
int getopt(int nargc, char *const *nargv, const char *ostr)
Definition: getopt.c:62
static int debug
Definition: tcp-banger3.c:105
static void usage(const char *name)
void process_options(int argc, char *argv[])
char Default_NTDomain[DNLEN+1]
Definition: valid.cc:51
int UseDisallowedGroup
int debug_enabled
int main(int argc, char **argv)
void rfc1738_unescape(char *url)
Definition: rfc1738.c:146
int optopt
Definition: getopt.c:48
#define SEND_ERR(x)
char * NTDisAllowedGroup
int UseAllowedGroup
char * optarg
Definition: getopt.c:51
#define NULL
Definition: types.h:166
int Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *, const char *DOMAIN)
Definition: valid.cc:25
void UnloadSecurityDll(void)
Definition: sspwin32.cc:57

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors