basic_sspi_auth.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/*
10 NT_auth - Version 2.0
11
12 Returns OK for a successful authentication, or ERR upon error.
13
14 Guido Serassio, Torino - Italy
15
16 Uses code from -
17 Antonino Iannella 2000
18 Andrew Tridgell 1997
19 Richard Sharpe 1996
20 Bill Welliver 1999
21
22 * Distributed freely under the terms of the GNU General Public License,
23 * version 2 or later. See the file COPYING for licensing details
24 *
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
29
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
33*/
34
35#include "squid.h"
38#include "rfc1738.h"
39#include "util.h"
40
41#if GETOPT_H
42#include <getopt.h>
43#endif
44
45static char NTGroup[256];
51
52/*
53 * options:
54 * -A can specify a Windows Local Group name allowed to authenticate.
55 * -D can specify a Windows Local Group name not allowed to authenticate.
56 * -O can specify the default Domain against to authenticate.
57 */
58static void
59usage(const char *name)
60{
61 fprintf(stderr, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
62 "-A can specify a Windows Local Group name allowed to authenticate\n"
63 "-D can specify a Windows Local Group name not allowed to authenticate\n"
64 "-O can specify the default Domain against to authenticate\n"
65 "-d enable debugging.\n"
66 "-h this message\n\n",
67 name);
68}
69
70static void
71process_options(int argc, char *argv[])
72{
73 int opt;
74 while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
75 switch (opt) {
76 case 'A':
80 break;
81 case 'D':
85 break;
86 case 'O':
87 strncpy(Default_NTDomain, optarg, DNLEN);
88 break;
89 case 'd':
90 debug_enabled = 1;
91 break;
92 case 'h':
93 usage(argv[0]);
94 exit(EXIT_SUCCESS);
95 case '?':
96 opt = optopt;
97 [[fallthrough]];
98 default:
99 fprintf(stderr, "FATAL: Unknown option: -%c\n", opt);
100 usage(argv[0]);
101 exit(EXIT_FAILURE);
102 }
103 }
104}
105
106/* Main program for simple authentication.
107 Scans and checks for Squid input, and attempts to validate the user.
108*/
109int
110main(int argc, char **argv)
111{
112 char wstr[HELPER_INPUT_BUFFER];
113 char username[256];
114 char password[256];
115 char *p;
116 int err = 0;
117
118 process_options(argc, argv);
119
121 fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n");
122 exit(EXIT_FAILURE);
123 }
124 debug("SSPI initialized OK\n");
125
126 atexit(UnloadSecurityDll);
127
128 /* initialize FDescs */
129 setbuf(stdout, nullptr);
130 setbuf(stderr, nullptr);
131
132 while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) {
133
134 if (NULL == strchr(wstr, '\n')) {
135 err = 1;
136 continue;
137 }
138 if (err) {
139 SEND_ERR("Oversized message");
140 err = 0;
141 fflush(stdout);
142 continue;
143 }
144
145 if ((p = strchr(wstr, '\n')) != NULL)
146 *p = '\0'; /* strip \n */
147 if ((p = strchr(wstr, '\r')) != NULL)
148 *p = '\0'; /* strip \r */
149 /* Clear any current settings */
150 username[0] = '\0';
151 password[0] = '\0';
152 sscanf(wstr, "%s %s", username, password); /* Extract parameters */
153
154 debug("Got %s from Squid\n", wstr);
155
156 /* Check for invalid or blank entries */
157 if ((username[0] == '\0') || (password[0] == '\0')) {
158 SEND_ERR("Invalid Request");
159 fflush(stdout);
160 continue;
161 }
162 rfc1738_unescape(username);
163 rfc1738_unescape(password);
164
165 debug("Trying to validate; %s %s\n", username, password);
166
167 if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
168 SEND_OK("");
169 else
171 err = 0;
172 fflush(stdout);
173 }
174 return EXIT_SUCCESS;
175}
176
int Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *, const char *DOMAIN)
Definition: valid.cc:25
#define NTV_NO_ERROR
Definition: valid.h:13
const char * errormsg
Definition: valid.cc:44
char Default_NTDomain[DNLEN+1]
Definition: valid.cc:43
#define HELPER_INPUT_BUFFER
Definition: UserRequest.cc:24
int debug_enabled
int main(int argc, char **argv)
char * NTAllowedGroup
static char NTGroup[256]
static void process_options(int argc, char *argv[])
int UseAllowedGroup
static void usage(const char *name)
char * NTDisAllowedGroup
int UseDisallowedGroup
void debug(const char *format,...)
Definition: debug.cc:19
int optopt
Definition: getopt.c:49
int getopt(int nargc, char *const *nargv, const char *ostr)
Definition: getopt.c:62
char * optarg
Definition: getopt.c:51
#define xstrdup
#define SEND_ERR(x)
#define SEND_OK(x)
void rfc1738_unescape(char *url)
Definition: rfc1738.c:146
void UnloadSecurityDll(void)
Definition: sspwin32.cc:77
HMODULE LoadSecurityDll(int mode, const char *SSP_Package)
Definition: sspwin32.cc:104
#define NTLM_PACKAGE_NAME
Definition: sspwin32.h:18
#define SSP_BASIC
Definition: sspwin32.h:42
#define NULL
Definition: types.h:145
#define safe_free(x)
Definition: xalloc.h:73

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors