1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
/*
* mswin_auth - Version 2.0
*
* Returns OK for a successful authentication, or ERR upon error.
*
* Guido Serassio, Torino - Italy
*
* Uses code from -
* Antonino Iannella 2000
* Andrew Tridgell 1997
* Richard Sharpe 1996
* Bill Welliver 1999
*
* * Distributed freely under the terms of the GNU General Public License,
* * version 2. See the file COPYING for licensing details
* *
* * This program is distributed in the hope that it will be useful,
* * but WITHOUT ANY WARRANTY; without even the implied warranty of
* * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* * GNU General Public License for more details.
*
* * You should have received a copy of the GNU General Public License
* * along with this program; if not, write to the Free Software
* * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
*/
#include "config.h"
#include <stdio.h>
#include <getopt.h>
#include "util.h"
/* Check if we try to compile on a Windows Platform */
#ifdef _SQUID_WIN32_
#include "valid.h"
static char NTGroup[256];
char *NTAllowedGroup;
char *NTDisAllowedGroup;
int UseDisallowedGroup = 0;
int UseAllowedGroup = 0;
int debug_enabled = 0;
/*
* options:
* -A can specify a Windows Local Group name allowed to authenticate.
* -D can specify a Windows Local Group name not allowed to authenticate.
* -O can specify the default Domain against to authenticate.
*/
char *my_program_name = NULL;
void
usage()
{
fprintf(stderr,
"%s usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
"-A can specify a Windows Local Group name allowed to authenticate\n"
"-D can specify a Windows Local Group name not allowed to authenticate\n"
"-O can specify the default Domain against to authenticate\n"
"-d enable debugging.\n"
"-h this message\n\n",
my_program_name, my_program_name);
}
void
process_options(int argc, char *argv[])
{
int opt, had_error = 0;
while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
switch (opt) {
case 'A':
safe_free(NTAllowedGroup);
NTAllowedGroup = xstrdup(optarg);
UseAllowedGroup = 1;
break;
case 'D':
safe_free(NTDisAllowedGroup);
NTDisAllowedGroup = xstrdup(optarg);
UseDisallowedGroup = 1;
break;
case 'O':
strncpy(Default_NTDomain, optarg, DNLEN);
break;
case 'd':
debug_enabled = 1;
break;
case 'h':
usage(argv[0]);
exit(0);
case '?':
opt = optopt;
/* fall thru to default */
default:
fprintf(stderr, "Unknown option: -%c. Exiting\n", opt);
had_error = 1;
}
}
if (had_error) {
usage();
exit(1);
}
}
/* Main program for simple authentication.
* Scans and checks for Squid input, and attempts to validate the user.
*/
int
main(int argc, char **argv)
{
char wstr[256];
char username[256];
char password[256];
char *p;
int err = 0;
my_program_name = argv[0];
process_options(argc, argv);
debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) {
fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n");
exit(1);
}
debug("SSPI initialized OK\n");
atexit(UnloadSecurityDll);
/* initialize FDescs */
setbuf(stdout, NULL);
setbuf(stderr, NULL);
while (1) {
/* Read whole line from standard input. Terminate on break. */
if (fgets(wstr, 255, stdin) == NULL)
break;
if (NULL == strchr(wstr, '\n')) {
err = 1;
continue;
}
if (err) {
fprintf(stderr, "Oversized message\n");
puts("ERR");
goto error;
}
if ((p = strchr(wstr, '\n')) != NULL)
*p = '\0'; /* strip \n */
if ((p = strchr(wstr, '\r')) != NULL)
*p = '\0'; /* strip \r */
/* Clear any current settings */
username[0] = '\0';
password[0] = '\0';
sscanf(wstr, "%s %s", username, password); /* Extract parameters */
debug("Got %s from Squid\n", wstr);
/* Check for invalid or blank entries */
if ((username[0] == '\0') || (password[0] == '\0')) {
fprintf(stderr, "Invalid Request\n");
puts("ERR");
fflush(stdout);
continue;
}
rfc1738_unescape(username);
rfc1738_unescape(password);
debug("Trying to validate; %s %s\n", username, password);
if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
puts("OK");
else
printf("ERR %s\n", errormsg);
error:
err = 0;
fflush(stdout);
}
return 0;
}
#else /* NON Windows Platform !!! */
#error NON WINDOWS PLATFORM
#endif
|
