source: squid-ssl/trunk/fuentes/helpers/basic_auth/SSPI/basic_sspi_auth.cc @ 5495

Last change on this file since 5495 was 5495, checked in by Juanma, 2 years ago

Initial release

File size: 4.9 KB
Line 
1/*
2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/*
10  NT_auth -  Version 2.0
11
12  Returns OK for a successful authentication, or ERR upon error.
13
14  Guido Serassio, Torino - Italy
15
16  Uses code from -
17    Antonino Iannella 2000
18    Andrew Tridgell 1997
19    Richard Sharpe 1996
20    Bill Welliver 1999
21
22 * Distributed freely under the terms of the GNU General Public License,
23 * version 2 or later. See the file COPYING for licensing details
24 *
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
28 * GNU General Public License for more details.
29
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
33*/
34
35#include "squid.h"
36#include "helpers/defines.h"
37#include "rfc1738.h"
38#include "util.h"
39#include "valid.h"
40
41#if GETOPT_H
42#include <getopt.h>
43#endif
44
45/* Check if we try to compile on a Windows Platform */
46#if !_SQUID_WINDOWS_
47/* NON Windows Platform !!! */
48#error NON WINDOWS PLATFORM
49#endif
50
51static char NTGroup[256];
52char * NTAllowedGroup;
53char * NTDisAllowedGroup;
54int UseDisallowedGroup = 0;
55int UseAllowedGroup = 0;
56int debug_enabled = 0;
57
58/*
59 * options:
60 * -A can specify a Windows Local Group name allowed to authenticate.
61 * -D can specify a Windows Local Group name not allowed to authenticate.
62 * -O can specify the default Domain against to authenticate.
63 */
64static void
65usage(const char *name)
66{
67    fprintf(stderr, "Usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
68            "-A can specify a Windows Local Group name allowed to authenticate\n"
69            "-D can specify a Windows Local Group name not allowed to authenticate\n"
70            "-O can specify the default Domain against to authenticate\n"
71            "-d enable debugging.\n"
72            "-h this message\n\n",
73            name);
74}
75
76void
77process_options(int argc, char *argv[])
78{
79    int opt;
80    while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
81        switch (opt) {
82        case 'A':
83            safe_free(NTAllowedGroup);
84            NTAllowedGroup=xstrdup(optarg);
85            UseAllowedGroup = 1;
86            break;
87        case 'D':
88            safe_free(NTDisAllowedGroup);
89            NTDisAllowedGroup=xstrdup(optarg);
90            UseDisallowedGroup = 1;
91            break;
92        case 'O':
93            strncpy(Default_NTDomain, optarg, DNLEN);
94            break;
95        case 'd':
96            debug_enabled = 1;
97            break;
98        case 'h':
99            usage(argv[0]);
100            exit(0);
101        case '?':
102            opt = optopt;
103        /* fall thru to default */
104        default:
105            fprintf(stderr, "FATAL: Unknown option: -%c\n", opt);
106            usage(argv[0]);
107            exit(1);
108        }
109    }
110}
111
112/* Main program for simple authentication.
113   Scans and checks for Squid input, and attempts to validate the user.
114*/
115int
116main(int argc, char **argv)
117{
118    char wstr[HELPER_INPUT_BUFFER];
119    char username[256];
120    char password[256];
121    char *p;
122    int err = 0;
123
124    process_options(argc, argv);
125
126    if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) {
127        fprintf(stderr, "FATAL: can't initialize SSPI, exiting.\n");
128        exit(1);
129    }
130    debug("SSPI initialized OK\n");
131
132    atexit(UnloadSecurityDll);
133
134    /* initialize FDescs */
135    setbuf(stdout, NULL);
136    setbuf(stderr, NULL);
137
138    while (fgets(wstr, HELPER_INPUT_BUFFER, stdin) != NULL) {
139
140        if (NULL == strchr(wstr, '\n')) {
141            err = 1;
142            continue;
143        }
144        if (err) {
145            SEND_ERR("Oversized message");
146            err = 0;
147            fflush(stdout);
148            continue;
149        }
150
151        if ((p = strchr(wstr, '\n')) != NULL)
152            *p = '\0';      /* strip \n */
153        if ((p = strchr(wstr, '\r')) != NULL)
154            *p = '\0';      /* strip \r */
155        /* Clear any current settings */
156        username[0] = '\0';
157        password[0] = '\0';
158        sscanf(wstr, "%s %s", username, password);  /* Extract parameters */
159
160        debug("Got %s from Squid\n", wstr);
161
162        /* Check for invalid or blank entries */
163        if ((username[0] == '\0') || (password[0] == '\0')) {
164            SEND_ERR("Invalid Request");
165            fflush(stdout);
166            continue;
167        }
168        rfc1738_unescape(username);
169        rfc1738_unescape(password);
170
171        debug("Trying to validate; %s %s\n", username, password);
172
173        if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
174            SEND_OK("");
175        else
176            SEND_ERR(errormsg);
177        err = 0;
178        fflush(stdout);
179    }
180    return 0;
181}
182
Note: See TracBrowser for help on using the repository browser.