]>
Commit | Line | Data |
---|---|---|
36aa8c36 JR |
1 | Index: squid3/helpers/basic_auth/winbind/wb_basic_auth.c |
2 | diff -c squid3/helpers/basic_auth/winbind/wb_basic_auth.c:1.6 squid3/helpers/basic_auth/winbind/wb_basic_auth.c:1.7 | |
3 | *** squid3/helpers/basic_auth/winbind/wb_basic_auth.c:1.6 Tue Feb 11 07:34:31 2003 | |
4 | --- squid3/helpers/basic_auth/winbind/wb_basic_auth.c Fri Sep 12 04:13:22 2003 | |
5 | *************** | |
6 | *** 31,37 **** | |
7 | char debug_enabled=0; | |
8 | char *myname; | |
9 | pid_t mypid; | |
10 | - int err = 0; | |
11 | ||
12 | NSS_STATUS winbindd_request(int req_type, | |
13 | struct winbindd_request *request, | |
14 | --- 31,36 ---- | |
15 | *************** | |
16 | *** 99,129 **** | |
17 | return; | |
18 | } | |
19 | ||
20 | ! void manage_request(void) | |
21 | { | |
22 | char buf[BUFFER_SIZE+1]; | |
23 | int length; | |
24 | char *c, *user, *pass; | |
25 | ||
26 | ! if (fgets(buf, BUFFER_SIZE, stdin) == NULL) { | |
27 | ! warn("fgets() failed! dying..... errno=%d (%s)\n", errno, | |
28 | ! strerror(errno)); | |
29 | ! exit(1); /* BIIG buffer */ | |
30 | ! } | |
31 | ! | |
32 | c=memchr(buf,'\n',BUFFER_SIZE); | |
33 | if (c) { | |
34 | *c = '\0'; | |
35 | length = c-buf; | |
36 | } else { | |
37 | - err = 1; | |
38 | - return; | |
39 | - } | |
40 | - if (err) { | |
41 | warn("Oversized message\n"); | |
42 | SEND("ERR"); | |
43 | ! err = 0; | |
44 | ! return; | |
45 | } | |
46 | ||
47 | debug("Got '%s' from squid (length: %d).\n",buf,length); | |
48 | --- 98,121 ---- | |
49 | return; | |
50 | } | |
51 | ||
52 | ! int manage_request(void) | |
53 | { | |
54 | char buf[BUFFER_SIZE+1]; | |
55 | int length; | |
56 | char *c, *user, *pass; | |
57 | ||
58 | ! if (fgets(buf, BUFFER_SIZE, stdin) == NULL) | |
59 | ! return 0; | |
60 | ! | |
61 | c=memchr(buf,'\n',BUFFER_SIZE); | |
62 | if (c) { | |
63 | *c = '\0'; | |
64 | length = c-buf; | |
65 | } else { | |
66 | warn("Oversized message\n"); | |
67 | + fgets(buf, BUFFER_SIZE, stdin); | |
68 | SEND("ERR"); | |
69 | ! return 1; | |
70 | } | |
71 | ||
72 | debug("Got '%s' from squid (length: %d).\n",buf,length); | |
73 | *************** | |
74 | *** 131,137 **** | |
75 | if (buf[0] == '\0') { | |
76 | warn("Invalid Request\n"); | |
77 | SEND("ERR"); | |
78 | ! return; | |
79 | } | |
80 | ||
81 | user=buf; | |
82 | --- 123,129 ---- | |
83 | if (buf[0] == '\0') { | |
84 | warn("Invalid Request\n"); | |
85 | SEND("ERR"); | |
86 | ! return 1; | |
87 | } | |
88 | ||
89 | user=buf; | |
90 | *************** | |
91 | *** 140,146 **** | |
92 | if (!pass) { | |
93 | warn("Password not found. Denying access\n"); | |
94 | SEND("ERR"); | |
95 | ! return; | |
96 | } | |
97 | *pass='\0'; | |
98 | pass++; | |
99 | --- 132,138 ---- | |
100 | if (!pass) { | |
101 | warn("Password not found. Denying access\n"); | |
102 | SEND("ERR"); | |
103 | ! return 1; | |
104 | } | |
105 | *pass='\0'; | |
106 | pass++; | |
107 | *************** | |
108 | *** 149,154 **** | |
109 | --- 141,169 ---- | |
110 | rfc1738_unescape(pass); | |
111 | ||
112 | do_authenticate(user,pass); | |
113 | + return 1; | |
114 | + } | |
115 | + | |
116 | + void | |
117 | + check_winbindd() | |
118 | + { | |
119 | + NSS_STATUS r; | |
120 | + int retry=10; | |
121 | + struct winbindd_request request; | |
122 | + struct winbindd_response response; | |
123 | + do { | |
124 | + r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); | |
125 | + if (r != NSS_STATUS_SUCCESS) | |
126 | + retry--; | |
127 | + } while (r != NSS_STATUS_SUCCESS && retry); | |
128 | + if (r != NSS_STATUS_SUCCESS) { | |
129 | + warn("Can't contact winbindd. Dying\n"); | |
130 | + exit(1); | |
131 | + } | |
132 | + if (response.data.interface_version != WINBIND_INTERFACE_VERSION) { | |
133 | + warn("Winbind protocol mismatch. Align squid and samba. Dying\n"); | |
134 | + exit(1); | |
135 | + } | |
136 | } | |
137 | ||
138 | ||
139 | *************** | |
140 | *** 170,177 **** | |
141 | setbuf(stdout, NULL); | |
142 | setbuf(stderr, NULL); | |
143 | ||
144 | ! while(1) { | |
145 | ! manage_request(); | |
146 | } | |
147 | return 0; | |
148 | } | |
149 | --- 185,194 ---- | |
150 | setbuf(stdout, NULL); | |
151 | setbuf(stderr, NULL); | |
152 | ||
153 | ! check_winbindd(); | |
154 | ! | |
155 | ! while(manage_request()) { | |
156 | ! /* everything is done within manage_request */ | |
157 | } | |
158 | return 0; | |
159 | } | |
160 | Index: squid3/helpers/external_acl/winbind_group/wb_check_group.c | |
161 | diff -c squid3/helpers/external_acl/winbind_group/wb_check_group.c:1.11 squid3/helpers/external_acl/winbind_group/wb_check_group.c:1.12 | |
162 | *** squid3/helpers/external_acl/winbind_group/wb_check_group.c:1.11 Sun May 11 07:01:34 2003 | |
163 | --- squid3/helpers/external_acl/winbind_group/wb_check_group.c Fri Sep 12 04:13:23 2003 | |
164 | *************** | |
165 | *** 292,297 **** | |
166 | --- 292,319 ---- | |
167 | return; | |
168 | } | |
169 | ||
170 | + void | |
171 | + check_winbindd() | |
172 | + { | |
173 | + NSS_STATUS r; | |
174 | + int retry=10; | |
175 | + struct winbindd_request request; | |
176 | + struct winbindd_response response; | |
177 | + do { | |
178 | + r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); | |
179 | + if (r != NSS_STATUS_SUCCESS) | |
180 | + retry--; | |
181 | + } while (r != NSS_STATUS_SUCCESS && retry); | |
182 | + if (r != NSS_STATUS_SUCCESS) { | |
183 | + warn("Can't contact winbindd. Dying\n"); | |
184 | + exit(1); | |
185 | + } | |
186 | + if (response.data.interface_version != WINBIND_INTERFACE_VERSION) { | |
187 | + warn("Winbind protocol mismatch. Align squid and samba. Dying\n"); | |
188 | + exit(1); | |
189 | + } | |
190 | + } | |
191 | + | |
192 | int | |
193 | main (int argc, char *argv[]) | |
194 | { | |
195 | *************** | |
196 | *** 323,328 **** | |
197 | --- 345,352 ---- | |
198 | if (use_case_insensitive_compare) | |
199 | debug("Warning: running in case insensitive mode !!!\n"); | |
200 | ||
201 | + check_winbindd(); | |
202 | + | |
203 | /* Main Loop */ | |
204 | while (fgets (buf, BUFSIZE, stdin)) | |
205 | { | |
206 | Index: squid3/helpers/ntlm_auth/winbind/wb_ntlm_auth.c | |
207 | diff -c squid3/helpers/ntlm_auth/winbind/wb_ntlm_auth.c:1.8 squid3/helpers/ntlm_auth/winbind/wb_ntlm_auth.c:1.9 | |
208 | *** squid3/helpers/ntlm_auth/winbind/wb_ntlm_auth.c:1.8 Tue Aug 5 15:40:02 2003 | |
209 | --- squid3/helpers/ntlm_auth/winbind/wb_ntlm_auth.c Fri Sep 12 04:13:25 2003 | |
210 | *************** | |
211 | *** 261,267 **** | |
212 | return; /* useless */ | |
213 | } | |
214 | ||
215 | ! void | |
216 | manage_request(char *target_domain) | |
217 | { | |
218 | char buf[BUFFER_SIZE + 1]; | |
219 | --- 261,267 ---- | |
220 | return; /* useless */ | |
221 | } | |
222 | ||
223 | ! int | |
224 | manage_request(char *target_domain) | |
225 | { | |
226 | char buf[BUFFER_SIZE + 1]; | |
227 | *************** | |
228 | *** 271,288 **** | |
229 | ||
230 | ||
231 | try_again: | |
232 | ! if (fgets(buf, BUFFER_SIZE, stdin) == NULL) { | |
233 | ! warn("fgets() failed! dying..... errno=%d (%s)\n", errno, | |
234 | ! strerror(errno)); | |
235 | ! exit(1); /* BIIG buffer */ | |
236 | ! } | |
237 | ||
238 | c = memchr(buf, '\n', BUFFER_SIZE); | |
239 | if (c) { | |
240 | if (oversized) { | |
241 | helperfail("illegal request received"); | |
242 | warn("Illegal request received: '%s'\n", buf); | |
243 | ! return; | |
244 | } | |
245 | *c = '\0'; | |
246 | } | |
247 | --- 271,285 ---- | |
248 | ||
249 | ||
250 | try_again: | |
251 | ! if (fgets(buf, BUFFER_SIZE, stdin) == NULL) | |
252 | ! return 0; | |
253 | ||
254 | c = memchr(buf, '\n', BUFFER_SIZE); | |
255 | if (c) { | |
256 | if (oversized) { | |
257 | helperfail("illegal request received"); | |
258 | warn("Illegal request received: '%s'\n", buf); | |
259 | ! return 1; | |
260 | } | |
261 | *c = '\0'; | |
262 | } | |
263 | *************** | |
264 | *** 296,339 **** | |
265 | if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ | |
266 | sendchallenge(ntlm_make_challenge(target_domain, NULL, | |
267 | build_challenge(), CHALLENGE_LEN)); | |
268 | ! return; | |
269 | } | |
270 | if (strncmp(buf, "KK ", 3) != 0) { /* not an auth-request */ | |
271 | helperfail("illegal request received"); | |
272 | warn("Illegal request received: '%s'\n", buf); | |
273 | ! return; | |
274 | } | |
275 | /* At this point I'm sure it's a KK */ | |
276 | decoded = base64_decode(buf + 3); | |
277 | if (!decoded) { /* decoding failure, return error */ | |
278 | authfail("-", "-", "Auth-format error, base64-decoding error"); | |
279 | ! return; | |
280 | } | |
281 | fast_header = (struct _ntlmhdr *) decoded; | |
282 | ||
283 | /* sanity-check: it IS a NTLMSSP packet, isn't it? */ | |
284 | if (memcmp(fast_header->signature, "NTLMSSP", 8) != 0) { | |
285 | authfail("-", "-", "Broken NTLM packet, missing NTLMSSP signature"); | |
286 | ! return; | |
287 | } | |
288 | /* Understand what we got */ | |
289 | switch le32toh(fast_header->type) { | |
290 | case NTLM_NEGOTIATE: | |
291 | authfail("-", "-", "Received neg-request while expecting auth packet"); | |
292 | ! return; | |
293 | case NTLM_CHALLENGE: | |
294 | authfail("-", "-", "Received challenge. Refusing to abide"); | |
295 | ! return; | |
296 | case NTLM_AUTHENTICATE: | |
297 | do_authenticate((ntlm_authenticate *) decoded, | |
298 | (strlen(buf) - 3) * 3 / 4); | |
299 | ! return; | |
300 | default: | |
301 | helperfail("Unknown authentication packet type"); | |
302 | ! return; | |
303 | } | |
304 | /* notreached */ | |
305 | ! return; | |
306 | } | |
307 | ||
308 | static char * | |
309 | --- 293,336 ---- | |
310 | if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ | |
311 | sendchallenge(ntlm_make_challenge(target_domain, NULL, | |
312 | build_challenge(), CHALLENGE_LEN)); | |
313 | ! return 1; | |
314 | } | |
315 | if (strncmp(buf, "KK ", 3) != 0) { /* not an auth-request */ | |
316 | helperfail("illegal request received"); | |
317 | warn("Illegal request received: '%s'\n", buf); | |
318 | ! return 1; | |
319 | } | |
320 | /* At this point I'm sure it's a KK */ | |
321 | decoded = base64_decode(buf + 3); | |
322 | if (!decoded) { /* decoding failure, return error */ | |
323 | authfail("-", "-", "Auth-format error, base64-decoding error"); | |
324 | ! return 1; | |
325 | } | |
326 | fast_header = (struct _ntlmhdr *) decoded; | |
327 | ||
328 | /* sanity-check: it IS a NTLMSSP packet, isn't it? */ | |
329 | if (memcmp(fast_header->signature, "NTLMSSP", 8) != 0) { | |
330 | authfail("-", "-", "Broken NTLM packet, missing NTLMSSP signature"); | |
331 | ! return 1; | |
332 | } | |
333 | /* Understand what we got */ | |
334 | switch le32toh(fast_header->type) { | |
335 | case NTLM_NEGOTIATE: | |
336 | authfail("-", "-", "Received neg-request while expecting auth packet"); | |
337 | ! return 1; | |
338 | case NTLM_CHALLENGE: | |
339 | authfail("-", "-", "Received challenge. Refusing to abide"); | |
340 | ! return 1; | |
341 | case NTLM_AUTHENTICATE: | |
342 | do_authenticate((ntlm_authenticate *) decoded, | |
343 | (strlen(buf) - 3) * 3 / 4); | |
344 | ! return 1; | |
345 | default: | |
346 | helperfail("Unknown authentication packet type"); | |
347 | ! return 1; | |
348 | } | |
349 | /* notreached */ | |
350 | ! return 1; | |
351 | } | |
352 | ||
353 | static char * | |
354 | *************** | |
355 | *** 410,418 **** | |
356 | check_winbindd() | |
357 | { | |
358 | NSS_STATUS r; | |
359 | struct winbindd_request request; | |
360 | struct winbindd_response response; | |
361 | ! r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); | |
362 | if (r != NSS_STATUS_SUCCESS) { | |
363 | warn("Can't contact winbindd. Dying\n"); | |
364 | exit(1); | |
365 | --- 407,420 ---- | |
366 | check_winbindd() | |
367 | { | |
368 | NSS_STATUS r; | |
369 | + int retry=10; | |
370 | struct winbindd_request request; | |
371 | struct winbindd_response response; | |
372 | ! do { | |
373 | ! r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); | |
374 | ! if (r != NSS_STATUS_SUCCESS) | |
375 | ! retry--; | |
376 | ! } while (r != NSS_STATUS_SUCCESS && retry); | |
377 | if (r != NSS_STATUS_SUCCESS) { | |
378 | warn("Can't contact winbindd. Dying\n"); | |
379 | exit(1); | |
380 | *************** | |
381 | *** 451,458 **** | |
382 | setbuf(stdout, NULL); | |
383 | setbuf(stderr, NULL); | |
384 | init_random(); | |
385 | ! while (1) { | |
386 | ! manage_request(target_domain); | |
387 | } | |
388 | return 0; | |
389 | } | |
390 | --- 453,460 ---- | |
391 | setbuf(stdout, NULL); | |
392 | setbuf(stderr, NULL); | |
393 | init_random(); | |
394 | ! while (manage_request(target_domain)) { | |
395 | ! /* everything is done within manage_request */ | |
396 | } | |
397 | return 0; | |
398 | } |