Index: squid3/helpers/basic_auth/winbind/wb_basic_auth.c diff -c squid3/helpers/basic_auth/winbind/wb_basic_auth.c:1.6 squid3/helpers/basic_auth/winbind/wb_basic_auth.c:1.7 *** squid3/helpers/basic_auth/winbind/wb_basic_auth.c:1.6 Tue Feb 11 07:34:31 2003 --- squid3/helpers/basic_auth/winbind/wb_basic_auth.c Fri Sep 12 04:13:22 2003 *************** *** 31,37 **** char debug_enabled=0; char *myname; pid_t mypid; - int err = 0; NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, --- 31,36 ---- *************** *** 99,129 **** return; } ! void manage_request(void) { char buf[BUFFER_SIZE+1]; int length; char *c, *user, *pass; ! if (fgets(buf, BUFFER_SIZE, stdin) == NULL) { ! warn("fgets() failed! dying..... errno=%d (%s)\n", errno, ! strerror(errno)); ! exit(1); /* BIIG buffer */ ! } ! c=memchr(buf,'\n',BUFFER_SIZE); if (c) { *c = '\0'; length = c-buf; } else { - err = 1; - return; - } - if (err) { warn("Oversized message\n"); SEND("ERR"); ! err = 0; ! return; } debug("Got '%s' from squid (length: %d).\n",buf,length); --- 98,121 ---- return; } ! int manage_request(void) { char buf[BUFFER_SIZE+1]; int length; char *c, *user, *pass; ! if (fgets(buf, BUFFER_SIZE, stdin) == NULL) ! return 0; ! c=memchr(buf,'\n',BUFFER_SIZE); if (c) { *c = '\0'; length = c-buf; } else { warn("Oversized message\n"); + fgets(buf, BUFFER_SIZE, stdin); SEND("ERR"); ! return 1; } debug("Got '%s' from squid (length: %d).\n",buf,length); *************** *** 131,137 **** if (buf[0] == '\0') { warn("Invalid Request\n"); SEND("ERR"); ! return; } user=buf; --- 123,129 ---- if (buf[0] == '\0') { warn("Invalid Request\n"); SEND("ERR"); ! return 1; } user=buf; *************** *** 140,146 **** if (!pass) { warn("Password not found. Denying access\n"); SEND("ERR"); ! return; } *pass='\0'; pass++; --- 132,138 ---- if (!pass) { warn("Password not found. Denying access\n"); SEND("ERR"); ! return 1; } *pass='\0'; pass++; *************** *** 149,154 **** --- 141,169 ---- rfc1738_unescape(pass); do_authenticate(user,pass); + return 1; + } + + void + check_winbindd() + { + NSS_STATUS r; + int retry=10; + struct winbindd_request request; + struct winbindd_response response; + do { + r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); + if (r != NSS_STATUS_SUCCESS) + retry--; + } while (r != NSS_STATUS_SUCCESS && retry); + if (r != NSS_STATUS_SUCCESS) { + warn("Can't contact winbindd. Dying\n"); + exit(1); + } + if (response.data.interface_version != WINBIND_INTERFACE_VERSION) { + warn("Winbind protocol mismatch. Align squid and samba. Dying\n"); + exit(1); + } } *************** *** 170,177 **** setbuf(stdout, NULL); setbuf(stderr, NULL); ! while(1) { ! manage_request(); } return 0; } --- 185,194 ---- setbuf(stdout, NULL); setbuf(stderr, NULL); ! check_winbindd(); ! ! while(manage_request()) { ! /* everything is done within manage_request */ } return 0; } Index: squid3/helpers/external_acl/winbind_group/wb_check_group.c diff -c squid3/helpers/external_acl/winbind_group/wb_check_group.c:1.11 squid3/helpers/external_acl/winbind_group/wb_check_group.c:1.12 *** squid3/helpers/external_acl/winbind_group/wb_check_group.c:1.11 Sun May 11 07:01:34 2003 --- squid3/helpers/external_acl/winbind_group/wb_check_group.c Fri Sep 12 04:13:23 2003 *************** *** 292,297 **** --- 292,319 ---- return; } + void + check_winbindd() + { + NSS_STATUS r; + int retry=10; + struct winbindd_request request; + struct winbindd_response response; + do { + r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); + if (r != NSS_STATUS_SUCCESS) + retry--; + } while (r != NSS_STATUS_SUCCESS && retry); + if (r != NSS_STATUS_SUCCESS) { + warn("Can't contact winbindd. Dying\n"); + exit(1); + } + if (response.data.interface_version != WINBIND_INTERFACE_VERSION) { + warn("Winbind protocol mismatch. Align squid and samba. Dying\n"); + exit(1); + } + } + int main (int argc, char *argv[]) { *************** *** 323,328 **** --- 345,352 ---- if (use_case_insensitive_compare) debug("Warning: running in case insensitive mode !!!\n"); + check_winbindd(); + /* Main Loop */ while (fgets (buf, BUFSIZE, stdin)) { Index: squid3/helpers/ntlm_auth/winbind/wb_ntlm_auth.c diff -c squid3/helpers/ntlm_auth/winbind/wb_ntlm_auth.c:1.8 squid3/helpers/ntlm_auth/winbind/wb_ntlm_auth.c:1.9 *** squid3/helpers/ntlm_auth/winbind/wb_ntlm_auth.c:1.8 Tue Aug 5 15:40:02 2003 --- squid3/helpers/ntlm_auth/winbind/wb_ntlm_auth.c Fri Sep 12 04:13:25 2003 *************** *** 261,267 **** return; /* useless */ } ! void manage_request(char *target_domain) { char buf[BUFFER_SIZE + 1]; --- 261,267 ---- return; /* useless */ } ! int manage_request(char *target_domain) { char buf[BUFFER_SIZE + 1]; *************** *** 271,288 **** try_again: ! if (fgets(buf, BUFFER_SIZE, stdin) == NULL) { ! warn("fgets() failed! dying..... errno=%d (%s)\n", errno, ! strerror(errno)); ! exit(1); /* BIIG buffer */ ! } c = memchr(buf, '\n', BUFFER_SIZE); if (c) { if (oversized) { helperfail("illegal request received"); warn("Illegal request received: '%s'\n", buf); ! return; } *c = '\0'; } --- 271,285 ---- try_again: ! if (fgets(buf, BUFFER_SIZE, stdin) == NULL) ! return 0; c = memchr(buf, '\n', BUFFER_SIZE); if (c) { if (oversized) { helperfail("illegal request received"); warn("Illegal request received: '%s'\n", buf); ! return 1; } *c = '\0'; } *************** *** 296,339 **** if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ sendchallenge(ntlm_make_challenge(target_domain, NULL, build_challenge(), CHALLENGE_LEN)); ! return; } if (strncmp(buf, "KK ", 3) != 0) { /* not an auth-request */ helperfail("illegal request received"); warn("Illegal request received: '%s'\n", buf); ! return; } /* At this point I'm sure it's a KK */ decoded = base64_decode(buf + 3); if (!decoded) { /* decoding failure, return error */ authfail("-", "-", "Auth-format error, base64-decoding error"); ! return; } fast_header = (struct _ntlmhdr *) decoded; /* sanity-check: it IS a NTLMSSP packet, isn't it? */ if (memcmp(fast_header->signature, "NTLMSSP", 8) != 0) { authfail("-", "-", "Broken NTLM packet, missing NTLMSSP signature"); ! return; } /* Understand what we got */ switch le32toh(fast_header->type) { case NTLM_NEGOTIATE: authfail("-", "-", "Received neg-request while expecting auth packet"); ! return; case NTLM_CHALLENGE: authfail("-", "-", "Received challenge. Refusing to abide"); ! return; case NTLM_AUTHENTICATE: do_authenticate((ntlm_authenticate *) decoded, (strlen(buf) - 3) * 3 / 4); ! return; default: helperfail("Unknown authentication packet type"); ! return; } /* notreached */ ! return; } static char * --- 293,336 ---- if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ sendchallenge(ntlm_make_challenge(target_domain, NULL, build_challenge(), CHALLENGE_LEN)); ! return 1; } if (strncmp(buf, "KK ", 3) != 0) { /* not an auth-request */ helperfail("illegal request received"); warn("Illegal request received: '%s'\n", buf); ! return 1; } /* At this point I'm sure it's a KK */ decoded = base64_decode(buf + 3); if (!decoded) { /* decoding failure, return error */ authfail("-", "-", "Auth-format error, base64-decoding error"); ! return 1; } fast_header = (struct _ntlmhdr *) decoded; /* sanity-check: it IS a NTLMSSP packet, isn't it? */ if (memcmp(fast_header->signature, "NTLMSSP", 8) != 0) { authfail("-", "-", "Broken NTLM packet, missing NTLMSSP signature"); ! return 1; } /* Understand what we got */ switch le32toh(fast_header->type) { case NTLM_NEGOTIATE: authfail("-", "-", "Received neg-request while expecting auth packet"); ! return 1; case NTLM_CHALLENGE: authfail("-", "-", "Received challenge. Refusing to abide"); ! return 1; case NTLM_AUTHENTICATE: do_authenticate((ntlm_authenticate *) decoded, (strlen(buf) - 3) * 3 / 4); ! return 1; default: helperfail("Unknown authentication packet type"); ! return 1; } /* notreached */ ! return 1; } static char * *************** *** 410,418 **** check_winbindd() { NSS_STATUS r; struct winbindd_request request; struct winbindd_response response; ! r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); if (r != NSS_STATUS_SUCCESS) { warn("Can't contact winbindd. Dying\n"); exit(1); --- 407,420 ---- check_winbindd() { NSS_STATUS r; + int retry=10; struct winbindd_request request; struct winbindd_response response; ! do { ! r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); ! if (r != NSS_STATUS_SUCCESS) ! retry--; ! } while (r != NSS_STATUS_SUCCESS && retry); if (r != NSS_STATUS_SUCCESS) { warn("Can't contact winbindd. Dying\n"); exit(1); *************** *** 451,458 **** setbuf(stdout, NULL); setbuf(stderr, NULL); init_random(); ! while (1) { ! manage_request(target_domain); } return 0; } --- 453,460 ---- setbuf(stdout, NULL); setbuf(stderr, NULL); init_random(); ! while (manage_request(target_domain)) { ! /* everything is done within manage_request */ } return 0; }