basic_getpwnam_auth.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /*
10  * basic_getpwnam_auth.c
11  *
12  * AUTHOR: Erik Hofman <erik.hofman@a1.nl>
13  * Robin Elfrink <robin@a1.nl>
14  *
15  * Example authentication program for Squid, based on the
16  * original proxy_auth code from client_side.c, written by
17  * Jon Thackray <jrmt@uk.gdscorp.com>.
18  *
19  * Uses getpwnam() routines for authentication.
20  * This has the following advantages over the NCSA module:
21  *
22  * - Allow authentication of all know local users
23  * - Allows authentication through nsswitch.conf
24  * + can handle NIS(+) requests
25  * + can handle LDAP request
26  * + can handle PAM request
27  *
28  * 2006-07: Giancarlo Razzolini <linux-fan@onda.com.br>
29  *
30  * Added functionality for doing shadow authentication too,
31  * using the getspnam() function on systems that support it.
32  *
33  */
34 
35 #include "squid.h"
36 #include "helper/protocol_defines.h"
37 #include "rfc1738.h"
38 
39 #include <cstdlib>
40 #include <cstring>
41 #if HAVE_UNISTD_H
42 #include <unistd.h>
43 #endif
44 #if HAVE_CRYPT_H
45 #include <crypt.h>
46 #endif
47 #if HAVE_PWD_H
48 #include <pwd.h>
49 #endif
50 #if HAVE_SHADOW_H
51 #include <shadow.h>
52 #endif
53 
54 static int
55 passwd_auth(char *user, char *passwd)
56 {
57  struct passwd *pwd;
58  pwd = getpwnam(user);
59  if (pwd == nullptr) {
60  return 0; /* User does not exist */
61  } else {
62  char *crypted = crypt(passwd, pwd->pw_passwd);
63  if (!crypted || strcmp(pwd->pw_passwd, crypted)) {
64  return 2; /* Wrong password */
65  } else {
66  return 1; /* Authentication Successful */
67  }
68  }
69 }
70 
71 #if HAVE_SHADOW_H
72 static int
73 shadow_auth(char *user, char *passwd)
74 {
75  struct spwd *pwd;
76  pwd = getspnam(user);
77  if (pwd == nullptr) {
78  return passwd_auth(user, passwd); /* Fall back to passwd_auth */
79  } else {
80  char *crypted = crypt(passwd, pwd->sp_pwdp);
81  if (!crypted || strcmp(pwd->sp_pwdp, crypted)) {
82  return 2; /* Wrong password */
83  } else {
84  return 1; /* Authentication Successful */
85  }
86  }
87 }
88 #endif
89 
90 int
91 main(int, char **)
92 {
93  int auth = 0;
94  char buf[HELPER_INPUT_BUFFER];
95  char *user, *passwd, *p;
96 
97  setbuf(stdout, nullptr);
98  while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != nullptr) {
99 
100  if ((p = strchr(buf, '\n')) != nullptr)
101  *p = '\0'; /* strip \n */
102 
103  if ((user = strtok(buf, " ")) == nullptr) {
104  SEND_ERR("No Username");
105  continue;
106  }
107  if ((passwd = strtok(nullptr, "")) == nullptr) {
108  SEND_ERR("No Password");
109  continue;
110  }
111  rfc1738_unescape(user);
112  rfc1738_unescape(passwd);
113 #if HAVE_SHADOW_H
114  auth = shadow_auth(user, passwd);
115 #else
116  auth = passwd_auth(user, passwd);
117 #endif
118  if (auth == 0) {
119  SEND_ERR("No such user");
120  } else {
121  if (auth == 2) {
122  SEND_ERR("Wrong password");
123  } else {
124  SEND_OK("");
125  }
126  }
127  }
128  return EXIT_SUCCESS;
129 }
130 
main
int main(int, char **)
Definition: basic_getpwnam_auth.cc:91
crypt
char * crypt(const char *wort, const char *salt)
Definition: encrypt.c:240
rfc1738_unescape
void rfc1738_unescape(char *url)
Definition: rfc1738.c:146
SEND_ERR
#define SEND_ERR(x)
Definition: protocol_defines.h:54
HELPER_INPUT_BUFFER
#define HELPER_INPUT_BUFFER
Definition: UserRequest.cc:24
passwd_auth
static int passwd_auth(char *user, char *passwd)
Definition: basic_getpwnam_auth.cc:55
protocol_defines.h
SEND_OK
#define SEND_OK(x)
Definition: protocol_defines.h:51

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors