--------------------- PatchSet 1171 Date: 2001/01/07 14:52:20 Author: rbcollins Branch: auth_rewrite Tag: (none) Log: moved the authentication helpers to be under their related scheme handlers Members: configure.in:1.1.1.3.10.17.2.10->1.1.1.3.10.17.2.11 makefile.in:1.1.1.3.10.3.2.2->1.1.1.3.10.3.2.3 auth_modules/Makefile.in:1.1.10.3.2.1->1.1.10.3.2.2(DEAD) auth_modules/LDAP/Makefile.in:1.1.1.1.10.1->1.1.1.1.10.1.2.1(DEAD) auth_modules/LDAP/README:1.1.1.1->1.1.1.1.26.1(DEAD) auth_modules/LDAP/squid_ldap_auth.c:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/MSNT/COPYING-2.0:1.1.1.1->1.1.1.1.26.1(DEAD) auth_modules/MSNT/Makefile.in:1.1.8.4->1.1.8.4.2.1(DEAD) auth_modules/MSNT/README.html:1.1.4.1->1.1.4.1.2.1(DEAD) auth_modules/MSNT/allowusers.c:1.1.4.1.2.1->1.1.4.1.2.2(DEAD) auth_modules/MSNT/byteorder.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/confload.c:1.1.4.1.2.1->1.1.4.1.2.2(DEAD) auth_modules/MSNT/denyusers.c:1.1.6.2.2.1->1.1.6.2.2.2(DEAD) auth_modules/MSNT/md4.c:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/MSNT/msntauth-v2.0.lsm:1.1.4.1->1.1.4.1.2.1(DEAD) auth_modules/MSNT/msntauth.c:1.1.4.1.2.1->1.1.4.1.2.2(DEAD) auth_modules/MSNT/msntauth.conf:1.1.4.1->1.1.4.1.2.1(DEAD) auth_modules/MSNT/rfcnb-common.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb-error.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb-io.c:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb-io.h:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/MSNT/rfcnb-priv.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb-util.c:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb-util.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb.h:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/MSNT/session.c:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/smbdes.c:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/MSNT/smbencrypt.c:1.1.1.1.10.1.2.2->1.1.1.1.10.1.2.3(DEAD) auth_modules/MSNT/smblib-common.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/smblib-priv.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/smblib-util.c:1.1.1.1.10.1.2.2->1.1.1.1.10.1.2.3(DEAD) auth_modules/MSNT/smblib.c:1.1.1.1.10.2.2.2->1.1.1.1.10.2.2.3(DEAD) auth_modules/MSNT/smblib.c.patch:1.1.2.1->1.1.2.1.2.1(DEAD) auth_modules/MSNT/smblib.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/std-defines.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/std-includes.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/valid.c:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/valid.h:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/NCSA/Makefile.in:1.1.1.1->1.1.1.1.26.1(DEAD) auth_modules/NCSA/ncsa_auth.c:1.1.1.1.30.1->1.1.1.1.30.2(DEAD) auth_modules/PAM/Makefile.in:1.1.1.1.10.2->1.1.1.1.10.2.2.1(DEAD) auth_modules/PAM/pam_auth.c:1.1.1.1.10.1->1.1.1.1.10.1.2.1(DEAD) auth_modules/SMB/COPYING-2.0:1.1.1.1->1.1.1.1.30.1(DEAD) auth_modules/SMB/Changelog:1.1.1.2->1.1.1.2.26.1(DEAD) auth_modules/SMB/Makefile.in:1.1.1.1.12.2->1.1.1.1.12.2.2.1(DEAD) auth_modules/SMB/README:1.1.1.2->1.1.1.2.30.1(DEAD) auth_modules/SMB/smb_auth.c:1.1.1.2.10.1.2.1->1.1.1.2.10.1.2.2(DEAD) auth_modules/SMB/smb_auth.sh:1.1.1.2->1.1.1.2.26.1(DEAD) auth_modules/YP/Makefile.in:1.1.2.1->1.1.2.2(DEAD) auth_modules/YP/nis_support.c:1.1.2.1->1.1.2.2(DEAD) auth_modules/YP/yp_auth.c:1.1.2.1->1.1.2.2(DEAD) auth_modules/getpwnam/Makefile.in:1.1.1.2->1.1.1.2.22.1(DEAD) auth_modules/getpwnam/getpwnam_auth.c:1.1.1.1.30.1->1.1.1.1.30.2(DEAD) auth_modules/multi-domain-NTLM/README.txt:1.1.10.1->1.1.10.1.2.1(DEAD) auth_modules/multi-domain-NTLM/smb_auth.pl:1.1.10.1->1.1.10.1.2.1(DEAD) ntlm_auth_modules/Makefile.in:1.1.2.1.2.2->1.1.2.1.2.3(DEAD) ntlm_auth_modules/NTLMSSP/Makefile.in:1.1.2.3.2.3->1.1.2.3.2.4(DEAD) ntlm_auth_modules/NTLMSSP/libntlmssp.c:1.1.2.12.2.8->1.1.2.12.2.9(DEAD) ntlm_auth_modules/NTLMSSP/ntlm.h:1.1.2.12.2.8->1.1.2.12.2.9(DEAD) ntlm_auth_modules/NTLMSSP/ntlm_auth.c:1.1.2.10.2.8->1.1.2.10.2.9(DEAD) ntlm_auth_modules/NTLMSSP/smbval/Makefile.in:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/byteorder.h:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/md4.c:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/md4.h:1.1.2.3->1.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-common.h:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-error.h:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-io.c:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-io.h:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-priv.h:1.1.2.2.2.4->1.1.2.2.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-util.c:1.1.2.1.2.5->1.1.2.1.2.6(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-util.h:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb.h:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/session.c:1.1.2.1.2.5->1.1.2.1.2.6(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smbdes.c:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smbdes.h:1.1.2.4->1.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smbencrypt.c:1.1.2.1.2.5->1.1.2.1.2.6(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smbencrypt.h:1.1.2.4->1.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smblib-common.h:1.1.2.2.2.3->1.1.2.2.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smblib-priv.h:1.1.2.2.2.5->1.1.2.2.2.6(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smblib-util.c:1.1.2.1.2.6->1.1.2.1.2.7(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smblib.c:1.1.2.6.2.6->1.1.2.6.2.7(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smblib.h:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/std-defines.h:1.1.2.3.2.3->1.1.2.3.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/std-includes.h:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/valid.c:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/valid.h:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/fakeauth/Makefile.in:1.1.2.1.2.2->1.1.2.1.2.3(DEAD) ntlm_auth_modules/fakeauth/fakeauth_auth.c:1.1.2.6.2.8->1.1.2.6.2.9(DEAD) ntlm_auth_modules/fakeauth/ntlm.h:1.1.2.3.2.3->1.1.2.3.2.4(DEAD) ntlm_auth_modules/no_check/Makefile.in:1.1.2.1.2.2->1.1.2.1.2.3(DEAD) ntlm_auth_modules/no_check/README.no_check_ntlm_auth:1.1.2.1.2.2->1.1.2.1.2.3(DEAD) ntlm_auth_modules/no_check/no_check:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) src/auth/basic/Makefile.in:1.1.2.2->1.1.2.3 src/auth/basic/helpers/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/LDAP/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/LDAP/README:1.1->1.1.2.1 src/auth/basic/helpers/LDAP/squid_ldap_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/COPYING-2.0:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/README.html:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/allowusers.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/byteorder.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/confload.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/denyusers.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/md4.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/msntauth-v2.0.lsm:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/msntauth.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/msntauth.conf:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-common.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-error.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-io.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-io.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-priv.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-util.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-util.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/session.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smbdes.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smbencrypt.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib-common.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib-priv.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib-util.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib.c.patch:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/std-defines.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/std-includes.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/valid.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/valid.h:1.1->1.1.2.1 src/auth/basic/helpers/NCSA/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/NCSA/ncsa_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/PAM/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/PAM/pam_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/SMB/COPYING-2.0:1.1->1.1.2.1 src/auth/basic/helpers/SMB/Changelog:1.1->1.1.2.1 src/auth/basic/helpers/SMB/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/SMB/README:1.1->1.1.2.1 src/auth/basic/helpers/SMB/smb_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/SMB/smb_auth.sh:1.1->1.1.2.1 src/auth/basic/helpers/YP/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/YP/nis_support.c:1.1->1.1.2.1 src/auth/basic/helpers/YP/yp_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/getpwnam/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/getpwnam/getpwnam_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/multi-domain-NTLM/README.txt:1.1->1.1.2.1 src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl:1.1->1.1.2.1 src/auth/ntlm/Makefile.in:1.1.2.4->1.1.2.5 src/auth/ntlm/helpers/Makefile.in:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/Makefile.in:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/libntlmssp.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/ntlm.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/Makefile.in:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/byteorder.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/md4.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/md4.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-common.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-error.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-io.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-io.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-priv.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-util.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-util.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/session.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smbdes.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smbdes.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smbencrypt.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smbencrypt.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smblib-common.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smblib-priv.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smblib-util.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smblib.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smblib.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/std-defines.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/std-includes.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/valid.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/valid.h:1.1->1.1.2.1 src/auth/ntlm/helpers/fakeauth/Makefile.in:1.1->1.1.2.1 src/auth/ntlm/helpers/fakeauth/fakeauth_auth.c:1.1->1.1.2.1 src/auth/ntlm/helpers/fakeauth/ntlm.h:1.1->1.1.2.1 src/auth/ntlm/helpers/no_check/Makefile.in:1.1->1.1.2.1 src/auth/ntlm/helpers/no_check/README.no_check_ntlm_auth:1.1->1.1.2.1 src/auth/ntlm/helpers/no_check/no_check:1.1->1.1.2.1 Index: squid/configure.in =================================================================== RCS file: /cvsroot/squid-sf//squid/configure.in,v retrieving revision 1.1.1.3.10.17.2.10 retrieving revision 1.1.1.3.10.17.2.11 diff -u -r1.1.1.3.10.17.2.10 -r1.1.1.3.10.17.2.11 --- squid/configure.in 7 Jan 2001 07:22:03 -0000 1.1.1.3.10.17.2.10 +++ squid/configure.in 7 Jan 2001 14:52:20 -0000 1.1.1.3.10.17.2.11 @@ -3,13 +3,13 @@ dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.1.1.3.10.17.2.10 2001/01/07 07:22:03 hno Exp $ +dnl $Id: configure.in,v 1.1.1.3.10.17.2.11 2001/01/07 14:52:20 rbcollins Exp $ dnl dnl dnl AC_INIT(src/main.c) AC_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.1.1.3.10.17.2.10 $)dnl +AC_REVISION($Revision: 1.1.1.3.10.17.2.11 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AC_CONFIG_AUX_DIR(cfgaux) @@ -710,81 +710,81 @@ AUTH_LIBS="`echo $AUTH_OBJS|sed -e's%auth/%%g'`" AC_SUBST(AUTH_LIBS) -dnl Select basic auth scheme modules to build -BASIC_AUTH_MODULES="" +dnl Select basic auth scheme helpers to build +BASIC_AUTH_HELPERS="" AC_ARG_ENABLE(auth-modules, [ --enable-auth-modules=\"list of helpers\" Backwards compability alias for - --enable-basic-auth-modules], + --enable-basic-auth-helpers], [ echo "--enable-auth-modules is obsolete. Please use the new" - echo "option --enable-basic-auth-modules" + echo "option --enable-basic-auth-helpers" sleep 5 case "$enableval" in yes) - for module in $srcdir/auth_modules/*; do - if test -f $module/Makefile.in; then - AUTH_BASIC_MODULES="$AUTH_BASIC_MODULES `basename $module`" + for helper in $srcdir/src/auth/basic/helpers/*; do + if test -f $helper/Makefile.in; then + AUTH_BASIC_HELPERS="$AUTH_BASIC_HELPERS `basename $helper`" fi done ;; no) ;; *) - AUTH_BASIC_MODULES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" + AUTH_BASIC_HELPERS="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" esac ]) -AC_ARG_ENABLE(basic-auth-modules, -[ --enable-basic-auth-modules=\"list of helpers\" +AC_ARG_ENABLE(basic-auth-helpers, +[ --enable-basic-auth-helpers=\"list of helpers\" This option selects which basic scheme proxy_auth - helper modules to build and install as part of - the normal build process. For a list of available - helpers see the auth_modules directory.], + helpers to build and install as part of the normal + build process. For a list of available + helpers see the src/auth/basic/helpers directory.], [ case "$enableval" in yes) - BASIC_AUTH_MODULES="" - for module in $srcdir/auth_modules/*; do - if test -f $module/Makefile.in; then - AUTH_BASIC_MODULES="$AUTH_BASIC_MODULES `basename $module`" + BASIC_AUTH_HELPERS="" + for helper in $srcdir/src/auth/basic/helpers/*; do + if test -f $helper/Makefile.in; then + AUTH_BASIC_HELPERS="$AUTH_BASIC_HELPERS `basename $helper`" fi done ;; no) ;; *) - AUTH_BASIC_MODULES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" + AUTH_BASIC_HELPERS="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" esac ]) -if test -n "$AUTH_BASIC_MODULES"; then - echo "Basic auth modules built: $AUTH_BASIC_MODULES" +if test -n "$AUTH_BASIC_HELPERS"; then + echo "Basic auth helpers built: $AUTH_BASIC_HELPERS" fi -AC_SUBST(AUTH_BASIC_MODULES) +AC_SUBST(AUTH_BASIC_HELPERS) -dnl Select ntlm auth modules to build -NTLM_AUTH_MODULES= -AC_ARG_ENABLE(ntlm-auth-modules, -[ --enable-ntlm-auth-modules=\"list of modules\" - This option selects which proxy_auth ntlm helper - modules to build and install as part of the normal - build process. For a list of available modules see - the ntlm_auth_modules directory.], +dnl Select ntlm auth helpers to build +NTLM_AUTH_HELPERS= +AC_ARG_ENABLE(ntlm-auth-helpers, +[ --enable-ntlm-auth-helpers=\"list of helpers\" + This option selects which proxy_auth ntlm helpers + to build and install as part of the normal build + process. For a list of available modules see + the src/auth/ntlm/helpers directory.], [ case "$enableval" in yes) - for module in $srcdir/ntlm_auth_modules/*; do - if test -f $module/Makefile.in; then - NTLM_AUTH_MODULES="$NTLM_AUTH_MODULES `basename $module`" + for helper in $srcdir/src/auth/ntlm/helpers/*; do + if test -f $helper/Makefile.in; then + NTLM_AUTH_HELPERS="$NTLM_AUTH_HELPERS `basename $helper`" fi done ;; no) ;; *) - NTLM_AUTH_MODULES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" + NTLM_AUTH_HELPERS="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" esac ]) -if test -n "$NTLM_AUTH_MODULES"; then - echo "NTLM auth modules built: $NTLM_AUTH_MODULES" +if test -n "$NTLM_AUTH_HELPERS"; then + echo "NTLM auth helpers built: $NTLM_AUTH_HELPERS" fi -AC_SUBST(NTLM_AUTH_MODULES) +AC_SUBST(NTLM_AUTH_HELPERS) dnl Disable "unlinkd" code @@ -1801,20 +1801,20 @@ fi done -AUTH_MAKEFILES="" -for module in $srcdir/auth_modules/*; do - if test -f $module/Makefile.in; then - AUTH_MAKEFILES="$AUTH_MAKEFILES ./auth_modules/`basename $module`/Makefile" +BASIC_AUTH_MAKEFILES="" +for helper in $srcdir/src/auth/basic/helpers/*; do + if test -f $helper/Makefile.in; then + BASIC_AUTH_MAKEFILES="$BASIC_AUTH_MAKEFILES ./src/auth/basic/helpers/`basename $helper`/Makefile" fi done NTLM_AUTH_MAKEFILES="" -for module in $srcdir/ntlm_auth_modules/*; do - if test -f $module/Makefile.in; then - NTLM_AUTH_MAKEFILES="$NTLM_AUTH_MAKEFILES ./ntlm_auth_modules/`basename $module`/Makefile" - for submodule in $module/*; do +for helper in $srcdir/src/auth/ntlm/helpers/*; do + if test -f $helper/Makefile.in; then + NTLM_AUTH_MAKEFILES="$NTLM_AUTH_MAKEFILES ./src/auth/ntlm/helpers/`basename $helper`/Makefile" + for submodule in $helper/*; do if test -f $submodule/Makefile.in; then - NTLM_AUTH_MAKEFILES="$NTLM_AUTH_MAKEFILES ./ntlm_auth_modules/`basename $module`/`basename $submodule`/Makefile" + NTLM_AUTH_MAKEFILES="$NTLM_AUTH_MAKEFILES ./src/auth/ntlm/helpers/`basename $helper`/`basename $submodule`/Makefile" fi done fi @@ -1833,14 +1833,14 @@ $FS_MAKEFILES \ ./src/repl/Makefile \ $REPL_MAKEFILES \ + ./src/auth/Makefile \ + $AUTH_SCHEME_MAKEFILES \ + ./src/auth/basic/helpers/Makefile \ + $BASIC_AUTH_MAKEFILES \ + ./src/auth/ntlm/helpers/Makefile \ + $NTLM_AUTH_MAKEFILES \ ./contrib/Makefile \ $SNMP_MAKEFILE \ ./icons/Makefile \ ./errors/Makefile \ - ./src/auth/Makefile \ - $AUTH_SCHEME_MAKEFILES \ - ./auth_modules/Makefile \ - $AUTH_MAKEFILES \ - ./ntlm_auth_modules/Makefile \ - $NTLM_AUTH_MAKEFILES \ ) Index: squid/makefile.in =================================================================== RCS file: /cvsroot/squid-sf//squid/Attic/makefile.in,v retrieving revision 1.1.1.3.10.3.2.2 retrieving revision 1.1.1.3.10.3.2.3 diff -u -r1.1.1.3.10.3.2.2 -r1.1.1.3.10.3.2.3 --- squid/makefile.in 7 Jan 2001 02:44:54 -0000 1.1.1.3.10.3.2.2 +++ squid/makefile.in 7 Jan 2001 14:52:20 -0000 1.1.1.3.10.3.2.3 @@ -1,4 +1,4 @@ -# $Id: makefile.in,v 1.1.1.3.10.3.2.2 2001/01/07 02:44:54 rbcollins Exp $ +# $Id: makefile.in,v 1.1.1.3.10.3.2.3 2001/01/07 14:52:20 rbcollins Exp $ # srcdir = @srcdir@ @@ -14,7 +14,7 @@ prefix = @prefix@ exec_prefix = @exec_prefix@ -SUBDIRS = lib @makesnmplib@ scripts src icons errors auth_modules ntlm_auth_modules +SUBDIRS = lib @makesnmplib@ scripts src icons errors auth_modules noargs: all --- squid/auth_modules/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,38 +0,0 @@ -# Makefile for storage modules in the Squid Object Cache server -# -# $Id$ -# - -# The 'nop' is in the SUBDIRS list because some Unixes that can't -# handle empty for lists. - -SUBDIRS = @AUTH_BASIC_MODULES@ nop - -all: - @for dir in $(SUBDIRS); do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) all" || exit 1; \ - fi; \ - done; - -clean: - -for dir in *; do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) clean"; \ - fi; \ - done - -distclean: - -rm -f Makefile - -for dir in *; do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) distclean"; \ - fi; \ - done - -.DEFAULT: - @for dir in $(SUBDIRS); do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) $@" || exit 1; \ - fi; \ - done; --- squid/auth_modules/LDAP/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,76 +0,0 @@ - -OBJS = squid_ldap_auth.o -LIBS = -lldap -llber -LDAP_EXE = squid_ldap_auth - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -cgi_suffix = @cgi_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -libexecdir = @libexecdir@ -sysconfdir = @sysconfdir@ -localstatedir = @localstatedir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -INSTALL_FILE = @INSTALL_DATA@ -INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 -RANLIB = @RANLIB@ -LN_S = @LN_S@ -PERL = @PERL@ -CRYPTLIB = @CRYPTLIB@ -REGEXLIB = @REGEXLIB@ -PTHREADLIB = @PTHREADLIB@ -MALLOCLIB = @LIB_MALLOC@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh - - -all: $(LDAP_EXE) - -$(LDAP_EXE): $(OBJS) - $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(XTRA_LIBS) - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(libexecdir); then \ - echo "mkdir $(libexecdir)"; \ - mkdir $(libexecdir); \ - fi - -# Michael Lupp wants to know about additions -# to the install target. -install: all install-mkdirs - @for f in $(LDAP_EXE); do \ - if test -f $(libexecdir)/$$f; then \ - echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(libexecdir); \ - $(INSTALL_BIN) $$f $(libexecdir); \ - if test -f $(libexecdir)/-$$f; then \ - echo $(RM) -f $(libexecdir)/-$$f; \ - $(RM) -f $(libexecdir)/-$$f; \ - fi; \ - done - -clean: - -$(RM) -f $(OBJS) - -$(RM) -f $(LDAP_EXE) - -distclean: clean - -$(RM) -f Makefile --- squid/auth_modules/LDAP/README Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,8 +0,0 @@ -This LDAP Authentication code is written by Glen Newton -. - -Please see his Web page at: -http://orca.cisti.nrc.ca/~gnewton/opensource/squid_ldap_auth/ - -In order to use squid_ldap_auth, you will also need to install -the OpenLDAP libraries (ldap lber) from http://www.openldap.org. --- squid/auth_modules/LDAP/squid_ldap_auth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,97 +0,0 @@ -/* - * - * squid_ldap_auth: authentication via ldap for squid proxy server - * - * Author: Glen Newton - * glen.newton@nrc.ca - * Advanced Services - * CISTI - * National Research Council - * - * Usage: squid_ldap_auth - * - * Dependencies: You need to get the OpenLDAP libraries - * from http://www.openldap.org - * - * License: squid_ldap_auth is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2, - * or (at your option) any later version. - */ - -#include -#include -#include -#include -#include - -/* Change this to your search base */ -#define SEARCHBASE "ou=people,o=nrc.ca" - -int checkLDAP(LDAP * ld, char *userid, char *password); - -int -main(int argc, char **argv) -{ - char buf[256]; - char *user, *passwd, *p; - char *ldapServer; - LDAP *ld; - LDAPMessage *result, *e; - - setbuf(stdout, NULL); - - if (argc != 2) { - fprintf(stderr, "Usage: squid_ldap_auth ldap_server_name\n"); - exit(1); - } - ldapServer = (char *) argv[1]; - - while (fgets(buf, 256, stdin) != NULL) { - /* You can put this ldap connect outside the loop, but i didn't want to - * have the connection open too much. If you have a site which will - * be doing >1 authentication per second, you should move this (and the - * below ldap_unbind()) outside the loop. - */ - if ((ld = ldap_init(ldapServer, LDAP_PORT)) == NULL) { - fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", - ldapServer, LDAP_PORT); - exit(1); - } - if ((p = strchr(buf, '\n')) != NULL) - *p = '\0'; /* strip \n */ - - if ((user = strtok(buf, " ")) == NULL) { - printf("ERR\n"); - continue; - } - if ((passwd = strtok(NULL, "")) == NULL) { - printf("ERR\n"); - continue; - } - if (checkLDAP(ld, user, passwd) != 0) { - printf("ERR\n"); - continue; - } else { - printf("OK\n"); - } - ldap_unbind(ld); - } -} - - - -int -checkLDAP(LDAP * ld, char *userid, char *password) -{ - char str[256]; - - /*sprintf(str,"uid=[%s][%s], %s",userid, password, SEARCHBASE); */ - sprintf(str, "uid=%s, %s", userid, SEARCHBASE); - - if (ldap_simple_bind_s(ld, str, password) != LDAP_SUCCESS) { - /*fprintf(stderr, "\nUnable to bind\n"); */ - return 33; - } - return 0; -} --- squid/auth_modules/MSNT/COPYING-2.0 Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,341 +0,0 @@ - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 675 Mass Ave, Cambridge, MA 02139, USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - Appendix: How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) 19yy - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) 19yy name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General -Public License instead of this License. - --- squid/auth_modules/MSNT/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,98 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id$ -# -# Uncomment and customize the following to suit your needs: -# - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -cgi_suffix = @cgi_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -libexecdir = @libexecdir@ -sysconfdir = @sysconfdir@ -localstatedir = @localstatedir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -# Gotta love the DOS legacy -# -AUTH_EXE = msnt_auth$(exec_suffix) - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -INSTALL_FILE = @INSTALL_DATA@ -INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 -RANLIB = @RANLIB@ -LN_S = @LN_S@ -PERL = @PERL@ -CRYPTLIB = @CRYPTLIB@ -REGEXLIB = @REGEXLIB@ -PTHREADLIB = @PTHREADLIB@ -SNMPLIB = @SNMPLIB@ -MALLOCLIB = @LIB_MALLOC@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh -DEFINES = - -INCLUDE = -I. -I../../include -I$(top_srcdir)/include -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -AUTH_LIBS = $(XTRA_LIBS) - -LIBPROGS = $(AUTH_EXE) -OBJS = md4.o rfcnb-io.o rfcnb-util.o session.o msntauth.o \ - smbdes.o smbencrypt.o smblib-util.o smblib.o \ - valid.o denyusers.o allowusers.o confload.o - -all: $(AUTH_EXE) - -$(AUTH_EXE): $(OBJS) - $(CC) $(LDFLAGS) $(OBJS) -o $@ $(AUTH_LIBS) - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(libexecdir); then \ - echo "mkdir $(libexecdir)"; \ - mkdir $(libexecdir); \ - fi - -# Michael Lupp wants to know about additions -# to the install target. -install: all install-mkdirs - @for f in $(LIBPROGS); do \ - if test -f $(libexecdir)/$$f; then \ - echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(libexecdir); \ - $(INSTALL_BIN) $$f $(libexecdir); \ - if test -f $(libexecdir)/-$$f; then \ - echo $(RM) -f $(libexecdir)/-$$f; \ - $(RM) -f $(libexecdir)/-$$f; \ - fi; \ - done - -clean: - -rm -rf *.o *.a *pure_* core $(LIBPROGS) - -distclean: clean - -rm -f Makefile - -tags: - ctags *.[ch] - -depend: - $(MAKEDEPEND) -fMakefile *.c --- squid/auth_modules/MSNT/README.html Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,317 +0,0 @@ - - -MSNTAUTH readme - - - - - -

-MSNT Auth v2.0.1
-Squid web proxy Authentication module
-Antonino Iannella, Stellar-X Pty Ltd
-Fri Sep 29 15:53:33 CST 2000 -

- -

Contents

- - - -

Introduction

- -

-This is an authentication module for the Squid proxy server -to authenticate users on an NT domain. - -

-It originates from the Samba and SMB packages by Andrew Tridgell -and Richard Sharpe. This version is sourced from the Pike -authentication module by William Welliver (hwellive@intersil.com). - -

-Usage is simple. It accepts a username and password on standard input -and will return OK if the username/password is valid for the domain, -or ERR if there was some problem. -Check syslog messages for reported problems. - -

-Msntauth is released under the GNU General Public License and -is available from http://stellarx.tripod.com. - -

Installation

- -

-Make any changes to the source code you need. - -

-Type 'make', then 'make install', then 'make clean'. - -

-To avoid using the makefile, it may compile with - - gcc -O2 -s -o msntauth *.c - -

-'Make install' will put 'msntauth' into -/usr/local/squid/bin by default. - -

-Hopefully nobody has problems compiling msntauth. -In the future I plan to use GNU automake. - -

Other compiling issues

- -

-The Makefile uses the GCC compiler, and assumes that it is in the current PATH. -Msntauth is known to compile properly on Redhat Linux 6, and FreeBSD 3.1 -without problems. Other operating systems are untested, -but use a recent copy of the GNU C compiler. -Smbencrypt.c has the '#include ' line commented out. -Remove the comment for S5R4 systems, like Solaris. - -

-When compiling under Solaris, the socket libraries must be linked to. -In the Makefile, hash the default CFLAGS line, and unhash the Solaris -CFLAGS line. It always helps to have /usr/ccs/bin in your path -prior to compiling. - -

Configuration file

- -

-Msntauth uses a configuration file which is a break from previous -releases. The file is /usr/local/squid/etc/msntauth.conf. -If this needs to be changed, it is defined in confload.h. - -

-An example configuration file is provided. It looks like - -

-# Sample MSNT authenticator configuration file
-# Antonino Iannella, Stellar-X Pty Ltd
-# Tue Sep 26 17:26:59 CST 2000
-
-server my_PDC           my_BDC          my_NTdomain
-server other_PDC        other_BDC       otherdomain
-
-denyusers       /usr/local/squid/etc/denyusers
-allowusers      /usr/local/squid/etc/allowusers
-
- -

-All comments start with '#'. - -

-NT servers are used to query user accounts. The 'server' lines -are used for this, with the PDC, BDC, and NT domain as parameters. -Up to 5 servers/domains can be queried. If this is not enough -modify the MAXSERVERS define in confload.h. -At least one server must be specified, or msntauth will not -run. - -

-When a user provides a username/password, each of these -servers will be queried to authenticate the username. -It stops after a user has been successfully authenticated, -so it makes sense to specify the most commonly queried -server first. Make sure the servers can be reached and -are active, or else msntauth will start failing user accounts! - -

-The 'denyusers' and 'allowusers' lines give the absolute path -to files of user accounts. They can be used to deny or allow -access to the proxy. Do not use these directives if you -do not need these features. - -

Denying users

- -

-Users who are not allowed to access the web proxy can be added to -the denied user list. This list is read around every minute, or when -the msntauth process receives a SIGHUP signal. - -

-The denied user file is set using the 'denyusers' directive -in msntauth.h. The denied user file -contains a list of usernames in no particular structure or form. -If the file does not exist, no users are denied. -The file must be readable by the web proxy user. - -

-Msntauth will send syslog messages if a user was denied, -at LOG_USER facility. - -

Allowing users

- -

-Similar to denying users, you can allow users to access the proxy -by username. This is useful if only a number of people are -allowed supposed to be accessing a proxy. - -

-The allowed user file is set using the 'allowusers' directive -in msntauth.h. -If the file does not exist or if empty, all users are allowed. - -

-You could make use of the SHOWMBRS tool in Microsoft Technet. -This gives you a list of users which are in a particular -NT Domain Group. This list can be made into the allowed users -file. - -

-Some other rules - - -

    -
  1. The operation of the denied user file is independent of the -allowed user file. The former file is checked first. -
  2. You can use none, one, or both files. -
  3. If a username appears in the denied user file, they will -be denied, even if they are in the allowed user file. -
  4. If a username is not in either file, they will be denied, -because they have not been allowed. -
  5. If the allowed user file is in use and is empty, all -users will be allowed. -
- -

-Hopefully this wasn't too confusing. - -

Squid.conf changes

- -

-Refer to Squid documentation for the required changes to squid.conf. -You will need to set the following lines to enable authentication for -your access list - - -

-  acl  proxy_auth REQUIRED
-  http_access allow password
-  http_access allow 
-  http_access deny all
-
-
- -

-You will also need to review the following directives - - -

-  proxy_auth_realm enterprise web gateway
-  authenticate_program /usr/local/squid/bin/msntauth
-  authenticate_ttl 5
-  authenticate_children 20
-
- -

Testing

- -

-I strongly urge that Msntauth is tested prior to being used in a -production environment. It may behave differently on different platforms. -To test it, run it from the command line. Enter username and password -pairs separated by a space. - -

-It should behave in the following way - -

- - Press ENTER to get an OK or ERR message.
- - Make sure pressing CTRL-D behaves the same as a carriage return.
- - Make sure pressing CTRL-C aborts the program.
- - Test that entering no details does not result in an OK or ERR message.
- - Test that entering an invalid username and password results in
-   an ERR message. Note that if NT guest user access is allowed on
-   the PDC, an OK message may be returned instead of ERR.
- - Test that entering an valid username and password results in an OK message.
-   Try usernames which are and aren't in the denied/allowed user files,
-   if they're in use.
- - Test that entering a guest username and password returns the correct response.
-
- -

-If the above didn't work as expected, you may need to modify the main() -function in msntauth.c. Inform the maintainer of any problems. - -

Contact details

- -

-To contact the maintainer of this package, email Antonino Iannella -at antonino@usa.net, antonino.iannella@usa.net, or -antonino.iannella@camtech.com.au. - -

-The latest version may be found on http://members.tripod.com/stellarx. -It is also distributed as part of Squid. - -

Reported problem

- -

-For an unknown username, Msntauth returns OK. -This is because the PDC returns guest access for unknown users, -even if guest access is disabled. -This problem was reported by Mr Vadim Popov (vap@iilsr.minsk.by). -I am not able to replicate this. - -

-The tested environment consisted of PDC on Windows NT 4, SP 6. -Squid 2.3 and Msntauth was tested on SuSe, RedHat, and Debian Linux. -A fix was provided in case you have this problem. -Apply the provided patch before compiling, using - -

-  patch smblib.c < smblib.c.patch
-
- -

Known limitation

- -

-Usernames are checked if they are allowed or denied. If a username -is found as a substring of a different username in these files, -the user will be affected somehow. For example, if 'jpeterman' has -been explicitly denied in the denyusers file, then 'jpeter' who -is trying to use the proxy, will be denied. If this causes anyone -any problems, then I'll fix it. - -

-As of version 2.0.1, this problem has been fixed. - -

Changes since last revision

- -

-The following list of changes have been made to improve msntauth. -I have not had a chance to do too much testing due -to lack of resources. There should be no problems, though. - -

    -
  • Added many patches from Duane Wessels to stop compilation errors (?) -
  • Improved the main() function yet again -
  • Created a more informative Makefile -
  • Added an 'allowed users' feature to complement the 'denied users' feature -
  • Stopped the use of alarm() which was causing problems under Solaris -
  • Added more syslog messages for authentication problems -
  • Added the use of a configuration file, instead of hard-coding NT server details -
  • Allowed for querying multiple NT servers and domains (this was a hot issue) -
  • Changed README into an HTML document to improve readability -
  • Didn't make use of GNU autoconf. I will in future, I promise. -
  • Removed denied/allowed username substring search limitation. -
- -

-Hopefully msntauth and Squid is now a more valuable product. -Feel free to send me success or problem stories. - - - --- squid/auth_modules/MSNT/allowusers.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,192 +0,0 @@ - -/* - * allowusers.c - * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd - * Released under GPL, see COPYING-2.0 for details. - * - * These routines are to allow users attempting to use the proxy which - * have been explicitly allowed by the system administrator. - * The code originated from denyusers.c. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define NAMELEN 50 /* Maximum username length */ - -/* Global variables */ - -char *AllowedUsers; /* Pointer to string of allowed users */ -off_t AllowUserSize; /* Size of allowed users file */ -struct stat FileBuf; /* Stat data buffer */ -time_t LastModTime; /* Last allowed user file modification time */ - -char Allowuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */ - -/* Function declarations */ - -int Read_allowusers(); -int Check_ifuserallowed(char *); -void Checkforchange(); -void Checktimer(); - -/* - * Reads the allowed users file for all users to be permitted. - * Returns 0 if the user list was successfully loaded, - * and 1 in case of error. - * Logs any messages to the syslog daemon. - */ - -int -Read_allowusers() -{ - FILE *AFile; /* Allowed users file pointer */ - off_t APos = 0; /* File counter */ - char AChar; /* Character buffer */ - - /* Stat the file. If it does not exist, save the size as zero. - * Clear the allowed user string. Return. */ - if (stat(Allowuserpath, &FileBuf) == -1) { - if (errno == ENOENT) { - LastModTime = (time_t) 0; - AllowUserSize = 0; - free(AllowedUsers); - AllowedUsers = malloc(sizeof(char)); - AllowedUsers[0] = '\0'; - return 0; - } else { - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return 1; - } - } - /* If it exists, save the modification time and size */ - LastModTime = FileBuf.st_mtime; - AllowUserSize = FileBuf.st_size; - - /* Handle the special case of a zero length file */ - if (AllowUserSize == 0) { - free(AllowedUsers); - AllowedUsers = malloc(sizeof(char)); - AllowedUsers[0] = '\0'; - return 0; - } - /* Free and allocate space for a string to store the allowed usernames */ - free(AllowedUsers); - - if ((AllowedUsers = malloc(sizeof(char) * (AllowUserSize + 3))) == NULL) { - syslog(LOG_USER | LOG_ERR, "Read_allowusers: malloc(AllowedUsers) failed."); - return 1; - } - /* Open the allowed users file. Report any errors. */ - - if ((AFile = fopen(Allowuserpath, "r")) == NULL) { - syslog(LOG_USER | LOG_ERR, "Read_allowusers: Failed to open allowed user file."); - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return 1; - } - /* Read user names into the AllowedUsers string. - * Make sure each string is delimited by a space. */ - - AllowedUsers[APos++] = ' '; - - while (!feof(AFile)) { - if ((AChar = fgetc(AFile)) == EOF) - break; - else { - if (isspace(AChar)) - AllowedUsers[APos++] = ' '; - else - AllowedUsers[APos++] = toupper(AChar); - } - } - - AllowedUsers[APos++] = ' '; - AllowedUsers[APos] = '\0'; - fclose(AFile); - return 0; -} - -/* - * Check to see if the username provided by Squid appears in the allowed - * user list. Returns 0 if the user was not found, and 1 if they were. - */ - -int -Check_ifuserallowed(char *ConnectingUser) -{ - static char CUBuf[NAMELEN + 1]; - static int x; - static char AllowMsg[256]; - - /* If user string is empty, allow */ - if (ConnectingUser[0] == '\0') - return 1; - - /* If allowed user list is empty, allow all users. - * If no users are supposed to be using the proxy, stop squid instead. */ - if (AllowUserSize == 0) - return 1; - - /* Check if username string is found in the allowed user list. - * If so, allow. If not, deny. Reconstruct the username - * to have whitespace, to avoid finding wrong string subsets. */ - - sscanf(ConnectingUser, " %s ", CUBuf); - sprintf(CUBuf, " %s ", CUBuf); - - for (x = 0; x <= strlen(CUBuf); x++) - CUBuf[x] = toupper(CUBuf[x]); - - if (strstr(AllowedUsers, CUBuf) != NULL) - return 1; - else { /* If NULL, they are not allowed to use the proxy */ - sprintf(AllowMsg, "Denied access to user '%s'.", CUBuf); - syslog(LOG_USER | LOG_ERR, AllowMsg); - return 0; - } -} - -/* - * Checks if there has been a change in the allowed users file. - * If the modification time has changed, then reload the allowed user list. - * This function is called by the SIGHUP signal handler. - */ - -void -Check_forallowchange() -{ - struct stat ChkBuf; /* Stat data buffer */ - - /* Stat the allowed users file. If it cannot be accessed, return. */ - - if (stat(Allowuserpath, &ChkBuf) == -1) { - if (errno == ENOENT) { - LastModTime = (time_t) 0; - AllowUserSize = 0; - free(AllowedUsers); - AllowedUsers = malloc(sizeof(char)); - AllowedUsers[0] = '\0'; - return; - } else { /* Report error when accessing file */ - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return; - } - } - /* If found, compare the modification time with the previously-recorded - * modification time. - * If the modification time has changed, reload the allowed user list. - * Log a message of its actions. */ - - if (ChkBuf.st_mtime != LastModTime) { - syslog(LOG_USER | LOG_INFO, "Check_forallowchange: Reloading allowed user list."); - Read_allowusers(); - } -} --- squid/auth_modules/MSNT/byteorder.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,87 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * SMB Byte handling - * Copyright (C) Andrew Tridgell 1992-1995 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#ifndef _BYTEORDER_H_ -#define _BYTEORDER_H_ - -/* - * This file implements macros for machine independent short and - * int manipulation - */ - -#undef CAREFUL_ALIGNMENT - -/* we know that the 386 can handle misalignment and has the "right" - * byteorder */ -#ifdef __i386__ -#define CAREFUL_ALIGNMENT 0 -#endif - -#ifndef CAREFUL_ALIGNMENT -#define CAREFUL_ALIGNMENT 1 -#endif - -#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) -#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) -#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) - -typedef unsigned short uint16; -typedef unsigned int uint32; - -#if CAREFUL_ALIGNMENT -#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) -#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) -#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) -#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) -#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) -#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) -#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) -#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) -#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) -#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) -#else -/* this handles things for architectures like the 386 that can handle - * alignment errors */ -/* - * WARNING: This section is dependent on the length of int16 and int32 - * being correct - */ -#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) -#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) -#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) -#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) -#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) -#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) -#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) -#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) -#endif - - -/* now the reverse routines - these are used in nmb packets (mostly) */ -#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) -#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) - -#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) -#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) -#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) -#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) - -#endif /* _BYTEORDER_H_ */ --- squid/auth_modules/MSNT/confload.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,235 +0,0 @@ - -/* - * confload.c - * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd - * Released under GPL, see COPYING-2.0 for details. - * - * These routines load the msntauth configuration file. - * It stores the servers to query, sets the denied and - * allowed user files, and provides the - * authenticating function. - */ - -#include -#include -#include -#include -#include -#include - -#define CONFIGFILE "/usr/local/squid/etc/msntauth.conf" /* Path to configuration file */ -#define DENYUSERSDEFAULT "/usr/local/squid/etc/denyusers" -#define ALLOWUSERSDEFAULT "/usr/local/squid/etc/allowusers" - -#define MAXSERVERS 5 /* Maximum number of servers to query. This number can be increased. */ -#define NTHOSTLEN 65 - -extern char Denyuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */ -extern char Allowuserpath[MAXPATHLEN]; - -typedef struct _ServerTuple { - char pdc[NTHOSTLEN]; - char bdc[NTHOSTLEN]; - char domain[NTHOSTLEN]; -} ServerTuple; - -ServerTuple ServerArray[MAXSERVERS]; /* Array of servers to query */ -int Serversqueried = 0; /* Number of servers queried */ - -/* Declarations */ - -int OpenConfigFile(); -void ProcessLine(char *); -void AddServer(char *, char *, char *); -int QueryServers(char *, char *); -int QueryServerForUser(int, char *, char *); -extern int Valid_User(char *, char *, char *, char *, char *); - - -/* - * Opens and reads the configuration file. - * Returns 0 on success, or 1 for error. - */ - -int -OpenConfigFile() -{ - FILE *ConfigFile; - char Confbuf[2049]; /* Line reading buffer */ - - /* Initialise defaults */ - - Serversqueried = 0; - strcpy(Denyuserpath, DENYUSERSDEFAULT); - strcpy(Allowuserpath, ALLOWUSERSDEFAULT); - - /* Open file */ - if ((ConfigFile = fopen(CONFIGFILE, "r")) == NULL) { - syslog(LOG_USER | LOG_ERR, "OpenConfigFile: Failed to open %s.", CONFIGFILE); - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return 1; - } - /* Read in, one line at a time */ - - while (!feof(ConfigFile)) { - Confbuf[0] = '\0'; - fgets(Confbuf, 2049, ConfigFile); - ProcessLine(Confbuf); - } - - /* Check that at least one server is being queried. Report error if not. - * Denied and allowed user files are hardcoded, so it's fine if they're - * not set in the confugration file. */ - - if (Serversqueried == 0) { - syslog(LOG_USER | LOG_ERR, "OpenConfigFile: No servers set in %s. At least one is needed.", CONFIGFILE); - return 1; - } - fclose(ConfigFile); - return 0; -} - -/* Parses a configuration file line. */ - -void -ProcessLine(char *Linebuf) -{ - char *Directive; - char *Param1; - char *Param2; - char *Param3; - - /* Ignore empty lines */ - if (strlen(Linebuf) == 0) - return; - - /* Break up on whitespaces */ - if ((Directive = strtok(Linebuf, " \t\n")) == NULL) - return; - - /* Check for a comment line. If found, stop . */ - if (Directive[0] == '#') - return; - - /* Check for server line. Check for 3 parameters. */ - if (strcasecmp(Directive, "server") == 0) { - Param1 = strtok(NULL, " \t\n"); - Param2 = strtok(NULL, " \t\n"); - Param3 = strtok(NULL, " \t\n"); - - if ((Param1[0] == '\0') || - (Param2[0] == '\0') || - (Param3[0] == '\0')) { - syslog(LOG_USER | LOG_ERR, "ProcessLine: A 'server' line needs PDC, BDC, and domain parameters."); - return; - } - AddServer(Param1, Param2, Param3); - return; - } - /* Check for denyusers line */ - if (strcasecmp(Directive, "denyusers") == 0) { - Param1 = strtok(NULL, " \t\n"); - - if (Param1[0] == '\0') { - syslog(LOG_USER | LOG_ERR, "ProcessLine: A 'denyusers' line needs a filename parameter."); - return; - } - strcpy(Denyuserpath, Param1); - return; - } - /* Check for allowusers line */ - if (strcasecmp(Directive, "allowusers") == 0) { - Param1 = strtok(NULL, " \t\n"); - - if (Param1[0] == '\0') { - syslog(LOG_USER | LOG_ERR, "ProcessLine: An 'allowusers' line needs a filename parameter."); - return; - } - strcpy(Allowuserpath, Param1); - return; - } - /* Reports error for unknown line */ - syslog(LOG_USER | LOG_ERR, "ProcessLine: Ignoring '%s' line.", Directive); -} - -/* - * Adds a server to query to the server array. - * Checks if the number of servers to query is not exceeded. - * Does not allow parameters longer than NTHOSTLEN. - */ - -void -AddServer(char *ParamPDC, char *ParamBDC, char *ParamDomain) -{ - if (Serversqueried + 1 > MAXSERVERS) { - syslog(LOG_USER | LOG_ERR, "ProcessLine: Ignoring '%s' server line; too many servers.", ParamPDC); - return; - } - Serversqueried++; - strncpy(ServerArray[Serversqueried].pdc, ParamPDC, NTHOSTLEN); - strncpy(ServerArray[Serversqueried].bdc, ParamBDC, NTHOSTLEN); - strncpy(ServerArray[Serversqueried].domain, ParamDomain, NTHOSTLEN); - ServerArray[Serversqueried].pdc[NTHOSTLEN - 1] = '\0'; - ServerArray[Serversqueried].bdc[NTHOSTLEN - 1] = '\0'; - ServerArray[Serversqueried].domain[NTHOSTLEN - 1] = '\0'; -} - -/* - * Cycles through all servers to query. - * Returns 0 if one server could authenticate the user. - * Returns 1 if no server authenticated the user. - */ - -int -QueryServers(char *username, char *password) -{ - int Queryresult = 1; /* Default result is an error */ - int x = 1; - - while (x <= Serversqueried) { /* Query one server. Change Queryresult if user passed. */ - if (QueryServerForUser(x++, username, password) == 0) { - Queryresult = 0; - break; - } - } - - return Queryresult; -} - -/* - * Attempts to authenticate the user with one server. - * Logs syslog messages for different errors. - * Returns 0 on success, non-zero on failure. - */ - -int -QueryServerForUser(int x, char *username, char *password) -{ - int result = 1; - - result = Valid_User(username, password, ServerArray[x].pdc, - ServerArray[x].bdc, ServerArray[x].domain); - - switch (result) { /* Write any helpful syslog messages */ - case 0: - break; - case 1: - syslog(LOG_AUTHPRIV | LOG_INFO, "Server error when checking %s.", username); - break; - case 2: - syslog(LOG_AUTHPRIV | LOG_INFO, "Protocol error when checking %s.", username); - break; - case 3: - syslog(LOG_AUTHPRIV | LOG_INFO, "Authentication failed for %s.", username); - } - - return result; -} - -/* Valid_User return codes - - * - * 0 - User authenticated successfully. - * 1 - Server error. - * 2 - Protocol error. - * 3 - Logon error; Incorrect password or username given. - */ --- squid/auth_modules/MSNT/denyusers.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,249 +0,0 @@ - -/* - * denyusers.c - * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd - * Released under GPL, see COPYING-2.0 for details. - * - * These routines are to block users attempting to use the proxy which - * have been explicitly denied by the system administrator. - * Routines at the bottom also use the allowed user functions. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define NAMELEN 50 /* Maximum username length */ - -/* Global variables */ - -char *DeniedUsers; /* Pointer to string of denied users */ -off_t DenyUserSize; /* Size of denied user file */ -struct stat FileBuf; /* Stat data buffer */ -time_t LastModTime; /* Last denied user file modification time */ - -char Denyuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */ - -/* Function declarations */ - -int Read_denyusers(); -int Check_ifuserdenied(char *); -int Check_user(char *); -void Checktimer(); -void Check_forchange(); -void Check_fordenychange(); -extern void Check_forallowchange(); /* For allowed users */ -extern int Check_ifuserallowed(char *); - -/* - * Reads Denyuserpath for all users to be excluded. - * Returns 0 if the user list was successfully loaded, - * and 1 in case of error. - * Logs any messages to the syslog daemon. - */ - -int -Read_denyusers() -{ - FILE *DFile; /* Denied user file pointer */ - off_t DPos = 0; /* File counter */ - char DChar; /* Character buffer */ - - /* Stat the file. If it does not exist, save the size as zero. - * Clear the denied user string. Return. */ - if (stat(Denyuserpath, &FileBuf) == -1) { - if (errno == ENOENT) { - LastModTime = (time_t) 0; - DenyUserSize = 0; - free(DeniedUsers); - DeniedUsers = malloc(sizeof(char)); - DeniedUsers[0] = '\0'; - return 0; - } else { - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return 1; - } - } - /* If it exists, save the modification time and size */ - LastModTime = FileBuf.st_mtime; - DenyUserSize = FileBuf.st_size; - - /* Handle the special case of a zero length file */ - if (DenyUserSize == 0) { - free(DeniedUsers); - DeniedUsers = malloc(sizeof(char)); - DeniedUsers[0] = '\0'; - return 0; - } - /* Free and allocate space for a string to store the denied usernames */ - free(DeniedUsers); - - if ((DeniedUsers = malloc(sizeof(char) * (DenyUserSize + 3))) == NULL) { - syslog(LOG_USER | LOG_ERR, "Read_denyusers: malloc(DeniedUsers) failed."); - return 1; - } - /* Open the denied user file. Report any errors. */ - - if ((DFile = fopen(Denyuserpath, "r")) == NULL) { - syslog(LOG_USER | LOG_ERR, "Read_denyusers: Failed to open denied user file."); - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return 1; - } - /* Read user names into the DeniedUsers string. - * Make sure each string is delimited by a space. */ - - DeniedUsers[DPos++] = ' '; - - while (!feof(DFile)) { - if ((DChar = fgetc(DFile)) == EOF) - break; - else { - if (isspace(DChar)) - DeniedUsers[DPos++] = ' '; - else - DeniedUsers[DPos++] = toupper(DChar); - } - } - - DeniedUsers[DPos++] = ' '; - DeniedUsers[DPos] = '\0'; - fclose(DFile); - return 0; -} - -/* - * Check to see if the username provided by Squid appears in the denied - * user list. Returns 0 if the user was not found, and 1 if they were. - */ - -int -Check_ifuserdenied(char *ConnectingUser) -{ - static char CUBuf[NAMELEN + 1]; - static int x; - static char DenyMsg[256]; - - /* If user string is empty, deny */ - if (ConnectingUser[0] == '\0') - return 1; - - /* If denied user list is empty, allow */ - if (DenyUserSize == 0) - return 0; - - /* Check if username string is found in the denied user list. - * If so, deny. If not, allow. Reconstruct the username - * to have whitespace, to avoid finding wrong string subsets. */ - - sscanf(ConnectingUser, " %s ", CUBuf); - sprintf(CUBuf, " %s ", CUBuf); - - for (x = 0; x <= strlen(CUBuf); x++) - CUBuf[x] = toupper(CUBuf[x]); - - if (strstr(DeniedUsers, CUBuf) == NULL) - return 0; - else { - sprintf(DenyMsg, "Denied access to user '%s'.", CUBuf); - syslog(LOG_USER | LOG_ERR, DenyMsg); - return 1; - } -} - -/* - * Checks if there has been a change in the denied user file. - * If the modification time has changed, then reload the denied user list. - * This function is called by the SIGHUP signal handler. - */ - -void -Check_fordenychange() -{ - struct stat ChkBuf; /* Stat data buffer */ - - /* Stat the denied user file. If it cannot be accessed, return. */ - - if (stat(Denyuserpath, &ChkBuf) == -1) { - if (errno == ENOENT) { - LastModTime = (time_t) 0; - DenyUserSize = 0; - free(DeniedUsers); - DeniedUsers = malloc(sizeof(char)); - DeniedUsers[0] = '\0'; - return; - } else { /* Report error when accessing file */ - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return; - } - } - /* If found, compare the modification time with the previously-recorded - * modification time. - * If the modification time has changed, reload the denied user list. - * Log a message of its actions. */ - - if (ChkBuf.st_mtime != LastModTime) { - syslog(LOG_USER | LOG_INFO, "Check_fordenychange: Reloading denied user list."); - Read_denyusers(); - } -} - -/* - * Decides if a user is denied or allowed. - * If they have been denied, or not allowed, return 1. - * Else return 0. - */ - -int -Check_user(char *ConnectingUser) -{ - if (Check_ifuserdenied(ConnectingUser) == 1) - return 1; - - if (Check_ifuserallowed(ConnectingUser) == 0) - return 1; - - return 0; -} - -/* - * Checks the denied and allowed user files for change. - * This function is invoked when a SIGHUP signal is received. - * It is also run after every 60 seconds, at the next request. - */ - -void -Check_forchange() -{ - Check_fordenychange(); - Check_forallowchange(); -} - -/* - * Checks the timer. If longer than 1 minute has passed since the last - * time someone has accessed the proxy, then check for changes in the - * denied user file. If longer than one minute hasn't passed, return. - */ - -void -Checktimer() -{ - static time_t Lasttime; /* The last time the timer was checked */ - static time_t Currenttime; /* The current time */ - - Currenttime = time(NULL); - - /* If timeout has expired, check the denied user file, else return */ - if (difftime(Currenttime, Lasttime) < 60) - return; - else { - Check_forchange(); - Lasttime = Currenttime; - } -} --- squid/auth_modules/MSNT/md4.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,209 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * a implementation of MD4 designed for use in the SMB authentication protocol - * Copyright (C) Andrew Tridgell 1997 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -/* NOTE: This code makes no attempt to be fast! - * - * It assumes that a int is at least 32 bits long - */ - -typedef unsigned int uint32; - -static uint32 A, B, C, D; - -static uint32 -F(uint32 X, uint32 Y, uint32 Z) -{ - return (X & Y) | ((~X) & Z); -} - -static uint32 -G(uint32 X, uint32 Y, uint32 Z) -{ - return (X & Y) | (X & Z) | (Y & Z); -} - -static uint32 -H(uint32 X, uint32 Y, uint32 Z) -{ - return X ^ Y ^ Z; -} - -static uint32 -lshift(uint32 x, int s) -{ - x &= 0xFFFFFFFF; - return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); -} - -#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) -#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) -#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) - -/* this applies md4 to 64 byte chunks */ -static void -mdfour64(uint32 * M) -{ - int j; - uint32 AA, BB, CC, DD; - uint32 X[16]; - - for (j = 0; j < 16; j++) - X[j] = M[j]; - - AA = A; - BB = B; - CC = C; - DD = D; - - ROUND1(A, B, C, D, 0, 3); - ROUND1(D, A, B, C, 1, 7); - ROUND1(C, D, A, B, 2, 11); - ROUND1(B, C, D, A, 3, 19); - ROUND1(A, B, C, D, 4, 3); - ROUND1(D, A, B, C, 5, 7); - ROUND1(C, D, A, B, 6, 11); - ROUND1(B, C, D, A, 7, 19); - ROUND1(A, B, C, D, 8, 3); - ROUND1(D, A, B, C, 9, 7); - ROUND1(C, D, A, B, 10, 11); - ROUND1(B, C, D, A, 11, 19); - ROUND1(A, B, C, D, 12, 3); - ROUND1(D, A, B, C, 13, 7); - ROUND1(C, D, A, B, 14, 11); - ROUND1(B, C, D, A, 15, 19); - - ROUND2(A, B, C, D, 0, 3); - ROUND2(D, A, B, C, 4, 5); - ROUND2(C, D, A, B, 8, 9); - ROUND2(B, C, D, A, 12, 13); - ROUND2(A, B, C, D, 1, 3); - ROUND2(D, A, B, C, 5, 5); - ROUND2(C, D, A, B, 9, 9); - ROUND2(B, C, D, A, 13, 13); - ROUND2(A, B, C, D, 2, 3); - ROUND2(D, A, B, C, 6, 5); - ROUND2(C, D, A, B, 10, 9); - ROUND2(B, C, D, A, 14, 13); - ROUND2(A, B, C, D, 3, 3); - ROUND2(D, A, B, C, 7, 5); - ROUND2(C, D, A, B, 11, 9); - ROUND2(B, C, D, A, 15, 13); - - ROUND3(A, B, C, D, 0, 3); - ROUND3(D, A, B, C, 8, 9); - ROUND3(C, D, A, B, 4, 11); - ROUND3(B, C, D, A, 12, 15); - ROUND3(A, B, C, D, 2, 3); - ROUND3(D, A, B, C, 10, 9); - ROUND3(C, D, A, B, 6, 11); - ROUND3(B, C, D, A, 14, 15); - ROUND3(A, B, C, D, 1, 3); - ROUND3(D, A, B, C, 9, 9); - ROUND3(C, D, A, B, 5, 11); - ROUND3(B, C, D, A, 13, 15); - ROUND3(A, B, C, D, 3, 3); - ROUND3(D, A, B, C, 11, 9); - ROUND3(C, D, A, B, 7, 11); - ROUND3(B, C, D, A, 15, 15); - - A += AA; - B += BB; - C += CC; - D += DD; - - A &= 0xFFFFFFFF; - B &= 0xFFFFFFFF; - C &= 0xFFFFFFFF; - D &= 0xFFFFFFFF; - - for (j = 0; j < 16; j++) - X[j] = 0; -} - -static void -copy64(uint32 * M, unsigned char *in) -{ - int i; - - for (i = 0; i < 16; i++) - M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | - (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0); -} - -static void -copy4(unsigned char *out, uint32 x) -{ - out[0] = x & 0xFF; - out[1] = (x >> 8) & 0xFF; - out[2] = (x >> 16) & 0xFF; - out[3] = (x >> 24) & 0xFF; -} - -/* produce a md4 message digest from data of length n bytes */ -void -mdfour(unsigned char *out, unsigned char *in, int n) -{ - unsigned char buf[128]; - uint32 M[16]; - uint32 b = n * 8; - int i; - - A = 0x67452301; - B = 0xefcdab89; - C = 0x98badcfe; - D = 0x10325476; - - while (n > 64) { - copy64(M, in); - mdfour64(M); - in += 64; - n -= 64; - } - - for (i = 0; i < 128; i++) - buf[i] = 0; - memcpy(buf, in, n); - buf[n] = 0x80; - - if (n <= 55) { - copy4(buf + 56, b); - copy64(M, buf); - mdfour64(M); - } else { - copy4(buf + 120, b); - copy64(M, buf); - mdfour64(M); - copy64(M, buf + 64); - mdfour64(M); - } - - for (i = 0; i < 128; i++) - buf[i] = 0; - copy64(M, buf); - - copy4(out, A); - copy4(out + 4, B); - copy4(out + 8, C); - copy4(out + 12, D); - - A = B = C = D = 0; -} --- squid/auth_modules/MSNT/msntauth-v2.0.lsm Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,13 +0,0 @@ -Begin3 -Title: msntauth -Version: 2.0 -Entered-date: 10OCT00 -Description: Squid web proxy NT domain authentication module -Keywords: Squid WWW proxy SMB NT domain authentication module source -Author: antonino.iannella@usa.net (Antonino Iannella) -Maintained-by: antonino.iannella@usa.net (Antonino Iannella) -Primary-site: sunsite.unc.edu /pub/Linux/system/network/misc - msntauth-v2.0.tgz -Original-site: http://stellarx.tripod.com -Copying-policy: GPL -End --- squid/auth_modules/MSNT/msntauth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,114 +0,0 @@ - -/* - * MSNT - Microsoft Windows NT domain squid authenticator module - * Version 1.2 by Stellar-X Pty Ltd, Antonino Iannella - * Fri Sep 22 00:56:05 CST 2000 - * - * Modified to act as a Squid authenticator module. - * Removed all Pike stuff. - * Returns OK for a successful authentication, or ERR upon error. - * - * Uses code from - - * Andrew Tridgell 1997 - * Richard Sharpe 1996 - * Bill Welliver 1999 - * Duane Wessels 2000 - * - * Released under GNU Public License - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -#include -#include - -extern int OpenConfigFile(); -extern int QueryServers(char *, char *); -extern void Checktimer(); -extern void Check_forchange(); -extern int Read_denyusers(void); -extern int Read_allowusers(void); -extern int Check_user(char *); - -/* Main program for simple authentication. - * Reads the denied user file. Sets alarm timer. - * Scans and checks for Squid input, and attempts to validate the user. - */ - -int -main() -{ - char username[256]; - char password[256]; - char wstr[256]; - - /* Read configuration file. Abort wildly if error. */ - if (OpenConfigFile() == 1) - return 1; - - /* Read denied and allowed user files. - * If they fails, there is a serious problem. - * Check syslog messages. Deny all users while in this state. - * The msntauth process should then be killed. */ - - if ((Read_denyusers() == 1) || (Read_allowusers() == 1)) { - while (1) { - fgets(wstr, 255, stdin); - puts("ERR"); - fflush(stdout); - } - } - /* Make Check_forchange() the handle for HUP signals. - * Don't use alarms any more. I don't think it was very - * portable between systems. */ - signal(SIGHUP, Check_forchange); - - while (1) { - /* Read whole line from standard input. Terminate on break. */ - if (fgets(wstr, 255, stdin) == NULL) - break; - - /* Clear any current settings */ - username[0] = '\0'; - password[0] = '\0'; - sscanf(wstr, "%s %s", username, password); /* Extract parameters */ - - /* Check for invalid or blank entries */ - if ((username[0] == '\0') || (password[0] == '\0')) { - puts("ERR"); - fflush(stdout); - continue; - } - Checktimer(); /* Check if the user lists have changed */ - - /* Check if user is explicitly denied or allowed. - * If user passes both checks, they can be authenticated. */ - - if (Check_user(username) == 1) - puts("ERR"); - else { - if (QueryServers(username, password) == 0) - puts("OK"); - else - puts("ERR"); - } - - fflush(stdout); - } - - return 0; -} --- squid/auth_modules/MSNT/msntauth.conf Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,11 +0,0 @@ - -# Sample MSNT authenticator configuration file -# Antonino Iannella, Stellar-X Pty Ltd -# Tue Sep 26 17:26:59 CST 2000 - -server my_PDC my_BDC my_NTdomain -server other_PDC other_BDC otherdomain - -denyusers /usr/local/squid/etc/denyusers -allowusers /usr/local/squid/etc/allowusers - --- squid/auth_modules/MSNT/rfcnb-common.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,40 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Common Structures etc Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#ifndef _RFCNB_COMMON_H_ -#define _RFCNB_COMMON_H_ - -/* A data structure we need */ - -typedef struct RFCNB_Pkt { - - char *data; /* The data in this portion */ - int len; - struct RFCNB_Pkt *next; - -} RFCNB_Pkt; - - -#endif /* _RFCNB_COMMON_H_ */ --- squid/auth_modules/MSNT/rfcnb-error.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,57 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Error Response Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#ifndef _RFCNB_ERROR_H_ -#define _RFCNB_ERROR_H_ - -/* Error responses */ - -#define RFCNBE_Bad -1 /* Bad response */ -#define RFCNBE_OK 0 - -/* these should follow the spec ... is there one ? */ - -#define RFCNBE_NoSpace 1 /* Could not allocate space for a struct */ -#define RFCNBE_BadName 2 /* Could not translate a name */ -#define RFCNBE_BadRead 3 /* Read sys call failed */ -#define RFCNBE_BadWrite 4 /* Write Sys call failed */ -#define RFCNBE_ProtErr 5 /* Protocol Error */ -#define RFCNBE_ConGone 6 /* Connection dropped */ -#define RFCNBE_BadHandle 7 /* Handle passed was bad */ -#define RFCNBE_BadSocket 8 /* Problems creating socket */ -#define RFCNBE_ConnectFailed 9 /* Connect failed */ -#define RFCNBE_CallRejNLOCN 10 /* Call rejected, not listening on CN */ -#define RFCNBE_CallRejNLFCN 11 /* Call rejected, not listening for CN */ -#define RFCNBE_CallRejCNNP 12 /* Call rejected, called name not present */ -#define RFCNBE_CallRejInfRes 13 /* Call rejetced, name ok, no resources */ -#define RFCNBE_CallRejUnSpec 14 /* Call rejected, unspecified error */ -#define RFCNBE_BadParam 15 /* Bad parameters passed ... */ -#define RFCNBE_Timeout 16 /* IO Timed out */ - -/* Text strings for the error responses */ - -extern char *RFCNB_Error_Strings[]; - -#endif /* _RFCNB_ERROR_H_ */ --- squid/auth_modules/MSNT/rfcnb-io.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,415 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NEtBIOS implementation - * - * Version 1.0 - * RFCNB IO Routines ... - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ -/* #include */ -#include "std-includes.h" -#include "rfcnb-priv.h" -#include "rfcnb-util.h" -#include "rfcnb-io.h" -#include -#include - -int RFCNB_Timeout = 0; /* Timeout in seconds ... */ - -void -rfcnb_alarm(int sig) -{ - - fprintf(stderr, "IO Timed out ...\n"); - -} - -/* Set timeout value and setup signal handling */ - -int -RFCNB_Set_Timeout(int seconds) -{ -#ifdef __GLIBC__ - int temp; -#endif - /* If we are on a Bezerkeley system, use sigvec, else sigaction */ -#ifndef SA_RESTART - struct sigvec invec, outvec; -#else - struct sigaction inact, outact; -#endif - - RFCNB_Timeout = seconds; - - if (RFCNB_Timeout > 0) { /* Set up handler to ignore but not restart */ - -#ifndef SA_RESTART - invec.sv_handler = (void (*)()) rfcnb_alarm; - invec.sv_mask = 0; - invec.sv_flags = SV_INTERRUPT; - - if (sigvec(SIGALRM, &invec, &outvec) < 0) - return (-1); -#else - inact.sa_handler = (void (*)()) rfcnb_alarm; -#ifdef SOLARIS - /* Solaris seems to have an array of vectors ... */ - inact.sa_mask.__sigbits[0] = 0; - inact.sa_mask.__sigbits[1] = 0; - inact.sa_mask.__sigbits[2] = 0; - inact.sa_mask.__sigbits[3] = 0; -#else -#ifdef __GLIBC__ - for (temp = 0; temp < 32; temp++) - inact.sa_mask.__val[temp] = 0; -#else - inact.sa_mask = 0; -#endif -#endif - inact.sa_flags = 0; /* Don't restart */ - - if (sigaction(SIGALRM, &inact, &outact) < 0) - return (-1); - -#endif - - } - return (0); - -} - -/* Discard the rest of an incoming packet as we do not have space for it - * in the buffer we allocated or were passed ... */ - -int -RFCNB_Discard_Rest(struct RFCNB_Con *con, int len) -{ - char temp[100]; /* Read into here */ - int rest, this_read, bytes_read; - - /* len is the amount we should read */ - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Discard_Rest called to discard: %i\n", len); -#endif - - rest = len; - - while (rest > 0) { - - this_read = (rest > sizeof(temp) ? sizeof(temp) : rest); - - bytes_read = read(con->fd, temp, this_read); - - if (bytes_read <= 0) { /* Error so return */ - - if (bytes_read < 0) - RFCNB_errno = RFCNBE_BadRead; - else - RFCNB_errno = RFCNBE_ConGone; - - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - rest = rest - bytes_read; - - } - - return (0); - -} - - -/* Send an RFCNB packet to the connection. - * - * We just send each of the blocks linked together ... - * - * If we can, try to send it as one iovec ... - * - */ - -int -RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len) -{ - int len_sent, tot_sent, this_len; - struct RFCNB_Pkt *pkt_ptr; - char *this_data; - int i; - struct iovec io_list[10]; /* We should never have more */ - /* If we do, this will blow up ... */ - - /* Try to send the data ... We only send as many bytes as len claims */ - /* We should try to stuff it into an IOVEC and send as one write */ - - - pkt_ptr = pkt; - len_sent = tot_sent = 0; /* Nothing sent so far */ - i = 0; - - while ((pkt_ptr != NULL) & (i < 10)) { /* Watch that magic number! */ - - this_len = pkt_ptr->len; - this_data = pkt_ptr->data; - if ((tot_sent + this_len) > len) - this_len = len - tot_sent; /* Adjust so we don't send too much */ - - /* Now plug into the iovec ... */ - - io_list[i].iov_len = this_len; - io_list[i].iov_base = this_data; - i++; - - tot_sent += this_len; - - if (tot_sent == len) - break; /* Let's not send too much */ - - pkt_ptr = pkt_ptr->next; - - } - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Frags = %i, tot_sent = %i\n", i, tot_sent); -#endif - - /* Set up an alarm if timeouts are set ... */ - - if (RFCNB_Timeout > 0) - alarm(RFCNB_Timeout); - - if ((len_sent = writev(con->fd, io_list, i)) < 0) { /* An error */ - - con->rfc_errno = errno; - if (errno == EINTR) /* We were interrupted ... */ - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_BadWrite; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - if (len_sent < tot_sent) { /* Less than we wanted */ - if (errno == EINTR) /* We were interrupted */ - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_BadWrite; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - } - if (RFCNB_Timeout > 0) - alarm(0); /* Reset that sucker */ - -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Len sent = %i ...\n", len_sent); - RFCNB_Print_Pkt(stderr, "sent", pkt, len_sent); /* Print what send ... */ - -#endif - - return (len_sent); - -} - -/* Read an RFCNB packet off the connection. - * - * We read the first 4 bytes, that tells us the length, then read the - * rest. We should implement a timeout, but we don't just yet - * - */ - - -int -RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len) -{ - int read_len, pkt_len; - char hdr[RFCNB_Pkt_Hdr_Len]; /* Local space for the header */ - struct RFCNB_Pkt *pkt_frag; - int more, this_time, offset, frag_len, this_len; - BOOL seen_keep_alive = TRUE; - - /* Read that header straight into the buffer */ - - if (len < RFCNB_Pkt_Hdr_Len) { /* What a bozo */ - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Trying to read less than a packet:"); - perror(""); -#endif - RFCNB_errno = RFCNBE_BadParam; - return (RFCNBE_Bad); - - } - /* We discard keep alives here ... */ - - if (RFCNB_Timeout > 0) - alarm(RFCNB_Timeout); - - while (seen_keep_alive) { - - if ((read_len = read(con->fd, hdr, sizeof(hdr))) < 0) { /* Problems */ -#ifdef RFCNB_DEBUG - fprintf(stderr, "Reading the packet, we got:"); - perror(""); -#endif - if (errno == EINTR) - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_BadRead; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - /* Now we check out what we got */ - - if (read_len == 0) { /* Connection closed, send back eof? */ - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Connection closed reading\n"); -#endif - - if (errno == EINTR) - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_ConGone; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - if (RFCNB_Pkt_Type(hdr) == RFCNB_SESSION_KEEP_ALIVE) { - -#ifdef RFCNB_DEBUG - fprintf(stderr, "RFCNB KEEP ALIVE received\n"); -#endif - - } else { - seen_keep_alive = FALSE; - } - - } - - /* What if we got less than or equal to a hdr size in bytes? */ - - if (read_len < sizeof(hdr)) { /* We got a small packet */ - - /* Now we need to copy the hdr portion we got into the supplied packet */ - - memcpy(pkt->data, hdr, read_len); /*Copy data */ - -#ifdef RFCNB_DEBUG - RFCNB_Print_Pkt(stderr, "rcvd", pkt, read_len); -#endif - - return (read_len); - - } - /* Now, if we got at least a hdr size, alloc space for rest, if we need it */ - - pkt_len = RFCNB_Pkt_Len(hdr); - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Reading Pkt: Length = %i\n", pkt_len); -#endif - - /* Now copy in the hdr */ - - memcpy(pkt->data, hdr, sizeof(hdr)); - - /* Get the rest of the packet ... first figure out how big our buf is? */ - /* And make sure that we handle the fragments properly ... Sure should */ - /* use an iovec ... */ - - if (len < pkt_len) /* Only get as much as we have space for */ - more = len - RFCNB_Pkt_Hdr_Len; - else - more = pkt_len; - - this_time = 0; - - /* We read for each fragment ... */ - - if (pkt->len == read_len) { /* If this frag was exact size */ - pkt_frag = pkt->next; /* Stick next lot in next frag */ - offset = 0; /* then we start at 0 in next */ - } else { - pkt_frag = pkt; /* Otherwise use rest of this frag */ - offset = RFCNB_Pkt_Hdr_Len; /* Otherwise skip the header */ - } - - frag_len = pkt_frag->len; - - if (more <= frag_len) /* If len left to get less than frag space */ - this_len = more; /* Get the rest ... */ - else - this_len = frag_len - offset; - - while (more > 0) { - - if ((this_time = read(con->fd, (pkt_frag->data) + offset, this_len)) <= 0) { /* Problems */ - - if (errno == EINTR) { - - RFCNB_errno = RFCNB_Timeout; - - } else { - if (this_time < 0) - RFCNB_errno = RFCNBE_BadRead; - else - RFCNB_errno = RFCNBE_ConGone; - } - - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } -#ifdef RFCNB_DEBUG - fprintf(stderr, "Frag_Len = %i, this_time = %i, this_len = %i, more = %i\n", frag_len, - this_time, this_len, more); -#endif - - read_len = read_len + this_time; /* How much have we read ... */ - - /* Now set up the next part */ - - if (pkt_frag->next == NULL) - break; /* That's it here */ - - pkt_frag = pkt_frag->next; - this_len = pkt_frag->len; - offset = 0; - - more = more - this_time; - - } - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Pkt Len = %i, read_len = %i\n", pkt_len, read_len); - RFCNB_Print_Pkt(stderr, "rcvd", pkt, read_len + sizeof(hdr)); -#endif - - if (read_len < (pkt_len + sizeof(hdr))) { /* Discard the rest */ - - return (RFCNB_Discard_Rest(con, (pkt_len + sizeof(hdr)) - read_len)); - - } - if (RFCNB_Timeout > 0) - alarm(0); /* Reset that sucker */ - - return (read_len + sizeof(RFCNB_Hdr)); -} --- squid/auth_modules/MSNT/rfcnb-io.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,28 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB IO Routines Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -int RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len); - -int RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len); --- squid/auth_modules/MSNT/rfcnb-priv.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,150 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* Defines we need */ - - -#define GLOBAL extern - -#include "rfcnb-error.h" -#include "rfcnb-common.h" -#include "byteorder.h" - -#ifdef RFCNB_PORT -#define RFCNB_Default_Port RFCNB_PORT -#else -#define RFCNB_Default_Port 139 -#endif - -#define RFCNB_MAX_STATS 1 - -/* Protocol defines we need */ - -#define RFCNB_SESSION_MESSAGE 0 -#define RFCNB_SESSION_REQUEST 0x81 -#define RFCNB_SESSION_ACK 0x82 -#define RFCNB_SESSION_REJ 0x83 -#define RFCNB_SESSION_RETARGET 0x84 -#define RFCNB_SESSION_KEEP_ALIVE 0x85 - -/* Structures */ - -typedef struct redirect_addr *redirect_ptr; - -struct redirect_addr { - - struct in_addr ip_addr; - int port; - redirect_ptr next; - -}; - -typedef struct RFCNB_Con { - - int fd; /* File descripter for TCP/IP connection */ - int rfc_errno; /* last error */ - int timeout; /* How many milli-secs before IO times out */ - int redirects; /* How many times we were redirected */ - struct redirect_addr *redirect_list; /* First is first address */ - struct redirect_addr *last_addr; - -} RFCNB_Con; - -typedef char RFCNB_Hdr[4]; /* The header is 4 bytes long with */ - /* char[0] as the type, char[1] the */ - /* flags, and char[2..3] the length */ - -/* Macros to extract things from the header. These are for portability - * between architecture types where we are worried about byte order */ - -#define RFCNB_Pkt_Hdr_Len 4 -#define RFCNB_Pkt_Sess_Len 72 -#define RFCNB_Pkt_Retarg_Len 10 -#define RFCNB_Pkt_Nack_Len 5 -#define RFCNB_Pkt_Type_Offset 0 -#define RFCNB_Pkt_Flags_Offset 1 -#define RFCNB_Pkt_Len_Offset 2 /* Length is 2 bytes plus a flag bit */ -#define RFCNB_Pkt_N1Len_Offset 4 -#define RFCNB_Pkt_Called_Offset 5 -#define RFCNB_Pkt_N2Len_Offset 38 -#define RFCNB_Pkt_Calling_Offset 39 -#define RFCNB_Pkt_Error_Offset 4 -#define RFCNB_Pkt_IP_Offset 4 -#define RFCNB_Pkt_Port_Offset 8 - -/* The next macro isolates the length of a packet, including the bit in the - * flags */ - -#define RFCNB_Pkt_Len(p) (PVAL(p, 3) | (PVAL(p, 2) << 8) | \ - ((PVAL(p, RFCNB_Pkt_Flags_Offset) & 0x01) << 16)) - -#define RFCNB_Put_Pkt_Len(p, v) (p[1] = ((v >> 16) & 1)); \ - (p[2] = ((v >> 8) & 0xFF)); \ - (p[3] = (v & 0xFF)); - -#define RFCNB_Pkt_Type(p) (CVAL(p, RFCNB_Pkt_Type_Offset)) - -/*typedef struct RFCNB_Hdr { - * - * unsigned char type; - * unsigned char flags; - * int16 len; - * - * } RFCNB_Hdr; - * - * typedef struct RFCNB_Sess_Pkt { - * unsigned char type; - * unsigned char flags; - * int16 length; - * unsigned char n1_len; - * char called_name[33]; - * unsigned char n2_len; - * char calling_name[33]; - * } RFCNB_Sess_Pkt; - * - * - * typedef struct RFCNB_Nack_Pkt { - * - * struct RFCNB_Hdr hdr; - * unsigned char error; - * - * } RFCNB_Nack_Pkt; - * - * typedef struct RFCNB_Retarget_Pkt { - * - * struct RFCNB_Hdr hdr; - * int dest_ip; - * unsigned char port; - * - * } RFCNB_Redir_Pkt; */ - -/* Static variables */ - -/* Only declare this if not defined */ - -#ifndef RFCNB_ERRNO -extern int RFCNB_errno; -extern int RFCNB_saved_errno; /* Save this from point of error */ -#endif --- squid/auth_modules/MSNT/rfcnb-util.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,555 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Utility Routines ... - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "std-includes.h" -#include "rfcnb-priv.h" -#include "rfcnb-util.h" -#include "rfcnb-io.h" - -#include -#include -#include -#include -#include -#include -#include - -char *RFCNB_Error_Strings[] = -{ - - "RFCNBE_OK: Routine completed successfully.", - "RFCNBE_NoSpace: No space available for a malloc call.", - "RFCNBE_BadName: NetBIOS name could not be translated to IP address.", - "RFCNBE_BadRead: Read system call returned an error. Check errno.", - "RFCNBE_BadWrite: Write system call returned an error. Check errno.", - "RFCNBE_ProtErr: A protocol error has occurred.", - "RFCNBE_ConGone: Connection dropped during a read or write system call.", - "RFCNBE_BadHandle: Bad connection handle passed.", - "RFCNBE_BadSocket: Problems creating socket.", - "RFCNBE_ConnectFailed: Connection failed. See errno.", - "RFCNBE_CallRejNLOCN: Call rejected. Not listening on called name.", - "RFCNBE_CallRejNLFCN: Call rejected. Not listening for called name.", - "RFCNBE_CallRejCNNP: Call rejected. Called name not present.", - "RFCNBE_CallRejInfRes: Call rejected. Name present, but insufficient resources.", - "RFCNBE_CallRejUnSpec: Call rejected. Unspecified error.", - "RFCNBE_BadParam: Bad parameters passed to a routine.", - "RFCNBE_Timeout: IO Operation timed out ..." - -}; - -extern void (*Prot_Print_Routine) (); /* Pointer to protocol print routine */ - -/* Convert name and pad to 16 chars as needed */ -/* Name 1 is a C string with null termination, name 2 may not be */ -/* If SysName is true, then put a <00> on end, else space> */ - -void -RFCNB_CvtPad_Name(char *name1, char *name2) -{ - char c, c1, c2; - int i, len; - - len = strlen(name1); - - for (i = 0; i < 16; i++) { - - if (i >= len) { - - c1 = 'C'; - c2 = 'A'; /* CA is a space */ - - } else { - - c = name1[i]; - c1 = (char) ((int) c / 16 + (int) 'A'); - c2 = (char) ((int) c % 16 + (int) 'A'); - } - - name2[i * 2] = c1; - name2[i * 2 + 1] = c2; - - } - - name2[32] = 0; /* Put in the nll ... */ - -} - -/* Converts an Ascii NB Name (16 chars) to an RFCNB Name (32 chars) - * Uses the encoding in RFC1001. Each nibble of byte is added to 'A' - * to produce the next byte in the name. - * - * This routine assumes that AName is 16 bytes long and that NBName has - * space for 32 chars, so be careful ... - * - */ - -void -RFCNB_AName_To_NBName(char *AName, char *NBName) -{ - char c, c1, c2; - int i; - - for (i = 0; i < 16; i++) { - - c = AName[i]; - - c1 = (char) ((c >> 4) + 'A'); - c2 = (char) ((c & 0xF) + 'A'); - - NBName[i * 2] = c1; - NBName[i * 2 + 1] = c2; - } - - NBName[32] = 0; /* Put in a null */ - -} - -/* Do the reverse of the above ... */ - -void -RFCNB_NBName_To_AName(char *NBName, char *AName) -{ - char c, c1, c2; - int i; - - for (i = 0; i < 16; i++) { - - c1 = NBName[i * 2]; - c2 = NBName[i * 2 + 1]; - - c = (char) (((int) c1 - (int) 'A') * 16 + ((int) c2 - (int) 'A')); - - AName[i] = c; - - } - - AName[i] = 0; /* Put a null on the end ... */ - -} - -/* Print a string of bytes in HEX etc */ - -void -RFCNB_Print_Hex(FILE * fd, struct RFCNB_Pkt *pkt, int Offset, int Len) -{ - char c1, c2, outbuf1[33]; - unsigned char c; - int i, j; - struct RFCNB_Pkt *pkt_ptr = pkt; - static char Hex_List[17] = "0123456789ABCDEF"; - - j = 0; - - /* We only want to print as much as sepcified in Len */ - - while (pkt_ptr != NULL) { - - for (i = 0; - i < ((Len > (pkt_ptr->len) ? pkt_ptr->len : Len) - Offset); - i++) { - - c = pkt_ptr->data[i + Offset]; - c1 = Hex_List[c >> 4]; - c2 = Hex_List[c & 0xF]; - - outbuf1[j++] = c1; - outbuf1[j++] = c2; - - if (j == 32) { /* Print and reset */ - outbuf1[j] = 0; - fprintf(fd, " %s\n", outbuf1); - j = 0; - } - } - - Offset = 0; - Len = Len - pkt_ptr->len; /* Reduce amount by this much */ - pkt_ptr = pkt_ptr->next; - - } - - /* Print last lot in the buffer ... */ - - if (j > 0) { - - outbuf1[j] = 0; - fprintf(fd, " %s\n", outbuf1); - - } - fprintf(fd, "\n"); - -} - -/* Get a packet of size n */ - -struct RFCNB_Pkt * -RFCNB_Alloc_Pkt(int n) -{ - RFCNB_Pkt *pkt; - - if ((pkt = (struct RFCNB_Pkt *) malloc(sizeof(struct RFCNB_Pkt))) == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (NULL); - - } - pkt->next = NULL; - pkt->len = n; - - if (n == 0) - return (pkt); - - if ((pkt->data = (char *) malloc(n)) == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - free(pkt); - return (NULL); - - } - return (pkt); - -} - -/* Free up a packet */ - -void -RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt) -{ - struct RFCNB_Pkt *pkt_next; - char *data_ptr; - - while (pkt != NULL) { - - pkt_next = pkt->next; - - data_ptr = pkt->data; - - if (data_ptr != NULL) - free(data_ptr); - - free(pkt); - - pkt = pkt_next; - - } - -} - -/* Print an RFCNB packet */ - -void -RFCNB_Print_Pkt(FILE * fd, char *dirn, struct RFCNB_Pkt *pkt, int len) -{ - char lname[17]; - - /* We assume that the first fragment is the RFCNB Header */ - /* We should loop through the fragments printing them out */ - - fprintf(fd, "RFCNB Pkt %s:", dirn); - - switch (RFCNB_Pkt_Type(pkt->data)) { - - case RFCNB_SESSION_MESSAGE: - - fprintf(fd, "SESSION MESSAGE: Length = %i\n", RFCNB_Pkt_Len(pkt->data)); - RFCNB_Print_Hex(fd, pkt, RFCNB_Pkt_Hdr_Len, -#ifdef RFCNB_PRINT_DATA - RFCNB_Pkt_Len(pkt->data) - RFCNB_Pkt_Hdr_Len); -#else - 40); -#endif - - if (Prot_Print_Routine != 0) { /* Print the rest of the packet */ - - Prot_Print_Routine(fd, strcmp(dirn, "sent"), pkt, RFCNB_Pkt_Hdr_Len, - RFCNB_Pkt_Len(pkt->data) - RFCNB_Pkt_Hdr_Len); - - } - break; - - case RFCNB_SESSION_REQUEST: - - fprintf(fd, "SESSION REQUEST: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - RFCNB_NBName_To_AName((char *) (pkt->data + RFCNB_Pkt_Called_Offset), lname); - fprintf(fd, " Called Name: %s\n", lname); - RFCNB_NBName_To_AName((char *) (pkt->data + RFCNB_Pkt_Calling_Offset), lname); - fprintf(fd, " Calling Name: %s\n", lname); - - break; - - case RFCNB_SESSION_ACK: - - fprintf(fd, "RFCNB SESSION ACK: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - - break; - - case RFCNB_SESSION_REJ: - fprintf(fd, "RFCNB SESSION REJECT: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - - if (RFCNB_Pkt_Len(pkt->data) < 1) { - fprintf(fd, " Protocol Error, short Reject packet!\n"); - } else { - fprintf(fd, " Error = %x\n", CVAL(pkt->data, RFCNB_Pkt_Error_Offset)); - } - - break; - - case RFCNB_SESSION_RETARGET: - - fprintf(fd, "RFCNB SESSION RETARGET: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - - /* Print out the IP address etc and the port? */ - - break; - - case RFCNB_SESSION_KEEP_ALIVE: - - fprintf(fd, "RFCNB SESSION KEEP ALIVE: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - break; - - default: - - break; - } - -} - -/* Resolve a name into an address */ - -int -RFCNB_Name_To_IP(char *host, struct in_addr *Dest_IP) -{ - int addr; /* Assumes IP4, 32 bit network addresses */ - struct hostent *hp; - - /* Use inet_addr to try to convert the address */ - - if ((addr = inet_addr(host)) == INADDR_NONE) { /* Oh well, a good try :-) */ - - /* Now try a name look up with gethostbyname */ - - if ((hp = gethostbyname(host)) == NULL) { /* Not in DNS */ - - /* Try NetBIOS name lookup, how the hell do we do that? */ - - RFCNB_errno = RFCNBE_BadName; /* Is this right? */ - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } else { /* We got a name */ - - memcpy((void *) Dest_IP, (void *) hp->h_addr_list[0], sizeof(struct in_addr)); - - } - } else { /* It was an IP address */ - - memcpy((void *) Dest_IP, (void *) &addr, sizeof(struct in_addr)); - - } - - return 0; - -} - -/* Disconnect the TCP connection to the server */ - -int -RFCNB_Close(int socket) -{ - - close(socket); - - /* If we want to do error recovery, here is where we put it */ - - return 0; - -} - -/* Connect to the server specified in the IP address. - * Not sure how to handle socket options etc. */ - -int -RFCNB_IP_Connect(struct in_addr Dest_IP, int port) -{ - struct sockaddr_in Socket; - int fd; - - /* Create a socket */ - - if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) { /* Handle the error */ - - RFCNB_errno = RFCNBE_BadSocket; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - } - bzero((char *) &Socket, sizeof(Socket)); - memcpy((char *) &Socket.sin_addr, (char *) &Dest_IP, sizeof(Dest_IP)); - - Socket.sin_port = htons(port); - Socket.sin_family = PF_INET; - - /* Now connect to the destination */ - - if (connect(fd, (struct sockaddr *) &Socket, sizeof(Socket)) < 0) { /* Error */ - - close(fd); - RFCNB_errno = RFCNBE_ConnectFailed; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - } - return (fd); - -} - -/* handle the details of establishing the RFCNB session with remote - * end - * - */ - -int -RFCNB_Session_Req(struct RFCNB_Con *con, - char *Called_Name, - char *Calling_Name, - BOOL * redirect, - struct in_addr *Dest_IP, - int *port) -{ - char *sess_pkt; - - /* Response packet should be no more than 9 bytes, make 16 jic */ - - char resp[16]; - int len; - struct RFCNB_Pkt *pkt, res_pkt; - - /* We build and send the session request, then read the response */ - - pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Sess_Len); - - if (pkt == NULL) { - - return (RFCNBE_Bad); /* Leave the error that RFCNB_Alloc_Pkt gives) */ - - } - sess_pkt = pkt->data; /* Get pointer to packet proper */ - - sess_pkt[RFCNB_Pkt_Type_Offset] = RFCNB_SESSION_REQUEST; - RFCNB_Put_Pkt_Len(sess_pkt, (RFCNB_Pkt_Sess_Len - RFCNB_Pkt_Hdr_Len)); - sess_pkt[RFCNB_Pkt_N1Len_Offset] = 32; - sess_pkt[RFCNB_Pkt_N2Len_Offset] = 32; - - RFCNB_CvtPad_Name(Called_Name, (sess_pkt + RFCNB_Pkt_Called_Offset)); - RFCNB_CvtPad_Name(Calling_Name, (sess_pkt + RFCNB_Pkt_Calling_Offset)); - - /* Now send the packet */ - -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Sending packet: "); - -#endif - - if ((len = RFCNB_Put_Pkt(con, pkt, RFCNB_Pkt_Sess_Len)) < 0) { - - return (RFCNBE_Bad); /* Should be able to write that lot ... */ - - } -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Getting packet.\n"); - -#endif - - res_pkt.data = resp; - res_pkt.len = sizeof(resp); - res_pkt.next = NULL; - - if ((len = RFCNB_Get_Pkt(con, &res_pkt, sizeof(resp))) < 0) { - - return (RFCNBE_Bad); - - } - /* Now analyze the packet ... */ - - switch (RFCNB_Pkt_Type(resp)) { - - case RFCNB_SESSION_REJ: /* Didnt like us ... too bad */ - - /* Why did we get rejected ? */ - - switch (CVAL(resp, RFCNB_Pkt_Error_Offset)) { - - case 0x80: - RFCNB_errno = RFCNBE_CallRejNLOCN; - break; - case 0x81: - RFCNB_errno = RFCNBE_CallRejNLFCN; - break; - case 0x82: - RFCNB_errno = RFCNBE_CallRejCNNP; - break; - case 0x83: - RFCNB_errno = RFCNBE_CallRejInfRes; - break; - case 0x8F: - RFCNB_errno = RFCNBE_CallRejUnSpec; - break; - default: - RFCNB_errno = RFCNBE_ProtErr; - break; - } - - return (RFCNBE_Bad); - break; - - case RFCNB_SESSION_ACK: /* Got what we wanted ... */ - - return (0); - break; - - case RFCNB_SESSION_RETARGET: /* Go elsewhere */ - - *redirect = TRUE; /* Copy port and ip addr */ - - memcpy(Dest_IP, (resp + RFCNB_Pkt_IP_Offset), sizeof(struct in_addr)); - *port = SVAL(resp, RFCNB_Pkt_Port_Offset); - - return (0); - break; - - default: /* A protocol error */ - - RFCNB_errno = RFCNBE_ProtErr; - return (RFCNBE_Bad); - break; - } -} --- squid/auth_modules/MSNT/rfcnb-util.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,51 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Utility Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -void RFCNB_CvtPad_Name(char *name1, char *name2); - -void RFCNB_AName_To_NBName(char *AName, char *NBName); - -void RFCNB_NBName_To_AName(char *NBName, char *AName); - -void RFCNB_Print_Hex(FILE * fd, struct RFCNB_Pkt *pkt, int Offset, int Len); - -struct RFCNB_Pkt *RFCNB_Alloc_Pkt(int n); - -void RFCNB_Print_Pkt(FILE * fd, char *dirn, struct RFCNB_Pkt *pkt, int len); - -int RFCNB_Name_To_IP(char *host, struct in_addr *Dest_IP); - -int RFCNB_Close(int socket); - -int RFCNB_IP_Connect(struct in_addr Dest_IP, int port); - -int RFCNB_Session_Req(RFCNB_Con * con, - char *Called_Name, - char *Calling_Name, - BOOL * redirect, - struct in_addr *Dest_IP, - int *port); - -void RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt); --- squid/auth_modules/MSNT/rfcnb.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,48 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* Error responses */ - -#include "rfcnb-error.h" -#include "rfcnb-common.h" - -/* Defines we need */ - -#define RFCNB_Default_Port 139 - -/* Definition of routines we define */ - -void *RFCNB_Call(char *Called_Name, char *Calling_Name, char *Called_Address, - int port); - -int RFCNB_Send(void *Con_Handle, struct RFCNB_Pkt *Data, int Length); - -int RFCNB_Recv(void *Con_Handle, struct RFCNB_Pkt *Data, int Length); - -int RFCNB_Hangup(void *con_Handle); - -void *RFCNB_Listen(); - -void RFCNB_Get_Error(char *buffer, int buf_len); --- squid/auth_modules/MSNT/session.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,363 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * Session Routines ... - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -int RFCNB_errno = 0; -int RFCNB_saved_errno = 0; -#define RFCNB_ERRNO - -#include "std-includes.h" -#include -#include "rfcnb-priv.h" -#include "rfcnb-util.h" -#include "rfcnb-io.h" - -#include -#include -#include - -int RFCNB_Stats[RFCNB_MAX_STATS]; - -void (*Prot_Print_Routine) () = NULL; /* Pointer to print routine */ - -/* Set up a session with a remote name. We are passed Called_Name as a - * string which we convert to a NetBIOS name, ie space terminated, up to - * 16 characters only if we need to. If Called_Address is not empty, then - * we use it to connect to the remote end, but put in Called_Name ... Called - * Address can be a DNS based name, or a TCP/IP address ... - */ - -void * -RFCNB_Call(char *Called_Name, char *Calling_Name, char *Called_Address, - int port) -{ - struct RFCNB_Con *con; - struct in_addr Dest_IP; - int Client; - BOOL redirect; - struct redirect_addr *redir_addr; - char *Service_Address; - - /* Now, we really should look up the port in /etc/services ... */ - - if (port == 0) - port = RFCNB_Default_Port; - - /* Create a connection structure first */ - - if ((con = (struct RFCNB_Con *) malloc(sizeof(struct RFCNB_Con))) == NULL) { /* Error in size */ - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (NULL); - - } - con->fd = -0; /* no descriptor yet */ - con->rfc_errno = 0; /* no error yet */ - con->timeout = 0; /* no timeout */ - con->redirects = 0; - con->redirect_list = NULL; /* Fix bug still in version 0.50 */ - - /* Resolve that name into an IP address */ - - Service_Address = Called_Name; - if (strcmp(Called_Address, "") != 0) { /* If the Called Address = "" */ - Service_Address = Called_Address; - } - if ((errno = RFCNB_Name_To_IP(Service_Address, &Dest_IP)) < 0) { /* Error */ - - /* No need to modify RFCNB_errno as it was done by RFCNB_Name_To_IP */ - - return (NULL); - - } - /* Now connect to the remote end */ - - redirect = TRUE; /* Fudge this one so we go once through */ - - while (redirect) { /* Connect and get session info etc */ - - redirect = FALSE; /* Assume all OK */ - - /* Build the redirect info. First one is first addr called */ - /* And tack it onto the list of addresses we called */ - - if ((redir_addr = (struct redirect_addr *) malloc(sizeof(struct redirect_addr))) == NULL) { /* Could not get space */ - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (NULL); - - } - memcpy((char *) &(redir_addr->ip_addr), (char *) &Dest_IP, sizeof(Dest_IP)); - redir_addr->port = port; - redir_addr->next = NULL; - - if (con->redirect_list == NULL) { /* Stick on head */ - - con->redirect_list = con->last_addr = redir_addr; - - } else { - - con->last_addr->next = redir_addr; - con->last_addr = redir_addr; - - } - - /* Now, make that connection */ - - if ((Client = RFCNB_IP_Connect(Dest_IP, port)) < 0) { /* Error */ - - /* No need to modify RFCNB_errno as it was done by RFCNB_IP_Connect */ - - return (NULL); - - } - con->fd = Client; - - /* Now send and handle the RFCNB session request */ - /* If we get a redirect, we will comeback with redirect true - * and a new IP address in DEST_IP */ - - if ((errno = RFCNB_Session_Req(con, - Called_Name, - Calling_Name, - &redirect, &Dest_IP, &port)) < 0) { - - /* No need to modify RFCNB_errno as it was done by RFCNB_Session.. */ - - return (NULL); - - } - if (redirect) { - - /* We have to close the connection, and then try again */ - - (con->redirects)++; - - RFCNB_Close(con->fd); /* Close it */ - - } - } - - return (con); - -} - -/* We send a packet to the other end ... for the moment, we treat the - * data as a series of pointers to blocks of data ... we should check the - * length ... */ - -int -RFCNB_Send(struct RFCNB_Con *Con_Handle, struct RFCNB_Pkt *udata, int Length) -{ - struct RFCNB_Pkt *pkt; - char *hdr; - int len; - - /* Plug in the header and send the data */ - - pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Hdr_Len); - - if (pkt == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - pkt->next = udata; /* The user data we want to send */ - - hdr = pkt->data; - - /* Following crap is for portability across multiple UNIX machines */ - - *(hdr + RFCNB_Pkt_Type_Offset) = RFCNB_SESSION_MESSAGE; - RFCNB_Put_Pkt_Len(hdr, Length); - -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Sending packet: "); - -#endif - - if ((len = RFCNB_Put_Pkt(Con_Handle, pkt, Length + RFCNB_Pkt_Hdr_Len)) < 0) { - - /* No need to change RFCNB_errno as it was done by put_pkt ... */ - - return (RFCNBE_Bad); /* Should be able to write that lot ... */ - - } - /* Now we have sent that lot, let's get rid of the RFCNB Header and return */ - - pkt->next = NULL; - - RFCNB_Free_Pkt(pkt); - - return (len); - -} - -/* We pick up a message from the internet ... We have to worry about - * non-message packets ... */ - -int -RFCNB_Recv(void *co