--------------------- PatchSet 1171 Date: 2001/01/07 14:52:20 Author: rbcollins Branch: auth_rewrite Tag: (none) Log: moved the authentication helpers to be under their related scheme handlers Members: configure.in:1.1.1.3.10.17.2.10->1.1.1.3.10.17.2.11 makefile.in:1.1.1.3.10.3.2.2->1.1.1.3.10.3.2.3 auth_modules/Makefile.in:1.1.10.3.2.1->1.1.10.3.2.2(DEAD) auth_modules/LDAP/Makefile.in:1.1.1.1.10.1->1.1.1.1.10.1.2.1(DEAD) auth_modules/LDAP/README:1.1.1.1->1.1.1.1.26.1(DEAD) auth_modules/LDAP/squid_ldap_auth.c:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/MSNT/COPYING-2.0:1.1.1.1->1.1.1.1.26.1(DEAD) auth_modules/MSNT/Makefile.in:1.1.8.4->1.1.8.4.2.1(DEAD) auth_modules/MSNT/README.html:1.1.4.1->1.1.4.1.2.1(DEAD) auth_modules/MSNT/allowusers.c:1.1.4.1.2.1->1.1.4.1.2.2(DEAD) auth_modules/MSNT/byteorder.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/confload.c:1.1.4.1.2.1->1.1.4.1.2.2(DEAD) auth_modules/MSNT/denyusers.c:1.1.6.2.2.1->1.1.6.2.2.2(DEAD) auth_modules/MSNT/md4.c:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/MSNT/msntauth-v2.0.lsm:1.1.4.1->1.1.4.1.2.1(DEAD) auth_modules/MSNT/msntauth.c:1.1.4.1.2.1->1.1.4.1.2.2(DEAD) auth_modules/MSNT/msntauth.conf:1.1.4.1->1.1.4.1.2.1(DEAD) auth_modules/MSNT/rfcnb-common.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb-error.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb-io.c:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb-io.h:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/MSNT/rfcnb-priv.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb-util.c:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb-util.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/rfcnb.h:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/MSNT/session.c:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/smbdes.c:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/MSNT/smbencrypt.c:1.1.1.1.10.1.2.2->1.1.1.1.10.1.2.3(DEAD) auth_modules/MSNT/smblib-common.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/smblib-priv.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/smblib-util.c:1.1.1.1.10.1.2.2->1.1.1.1.10.1.2.3(DEAD) auth_modules/MSNT/smblib.c:1.1.1.1.10.2.2.2->1.1.1.1.10.2.2.3(DEAD) auth_modules/MSNT/smblib.c.patch:1.1.2.1->1.1.2.1.2.1(DEAD) auth_modules/MSNT/smblib.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/std-defines.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/std-includes.h:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/valid.c:1.1.1.1.10.1.2.1->1.1.1.1.10.1.2.2(DEAD) auth_modules/MSNT/valid.h:1.1.1.1.26.1->1.1.1.1.26.2(DEAD) auth_modules/NCSA/Makefile.in:1.1.1.1->1.1.1.1.26.1(DEAD) auth_modules/NCSA/ncsa_auth.c:1.1.1.1.30.1->1.1.1.1.30.2(DEAD) auth_modules/PAM/Makefile.in:1.1.1.1.10.2->1.1.1.1.10.2.2.1(DEAD) auth_modules/PAM/pam_auth.c:1.1.1.1.10.1->1.1.1.1.10.1.2.1(DEAD) auth_modules/SMB/COPYING-2.0:1.1.1.1->1.1.1.1.30.1(DEAD) auth_modules/SMB/Changelog:1.1.1.2->1.1.1.2.26.1(DEAD) auth_modules/SMB/Makefile.in:1.1.1.1.12.2->1.1.1.1.12.2.2.1(DEAD) auth_modules/SMB/README:1.1.1.2->1.1.1.2.30.1(DEAD) auth_modules/SMB/smb_auth.c:1.1.1.2.10.1.2.1->1.1.1.2.10.1.2.2(DEAD) auth_modules/SMB/smb_auth.sh:1.1.1.2->1.1.1.2.26.1(DEAD) auth_modules/YP/Makefile.in:1.1.2.1->1.1.2.2(DEAD) auth_modules/YP/nis_support.c:1.1.2.1->1.1.2.2(DEAD) auth_modules/YP/yp_auth.c:1.1.2.1->1.1.2.2(DEAD) auth_modules/getpwnam/Makefile.in:1.1.1.2->1.1.1.2.22.1(DEAD) auth_modules/getpwnam/getpwnam_auth.c:1.1.1.1.30.1->1.1.1.1.30.2(DEAD) auth_modules/multi-domain-NTLM/README.txt:1.1.10.1->1.1.10.1.2.1(DEAD) auth_modules/multi-domain-NTLM/smb_auth.pl:1.1.10.1->1.1.10.1.2.1(DEAD) ntlm_auth_modules/Makefile.in:1.1.2.1.2.2->1.1.2.1.2.3(DEAD) ntlm_auth_modules/NTLMSSP/Makefile.in:1.1.2.3.2.3->1.1.2.3.2.4(DEAD) ntlm_auth_modules/NTLMSSP/libntlmssp.c:1.1.2.12.2.8->1.1.2.12.2.9(DEAD) ntlm_auth_modules/NTLMSSP/ntlm.h:1.1.2.12.2.8->1.1.2.12.2.9(DEAD) ntlm_auth_modules/NTLMSSP/ntlm_auth.c:1.1.2.10.2.8->1.1.2.10.2.9(DEAD) ntlm_auth_modules/NTLMSSP/smbval/Makefile.in:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/byteorder.h:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/md4.c:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/md4.h:1.1.2.3->1.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-common.h:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-error.h:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-io.c:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-io.h:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-priv.h:1.1.2.2.2.4->1.1.2.2.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-util.c:1.1.2.1.2.5->1.1.2.1.2.6(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb-util.h:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/rfcnb.h:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/session.c:1.1.2.1.2.5->1.1.2.1.2.6(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smbdes.c:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smbdes.h:1.1.2.4->1.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smbencrypt.c:1.1.2.1.2.5->1.1.2.1.2.6(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smbencrypt.h:1.1.2.4->1.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smblib-common.h:1.1.2.2.2.3->1.1.2.2.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smblib-priv.h:1.1.2.2.2.5->1.1.2.2.2.6(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smblib-util.c:1.1.2.1.2.6->1.1.2.1.2.7(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smblib.c:1.1.2.6.2.6->1.1.2.6.2.7(DEAD) ntlm_auth_modules/NTLMSSP/smbval/smblib.h:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/std-defines.h:1.1.2.3.2.3->1.1.2.3.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/std-includes.h:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/NTLMSSP/smbval/valid.c:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) ntlm_auth_modules/NTLMSSP/smbval/valid.h:1.1.2.1.2.3->1.1.2.1.2.4(DEAD) ntlm_auth_modules/fakeauth/Makefile.in:1.1.2.1.2.2->1.1.2.1.2.3(DEAD) ntlm_auth_modules/fakeauth/fakeauth_auth.c:1.1.2.6.2.8->1.1.2.6.2.9(DEAD) ntlm_auth_modules/fakeauth/ntlm.h:1.1.2.3.2.3->1.1.2.3.2.4(DEAD) ntlm_auth_modules/no_check/Makefile.in:1.1.2.1.2.2->1.1.2.1.2.3(DEAD) ntlm_auth_modules/no_check/README.no_check_ntlm_auth:1.1.2.1.2.2->1.1.2.1.2.3(DEAD) ntlm_auth_modules/no_check/no_check:1.1.2.1.2.4->1.1.2.1.2.5(DEAD) src/auth/basic/Makefile.in:1.1.2.2->1.1.2.3 src/auth/basic/helpers/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/LDAP/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/LDAP/README:1.1->1.1.2.1 src/auth/basic/helpers/LDAP/squid_ldap_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/COPYING-2.0:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/README.html:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/allowusers.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/byteorder.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/confload.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/denyusers.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/md4.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/msntauth-v2.0.lsm:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/msntauth.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/msntauth.conf:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-common.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-error.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-io.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-io.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-priv.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-util.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb-util.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/rfcnb.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/session.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smbdes.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smbencrypt.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib-common.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib-priv.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib-util.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib.c.patch:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/smblib.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/std-defines.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/std-includes.h:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/valid.c:1.1->1.1.2.1 src/auth/basic/helpers/MSNT/valid.h:1.1->1.1.2.1 src/auth/basic/helpers/NCSA/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/NCSA/ncsa_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/PAM/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/PAM/pam_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/SMB/COPYING-2.0:1.1->1.1.2.1 src/auth/basic/helpers/SMB/Changelog:1.1->1.1.2.1 src/auth/basic/helpers/SMB/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/SMB/README:1.1->1.1.2.1 src/auth/basic/helpers/SMB/smb_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/SMB/smb_auth.sh:1.1->1.1.2.1 src/auth/basic/helpers/YP/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/YP/nis_support.c:1.1->1.1.2.1 src/auth/basic/helpers/YP/yp_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/getpwnam/Makefile.in:1.1->1.1.2.1 src/auth/basic/helpers/getpwnam/getpwnam_auth.c:1.1->1.1.2.1 src/auth/basic/helpers/multi-domain-NTLM/README.txt:1.1->1.1.2.1 src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl:1.1->1.1.2.1 src/auth/ntlm/Makefile.in:1.1.2.4->1.1.2.5 src/auth/ntlm/helpers/Makefile.in:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/Makefile.in:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/libntlmssp.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/ntlm.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/Makefile.in:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/byteorder.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/md4.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/md4.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-common.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-error.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-io.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-io.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-priv.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-util.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-util.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/session.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smbdes.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smbdes.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smbencrypt.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smbencrypt.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smblib-common.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smblib-priv.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smblib-util.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smblib.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/smblib.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/std-defines.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/std-includes.h:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/valid.c:1.1->1.1.2.1 src/auth/ntlm/helpers/NTLMSSP/smbval/valid.h:1.1->1.1.2.1 src/auth/ntlm/helpers/fakeauth/Makefile.in:1.1->1.1.2.1 src/auth/ntlm/helpers/fakeauth/fakeauth_auth.c:1.1->1.1.2.1 src/auth/ntlm/helpers/fakeauth/ntlm.h:1.1->1.1.2.1 src/auth/ntlm/helpers/no_check/Makefile.in:1.1->1.1.2.1 src/auth/ntlm/helpers/no_check/README.no_check_ntlm_auth:1.1->1.1.2.1 src/auth/ntlm/helpers/no_check/no_check:1.1->1.1.2.1 Index: squid/configure.in =================================================================== RCS file: /cvsroot/squid-sf//squid/configure.in,v retrieving revision 1.1.1.3.10.17.2.10 retrieving revision 1.1.1.3.10.17.2.11 diff -u -r1.1.1.3.10.17.2.10 -r1.1.1.3.10.17.2.11 --- squid/configure.in 7 Jan 2001 07:22:03 -0000 1.1.1.3.10.17.2.10 +++ squid/configure.in 7 Jan 2001 14:52:20 -0000 1.1.1.3.10.17.2.11 @@ -3,13 +3,13 @@ dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.1.1.3.10.17.2.10 2001/01/07 07:22:03 hno Exp $ +dnl $Id: configure.in,v 1.1.1.3.10.17.2.11 2001/01/07 14:52:20 rbcollins Exp $ dnl dnl dnl AC_INIT(src/main.c) AC_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.1.1.3.10.17.2.10 $)dnl +AC_REVISION($Revision: 1.1.1.3.10.17.2.11 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AC_CONFIG_AUX_DIR(cfgaux) @@ -710,81 +710,81 @@ AUTH_LIBS="`echo $AUTH_OBJS|sed -e's%auth/%%g'`" AC_SUBST(AUTH_LIBS) -dnl Select basic auth scheme modules to build -BASIC_AUTH_MODULES="" +dnl Select basic auth scheme helpers to build +BASIC_AUTH_HELPERS="" AC_ARG_ENABLE(auth-modules, [ --enable-auth-modules=\"list of helpers\" Backwards compability alias for - --enable-basic-auth-modules], + --enable-basic-auth-helpers], [ echo "--enable-auth-modules is obsolete. Please use the new" - echo "option --enable-basic-auth-modules" + echo "option --enable-basic-auth-helpers" sleep 5 case "$enableval" in yes) - for module in $srcdir/auth_modules/*; do - if test -f $module/Makefile.in; then - AUTH_BASIC_MODULES="$AUTH_BASIC_MODULES `basename $module`" + for helper in $srcdir/src/auth/basic/helpers/*; do + if test -f $helper/Makefile.in; then + AUTH_BASIC_HELPERS="$AUTH_BASIC_HELPERS `basename $helper`" fi done ;; no) ;; *) - AUTH_BASIC_MODULES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" + AUTH_BASIC_HELPERS="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" esac ]) -AC_ARG_ENABLE(basic-auth-modules, -[ --enable-basic-auth-modules=\"list of helpers\" +AC_ARG_ENABLE(basic-auth-helpers, +[ --enable-basic-auth-helpers=\"list of helpers\" This option selects which basic scheme proxy_auth - helper modules to build and install as part of - the normal build process. For a list of available - helpers see the auth_modules directory.], + helpers to build and install as part of the normal + build process. For a list of available + helpers see the src/auth/basic/helpers directory.], [ case "$enableval" in yes) - BASIC_AUTH_MODULES="" - for module in $srcdir/auth_modules/*; do - if test -f $module/Makefile.in; then - AUTH_BASIC_MODULES="$AUTH_BASIC_MODULES `basename $module`" + BASIC_AUTH_HELPERS="" + for helper in $srcdir/src/auth/basic/helpers/*; do + if test -f $helper/Makefile.in; then + AUTH_BASIC_HELPERS="$AUTH_BASIC_HELPERS `basename $helper`" fi done ;; no) ;; *) - AUTH_BASIC_MODULES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" + AUTH_BASIC_HELPERS="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" esac ]) -if test -n "$AUTH_BASIC_MODULES"; then - echo "Basic auth modules built: $AUTH_BASIC_MODULES" +if test -n "$AUTH_BASIC_HELPERS"; then + echo "Basic auth helpers built: $AUTH_BASIC_HELPERS" fi -AC_SUBST(AUTH_BASIC_MODULES) +AC_SUBST(AUTH_BASIC_HELPERS) -dnl Select ntlm auth modules to build -NTLM_AUTH_MODULES= -AC_ARG_ENABLE(ntlm-auth-modules, -[ --enable-ntlm-auth-modules=\"list of modules\" - This option selects which proxy_auth ntlm helper - modules to build and install as part of the normal - build process. For a list of available modules see - the ntlm_auth_modules directory.], +dnl Select ntlm auth helpers to build +NTLM_AUTH_HELPERS= +AC_ARG_ENABLE(ntlm-auth-helpers, +[ --enable-ntlm-auth-helpers=\"list of helpers\" + This option selects which proxy_auth ntlm helpers + to build and install as part of the normal build + process. For a list of available modules see + the src/auth/ntlm/helpers directory.], [ case "$enableval" in yes) - for module in $srcdir/ntlm_auth_modules/*; do - if test -f $module/Makefile.in; then - NTLM_AUTH_MODULES="$NTLM_AUTH_MODULES `basename $module`" + for helper in $srcdir/src/auth/ntlm/helpers/*; do + if test -f $helper/Makefile.in; then + NTLM_AUTH_HELPERS="$NTLM_AUTH_HELPERS `basename $helper`" fi done ;; no) ;; *) - NTLM_AUTH_MODULES="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" + NTLM_AUTH_HELPERS="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" esac ]) -if test -n "$NTLM_AUTH_MODULES"; then - echo "NTLM auth modules built: $NTLM_AUTH_MODULES" +if test -n "$NTLM_AUTH_HELPERS"; then + echo "NTLM auth helpers built: $NTLM_AUTH_HELPERS" fi -AC_SUBST(NTLM_AUTH_MODULES) +AC_SUBST(NTLM_AUTH_HELPERS) dnl Disable "unlinkd" code @@ -1801,20 +1801,20 @@ fi done -AUTH_MAKEFILES="" -for module in $srcdir/auth_modules/*; do - if test -f $module/Makefile.in; then - AUTH_MAKEFILES="$AUTH_MAKEFILES ./auth_modules/`basename $module`/Makefile" +BASIC_AUTH_MAKEFILES="" +for helper in $srcdir/src/auth/basic/helpers/*; do + if test -f $helper/Makefile.in; then + BASIC_AUTH_MAKEFILES="$BASIC_AUTH_MAKEFILES ./src/auth/basic/helpers/`basename $helper`/Makefile" fi done NTLM_AUTH_MAKEFILES="" -for module in $srcdir/ntlm_auth_modules/*; do - if test -f $module/Makefile.in; then - NTLM_AUTH_MAKEFILES="$NTLM_AUTH_MAKEFILES ./ntlm_auth_modules/`basename $module`/Makefile" - for submodule in $module/*; do +for helper in $srcdir/src/auth/ntlm/helpers/*; do + if test -f $helper/Makefile.in; then + NTLM_AUTH_MAKEFILES="$NTLM_AUTH_MAKEFILES ./src/auth/ntlm/helpers/`basename $helper`/Makefile" + for submodule in $helper/*; do if test -f $submodule/Makefile.in; then - NTLM_AUTH_MAKEFILES="$NTLM_AUTH_MAKEFILES ./ntlm_auth_modules/`basename $module`/`basename $submodule`/Makefile" + NTLM_AUTH_MAKEFILES="$NTLM_AUTH_MAKEFILES ./src/auth/ntlm/helpers/`basename $helper`/`basename $submodule`/Makefile" fi done fi @@ -1833,14 +1833,14 @@ $FS_MAKEFILES \ ./src/repl/Makefile \ $REPL_MAKEFILES \ + ./src/auth/Makefile \ + $AUTH_SCHEME_MAKEFILES \ + ./src/auth/basic/helpers/Makefile \ + $BASIC_AUTH_MAKEFILES \ + ./src/auth/ntlm/helpers/Makefile \ + $NTLM_AUTH_MAKEFILES \ ./contrib/Makefile \ $SNMP_MAKEFILE \ ./icons/Makefile \ ./errors/Makefile \ - ./src/auth/Makefile \ - $AUTH_SCHEME_MAKEFILES \ - ./auth_modules/Makefile \ - $AUTH_MAKEFILES \ - ./ntlm_auth_modules/Makefile \ - $NTLM_AUTH_MAKEFILES \ ) Index: squid/makefile.in =================================================================== RCS file: /cvsroot/squid-sf//squid/Attic/makefile.in,v retrieving revision 1.1.1.3.10.3.2.2 retrieving revision 1.1.1.3.10.3.2.3 diff -u -r1.1.1.3.10.3.2.2 -r1.1.1.3.10.3.2.3 --- squid/makefile.in 7 Jan 2001 02:44:54 -0000 1.1.1.3.10.3.2.2 +++ squid/makefile.in 7 Jan 2001 14:52:20 -0000 1.1.1.3.10.3.2.3 @@ -1,4 +1,4 @@ -# $Id: makefile.in,v 1.1.1.3.10.3.2.2 2001/01/07 02:44:54 rbcollins Exp $ +# $Id: makefile.in,v 1.1.1.3.10.3.2.3 2001/01/07 14:52:20 rbcollins Exp $ # srcdir = @srcdir@ @@ -14,7 +14,7 @@ prefix = @prefix@ exec_prefix = @exec_prefix@ -SUBDIRS = lib @makesnmplib@ scripts src icons errors auth_modules ntlm_auth_modules +SUBDIRS = lib @makesnmplib@ scripts src icons errors auth_modules noargs: all --- squid/auth_modules/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,38 +0,0 @@ -# Makefile for storage modules in the Squid Object Cache server -# -# $Id$ -# - -# The 'nop' is in the SUBDIRS list because some Unixes that can't -# handle empty for lists. - -SUBDIRS = @AUTH_BASIC_MODULES@ nop - -all: - @for dir in $(SUBDIRS); do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) all" || exit 1; \ - fi; \ - done; - -clean: - -for dir in *; do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) clean"; \ - fi; \ - done - -distclean: - -rm -f Makefile - -for dir in *; do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) distclean"; \ - fi; \ - done - -.DEFAULT: - @for dir in $(SUBDIRS); do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) $@" || exit 1; \ - fi; \ - done; --- squid/auth_modules/LDAP/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,76 +0,0 @@ - -OBJS = squid_ldap_auth.o -LIBS = -lldap -llber -LDAP_EXE = squid_ldap_auth - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -cgi_suffix = @cgi_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -libexecdir = @libexecdir@ -sysconfdir = @sysconfdir@ -localstatedir = @localstatedir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -INSTALL_FILE = @INSTALL_DATA@ -INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 -RANLIB = @RANLIB@ -LN_S = @LN_S@ -PERL = @PERL@ -CRYPTLIB = @CRYPTLIB@ -REGEXLIB = @REGEXLIB@ -PTHREADLIB = @PTHREADLIB@ -MALLOCLIB = @LIB_MALLOC@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh - - -all: $(LDAP_EXE) - -$(LDAP_EXE): $(OBJS) - $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(XTRA_LIBS) - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(libexecdir); then \ - echo "mkdir $(libexecdir)"; \ - mkdir $(libexecdir); \ - fi - -# Michael Lupp wants to know about additions -# to the install target. -install: all install-mkdirs - @for f in $(LDAP_EXE); do \ - if test -f $(libexecdir)/$$f; then \ - echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(libexecdir); \ - $(INSTALL_BIN) $$f $(libexecdir); \ - if test -f $(libexecdir)/-$$f; then \ - echo $(RM) -f $(libexecdir)/-$$f; \ - $(RM) -f $(libexecdir)/-$$f; \ - fi; \ - done - -clean: - -$(RM) -f $(OBJS) - -$(RM) -f $(LDAP_EXE) - -distclean: clean - -$(RM) -f Makefile --- squid/auth_modules/LDAP/README Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,8 +0,0 @@ -This LDAP Authentication code is written by Glen Newton -. - -Please see his Web page at: -http://orca.cisti.nrc.ca/~gnewton/opensource/squid_ldap_auth/ - -In order to use squid_ldap_auth, you will also need to install -the OpenLDAP libraries (ldap lber) from http://www.openldap.org. --- squid/auth_modules/LDAP/squid_ldap_auth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,97 +0,0 @@ -/* - * - * squid_ldap_auth: authentication via ldap for squid proxy server - * - * Author: Glen Newton - * glen.newton@nrc.ca - * Advanced Services - * CISTI - * National Research Council - * - * Usage: squid_ldap_auth - * - * Dependencies: You need to get the OpenLDAP libraries - * from http://www.openldap.org - * - * License: squid_ldap_auth is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2, - * or (at your option) any later version. - */ - -#include -#include -#include -#include -#include - -/* Change this to your search base */ -#define SEARCHBASE "ou=people,o=nrc.ca" - -int checkLDAP(LDAP * ld, char *userid, char *password); - -int -main(int argc, char **argv) -{ - char buf[256]; - char *user, *passwd, *p; - char *ldapServer; - LDAP *ld; - LDAPMessage *result, *e; - - setbuf(stdout, NULL); - - if (argc != 2) { - fprintf(stderr, "Usage: squid_ldap_auth ldap_server_name\n"); - exit(1); - } - ldapServer = (char *) argv[1]; - - while (fgets(buf, 256, stdin) != NULL) { - /* You can put this ldap connect outside the loop, but i didn't want to - * have the connection open too much. If you have a site which will - * be doing >1 authentication per second, you should move this (and the - * below ldap_unbind()) outside the loop. - */ - if ((ld = ldap_init(ldapServer, LDAP_PORT)) == NULL) { - fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", - ldapServer, LDAP_PORT); - exit(1); - } - if ((p = strchr(buf, '\n')) != NULL) - *p = '\0'; /* strip \n */ - - if ((user = strtok(buf, " ")) == NULL) { - printf("ERR\n"); - continue; - } - if ((passwd = strtok(NULL, "")) == NULL) { - printf("ERR\n"); - continue; - } - if (checkLDAP(ld, user, passwd) != 0) { - printf("ERR\n"); - continue; - } else { - printf("OK\n"); - } - ldap_unbind(ld); - } -} - - - -int -checkLDAP(LDAP * ld, char *userid, char *password) -{ - char str[256]; - - /*sprintf(str,"uid=[%s][%s], %s",userid, password, SEARCHBASE); */ - sprintf(str, "uid=%s, %s", userid, SEARCHBASE); - - if (ldap_simple_bind_s(ld, str, password) != LDAP_SUCCESS) { - /*fprintf(stderr, "\nUnable to bind\n"); */ - return 33; - } - return 0; -} --- squid/auth_modules/MSNT/COPYING-2.0 Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,341 +0,0 @@ - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 675 Mass Ave, Cambridge, MA 02139, USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - Appendix: How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) 19yy - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) 19yy name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General -Public License instead of this License. - --- squid/auth_modules/MSNT/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,98 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id$ -# -# Uncomment and customize the following to suit your needs: -# - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -cgi_suffix = @cgi_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -libexecdir = @libexecdir@ -sysconfdir = @sysconfdir@ -localstatedir = @localstatedir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -# Gotta love the DOS legacy -# -AUTH_EXE = msnt_auth$(exec_suffix) - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -INSTALL_FILE = @INSTALL_DATA@ -INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 -RANLIB = @RANLIB@ -LN_S = @LN_S@ -PERL = @PERL@ -CRYPTLIB = @CRYPTLIB@ -REGEXLIB = @REGEXLIB@ -PTHREADLIB = @PTHREADLIB@ -SNMPLIB = @SNMPLIB@ -MALLOCLIB = @LIB_MALLOC@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh -DEFINES = - -INCLUDE = -I. -I../../include -I$(top_srcdir)/include -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -AUTH_LIBS = $(XTRA_LIBS) - -LIBPROGS = $(AUTH_EXE) -OBJS = md4.o rfcnb-io.o rfcnb-util.o session.o msntauth.o \ - smbdes.o smbencrypt.o smblib-util.o smblib.o \ - valid.o denyusers.o allowusers.o confload.o - -all: $(AUTH_EXE) - -$(AUTH_EXE): $(OBJS) - $(CC) $(LDFLAGS) $(OBJS) -o $@ $(AUTH_LIBS) - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(libexecdir); then \ - echo "mkdir $(libexecdir)"; \ - mkdir $(libexecdir); \ - fi - -# Michael Lupp wants to know about additions -# to the install target. -install: all install-mkdirs - @for f in $(LIBPROGS); do \ - if test -f $(libexecdir)/$$f; then \ - echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(libexecdir); \ - $(INSTALL_BIN) $$f $(libexecdir); \ - if test -f $(libexecdir)/-$$f; then \ - echo $(RM) -f $(libexecdir)/-$$f; \ - $(RM) -f $(libexecdir)/-$$f; \ - fi; \ - done - -clean: - -rm -rf *.o *.a *pure_* core $(LIBPROGS) - -distclean: clean - -rm -f Makefile - -tags: - ctags *.[ch] - -depend: - $(MAKEDEPEND) -fMakefile *.c --- squid/auth_modules/MSNT/README.html Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,317 +0,0 @@ - - -MSNTAUTH readme - - - - - -

-MSNT Auth v2.0.1
-Squid web proxy Authentication module
-Antonino Iannella, Stellar-X Pty Ltd
-Fri Sep 29 15:53:33 CST 2000 -

- -

Contents

- - - -

Introduction

- -

-This is an authentication module for the Squid proxy server -to authenticate users on an NT domain. - -

-It originates from the Samba and SMB packages by Andrew Tridgell -and Richard Sharpe. This version is sourced from the Pike -authentication module by William Welliver (hwellive@intersil.com). - -

-Usage is simple. It accepts a username and password on standard input -and will return OK if the username/password is valid for the domain, -or ERR if there was some problem. -Check syslog messages for reported problems. - -

-Msntauth is released under the GNU General Public License and -is available from http://stellarx.tripod.com. - -

Installation

- -

-Make any changes to the source code you need. - -

-Type 'make', then 'make install', then 'make clean'. - -

-To avoid using the makefile, it may compile with - - gcc -O2 -s -o msntauth *.c - -

-'Make install' will put 'msntauth' into -/usr/local/squid/bin by default. - -

-Hopefully nobody has problems compiling msntauth. -In the future I plan to use GNU automake. - -

Other compiling issues

- -

-The Makefile uses the GCC compiler, and assumes that it is in the current PATH. -Msntauth is known to compile properly on Redhat Linux 6, and FreeBSD 3.1 -without problems. Other operating systems are untested, -but use a recent copy of the GNU C compiler. -Smbencrypt.c has the '#include ' line commented out. -Remove the comment for S5R4 systems, like Solaris. - -

-When compiling under Solaris, the socket libraries must be linked to. -In the Makefile, hash the default CFLAGS line, and unhash the Solaris -CFLAGS line. It always helps to have /usr/ccs/bin in your path -prior to compiling. - -

Configuration file

- -

-Msntauth uses a configuration file which is a break from previous -releases. The file is /usr/local/squid/etc/msntauth.conf. -If this needs to be changed, it is defined in confload.h. - -

-An example configuration file is provided. It looks like - -

-# Sample MSNT authenticator configuration file
-# Antonino Iannella, Stellar-X Pty Ltd
-# Tue Sep 26 17:26:59 CST 2000
-
-server my_PDC           my_BDC          my_NTdomain
-server other_PDC        other_BDC       otherdomain
-
-denyusers       /usr/local/squid/etc/denyusers
-allowusers      /usr/local/squid/etc/allowusers
-
- -

-All comments start with '#'. - -

-NT servers are used to query user accounts. The 'server' lines -are used for this, with the PDC, BDC, and NT domain as parameters. -Up to 5 servers/domains can be queried. If this is not enough -modify the MAXSERVERS define in confload.h. -At least one server must be specified, or msntauth will not -run. - -

-When a user provides a username/password, each of these -servers will be queried to authenticate the username. -It stops after a user has been successfully authenticated, -so it makes sense to specify the most commonly queried -server first. Make sure the servers can be reached and -are active, or else msntauth will start failing user accounts! - -

-The 'denyusers' and 'allowusers' lines give the absolute path -to files of user accounts. They can be used to deny or allow -access to the proxy. Do not use these directives if you -do not need these features. - -

Denying users

- -

-Users who are not allowed to access the web proxy can be added to -the denied user list. This list is read around every minute, or when -the msntauth process receives a SIGHUP signal. - -

-The denied user file is set using the 'denyusers' directive -in msntauth.h. The denied user file -contains a list of usernames in no particular structure or form. -If the file does not exist, no users are denied. -The file must be readable by the web proxy user. - -

-Msntauth will send syslog messages if a user was denied, -at LOG_USER facility. - -

Allowing users

- -

-Similar to denying users, you can allow users to access the proxy -by username. This is useful if only a number of people are -allowed supposed to be accessing a proxy. - -

-The allowed user file is set using the 'allowusers' directive -in msntauth.h. -If the file does not exist or if empty, all users are allowed. - -

-You could make use of the SHOWMBRS tool in Microsoft Technet. -This gives you a list of users which are in a particular -NT Domain Group. This list can be made into the allowed users -file. - -

-Some other rules - - -

    -
  1. The operation of the denied user file is independent of the -allowed user file. The former file is checked first. -
  2. You can use none, one, or both files. -
  3. If a username appears in the denied user file, they will -be denied, even if they are in the allowed user file. -
  4. If a username is not in either file, they will be denied, -because they have not been allowed. -
  5. If the allowed user file is in use and is empty, all -users will be allowed. -
- -

-Hopefully this wasn't too confusing. - -

Squid.conf changes

- -

-Refer to Squid documentation for the required changes to squid.conf. -You will need to set the following lines to enable authentication for -your access list - - -

-  acl  proxy_auth REQUIRED
-  http_access allow password
-  http_access allow 
-  http_access deny all
-
-
- -

-You will also need to review the following directives - - -

-  proxy_auth_realm enterprise web gateway
-  authenticate_program /usr/local/squid/bin/msntauth
-  authenticate_ttl 5
-  authenticate_children 20
-
- -

Testing

- -

-I strongly urge that Msntauth is tested prior to being used in a -production environment. It may behave differently on different platforms. -To test it, run it from the command line. Enter username and password -pairs separated by a space. - -

-It should behave in the following way - -

- - Press ENTER to get an OK or ERR message.
- - Make sure pressing CTRL-D behaves the same as a carriage return.
- - Make sure pressing CTRL-C aborts the program.
- - Test that entering no details does not result in an OK or ERR message.
- - Test that entering an invalid username and password results in
-   an ERR message. Note that if NT guest user access is allowed on
-   the PDC, an OK message may be returned instead of ERR.
- - Test that entering an valid username and password results in an OK message.
-   Try usernames which are and aren't in the denied/allowed user files,
-   if they're in use.
- - Test that entering a guest username and password returns the correct response.
-
- -

-If the above didn't work as expected, you may need to modify the main() -function in msntauth.c. Inform the maintainer of any problems. - -

Contact details

- -

-To contact the maintainer of this package, email Antonino Iannella -at antonino@usa.net, antonino.iannella@usa.net, or -antonino.iannella@camtech.com.au. - -

-The latest version may be found on http://members.tripod.com/stellarx. -It is also distributed as part of Squid. - -

Reported problem

- -

-For an unknown username, Msntauth returns OK. -This is because the PDC returns guest access for unknown users, -even if guest access is disabled. -This problem was reported by Mr Vadim Popov (vap@iilsr.minsk.by). -I am not able to replicate this. - -

-The tested environment consisted of PDC on Windows NT 4, SP 6. -Squid 2.3 and Msntauth was tested on SuSe, RedHat, and Debian Linux. -A fix was provided in case you have this problem. -Apply the provided patch before compiling, using - -

-  patch smblib.c < smblib.c.patch
-
- -

Known limitation

- -

-Usernames are checked if they are allowed or denied. If a username -is found as a substring of a different username in these files, -the user will be affected somehow. For example, if 'jpeterman' has -been explicitly denied in the denyusers file, then 'jpeter' who -is trying to use the proxy, will be denied. If this causes anyone -any problems, then I'll fix it. - -

-As of version 2.0.1, this problem has been fixed. - -

Changes since last revision

- -

-The following list of changes have been made to improve msntauth. -I have not had a chance to do too much testing due -to lack of resources. There should be no problems, though. - -

    -
  • Added many patches from Duane Wessels to stop compilation errors (?) -
  • Improved the main() function yet again -
  • Created a more informative Makefile -
  • Added an 'allowed users' feature to complement the 'denied users' feature -
  • Stopped the use of alarm() which was causing problems under Solaris -
  • Added more syslog messages for authentication problems -
  • Added the use of a configuration file, instead of hard-coding NT server details -
  • Allowed for querying multiple NT servers and domains (this was a hot issue) -
  • Changed README into an HTML document to improve readability -
  • Didn't make use of GNU autoconf. I will in future, I promise. -
  • Removed denied/allowed username substring search limitation. -
- -

-Hopefully msntauth and Squid is now a more valuable product. -Feel free to send me success or problem stories. - - - --- squid/auth_modules/MSNT/allowusers.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,192 +0,0 @@ - -/* - * allowusers.c - * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd - * Released under GPL, see COPYING-2.0 for details. - * - * These routines are to allow users attempting to use the proxy which - * have been explicitly allowed by the system administrator. - * The code originated from denyusers.c. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define NAMELEN 50 /* Maximum username length */ - -/* Global variables */ - -char *AllowedUsers; /* Pointer to string of allowed users */ -off_t AllowUserSize; /* Size of allowed users file */ -struct stat FileBuf; /* Stat data buffer */ -time_t LastModTime; /* Last allowed user file modification time */ - -char Allowuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */ - -/* Function declarations */ - -int Read_allowusers(); -int Check_ifuserallowed(char *); -void Checkforchange(); -void Checktimer(); - -/* - * Reads the allowed users file for all users to be permitted. - * Returns 0 if the user list was successfully loaded, - * and 1 in case of error. - * Logs any messages to the syslog daemon. - */ - -int -Read_allowusers() -{ - FILE *AFile; /* Allowed users file pointer */ - off_t APos = 0; /* File counter */ - char AChar; /* Character buffer */ - - /* Stat the file. If it does not exist, save the size as zero. - * Clear the allowed user string. Return. */ - if (stat(Allowuserpath, &FileBuf) == -1) { - if (errno == ENOENT) { - LastModTime = (time_t) 0; - AllowUserSize = 0; - free(AllowedUsers); - AllowedUsers = malloc(sizeof(char)); - AllowedUsers[0] = '\0'; - return 0; - } else { - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return 1; - } - } - /* If it exists, save the modification time and size */ - LastModTime = FileBuf.st_mtime; - AllowUserSize = FileBuf.st_size; - - /* Handle the special case of a zero length file */ - if (AllowUserSize == 0) { - free(AllowedUsers); - AllowedUsers = malloc(sizeof(char)); - AllowedUsers[0] = '\0'; - return 0; - } - /* Free and allocate space for a string to store the allowed usernames */ - free(AllowedUsers); - - if ((AllowedUsers = malloc(sizeof(char) * (AllowUserSize + 3))) == NULL) { - syslog(LOG_USER | LOG_ERR, "Read_allowusers: malloc(AllowedUsers) failed."); - return 1; - } - /* Open the allowed users file. Report any errors. */ - - if ((AFile = fopen(Allowuserpath, "r")) == NULL) { - syslog(LOG_USER | LOG_ERR, "Read_allowusers: Failed to open allowed user file."); - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return 1; - } - /* Read user names into the AllowedUsers string. - * Make sure each string is delimited by a space. */ - - AllowedUsers[APos++] = ' '; - - while (!feof(AFile)) { - if ((AChar = fgetc(AFile)) == EOF) - break; - else { - if (isspace(AChar)) - AllowedUsers[APos++] = ' '; - else - AllowedUsers[APos++] = toupper(AChar); - } - } - - AllowedUsers[APos++] = ' '; - AllowedUsers[APos] = '\0'; - fclose(AFile); - return 0; -} - -/* - * Check to see if the username provided by Squid appears in the allowed - * user list. Returns 0 if the user was not found, and 1 if they were. - */ - -int -Check_ifuserallowed(char *ConnectingUser) -{ - static char CUBuf[NAMELEN + 1]; - static int x; - static char AllowMsg[256]; - - /* If user string is empty, allow */ - if (ConnectingUser[0] == '\0') - return 1; - - /* If allowed user list is empty, allow all users. - * If no users are supposed to be using the proxy, stop squid instead. */ - if (AllowUserSize == 0) - return 1; - - /* Check if username string is found in the allowed user list. - * If so, allow. If not, deny. Reconstruct the username - * to have whitespace, to avoid finding wrong string subsets. */ - - sscanf(ConnectingUser, " %s ", CUBuf); - sprintf(CUBuf, " %s ", CUBuf); - - for (x = 0; x <= strlen(CUBuf); x++) - CUBuf[x] = toupper(CUBuf[x]); - - if (strstr(AllowedUsers, CUBuf) != NULL) - return 1; - else { /* If NULL, they are not allowed to use the proxy */ - sprintf(AllowMsg, "Denied access to user '%s'.", CUBuf); - syslog(LOG_USER | LOG_ERR, AllowMsg); - return 0; - } -} - -/* - * Checks if there has been a change in the allowed users file. - * If the modification time has changed, then reload the allowed user list. - * This function is called by the SIGHUP signal handler. - */ - -void -Check_forallowchange() -{ - struct stat ChkBuf; /* Stat data buffer */ - - /* Stat the allowed users file. If it cannot be accessed, return. */ - - if (stat(Allowuserpath, &ChkBuf) == -1) { - if (errno == ENOENT) { - LastModTime = (time_t) 0; - AllowUserSize = 0; - free(AllowedUsers); - AllowedUsers = malloc(sizeof(char)); - AllowedUsers[0] = '\0'; - return; - } else { /* Report error when accessing file */ - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return; - } - } - /* If found, compare the modification time with the previously-recorded - * modification time. - * If the modification time has changed, reload the allowed user list. - * Log a message of its actions. */ - - if (ChkBuf.st_mtime != LastModTime) { - syslog(LOG_USER | LOG_INFO, "Check_forallowchange: Reloading allowed user list."); - Read_allowusers(); - } -} --- squid/auth_modules/MSNT/byteorder.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,87 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * SMB Byte handling - * Copyright (C) Andrew Tridgell 1992-1995 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#ifndef _BYTEORDER_H_ -#define _BYTEORDER_H_ - -/* - * This file implements macros for machine independent short and - * int manipulation - */ - -#undef CAREFUL_ALIGNMENT - -/* we know that the 386 can handle misalignment and has the "right" - * byteorder */ -#ifdef __i386__ -#define CAREFUL_ALIGNMENT 0 -#endif - -#ifndef CAREFUL_ALIGNMENT -#define CAREFUL_ALIGNMENT 1 -#endif - -#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) -#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) -#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) - -typedef unsigned short uint16; -typedef unsigned int uint32; - -#if CAREFUL_ALIGNMENT -#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) -#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) -#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) -#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) -#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) -#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) -#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) -#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) -#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) -#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) -#else -/* this handles things for architectures like the 386 that can handle - * alignment errors */ -/* - * WARNING: This section is dependent on the length of int16 and int32 - * being correct - */ -#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) -#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) -#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) -#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) -#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) -#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) -#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) -#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) -#endif - - -/* now the reverse routines - these are used in nmb packets (mostly) */ -#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) -#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) - -#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) -#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) -#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) -#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) - -#endif /* _BYTEORDER_H_ */ --- squid/auth_modules/MSNT/confload.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,235 +0,0 @@ - -/* - * confload.c - * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd - * Released under GPL, see COPYING-2.0 for details. - * - * These routines load the msntauth configuration file. - * It stores the servers to query, sets the denied and - * allowed user files, and provides the - * authenticating function. - */ - -#include -#include -#include -#include -#include -#include - -#define CONFIGFILE "/usr/local/squid/etc/msntauth.conf" /* Path to configuration file */ -#define DENYUSERSDEFAULT "/usr/local/squid/etc/denyusers" -#define ALLOWUSERSDEFAULT "/usr/local/squid/etc/allowusers" - -#define MAXSERVERS 5 /* Maximum number of servers to query. This number can be increased. */ -#define NTHOSTLEN 65 - -extern char Denyuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */ -extern char Allowuserpath[MAXPATHLEN]; - -typedef struct _ServerTuple { - char pdc[NTHOSTLEN]; - char bdc[NTHOSTLEN]; - char domain[NTHOSTLEN]; -} ServerTuple; - -ServerTuple ServerArray[MAXSERVERS]; /* Array of servers to query */ -int Serversqueried = 0; /* Number of servers queried */ - -/* Declarations */ - -int OpenConfigFile(); -void ProcessLine(char *); -void AddServer(char *, char *, char *); -int QueryServers(char *, char *); -int QueryServerForUser(int, char *, char *); -extern int Valid_User(char *, char *, char *, char *, char *); - - -/* - * Opens and reads the configuration file. - * Returns 0 on success, or 1 for error. - */ - -int -OpenConfigFile() -{ - FILE *ConfigFile; - char Confbuf[2049]; /* Line reading buffer */ - - /* Initialise defaults */ - - Serversqueried = 0; - strcpy(Denyuserpath, DENYUSERSDEFAULT); - strcpy(Allowuserpath, ALLOWUSERSDEFAULT); - - /* Open file */ - if ((ConfigFile = fopen(CONFIGFILE, "r")) == NULL) { - syslog(LOG_USER | LOG_ERR, "OpenConfigFile: Failed to open %s.", CONFIGFILE); - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return 1; - } - /* Read in, one line at a time */ - - while (!feof(ConfigFile)) { - Confbuf[0] = '\0'; - fgets(Confbuf, 2049, ConfigFile); - ProcessLine(Confbuf); - } - - /* Check that at least one server is being queried. Report error if not. - * Denied and allowed user files are hardcoded, so it's fine if they're - * not set in the confugration file. */ - - if (Serversqueried == 0) { - syslog(LOG_USER | LOG_ERR, "OpenConfigFile: No servers set in %s. At least one is needed.", CONFIGFILE); - return 1; - } - fclose(ConfigFile); - return 0; -} - -/* Parses a configuration file line. */ - -void -ProcessLine(char *Linebuf) -{ - char *Directive; - char *Param1; - char *Param2; - char *Param3; - - /* Ignore empty lines */ - if (strlen(Linebuf) == 0) - return; - - /* Break up on whitespaces */ - if ((Directive = strtok(Linebuf, " \t\n")) == NULL) - return; - - /* Check for a comment line. If found, stop . */ - if (Directive[0] == '#') - return; - - /* Check for server line. Check for 3 parameters. */ - if (strcasecmp(Directive, "server") == 0) { - Param1 = strtok(NULL, " \t\n"); - Param2 = strtok(NULL, " \t\n"); - Param3 = strtok(NULL, " \t\n"); - - if ((Param1[0] == '\0') || - (Param2[0] == '\0') || - (Param3[0] == '\0')) { - syslog(LOG_USER | LOG_ERR, "ProcessLine: A 'server' line needs PDC, BDC, and domain parameters."); - return; - } - AddServer(Param1, Param2, Param3); - return; - } - /* Check for denyusers line */ - if (strcasecmp(Directive, "denyusers") == 0) { - Param1 = strtok(NULL, " \t\n"); - - if (Param1[0] == '\0') { - syslog(LOG_USER | LOG_ERR, "ProcessLine: A 'denyusers' line needs a filename parameter."); - return; - } - strcpy(Denyuserpath, Param1); - return; - } - /* Check for allowusers line */ - if (strcasecmp(Directive, "allowusers") == 0) { - Param1 = strtok(NULL, " \t\n"); - - if (Param1[0] == '\0') { - syslog(LOG_USER | LOG_ERR, "ProcessLine: An 'allowusers' line needs a filename parameter."); - return; - } - strcpy(Allowuserpath, Param1); - return; - } - /* Reports error for unknown line */ - syslog(LOG_USER | LOG_ERR, "ProcessLine: Ignoring '%s' line.", Directive); -} - -/* - * Adds a server to query to the server array. - * Checks if the number of servers to query is not exceeded. - * Does not allow parameters longer than NTHOSTLEN. - */ - -void -AddServer(char *ParamPDC, char *ParamBDC, char *ParamDomain) -{ - if (Serversqueried + 1 > MAXSERVERS) { - syslog(LOG_USER | LOG_ERR, "ProcessLine: Ignoring '%s' server line; too many servers.", ParamPDC); - return; - } - Serversqueried++; - strncpy(ServerArray[Serversqueried].pdc, ParamPDC, NTHOSTLEN); - strncpy(ServerArray[Serversqueried].bdc, ParamBDC, NTHOSTLEN); - strncpy(ServerArray[Serversqueried].domain, ParamDomain, NTHOSTLEN); - ServerArray[Serversqueried].pdc[NTHOSTLEN - 1] = '\0'; - ServerArray[Serversqueried].bdc[NTHOSTLEN - 1] = '\0'; - ServerArray[Serversqueried].domain[NTHOSTLEN - 1] = '\0'; -} - -/* - * Cycles through all servers to query. - * Returns 0 if one server could authenticate the user. - * Returns 1 if no server authenticated the user. - */ - -int -QueryServers(char *username, char *password) -{ - int Queryresult = 1; /* Default result is an error */ - int x = 1; - - while (x <= Serversqueried) { /* Query one server. Change Queryresult if user passed. */ - if (QueryServerForUser(x++, username, password) == 0) { - Queryresult = 0; - break; - } - } - - return Queryresult; -} - -/* - * Attempts to authenticate the user with one server. - * Logs syslog messages for different errors. - * Returns 0 on success, non-zero on failure. - */ - -int -QueryServerForUser(int x, char *username, char *password) -{ - int result = 1; - - result = Valid_User(username, password, ServerArray[x].pdc, - ServerArray[x].bdc, ServerArray[x].domain); - - switch (result) { /* Write any helpful syslog messages */ - case 0: - break; - case 1: - syslog(LOG_AUTHPRIV | LOG_INFO, "Server error when checking %s.", username); - break; - case 2: - syslog(LOG_AUTHPRIV | LOG_INFO, "Protocol error when checking %s.", username); - break; - case 3: - syslog(LOG_AUTHPRIV | LOG_INFO, "Authentication failed for %s.", username); - } - - return result; -} - -/* Valid_User return codes - - * - * 0 - User authenticated successfully. - * 1 - Server error. - * 2 - Protocol error. - * 3 - Logon error; Incorrect password or username given. - */ --- squid/auth_modules/MSNT/denyusers.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,249 +0,0 @@ - -/* - * denyusers.c - * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd - * Released under GPL, see COPYING-2.0 for details. - * - * These routines are to block users attempting to use the proxy which - * have been explicitly denied by the system administrator. - * Routines at the bottom also use the allowed user functions. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define NAMELEN 50 /* Maximum username length */ - -/* Global variables */ - -char *DeniedUsers; /* Pointer to string of denied users */ -off_t DenyUserSize; /* Size of denied user file */ -struct stat FileBuf; /* Stat data buffer */ -time_t LastModTime; /* Last denied user file modification time */ - -char Denyuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */ - -/* Function declarations */ - -int Read_denyusers(); -int Check_ifuserdenied(char *); -int Check_user(char *); -void Checktimer(); -void Check_forchange(); -void Check_fordenychange(); -extern void Check_forallowchange(); /* For allowed users */ -extern int Check_ifuserallowed(char *); - -/* - * Reads Denyuserpath for all users to be excluded. - * Returns 0 if the user list was successfully loaded, - * and 1 in case of error. - * Logs any messages to the syslog daemon. - */ - -int -Read_denyusers() -{ - FILE *DFile; /* Denied user file pointer */ - off_t DPos = 0; /* File counter */ - char DChar; /* Character buffer */ - - /* Stat the file. If it does not exist, save the size as zero. - * Clear the denied user string. Return. */ - if (stat(Denyuserpath, &FileBuf) == -1) { - if (errno == ENOENT) { - LastModTime = (time_t) 0; - DenyUserSize = 0; - free(DeniedUsers); - DeniedUsers = malloc(sizeof(char)); - DeniedUsers[0] = '\0'; - return 0; - } else { - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return 1; - } - } - /* If it exists, save the modification time and size */ - LastModTime = FileBuf.st_mtime; - DenyUserSize = FileBuf.st_size; - - /* Handle the special case of a zero length file */ - if (DenyUserSize == 0) { - free(DeniedUsers); - DeniedUsers = malloc(sizeof(char)); - DeniedUsers[0] = '\0'; - return 0; - } - /* Free and allocate space for a string to store the denied usernames */ - free(DeniedUsers); - - if ((DeniedUsers = malloc(sizeof(char) * (DenyUserSize + 3))) == NULL) { - syslog(LOG_USER | LOG_ERR, "Read_denyusers: malloc(DeniedUsers) failed."); - return 1; - } - /* Open the denied user file. Report any errors. */ - - if ((DFile = fopen(Denyuserpath, "r")) == NULL) { - syslog(LOG_USER | LOG_ERR, "Read_denyusers: Failed to open denied user file."); - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return 1; - } - /* Read user names into the DeniedUsers string. - * Make sure each string is delimited by a space. */ - - DeniedUsers[DPos++] = ' '; - - while (!feof(DFile)) { - if ((DChar = fgetc(DFile)) == EOF) - break; - else { - if (isspace(DChar)) - DeniedUsers[DPos++] = ' '; - else - DeniedUsers[DPos++] = toupper(DChar); - } - } - - DeniedUsers[DPos++] = ' '; - DeniedUsers[DPos] = '\0'; - fclose(DFile); - return 0; -} - -/* - * Check to see if the username provided by Squid appears in the denied - * user list. Returns 0 if the user was not found, and 1 if they were. - */ - -int -Check_ifuserdenied(char *ConnectingUser) -{ - static char CUBuf[NAMELEN + 1]; - static int x; - static char DenyMsg[256]; - - /* If user string is empty, deny */ - if (ConnectingUser[0] == '\0') - return 1; - - /* If denied user list is empty, allow */ - if (DenyUserSize == 0) - return 0; - - /* Check if username string is found in the denied user list. - * If so, deny. If not, allow. Reconstruct the username - * to have whitespace, to avoid finding wrong string subsets. */ - - sscanf(ConnectingUser, " %s ", CUBuf); - sprintf(CUBuf, " %s ", CUBuf); - - for (x = 0; x <= strlen(CUBuf); x++) - CUBuf[x] = toupper(CUBuf[x]); - - if (strstr(DeniedUsers, CUBuf) == NULL) - return 0; - else { - sprintf(DenyMsg, "Denied access to user '%s'.", CUBuf); - syslog(LOG_USER | LOG_ERR, DenyMsg); - return 1; - } -} - -/* - * Checks if there has been a change in the denied user file. - * If the modification time has changed, then reload the denied user list. - * This function is called by the SIGHUP signal handler. - */ - -void -Check_fordenychange() -{ - struct stat ChkBuf; /* Stat data buffer */ - - /* Stat the denied user file. If it cannot be accessed, return. */ - - if (stat(Denyuserpath, &ChkBuf) == -1) { - if (errno == ENOENT) { - LastModTime = (time_t) 0; - DenyUserSize = 0; - free(DeniedUsers); - DeniedUsers = malloc(sizeof(char)); - DeniedUsers[0] = '\0'; - return; - } else { /* Report error when accessing file */ - syslog(LOG_USER | LOG_ERR, strerror(errno)); - return; - } - } - /* If found, compare the modification time with the previously-recorded - * modification time. - * If the modification time has changed, reload the denied user list. - * Log a message of its actions. */ - - if (ChkBuf.st_mtime != LastModTime) { - syslog(LOG_USER | LOG_INFO, "Check_fordenychange: Reloading denied user list."); - Read_denyusers(); - } -} - -/* - * Decides if a user is denied or allowed. - * If they have been denied, or not allowed, return 1. - * Else return 0. - */ - -int -Check_user(char *ConnectingUser) -{ - if (Check_ifuserdenied(ConnectingUser) == 1) - return 1; - - if (Check_ifuserallowed(ConnectingUser) == 0) - return 1; - - return 0; -} - -/* - * Checks the denied and allowed user files for change. - * This function is invoked when a SIGHUP signal is received. - * It is also run after every 60 seconds, at the next request. - */ - -void -Check_forchange() -{ - Check_fordenychange(); - Check_forallowchange(); -} - -/* - * Checks the timer. If longer than 1 minute has passed since the last - * time someone has accessed the proxy, then check for changes in the - * denied user file. If longer than one minute hasn't passed, return. - */ - -void -Checktimer() -{ - static time_t Lasttime; /* The last time the timer was checked */ - static time_t Currenttime; /* The current time */ - - Currenttime = time(NULL); - - /* If timeout has expired, check the denied user file, else return */ - if (difftime(Currenttime, Lasttime) < 60) - return; - else { - Check_forchange(); - Lasttime = Currenttime; - } -} --- squid/auth_modules/MSNT/md4.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,209 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * a implementation of MD4 designed for use in the SMB authentication protocol - * Copyright (C) Andrew Tridgell 1997 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -/* NOTE: This code makes no attempt to be fast! - * - * It assumes that a int is at least 32 bits long - */ - -typedef unsigned int uint32; - -static uint32 A, B, C, D; - -static uint32 -F(uint32 X, uint32 Y, uint32 Z) -{ - return (X & Y) | ((~X) & Z); -} - -static uint32 -G(uint32 X, uint32 Y, uint32 Z) -{ - return (X & Y) | (X & Z) | (Y & Z); -} - -static uint32 -H(uint32 X, uint32 Y, uint32 Z) -{ - return X ^ Y ^ Z; -} - -static uint32 -lshift(uint32 x, int s) -{ - x &= 0xFFFFFFFF; - return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); -} - -#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) -#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) -#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) - -/* this applies md4 to 64 byte chunks */ -static void -mdfour64(uint32 * M) -{ - int j; - uint32 AA, BB, CC, DD; - uint32 X[16]; - - for (j = 0; j < 16; j++) - X[j] = M[j]; - - AA = A; - BB = B; - CC = C; - DD = D; - - ROUND1(A, B, C, D, 0, 3); - ROUND1(D, A, B, C, 1, 7); - ROUND1(C, D, A, B, 2, 11); - ROUND1(B, C, D, A, 3, 19); - ROUND1(A, B, C, D, 4, 3); - ROUND1(D, A, B, C, 5, 7); - ROUND1(C, D, A, B, 6, 11); - ROUND1(B, C, D, A, 7, 19); - ROUND1(A, B, C, D, 8, 3); - ROUND1(D, A, B, C, 9, 7); - ROUND1(C, D, A, B, 10, 11); - ROUND1(B, C, D, A, 11, 19); - ROUND1(A, B, C, D, 12, 3); - ROUND1(D, A, B, C, 13, 7); - ROUND1(C, D, A, B, 14, 11); - ROUND1(B, C, D, A, 15, 19); - - ROUND2(A, B, C, D, 0, 3); - ROUND2(D, A, B, C, 4, 5); - ROUND2(C, D, A, B, 8, 9); - ROUND2(B, C, D, A, 12, 13); - ROUND2(A, B, C, D, 1, 3); - ROUND2(D, A, B, C, 5, 5); - ROUND2(C, D, A, B, 9, 9); - ROUND2(B, C, D, A, 13, 13); - ROUND2(A, B, C, D, 2, 3); - ROUND2(D, A, B, C, 6, 5); - ROUND2(C, D, A, B, 10, 9); - ROUND2(B, C, D, A, 14, 13); - ROUND2(A, B, C, D, 3, 3); - ROUND2(D, A, B, C, 7, 5); - ROUND2(C, D, A, B, 11, 9); - ROUND2(B, C, D, A, 15, 13); - - ROUND3(A, B, C, D, 0, 3); - ROUND3(D, A, B, C, 8, 9); - ROUND3(C, D, A, B, 4, 11); - ROUND3(B, C, D, A, 12, 15); - ROUND3(A, B, C, D, 2, 3); - ROUND3(D, A, B, C, 10, 9); - ROUND3(C, D, A, B, 6, 11); - ROUND3(B, C, D, A, 14, 15); - ROUND3(A, B, C, D, 1, 3); - ROUND3(D, A, B, C, 9, 9); - ROUND3(C, D, A, B, 5, 11); - ROUND3(B, C, D, A, 13, 15); - ROUND3(A, B, C, D, 3, 3); - ROUND3(D, A, B, C, 11, 9); - ROUND3(C, D, A, B, 7, 11); - ROUND3(B, C, D, A, 15, 15); - - A += AA; - B += BB; - C += CC; - D += DD; - - A &= 0xFFFFFFFF; - B &= 0xFFFFFFFF; - C &= 0xFFFFFFFF; - D &= 0xFFFFFFFF; - - for (j = 0; j < 16; j++) - X[j] = 0; -} - -static void -copy64(uint32 * M, unsigned char *in) -{ - int i; - - for (i = 0; i < 16; i++) - M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | - (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0); -} - -static void -copy4(unsigned char *out, uint32 x) -{ - out[0] = x & 0xFF; - out[1] = (x >> 8) & 0xFF; - out[2] = (x >> 16) & 0xFF; - out[3] = (x >> 24) & 0xFF; -} - -/* produce a md4 message digest from data of length n bytes */ -void -mdfour(unsigned char *out, unsigned char *in, int n) -{ - unsigned char buf[128]; - uint32 M[16]; - uint32 b = n * 8; - int i; - - A = 0x67452301; - B = 0xefcdab89; - C = 0x98badcfe; - D = 0x10325476; - - while (n > 64) { - copy64(M, in); - mdfour64(M); - in += 64; - n -= 64; - } - - for (i = 0; i < 128; i++) - buf[i] = 0; - memcpy(buf, in, n); - buf[n] = 0x80; - - if (n <= 55) { - copy4(buf + 56, b); - copy64(M, buf); - mdfour64(M); - } else { - copy4(buf + 120, b); - copy64(M, buf); - mdfour64(M); - copy64(M, buf + 64); - mdfour64(M); - } - - for (i = 0; i < 128; i++) - buf[i] = 0; - copy64(M, buf); - - copy4(out, A); - copy4(out + 4, B); - copy4(out + 8, C); - copy4(out + 12, D); - - A = B = C = D = 0; -} --- squid/auth_modules/MSNT/msntauth-v2.0.lsm Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,13 +0,0 @@ -Begin3 -Title: msntauth -Version: 2.0 -Entered-date: 10OCT00 -Description: Squid web proxy NT domain authentication module -Keywords: Squid WWW proxy SMB NT domain authentication module source -Author: antonino.iannella@usa.net (Antonino Iannella) -Maintained-by: antonino.iannella@usa.net (Antonino Iannella) -Primary-site: sunsite.unc.edu /pub/Linux/system/network/misc - msntauth-v2.0.tgz -Original-site: http://stellarx.tripod.com -Copying-policy: GPL -End --- squid/auth_modules/MSNT/msntauth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,114 +0,0 @@ - -/* - * MSNT - Microsoft Windows NT domain squid authenticator module - * Version 1.2 by Stellar-X Pty Ltd, Antonino Iannella - * Fri Sep 22 00:56:05 CST 2000 - * - * Modified to act as a Squid authenticator module. - * Removed all Pike stuff. - * Returns OK for a successful authentication, or ERR upon error. - * - * Uses code from - - * Andrew Tridgell 1997 - * Richard Sharpe 1996 - * Bill Welliver 1999 - * Duane Wessels 2000 - * - * Released under GNU Public License - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -#include -#include - -extern int OpenConfigFile(); -extern int QueryServers(char *, char *); -extern void Checktimer(); -extern void Check_forchange(); -extern int Read_denyusers(void); -extern int Read_allowusers(void); -extern int Check_user(char *); - -/* Main program for simple authentication. - * Reads the denied user file. Sets alarm timer. - * Scans and checks for Squid input, and attempts to validate the user. - */ - -int -main() -{ - char username[256]; - char password[256]; - char wstr[256]; - - /* Read configuration file. Abort wildly if error. */ - if (OpenConfigFile() == 1) - return 1; - - /* Read denied and allowed user files. - * If they fails, there is a serious problem. - * Check syslog messages. Deny all users while in this state. - * The msntauth process should then be killed. */ - - if ((Read_denyusers() == 1) || (Read_allowusers() == 1)) { - while (1) { - fgets(wstr, 255, stdin); - puts("ERR"); - fflush(stdout); - } - } - /* Make Check_forchange() the handle for HUP signals. - * Don't use alarms any more. I don't think it was very - * portable between systems. */ - signal(SIGHUP, Check_forchange); - - while (1) { - /* Read whole line from standard input. Terminate on break. */ - if (fgets(wstr, 255, stdin) == NULL) - break; - - /* Clear any current settings */ - username[0] = '\0'; - password[0] = '\0'; - sscanf(wstr, "%s %s", username, password); /* Extract parameters */ - - /* Check for invalid or blank entries */ - if ((username[0] == '\0') || (password[0] == '\0')) { - puts("ERR"); - fflush(stdout); - continue; - } - Checktimer(); /* Check if the user lists have changed */ - - /* Check if user is explicitly denied or allowed. - * If user passes both checks, they can be authenticated. */ - - if (Check_user(username) == 1) - puts("ERR"); - else { - if (QueryServers(username, password) == 0) - puts("OK"); - else - puts("ERR"); - } - - fflush(stdout); - } - - return 0; -} --- squid/auth_modules/MSNT/msntauth.conf Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,11 +0,0 @@ - -# Sample MSNT authenticator configuration file -# Antonino Iannella, Stellar-X Pty Ltd -# Tue Sep 26 17:26:59 CST 2000 - -server my_PDC my_BDC my_NTdomain -server other_PDC other_BDC otherdomain - -denyusers /usr/local/squid/etc/denyusers -allowusers /usr/local/squid/etc/allowusers - --- squid/auth_modules/MSNT/rfcnb-common.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,40 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Common Structures etc Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#ifndef _RFCNB_COMMON_H_ -#define _RFCNB_COMMON_H_ - -/* A data structure we need */ - -typedef struct RFCNB_Pkt { - - char *data; /* The data in this portion */ - int len; - struct RFCNB_Pkt *next; - -} RFCNB_Pkt; - - -#endif /* _RFCNB_COMMON_H_ */ --- squid/auth_modules/MSNT/rfcnb-error.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,57 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Error Response Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#ifndef _RFCNB_ERROR_H_ -#define _RFCNB_ERROR_H_ - -/* Error responses */ - -#define RFCNBE_Bad -1 /* Bad response */ -#define RFCNBE_OK 0 - -/* these should follow the spec ... is there one ? */ - -#define RFCNBE_NoSpace 1 /* Could not allocate space for a struct */ -#define RFCNBE_BadName 2 /* Could not translate a name */ -#define RFCNBE_BadRead 3 /* Read sys call failed */ -#define RFCNBE_BadWrite 4 /* Write Sys call failed */ -#define RFCNBE_ProtErr 5 /* Protocol Error */ -#define RFCNBE_ConGone 6 /* Connection dropped */ -#define RFCNBE_BadHandle 7 /* Handle passed was bad */ -#define RFCNBE_BadSocket 8 /* Problems creating socket */ -#define RFCNBE_ConnectFailed 9 /* Connect failed */ -#define RFCNBE_CallRejNLOCN 10 /* Call rejected, not listening on CN */ -#define RFCNBE_CallRejNLFCN 11 /* Call rejected, not listening for CN */ -#define RFCNBE_CallRejCNNP 12 /* Call rejected, called name not present */ -#define RFCNBE_CallRejInfRes 13 /* Call rejetced, name ok, no resources */ -#define RFCNBE_CallRejUnSpec 14 /* Call rejected, unspecified error */ -#define RFCNBE_BadParam 15 /* Bad parameters passed ... */ -#define RFCNBE_Timeout 16 /* IO Timed out */ - -/* Text strings for the error responses */ - -extern char *RFCNB_Error_Strings[]; - -#endif /* _RFCNB_ERROR_H_ */ --- squid/auth_modules/MSNT/rfcnb-io.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,415 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NEtBIOS implementation - * - * Version 1.0 - * RFCNB IO Routines ... - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ -/* #include */ -#include "std-includes.h" -#include "rfcnb-priv.h" -#include "rfcnb-util.h" -#include "rfcnb-io.h" -#include -#include - -int RFCNB_Timeout = 0; /* Timeout in seconds ... */ - -void -rfcnb_alarm(int sig) -{ - - fprintf(stderr, "IO Timed out ...\n"); - -} - -/* Set timeout value and setup signal handling */ - -int -RFCNB_Set_Timeout(int seconds) -{ -#ifdef __GLIBC__ - int temp; -#endif - /* If we are on a Bezerkeley system, use sigvec, else sigaction */ -#ifndef SA_RESTART - struct sigvec invec, outvec; -#else - struct sigaction inact, outact; -#endif - - RFCNB_Timeout = seconds; - - if (RFCNB_Timeout > 0) { /* Set up handler to ignore but not restart */ - -#ifndef SA_RESTART - invec.sv_handler = (void (*)()) rfcnb_alarm; - invec.sv_mask = 0; - invec.sv_flags = SV_INTERRUPT; - - if (sigvec(SIGALRM, &invec, &outvec) < 0) - return (-1); -#else - inact.sa_handler = (void (*)()) rfcnb_alarm; -#ifdef SOLARIS - /* Solaris seems to have an array of vectors ... */ - inact.sa_mask.__sigbits[0] = 0; - inact.sa_mask.__sigbits[1] = 0; - inact.sa_mask.__sigbits[2] = 0; - inact.sa_mask.__sigbits[3] = 0; -#else -#ifdef __GLIBC__ - for (temp = 0; temp < 32; temp++) - inact.sa_mask.__val[temp] = 0; -#else - inact.sa_mask = 0; -#endif -#endif - inact.sa_flags = 0; /* Don't restart */ - - if (sigaction(SIGALRM, &inact, &outact) < 0) - return (-1); - -#endif - - } - return (0); - -} - -/* Discard the rest of an incoming packet as we do not have space for it - * in the buffer we allocated or were passed ... */ - -int -RFCNB_Discard_Rest(struct RFCNB_Con *con, int len) -{ - char temp[100]; /* Read into here */ - int rest, this_read, bytes_read; - - /* len is the amount we should read */ - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Discard_Rest called to discard: %i\n", len); -#endif - - rest = len; - - while (rest > 0) { - - this_read = (rest > sizeof(temp) ? sizeof(temp) : rest); - - bytes_read = read(con->fd, temp, this_read); - - if (bytes_read <= 0) { /* Error so return */ - - if (bytes_read < 0) - RFCNB_errno = RFCNBE_BadRead; - else - RFCNB_errno = RFCNBE_ConGone; - - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - rest = rest - bytes_read; - - } - - return (0); - -} - - -/* Send an RFCNB packet to the connection. - * - * We just send each of the blocks linked together ... - * - * If we can, try to send it as one iovec ... - * - */ - -int -RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len) -{ - int len_sent, tot_sent, this_len; - struct RFCNB_Pkt *pkt_ptr; - char *this_data; - int i; - struct iovec io_list[10]; /* We should never have more */ - /* If we do, this will blow up ... */ - - /* Try to send the data ... We only send as many bytes as len claims */ - /* We should try to stuff it into an IOVEC and send as one write */ - - - pkt_ptr = pkt; - len_sent = tot_sent = 0; /* Nothing sent so far */ - i = 0; - - while ((pkt_ptr != NULL) & (i < 10)) { /* Watch that magic number! */ - - this_len = pkt_ptr->len; - this_data = pkt_ptr->data; - if ((tot_sent + this_len) > len) - this_len = len - tot_sent; /* Adjust so we don't send too much */ - - /* Now plug into the iovec ... */ - - io_list[i].iov_len = this_len; - io_list[i].iov_base = this_data; - i++; - - tot_sent += this_len; - - if (tot_sent == len) - break; /* Let's not send too much */ - - pkt_ptr = pkt_ptr->next; - - } - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Frags = %i, tot_sent = %i\n", i, tot_sent); -#endif - - /* Set up an alarm if timeouts are set ... */ - - if (RFCNB_Timeout > 0) - alarm(RFCNB_Timeout); - - if ((len_sent = writev(con->fd, io_list, i)) < 0) { /* An error */ - - con->rfc_errno = errno; - if (errno == EINTR) /* We were interrupted ... */ - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_BadWrite; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - if (len_sent < tot_sent) { /* Less than we wanted */ - if (errno == EINTR) /* We were interrupted */ - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_BadWrite; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - } - if (RFCNB_Timeout > 0) - alarm(0); /* Reset that sucker */ - -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Len sent = %i ...\n", len_sent); - RFCNB_Print_Pkt(stderr, "sent", pkt, len_sent); /* Print what send ... */ - -#endif - - return (len_sent); - -} - -/* Read an RFCNB packet off the connection. - * - * We read the first 4 bytes, that tells us the length, then read the - * rest. We should implement a timeout, but we don't just yet - * - */ - - -int -RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len) -{ - int read_len, pkt_len; - char hdr[RFCNB_Pkt_Hdr_Len]; /* Local space for the header */ - struct RFCNB_Pkt *pkt_frag; - int more, this_time, offset, frag_len, this_len; - BOOL seen_keep_alive = TRUE; - - /* Read that header straight into the buffer */ - - if (len < RFCNB_Pkt_Hdr_Len) { /* What a bozo */ - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Trying to read less than a packet:"); - perror(""); -#endif - RFCNB_errno = RFCNBE_BadParam; - return (RFCNBE_Bad); - - } - /* We discard keep alives here ... */ - - if (RFCNB_Timeout > 0) - alarm(RFCNB_Timeout); - - while (seen_keep_alive) { - - if ((read_len = read(con->fd, hdr, sizeof(hdr))) < 0) { /* Problems */ -#ifdef RFCNB_DEBUG - fprintf(stderr, "Reading the packet, we got:"); - perror(""); -#endif - if (errno == EINTR) - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_BadRead; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - /* Now we check out what we got */ - - if (read_len == 0) { /* Connection closed, send back eof? */ - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Connection closed reading\n"); -#endif - - if (errno == EINTR) - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_ConGone; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - if (RFCNB_Pkt_Type(hdr) == RFCNB_SESSION_KEEP_ALIVE) { - -#ifdef RFCNB_DEBUG - fprintf(stderr, "RFCNB KEEP ALIVE received\n"); -#endif - - } else { - seen_keep_alive = FALSE; - } - - } - - /* What if we got less than or equal to a hdr size in bytes? */ - - if (read_len < sizeof(hdr)) { /* We got a small packet */ - - /* Now we need to copy the hdr portion we got into the supplied packet */ - - memcpy(pkt->data, hdr, read_len); /*Copy data */ - -#ifdef RFCNB_DEBUG - RFCNB_Print_Pkt(stderr, "rcvd", pkt, read_len); -#endif - - return (read_len); - - } - /* Now, if we got at least a hdr size, alloc space for rest, if we need it */ - - pkt_len = RFCNB_Pkt_Len(hdr); - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Reading Pkt: Length = %i\n", pkt_len); -#endif - - /* Now copy in the hdr */ - - memcpy(pkt->data, hdr, sizeof(hdr)); - - /* Get the rest of the packet ... first figure out how big our buf is? */ - /* And make sure that we handle the fragments properly ... Sure should */ - /* use an iovec ... */ - - if (len < pkt_len) /* Only get as much as we have space for */ - more = len - RFCNB_Pkt_Hdr_Len; - else - more = pkt_len; - - this_time = 0; - - /* We read for each fragment ... */ - - if (pkt->len == read_len) { /* If this frag was exact size */ - pkt_frag = pkt->next; /* Stick next lot in next frag */ - offset = 0; /* then we start at 0 in next */ - } else { - pkt_frag = pkt; /* Otherwise use rest of this frag */ - offset = RFCNB_Pkt_Hdr_Len; /* Otherwise skip the header */ - } - - frag_len = pkt_frag->len; - - if (more <= frag_len) /* If len left to get less than frag space */ - this_len = more; /* Get the rest ... */ - else - this_len = frag_len - offset; - - while (more > 0) { - - if ((this_time = read(con->fd, (pkt_frag->data) + offset, this_len)) <= 0) { /* Problems */ - - if (errno == EINTR) { - - RFCNB_errno = RFCNB_Timeout; - - } else { - if (this_time < 0) - RFCNB_errno = RFCNBE_BadRead; - else - RFCNB_errno = RFCNBE_ConGone; - } - - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } -#ifdef RFCNB_DEBUG - fprintf(stderr, "Frag_Len = %i, this_time = %i, this_len = %i, more = %i\n", frag_len, - this_time, this_len, more); -#endif - - read_len = read_len + this_time; /* How much have we read ... */ - - /* Now set up the next part */ - - if (pkt_frag->next == NULL) - break; /* That's it here */ - - pkt_frag = pkt_frag->next; - this_len = pkt_frag->len; - offset = 0; - - more = more - this_time; - - } - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Pkt Len = %i, read_len = %i\n", pkt_len, read_len); - RFCNB_Print_Pkt(stderr, "rcvd", pkt, read_len + sizeof(hdr)); -#endif - - if (read_len < (pkt_len + sizeof(hdr))) { /* Discard the rest */ - - return (RFCNB_Discard_Rest(con, (pkt_len + sizeof(hdr)) - read_len)); - - } - if (RFCNB_Timeout > 0) - alarm(0); /* Reset that sucker */ - - return (read_len + sizeof(RFCNB_Hdr)); -} --- squid/auth_modules/MSNT/rfcnb-io.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,28 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB IO Routines Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -int RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len); - -int RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len); --- squid/auth_modules/MSNT/rfcnb-priv.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,150 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* Defines we need */ - - -#define GLOBAL extern - -#include "rfcnb-error.h" -#include "rfcnb-common.h" -#include "byteorder.h" - -#ifdef RFCNB_PORT -#define RFCNB_Default_Port RFCNB_PORT -#else -#define RFCNB_Default_Port 139 -#endif - -#define RFCNB_MAX_STATS 1 - -/* Protocol defines we need */ - -#define RFCNB_SESSION_MESSAGE 0 -#define RFCNB_SESSION_REQUEST 0x81 -#define RFCNB_SESSION_ACK 0x82 -#define RFCNB_SESSION_REJ 0x83 -#define RFCNB_SESSION_RETARGET 0x84 -#define RFCNB_SESSION_KEEP_ALIVE 0x85 - -/* Structures */ - -typedef struct redirect_addr *redirect_ptr; - -struct redirect_addr { - - struct in_addr ip_addr; - int port; - redirect_ptr next; - -}; - -typedef struct RFCNB_Con { - - int fd; /* File descripter for TCP/IP connection */ - int rfc_errno; /* last error */ - int timeout; /* How many milli-secs before IO times out */ - int redirects; /* How many times we were redirected */ - struct redirect_addr *redirect_list; /* First is first address */ - struct redirect_addr *last_addr; - -} RFCNB_Con; - -typedef char RFCNB_Hdr[4]; /* The header is 4 bytes long with */ - /* char[0] as the type, char[1] the */ - /* flags, and char[2..3] the length */ - -/* Macros to extract things from the header. These are for portability - * between architecture types where we are worried about byte order */ - -#define RFCNB_Pkt_Hdr_Len 4 -#define RFCNB_Pkt_Sess_Len 72 -#define RFCNB_Pkt_Retarg_Len 10 -#define RFCNB_Pkt_Nack_Len 5 -#define RFCNB_Pkt_Type_Offset 0 -#define RFCNB_Pkt_Flags_Offset 1 -#define RFCNB_Pkt_Len_Offset 2 /* Length is 2 bytes plus a flag bit */ -#define RFCNB_Pkt_N1Len_Offset 4 -#define RFCNB_Pkt_Called_Offset 5 -#define RFCNB_Pkt_N2Len_Offset 38 -#define RFCNB_Pkt_Calling_Offset 39 -#define RFCNB_Pkt_Error_Offset 4 -#define RFCNB_Pkt_IP_Offset 4 -#define RFCNB_Pkt_Port_Offset 8 - -/* The next macro isolates the length of a packet, including the bit in the - * flags */ - -#define RFCNB_Pkt_Len(p) (PVAL(p, 3) | (PVAL(p, 2) << 8) | \ - ((PVAL(p, RFCNB_Pkt_Flags_Offset) & 0x01) << 16)) - -#define RFCNB_Put_Pkt_Len(p, v) (p[1] = ((v >> 16) & 1)); \ - (p[2] = ((v >> 8) & 0xFF)); \ - (p[3] = (v & 0xFF)); - -#define RFCNB_Pkt_Type(p) (CVAL(p, RFCNB_Pkt_Type_Offset)) - -/*typedef struct RFCNB_Hdr { - * - * unsigned char type; - * unsigned char flags; - * int16 len; - * - * } RFCNB_Hdr; - * - * typedef struct RFCNB_Sess_Pkt { - * unsigned char type; - * unsigned char flags; - * int16 length; - * unsigned char n1_len; - * char called_name[33]; - * unsigned char n2_len; - * char calling_name[33]; - * } RFCNB_Sess_Pkt; - * - * - * typedef struct RFCNB_Nack_Pkt { - * - * struct RFCNB_Hdr hdr; - * unsigned char error; - * - * } RFCNB_Nack_Pkt; - * - * typedef struct RFCNB_Retarget_Pkt { - * - * struct RFCNB_Hdr hdr; - * int dest_ip; - * unsigned char port; - * - * } RFCNB_Redir_Pkt; */ - -/* Static variables */ - -/* Only declare this if not defined */ - -#ifndef RFCNB_ERRNO -extern int RFCNB_errno; -extern int RFCNB_saved_errno; /* Save this from point of error */ -#endif --- squid/auth_modules/MSNT/rfcnb-util.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,555 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Utility Routines ... - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "std-includes.h" -#include "rfcnb-priv.h" -#include "rfcnb-util.h" -#include "rfcnb-io.h" - -#include -#include -#include -#include -#include -#include -#include - -char *RFCNB_Error_Strings[] = -{ - - "RFCNBE_OK: Routine completed successfully.", - "RFCNBE_NoSpace: No space available for a malloc call.", - "RFCNBE_BadName: NetBIOS name could not be translated to IP address.", - "RFCNBE_BadRead: Read system call returned an error. Check errno.", - "RFCNBE_BadWrite: Write system call returned an error. Check errno.", - "RFCNBE_ProtErr: A protocol error has occurred.", - "RFCNBE_ConGone: Connection dropped during a read or write system call.", - "RFCNBE_BadHandle: Bad connection handle passed.", - "RFCNBE_BadSocket: Problems creating socket.", - "RFCNBE_ConnectFailed: Connection failed. See errno.", - "RFCNBE_CallRejNLOCN: Call rejected. Not listening on called name.", - "RFCNBE_CallRejNLFCN: Call rejected. Not listening for called name.", - "RFCNBE_CallRejCNNP: Call rejected. Called name not present.", - "RFCNBE_CallRejInfRes: Call rejected. Name present, but insufficient resources.", - "RFCNBE_CallRejUnSpec: Call rejected. Unspecified error.", - "RFCNBE_BadParam: Bad parameters passed to a routine.", - "RFCNBE_Timeout: IO Operation timed out ..." - -}; - -extern void (*Prot_Print_Routine) (); /* Pointer to protocol print routine */ - -/* Convert name and pad to 16 chars as needed */ -/* Name 1 is a C string with null termination, name 2 may not be */ -/* If SysName is true, then put a <00> on end, else space> */ - -void -RFCNB_CvtPad_Name(char *name1, char *name2) -{ - char c, c1, c2; - int i, len; - - len = strlen(name1); - - for (i = 0; i < 16; i++) { - - if (i >= len) { - - c1 = 'C'; - c2 = 'A'; /* CA is a space */ - - } else { - - c = name1[i]; - c1 = (char) ((int) c / 16 + (int) 'A'); - c2 = (char) ((int) c % 16 + (int) 'A'); - } - - name2[i * 2] = c1; - name2[i * 2 + 1] = c2; - - } - - name2[32] = 0; /* Put in the nll ... */ - -} - -/* Converts an Ascii NB Name (16 chars) to an RFCNB Name (32 chars) - * Uses the encoding in RFC1001. Each nibble of byte is added to 'A' - * to produce the next byte in the name. - * - * This routine assumes that AName is 16 bytes long and that NBName has - * space for 32 chars, so be careful ... - * - */ - -void -RFCNB_AName_To_NBName(char *AName, char *NBName) -{ - char c, c1, c2; - int i; - - for (i = 0; i < 16; i++) { - - c = AName[i]; - - c1 = (char) ((c >> 4) + 'A'); - c2 = (char) ((c & 0xF) + 'A'); - - NBName[i * 2] = c1; - NBName[i * 2 + 1] = c2; - } - - NBName[32] = 0; /* Put in a null */ - -} - -/* Do the reverse of the above ... */ - -void -RFCNB_NBName_To_AName(char *NBName, char *AName) -{ - char c, c1, c2; - int i; - - for (i = 0; i < 16; i++) { - - c1 = NBName[i * 2]; - c2 = NBName[i * 2 + 1]; - - c = (char) (((int) c1 - (int) 'A') * 16 + ((int) c2 - (int) 'A')); - - AName[i] = c; - - } - - AName[i] = 0; /* Put a null on the end ... */ - -} - -/* Print a string of bytes in HEX etc */ - -void -RFCNB_Print_Hex(FILE * fd, struct RFCNB_Pkt *pkt, int Offset, int Len) -{ - char c1, c2, outbuf1[33]; - unsigned char c; - int i, j; - struct RFCNB_Pkt *pkt_ptr = pkt; - static char Hex_List[17] = "0123456789ABCDEF"; - - j = 0; - - /* We only want to print as much as sepcified in Len */ - - while (pkt_ptr != NULL) { - - for (i = 0; - i < ((Len > (pkt_ptr->len) ? pkt_ptr->len : Len) - Offset); - i++) { - - c = pkt_ptr->data[i + Offset]; - c1 = Hex_List[c >> 4]; - c2 = Hex_List[c & 0xF]; - - outbuf1[j++] = c1; - outbuf1[j++] = c2; - - if (j == 32) { /* Print and reset */ - outbuf1[j] = 0; - fprintf(fd, " %s\n", outbuf1); - j = 0; - } - } - - Offset = 0; - Len = Len - pkt_ptr->len; /* Reduce amount by this much */ - pkt_ptr = pkt_ptr->next; - - } - - /* Print last lot in the buffer ... */ - - if (j > 0) { - - outbuf1[j] = 0; - fprintf(fd, " %s\n", outbuf1); - - } - fprintf(fd, "\n"); - -} - -/* Get a packet of size n */ - -struct RFCNB_Pkt * -RFCNB_Alloc_Pkt(int n) -{ - RFCNB_Pkt *pkt; - - if ((pkt = (struct RFCNB_Pkt *) malloc(sizeof(struct RFCNB_Pkt))) == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (NULL); - - } - pkt->next = NULL; - pkt->len = n; - - if (n == 0) - return (pkt); - - if ((pkt->data = (char *) malloc(n)) == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - free(pkt); - return (NULL); - - } - return (pkt); - -} - -/* Free up a packet */ - -void -RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt) -{ - struct RFCNB_Pkt *pkt_next; - char *data_ptr; - - while (pkt != NULL) { - - pkt_next = pkt->next; - - data_ptr = pkt->data; - - if (data_ptr != NULL) - free(data_ptr); - - free(pkt); - - pkt = pkt_next; - - } - -} - -/* Print an RFCNB packet */ - -void -RFCNB_Print_Pkt(FILE * fd, char *dirn, struct RFCNB_Pkt *pkt, int len) -{ - char lname[17]; - - /* We assume that the first fragment is the RFCNB Header */ - /* We should loop through the fragments printing them out */ - - fprintf(fd, "RFCNB Pkt %s:", dirn); - - switch (RFCNB_Pkt_Type(pkt->data)) { - - case RFCNB_SESSION_MESSAGE: - - fprintf(fd, "SESSION MESSAGE: Length = %i\n", RFCNB_Pkt_Len(pkt->data)); - RFCNB_Print_Hex(fd, pkt, RFCNB_Pkt_Hdr_Len, -#ifdef RFCNB_PRINT_DATA - RFCNB_Pkt_Len(pkt->data) - RFCNB_Pkt_Hdr_Len); -#else - 40); -#endif - - if (Prot_Print_Routine != 0) { /* Print the rest of the packet */ - - Prot_Print_Routine(fd, strcmp(dirn, "sent"), pkt, RFCNB_Pkt_Hdr_Len, - RFCNB_Pkt_Len(pkt->data) - RFCNB_Pkt_Hdr_Len); - - } - break; - - case RFCNB_SESSION_REQUEST: - - fprintf(fd, "SESSION REQUEST: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - RFCNB_NBName_To_AName((char *) (pkt->data + RFCNB_Pkt_Called_Offset), lname); - fprintf(fd, " Called Name: %s\n", lname); - RFCNB_NBName_To_AName((char *) (pkt->data + RFCNB_Pkt_Calling_Offset), lname); - fprintf(fd, " Calling Name: %s\n", lname); - - break; - - case RFCNB_SESSION_ACK: - - fprintf(fd, "RFCNB SESSION ACK: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - - break; - - case RFCNB_SESSION_REJ: - fprintf(fd, "RFCNB SESSION REJECT: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - - if (RFCNB_Pkt_Len(pkt->data) < 1) { - fprintf(fd, " Protocol Error, short Reject packet!\n"); - } else { - fprintf(fd, " Error = %x\n", CVAL(pkt->data, RFCNB_Pkt_Error_Offset)); - } - - break; - - case RFCNB_SESSION_RETARGET: - - fprintf(fd, "RFCNB SESSION RETARGET: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - - /* Print out the IP address etc and the port? */ - - break; - - case RFCNB_SESSION_KEEP_ALIVE: - - fprintf(fd, "RFCNB SESSION KEEP ALIVE: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - break; - - default: - - break; - } - -} - -/* Resolve a name into an address */ - -int -RFCNB_Name_To_IP(char *host, struct in_addr *Dest_IP) -{ - int addr; /* Assumes IP4, 32 bit network addresses */ - struct hostent *hp; - - /* Use inet_addr to try to convert the address */ - - if ((addr = inet_addr(host)) == INADDR_NONE) { /* Oh well, a good try :-) */ - - /* Now try a name look up with gethostbyname */ - - if ((hp = gethostbyname(host)) == NULL) { /* Not in DNS */ - - /* Try NetBIOS name lookup, how the hell do we do that? */ - - RFCNB_errno = RFCNBE_BadName; /* Is this right? */ - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } else { /* We got a name */ - - memcpy((void *) Dest_IP, (void *) hp->h_addr_list[0], sizeof(struct in_addr)); - - } - } else { /* It was an IP address */ - - memcpy((void *) Dest_IP, (void *) &addr, sizeof(struct in_addr)); - - } - - return 0; - -} - -/* Disconnect the TCP connection to the server */ - -int -RFCNB_Close(int socket) -{ - - close(socket); - - /* If we want to do error recovery, here is where we put it */ - - return 0; - -} - -/* Connect to the server specified in the IP address. - * Not sure how to handle socket options etc. */ - -int -RFCNB_IP_Connect(struct in_addr Dest_IP, int port) -{ - struct sockaddr_in Socket; - int fd; - - /* Create a socket */ - - if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) { /* Handle the error */ - - RFCNB_errno = RFCNBE_BadSocket; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - } - bzero((char *) &Socket, sizeof(Socket)); - memcpy((char *) &Socket.sin_addr, (char *) &Dest_IP, sizeof(Dest_IP)); - - Socket.sin_port = htons(port); - Socket.sin_family = PF_INET; - - /* Now connect to the destination */ - - if (connect(fd, (struct sockaddr *) &Socket, sizeof(Socket)) < 0) { /* Error */ - - close(fd); - RFCNB_errno = RFCNBE_ConnectFailed; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - } - return (fd); - -} - -/* handle the details of establishing the RFCNB session with remote - * end - * - */ - -int -RFCNB_Session_Req(struct RFCNB_Con *con, - char *Called_Name, - char *Calling_Name, - BOOL * redirect, - struct in_addr *Dest_IP, - int *port) -{ - char *sess_pkt; - - /* Response packet should be no more than 9 bytes, make 16 jic */ - - char resp[16]; - int len; - struct RFCNB_Pkt *pkt, res_pkt; - - /* We build and send the session request, then read the response */ - - pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Sess_Len); - - if (pkt == NULL) { - - return (RFCNBE_Bad); /* Leave the error that RFCNB_Alloc_Pkt gives) */ - - } - sess_pkt = pkt->data; /* Get pointer to packet proper */ - - sess_pkt[RFCNB_Pkt_Type_Offset] = RFCNB_SESSION_REQUEST; - RFCNB_Put_Pkt_Len(sess_pkt, (RFCNB_Pkt_Sess_Len - RFCNB_Pkt_Hdr_Len)); - sess_pkt[RFCNB_Pkt_N1Len_Offset] = 32; - sess_pkt[RFCNB_Pkt_N2Len_Offset] = 32; - - RFCNB_CvtPad_Name(Called_Name, (sess_pkt + RFCNB_Pkt_Called_Offset)); - RFCNB_CvtPad_Name(Calling_Name, (sess_pkt + RFCNB_Pkt_Calling_Offset)); - - /* Now send the packet */ - -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Sending packet: "); - -#endif - - if ((len = RFCNB_Put_Pkt(con, pkt, RFCNB_Pkt_Sess_Len)) < 0) { - - return (RFCNBE_Bad); /* Should be able to write that lot ... */ - - } -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Getting packet.\n"); - -#endif - - res_pkt.data = resp; - res_pkt.len = sizeof(resp); - res_pkt.next = NULL; - - if ((len = RFCNB_Get_Pkt(con, &res_pkt, sizeof(resp))) < 0) { - - return (RFCNBE_Bad); - - } - /* Now analyze the packet ... */ - - switch (RFCNB_Pkt_Type(resp)) { - - case RFCNB_SESSION_REJ: /* Didnt like us ... too bad */ - - /* Why did we get rejected ? */ - - switch (CVAL(resp, RFCNB_Pkt_Error_Offset)) { - - case 0x80: - RFCNB_errno = RFCNBE_CallRejNLOCN; - break; - case 0x81: - RFCNB_errno = RFCNBE_CallRejNLFCN; - break; - case 0x82: - RFCNB_errno = RFCNBE_CallRejCNNP; - break; - case 0x83: - RFCNB_errno = RFCNBE_CallRejInfRes; - break; - case 0x8F: - RFCNB_errno = RFCNBE_CallRejUnSpec; - break; - default: - RFCNB_errno = RFCNBE_ProtErr; - break; - } - - return (RFCNBE_Bad); - break; - - case RFCNB_SESSION_ACK: /* Got what we wanted ... */ - - return (0); - break; - - case RFCNB_SESSION_RETARGET: /* Go elsewhere */ - - *redirect = TRUE; /* Copy port and ip addr */ - - memcpy(Dest_IP, (resp + RFCNB_Pkt_IP_Offset), sizeof(struct in_addr)); - *port = SVAL(resp, RFCNB_Pkt_Port_Offset); - - return (0); - break; - - default: /* A protocol error */ - - RFCNB_errno = RFCNBE_ProtErr; - return (RFCNBE_Bad); - break; - } -} --- squid/auth_modules/MSNT/rfcnb-util.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,51 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Utility Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -void RFCNB_CvtPad_Name(char *name1, char *name2); - -void RFCNB_AName_To_NBName(char *AName, char *NBName); - -void RFCNB_NBName_To_AName(char *NBName, char *AName); - -void RFCNB_Print_Hex(FILE * fd, struct RFCNB_Pkt *pkt, int Offset, int Len); - -struct RFCNB_Pkt *RFCNB_Alloc_Pkt(int n); - -void RFCNB_Print_Pkt(FILE * fd, char *dirn, struct RFCNB_Pkt *pkt, int len); - -int RFCNB_Name_To_IP(char *host, struct in_addr *Dest_IP); - -int RFCNB_Close(int socket); - -int RFCNB_IP_Connect(struct in_addr Dest_IP, int port); - -int RFCNB_Session_Req(RFCNB_Con * con, - char *Called_Name, - char *Calling_Name, - BOOL * redirect, - struct in_addr *Dest_IP, - int *port); - -void RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt); --- squid/auth_modules/MSNT/rfcnb.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,48 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* Error responses */ - -#include "rfcnb-error.h" -#include "rfcnb-common.h" - -/* Defines we need */ - -#define RFCNB_Default_Port 139 - -/* Definition of routines we define */ - -void *RFCNB_Call(char *Called_Name, char *Calling_Name, char *Called_Address, - int port); - -int RFCNB_Send(void *Con_Handle, struct RFCNB_Pkt *Data, int Length); - -int RFCNB_Recv(void *Con_Handle, struct RFCNB_Pkt *Data, int Length); - -int RFCNB_Hangup(void *con_Handle); - -void *RFCNB_Listen(); - -void RFCNB_Get_Error(char *buffer, int buf_len); --- squid/auth_modules/MSNT/session.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,363 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * Session Routines ... - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -int RFCNB_errno = 0; -int RFCNB_saved_errno = 0; -#define RFCNB_ERRNO - -#include "std-includes.h" -#include -#include "rfcnb-priv.h" -#include "rfcnb-util.h" -#include "rfcnb-io.h" - -#include -#include -#include - -int RFCNB_Stats[RFCNB_MAX_STATS]; - -void (*Prot_Print_Routine) () = NULL; /* Pointer to print routine */ - -/* Set up a session with a remote name. We are passed Called_Name as a - * string which we convert to a NetBIOS name, ie space terminated, up to - * 16 characters only if we need to. If Called_Address is not empty, then - * we use it to connect to the remote end, but put in Called_Name ... Called - * Address can be a DNS based name, or a TCP/IP address ... - */ - -void * -RFCNB_Call(char *Called_Name, char *Calling_Name, char *Called_Address, - int port) -{ - struct RFCNB_Con *con; - struct in_addr Dest_IP; - int Client; - BOOL redirect; - struct redirect_addr *redir_addr; - char *Service_Address; - - /* Now, we really should look up the port in /etc/services ... */ - - if (port == 0) - port = RFCNB_Default_Port; - - /* Create a connection structure first */ - - if ((con = (struct RFCNB_Con *) malloc(sizeof(struct RFCNB_Con))) == NULL) { /* Error in size */ - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (NULL); - - } - con->fd = -0; /* no descriptor yet */ - con->rfc_errno = 0; /* no error yet */ - con->timeout = 0; /* no timeout */ - con->redirects = 0; - con->redirect_list = NULL; /* Fix bug still in version 0.50 */ - - /* Resolve that name into an IP address */ - - Service_Address = Called_Name; - if (strcmp(Called_Address, "") != 0) { /* If the Called Address = "" */ - Service_Address = Called_Address; - } - if ((errno = RFCNB_Name_To_IP(Service_Address, &Dest_IP)) < 0) { /* Error */ - - /* No need to modify RFCNB_errno as it was done by RFCNB_Name_To_IP */ - - return (NULL); - - } - /* Now connect to the remote end */ - - redirect = TRUE; /* Fudge this one so we go once through */ - - while (redirect) { /* Connect and get session info etc */ - - redirect = FALSE; /* Assume all OK */ - - /* Build the redirect info. First one is first addr called */ - /* And tack it onto the list of addresses we called */ - - if ((redir_addr = (struct redirect_addr *) malloc(sizeof(struct redirect_addr))) == NULL) { /* Could not get space */ - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (NULL); - - } - memcpy((char *) &(redir_addr->ip_addr), (char *) &Dest_IP, sizeof(Dest_IP)); - redir_addr->port = port; - redir_addr->next = NULL; - - if (con->redirect_list == NULL) { /* Stick on head */ - - con->redirect_list = con->last_addr = redir_addr; - - } else { - - con->last_addr->next = redir_addr; - con->last_addr = redir_addr; - - } - - /* Now, make that connection */ - - if ((Client = RFCNB_IP_Connect(Dest_IP, port)) < 0) { /* Error */ - - /* No need to modify RFCNB_errno as it was done by RFCNB_IP_Connect */ - - return (NULL); - - } - con->fd = Client; - - /* Now send and handle the RFCNB session request */ - /* If we get a redirect, we will comeback with redirect true - * and a new IP address in DEST_IP */ - - if ((errno = RFCNB_Session_Req(con, - Called_Name, - Calling_Name, - &redirect, &Dest_IP, &port)) < 0) { - - /* No need to modify RFCNB_errno as it was done by RFCNB_Session.. */ - - return (NULL); - - } - if (redirect) { - - /* We have to close the connection, and then try again */ - - (con->redirects)++; - - RFCNB_Close(con->fd); /* Close it */ - - } - } - - return (con); - -} - -/* We send a packet to the other end ... for the moment, we treat the - * data as a series of pointers to blocks of data ... we should check the - * length ... */ - -int -RFCNB_Send(struct RFCNB_Con *Con_Handle, struct RFCNB_Pkt *udata, int Length) -{ - struct RFCNB_Pkt *pkt; - char *hdr; - int len; - - /* Plug in the header and send the data */ - - pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Hdr_Len); - - if (pkt == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - pkt->next = udata; /* The user data we want to send */ - - hdr = pkt->data; - - /* Following crap is for portability across multiple UNIX machines */ - - *(hdr + RFCNB_Pkt_Type_Offset) = RFCNB_SESSION_MESSAGE; - RFCNB_Put_Pkt_Len(hdr, Length); - -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Sending packet: "); - -#endif - - if ((len = RFCNB_Put_Pkt(Con_Handle, pkt, Length + RFCNB_Pkt_Hdr_Len)) < 0) { - - /* No need to change RFCNB_errno as it was done by put_pkt ... */ - - return (RFCNBE_Bad); /* Should be able to write that lot ... */ - - } - /* Now we have sent that lot, let's get rid of the RFCNB Header and return */ - - pkt->next = NULL; - - RFCNB_Free_Pkt(pkt); - - return (len); - -} - -/* We pick up a message from the internet ... We have to worry about - * non-message packets ... */ - -int -RFCNB_Recv(void *con_Handle, struct RFCNB_Pkt *Data, int Length) -{ - struct RFCNB_Pkt *pkt; - int ret_len; - - if (con_Handle == NULL) { - - RFCNB_errno = RFCNBE_BadHandle; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - /* Now get a packet from below. We allocate a header first */ - - /* Plug in the header and send the data */ - - pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Hdr_Len); - - if (pkt == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - pkt->next = Data; /* Plug in the data portion */ - - if ((ret_len = RFCNB_Get_Pkt(con_Handle, pkt, Length + RFCNB_Pkt_Hdr_Len)) < 0) { - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Bad packet return in RFCNB_Recv... \n"); -#endif - - return (RFCNBE_Bad); - - } - /* We should check that we go a message and not a keep alive */ - - pkt->next = NULL; - - RFCNB_Free_Pkt(pkt); - - return (ret_len); - -} - -/* We just disconnect from the other end, as there is nothing in the RFCNB */ -/* protocol that specifies any exchange as far as I can see */ - -int -RFCNB_Hangup(struct RFCNB_Con *con_Handle) -{ - - if (con_Handle != NULL) { - RFCNB_Close(con_Handle->fd); /* Could this fail? */ - free(con_Handle); - } - return 0; - - -} - -/* Set TCP_NODELAY on the socket */ - -int -RFCNB_Set_Sock_NoDelay(struct RFCNB_Con *con_Handle, BOOL yn) -{ - - return (setsockopt(con_Handle->fd, IPPROTO_TCP, TCP_NODELAY, - (char *) &yn, sizeof(yn))); - -} - - -/* Listen for a connection on a port???, when */ -/* the connection comes in, we return with the connection */ - -void -RFCNB_Listen() -{ - -} - -/* Pick up the last error response as a string, hmmm, this routine should */ -/* have been different ... */ - -void -RFCNB_Get_Error(char *buffer, int buf_len) -{ - - if (RFCNB_saved_errno <= 0) { - sprintf(buffer, "%s", RFCNB_Error_Strings[RFCNB_errno]); - } else { - sprintf(buffer, "%s\n\terrno:%s", RFCNB_Error_Strings[RFCNB_errno], - strerror(RFCNB_saved_errno)); - } - -} - -/* Pick up the last error response and returns as a code */ - -int -RFCNB_Get_Last_Error() -{ - - return (RFCNB_errno); - -} - -/* Pick up saved errno as well */ - -int -RFCNB_Get_Last_Errno() -{ - - return (RFCNB_saved_errno); - -} - -/* Pick up the last error response and return in string ... */ - -void -RFCNB_Get_Error_Msg(int code, char *msg_buf, int len) -{ - - strncpy(msg_buf, RFCNB_Error_Strings[abs(code)], len); - -} - -/* Register a higher level protocol print routine */ - -void -RFCNB_Register_Print_Routine(void (*fn) ()) -{ - - Prot_Print_Routine = fn; - -} --- squid/auth_modules/MSNT/smbdes.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,364 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * - * a partial implementation of DES designed for use in the - * SMB authentication protocol - * - * Copyright (C) Andrew Tridgell 1997 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -/* NOTES: - * - * This code makes no attempt to be fast! In fact, it is a very - * slow implementation - * - * This code is NOT a complete DES implementation. It implements only - * the minimum necessary for SMB authentication, as used by all SMB - * products (including every copy of Microsoft Windows95 ever sold) - * - * In particular, it can only do a unchained forward DES pass. This - * means it is not possible to use this code for encryption/decryption - * of data, instead it is only useful as a "hash" algorithm. - * - * There is no entry point into this code that allows normal DES operation. - * - * I believe this means that this code does not come under ITAR - * regulations but this is NOT a legal opinion. If you are concerned - * about the applicability of ITAR regulations to this code then you - * should confirm it for yourself (and maybe let me know if you come - * up with a different answer to the one above) - */ - - - -static int perm1[56] = -{57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4}; - -static int perm2[48] = -{14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32}; - -static int perm3[64] = -{58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7}; - -static int perm4[48] = -{32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1}; - -static int perm5[32] = -{16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25}; - - -static int perm6[64] = -{40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25}; - - -static int sc[16] = -{1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}; - -static int sbox[8][4][16] = -{ - { - {14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, - {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, - {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, - {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, - - { - {15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, - {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, - {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, - {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, - - { - {10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, - {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, - {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, - {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, - - { - {7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, - {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, - {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, - {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, - - { - {2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, - {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, - {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, - {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, - - { - {12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, - {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, - {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, - {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, - - { - {4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, - {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, - {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, - {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, - - { - {13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, - {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, - {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, - {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}}; - -static void -permute(char *out, char *in, int *p, int n) -{ - int i; - for (i = 0; i < n; i++) - out[i] = in[p[i] - 1]; -} - -static void -lshift(char *d, int count, int n) -{ - char out[64]; - int i; - for (i = 0; i < n; i++) - out[i] = d[(i + count) % n]; - for (i = 0; i < n; i++) - d[i] = out[i]; -} - -static void -concat(char *out, char *in1, char *in2, int l1, int l2) -{ - while (l1--) - *out++ = *in1++; - while (l2--) - *out++ = *in2++; -} - -static void -xor(char *out, char *in1, char *in2, int n) -{ - int i; - for (i = 0; i < n; i++) - out[i] = in1[i] ^ in2[i]; -} - -static void -dohash(char *out, char *in, char *key) -{ - int i, j, k; - char pk1[56]; - char c[28]; - char d[28]; - char cd[56]; - char ki[16][48]; - char pd1[64]; - char l[32], r[32]; - char rl[64]; - - permute(pk1, key, perm1, 56); - - for (i = 0; i < 28; i++) - c[i] = pk1[i]; - for (i = 0; i < 28; i++) - d[i] = pk1[i + 28]; - - for (i = 0; i < 16; i++) { - lshift(c, sc[i], 28); - lshift(d, sc[i], 28); - - concat(cd, c, d, 28, 28); - permute(ki[i], cd, perm2, 48); - } - - permute(pd1, in, perm3, 64); - - for (j = 0; j < 32; j++) { - l[j] = pd1[j]; - r[j] = pd1[j + 32]; - } - - for (i = 0; i < 16; i++) { - char er[48]; - char erk[48]; - char b[8][6]; - char cb[32]; - char pcb[32]; - char r2[32]; - - permute(er, r, perm4, 48); - - xor(erk, er, ki[i], 48); - - for (j = 0; j < 8; j++) - for (k = 0; k < 6; k++) - b[j][k] = erk[j * 6 + k]; - - for (j = 0; j < 8; j++) { - int m, n; - m = (b[j][0] << 1) | b[j][5]; - - n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4]; - - for (k = 0; k < 4; k++) - b[j][k] = (sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0; - } - - for (j = 0; j < 8; j++) - for (k = 0; k < 4; k++) - cb[j * 4 + k] = b[j][k]; - permute(pcb, cb, perm5, 32); - - xor(r2, l, pcb, 32); - - for (j = 0; j < 32; j++) - l[j] = r[j]; - - for (j = 0; j < 32; j++) - r[j] = r2[j]; - } - - concat(rl, r, l, 32, 32); - - permute(out, rl, perm6, 64); -} - -static void -str_to_key(unsigned char *str, unsigned char *key) -{ - int i; - - key[0] = str[0] >> 1; - key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); - key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3); - key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4); - key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5); - key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6); - key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7); - key[7] = str[6] & 0x7F; - for (i = 0; i < 8; i++) { - key[i] = (key[i] << 1); - } -} - - -static void -smbhash(unsigned char *out, unsigned char *in, unsigned char *key) -{ - int i; - char outb[64]; - char inb[64]; - char keyb[64]; - unsigned char key2[8]; - - str_to_key(key, key2); - - for (i = 0; i < 64; i++) { - inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; - keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; - outb[i] = 0; - } - - dohash(outb, inb, keyb); - - for (i = 0; i < 8; i++) { - out[i] = 0; - } - - for (i = 0; i < 64; i++) { - if (outb[i]) - out[i / 8] |= (1 << (7 - (i % 8))); - } -} - -void -E_P16(unsigned char *p14, unsigned char *p16) -{ - unsigned char sp8[8] = - {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; - smbhash(p16, sp8, p14); - smbhash(p16 + 8, sp8, p14 + 7); -} - -void -E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24) -{ - smbhash(p24, c8, p21); - smbhash(p24 + 8, c8, p21 + 7); - smbhash(p24 + 16, c8, p21 + 14); -} - -void -cred_hash1(unsigned char *out, unsigned char *in, unsigned char *key) -{ - unsigned char buf[8]; - - smbhash(buf, in, key); - smbhash(out, buf, key + 9); -} - -void -cred_hash2(unsigned char *out, unsigned char *in, unsigned char *key) -{ - unsigned char buf[8]; - static unsigned char key2[8]; - - smbhash(buf, in, key); - key2[0] = key[7]; - smbhash(out, buf, key2); -} --- squid/auth_modules/MSNT/smbencrypt.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,205 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * SMB parameters and setup - * Copyright (C) Andrew Tridgell 1992-1997 - * Modified by Jeremy Allison 1995. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -/* Antonino #include */ - -#include "smblib-priv.h" -#define uchar unsigned char -extern int DEBUGLEVEL; - -#include "byteorder.h" - -char *StrnCpy(char *dest, char *src, int n); -void strupper(char *s); -extern void E_P16(unsigned char *, unsigned char *); -extern void E_P24(unsigned char *, unsigned char *, unsigned char *); -extern void mdfour(unsigned char *, unsigned char *, int); - - -/* - * This implements the X/Open SMB password encryption - * It takes a password, a 8 byte "crypt key" and puts 24 bytes of - * encrypted password into p24 */ -void -SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) -{ - uchar p14[15], p21[21]; - - memset(p21, '\0', 21); - memset(p14, '\0', 14); - StrnCpy((char *) p14, (char *) passwd, 14); - - strupper((char *) p14); - E_P16(p14, p21); - E_P24(p21, c8, p24); -} - -/* Routines for Windows NT MD4 Hash functions. */ -static int -_my_wcslen(int16 * str) -{ - int len = 0; - while (*str++ != 0) - len++; - return len; -} - -/* - * Convert a string into an NT UNICODE string. - * Note that regardless of processor type - * this must be in intel (little-endian) - * format. - */ - -static int -_my_mbstowcs(int16 * dst, uchar * src, int len) -{ - int i; - int16 val; - - for (i = 0; i < len; i++) { - val = *src; - SSVAL(dst, 0, val); - dst++; - src++; - if (val == 0) - break; - } - return i; -} - -/* - * Creates the MD4 Hash of the users password in NT UNICODE. - */ - -void -E_md4hash(uchar * passwd, uchar * p16) -{ - int len; - int16 wpwd[129]; - - /* Password cannot be longer than 128 characters */ - len = strlen((char *) passwd); - if (len > 128) - len = 128; - /* Password must be converted to NT unicode */ - _my_mbstowcs(wpwd, passwd, len); - wpwd[len] = 0; /* Ensure string is null terminated */ - /* Calculate length in bytes */ - len = _my_wcslen(wpwd) * sizeof(int16); - - mdfour(p16, (unsigned char *) wpwd, len); -} - -/* Does the NT MD4 hash then des encryption. */ - -void -SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) -{ - uchar p21[21]; - - memset(p21, '\0', 21); - - E_md4hash(passwd, p21); - E_P24(p21, c8, p24); -} - -/* Does both the NT and LM owfs of a user's password */ - -void -nt_lm_owf_gen(char *pwd, char *nt_p16, char *p16) -{ - char passwd[130]; - StrnCpy(passwd, pwd, sizeof(passwd) - 1); - - /* Calculate the MD4 hash (NT compatible) of the password */ - memset(nt_p16, '\0', 16); - E_md4hash((uchar *) passwd, (uchar *) nt_p16); - - /* Mangle the passwords into Lanman format */ - passwd[14] = '\0'; - strupper(passwd); - - /* Calculate the SMB (lanman) hash functions of the password */ - - memset(p16, '\0', 16); - E_P16((uchar *) passwd, (uchar *) p16); - - /* clear out local copy of user's password (just being paranoid). */ - bzero(passwd, sizeof(passwd)); -} - -/**************************************************************************** -line strncpy but always null terminates. Make sure there is room! -****************************************************************************/ -char * -StrnCpy(char *dest, char *src, int n) -{ - char *d = dest; - if (!dest) - return (NULL); - if (!src) { - *dest = 0; - return (dest); - } - while (n-- && (*d++ = *src++)); - *d = 0; - return (dest); -} - -void -strupper(char *s) -{ - while (*s) { -#if UNUSED_CODE -#if !defined(KANJI_WIN95_COMPATIBILITY) - if (lp_client_code_page() == KANJI_CODEPAGE) { - - if (is_shift_jis(*s)) { - if (is_sj_lower(s[0], s[1])) - s[1] = sj_toupper2(s[1]); - s += 2; - } else if (is_kana(*s)) { - s++; - } else { - if (islower(*s)) - *s = toupper(*s); - s++; - } - } else -#endif /* KANJI_WIN95_COMPATIBILITY */ -#endif /* UNUSED_CODE */ - { - if (islower(*s)) - *s = toupper(*s); - s++; - } - } -} --- squid/auth_modules/MSNT/smblib-common.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,189 +0,0 @@ -/* UNIX SMBlib NetBIOS implementation - * - * Version 1.0 - * SMBlib Common Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* To get the error class we want the first 8 bits */ -/* Because we just grab 4bytes from the SMB header, we have to re-order */ -/* here, but it makes the NtStatus part easier in future */ - -#ifndef _SMBLIB_COMMON_H_ -#define _SMBLIB_COMMON_H_ - -#define SMBlib_Error_Class(p) (p & 0x000000FF) - -/* To get the error code, we want the bottom 16 bits */ - -#define SMBlib_Error_Code(p) (((unsigned int)p & 0xFFFF0000) >>16) - -/* Error CLASS codes and etc ... */ - -#define SMBC_SUCCESS 0 -#define SMBC_ERRDOS 0x01 -#define SMBC_ERRSRV 0x02 -#define SMBC_ERRHRD 0x03 -#define SMBC_ERRCMD 0xFF - -/* Success error codes */ - -#define SMBS_BUFFERED 0x54 -#define SMBS_LOGGED 0x55 -#define SMBS_DISPLAYED 0x56 - -/* ERRDOS Error codes */ - -#define SMBD_badfunc 0x01 -#define SMBD_badfile 0x02 -#define SMBD_badpath 0x03 -#define SMBD_nofids 0x04 -#define SMBD_noaccess 0x05 -#define SMBD_badfid 0x06 -#define SMBD_badmcb 0x07 -#define SMBD_nomem 0x08 -#define SMBD_badmem 0x09 -#define SMBD_badenv 0x0A -#define SMBD_badformat 0x0B -#define SMBD_badaccess 0x0C -#define SMBD_baddata 0x0D -#define SMBD_reserved 0x0E -#define SMBD_baddrive 0x0F -#define SMBD_remcd 0x10 -#define SMBD_diffdevice 0x11 -#define SMBD_nofiles 0x12 -#define SMBD_badshare 0x20 -#define SMBD_errlock 0x21 -#define SMBD_filexists 0x50 - -/* Server errors ... */ - -#define SMBV_error 0x01 /* Generic error */ -#define SMBV_badpw 0x02 -#define SMBV_badtype 0x03 -#define SMBV_access 0x04 -#define SMBV_invnid 0x05 -#define SMBV_invnetname 0x06 -#define SMBV_invdevice 0x07 -#define SMBV_qfull 0x31 -#define SMBV_qtoobig 0x32 -#define SMBV_qeof 0x33 -#define SMBV_invpfid 0x34 -#define SMBV_paused 0x51 -#define SMBV_msgoff 0x52 -#define SMBV_noroom 0x53 -#define SMBV_rmuns 0x57 -#define SMBV_nosupport 0xFFFF - -/* Hardware error codes ... */ - -#define SMBH_nowrite 0x13 -#define SMBH_badunit 0x14 -#define SMBH_notready 0x15 -#define SMBH_badcmd 0x16 -#define SMBH_data 0x17 -#define SMBH_badreq 0x18 -#define SMBH_seek 0x19 -#define SMBH_badmedia 0x1A -#define SMBH_badsector 0x1B -#define SMBH_nopaper 0x1C -#define SMBH_write 0x1D -#define SMBH_read 0x1E -#define SMBH_general 0x1F -#define SMBH_badshare 0x20 - -/* Access mode defines ... */ - -#define SMB_AMODE_WTRU 0x4000 -#define SMB_AMODE_NOCACHE 0x1000 -#define SMB_AMODE_COMPAT 0x0000 -#define SMB_AMODE_DENYRWX 0x0010 -#define SMB_AMODE_DENYW 0x0020 -#define SMB_AMODE_DENYRX 0x0030 -#define SMB_AMODE_DENYNONE 0x0040 -#define SMB_AMODE_OPENR 0x0000 -#define SMB_AMODE_OPENW 0x0001 -#define SMB_AMODE_OPENRW 0x0002 -#define SMB_AMODE_OPENX 0x0003 -#define SMB_AMODE_FCBOPEN 0x00FF -#define SMB_AMODE_LOCUNKN 0x0000 -#define SMB_AMODE_LOCMSEQ 0x0100 -#define SMB_AMODE_LOCMRAN 0x0200 -#define SMB_AMODE_LOCRAL 0x0300 - -/* File attribute encoding ... */ - -#define SMB_FA_ORD 0x00 -#define SMB_FA_ROF 0x01 -#define SMB_FA_HID 0x02 -#define SMB_FA_SYS 0x04 -#define SMB_FA_VOL 0x08 -#define SMB_FA_DIR 0x10 -#define SMB_FA_ARC 0x20 - -/* Define the protocol types ... */ - -#define SMB_P_Unknown -1 /* Hmmm, is this smart? */ -#define SMB_P_Core 0 -#define SMB_P_CorePlus 1 -#define SMB_P_DOSLanMan1 2 -#define SMB_P_LanMan1 3 -#define SMB_P_DOSLanMan2 4 -#define SMB_P_LanMan2 5 -#define SMB_P_DOSLanMan2_1 6 -#define SMB_P_LanMan2_1 7 -#define SMB_P_NT1 8 - -/* SMBlib return codes */ -/* We want something that indicates whether or not the return code was a */ -/* remote error, a local error in SMBlib or returned from lower layer ... */ -/* Wonder if this will work ... */ -/* SMBlibE_Remote = 1 indicates remote error */ -/* SMBlibE_ values < 0 indicate local error with more info available */ -/* SMBlibE_ values >1 indicate local from SMBlib code errors? */ - -#define SMBlibE_Success 0 -#define SMBlibE_Remote 1 /* Remote error, get more info from con */ -#define SMBlibE_BAD -1 -#define SMBlibE_LowerLayer 2 /* Lower layer error */ -#define SMBlibE_NotImpl 3 /* Function not yet implemented */ -#define SMBlibE_ProtLow 4 /* Protocol negotiated does not support req */ -#define SMBlibE_NoSpace 5 /* No space to allocate a structure */ -#define SMBlibE_BadParam 6 /* Bad parameters */ -#define SMBlibE_NegNoProt 7 /* None of our protocols was liked */ -#define SMBlibE_SendFailed 8 /* Sending an SMB failed */ -#define SMBlibE_RecvFailed 9 /* Receiving an SMB failed */ -#define SMBlibE_GuestOnly 10 /* Logged in as guest */ -#define SMBlibE_CallFailed 11 /* Call remote end failed */ -#define SMBlibE_ProtUnknown 12 /* Protocol unknown */ -#define SMBlibE_NoSuchMsg 13 /* Keep this up to date */ - -typedef struct { /* A structure for a Dirent */ - - unsigned char resume_key[21]; /* Don't touch this */ - unsigned char file_attributes; /* Attributes of file */ - unsigned int date_time; /* date and time of last mod */ - unsigned int size; - char filename[13]; /* The name of the file */ - -} SMB_CP_dirent; - -#endif /* _SMBLIB_COMMON_H_ */ --- squid/auth_modules/MSNT/smblib-priv.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,604 +0,0 @@ -/* UNIX SMBlib NetBIOS implementation - * - * Version 1.0 - * SMBlib private Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#ifndef _SMBLIB_PRIV_H_ -#define _SMBLIB_PRIV_H_ - -#include "std-defines.h" -#include "smblib-common.h" -#include -#include - -#include "byteorder.h" /* Hmmm ... hot good */ - -#define max(a,b) (a < b ? b : a) - -#define SMB_DEF_IDF 0x424D53FF /* "\377SMB" */ - -/* Core protocol commands */ - -#define SMBmkdir 0x00 /* create directory */ -#define SMBrmdir 0x01 /* delete directory */ -#define SMBopen 0x02 /* open file */ -#define SMBcreate 0x03 /* create file */ -#define SMBclose 0x04 /* close file */ -#define SMBflush 0x05 /* flush file */ -#define SMBunlink 0x06 /* delete file */ -#define SMBmv 0x07 /* rename file */ -#define SMBgetatr 0x08 /* get file attributes */ -#define SMBsetatr 0x09 /* set file attributes */ -#define SMBread 0x0A /* read from file */ -#define SMBwrite 0x0B /* write to file */ -#define SMBlock 0x0C /* lock byte range */ -#define SMBunlock 0x0D /* unlock byte range */ -#define SMBctemp 0x0E /* create temporary file */ -#define SMBmknew 0x0F /* make new file */ -#define SMBchkpth 0x10 /* check directory path */ -#define SMBexit 0x11 /* process exit */ -#define SMBlseek 0x12 /* seek */ -#define SMBtcon 0x70 /* tree connect */ -#define SMBtdis 0x71 /* tree disconnect */ -#define SMBnegprot 0x72 /* negotiate protocol */ -#define SMBdskattr 0x80 /* get disk attributes */ -#define SMBsearch 0x81 /* search directory */ -#define SMBsplopen 0xC0 /* open print spool file */ -#define SMBsplwr 0xC1 /* write to print spool file */ -#define SMBsplclose 0xC2 /* close print spool file */ -#define SMBsplretq 0xC3 /* return print queue */ -#define SMBsends 0xD0 /* send single block message */ -#define SMBsendb 0xD1 /* send broadcast message */ -#define SMBfwdname 0xD2 /* forward user name */ -#define SMBcancelf 0xD3 /* cancel forward */ -#define SMBgetmac 0xD4 /* get machine name */ -#define SMBsendstrt 0xD5 /* send start of multi-block message */ -#define SMBsendend 0xD6 /* send end of multi-block message */ -#define SMBsendtxt 0xD7 /* send text of multi-block message */ - -/* CorePlus protocol */ - -#define SMBlockread 0x13 /* Lock a range and read it */ -#define SMBwriteunlock 0x14 /* Unlock a range and then write */ -#define SMBreadbraw 0x1a /* read a block of data without smb header ohead */ -#define SMBwritebraw 0x1d /* write a block of data without smb header ohead */ -#define SMBwritec 0x20 /* secondary write request */ -#define SMBwriteclose 0x2c /* write a file and then close it */ - -/* DOS Extended Protocol */ - -#define SMBreadBraw 0x1A /* read block raw */ -#define SMBreadBmpx 0x1B /* read block multiplexed */ -#define SMBreadBs 0x1C /* read block (secondary response) */ -#define SMBwriteBraw 0x1D /* write block raw */ -#define SMBwriteBmpx 0x1E /* write block multiplexed */ -#define SMBwriteBs 0x1F /* write block (secondary request) */ -#define SMBwriteC 0x20 /* write complete response */ -#define SMBsetattrE 0x22 /* set file attributes expanded */ -#define SMBgetattrE 0x23 /* get file attributes expanded */ -#define SMBlockingX 0x24 /* lock/unlock byte ranges and X */ -#define SMBtrans 0x25 /* transaction - name, bytes in/out */ -#define SMBtranss 0x26 /* transaction (secondary request/response) */ -#define SMBioctl 0x27 /* IOCTL */ -#define SMBioctls 0x28 /* IOCTL (secondary request/response) */ -#define SMBcopy 0x29 /* copy */ -#define SMBmove 0x2A /* move */ -#define SMBecho 0x2B /* echo */ -#define SMBopenX 0x2D /* open and X */ -#define SMBreadX 0x2E /* read and X */ -#define SMBwriteX 0x2F /* write and X */ -#define SMBsesssetupX 0x73 /* Session Set Up & X (including User Logon) */ -#define SMBtconX 0x75 /* tree connect and X */ -#define SMBffirst 0x82 /* find first */ -#define SMBfunique 0x83 /* find unique */ -#define SMBfclose 0x84 /* find close */ -#define SMBinvalid 0xFE /* invalid command */ - -/* Any more ? */ - -#define SMBdatablockID 0x01 /* A data block identifier */ -#define SMBdialectID 0x02 /* A dialect id */ -#define SMBpathnameID 0x03 /* A pathname ID */ -#define SMBasciiID 0x04 /* An ascii string ID */ -#define SMBvariableblockID 0x05 /* A variable block ID */ - -/* some other defines we need */ - -/* Flags defines ... */ - -#define SMB_FLG2_NON_DOS 0x01 /* We know non dos names */ -#define SMB_FLG2_EXT_ATR 0x02 /* We know about Extended Attributes */ -#define SMB_FLG2_LNG_NAM 0x04 /* Long names ? */ - -typedef unsigned short WORD; -typedef unsigned short UWORD; -typedef unsigned int ULONG; -typedef unsigned char BYTE; -typedef unsigned char UCHAR; - -/* Some macros to allow access to actual packet data so that we */ -/* can change the underlying representation of packets. */ -/* */ -/* The current formats vying for attention are a fragment */ -/* approach where the SMB header is a fragment linked to the */ -/* data portion with the transport protocol (rfcnb or whatever) */ -/* being linked on the front. */ -/* */ -/* The other approach is where the whole packet is one array */ -/* of bytes with space allowed on the front for the packet */ -/* headers. */ - -#define SMB_Hdr(p) (char *)(p -> data) - -/* SMB Hdr def for File Sharing Protocol? From MS and Intel, */ -/* Intel PN 138446 Doc Version 2.0, Nov 7, 1988. This def also */ -/* applies to LANMAN1.0 as well as the Core Protocol */ -/* The spec states that wct and bcc must be present, even if 0 */ - -/* We define these as offsets into a char SMB[] array for the */ -/* sake of portability */ - -/* NOTE!. Some of the lenght defines, SMB__len do not include */ -/* the data that follows in the SMB packet, so the code will have to */ -/* take that into account. */ - -#define SMB_hdr_idf_offset 0 /* 0xFF,'SMB' 0-3 */ -#define SMB_hdr_com_offset 4 /* BYTE 4 */ -#define SMB_hdr_rcls_offset 5 /* BYTE 5 */ -#define SMB_hdr_reh_offset 6 /* BYTE 6 */ -#define SMB_hdr_err_offset 7 /* WORD 7 */ -#define SMB_hdr_reb_offset 9 /* BYTE 9 */ -#define SMB_hdr_flg_offset 9 /* same as reb ... */ -#define SMB_hdr_res_offset 10 /* 7 WORDs 10 */ -#define SMB_hdr_res0_offset 10 /* WORD 10 */ -#define SMB_hdr_flg2_offset 10 /* WORD */ -#define SMB_hdr_res1_offset 12 /* WORD 12 */ -#define SMB_hdr_res2_offset 14 -#define SMB_hdr_res3_offset 16 -#define SMB_hdr_res4_offset 18 -#define SMB_hdr_res5_offset 20 -#define SMB_hdr_res6_offset 22 -#define SMB_hdr_tid_offset 24 -#define SMB_hdr_pid_offset 26 -#define SMB_hdr_uid_offset 28 -#define SMB_hdr_mid_offset 30 -#define SMB_hdr_wct_offset 32 - -#define SMB_hdr_len 33 /* 33 byte header? */ - -#define SMB_hdr_axc_offset 33 /* AndX Command */ -#define SMB_hdr_axr_offset 34 /* AndX Reserved */ -#define SMB_hdr_axo_offset 35 /* Offset from start to WCT of AndX cmd */ - -/* Format of the Negotiate Protocol SMB */ - -#define SMB_negp_bcc_offset 33 -#define SMB_negp_buf_offset 35 /* Where the buffer starts */ -#define SMB_negp_len 35 /* plus the data */ - -/* Format of the Negotiate Response SMB, for CoreProtocol, LM1.2 and */ -/* NT LM 0.12. wct will be 1 for CoreProtocol, 13 for LM 1.2, and 17 */ -/* for NT LM 0.12 */ - -#define SMB_negrCP_idx_offset 33 /* Response to the neg req */ -#define SMB_negrCP_bcc_offset 35 -#define SMB_negrLM_idx_offset 33 /* dialect index */ -#define SMB_negrLM_sec_offset 35 /* Security mode */ -#define SMB_sec_user_mask 0x01 /* 0 = share, 1 = user */ -#define SMB_sec_encrypt_mask 0x02 /* pick out encrypt */ -#define SMB_negrLM_mbs_offset 37 /* max buffer size */ -#define SMB_negrLM_mmc_offset 39 /* max mpx count */ -#define SMB_negrLM_mnv_offset 41 /* max number of VCs */ -#define SMB_negrLM_rm_offset 43 /* raw mode support bit vec */ -#define SMB_read_raw_mask 0x01 -#define SMB_write_raw_mask 0x02 -#define SMB_negrLM_sk_offset 45 /* session key, 32 bits */ -#define SMB_negrLM_st_offset 49 /* Current server time */ -#define SMB_negrLM_sd_offset 51 /* Current server date */ -#define SMB_negrLM_stz_offset 53 /* Server Time Zone */ -#define SMB_negrLM_ekl_offset 55 /* encryption key length */ -#define SMB_negrLM_res_offset 57 /* reserved */ -#define SMB_negrLM_bcc_offset 59 /* bcc */ -#define SMB_negrLM_len 61 /* 61 bytes ? */ -#define SMB_negrLM_buf_offset 61 /* Where the fun begins */ - -#define SMB_negrNTLM_idx_offset 33 /* Selected protocol */ -#define SMB_negrNTLM_sec_offset 35 /* Security more */ -#define SMB_negrNTLM_mmc_offset 36 /* Different format above */ -#define SMB_negrNTLM_mnv_offset 38 /* Max VCs */ -#define SMB_negrNTLM_mbs_offset 40 /* MBS now a long */ -#define SMB_negrNTLM_mrs_offset 44 /* Max raw size */ -#define SMB_negrNTLM_sk_offset 48 /* Session Key */ -#define SMB_negrNTLM_cap_offset 52 /* Capabilities */ -#define SMB_negrNTLM_stl_offset 56 /* Server time low */ -#define SMB_negrNTLM_sth_offset 60 /* Server time high */ -#define SMB_negrNTLM_stz_offset 64 /* Server time zone */ -#define SMB_negrNTLM_ekl_offset 66 /* Encrypt key len */ -#define SMB_negrNTLM_bcc_offset 67 /* Bcc */ -#define SMB_negrNTLM_len 69 -#define SMB_negrNTLM_buf_offset 69 - -/* Offsets related to Tree Connect */ - -#define SMB_tcon_bcc_offset 33 -#define SMB_tcon_buf_offset 35 /* where the data is for tcon */ -#define SMB_tcon_len 35 /* plus the data */ - -#define SMB_tconr_mbs_offset 33 /* max buffer size */ -#define SMB_tconr_tid_offset 35 /* returned tree id */ -#define SMB_tconr_bcc_offset 37 -#define SMB_tconr_len 39 - -#define SMB_tconx_axc_offset 33 /* And X Command */ -#define SMB_tconx_axr_offset 34 /* reserved */ -#define SMB_tconx_axo_offset 35 /* Next command offset */ -#define SMB_tconx_flg_offset 37 /* Flags, bit0=1 means disc TID */ -#define SMB_tconx_pwl_offset 39 /* Password length */ -#define SMB_tconx_bcc_offset 41 /* bcc */ -#define SMB_tconx_buf_offset 43 /* buffer */ -#define SMB_tconx_len 43 /* up to data ... */ - -#define SMB_tconxr_axc_offset 33 /* Where the AndX Command is */ -#define SMB_tconxr_axr_offset 34 /* Reserved */ -#define SMB_tconxr_axo_offset 35 /* AndX offset location */ - -/* Offsets related to tree_disconnect */ - -#define SMB_tdis_bcc_offset 33 /* bcc */ -#define SMB_tdis_len 35 /* total len */ - -#define SMB_tdisr_bcc_offset 33 /* bcc */ -#define SMB_tdisr_len 35 - -/* Offsets related to Open Request */ - -#define SMB_open_mod_offset 33 /* Mode to open with */ -#define SMB_open_atr_offset 35 /* Attributes of file */ -#define SMB_open_bcc_offset 37 /* bcc */ -#define SMB_open_buf_offset 39 /* File name */ -#define SMB_open_len 39 /* Plus the file name */ - -#define SMB_openx_axc_offset 33 /* Next command */ -#define SMB_openx_axr_offset 34 /* Reserved */ -#define SMB_openx_axo_offset 35 /* offset of next wct */ -#define SMB_openx_flg_offset 37 /* Flags, bit0 = need more info */ - /* bit1 = exclusive oplock */ - /* bit2 = batch oplock */ -#define SMB_openx_mod_offset 39 /* mode to open with */ -#define SMB_openx_atr_offset 41 /* search attributes */ -#define SMB_openx_fat_offset 43 /* File attributes */ -#define SMB_openx_tim_offset 45 /* time and date of creat */ -#define SMB_openx_ofn_offset 49 /* Open function */ -#define SMB_openx_als_offset 51 /* Space to allocate on */ -#define SMB_openx_res_offset 55 /* reserved */ -#define SMB_openx_bcc_offset 63 /* bcc */ -#define SMB_openx_buf_offset 65 /* Where file name goes */ -#define SMB_openx_len 65 - -#define SMB_openr_fid_offset 33 /* FID returned */ -#define SMB_openr_atr_offset 35 /* Attributes opened with */ -#define SMB_openr_tim_offset 37 /* Last mod time of file */ -#define SMB_openr_fsz_offset 41 /* File size 4 bytes */ -#define SMB_openr_acc_offset 45 /* Access allowed */ -#define SMB_openr_bcc_offset 47 -#define SMB_openr_len 49 - -#define SMB_openxr_axc_offset 33 /* And X command */ -#define SMB_openxr_axr_offset 34 /* reserved */ -#define SMB_openxr_axo_offset 35 /* offset to next command */ -#define SMB_openxr_fid_offset 37 /* FID returned */ -#define SMB_openxr_fat_offset 39 /* File attributes returned */ -#define SMB_openxr_tim_offset 41 /* File creation date etc */ -#define SMB_openxr_fsz_offset 45 /* Size of file */ -#define SMB_openxr_acc_offset 49 /* Access granted */ - -#define SMB_clos_fid_offset 33 /* FID to close */ -#define SMB_clos_tim_offset 35 /* Last mod time */ -#define SMB_clos_bcc_offset 39 /* bcc */ -#define SMB_clos_len 41 - -/* Offsets related to Write requests */ - -#define SMB_write_fid_offset 33 /* FID to write */ -#define SMB_write_cnt_offset 35 /* bytes to write */ -#define SMB_write_ofs_offset 37 /* location to write to */ -#define SMB_write_clf_offset 41 /* advisory count left */ -#define SMB_write_bcc_offset 43 /* bcc = data bytes + 3 */ -#define SMB_write_buf_offset 45 /* Data=0x01, len, data */ -#define SMB_write_len 45 /* plus the data ... */ - -#define SMB_writr_cnt_offset 33 /* Count of bytes written */ -#define SMB_writr_bcc_offset 35 /* bcc */ -#define SMB_writr_len 37 - -/* Offsets related to read requests */ - -#define SMB_read_fid_offset 33 /* FID of file to read */ -#define SMB_read_cnt_offset 35 /* count of words to read */ -#define SMB_read_ofs_offset 37 /* Where to read from */ -#define SMB_read_clf_offset 41 /* Advisory count to go */ -#define SMB_read_bcc_offset 43 -#define SMB_read_len 45 - -#define SMB_readr_cnt_offset 33 /* Count of bytes returned */ -#define SMB_readr_res_offset 35 /* 4 shorts reserved, 8 bytes */ -#define SMB_readr_bcc_offset 43 /* bcc */ -#define SMB_readr_bff_offset 45 /* buffer format char = 0x01 */ -#define SMB_readr_len_offset 46 /* buffer len */ -#define SMB_readr_len 45 /* length of the readr before data */ - -/* Offsets for Create file */ - -#define SMB_creat_atr_offset 33 /* Attributes of new file ... */ -#define SMB_creat_tim_offset 35 /* Time of creation */ -#define SMB_creat_dat_offset 37 /* 4004BCE :-) */ -#define SMB_creat_bcc_offset 39 /* bcc */ -#define SMB_creat_buf_offset 41 -#define SMB_creat_len 41 /* Before the data */ - -#define SMB_creatr_fid_offset 33 /* FID of created file */ - -/* Offsets for Delete file */ - -#define SMB_delet_sat_offset 33 /* search attribites */ -#define SMB_delet_bcc_offset 35 /* bcc */ -#define SMB_delet_buf_offset 37 -#define SMB_delet_len 37 - -/* Offsets for SESSION_SETUP_ANDX for both LM and NT LM protocols */ - -#define SMB_ssetpLM_mbs_offset 37 /* Max buffer Size, allow for AndX */ -#define SMB_ssetpLM_mmc_offset 39 /* max multiplex count */ -#define SMB_ssetpLM_vcn_offset 41 /* VC number if new VC */ -#define SMB_ssetpLM_snk_offset 43 /* Session Key */ -#define SMB_ssetpLM_pwl_offset 47 /* password length */ -#define SMB_ssetpLM_res_offset 49 /* reserved */ -#define SMB_ssetpLM_bcc_offset 53 /* bcc */ -#define SMB_ssetpLM_len 55 /* before data ... */ -#define SMB_ssetpLM_buf_offset 55 - -#define SMB_ssetpNTLM_mbs_offset 37 /* Max Buffer Size for NT LM 0.12 */ - /* and above */ -#define SMB_ssetpNTLM_mmc_offset 39 /* Max Multiplex count */ -#define SMB_ssetpNTLM_vcn_offset 41 /* VC Number */ -#define SMB_ssetpNTLM_snk_offset 43 /* Session key */ -#define SMB_ssetpNTLM_cipl_offset 47 /* Case Insensitive PW Len */ -#define SMB_ssetpNTLM_cspl_offset 49 /* Unicode pw len */ -#define SMB_ssetpNTLM_res_offset 51 /* reserved */ -#define SMB_ssetpNTLM_cap_offset 55 /* server capabilities */ -#define SMB_ssetpNTLM_bcc_offset 59 /* bcc */ -#define SMB_ssetpNTLM_len 61 /* before data */ -#define SMB_ssetpNTLM_buf_offset 61 - -#define SMB_ssetpr_axo_offset 35 /* Offset of next response ... */ -#define SMB_ssetpr_act_offset 37 /* action, bit 0 = 1 => guest */ -#define SMB_ssetpr_bcc_offset 39 /* bcc */ -#define SMB_ssetpr_buf_offset 41 /* Native OS etc */ - -/* Offsets for SMB create directory */ - -#define SMB_creatdir_bcc_offset 33 /* only a bcc here */ -#define SMB_creatdir_buf_offset 35 /* Where things start */ -#define SMB_creatdir_len 35 - -/* Offsets for SMB delete directory */ - -#define SMB_deletdir_bcc_offset 33 /* only a bcc here */ -#define SMB_deletdir_buf_offset 35 /* where things start */ -#define SMB_deletdir_len 35 - -/* Offsets for SMB check directory */ - -#define SMB_checkdir_bcc_offset 33 /* Only a bcc here */ -#define SMB_checkdir_buf_offset 35 /* where things start */ -#define SMB_checkdir_len 35 - -/* Offsets for SMB search */ - -#define SMB_search_mdc_offset 33 /* Max Dir ents to return */ -#define SMB_search_atr_offset 35 /* Search attributes */ -#define SMB_search_bcc_offset 37 /* bcc */ -#define SMB_search_buf_offset 39 /* where the action is */ -#define SMB_search_len 39 - -#define SMB_searchr_dec_offset 33 /* Dir ents returned */ -#define SMB_searchr_bcc_offset 35 /* bcc */ -#define SMB_searchr_buf_offset 37 /* Where the action starts */ -#define SMB_searchr_len 37 /* before the dir ents */ - -#define SMB_searchr_dirent_len 43 /* 53 bytes */ - -/* Defines for SMB transact and transact2 calls */ - -#define SMB_trans_tpc_offset 33 /* Total param count */ -#define SMB_trans_tdc_offset 35 /* total Data count */ -#define SMB_trans_mpc_offset 37 /* Max params bytes to return */ -#define SMB_trans_mdc_offset 39 /* Max data bytes to return */ -#define SMB_trans_msc_offset 41 /* Max setup words to return */ -#define SMB_trans_rs1_offset 42 /* Reserved byte */ -#define SMB_trans_flg_offset 43 /* flags */ -#define SMB_trans_tmo_offset 45 /* Timeout, long */ -#define SMB_trans_rs2_offset 49 /* Next reserved */ -#define SMB_trans_pbc_offset 51 /* Param Byte count in buf */ -#define SMB_trans_pbo_offset 53 /* Offset to param bytes */ -#define SMB_trans_dbc_offset 55 /* Data byte count in buf */ -#define SMB_trans_dbo_offset 57 /* Data byte offset */ -#define SMB_trans_suc_offset 59 /* Setup count - byte */ -#define SMB_trans_rs3_offset 60 /* Reserved to pad ... */ -#define SMB_trans_len 61 /* Up to setup, still need bcc */ - -#define SMB_transr_tpc_offset 33 /* Total param bytes returned */ -#define SMB_transr_tdc_offset 35 -#define SMB_transr_rs1_offset 37 -#define SMB_transr_pbc_offset 39 -#define SMB_transr_pbo_offset 41 -#define SMB_transr_pdi_offset 43 /* parameter displacement */ -#define SMB_transr_dbc_offset 45 -#define SMB_transr_dbo_offset 47 -#define SMB_transr_ddi_offset 49 -#define SMB_transr_suc_offset 51 -#define SMB_transr_rs2_offset 52 -#define SMB_transr_len 53 - -/* Bit masks for SMB Capabilities ... */ - -#define SMB_cap_raw_mode 0x0001 -#define SMB_cap_mpx_mode 0x0002 -#define SMB_cap_unicode 0x0004 -#define SMB_cap_large_files 0x0008 -#define SMB_cap_nt_smbs 0x0010 -#define SMB_rpc_remote_apis 0x0020 -#define SMB_cap_nt_status 0x0040 -#define SMB_cap_level_II_oplocks 0x0080 -#define SMB_cap_lock_and_read 0x0100 -#define SMB_cap_nt_find 0x0200 - -/* SMB LANMAN api call defines */ - -#define SMB_LMapi_SetUserInfo 0x0072 -#define SMB_LMapi_UserPasswordSet 0x0073 - -/* Structures and defines we use in the client interface */ - -/* The protocols we might support. Perhaps a bit ambitious, as only RFCNB */ -/* has any support so far 0(sometimes called NBT) */ - -typedef enum { - SMB_RFCNB, SMB_IPXNB, SMB_NETBEUI, SMB_X25 -} SMB_Transport_Types; - -typedef enum { - SMB_Con_FShare, SMB_Con_PShare, SMB_Con_IPC -} SMB_Con_Types; - -typedef enum { - SMB_State_NoState, SMB_State_Stopped, SMB_State_Started -} SMB_State_Types; - -/* The following two arrays need to be in step! */ -/* We must make it possible for callers to specify these ... */ - - -extern char *SMB_Prots[]; -extern int SMB_Types[]; - -typedef struct SMB_Status { - - union { - struct { - unsigned char ErrorClass; - unsigned char Reserved; - unsigned short Error; - } DosError; - unsigned int NtStatus; - } status; -} SMB_Status; - -typedef struct SMB_Tree_Structure *SMB_Tree_Handle; - -typedef struct SMB_Connect_Def *SMB_Handle_Type; - -struct SMB_Connect_Def { - - SMB_Handle_Type Next_Con, Prev_Con; /* Next and previous conn */ - int protocol; /* What is the protocol */ - int prot_IDX; /* And what is the index */ - void *Trans_Connect; /* The connection */ - - /* All these strings should be malloc'd */ - - char service[80], username[80], password[80], desthost[80], sock_options[80]; - char address[80], myname[80]; - - SMB_Tree_Handle first_tree, last_tree; /* List of trees on this server */ - - int gid; /* Group ID, do we need it? */ - int mid; /* Multiplex ID? We might need one per con */ - int pid; /* Process ID */ - - int uid; /* Authenticated user id. */ - - /* It is pretty clear that we need to bust some of */ - /* these out into a per TCon record, as there may */ - /* be multiple TCon's per server, etc ... later */ - - int port; /* port to use in case not default, this is a TCPism! */ - - int max_xmit; /* Max xmit permitted by server */ - int Security; /* 0 = share, 1 = user */ - int Raw_Support; /* bit 0 = 1 = Read Raw supported, 1 = 1 Write raw */ - BOOL encrypt_passwords; /* FALSE = don't */ - int MaxMPX, MaxVC, MaxRaw; - unsigned int SessionKey, Capabilities; - int SvrTZ; /* Server Time Zone */ - int Encrypt_Key_Len; - char Encrypt_Key[80], Domain[80], PDomain[80], OSName[80], LMType[40]; - char Svr_OS[80], Svr_LMType[80], Svr_PDom[80]; - -}; - -#define SMBLIB_DEFAULT_DOMAIN "STAFF" -#define SMBLIB_DEFAULT_OSNAME "UNIX of some type" -#define SMBLIB_DEFAULT_LMTYPE "SMBlib LM2.1 minus a bit" -#define SMBLIB_MAX_XMIT 65535 - -#define SMB_Sec_Mode_Share 0 -#define SMB_Sec_Mode_User 1 - -/* A Tree_Structure */ - -struct SMB_Tree_Structure { - - SMB_Tree_Handle next, prev; - SMB_Handle_Type con; - char path[129]; - char device_type[20]; - int mbs; /* Local MBS */ - int tid; - -}; - -typedef struct SMB_File_Def SMB_File; - -struct SMB_File_Def { - - SMB_Tree_Handle tree; - char filename[256]; /* We should malloc this ... */ - UWORD fid; - unsigned int lastmod; - unsigned int size; /* Could blow up if 64bit files supported */ - UWORD access; - off_t fileloc; - -}; - -/* global Variables for the library */ - -extern SMB_State_Types SMBlib_State; - -#ifndef SMBLIB_ERRNO -extern int SMBlib_errno; -extern int SMBlib_SMB_Error; /* last Error */ -#endif - -#endif /* _SMBLIB_PRIV_H_ */ --- squid/auth_modules/MSNT/smblib-util.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,803 +0,0 @@ -/* UNIX SMBlib NetBIOS implementation - * - * Version 1.0 - * SMBlib Utility Routines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "smblib-priv.h" - -#include "rfcnb.h" -#include "rfcnb-priv.h" -#include "rfcnb-util.h" - -#include -#include -#include - -char *SMB_Prots[] = -{"PC NETWORK PROGRAM 1.0", - "MICROSOFT NETWORKS 1.03", - "MICROSOFT NETWORKS 3.0", - "DOS LANMAN1.0", - "LANMAN1.0", - "DOS LM1.2X002", - "LM1.2X002", - "DOS LANMAN2.1", - "LANMAN2.1", - "Samba", - "NT LM 0.12", - "NT LANMAN 1.0", - NULL}; - -int SMB_Types[] = -{SMB_P_Core, - SMB_P_CorePlus, - SMB_P_DOSLanMan1, - SMB_P_DOSLanMan1, - SMB_P_LanMan1, - SMB_P_DOSLanMan2, - SMB_P_LanMan2, - SMB_P_LanMan2_1, - SMB_P_LanMan2_1, - SMB_P_NT1, - SMB_P_NT1, - SMB_P_NT1, - -1}; - -/* Print out an SMB pkt in all its gory detail ... */ - -void -SMB_Print_Pkt(FILE fd, RFCNB_Pkt * pkt, BOOL command, int Offset, int Len) -{ - - /* Well, just how do we do this ... print it I suppose */ - - /* Print out the SMB header ... */ - - /* Print the command */ - - /* Print the other bits in the header */ - - - /* etc */ - -} - -/* Convert a DOS Date_Time to a local host type date time for printing */ - -char * -SMB_DOSTimToStr(int DOS_time) -{ - static char SMB_Time_Temp[48]; - int DOS_sec, DOS_min, DOS_hour, DOS_day, DOS_month, DOS_year; - - SMB_Time_Temp[0] = 0; - - DOS_sec = (DOS_time & 0x001F) * 2; - DOS_min = (DOS_time & 0x07E0) >> 5; - DOS_hour = ((DOS_time & 0xF800) >> 11); - - DOS_day = (DOS_time & 0x001F0000) >> 16; - DOS_month = (DOS_time & 0x01E00000) >> 21; - DOS_year = ((DOS_time & 0xFE000000) >> 25) + 80; - - sprintf(SMB_Time_Temp, "%2d/%02d/%2d %2d:%02d:%02d", DOS_day, DOS_month, - DOS_year, DOS_hour, DOS_min, DOS_sec); - - return (SMB_Time_Temp); - -} - -/* Convert an attribute byte/word etc to a string ... We return a pointer - * to a static string which we guarantee is long enough. If verbose is - * true, we print out long form of strings ... */ - -char * -SMB_AtrToStr(int attribs, BOOL verbose) -{ - static char SMB_Attrib_Temp[128]; - - SMB_Attrib_Temp[0] = 0; - - if (attribs & SMB_FA_ROF) - strcat(SMB_Attrib_Temp, (verbose ? "Read Only " : "R")); - - if (attribs & SMB_FA_HID) - strcat(SMB_Attrib_Temp, (verbose ? "Hidden " : "H")); - - if (attribs & SMB_FA_SYS) - strcat(SMB_Attrib_Temp, (verbose ? "System " : "S")); - - if (attribs & SMB_FA_VOL) - strcat(SMB_Attrib_Temp, (verbose ? "Volume " : "V")); - - if (attribs & SMB_FA_DIR) - strcat(SMB_Attrib_Temp, (verbose ? "Directory " : "D")); - - if (attribs & SMB_FA_ARC) - strcat(SMB_Attrib_Temp, (verbose ? "Archive " : "A")); - - return (SMB_Attrib_Temp); - -} - -/* Pick up the Max Buffer Size from the Tree Structure ... */ - -int -SMB_Get_Tree_MBS(SMB_Tree_Handle tree) -{ - if (tree != NULL) { - return (tree->mbs); - } else { - return (SMBlibE_BAD); - } -} - -/* Pick up the Max buffer size */ - -int -SMB_Get_Max_Buf_Siz(SMB_Handle_Type Con_Handle) -{ - if (Con_Handle != NULL) { - return (Con_Handle->max_xmit); - } else { - return (SMBlibE_BAD); - } - -} -/* Pickup the protocol index from the connection structure */ - -int -SMB_Get_Protocol_IDX(SMB_Handle_Type Con_Handle) -{ - if (Con_Handle != NULL) { - return (Con_Handle->prot_IDX); - } else { - return (0xFFFF); /* Invalid protocol */ - } - -} - -/* Pick up the protocol from the connection structure */ - -int -SMB_Get_Protocol(SMB_Handle_Type Con_Handle) -{ - if (Con_Handle != NULL) { - return (Con_Handle->protocol); - } else { - return (0xFFFF); /* Invalid protocol */ - } - -} - -/* Figure out what protocol was accepted, given the list of dialect strings */ -/* We offered, and the index back from the server. We allow for a user */ -/* supplied list, and assume that it is a subset of our list */ - -int -SMB_Figure_Protocol(char *dialects[], int prot_index) -{ - int i; - - if (dialects == SMB_Prots) { /* The jobs is easy, just index into table */ - - return (SMB_Types[prot_index]); - } else { /* Search through SMB_Prots looking for a match */ - - for (i = 0; SMB_Prots[i] != NULL; i++) { - - if (strcmp(dialects[prot_index], SMB_Prots[i]) == 0) { /* A match */ - - return (SMB_Types[i]); - - } - } - - /* If we got here, then we are in trouble, because the protocol was not */ - /* One we understand ... */ - - return (SMB_P_Unknown); - - } - -} - - -/* Negotiate the protocol we will use from the list passed in Prots */ -/* we return the index of the accepted protocol in NegProt, -1 indicates */ -/* none acceptible, and our return value is 0 if ok, <0 if problems */ - -int -SMB_Negotiate(SMB_Handle_Type Con_Handle, char *Prots[]) -{ - struct RFCNB_Pkt *pkt; - int prots_len, i, pkt_len, prot, alloc_len; - char *p; - - /* Figure out how long the prot list will be and allocate space for it */ - - prots_len = 0; - - for (i = 0; Prots[i] != NULL; i++) { - - prots_len = prots_len + strlen(Prots[i]) + 2; /* Account for null etc */ - - } - - /* The -1 accounts for the one byte smb_buf we have because some systems */ - /* don't like char msg_buf[] */ - - pkt_len = SMB_negp_len + prots_len; - - /* Make sure that the pkt len is long enough for the max response ... */ - /* Which is a problem, because the encryption key len eec may be long */ - - if (pkt_len < (SMB_hdr_wct_offset + (19 * 2) + 40)) { - - alloc_len = SMB_hdr_wct_offset + (19 * 2) + 40; - - } else { - - alloc_len = pkt_len; - - } - - pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(alloc_len); - - if (pkt == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - return (SMBlibE_BAD); - - } - /* Now plug in the bits we need */ - - bzero(SMB_Hdr(pkt), SMB_negp_len); - SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ - *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBnegprot; - SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); - *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; - - SSVAL(SMB_Hdr(pkt), SMB_negp_bcc_offset, prots_len); - - /* Now copy the prot strings in with the right stuff */ - - p = (char *) (SMB_Hdr(pkt) + SMB_negp_buf_offset); - - for (i = 0; Prots[i] != NULL; i++) { - - *p = SMBdialectID; - strcpy(p + 1, Prots[i]); - p = p + strlen(Prots[i]) + 2; /* Adjust len of p for null plus dialectID */ - - } - - /* Now send the packet and sit back ... */ - - if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { - - -#ifdef DEBUG - fprintf(stderr, "Error sending negotiate protocol\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_SendFailed; /* Failed, check lower layer errno */ - return (SMBlibE_BAD); - - } - /* Now get the response ... */ - - if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, alloc_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error receiving response to negotiate\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_RecvFailed; /* Failed, check lower layer errno */ - return (SMBlibE_BAD); - - } - if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ - -#ifdef DEBUG - fprintf(stderr, "SMB_Negotiate failed with errorclass = %i, Error Code = %i\n", - CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), - SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); -#endif - - SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_Remote; - return (SMBlibE_BAD); - - } - if (SVAL(SMB_Hdr(pkt), SMB_negrCP_idx_offset) == 0xFFFF) { - -#ifdef DEBUG - fprintf(stderr, "None of our protocols was accepted ... "); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_NegNoProt; - return (SMBlibE_BAD); - - } - /* Now, unpack the info from the response, if any and evaluate the proto */ - /* selected. We must make sure it is one we like ... */ - - Con_Handle->prot_IDX = prot = SVAL(SMB_Hdr(pkt), SMB_negrCP_idx_offset); - Con_Handle->protocol = SMB_Figure_Protocol(Prots, prot); - - if (Con_Handle->protocol == SMB_P_Unknown) { /* No good ... */ - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_ProtUnknown; - return (SMBlibE_BAD); - - } - switch (CVAL(SMB_Hdr(pkt), SMB_hdr_wct_offset)) { - - case 0x01: /* No more info ... */ - - break; - - case 13: /* Up to and including LanMan 2.1 */ - - Con_Handle->Security = SVAL(SMB_Hdr(pkt), SMB_negrLM_sec_offset); - Con_Handle->encrypt_passwords = ((Con_Handle->Security & SMB_sec_encrypt_mask) != 0x00); - Con_Handle->Security = Con_Handle->Security & SMB_sec_user_mask; - - Con_Handle->max_xmit = SVAL(SMB_Hdr(pkt), SMB_negrLM_mbs_offset); - Con_Handle->MaxMPX = SVAL(SMB_Hdr(pkt), SMB_negrLM_mmc_offset); - Con_Handle->MaxVC = SVAL(SMB_Hdr(pkt), SMB_negrLM_mnv_offset); - Con_Handle->Raw_Support = SVAL(SMB_Hdr(pkt), SMB_negrLM_rm_offset); - Con_Handle->SessionKey = IVAL(SMB_Hdr(pkt), SMB_negrLM_sk_offset); - Con_Handle->SvrTZ = SVAL(SMB_Hdr(pkt), SMB_negrLM_stz_offset); - Con_Handle->Encrypt_Key_Len = SVAL(SMB_Hdr(pkt), SMB_negrLM_ekl_offset); - - p = (SMB_Hdr(pkt) + SMB_negrLM_buf_offset); - fprintf(stderr, "%d", (int) (SMB_Hdr(pkt) + SMB_negrLM_buf_offset)); - memcpy(Con_Handle->Encrypt_Key, p, 8); - - p = (SMB_Hdr(pkt) + SMB_negrLM_buf_offset + Con_Handle->Encrypt_Key_Len); - - strncpy(p, Con_Handle->Svr_PDom, sizeof(Con_Handle->Svr_PDom) - 1); - - break; - - case 17: /* NT LM 0.12 and LN LM 1.0 */ - - Con_Handle->Security = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_sec_offset); - Con_Handle->encrypt_passwords = ((Con_Handle->Security & SMB_sec_encrypt_mask) != 0x00); - Con_Handle->Security = Con_Handle->Security & SMB_sec_user_mask; - - Con_Handle->max_xmit = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_mbs_offset); - Con_Handle->MaxMPX = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_mmc_offset); - Con_Handle->MaxVC = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_mnv_offset); - Con_Handle->MaxRaw = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_mrs_offset); - Con_Handle->SessionKey = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_sk_offset); - Con_Handle->SvrTZ = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_stz_offset); - Con_Handle->Encrypt_Key_Len = CVAL(SMB_Hdr(pkt), SMB_negrNTLM_ekl_offset); - - p = (SMB_Hdr(pkt) + SMB_negrNTLM_buf_offset); - memcpy(Con_Handle->Encrypt_Key, p, 8); - p = (SMB_Hdr(pkt) + SMB_negrNTLM_buf_offset + Con_Handle->Encrypt_Key_Len); - - strncpy(p, Con_Handle->Svr_PDom, sizeof(Con_Handle->Svr_PDom) - 1); - - break; - - default: - -#ifdef DEBUG - fprintf(stderr, "Unknown NegProt response format ... Ignored\n"); - fprintf(stderr, " wct = %i\n", CVAL(SMB_Hdr(pkt), SMB_hdr_wct_offset)); -#endif - - break; - } - -#ifdef DEBUG - fprintf(stderr, "Protocol selected is: %i:%s\n", prot, Prots[prot]); -#endif - - RFCNB_Free_Pkt(pkt); - return (0); - -} - -/* Get our hostname */ - -void -SMB_Get_My_Name(char *name, int len) -{ - - if (gethostname(name, len) < 0) { /* Error getting name */ - - strncpy(name, "unknown", len); - - /* Should check the error */ - -#ifdef DEBUG - fprintf(stderr, "gethostname in SMB_Get_My_Name returned error:"); - perror(""); -#endif - - } - /* only keep the portion up to the first "." */ - - -} - -/* Send a TCON to the remote server ... */ - -SMB_Tree_Handle -SMB_TreeConnect(SMB_Handle_Type Con_Handle, - SMB_Tree_Handle Tree_Handle, - char *path, - char *password, - char *device) -{ - struct RFCNB_Pkt *pkt; - int param_len, pkt_len; - char *p; - SMB_Tree_Handle tree; - - /* Figure out how much space is needed for path, password, dev ... */ - - if ((path == NULL) | (password == NULL) | (device == NULL)) { - -#ifdef DEBUG - fprintf(stderr, "Bad parameter passed to SMB_TreeConnect\n"); -#endif - - SMBlib_errno = SMBlibE_BadParam; - return (NULL); - - } - /* The + 2 is because of the \0 and the marker ... */ - - param_len = strlen(path) + 2 + strlen(password) + 2 + strlen(device) + 2; - - /* The -1 accounts for the one byte smb_buf we have because some systems */ - /* don't like char msg_buf[] */ - - pkt_len = SMB_tcon_len + param_len; - - pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); - - if (pkt == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - return (NULL); /* Should handle the error */ - - } - /* Now allocate a tree for this to go into ... */ - - if (Tree_Handle == NULL) { - - tree = (SMB_Tree_Handle) malloc(sizeof(struct SMB_Tree_Structure)); - - if (tree == NULL) { - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_NoSpace; - return (NULL); - - } - } else { - - tree = Tree_Handle; - - } - - tree->next = tree->prev = NULL; - tree->con = Con_Handle; - strncpy(tree->path, path, sizeof(tree->path)); - strncpy(tree->device_type, device, sizeof(tree->device_type)); - - /* Now plug in the values ... */ - - bzero(SMB_Hdr(pkt), SMB_tcon_len); - SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ - *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBtcon; - SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); - *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; - - SSVAL(SMB_Hdr(pkt), SMB_tcon_bcc_offset, param_len); - - /* Now copy the param strings in with the right stuff */ - - p = (char *) (SMB_Hdr(pkt) + SMB_tcon_buf_offset); - *p = SMBasciiID; - strcpy(p + 1, path); - p = p + strlen(path) + 2; - *p = SMBasciiID; - strcpy(p + 1, password); - p = p + strlen(password) + 2; - *p = SMBasciiID; - strcpy(p + 1, device); - - /* Now send the packet and sit back ... */ - - if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error sending TCon request\n"); -#endif - - if (Tree_Handle == NULL) - free(tree); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_SendFailed; - return (NULL); - - } - /* Now get the response ... */ - - if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error receiving response to TCon\n"); -#endif - - if (Tree_Handle == NULL) - free(tree); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_RecvFailed; - return (NULL); - - } - /* Check out the response type ... */ - - if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ - -#ifdef DEBUG - fprintf(stderr, "SMB_TCon failed with errorclass = %i, Error Code = %i\n", - CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), - SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); -#endif - - if (Tree_Handle == NULL) - free(tree); - SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_Remote; - return (NULL); - - } - tree->tid = SVAL(SMB_Hdr(pkt), SMB_tconr_tid_offset); - tree->mbs = SVAL(SMB_Hdr(pkt), SMB_tconr_mbs_offset); - -#ifdef DEBUG - fprintf(stderr, "TConn succeeded, with TID=%i, Max Xmit=%i\n", - tree->tid, tree->mbs); -#endif - - /* Now link the Tree to the Server Structure ... */ - - if (Con_Handle->first_tree == NULL) { - - Con_Handle->first_tree = tree; - Con_Handle->last_tree = tree; - - } else { - - Con_Handle->last_tree->next = tree; - tree->prev = Con_Handle->last_tree; - Con_Handle->last_tree = tree; - - } - - RFCNB_Free_Pkt(pkt); - return (tree); - -} - -int -SMB_TreeDisconnect(SMB_Tree_Handle Tree_Handle, BOOL discard) -{ - struct RFCNB_Pkt *pkt; - int pkt_len; - - pkt_len = SMB_tdis_len; - - pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); - - if (pkt == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - return (SMBlibE_BAD); /* Should handle the error */ - - } - /* Now plug in the values ... */ - - bzero(SMB_Hdr(pkt), SMB_tdis_len); - SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ - *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBtdis; - SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Tree_Handle->con->pid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Tree_Handle->con->mid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Tree_Handle->con->uid); - *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; - - SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, Tree_Handle->tid); - SSVAL(SMB_Hdr(pkt), SMB_tcon_bcc_offset, 0); - - /* Now send the packet and sit back ... */ - - if (RFCNB_Send(Tree_Handle->con->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error sending TDis request\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_SendFailed; - return (SMBlibE_BAD); - - } - /* Now get the response ... */ - - if (RFCNB_Recv(Tree_Handle->con->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error receiving response to TCon\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_RecvFailed; - return (SMBlibE_BAD); - - } - /* Check out the response type ... */ - - if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ - -#ifdef DEBUG - fprintf(stderr, "SMB_TDis failed with errorclass = %i, Error Code = %i\n", - CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), - SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); -#endif - - SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_Remote; - return (SMBlibE_BAD); - - } - Tree_Handle->tid = 0xFFFF; /* Invalid TID */ - Tree_Handle->mbs = 0; /* Invalid */ - -#ifdef DEBUG - - fprintf(stderr, "Tree disconnect successful ...\n"); - -#endif - - /* What about the tree handle ? */ - - if (discard == TRUE) { /* Unlink it and free it ... */ - - if (Tree_Handle->next == NULL) - Tree_Handle->con->first_tree = Tree_Handle->prev; - else - Tree_Handle->next->prev = Tree_Handle->prev; - - if (Tree_Handle->prev == NULL) - Tree_Handle->con->last_tree = Tree_Handle->next; - else - Tree_Handle->prev->next = Tree_Handle->next; - - } - RFCNB_Free_Pkt(pkt); - return (0); - -} - -/* Pick up the last LMBlib error ... */ - -int -SMB_Get_Last_Error() -{ - - return (SMBlib_errno); - -} - -/* Pick up the last error returned in an SMB packet */ -/* We will need macros to extract error class and error code */ - -int -SMB_Get_Last_SMB_Err() -{ - - return (SMBlib_SMB_Error); - -} - -/* Pick up the error message associated with an error from SMBlib */ - -/* Keep this table in sync with the message codes in smblib-common.h */ - -static char *SMBlib_Error_Messages[] = -{ - - "Request completed sucessfully.", - "Server returned a non-zero SMB Error Class and Code.", - "A lower layer protocol error occurred.", - "Function not yet implemented.", - "The protocol negotiated does not support the request.", - "No space available for operation.", - "One or more bad parameters passed.", - "None of the protocols we offered were accepted.", - "The attempt to send an SMB request failed. See protocol error info.", - "The attempt to get an SMB response failed. See protocol error info.", - "The logon request failed, but you were logged in as guest.", - "The attempt to call the remote server failed. See protocol error info.", - "The protocol dialect specified in a NegProt and accepted by the server is unknown.", - /* This next one simplifies error handling */ - "No such error code.", - NULL}; - -void -SMB_Get_Error_Msg(int msg, char *msgbuf, int len) -{ - - if (msg >= 0) { - - strncpy(msgbuf, - SMBlib_Error_Messages[msg > SMBlibE_NoSuchMsg ? SMBlibE_NoSuchMsg : msg], - len - 1); - msgbuf[len - 1] = 0; /* Make sure it is a string */ - } else { /* Add the lower layer message ... */ - - char prot_msg[1024]; - - msg = -msg; /* Make it positive */ - - strncpy(msgbuf, - SMBlib_Error_Messages[msg > SMBlibE_NoSuchMsg ? SMBlibE_NoSuchMsg : msg], - len - 1); - - msgbuf[len - 1] = 0; /* make sure it is a string */ - - if (strlen(msgbuf) < len) { /* If there is space, put rest in */ - - strncat(msgbuf, "\n\t", len - strlen(msgbuf)); - - RFCNB_Get_Error(prot_msg, sizeof(prot_msg) - 1); - - strncat(msgbuf, prot_msg, len - strlen(msgbuf)); - - } - } - -} --- squid/auth_modules/MSNT/smblib.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,555 +0,0 @@ -/* UNIX SMBlib NetBIOS implementation - * - * Version 1.0 - * SMBlib Routines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -int SMBlib_errno; -int SMBlib_SMB_Error; -#define SMBLIB_ERRNO -#define uchar unsigned char -#include "smblib-priv.h" -#include "smblib.h" -#include "rfcnb-priv.h" -#include "rfcnb.h" -#include "rfcnb-util.h" - -#include -#include -#include -#include - -#include - -SMB_State_Types SMBlib_State; - -extern int RFCNB_Set_Sock_NoDelay(RFCNB_Con *, BOOL); -extern void SMB_Get_My_Name(char *, int); - -/* Initialize the SMBlib package */ - -int -SMB_Init() -{ - - SMBlib_State = SMB_State_Started; - - signal(SIGPIPE, SIG_IGN); /* Ignore these ... */ - -/* If SMBLIB_Instrument is defines, turn on the instrumentation stuff */ -#ifdef SMBLIB_INSTRUMENT - - SMBlib_Instrument_Init(); - -#endif - - return 0; - -} - -int -SMB_Term() -{ - -#ifdef SMBLIB_INSTRUMENT - - SMBlib_Instrument_Term(); /* Clean up and print results */ - -#endif - - return 0; - -} - -/* SMB_Create: Create a connection structure and return for later use */ -/* We have other helper routines to set variables */ - -SMB_Handle_Type -SMB_Create_Con_Handle(void) -{ - - SMBlib_errno = SMBlibE_NotImpl; - return (NULL); - -} - -int -SMBlib_Set_Sock_NoDelay(SMB_Handle_Type Con_Handle, BOOL yn) -{ - - - if (RFCNB_Set_Sock_NoDelay(Con_Handle->Trans_Connect, yn) < 0) { - -#ifdef DEBUG -#endif - - fprintf(stderr, "Setting no-delay on TCP socket failed ...\n"); - - } - return (0); - -} - -/* SMB_Connect_Server: Connect to a server, but don't negotiate protocol */ -/* or anything else ... */ - -SMB_Handle_Type -SMB_Connect_Server(SMB_Handle_Type Con_Handle, - char *server, char *NTdomain) -{ - SMB_Handle_Type con; - char called[80], calling[80], *address; - int i; - - /* Get a connection structure if one does not exist */ - - con = Con_Handle; - - if (Con_Handle == NULL) { - - if ((con = (struct SMB_Connect_Def *) malloc(sizeof(struct SMB_Connect_Def))) == NULL) { - - - SMBlib_errno = SMBlibE_NoSpace; - return NULL; - } - } - /* Init some things ... */ - - strcpy(con->service, ""); - strcpy(con->username, ""); - strcpy(con->password, ""); - strcpy(con->sock_options, ""); - strcpy(con->address, ""); - strcpy(con->desthost, server); - strcpy(con->PDomain, NTdomain); - strcpy(con->OSName, SMBLIB_DEFAULT_OSNAME); - strcpy(con->LMType, SMBLIB_DEFAULT_LMTYPE); - con->first_tree = con->last_tree = NULL; - - SMB_Get_My_Name(con->myname, sizeof(con->myname)); - - con->port = 0; /* No port selected */ - - /* Get some things we need for the SMB Header */ - - con->pid = getpid(); - con->mid = con->pid; /* This will do for now ... */ - con->uid = 0; /* Until we have done a logon, no uid ... */ - con->gid = getgid(); - - /* Now connect to the remote end, but first upper case the name of the - * service we are going to call, sine some servers want it in uppercase */ - - for (i = 0; i < strlen(server); i++) - called[i] = toupper(server[i]); - - called[strlen(server)] = 0; /* Make it a string */ - - for (i = 0; i < strlen(con->myname); i++) - calling[i] = toupper(con->myname[i]); - - calling[strlen(con->myname)] = 0; /* Make it a string */ - - if (strcmp(con->address, "") == 0) - address = con->desthost; - else - address = con->address; - - con->Trans_Connect = RFCNB_Call(called, - calling, - address, /* Protocol specific */ - con->port); - - /* Did we get one? */ - - if (con->Trans_Connect == NULL) { - - if (Con_Handle == NULL) { - Con_Handle = NULL; - free(con); - } - SMBlib_errno = -SMBlibE_CallFailed; - return NULL; - - } - return (con); - -} - -/* SMB_Connect: Connect to the indicated server */ -/* If Con_Handle == NULL then create a handle and connect, otherwise */ -/* use the handle passed */ - -char *SMB_Prots_Restrict[] = -{"PC NETWORK PROGRAM 1.0", - NULL}; - - -SMB_Handle_Type -SMB_Connect(SMB_Handle_Type Con_Handle, - SMB_Tree_Handle * tree, - char *service, - char *username, - char *password) -{ - SMB_Handle_Type con; - char *host, *address; - char temp[80], called[80], calling[80]; - int i; - - /* Get a connection structure if one does not exist */ - - con = Con_Handle; - - if (Con_Handle == NULL) { - - if ((con = (struct SMB_Connect_Def *) malloc(sizeof(struct SMB_Connect_Def))) == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - return NULL; - } - } - /* Init some things ... */ - - strcpy(con->service, service); - strcpy(con->username, username); - strcpy(con->password, password); - strcpy(con->sock_options, ""); - strcpy(con->address, ""); - strcpy(con->PDomain, SMBLIB_DEFAULT_DOMAIN); - strcpy(con->OSName, SMBLIB_DEFAULT_OSNAME); - strcpy(con->LMType, SMBLIB_DEFAULT_LMTYPE); - con->first_tree = con->last_tree = NULL; - - SMB_Get_My_Name(con->myname, sizeof(con->myname)); - - con->port = 0; /* No port selected */ - - /* Get some things we need for the SMB Header */ - - con->pid = getpid(); - con->mid = con->pid; /* This will do for now ... */ - con->uid = 0; /* Until we have done a logon, no uid */ - con->gid = getgid(); - - /* Now figure out the host portion of the service */ - - strcpy(temp, service); - /* AI - Added (char *) to stop compiler warnings */ - host = (char *) strtok(temp, "/\\"); /* Separate host name portion */ - strcpy(con->desthost, host); - - /* Now connect to the remote end, but first upper case the name of the - * service we are going to call, sine some servers want it in uppercase */ - - for (i = 0; i < strlen(host); i++) - called[i] = toupper(host[i]); - - called[strlen(host)] = 0; /* Make it a string */ - - for (i = 0; i < strlen(con->myname); i++) - calling[i] = toupper(con->myname[i]); - - calling[strlen(con->myname)] = 0; /* Make it a string */ - - if (strcmp(con->address, "") == 0) - address = con->desthost; - else - address = con->address; - - con->Trans_Connect = RFCNB_Call(called, - calling, - address, /* Protocol specific */ - con->port); - - /* Did we get one? */ - - if (con->Trans_Connect == NULL) { - - if (Con_Handle == NULL) { - free(con); - Con_Handle = NULL; - } - SMBlib_errno = -SMBlibE_CallFailed; - return NULL; - - } - /* Now, negotiate the protocol */ - - if (SMB_Negotiate(con, SMB_Prots_Restrict) < 0) { - - /* Hmmm what should we do here ... We have a connection, but could not - * negotiate ... */ - - return NULL; - - } - /* Now connect to the service ... */ - - if ((*tree = SMB_TreeConnect(con, NULL, service, password, "A:")) == NULL) { - - return NULL; - - } - return (con); - -} - -/* Logon to the server. That is, do a session setup if we can. We do not do */ -/* Unicode yet! */ - -int -SMB_Logon_Server(SMB_Handle_Type Con_Handle, char *UserName, - char *PassWord) -{ - struct RFCNB_Pkt *pkt; - int param_len, pkt_len, pass_len; - char *p, pword[128]; - - /* First we need a packet etc ... but we need to know what protocol has */ - /* been negotiated to figure out if we can do it and what SMB format to */ - /* use ... */ - - if (Con_Handle->protocol < SMB_P_LanMan1) { - - SMBlib_errno = SMBlibE_ProtLow; - return (SMBlibE_BAD); - - } - strcpy(pword, PassWord); -#ifdef PAM_SMB_ENC_PASS - if (Con_Handle->encrypt_passwords) { - pass_len = 24; - SMBencrypt((uchar *) PassWord, (uchar *) Con_Handle->Encrypt_Key, (uchar *) pword); - } else -#endif - pass_len = strlen(pword); - - - /* Now build the correct structure */ - - if (Con_Handle->protocol < SMB_P_NT1) { - - param_len = strlen(UserName) + 1 + pass_len + 1 + - strlen(Con_Handle->PDomain) + 1 + - strlen(Con_Handle->OSName) + 1; - - pkt_len = SMB_ssetpLM_len + param_len; - - pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); - - if (pkt == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - return (SMBlibE_BAD); /* Should handle the error */ - - } - bzero(SMB_Hdr(pkt), SMB_ssetpLM_len); - SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ - *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBsesssetupX; - SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); - *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 10; - *(SMB_Hdr(pkt) + SMB_hdr_axc_offset) = 0xFF; /* No extra command */ - SSVAL(SMB_Hdr(pkt), SMB_hdr_axo_offset, 0); - - SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_mbs_offset, SMBLIB_MAX_XMIT); - SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_mmc_offset, 2); - SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_vcn_offset, Con_Handle->pid); - SIVAL(SMB_Hdr(pkt), SMB_ssetpLM_snk_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_pwl_offset, pass_len + 1); - SIVAL(SMB_Hdr(pkt), SMB_ssetpLM_res_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_bcc_offset, param_len); - - /* Now copy the param strings in with the right stuff */ - - p = (char *) (SMB_Hdr(pkt) + SMB_ssetpLM_buf_offset); - - /* Copy in password, then the rest. Password has a null at end */ - - memcpy(p, pword, pass_len); - - p = p + pass_len + 1; - - strcpy(p, UserName); - p = p + strlen(UserName); - *p = 0; - - p = p + 1; - - strcpy(p, Con_Handle->PDomain); - p = p + strlen(Con_Handle->PDomain); - *p = 0; - p = p + 1; - - strcpy(p, Con_Handle->OSName); - p = p + strlen(Con_Handle->OSName); - *p = 0; - - } else { - - /* We don't admit to UNICODE support ... */ - - param_len = strlen(UserName) + 1 + pass_len + - strlen(Con_Handle->PDomain) + 1 + - strlen(Con_Handle->OSName) + 1 + - strlen(Con_Handle->LMType) + 1; - - pkt_len = SMB_ssetpNTLM_len + param_len; - - pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); - - if (pkt == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - return (-1); /* Should handle the error */ - - } - bzero(SMB_Hdr(pkt), SMB_ssetpNTLM_len); - SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ - *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBsesssetupX; - SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); - *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 13; - *(SMB_Hdr(pkt) + SMB_hdr_axc_offset) = 0xFF; /* No extra command */ - SSVAL(SMB_Hdr(pkt), SMB_hdr_axo_offset, 0); - - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_mbs_offset, SMBLIB_MAX_XMIT); - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_mmc_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_vcn_offset, 0); - SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_snk_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cipl_offset, pass_len); - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cspl_offset, 0); - SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_res_offset, 0); - SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cap_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_bcc_offset, param_len); - - /* Now copy the param strings in with the right stuff */ - - p = (char *) (SMB_Hdr(pkt) + SMB_ssetpNTLM_buf_offset); - - /* Copy in password, then the rest. Password has no null at end */ - - memcpy(p, pword, pass_len); - - p = p + pass_len; - - strcpy(p, UserName); - p = p + strlen(UserName); - *p = 0; - - p = p + 1; - - strcpy(p, Con_Handle->PDomain); - p = p + strlen(Con_Handle->PDomain); - *p = 0; - p = p + 1; - - strcpy(p, Con_Handle->OSName); - p = p + strlen(Con_Handle->OSName); - *p = 0; - p = p + 1; - - strcpy(p, Con_Handle->LMType); - p = p + strlen(Con_Handle->LMType); - *p = 0; - - } - - /* Now send it and get a response */ - - if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error sending SessSetupX request\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_SendFailed; - return (SMBlibE_BAD); - - } - /* Now get the response ... */ - - if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error receiving response to SessSetupAndX\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_RecvFailed; - return (SMBlibE_BAD); - - } - /* Check out the response type ... */ - - if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ - -#ifdef DEBUG - fprintf(stderr, "SMB_SessSetupAndX failed with errorclass = %i, Error Code = %i\n", - CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), - SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); -#endif - - SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_Remote; - return (SMBlibE_BAD); - - } -#ifdef DEBUG - fprintf(stderr, "SessSetupAndX response. Action = %i\n", - SVAL(SMB_Hdr(pkt), SMB_ssetpr_act_offset)); -#endif - - /* Now pick up the UID for future reference ... */ - - Con_Handle->uid = SVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset); - RFCNB_Free_Pkt(pkt); - - return (0); - -} - - -/* Disconnect from the server, and disconnect all tree connects */ - -int -SMB_Discon(SMB_Handle_Type Con_Handle, BOOL KeepHandle) -{ - - /* We just disconnect the connection for now ... */ - - RFCNB_Hangup(Con_Handle->Trans_Connect); - - if (!KeepHandle) - free(Con_Handle); - - return (0); - -} --- squid/auth_modules/MSNT/smblib.c.patch Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,25 +0,0 @@ -7a8,9 -> (2000/02/11) Added some tricks to SMB_Logon_Server to control logons of users with illegal name -> Vadim A. Popov -520c522 -< ---- -> -523a526,542 -> return(SMBlibE_BAD); -> -> } -> -> /* Check out the special case: illegal user reported as Action=0x01 ... */ -> -> if (SVAL(SMB_Hdr(pkt), SMB_ssetpr_act_offset)&&0x01 != 0) { /* Process error */ -> -> #ifdef DEBUG -> fprintf(stderr, "SMB_SessSetupAndX failed with errorclass = %i, Error Code = %i\n", -> CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), -> SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); -> #endif -> -> SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); -> RFCNB_Free_Pkt(pkt); -> SMBlib_errno = SMBlibE_GuestOnly; --- squid/auth_modules/MSNT/smblib.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,98 +0,0 @@ -/* UNIX SMBlib NetBIOS implementation - * - * Version 1.0 - * SMBlib Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "std-defines.h" -#include "smblib-common.h" - -/* Just define all the entry points */ - -/* Create a handle to allow us to set/override some parameters ... */ - -SMB_Handle_Type SMB_Create_Con_Handle(); - -/* Connect to a server, but do not do a tree con etc ... */ - -SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type, char *server, char *NTdomain); - -/* Connect to a server and give us back a handle. If Con == NULL, create */ -/* The handle and populate it with defaults */ - -SMB_Handle_Type SMB_Connect(SMB_Handle_Type Con_Handle, - SMB_Tree_Handle * tree, - char *service, - char *username, - char *password); - -/* Negotiate a protocol */ - -int SMB_Negotiate(void *Con_Handle, char *Prots[]); - -/* Connect to a tree ... */ - -void *SMB_TreeConnect(void *con_handle, void *tree_handle, - char *path, char *password, char *dev); - -/* Disconnect a tree ... */ - -int SMB_TreeDisconect(void *tree_handle); - -/* Open a file */ - -void *SMB_Open(void *tree_handle, - void *file_handle, - char *file_name, - unsigned short mode, - unsigned short search); - -/* Close a file */ - -int SMB_Close(void *file_handle); - -/* Disconnect from server. Has flag to specify whether or not we keep the */ -/* handle. */ - -int SMB_Discon(SMB_Handle_Type Con_Handle, BOOL KeepHandle); - -void *SMB_Create(void *Tree_Handle, - void *File_Handle, - char *file_name, - short search); - -int SMB_Delete(void *tree, char *file_name, short search); - -int SMB_Create_Dir(void *tree, char *dir_name); - -int SMB_Delete_Dir(void *tree, char *dir_name); - -int SMB_Check_Dir(void *tree, char *dir_name); - -int SMB_Get_Last_Error(); - -int SMB_Get_Last_SMB_Err(); - -int SMB_Get_Error_Msg(int msg, char *msgbuf, int len); - -void *SMB_Logon_And_TCon(void *con, void *tree, char *user, char *pass, - char *service, char *st); --- squid/auth_modules/MSNT/std-defines.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,45 +0,0 @@ -/* RFCNB Standard includes ... */ -/* - * - * SMBlib Standard Includes - * - * Copyright (C) 1996, Richard Sharpe - */ -/* One day we will conditionalize these on OS types ... */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#ifndef _STD_DEFINES_H_ -#define _STD_DEFINES_H_ - -#define BOOL int -typedef short int16; - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define TRUE 1 -#define FALSE 0 - -#endif /* _STD_DEFINES_H_ */ --- squid/auth_modules/MSNT/std-includes.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,45 +0,0 @@ -/* RFCNB Standard includes ... */ -/* - * - * RFCNB Standard Includes - * - * Copyright (C) 1996, Richard Sharpe - */ -/* One day we will conditionalize these on OS types ... */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#define BOOL int -typedef short int16; - -#include -#include -#include -#include -#include -#include -#include -#include - -#define TRUE 1 -#define FALSE 0 - -/* Pick up define for INADDR_NONE */ - -#ifndef INADDR_NONE -#define INADDR_NONE -1 -#endif --- squid/auth_modules/MSNT/valid.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,45 +0,0 @@ -#include -#include -#include -#include "smblib-priv.h" -#include "smblib.h" -#include "valid.h" - -extern int SMB_Init(void); -extern int SMB_Logon_Server(SMB_Handle_Type, char *, char *); - - -int -Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN) -{ - char *SMB_Prots[] = - {"PC NETWORK PROGRAM 1.0", - "MICROSOFT NETWORKS 1.03", - "MICROSOFT NETWORKS 3.0", - "LANMAN1.0", - "LM1.2X002", - "Samba", - "NT LM 0.12", - "NT LANMAN 1.0", - NULL}; - void *con; - - SMB_Init(); - con = SMB_Connect_Server(NULL, SERVER, DOMAIN); - if (con == NULL) { /* Error ... */ - con = SMB_Connect_Server(NULL, BACKUP, DOMAIN); - if (con == NULL) { - return (NTV_SERVER_ERROR); - } - } - if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */ - SMB_Discon(con, 0); - return (NTV_PROTOCOL_ERROR); - } - if (SMB_Logon_Server(con, USERNAME, PASSWORD) < 0) { - SMB_Discon(con, 0); - return (NTV_LOGON_ERROR); - } - SMB_Discon(con, 0); - return (NTV_NO_ERROR); -} --- squid/auth_modules/MSNT/valid.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,12 +0,0 @@ -#ifndef _VALID_H_ -#define _VALID_H_ -/* SMB User verification function */ - -#define NTV_NO_ERROR 0 -#define NTV_SERVER_ERROR 1 -#define NTV_PROTOCOL_ERROR 2 -#define NTV_LOGON_ERROR 3 - -int Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN); - -#endif --- squid/auth_modules/NCSA/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,100 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id: Makefile.in,v 1.1.1.1 2000/01/26 03:21:46 hno Exp $ -# -# Uncomment and customize the following to suit your needs: -# - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -cgi_suffix = @cgi_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -libexecdir = @libexecdir@ -sysconfdir = @sysconfdir@ -localstatedir = @localstatedir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -# Gotta love the DOS legacy -# -NCSA_AUTH_EXE = ncsa_auth$(exec_suffix) - -DEFAULT_PASSWD_FILE = $(sysconfdir)/passwd - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -INSTALL_FILE = @INSTALL_DATA@ -INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 -RANLIB = @RANLIB@ -LN_S = @LN_S@ -PERL = @PERL@ -CRYPTLIB = @CRYPTLIB@ -REGEXLIB = @REGEXLIB@ -PTHREADLIB = @PTHREADLIB@ -SNMPLIB = @SNMPLIB@ -MALLOCLIB = @LIB_MALLOC@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh - - -INCLUDE = -I. -I../../include -I$(top_srcdir)/include -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -AUTH_LIBS = -L../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) - -PROGS = $(NCSA_AUTH_EXE) -OBJS = ncsa_auth.o - -all: $(NCSA_AUTH_EXE) - -$(OBJS): $(top_srcdir)/include/version.h - -$(NCSA_AUTH_EXE): ncsa_auth.o - $(CC) $(LDFLAGS) ncsa_auth.o -o $@ $(AUTH_LIBS) - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(bindir); then \ - echo "mkdir $(bindir)"; \ - mkdir $(bindir); \ - fi - -# Michael Lupp wants to know about additions -# to the install target. -install: all install-mkdirs - @for f in $(PROGS); do \ - if test -f $(bindir)/$$f; then \ - echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(bindir); \ - $(INSTALL_BIN) $$f $(bindir); \ - if test -f $(bindir)/-$$f; then \ - echo $(RM) -f $(bindir)/-$$f; \ - $(RM) -f $(bindir)/-$$f; \ - fi; \ - done - -clean: - -rm -rf *.o *pure_* core $(PROGS) - -distclean: clean - -rm -f Makefile - -tags: - ctags *.[ch] ../include/*.h ../lib/*.[ch] - -depend: - $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- squid/auth_modules/NCSA/ncsa_auth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,143 +0,0 @@ -/* - * ncsa_auth.c - * - * AUTHOR: Arjan de Vet - * - * Example authentication program for Squid, based on the original - * proxy_auth code from client_side.c, written by - * Jon Thackray . - * - * Uses a NCSA httpd style password file for authentication with the - * following improvements suggested by various people: - * - * - comment lines are possible and should start with a '#'; - * - empty or blank lines are possible; - * - extra fields in the password file are ignored; this makes it - * possible to use a Unix password file but I do not recommend that. - * - */ - -#include "config.h" -#if HAVE_STDIO_H -#include -#endif -#if HAVE_STDLIB_H -#include -#endif -#if HAVE_UNISTD_H -#include -#endif -#if HAVE_STRING_H -#include -#endif -#if HAVE_SYS_TYPES_H -#include -#endif -#if HAVE_SYS_STAT_H -#include -#endif -#if HAVE_CRYPT_H -#include -#endif - -#include "util.h" -#include "hash.h" - -static hash_table *hash = NULL; -static HASHFREE my_free; - -typedef struct _user_data { - /* first two items must be same as hash_link */ - char *user; - struct _user_data *next; - char *passwd; -} user_data; - -static void -my_free(void *p) -{ - user_data *u = p; - xfree(u->user); - xfree(u->passwd); - xfree(u); -} - -static void -read_passwd_file(const char *passwdfile) -{ - FILE *f; - char buf[8192]; - user_data *u; - char *user; - char *passwd; - if (hash != NULL) { - hashFreeItems(hash, my_free); - } - /* initial setup */ - hash = hash_create((HASHCMP *) strcmp, 7921, hash_string); - if (NULL == hash) { - fprintf(stderr, "ncsa_auth: cannot create hash table\n"); - exit(1); - } - f = fopen(passwdfile, "r"); - while (fgets(buf, 8192, f) != NULL) { - if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') || - (buf[0] == '\n')) - continue; - user = strtok(buf, ":\n"); - passwd = strtok(NULL, ":\n"); - if ((strlen(user) > 0) && passwd) { - u = xmalloc(sizeof(*u)); - u->user = xstrdup(user); - u->passwd = xstrdup(passwd); - hash_join(hash, (hash_link *) u); - } - } - fclose(f); -} - -int -main(int argc, char **argv) -{ - struct stat sb; - time_t change_time = 0; - char buf[256]; - char *user, *passwd, *p; - user_data *u; - setbuf(stdout, NULL); - if (argc != 2) { - fprintf(stderr, "Usage: ncsa_auth \n"); - exit(1); - } - if (stat(argv[1], &sb) != 0) { - fprintf(stderr, "cannot stat %s\n", argv[1]); - exit(1); - } - while (fgets(buf, 256, stdin) != NULL) { - if ((p = strchr(buf, '\n')) != NULL) - *p = '\0'; /* strip \n */ - if (stat(argv[1], &sb) == 0) { - if (sb.st_mtime != change_time) { - read_passwd_file(argv[1]); - change_time = sb.st_mtime; - } - } - if ((user = strtok(buf, " ")) == NULL) { - printf("ERR\n"); - continue; - } - if ((passwd = strtok(NULL, "")) == NULL) { - printf("ERR\n"); - continue; - } - u = hash_lookup(hash, user); - if (u == NULL) { - printf("ERR\n"); - } else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd))) { - printf("ERR\n"); - } else { - printf("OK\n"); - } - } - exit(0); -} --- squid/auth_modules/PAM/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,96 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id: Makefile.in,v 1.1.1.1.10.2 2000/09/07 21:23:52 hno Exp $ -# -# Uncomment and customize the following to suit your needs: -# - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -cgi_suffix = @cgi_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -libexecdir = @libexecdir@ -sysconfdir = @sysconfdir@ -localstatedir = @localstatedir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -# Gotta love the DOS legacy -# -PAM_AUTH_EXE = pam_auth$(exec_suffix) - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -INSTALL_FILE = @INSTALL_DATA@ -INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 -RANLIB = @RANLIB@ -LN_S = @LN_S@ -PERL = @PERL@ -CRYPTLIB = @CRYPTLIB@ -REGEXLIB = @REGEXLIB@ -PTHREADLIB = @PTHREADLIB@ -SNMPLIB = @SNMPLIB@ -MALLOCLIB = @LIB_MALLOC@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ @DLLIB@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh -DEFINES = - -INCLUDE = -I. -I../../include -I$(top_srcdir)/include -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -AUTH_LIBS = -lpam $(XTRA_LIBS) - -LIBPROGS = $(PAM_AUTH_EXE) -OBJS = pam_auth.o - -all: $(PAM_AUTH_EXE) - -$(PAM_AUTH_EXE): pam_auth.o - $(CC) $(LDFLAGS) pam_auth.o -o $@ $(AUTH_LIBS) - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(libexecdir); then \ - echo "mkdir $(libexecdir)"; \ - mkdir $(libexecdir); \ - fi - -# Michael Lupp wants to know about additions -# to the install target. -install: all install-mkdirs - @for f in $(LIBPROGS); do \ - if test -f $(libexecdir)/$$f; then \ - echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(libexecdir); \ - $(INSTALL_BIN) $$f $(libexecdir); \ - if test -f $(libexecdir)/-$$f; then \ - echo $(RM) -f $(libexecdir)/-$$f; \ - $(RM) -f $(libexecdir)/-$$f; \ - fi; \ - done - -clean: - -rm -rf *.o *pure_* core $(LIBPROGS) - -distclean: clean - -rm -f Makefile - -tags: - ctags *.[ch] - -depend: - $(MAKEDEPEND) -fMakefile *.c --- squid/auth_modules/PAM/pam_auth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,190 +0,0 @@ -/* - * $Id: pam_auth.c,v 1.1.1.1.10.1 2000/04/17 00:13:07 hno Exp $ - * - * PAM authenticator module for Squid. - * Copyright (C) 1999 Henrik Nordstrom - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - * Install instructions: - * - * This program authenticates users against a PAM configured authentication - * service "squid". This allows you to authenticate Squid users to any - * authentication source for which you have a PAM module. Commonly available - * PAM modules includes "UNIX", RADIUS, Kerberos and SMB, but a lot of other - * PAM modules are available from various sources. - * - * Example PAM configuration for standard UNIX passwd authentication: - * /etc/pam.conf: - * squid auth required /lib/security/pam_unix.so.1 - * squid account required /lib/security/pam_unix.so.1 - * - * Note that some PAM modules (for example shadow password authentication) - * requires the program to be installed suid root, or PAM will not allow - * it to authenticate other users than it runs as (this is a security - * limitation of PAM to avoid automated probing of passwords). - * - * Compile this program with: gcc -o pam_auth pam_auth.c -lpam -ldl - * - */ - -#include -#include -#include -#include -#include -#include - -#include - -#define BUFSIZE 8192 - - -/* The default PAM service name */ -#ifndef SQUID_PAM_SERVICE -#define SQUID_PAM_SERVICE "squid" -#endif - -/* How often to reinitialize PAM, in seconds. Undefined = never, 0=always */ -/* #define PAM_CONNECTION_TTL 60 */ - -static int reset_pam = 1; /* Set to one if it is time to reset PAM processing */ - -static char *password = NULL; /* Workaround for Solaris 2.6 brokenness */ - -/* - * A simple "conversation" function returning the supplied password. - * Has a bit to much error control, but this is my first PAM application - * so I'd rather check everything than make any mistakes. The function - * expects a single converstation message of type PAM_PROMPT_ECHO_OFF. - */ -static int -password_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) -{ - if (num_msg != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF) { - fprintf(stderr, "ERROR: Unexpected PAM converstaion '%d/%s'\n", msg[0]->msg_style, msg[0]->msg); - return PAM_CONV_ERR; - } - if (!appdata_ptr) { - /* Workaround for Solaris 2.6 where the PAM library is broken - * and does not pass appdata_ptr to the conversation routine - */ - appdata_ptr = password; - } - if (!appdata_ptr) { - fprintf(stderr, "ERROR: No password available to password_converstation!\n"); - return PAM_CONV_ERR; - } - *resp = calloc(num_msg, sizeof(struct pam_response)); - if (!*resp) { - fprintf(stderr, "ERROR: Out of memory!\n"); - return PAM_CONV_ERR; - } - (*resp)[0].resp = strdup((char *) appdata_ptr); - (*resp)[0].resp_retcode = 0; - - return ((*resp)[0].resp ? PAM_SUCCESS : PAM_CONV_ERR); -} - -static struct pam_conv conv = -{ - &password_conversation, - NULL -}; - -void -signal_received(int sig) -{ - reset_pam = 1; - signal(sig, signal_received); -} - -int -main(int argc, char *argv[]) -{ - pam_handle_t *pamh = NULL; - int retval; - char *user; - /* char *password; */ - char buf[BUFSIZE]; - time_t pamh_created = 0; - - signal(SIGHUP, signal_received); - - /* make standard output line buffered */ - setvbuf(stdout, NULL, _IOLBF, 0); - - while (retval = PAM_SUCCESS, fgets(buf, BUFSIZE, stdin)) { - user = buf; - password = strchr(buf, '\n'); - if (!password) { - fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf); - fprintf(stdout, "ERR\n"); - continue; - } - *password = '\0'; - password = strchr(buf, ' '); - if (!password) { - fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf); - fprintf(stdout, "ERR\n"); - continue; - } - *password++ = '\0'; - conv.appdata_ptr = (char *) password; /* from buf above. not allocated */ -#ifdef PAM_CONNECTION_TTL - if (pamh_created + PAM_CONNECTION_TTL >= time(NULL)) - reset_pam = 1; -#endif - if (reset_pam && pamh) { - /* Close previous PAM connection */ - retval = pam_end(pamh, retval); - if (retval != PAM_SUCCESS) { - fprintf(stderr, "ERROR: failed to release PAM authenticator\n"); - } - pamh = NULL; - } - if (!pamh) { - /* Initialize PAM connection */ - retval = pam_start(SQUID_PAM_SERVICE, "squid@", &conv, &pamh); - if (retval != PAM_SUCCESS) { - fprintf(stderr, "ERROR: failed to create PAM authenticator\n"); - } - reset_pam = 0; - pamh_created = time(NULL); - } - if (retval == PAM_SUCCESS) - retval = pam_set_item(pamh, PAM_USER, user); - if (retval == PAM_SUCCESS) - retval = pam_set_item(pamh, PAM_CONV, &conv); - if (retval == PAM_SUCCESS) - retval = pam_authenticate(pamh, 0); - if (retval == PAM_SUCCESS) - retval = pam_acct_mgmt(pamh, 0); - if (retval == PAM_SUCCESS) { - fprintf(stdout, "OK\n"); - } else { - fprintf(stdout, "ERR\n"); - } - } - - if (pamh) { - retval = pam_end(pamh, retval); - if (retval != PAM_SUCCESS) { - pamh = NULL; - fprintf(stderr, "ERROR: failed to release PAM authenticator\n"); - } - } - return (retval == PAM_SUCCESS ? 0 : 1); /* indicate success */ -} --- squid/auth_modules/SMB/COPYING-2.0 Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,341 +0,0 @@ - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 675 Mass Ave, Cambridge, MA 02139, USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - Appendix: How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) 19yy - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) 19yy name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General -Public License instead of this License. - --- squid/auth_modules/SMB/Changelog Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,56 +0,0 @@ -28 September 1999, version 0.05 - -- Easier debugging: added the -d option to smb_auth. - -- Bugfix: a password containing a backslash character was always - denied. Reported by Menno Stevens. - -- The -S option now accepts both slashes and backslashes and - allows the share name to be preceded by a (back)slash. - -5 June 1999, version 0.04 - -- Allow for both \n and \r\n end-of-line termination in the - proxyauth file located on the PDC. This eliminates the most - common installation problem. - -- The location of the proxyauth file can be changed (for each - domain) using the new -S option. Useful when the NETLOGON - share is located on a FAT filesystem. - Thanks to Colin Manning . - -2 Februari 1999, version 0.03 - -- Support for pass-through authentication (trust relationships) - added. Suggested by Matthew Wood . - -- Bugfix: smb_auth.sh searched for the PDC only. - -- Many documentation improvements. - -9 December 1998, version 0.02 - -- smb_auth now uses Samba instead of pam_smb. This simplifies the - installation of smb_auth and increases platform support. - -- Access control by user and group: smb_auth now tries to read - the file \netlogon\proxyauth. By restricting read access on - this file access to the proxy can be controlled. - -- Easier configuration: - - - smb_auth is now fully configurable with command-line options - (i.e. in squid.conf). No more hacking in the source code. - - - In most cases it is sufficient to specify just the domain name. - smb_auth searches for a working domain controller on each - authentication request (note that Squid caches valid requests). - -- Easier installation: Makefile added. Simply typing "make install" - will work for most people. - -- In a multi-domain situation, users must now enter domain\user - instead of user\domain. This conforms to NT notation. Thanks to - Jason Haar for pointing this out. - -31 July 1998, version 0.01 --- squid/auth_modules/SMB/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,118 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id: Makefile.in,v 1.1.1.1.12.2 2000/07/03 21:44:31 hno Exp $ -# -# Uncomment and customize the following to suit your needs: -# - -# SAMBAPREFIX must point to the directory where Samba has been installed. -# By default, Samba is installed in /usr/local/samba. If you changed this -# by using the --prefix option when configuring Samba, you need to change -# SAMBAPREFIX accordingly. - -SAMBAPREFIX=/usr/local/samba - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -cgi_suffix = @cgi_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -libexecdir = @libexecdir@ -sysconfdir = @sysconfdir@ -localstatedir = @localstatedir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -# Gotta love the DOS legacy -# -SMB_AUTH_EXE = smb_auth$(exec_suffix) -SMB_AUTH_HELPER = smb_auth.sh -SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -INSTALL_FILE = @INSTALL_DATA@ -INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 -RANLIB = @RANLIB@ -LN_S = @LN_S@ -PERL = @PERL@ -CRYPTLIB = @CRYPTLIB@ -REGEXLIB = @REGEXLIB@ -PTHREADLIB = @PTHREADLIB@ -SNMPLIB = @SNMPLIB@ -MALLOCLIB = @LIB_MALLOC@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh -DEFINES = -DSAMBAPREFIX=\"$(SAMBAPREFIX)\" -DHELPERSCRIPT=\"$(SMB_AUTH_HELPER_PATH)\" - -INCLUDE = -I. -I../../include -I$(top_srcdir)/include -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -AUTH_LIBS = $(XTRA_LIBS) - -LIBPROGS = $(SMB_AUTH_EXE) -LIBSCRIPTS = $(SMB_AUTH_HELPER) -OBJS = smb_auth.o - -all: $(LIBPROGS) - -$(SMB_AUTH_EXE): smb_auth.o - $(CC) $(LDFLAGS) smb_auth.o -o $@ $(AUTH_LIBS) - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(libexecdir); then \ - echo "mkdir $(libexecdir)"; \ - mkdir $(libexecdir); \ - fi - -# Michael Lupp wants to know about additions -# to the install target. -install: all install-mkdirs - @for f in $(LIBPROGS); do \ - if test -f $(libexecdir)/$$f; then \ - echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(libexecdir); \ - $(INSTALL_BIN) $$f $(libexecdir); \ - if test -f $(libexecdir)/-$$f; then \ - echo $(RM) -f $(libexecdir)/-$$f; \ - $(RM) -f $(libexecdir)/-$$f; \ - fi; \ - done - @for f in $(LIBSCRIPTS); do \ - if test -f $(libexecdir)/$$f; then \ - echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(libexecdir); \ - $(INSTALL_BIN) $(srcdir)/$$f $(libexecdir); \ - if test -f $(libexecdir)/-$$f; then \ - echo $(RM) -f $(libexecdir)/-$$f; \ - $(RM) -f $(libexecdir)/-$$f; \ - fi; \ - done - -clean: - -rm -rf *.o *pure_* core $(LIBPROGS) - -distclean: clean - -rm -f Makefile - -tags: - ctags *.[ch] - -depend: - $(MAKEDEPEND) -fMakefile *.c --- squid/auth_modules/SMB/README Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,3 +0,0 @@ -For documentation, please refer to - - http://www.hacom.nl/~richard/software/smb_auth.html --- squid/auth_modules/SMB/smb_auth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,232 +0,0 @@ -/* - * smb_auth - SMB proxy authentication module - * Copyright (C) 1998 Richard Huveneers - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -#include - -#define BUFSIZE 256 -#define NMB_UNICAST 1 -#define NMB_BROADCAST 2 - -struct SMBDOMAIN { - char *name; /* domain name */ - char *sname; /* match this with user input */ - char *passthrough; /* pass-through authentication */ - char *nmbaddr; /* name service address */ - int nmbcast; /* broadcast or unicast */ - char *authshare; /* share name of auth file */ - char *authfile; /* pathname of auth file */ - struct SMBDOMAIN *next; /* linked list */ -}; - -struct SMBDOMAIN *firstdom = NULL; -struct SMBDOMAIN *lastdom = NULL; - -/* - * escape the backslash character, since it has a special meaning - * to the read command of the bourne shell. - */ - -void -print_esc(FILE * p, char *s) -{ - char buf[256]; - char *t; - int i = 0; - - for (t = s; *t != '\0'; t++) { - if (i > 250) { - buf[i] = '\0'; - (void) fputs(buf, p); - i = 0; - } - if (*t == '\\') - buf[i++] = '\\'; - - buf[i++] = *t; - } - - if (i > 0) { - buf[i] = '\0'; - (void) fputs(buf, p); - } -} - -int -main(int argc, char *argv[]) -{ - int i; - char buf[BUFSIZE]; - struct SMBDOMAIN *dom; - char *s; - char *user; - char *pass; - char *domname; - FILE *p; - int debug = 0; - char *shcmd; - - /* make standard output line buffered */ - if (setvbuf(stdout, NULL, _IOLBF, 0) != 0) - return 1; - - /* parse command line arguments */ - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "-d") == 0) { - debug = 1; - continue; - } - /* the next options require an argument */ - if (i + 1 == argc) - break; - - if (strcmp(argv[i], "-W") == 0) { - if ((dom = (struct SMBDOMAIN *) malloc(sizeof(struct SMBDOMAIN))) == NULL) - return 1; - - dom->name = dom->sname = argv[++i]; - dom->passthrough = ""; - dom->nmbaddr = ""; - dom->nmbcast = NMB_BROADCAST; - dom->authshare = "NETLOGON"; - dom->authfile = "proxyauth"; - dom->next = NULL; - - /* append to linked list */ - if (lastdom != NULL) - lastdom->next = dom; - else - firstdom = dom; - - lastdom = dom; - continue; - } - if (strcmp(argv[i], "-w") == 0) { - if (lastdom != NULL) - lastdom->sname = argv[++i]; - continue; - } - if (strcmp(argv[i], "-P") == 0) { - if (lastdom != NULL) - lastdom->passthrough = argv[++i]; - continue; - } - if (strcmp(argv[i], "-B") == 0) { - if (lastdom != NULL) { - lastdom->nmbaddr = argv[++i]; - lastdom->nmbcast = NMB_BROADCAST; - } - continue; - } - if (strcmp(argv[i], "-U") == 0) { - if (lastdom != NULL) { - lastdom->nmbaddr = argv[++i]; - lastdom->nmbcast = NMB_UNICAST; - } - continue; - } - if (strcmp(argv[i], "-S") == 0) { - if (lastdom != NULL) { - if ((lastdom->authshare = strdup(argv[++i])) == NULL) - return 1; - - /* convert backslashes to forward slashes */ - for (s = lastdom->authshare; *s != '\0'; s++) - if (*s == '\\') - *s = '/'; - - /* strip leading forward slash from share name */ - if (*lastdom->authshare == '/') - lastdom->authshare++; - - if ((s = strchr(lastdom->authshare, '/')) != NULL) { - *s = '\0'; - lastdom->authfile = s + 1; - } - } - continue; - } - } - - shcmd = debug ? HELPERSCRIPT : HELPERSCRIPT " > /dev/null 2>&1"; - - /* pass to helper script */ - if (putenv("SAMBAPREFIX=" SAMBAPREFIX) != 0) - return 1; - - while (1) { - if (fgets(buf, BUFSIZE, stdin) == NULL) - break; - - if ((s = strchr(buf, '\n')) == NULL) - continue; - *s = '\0'; - - if ((s = strchr(buf, ' ')) == NULL) { - (void) printf("ERR\n"); - continue; - } - *s = '\0'; - - user = buf; - pass = s + 1; - domname = NULL; - - if ((s = strchr(user, '\\')) != NULL) { - *s = '\0'; - domname = user; - user = s + 1; - } - /* match domname with linked list */ - if (domname != NULL && strlen(domname) > 0) { - for (dom = firstdom; dom != NULL; dom = dom->next) - if (strcasecmp(dom->sname, domname) == 0) - break; - } else - dom = firstdom; - - if (dom == NULL) { - (void) printf("ERR\n"); - continue; - } - if ((p = popen(shcmd, "w")) == NULL) { - (void) printf("ERR\n"); - continue; - } - (void) fprintf(p, "%s\n", dom->name); - (void) fprintf(p, "%s\n", dom->passthrough); - (void) fprintf(p, "%s\n", dom->nmbaddr); - (void) fprintf(p, "%d\n", dom->nmbcast); - (void) fprintf(p, "%s\n", dom->authshare); - (void) fprintf(p, "%s\n", dom->authfile); - (void) fprintf(p, "%s\n", user); - /* the password can contain special characters */ - print_esc(p, pass); - (void) fputc('\n', p); - (void) fflush(p); - - if (pclose(p) == 0) - (void) printf("OK\n"); - else - (void) printf("ERR\n"); - - } /* while (1) */ - return 0; -} --- squid/auth_modules/SMB/smb_auth.sh Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,71 +0,0 @@ -#!/bin/sh -# -# smb_auth - SMB proxy authentication module -# Copyright (C) 1998 Richard Huveneers -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -read DOMAINNAME -read PASSTHROUGH -read NMBADDR -read NMBCAST -read AUTHSHARE -read AUTHFILE -read SMBUSER -read SMBPASS - -# Find domain controller -echo "Domain name: $DOMAINNAME" -if [ -n "$PASSTHROUGH" ] -then - echo "Pass-through authentication: yes: $PASSTHROUGH" -else - echo "Pass-through authentication: no" - PASSTHROUGH="$DOMAINNAME" -fi -if [ -n "$NMBADDR" ] -then - if [ "$NMBCAST" = "1" ] - then - addropt="-U $NMBADDR -R" - else - addropt="-B $NMBADDR" - fi -else - addropt="" -fi -echo "Query address options: $addropt" -dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` -echo "Domain controller IP address: $dcip" -[ -n "$dcip" ] || exit 1 - -# All right, we have the IP address of a domain controller, -# but we need its name too -dcname=`$SAMBAPREFIX/bin/nmblookup -A $dcip | awk '$2 == "<00>" { print $1 ; exit }'` -echo "Domain controller NETBIOS name: $dcname" -[ -n "$dcname" ] || exit 1 - -# Pass password to smbclient through environment. Not really safe. -USER="$SMBUSER%$SMBPASS" -export USER - -# Read the contents of the file $AUTHFILE on the $AUTHSHARE share -authfilebs=`echo "$AUTHFILE" | tr / '\\\\'` -authinfo=`$SAMBAPREFIX/bin/smbclient "//$dcname/$AUTHSHARE" -I $dcip -d 0 -E -W "$DOMAINNAME" -c "get $authfilebs -" 2>/dev/null` -echo "Contents of //$dcname/$AUTHSHARE/$AUTHFILE: $authinfo" - -# Allow for both \n and \r\n end-of-line termination -[ "$authinfo" = "allow" -o "$authinfo" = "allow " ] || exit 1 -exit 0 --- squid/auth_modules/YP/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,100 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id$ -# -# Uncomment and customize the following to suit your needs: -# - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -cgi_suffix = @cgi_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -libexecdir = @libexecdir@ -sysconfdir = @sysconfdir@ -localstatedir = @localstatedir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -# Gotta love the DOS legacy -# -YP_AUTH_EXE = yp_auth$(exec_suffix) - -DEFAULT_PASSWD_FILE = $(sysconfdir)/passwd - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -INSTALL_FILE = @INSTALL_DATA@ -INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 -RANLIB = @RANLIB@ -LN_S = @LN_S@ -PERL = @PERL@ -CRYPTLIB = @CRYPTLIB@ -REGEXLIB = @REGEXLIB@ -PTHREADLIB = @PTHREADLIB@ -SNMPLIB = @SNMPLIB@ -MALLOCLIB = @LIB_MALLOC@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh - - -INCLUDE = -I. -I../../include -I$(top_srcdir)/include -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -AUTH_LIBS = -L../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) - -PROGS = $(YP_AUTH_EXE) -OBJS = yp_auth.o nis_support.o - -all: $(YP_AUTH_EXE) - -$(OBJS): $(top_srcdir)/include/version.h - -$(YP_AUTH_EXE): $(OBJS) - $(CC) $(LDFLAGS) $(OBJS) -o $@ $(AUTH_LIBS) - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(bindir); then \ - echo "mkdir $(bindir)"; \ - mkdir $(bindir); \ - fi - -# Michael Lupp wants to know about additions -# to the install target. -install: all install-mkdirs - @for f in $(PROGS); do \ - if test -f $(bindir)/$$f; then \ - echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(bindir); \ - $(INSTALL_BIN) $$f $(bindir); \ - if test -f $(bindir)/-$$f; then \ - echo $(RM) -f $(bindir)/-$$f; \ - $(RM) -f $(bindir)/-$$f; \ - fi; \ - done - -clean: - -rm -rf *.o *pure_* core $(PROGS) - -distclean: clean - -rm -f Makefile - -tags: - ctags *.[ch] ../include/*.h ../lib/*.[ch] - -depend: - $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- squid/auth_modules/YP/nis_support.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,46 +0,0 @@ -/* - * Written By Rabellino Sergio (rabellino@di.unito.it) For Solaris 2.x - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#define NO_YPERR 0 /* There is no error */ - -int -get_nis_password(char *user, char *passwd, char *nisdomain, char *nismap) -{ - char *val = NULL; - char *username = NULL; - int vallen, res; - -#ifdef DEBUG - printf("Domain is set to %s\n", nisdomain); - printf("YP Map is set to %s\n", nismap); -#endif - - /* Get NIS entry */ - res = yp_match(nisdomain, nismap, user, strlen(user), &val, &vallen); - - switch (res) { - case NO_YPERR: - username = strtok(val, ":"); - strcpy(passwd, strtok(NULL, ":")); - free(val); - break; - case YPERR_YPBIND: - syslog(LOG_ERR, "Squid Authentication through ypbind failure: can't communicate with ypbind"); - return 1; - case YPERR_KEY: /* No such key in map */ - return 1; - default: - return 1; - } - return 0; -} --- squid/auth_modules/YP/yp_auth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,81 +0,0 @@ -/* - * Adapted By Rabellino Sergio (rabellino@di.unito.it) For Solaris 2.x - * From NCSA Authentication module - */ - -#include "config.h" -#if HAVE_STDIO_H -#include -#endif -#if HAVE_STDLIB_H -#include -#endif -#if HAVE_UNISTD_H -#include -#endif -#if HAVE_STRING_H -#include -#endif -#if HAVE_SYS_TYPES_H -#include -#endif -#if HAVE_SYS_STAT_H -#include -#endif -#if HAVE_CRYPT_H -#include -#endif - -#include "util.h" -#include "hash.h" - -int get_nis_password(); - - -int -main(int argc, char **argv) -{ - char buf[256]; - char nispasswd[15]; - char *nisdomain; - char *nismap; - char *user, *passwd, *p; - int res; - setbuf(stdout, NULL); - - if (argc != 3) { - fprintf(stderr, "Usage: yp_auth \n"); - fprintf(stderr, "\n"); - fprintf(stderr, "Example yp_auth mydomain.com passwd.byname\n"); - exit(1); - } - nisdomain = argv[1]; - nismap = argv[2]; - - while (fgets(buf, 256, stdin) != NULL) { - if ((p = strchr(buf, '\n')) != NULL) - *p = '\0'; /* strip \n */ - - if ((user = strtok(buf, " ")) == NULL) { - printf("ERR\n"); - continue; - } - if ((passwd = strtok(NULL, "")) == NULL) { - printf("ERR\n"); - continue; - } - res = get_nis_password(user, nispasswd, nisdomain, nismap); - - if (res) { - /* User does not exist */ - printf("ERR\n"); - } else if (strcmp(nispasswd, (char *) crypt(passwd, nispasswd))) { - /* Password incorrect */ - printf("ERR\n"); - } else { - /* All ok !, thanks... */ - printf("OK\n"); - } - } - exit(0); -} --- squid/auth_modules/getpwnam/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,80 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id: Makefile.in,v 1.1.1.2 2000/01/26 03:25:00 hno Exp $ -# -# Uncomment and customize the following to suit your needs: -# - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -# Gotta love the DOS legacy -# -GETPWNAM_AUTH_EXE = getpwnam_auth$(exec_suffix) - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -CRYPTLIB = @CRYPTLIB@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh - - -INCLUDE = -I. -I../../include -I$(top_srcdir)/include -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -AUTH_LIBS = -L../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) - -PROGS = $(GETPWNAM_AUTH_EXE) -OBJS = getpwnam_auth.o - -all: $(GETPWNAM_AUTH_EXE) - -$(OBJS): $(top_srcdir)/include/version.h - -$(GETPWNAM_AUTH_EXE): $(OBJS) - $(CC) $(LDFLAGS) $(OBJS) -o $@ $(AUTH_LIBS) - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(bindir); then \ - echo "mkdir $(bindir)"; \ - mkdir $(bindir); \ - fi - -install: all install-mkdirs - @for f in $(PROGS); do \ - if test -f $(bindir)/$$f; then \ - echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(bindir); \ - $(INSTALL_BIN) $$f $(bindir); \ - if test -f $(bindir)/-$$f; then \ - echo $(RM) -f $(bindir)/-$$f; \ - $(RM) -f $(bindir)/-$$f; \ - fi; \ - done - -clean: - -rm -rf *.o *pure_* core $(PROGS) - -distclean: clean - -rm -f Makefile - -depend: - $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- squid/auth_modules/getpwnam/getpwnam_auth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,80 +0,0 @@ -/* - * getpwnam_auth.c - * - * AUTHOR: Erik Hofman - * Robin Elfrink - * - * Example authentication program for Squid, based on the - * original proxy_auth code from client_side.c, written by - * Jon Thackray . - * - * Uses getpwnam() routines for authentication. - * This has the following advantages over the NCSA module: - * - * - Allow authentication of all know local users - * - Allows authentication through nsswitch.conf - * + can handle NIS(+) requests - * + can handle LDAP request - * + can handle PAM request - * - */ - -#include "config.h" - -#if HAVE_STDIO_H -#include -#endif -#if HAVE_STDLIB_H -#include -#endif -#if HAVE_UNISTD_H -#include -#endif -#if HAVE_STRING_H -#include -#endif -#if HAVE_CRYPT_H -#include -#endif -#if HAVE_PWD_H -#include -#endif - - -#define ERR "ERR\n" -#define OK "OK\n" - -int -main() -{ - char buf[256]; - struct passwd *pwd; - char *user, *passwd, *p; - - setbuf(stdout, NULL); - while (fgets(buf, 256, stdin) != NULL) { - - if ((p = strchr(buf, '\n')) != NULL) - *p = '\0'; /* strip \n */ - - if ((user = strtok(buf, " ")) == NULL) { - printf(ERR); - continue; - } - if ((passwd = strtok(NULL, "")) == NULL) { - printf(ERR); - continue; - } - pwd = getpwnam(user); - if (pwd == NULL) { - printf(ERR); - } else { - if (strcmp(pwd->pw_passwd, (char *) crypt(passwd, pwd->pw_passwd))) { - printf(ERR); - } else { - printf(OK); - } - } - } - exit(0); -} --- squid/auth_modules/multi-domain-NTLM/README.txt Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,17 +0,0 @@ - -From: "Chemolli Francesco (USI)" -Subject: Multiple NT domains authenticator -Date: Fri, 7 Jul 2000 15:37:32 +0200 - -This is the multi-domain NTLM authenticator, blissfully undocumented -(but there's a few strategic comments, so that at least the user -is not left alone). - -The user is expected to enter his/her credentials as domain\username -or domain/username (in analogy to what M$-Proxy does). - -Requires Authen::SMB from CPAN and Samba if you need to perform netbios -queries. - - Francesco 'Kinkie' Chemolli - --- squid/auth_modules/multi-domain-NTLM/smb_auth.pl Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,132 +0,0 @@ -#!/usr/bin/perl - -#if you define this, debugging output will be printed to STDERR. -$debug=1; - -#to force using some DC for some domains, fill in this hash. -#the key is a regexp matched against the domain name -# the value is an array ref with PDC and BDC. -# the order the names are matched in is UNDEFINED. -#i.e.: -# %controllers = ( "domain" => ["pdc","bdc"]); - -#%controllers = ( ".*" => ["tlc5",undef]); - -#define this if you wish to use a WINS server. If undefined, broadcast -# will be attempted. -$wins_server="c0wins"; - - -# Some servers (at least mine) really really want to be called by address. -# If this variable is defined, we'll ask nmblookup to do a reverse DNS on the -# DC addresses. It might fail though, for instance because you have a crappy -# DNS with no reverse zones or records. If it doesn't work, you'll have to -# fall back to the %controllers hack. -$try_reverse_dns=1; - -# Soem servers (at least mine) don't like to be called by their fully -# qualified name. define this if you wish to call them ONLY by their -# hostname. -$dont_use_fqdn=1; - -#no more user-serviceable parts -use Authen::Smb; - -#variables: -# %pdc used to cache the domain -> pdc_ip values. IT NEVER EXPIRES! - - -while (<>) { - if (! m;([^\\]+)(\\|/)(\S+)\s(.*); ) { #parse the line - print "ERR\n"; - next; - } - $domain=$1; - $user=$3; - $pass=$4; - print STDERR "domain: $domain, user: $user, pass=$pass\n" - if (defined ($debug)); - # check out that we know the PDC address - if (!$pdc{$domain}) { - ($pdc,$bdc)=&discover_dc($domain); - if ($pdc) { - $pdc{$domain}=$pdc; - $bdc{$domain}=$bdc; - } - } - $pdc=$pdc{$domain}; - $bdc=$bdc{$domain}; - if (!$pdc) { - #a pdc was not found - print "ERR\n"; - print STDERR "No PDC found\n" if (defined($debug)); - next; - } - - print STDERR "querying '$pdc' and '$bdc' for user '$domain\\$user', ". - "pass $pass\n" if (defined($debug)); - $result=Authen::Smb::authen($user,$pass,$pdc,$bdc,$domain); - print STDERR "result is: $nt_results{$result} ($result)\n" - if (defined($debug)); - if ($result == NTV_NO_ERROR) { - print STDERR ("OK for user '$domain\\$user'\n") if (defined($debug)); - print ("OK\n"); - } else { - print STDERR "Could not authenticate user '$domain\\$user'\n"; - print ("ERR\n"); - } -} - -#why do Microsoft servers have to be so damn picky and convoluted? -sub discover_dc { - my $domain = shift @_; - my ($pdc, $bdc, $lookupstring, $datum); - - foreach (keys %controllers) { - if ($domain =~ /$_/) { - print STDERR "DCs forced by user: $_ => ". - join(',',@{$controllers{$_}}). - "\n" if (defined($debug)); - return @{$controllers{$_}}; - } - } - $lookupstring="nmblookup"; - $lookupstring.=" -R -U $wins_server" if (defined($wins_server)); - $lookupstring.=" -T" if (defined($try_reverse_dns)); - $lookupstring.=" '$domain#1c'"; - print STDERR "Discovering PDC: $lookupstring\n" - if (defined($debug)); - #discover the PDC address - open(PDC,"$lookupstring|"); - while () { - print STDERR "response line: $_" if (defined($debug)); - if (m|(.*), (\d+\.\d+\.\d+\.\d+)|) { - $datum=$1; - print STDERR "matched $datum\n" if (defined($debug)); - if (defined($dont_use_fqdn) && $datum =~ /^([^.]+)\..*/) { - $datum=$1; - print STDERR "stripped domain name: $datum\n" if (defined($debug)); - } - } elsif (m|^(\d+\.\d+\.\d+\.\d+)|) { - $datum=$1; - } else { - #no data here, go to next line - next; - } - if ($datum) { - if ($pdc) { - $bdc=$datum; - print STDERR "BDC is $datum\n" if (defined($debug)); - last; - } else { - $pdc=$datum; - print STDERR "PDC is $datum\n" if (defined($debug)); - } - last; - } - } - close(PDC); - return ($pdc,$bdc) if ($pdc); - return 0; -} - --- squid/ntlm_auth_modules/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,38 +0,0 @@ -# Makefile for storage modules in the Squid Object Cache server -# -# $Id: Makefile.in,v 1.1.2.1.2.2 2001/01/07 02:49:31 rbcollins Exp $ -# - -# The 'nop' is in the SUBDIRS list because some Unixes that can't -# handle empty for lists. - -SUBDIRS = @NTLM_AUTH_MODULES@ nop - -all: - @for dir in $(SUBDIRS); do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) all" || exit 1; \ - fi; \ - done; - -clean: - -for dir in *; do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) clean"; \ - fi; \ - done - -distclean: - -rm -f Makefile - -for dir in *; do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) distclean"; \ - fi; \ - done - -.DEFAULT: - @for dir in $(SUBDIRS); do \ - if [ -f $$dir/Makefile ]; then \ - sh -c "cd $$dir && $(MAKE) $@" || exit 1; \ - fi; \ - done; --- squid/ntlm_auth_modules/NTLMSSP/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,86 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id: Makefile.in,v 1.1.2.3.2.3 2001/01/07 02:49:31 rbcollins Exp $ -# -# Uncomment and customize the following to suit your needs: -# - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -# Gotta love the DOS legacy -# -NTLM_AUTH_EXE = ntlm_auth$(exec_suffix) - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -CRYPTLIB = @CRYPTLIB@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh - - -INCLUDE = -I. -I../../include -I$(srcdir)/smbval -I$(top_srcdir)/include -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -AUTH_LIBS = -L../../lib -lntlmauth -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) - -PROGS = $(NTLM_AUTH_EXE) -OBJS = ntlm_auth.o libntlmssp.o - -all: $(NTLM_AUTH_EXE) smbval/smbvalid.a - -$(OBJS): $(top_srcdir)/include/version.h ntlm.h - -$(NTLM_AUTH_EXE): $(OBJS) smbval/smbvalid.a - $(CC) $(LDFLAGS) $(OBJS) smbval/smbvalid.a -o $@ $(AUTH_LIBS) - -smbval/smbvalid.a: smbval/stamp - -smbval smbval/stamp: - @sh -c "cd smbval && $(MAKE) all" - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(bindir); then \ - echo "mkdir $(bindir)"; \ - mkdir $(bindir); \ - fi - -install: all install-mkdirs - @for f in $(PROGS); do \ - if test -f $(bindir)/$$f; then \ - echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(bindir); \ - $(INSTALL_BIN) $$f $(bindir); \ - if test -f $(bindir)/-$$f; then \ - echo $(RM) -f $(bindir)/-$$f; \ - $(RM) -f $(bindir)/-$$f; \ - fi; \ - done - -clean: - -rm -rf *.o *pure_* core $(PROGS) - cd smbval; make clean - -distclean: clean - -rm -f Makefile - -depend: - $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- squid/ntlm_auth_modules/NTLMSSP/libntlmssp.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,221 +0,0 @@ -/* - * (C) 2000 Francesco Chemolli - * Distributed freely under the terms of the GNU General Public License, - * version 2. See the file COPYING for licensing details - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - */ - - -#include "ntlm.h" -#include "util.h" /* from Squid */ -#include "valid.h" - -#if HAVE_STRING_H -#include -#endif /* HAVE_STRING_H */ -#if HAVE_STDLIB_H -#include -#endif /* HAVE_STDLIB_H */ -#ifdef HAVE_UNISTD_H -#include -#endif - -#include "smblib-priv.h" /* for SMB_Handle_Type */ - -/* a few forward-declarations. Hackish, but I don't care right now */ -SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type Con_Handle, - char *server, char *NTdomain); - -/* this one is reallllly haackiish. We really should be using anything from smblib-priv.h - */ -static char *SMB_Prots[] = -{"PC NETWORK PROGRAM 1.0", - "MICROSOFT NETWORKS 1.03", - "MICROSOFT NETWORKS 3.0", - "DOS LANMAN1.0", - "LANMAN1.0", - "DOS LM1.2X002", - "LM1.2X002", - "DOS LANMAN2.1", - "LANMAN2.1", - "Samba", - "NT LM 0.12", - "NT LANMAN 1.0", - NULL}; - -#if 0 -int SMB_Discon(SMB_Handle_Type Con_Handle, BOOL KeepHandle); -int SMB_Negotiate(void *Con_Handle, char *Prots[]); -int SMB_Logon_Server(SMB_Handle_Type Con_Handle, char *UserName, - char *PassWord, char *Domain, int precrypted); -#endif - -#ifdef DEBUG -#define debug_dump_ntlmssp_flags dump_ntlmssp_flags -#else /* DEBUG */ -#define debug_dump_ntlmssp_flags(X) /* empty */ -#endif /* DEBUG */ - - -static char challenge[NONCE_LEN]; -SMB_Handle_Type handle = NULL; - -/* Disconnects from the DC. A reconnection will be done upon the next request - */ -void -dc_disconnect() -{ - if (handle != NULL) - SMB_Discon(handle, 0); - handle = NULL; -} - -int -connectedp() -{ - return (handle != NULL); -} - - -/* Tries to connect to a DC. Returns 0 on failure, 1 on OK */ -int -is_dc_ok(char *domain, - char *domain_controller) -{ - SMB_Handle_Type h = SMB_Connect_Server(NULL, domain_controller, domain); - if (h == NULL) - return 0; - SMB_Discon(h, 0); - return 1; -} - - -/* returns 0 on success, > 0 on failure */ -static int -init_challenge(char *domain, char *domain_controller) -{ - int smberr; - char errstr[100]; - - if (handle != NULL) { - return 0; - } - debug("Connecting to server %s domain %s\n", domain_controller, domain); - handle = SMB_Connect_Server(NULL, domain_controller, domain); - smberr = SMB_Get_Last_Error(); - SMB_Get_Error_Msg(smberr, errstr, 100); - - - if (handle == NULL) { /* couldn't connect */ - debug("Couldn't connect to SMB Server. Error:%s\n", errstr); - return 1; - } - if (SMB_Negotiate(handle, SMB_Prots) < 0) { /* An error */ - debug("Error negotiating protocol with SMB Server\n"); - SMB_Discon(handle, 0); - handle = NULL; - return 2; - } - if (handle->Security == 0) { /* share-level security, unuseable */ - debug("SMB Server uses share-level security .. we need user sercurity.\n"); - SMB_Discon(handle, 0); - handle = NULL; - return 3; - } - memcpy(challenge, handle->Encrypt_Key, NONCE_LEN); - return 0; -} - -const char * -make_challenge(char *domain, char *domain_controller) -{ - if (init_challenge(domain, domain_controller) > 0) - return NULL; - return ntlm_make_challenge(domain, domain_controller, challenge, - NONCE_LEN); -} - -#define min(A,B) (Almresponse); - if (tmp.str == NULL) { - fprintf(stderr, "No auth at all. Returning no-auth\n"); - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } - memcpy(pass, tmp.str, tmp.l); - pass[25] = '\0'; - -/* debug("fetching domain\n"); */ - tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->domain); - if (tmp.str == NULL) { - debug("No domain supplied. Returning no-auth\n"); - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } - memcpy(domain, tmp.str, tmp.l); - user = domain + tmp.l; - *user++ = '\0'; - -/* debug("fetching user name\n"); */ - tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->user); - if (tmp.str == NULL) { - debug("No username supplied. Returning no-auth\n"); - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } - memcpy(user, tmp.str, tmp.l); - *(user + tmp.l) = '\0'; - - debug("checking domain: '%s', user: '%s', pass='%s'\n", domain, user, pass); - - rv = SMB_Logon_Server(handle, user, pass, domain, 1); - - while ((rv == NTLM_BAD_PROTOCOL || rv == NTLM_SERVER_ERROR) - && retries < BAD_DC_RETRIES_NUMBER) { - retries++; - usleep((unsigned long) 100000); - rv = SMB_Logon_Server(handle, user, pass, domain, 1); - } - - debug("\tresult is %d\n", rv); - - if (rv != NTV_NO_ERROR) { /* failed */ - ntlm_errno = rv; - return NULL; - } - *(user - 1) = '\\'; - - debug("credentials: %s\n", credentials); - return credentials; -} --- squid/ntlm_auth_modules/NTLMSSP/ntlm.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,100 +0,0 @@ -/* - * (C) 2000 Francesco Chemolli , - * inspired by previous work by Andy Doran - * - * Distributed freely under the terms of the GNU General Public License, - * version 2. See the file COPYING for licensing details - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - */ - -#ifndef _NTLM_H_ -#define _NTLM_H_ - -#include "config.h" -#include "ntlmauth.h" - -/* for time_t */ -#if HAVE_TIME_H -#include -#endif -#if HAVE_SYS_TIME_H -#include -#endif - -/************* CONFIGURATION ***************/ -/* - * define this if you want debugging - */ -#define DEBUG - -/* - * Number of authentication attempts to perform in case of certain errors - */ -#define BAD_DC_RETRIES_NUMBER 3 - -/************* END CONFIGURATION ***************/ - -#include - - -/* Debugging stuff */ - -#ifdef __GNUC__ /* this is really a gcc-ism */ -#ifdef DEBUG -#include -#include -static char *__foo; -#define debug(X...) fprintf(stderr,"ntlm-auth[%d](%s:%d): ", getpid(), \ - ((__foo=strrchr(__FILE__,'/'))==NULL?__FILE__:__foo+1),\ - __LINE__);\ - fprintf(stderr,X) -#else /* DEBUG */ -#define debug(X...) /* */ -#endif /* DEBUG */ -#else /* __GNUC__ */ -#define debug(char *format, ...) {} /* Too lazy to write va_args stuff */ -#endif - - -/* A couple of harmless helper macros */ -#define SEND(X) debug("sending '%s' to squid\n",X); printf(X); printf("\n"); -#define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X,Y);\ - printf("\n"); - -extern int ntlm_errno; -#define NTLM_NO_ERROR 0 -#define NTLM_SERVER_ERROR 1 -#define NTLM_PROTOCOL_ERROR 2 -#define NTLM_LOGON_ERROR 3 -#define NTLM_BAD_PROTOCOL -1 -#define NTLM_NOT_CONNECTED 10 - - -const char *make_challenge(char *domain, char *controller); -extern char *ntlm_check_auth(ntlm_authenticate * auth, int auth_length); -void dc_disconnect(void); -int connectedp(void); -int is_dc_ok(char *domain, char *domain_controller); - -/* flags used for dc status */ -#define DC_OK 0x0 -#define DC_DEAD 0x1 - -typedef struct _dc dc; -struct _dc { - char *domain; - char *controller; - unsigned char status; - dc *next; -}; - - -#endif /* _NTLM_H_ */ --- squid/ntlm_auth_modules/NTLMSSP/ntlm_auth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,336 +0,0 @@ -/* - * (C) 2000 Francesco Chemolli - * Distributed freely under the terms of the GNU General Public License, - * version 2. See the file COPYING for licensing details - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - * Warning! We MIGHT be open to buffer overflows caused by malformed headers - * - * DONE list: - * use hashtable to cache authentications. Yummy performance-boost, security - * loss should be negligible for two reasons: - * - if they-re using NT, there's no security to speak of anyways - * - it can't get worse than basic authentication. - * cache expiration - * challenge hash expiry and renewal. - * PDC disconnect, after X minutes of inactivity - * - * TODO list: - * change syntax from options-driven to args-driven, with args domain - * or domain[/\]server, and an arbitrary number of backup Domain Controllers - * we don't really need the "status" management, it's more for debugging - * purposes. Remove it. - * Maybe we can cache the created challenge, saving more time? - * - */ - - -#include "config.h" -#include "ntlmauth.h" -#include "ntlm.h" -#include "util.h" - -#define BUFFER_SIZE 10240 - -#if HAVE_STDLIB_H -#include -#endif - - -#if HAVE_GETOPT_H -#include -#endif - - - -#ifdef HAVE_STRING_H -#include -#endif -#ifdef HAVE_CTYPE_H -#include -#endif - -char load_balance = 0, failover_enabled = 0, protocol_pedantic = 0; - -dc *controllers = NULL; -int numcontrollers = 0; -dc *current_dc; - -/* housekeeping cycle and periodic operations */ -static unsigned char need_dc_resurrection = 0; -static void -resurrect_dead_dc() -{ - int j; - dc *c = controllers; - - need_dc_resurrection = 0; - for (j = 0; j < numcontrollers; j++) - if (c->status != DC_OK && is_dc_ok(c->domain, c->controller)) - c->status = DC_OK; -} - -/* makes a null-terminated string upper-case. Changes CONTENTS! */ -static void -uc(char *string) -{ - char *p = string, c; - while ((c = *p)) { - *p = toupper(c); - p++; - } -} - -/* makes a null-terminated string lower-case. Changes CONTENTS! */ -static void -lc(char *string) -{ - char *p = string, c; - while ((c = *p)) { - *p = tolower(c); - p++; - } -} - -/* - * options: - * -b try load-balancing the domain-controllers - * -f fail-over to another DC if DC connection fails. - * domain\controller ... - */ -void -process_options(int argc, char *argv[]) -{ - int opt, j, had_error = 0; - dc *new_dc = NULL, *last_dc = NULL; - while (-1 != (opt = getopt(argc, argv, "bf"))) { - switch (opt) { - case 'b': - load_balance = 1; - break; - case 'f': - failover_enabled = 1; - break; - default: - fprintf(stderr, "unknown option: -%c. Exiting\n", opt); - had_error = 1; - } - } - if (had_error) - exit(1); - /* Okay, now begin filling controllers up */ - /* we can avoid memcpy-ing, and just reuse argv[] */ - for (j = optind; j < argc; j++) { - char *d, *c; - d = argv[j]; - if (NULL == (c = strchr(d, '\\')) && NULL == (c = strchr(d, '/'))) { - fprintf(stderr, "Couldn't grok domain-controller %s\n", d); - continue; - } - *c++ = '\0'; - new_dc = (dc *) malloc(sizeof(dc)); - if (!new_dc) { - fprintf(stderr, "Malloc error while parsing DC options\n"); - continue; - } - /* capitalize */ - uc(c); - uc(d); - numcontrollers++; - new_dc->domain = d; - new_dc->controller = c; - new_dc->status = DC_OK; - if (controllers == NULL) { /* first controller */ - controllers = new_dc; - last_dc = new_dc; - } else { - last_dc->next = new_dc; /* can't be null */ - last_dc = new_dc; - } - } - if (numcontrollers == 0) { - fprintf(stderr, "You must specify at least one domain-controller!\n"); - exit(1); - } - last_dc->next = controllers; /* close the queue, now it's circular */ -} - -/* tries connecting to the domain controllers in the "controllers" ring, - * with failover if the adequate option is specified. - */ -const char * -obtain_challenge() -{ - int j = 0; - const char *ch; - for (j = 0; j < numcontrollers; j++) { - if (current_dc->status == DC_OK) { - ch = make_challenge(current_dc->domain, current_dc->controller); - if (ch) - return ch; /* All went OK, returning */ - /* Huston, we've got a problem. Take this DC out of the loop */ - current_dc->status = DC_DEAD; - need_dc_resurrection = 1; - } - if (failover_enabled == 0) /* No failover. Just return */ - return NULL; - /* Try with the next */ - current_dc = current_dc->next; - } - return NULL; -} - -void -manage_request() -{ - ntlmhdr *fast_header; - char buf[10240]; - const char *ch; - char *ch2, *decoded, *cred; - int plen; - - if (fgets(buf, BUFFER_SIZE, stdin) == NULL) - exit(0); /* BIIG buffer */ - ch2 = memchr(buf, '\n', BUFFER_SIZE); /* safer against overrun than strchr */ - if (ch2) { - *ch2 = '\0'; /* terminate the string at newline. */ - ch = ch2; - } - debug("ntlm authenticator. Got '%s' from Squid\n", buf); - - if (memcmp(buf, "KK ", 3) == 0) { /* authenticate-request */ - /* figure out what we got */ - decoded = base64_decode(buf + 3); - /* Note: we don't need to manage memory at this point, since - * base64_decode returns a pointer to static storage. - */ - - if (!decoded) { /* decoding failure, return error */ - SEND("NA Packet format error, couldn't base64-decode"); - return; - } - /* fast-track-decode request type. */ - fast_header = (struct _ntlmhdr *) decoded; - - /* sanity-check: it IS a NTLMSSP packet, isn't it? */ - if (memcmp(fast_header->signature, "NTLMSSP", 8) != 0) { - SEND("NA Broken authentication packet"); - return; - } - switch (fast_header->type) { - case NTLM_NEGOTIATE: - SEND("NA Invalid negotiation request received"); - return; - /* notreached */ - case NTLM_CHALLENGE: - SEND("NA Got a challenge. We refuse to have our authority disputed"); - return; - /* notreached */ - case NTLM_AUTHENTICATE: - /* check against the DC */ - plen = strlen(buf) * 3 / 4; /* we only need it here. Optimization */ - cred = ntlm_check_auth((ntlm_authenticate *) decoded, plen); - if (cred == NULL) { - switch (ntlm_errno) { - case NTLM_LOGON_ERROR: - SEND("NA authentication failure"); - dc_disconnect(); - current_dc = current_dc->next; - return; - case NTLM_SERVER_ERROR: - SEND("BH Domain Controller Error"); - dc_disconnect(); - current_dc = current_dc->next; - return; - case NTLM_PROTOCOL_ERROR: - SEND("BH Domain Controller communication error"); - dc_disconnect(); - current_dc = current_dc->next; - return; - case NTLM_NOT_CONNECTED: - SEND("BH Domain Controller (or network) died on us"); - dc_disconnect(); - current_dc = current_dc->next; - return; - case NTLM_BAD_PROTOCOL: - SEND("BH Domain controller failure"); - dc_disconnect(); - current_dc = current_dc->next; - return; - default: - SEND("BH Unhandled error while talking to Domain Controller"); - dc_disconnect(); - current_dc = current_dc->next; - return; - } - } - lc(cred); /* let's lowercase them for our convenience */ - SEND2("AF %s", cred); - return; - default: - SEND("BH unknown authentication packet type"); - return; - } - - - return; - } - if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ - dc_disconnect(); - ch = obtain_challenge(); - while (ch == NULL) { - sleep(30); - ch = obtain_challenge(); - } - SEND2("TT %s", ch); - if (need_dc_resurrection) /* looks like a good moment... */ - resurrect_dead_dc(); - return; - } - SEND("BH Helper detected protocol error"); - return; -/********* END ********/ - - -} - -int -main(int argc, char *argv[]) -{ - - debug("starting up...\n"); - - process_options(argc, argv); - - debug("options processed OK\n"); - - /* initialize FDescs */ - setbuf(stdout, NULL); - setbuf(stderr, NULL); - - /* select the first domain controller we're going to use */ - current_dc = controllers; - if (load_balance != 0 && numcontrollers > 1) { - int n; - pid_t pid = getpid(); - n = pid % numcontrollers; - debug("load balancing. Selected controller #%d\n", n); - while (n > 0) { - current_dc = current_dc->next; - n--; - } - } - while (1) { - debug("managing request\n"); - manage_request(); - } - return 0; -} --- squid/ntlm_auth_modules/NTLMSSP/smbval/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,52 +0,0 @@ -# makefile for smblib -# Type make system, where system is ULTRIX, DU, DECOSF1, Solaris etc - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -INSTALL_FILE = @INSTALL_DATA@ -RANLIB = @RANLIB@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -RM = @RM@ -AR_R = @AR_R@ - -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -# CFLAGS = -fpic -g - -INCLUDE = -I. -I../../../include -I$(top_srcdir)/include -INCLUDES = smblib.h smblib-priv.h - -#RFCNB = session.o rfcnb-util.o rfcnb-io.o - -#OBJS = smblib.o smblib-util.o file.o smb-errors.o exper.o smblib-api.o smbencrypt.o smbdes.o md4.o - -VALIDATE = valid.o session.o rfcnb-util.o \ - rfcnb-io.o smblib-util.o smblib.o smbencrypt.o smbdes.o md4.o - -#.SUFFIXES: .c .o .h - -dummy: all - -smbvalid.a: $(VALIDATE) - $(RM) -f $@ - $(AR_R) $@ $(VALIDATE) - $(RANLIB) $@ - -all: smbvalid.a - -#.c.o: $(INCLUDES) - -clean: - $(RM) -f *.o smbvalid.a *~ - --- squid/ntlm_auth_modules/NTLMSSP/smbval/byteorder.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,80 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * SMB Byte handling - * Copyright (C) Andrew Tridgell 1992-1995 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* - * This file implements macros for machine independent short and - * int manipulation - */ - -#undef CAREFUL_ALIGNMENT - -/* we know that the 386 can handle misalignment and has the "right" - * byteorder */ -#ifdef __i386__ -#define CAREFUL_ALIGNMENT 0 -#endif - -#ifndef CAREFUL_ALIGNMENT -#define CAREFUL_ALIGNMENT 1 -#endif - -#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) -#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) -#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) - - -#if CAREFUL_ALIGNMENT -#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) -#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) -#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) -#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) -#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) -#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) -#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) -#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) -#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) -#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) -#else -/* this handles things for architectures like the 386 that can handle - * alignment errors */ -/* - * WARNING: This section is dependent on the length of int16 and int32 - * being correct - */ -#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) -#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) -#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) -#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) -#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) -#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) -#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) -#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) -#endif - - -/* now the reverse routines - these are used in nmb packets (mostly) */ -#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) -#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) - -#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) -#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) -#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) -#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) --- squid/ntlm_auth_modules/NTLMSSP/smbval/md4.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,210 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * a implementation of MD4 designed for use in the SMB authentication protocol - * Copyright (C) Andrew Tridgell 1997 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -/* NOTE: This code makes no attempt to be fast! - * - * It assumes that a int is at least 32 bits long - */ -#include - -typedef unsigned int uint32; - -static uint32 A, B, C, D; - -static uint32 -F(uint32 X, uint32 Y, uint32 Z) -{ - return (X & Y) | ((~X) & Z); -} - -static uint32 -G(uint32 X, uint32 Y, uint32 Z) -{ - return (X & Y) | (X & Z) | (Y & Z); -} - -static uint32 -H(uint32 X, uint32 Y, uint32 Z) -{ - return X ^ Y ^ Z; -} - -static uint32 -lshift(uint32 x, int s) -{ - x &= 0xFFFFFFFF; - return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); -} - -#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) -#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) -#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) - -/* this applies md4 to 64 byte chunks */ -static void -mdfour64(uint32 * M) -{ - int j; - uint32 AA, BB, CC, DD; - uint32 X[16]; - - for (j = 0; j < 16; j++) - X[j] = M[j]; - - AA = A; - BB = B; - CC = C; - DD = D; - - ROUND1(A, B, C, D, 0, 3); - ROUND1(D, A, B, C, 1, 7); - ROUND1(C, D, A, B, 2, 11); - ROUND1(B, C, D, A, 3, 19); - ROUND1(A, B, C, D, 4, 3); - ROUND1(D, A, B, C, 5, 7); - ROUND1(C, D, A, B, 6, 11); - ROUND1(B, C, D, A, 7, 19); - ROUND1(A, B, C, D, 8, 3); - ROUND1(D, A, B, C, 9, 7); - ROUND1(C, D, A, B, 10, 11); - ROUND1(B, C, D, A, 11, 19); - ROUND1(A, B, C, D, 12, 3); - ROUND1(D, A, B, C, 13, 7); - ROUND1(C, D, A, B, 14, 11); - ROUND1(B, C, D, A, 15, 19); - - ROUND2(A, B, C, D, 0, 3); - ROUND2(D, A, B, C, 4, 5); - ROUND2(C, D, A, B, 8, 9); - ROUND2(B, C, D, A, 12, 13); - ROUND2(A, B, C, D, 1, 3); - ROUND2(D, A, B, C, 5, 5); - ROUND2(C, D, A, B, 9, 9); - ROUND2(B, C, D, A, 13, 13); - ROUND2(A, B, C, D, 2, 3); - ROUND2(D, A, B, C, 6, 5); - ROUND2(C, D, A, B, 10, 9); - ROUND2(B, C, D, A, 14, 13); - ROUND2(A, B, C, D, 3, 3); - ROUND2(D, A, B, C, 7, 5); - ROUND2(C, D, A, B, 11, 9); - ROUND2(B, C, D, A, 15, 13); - - ROUND3(A, B, C, D, 0, 3); - ROUND3(D, A, B, C, 8, 9); - ROUND3(C, D, A, B, 4, 11); - ROUND3(B, C, D, A, 12, 15); - ROUND3(A, B, C, D, 2, 3); - ROUND3(D, A, B, C, 10, 9); - ROUND3(C, D, A, B, 6, 11); - ROUND3(B, C, D, A, 14, 15); - ROUND3(A, B, C, D, 1, 3); - ROUND3(D, A, B, C, 9, 9); - ROUND3(C, D, A, B, 5, 11); - ROUND3(B, C, D, A, 13, 15); - ROUND3(A, B, C, D, 3, 3); - ROUND3(D, A, B, C, 11, 9); - ROUND3(C, D, A, B, 7, 11); - ROUND3(B, C, D, A, 15, 15); - - A += AA; - B += BB; - C += CC; - D += DD; - - A &= 0xFFFFFFFF; - B &= 0xFFFFFFFF; - C &= 0xFFFFFFFF; - D &= 0xFFFFFFFF; - - for (j = 0; j < 16; j++) - X[j] = 0; -} - -static void -copy64(uint32 * M, unsigned char *in) -{ - int i; - - for (i = 0; i < 16; i++) - M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | - (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0); -} - -static void -copy4(unsigned char *out, uint32 x) -{ - out[0] = x & 0xFF; - out[1] = (x >> 8) & 0xFF; - out[2] = (x >> 16) & 0xFF; - out[3] = (x >> 24) & 0xFF; -} - -/* produce a md4 message digest from data of length n bytes */ -void -mdfour(unsigned char *out, unsigned char *in, int n) -{ - unsigned char buf[128]; - uint32 M[16]; - uint32 b = n * 8; - int i; - - A = 0x67452301; - B = 0xefcdab89; - C = 0x98badcfe; - D = 0x10325476; - - while (n > 64) { - copy64(M, in); - mdfour64(M); - in += 64; - n -= 64; - } - - for (i = 0; i < 128; i++) - buf[i] = 0; - memcpy(buf, in, n); - buf[n] = 0x80; - - if (n <= 55) { - copy4(buf + 56, b); - copy64(M, buf); - mdfour64(M); - } else { - copy4(buf + 120, b); - copy64(M, buf); - mdfour64(M); - copy64(M, buf + 64); - mdfour64(M); - } - - for (i = 0; i < 128; i++) - buf[i] = 0; - copy64(M, buf); - - copy4(out, A); - copy4(out + 4, B); - copy4(out + 8, C); - copy4(out + 12, D); - - A = B = C = D = 0; -} --- squid/ntlm_auth_modules/NTLMSSP/smbval/md4.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1 +0,0 @@ -void mdfour(unsigned char *out, unsigned char *in, int n); --- squid/ntlm_auth_modules/NTLMSSP/smbval/rfcnb-common.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,34 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Common Structures etc Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* A data structure we need */ - -typedef struct RFCNB_Pkt { - - char *data; /* The data in this portion */ - int len; - struct RFCNB_Pkt *next; - -} RFCNB_Pkt; --- squid/ntlm_auth_modules/NTLMSSP/smbval/rfcnb-error.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,74 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Error Response Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* Error responses */ - -#define RFCNBE_Bad -1 /* Bad response */ -#define RFCNBE_OK 0 - -/* these should follow the spec ... is there one ? */ - -#define RFCNBE_NoSpace 1 /* Could not allocate space for a struct */ -#define RFCNBE_BadName 2 /* Could not translate a name */ -#define RFCNBE_BadRead 3 /* Read sys call failed */ -#define RFCNBE_BadWrite 4 /* Write Sys call failed */ -#define RFCNBE_ProtErr 5 /* Protocol Error */ -#define RFCNBE_ConGone 6 /* Connection dropped */ -#define RFCNBE_BadHandle 7 /* Handle passed was bad */ -#define RFCNBE_BadSocket 8 /* Problems creating socket */ -#define RFCNBE_ConnectFailed 9 /* Connect failed */ -#define RFCNBE_CallRejNLOCN 10 /* Call rejected, not listening on CN */ -#define RFCNBE_CallRejNLFCN 11 /* Call rejected, not listening for CN */ -#define RFCNBE_CallRejCNNP 12 /* Call rejected, called name not present */ -#define RFCNBE_CallRejInfRes 13 /* Call rejetced, name ok, no resources */ -#define RFCNBE_CallRejUnSpec 14 /* Call rejected, unspecified error */ -#define RFCNBE_BadParam 15 /* Bad parameters passed ... */ -#define RFCNBE_Timeout 16 /* IO Timed out */ - -/* Text strings for the error responses */ -extern char *RFCNB_Error_Strings[]; -/* - * static char *RFCNB_Error_Strings[] = { - * - * "RFCNBE_OK: Routine completed successfully.", - * "RFCNBE_NoSpace: No space available for a malloc call.", - * "RFCNBE_BadName: NetBIOS name could not be translated to IP address.", - * "RFCNBE_BadRead: Read system call returned an error. Check errno.", - * "RFCNBE_BadWrite: Write system call returned an error. Check errno.", - * "RFCNBE_ProtErr: A protocol error has occurred.", - * "RFCNBE_ConGone: Connection dropped during a read or write system call.", - * "RFCNBE_BadHandle: Bad connection handle passed.", - * "RFCNBE_BadSocket: Problems creating socket.", - * "RFCNBE_ConnectFailed: Connection failed. See errno.", - * "RFCNBE_CallRejNLOCN: Call rejected. Not listening on called name.", - * "RFCNBE_CallRejNLFCN: Call rejected. Not listening for called name.", - * "RFCNBE_CallRejCNNP: Call rejected. Called name not present.", - * "RFCNBE_CallRejInfRes: Call rejected. Name present, but insufficient resources.", - * "RFCNBE_CallRejUnSpec: Call rejected. Unspecified error.", - * "RFCNBE_BadParam: Bad parameters passed to a routine.", - * "RFCNBE_Timeout: IO Operation timed out ..." - * - * }; - */ --- squid/ntlm_auth_modules/NTLMSSP/smbval/rfcnb-io.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,400 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NEtBIOS implementation - * - * Version 1.0 - * RFCNB IO Routines ... - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ -/* #include */ -#include "config.h" -#include "std-includes.h" -#include "rfcnb-priv.h" -#include "rfcnb-util.h" -#include "rfcnb-io.h" -#include -#include -#include - -int RFCNB_Timeout = 0; /* Timeout in seconds ... */ - -void -rfcnb_alarm(int sig) -{ - - fprintf(stderr, "IO Timed out ...\n"); - -} - -/* Set timeout value and setup signal handling */ - -int -RFCNB_Set_Timeout(int seconds) -{ - /* If we are on a Bezerkeley system, use sigvec, else sigaction */ -#if HAVE_SIGACTION - struct sigaction inact, outact; -#else - struct sigvec invec, outvec; -#endif - - RFCNB_Timeout = seconds; - - if (RFCNB_Timeout > 0) { /* Set up handler to ignore but not restart */ - -#if HAVE_SIGACTION - inact.sa_handler = (void (*)()) rfcnb_alarm; - sigemptyset(&inact.sa_mask); - inact.sa_flags = 0; /* Don't restart */ - - if (sigaction(SIGALRM, &inact, &outact) < 0) - return (-1); -#else - invec.sv_handler = (void (*)()) rfcnb_alarm; - invec.sv_mask = 0; - invec.sv_flags = SV_INTERRUPT; - - if (sigvec(SIGALRM, &invec, &outvec) < 0) - return (-1); -#endif - - } - return (0); - -} - -/* Discard the rest of an incoming packet as we do not have space for it - * in the buffer we allocated or were passed ... */ - -int -RFCNB_Discard_Rest(struct RFCNB_Con *con, int len) -{ - char temp[100]; /* Read into here */ - int rest, this_read, bytes_read; - - /* len is the amount we should read */ - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Discard_Rest called to discard: %i\n", len); -#endif - - rest = len; - - while (rest > 0) { - - this_read = (rest > sizeof(temp) ? sizeof(temp) : rest); - - bytes_read = read(con->fd, temp, this_read); - - if (bytes_read <= 0) { /* Error so return */ - - if (bytes_read < 0) - RFCNB_errno = RFCNBE_BadRead; - else - RFCNB_errno = RFCNBE_ConGone; - - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - rest = rest - bytes_read; - - } - - return (0); - -} - - -/* Send an RFCNB packet to the connection. - * - * We just send each of the blocks linked together ... - * - * If we can, try to send it as one iovec ... - * - */ - -int -RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len) -{ - int len_sent, tot_sent, this_len; - struct RFCNB_Pkt *pkt_ptr; - char *this_data; - int i; - struct iovec io_list[10]; /* We should never have more */ - /* If we do, this will blow up ... */ - - /* Try to send the data ... We only send as many bytes as len claims */ - /* We should try to stuff it into an IOVEC and send as one write */ - - - pkt_ptr = pkt; - len_sent = tot_sent = 0; /* Nothing sent so far */ - i = 0; - - while ((pkt_ptr != NULL) & (i < 10)) { /* Watch that magic number! */ - - this_len = pkt_ptr->len; - this_data = pkt_ptr->data; - if ((tot_sent + this_len) > len) - this_len = len - tot_sent; /* Adjust so we don't send too much */ - - /* Now plug into the iovec ... */ - - io_list[i].iov_len = this_len; - io_list[i].iov_base = this_data; - i++; - - tot_sent += this_len; - - if (tot_sent == len) - break; /* Let's not send too much */ - - pkt_ptr = pkt_ptr->next; - - } - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Frags = %i, tot_sent = %i\n", i, tot_sent); -#endif - - /* Set up an alarm if timeouts are set ... */ - - if (RFCNB_Timeout > 0) - alarm(RFCNB_Timeout); - - if ((len_sent = writev(con->fd, io_list, i)) < 0) { /* An error */ - - con->rfc_errno = errno; - if (errno == EINTR) /* We were interrupted ... */ - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_BadWrite; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - if (len_sent < tot_sent) { /* Less than we wanted */ - if (errno == EINTR) /* We were interrupted */ - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_BadWrite; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - } - if (RFCNB_Timeout > 0) - alarm(0); /* Reset that sucker */ - -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Len sent = %i ...\n", len_sent); - RFCNB_Print_Pkt(stderr, "sent", pkt, len_sent); /* Print what send ... */ - -#endif - - return (len_sent); - -} - -/* Read an RFCNB packet off the connection. - * - * We read the first 4 bytes, that tells us the length, then read the - * rest. We should implement a timeout, but we don't just yet - * - */ - - -int -RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len) -{ - int read_len, pkt_len; - char hdr[RFCNB_Pkt_Hdr_Len]; /* Local space for the header */ - struct RFCNB_Pkt *pkt_frag; - int more, this_time, offset, frag_len, this_len; - BOOL seen_keep_alive = TRUE; - - /* Read that header straight into the buffer */ - - if (len < RFCNB_Pkt_Hdr_Len) { /* What a bozo */ - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Trying to read less than a packet:"); - perror(""); -#endif - RFCNB_errno = RFCNBE_BadParam; - return (RFCNBE_Bad); - - } - /* We discard keep alives here ... */ - - if (RFCNB_Timeout > 0) - alarm(RFCNB_Timeout); - - while (seen_keep_alive) { - - if ((read_len = read(con->fd, hdr, sizeof(hdr))) < 0) { /* Problems */ -#ifdef RFCNB_DEBUG - fprintf(stderr, "Reading the packet, we got:"); - perror(""); -#endif - if (errno == EINTR) - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_BadRead; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - /* Now we check out what we got */ - - if (read_len == 0) { /* Connection closed, send back eof? */ - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Connection closed reading\n"); -#endif - - if (errno == EINTR) - RFCNB_errno = RFCNBE_Timeout; - else - RFCNB_errno = RFCNBE_ConGone; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - if (RFCNB_Pkt_Type(hdr) == RFCNB_SESSION_KEEP_ALIVE) { - -#ifdef RFCNB_DEBUG - fprintf(stderr, "RFCNB KEEP ALIVE received\n"); -#endif - - } else { - seen_keep_alive = FALSE; - } - - } - - /* What if we got less than or equal to a hdr size in bytes? */ - - if (read_len < sizeof(hdr)) { /* We got a small packet */ - - /* Now we need to copy the hdr portion we got into the supplied packet */ - - memcpy(pkt->data, hdr, read_len); /*Copy data */ - -#ifdef RFCNB_DEBUG - RFCNB_Print_Pkt(stderr, "rcvd", pkt, read_len); -#endif - - return (read_len); - - } - /* Now, if we got at least a hdr size, alloc space for rest, if we need it */ - - pkt_len = RFCNB_Pkt_Len(hdr); - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Reading Pkt: Length = %i\n", pkt_len); -#endif - - /* Now copy in the hdr */ - - memcpy(pkt->data, hdr, sizeof(hdr)); - - /* Get the rest of the packet ... first figure out how big our buf is? */ - /* And make sure that we handle the fragments properly ... Sure should */ - /* use an iovec ... */ - - if (len < pkt_len) /* Only get as much as we have space for */ - more = len - RFCNB_Pkt_Hdr_Len; - else - more = pkt_len; - - this_time = 0; - - /* We read for each fragment ... */ - - if (pkt->len == read_len) { /* If this frag was exact size */ - pkt_frag = pkt->next; /* Stick next lot in next frag */ - offset = 0; /* then we start at 0 in next */ - } else { - pkt_frag = pkt; /* Otherwise use rest of this frag */ - offset = RFCNB_Pkt_Hdr_Len; /* Otherwise skip the header */ - } - - frag_len = pkt_frag->len; - - if (more <= frag_len) /* If len left to get less than frag space */ - this_len = more; /* Get the rest ... */ - else - this_len = frag_len - offset; - - while (more > 0) { - - if ((this_time = read(con->fd, (pkt_frag->data) + offset, this_len)) <= 0) { /* Problems */ - - if (errno == EINTR) { - - RFCNB_errno = RFCNB_Timeout; - - } else { - if (this_time < 0) - RFCNB_errno = RFCNBE_BadRead; - else - RFCNB_errno = RFCNBE_ConGone; - } - - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } -#ifdef RFCNB_DEBUG - fprintf(stderr, "Frag_Len = %i, this_time = %i, this_len = %i, more = %i\n", frag_len, - this_time, this_len, more); -#endif - - read_len = read_len + this_time; /* How much have we read ... */ - - /* Now set up the next part */ - - if (pkt_frag->next == NULL) - break; /* That's it here */ - - pkt_frag = pkt_frag->next; - this_len = pkt_frag->len; - offset = 0; - - more = more - this_time; - - } - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Pkt Len = %i, read_len = %i\n", pkt_len, read_len); - RFCNB_Print_Pkt(stderr, "rcvd", pkt, read_len + sizeof(hdr)); -#endif - - if (read_len < (pkt_len + sizeof(hdr))) { /* Discard the rest */ - - return (RFCNB_Discard_Rest(con, (pkt_len + sizeof(hdr)) - read_len)); - - } - if (RFCNB_Timeout > 0) - alarm(0); /* Reset that sucker */ - - return (read_len + sizeof(RFCNB_Hdr)); -} --- squid/ntlm_auth_modules/NTLMSSP/smbval/rfcnb-io.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,30 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB IO Routines Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -int RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len); - -int RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len); - -void RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt); --- squid/ntlm_auth_modules/NTLMSSP/smbval/rfcnb-priv.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,156 +0,0 @@ -#ifndef __RFCNB_H__ -#define __RFCNB_H__ - -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* Defines we need */ - -typedef unsigned short uint16; - -#define GLOBAL extern - -#include "rfcnb-error.h" -#include "rfcnb-common.h" -#include "byteorder.h" - -#ifdef RFCNB_PORT -#define RFCNB_Default_Port RFCNB_PORT -#else -#define RFCNB_Default_Port 139 -#endif - -#define RFCNB_MAX_STATS 1 - -/* Protocol defines we need */ - -#define RFCNB_SESSION_MESSAGE 0 -#define RFCNB_SESSION_REQUEST 0x81 -#define RFCNB_SESSION_ACK 0x82 -#define RFCNB_SESSION_REJ 0x83 -#define RFCNB_SESSION_RETARGET 0x84 -#define RFCNB_SESSION_KEEP_ALIVE 0x85 - -/* Structures */ - -typedef struct redirect_addr *redirect_ptr; - -struct redirect_addr { - - struct in_addr ip_addr; - int port; - redirect_ptr next; - -}; - -typedef struct RFCNB_Con { - - int fd; /* File descripter for TCP/IP connection */ - int rfc_errno; /* last error */ - int timeout; /* How many milli-secs before IO times out */ - int redirects; /* How many times we were redirected */ - struct redirect_addr *redirect_list; /* First is first address */ - struct redirect_addr *last_addr; - -} RFCNB_Con; - -typedef char RFCNB_Hdr[4]; /* The header is 4 bytes long with */ - /* char[0] as the type, char[1] the */ - /* flags, and char[2..3] the length */ - -/* Macros to extract things from the header. These are for portability - * between architecture types where we are worried about byte order */ - -#define RFCNB_Pkt_Hdr_Len 4 -#define RFCNB_Pkt_Sess_Len 72 -#define RFCNB_Pkt_Retarg_Len 10 -#define RFCNB_Pkt_Nack_Len 5 -#define RFCNB_Pkt_Type_Offset 0 -#define RFCNB_Pkt_Flags_Offset 1 -#define RFCNB_Pkt_Len_Offset 2 /* Length is 2 bytes plus a flag bit */ -#define RFCNB_Pkt_N1Len_Offset 4 -#define RFCNB_Pkt_Called_Offset 5 -#define RFCNB_Pkt_N2Len_Offset 38 -#define RFCNB_Pkt_Calling_Offset 39 -#define RFCNB_Pkt_Error_Offset 4 -#define RFCNB_Pkt_IP_Offset 4 -#define RFCNB_Pkt_Port_Offset 8 - -/* The next macro isolates the length of a packet, including the bit in the - * flags */ - -#define RFCNB_Pkt_Len(p) (PVAL(p, 3) | (PVAL(p, 2) << 8) | \ - ((PVAL(p, RFCNB_Pkt_Flags_Offset) & 0x01) << 16)) - -#define RFCNB_Put_Pkt_Len(p, v) (p[1] = (((v) >> 16) & 1)); \ - (p[2] = (((v) >> 8) & 0xFF)); \ - (p[3] = ((v) & 0xFF)); - -#define RFCNB_Pkt_Type(p) (CVAL(p, RFCNB_Pkt_Type_Offset)) - -/*typedef struct RFCNB_Hdr { - * - * unsigned char type; - * unsigned char flags; - * int16 len; - * - * } RFCNB_Hdr; - * - * typedef struct RFCNB_Sess_Pkt { - * unsigned char type; - * unsigned char flags; - * int16 length; - * unsigned char n1_len; - * char called_name[33]; - * unsigned char n2_len; - * char calling_name[33]; - * } RFCNB_Sess_Pkt; - * - * - * typedef struct RFCNB_Nack_Pkt { - * - * struct RFCNB_Hdr hdr; - * unsigned char error; - * - * } RFCNB_Nack_Pkt; - * - * typedef struct RFCNB_Retarget_Pkt { - * - * struct RFCNB_Hdr hdr; - * int dest_ip; - * unsigned char port; - * - * } RFCNB_Redir_Pkt; */ - -/* Static variables */ - -/* Only declare this if not defined */ - -#ifndef RFCNB_ERRNO -extern int RFCNB_errno; -extern int RFCNB_saved_errno; /* Save this from point of error */ -#endif - -#endif /* __RFCNB_H__ */ --- squid/ntlm_auth_modules/NTLMSSP/smbval/rfcnb-util.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,529 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Utility Routines ... - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include - -#include "std-includes.h" -#include "rfcnb-priv.h" -#include "rfcnb-util.h" -#include "rfcnb-io.h" -#include - - -extern void (*Prot_Print_Routine) (); /* Pointer to protocol print routine */ - -/* Convert name and pad to 16 chars as needed */ -/* Name 1 is a C string with null termination, name 2 may not be */ -/* If SysName is true, then put a <00> on end, else space> */ - -void -RFCNB_CvtPad_Name(char *name1, char *name2) -{ - char c, c1, c2; - int i, len; - - len = strlen(name1); - - for (i = 0; i < 16; i++) { - - if (i >= len) { - - c1 = 'C'; - c2 = 'A'; /* CA is a space */ - - } else { - - c = name1[i]; - c1 = (char) ((int) c / 16 + (int) 'A'); - c2 = (char) ((int) c % 16 + (int) 'A'); - } - - name2[i * 2] = c1; - name2[i * 2 + 1] = c2; - - } - - name2[32] = 0; /* Put in the nll ... */ - -} - -/* Converts an Ascii NB Name (16 chars) to an RFCNB Name (32 chars) - * Uses the encoding in RFC1001. Each nibble of byte is added to 'A' - * to produce the next byte in the name. - * - * This routine assumes that AName is 16 bytes long and that NBName has - * space for 32 chars, so be careful ... - * - */ - -void -RFCNB_AName_To_NBName(char *AName, char *NBName) -{ - char c, c1, c2; - int i; - - for (i = 0; i < 16; i++) { - - c = AName[i]; - - c1 = (char) ((c >> 4) + 'A'); - c2 = (char) ((c & 0xF) + 'A'); - - NBName[i * 2] = c1; - NBName[i * 2 + 1] = c2; - } - - NBName[32] = 0; /* Put in a null */ - -} - -/* Do the reverse of the above ... */ - -void -RFCNB_NBName_To_AName(char *NBName, char *AName) -{ - char c, c1, c2; - int i; - - for (i = 0; i < 16; i++) { - - c1 = NBName[i * 2]; - c2 = NBName[i * 2 + 1]; - - c = (char) (((int) c1 - (int) 'A') * 16 + ((int) c2 - (int) 'A')); - - AName[i] = c; - - } - - AName[i] = 0; /* Put a null on the end ... */ - -} - -/* Print a string of bytes in HEX etc */ - -void -RFCNB_Print_Hex(FILE * fd, struct RFCNB_Pkt *pkt, int Offset, int Len) -{ - char c1, c2, outbuf1[33]; - unsigned char c; - int i, j; - struct RFCNB_Pkt *pkt_ptr = pkt; - static char Hex_List[17] = "0123456789ABCDEF"; - - j = 0; - - /* We only want to print as much as sepcified in Len */ - - while (pkt_ptr != NULL) { - - for (i = 0; - i < ((Len > (pkt_ptr->len) ? pkt_ptr->len : Len) - Offset); - i++) { - - c = pkt_ptr->data[i + Offset]; - c1 = Hex_List[c >> 4]; - c2 = Hex_List[c & 0xF]; - - outbuf1[j++] = c1; - outbuf1[j++] = c2; - - if (j == 32) { /* Print and reset */ - outbuf1[j] = 0; - fprintf(fd, " %s\n", outbuf1); - j = 0; - } - } - - Offset = 0; - Len = Len - pkt_ptr->len; /* Reduce amount by this much */ - pkt_ptr = pkt_ptr->next; - - } - - /* Print last lot in the buffer ... */ - - if (j > 0) { - - outbuf1[j] = 0; - fprintf(fd, " %s\n", outbuf1); - - } - fprintf(fd, "\n"); - -} - -/* Get a packet of size n */ - -struct RFCNB_Pkt * -RFCNB_Alloc_Pkt(int n) -{ - RFCNB_Pkt *pkt; - - if ((pkt = (struct RFCNB_Pkt *) malloc(sizeof(struct RFCNB_Pkt))) == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (NULL); - - } - pkt->next = NULL; - pkt->len = n; - - if (n == 0) - return (pkt); - - if ((pkt->data = (char *) malloc(n)) == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - free(pkt); - return (NULL); - - } - return (pkt); - -} - -/* Free up a packet */ - -void -RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt) -{ - struct RFCNB_Pkt *pkt_next; - char *data_ptr; - - while (pkt != NULL) { - - pkt_next = pkt->next; - - data_ptr = pkt->data; - - if (data_ptr != NULL) - free(data_ptr); - - free(pkt); - - pkt = pkt_next; - - } - -} - -/* Print an RFCNB packet */ - -void -RFCNB_Print_Pkt(FILE * fd, char *dirn, struct RFCNB_Pkt *pkt, int len) -{ - char lname[17]; - - /* We assume that the first fragment is the RFCNB Header */ - /* We should loop through the fragments printing them out */ - - fprintf(fd, "RFCNB Pkt %s:", dirn); - - switch (RFCNB_Pkt_Type(pkt->data)) { - - case RFCNB_SESSION_MESSAGE: - - fprintf(fd, "SESSION MESSAGE: Length = %i\n", RFCNB_Pkt_Len(pkt->data)); - RFCNB_Print_Hex(fd, pkt, RFCNB_Pkt_Hdr_Len, -#ifdef RFCNB_PRINT_DATA - RFCNB_Pkt_Len(pkt->data) - RFCNB_Pkt_Hdr_Len); -#else - 40); -#endif - - if (Prot_Print_Routine != 0) { /* Print the rest of the packet */ - - Prot_Print_Routine(fd, strcmp(dirn, "sent"), pkt, RFCNB_Pkt_Hdr_Len, - RFCNB_Pkt_Len(pkt->data) - RFCNB_Pkt_Hdr_Len); - - } - break; - - case RFCNB_SESSION_REQUEST: - - fprintf(fd, "SESSION REQUEST: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - RFCNB_NBName_To_AName((char *) (pkt->data + RFCNB_Pkt_Called_Offset), lname); - fprintf(fd, " Called Name: %s\n", lname); - RFCNB_NBName_To_AName((char *) (pkt->data + RFCNB_Pkt_Calling_Offset), lname); - fprintf(fd, " Calling Name: %s\n", lname); - - break; - - case RFCNB_SESSION_ACK: - - fprintf(fd, "RFCNB SESSION ACK: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - - break; - - case RFCNB_SESSION_REJ: - fprintf(fd, "RFCNB SESSION REJECT: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - - if (RFCNB_Pkt_Len(pkt->data) < 1) { - fprintf(fd, " Protocol Error, short Reject packet!\n"); - } else { - fprintf(fd, " Error = %x\n", CVAL(pkt->data, RFCNB_Pkt_Error_Offset)); - } - - break; - - case RFCNB_SESSION_RETARGET: - - fprintf(fd, "RFCNB SESSION RETARGET: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - - /* Print out the IP address etc and the port? */ - - break; - - case RFCNB_SESSION_KEEP_ALIVE: - - fprintf(fd, "RFCNB SESSION KEEP ALIVE: Length = %i\n", - RFCNB_Pkt_Len(pkt->data)); - break; - - default: - - break; - } - -} - -/* Resolve a name into an address */ - -int -RFCNB_Name_To_IP(char *host, struct in_addr *Dest_IP) -{ - int addr; /* Assumes IP4, 32 bit network addresses */ - struct hostent *hp; - - /* Use inet_addr to try to convert the address */ - - if ((addr = inet_addr(host)) == INADDR_NONE) { /* Oh well, a good try :-) */ - - /* Now try a name look up with gethostbyname */ - - if ((hp = gethostbyname(host)) == NULL) { /* Not in DNS */ - - /* Try NetBIOS name lookup, how the hell do we do that? */ - - RFCNB_errno = RFCNBE_BadName; /* Is this right? */ - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } else { /* We got a name */ - - memcpy((void *) Dest_IP, (void *) hp->h_addr_list[0], sizeof(struct in_addr)); - - } - } else { /* It was an IP address */ - - memcpy((void *) Dest_IP, (void *) &addr, sizeof(struct in_addr)); - - } - - return 0; - -} - -/* Disconnect the TCP connection to the server */ - -int -RFCNB_Close(int socket) -{ - - close(socket); - - /* If we want to do error recovery, here is where we put it */ - - return 0; - -} - -/* Connect to the server specified in the IP address. - * Not sure how to handle socket options etc. */ - -int -RFCNB_IP_Connect(struct in_addr Dest_IP, int port) -{ - struct sockaddr_in Socket; - int fd; - - /* Create a socket */ - - if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) { /* Handle the error */ - - RFCNB_errno = RFCNBE_BadSocket; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - } - bzero((char *) &Socket, sizeof(Socket)); - memcpy((char *) &Socket.sin_addr, (char *) &Dest_IP, sizeof(Dest_IP)); - - Socket.sin_port = htons(port); - Socket.sin_family = PF_INET; - - /* Now connect to the destination */ - - if (connect(fd, (struct sockaddr *) &Socket, sizeof(Socket)) < 0) { /* Error */ - - close(fd); - RFCNB_errno = RFCNBE_ConnectFailed; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - } - return (fd); - -} - -/* handle the details of establishing the RFCNB session with remote - * end - * - */ - -int -RFCNB_Session_Req(struct RFCNB_Con *con, - char *Called_Name, - char *Calling_Name, - BOOL * redirect, - struct in_addr *Dest_IP, - int *port) -{ - char *sess_pkt; - - /* Response packet should be no more than 9 bytes, make 16 jic */ - - char resp[16]; - int len; - struct RFCNB_Pkt *pkt, res_pkt; - - /* We build and send the session request, then read the response */ - - pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Sess_Len); - - if (pkt == NULL) { - - return (RFCNBE_Bad); /* Leave the error that RFCNB_Alloc_Pkt gives) */ - - } - sess_pkt = pkt->data; /* Get pointer to packet proper */ - - sess_pkt[RFCNB_Pkt_Type_Offset] = RFCNB_SESSION_REQUEST; - RFCNB_Put_Pkt_Len(sess_pkt, RFCNB_Pkt_Sess_Len - RFCNB_Pkt_Hdr_Len); - sess_pkt[RFCNB_Pkt_N1Len_Offset] = 32; - sess_pkt[RFCNB_Pkt_N2Len_Offset] = 32; - - RFCNB_CvtPad_Name(Called_Name, (sess_pkt + RFCNB_Pkt_Called_Offset)); - RFCNB_CvtPad_Name(Calling_Name, (sess_pkt + RFCNB_Pkt_Calling_Offset)); - - /* Now send the packet */ - -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Sending packet: "); - -#endif - - if ((len = RFCNB_Put_Pkt(con, pkt, RFCNB_Pkt_Sess_Len)) < 0) { - - return (RFCNBE_Bad); /* Should be able to write that lot ... */ - - } -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Getting packet.\n"); - -#endif - - res_pkt.data = resp; - res_pkt.len = sizeof(resp); - res_pkt.next = NULL; - - if ((len = RFCNB_Get_Pkt(con, &res_pkt, sizeof(resp))) < 0) { - - return (RFCNBE_Bad); - - } - /* Now analyze the packet ... */ - - switch (RFCNB_Pkt_Type(resp)) { - - case RFCNB_SESSION_REJ: /* Didnt like us ... too bad */ - - /* Why did we get rejected ? */ - - switch (CVAL(resp, RFCNB_Pkt_Error_Offset)) { - - case 0x80: - RFCNB_errno = RFCNBE_CallRejNLOCN; - break; - case 0x81: - RFCNB_errno = RFCNBE_CallRejNLFCN; - break; - case 0x82: - RFCNB_errno = RFCNBE_CallRejCNNP; - break; - case 0x83: - RFCNB_errno = RFCNBE_CallRejInfRes; - break; - case 0x8F: - RFCNB_errno = RFCNBE_CallRejUnSpec; - break; - default: - RFCNB_errno = RFCNBE_ProtErr; - break; - } - - return (RFCNBE_Bad); - break; - - case RFCNB_SESSION_ACK: /* Got what we wanted ... */ - - return (0); - break; - - case RFCNB_SESSION_RETARGET: /* Go elsewhere */ - - *redirect = TRUE; /* Copy port and ip addr */ - - memcpy(Dest_IP, (resp + RFCNB_Pkt_IP_Offset), sizeof(struct in_addr)); - *port = SVAL(resp, RFCNB_Pkt_Port_Offset); - - return (0); - break; - - default: /* A protocol error */ - - RFCNB_errno = RFCNBE_ProtErr; - return (RFCNBE_Bad); - break; - } -} --- squid/ntlm_auth_modules/NTLMSSP/smbval/rfcnb-util.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,50 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Utility Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -void RFCNB_CvtPad_Name(char *name1, char *name2); - -void RFCNB_AName_To_NBName(char *AName, char *NBName); - -void RFCNB_NBName_To_AName(char *NBName, char *AName); - -void RFCNB_Print_Hex(FILE * fd, struct RFCNB_Pkt *pkt, int Offset, int Len); - -struct RFCNB_Pkt *RFCNB_Alloc_Pkt(int n); - -void RFCNB_Print_Pkt(FILE * fd, char *dirn, struct RFCNB_Pkt *pkt, int len); - -int RFCNB_Name_To_IP(char *host, struct in_addr *Dest_IP); - -int RFCNB_Close(int socket); - -int RFCNB_IP_Connect(struct in_addr Dest_IP, int port); - -int RFCNB_Session_Req(struct RFCNB_Con *con, - char *Called_Name, - char *Calling_Name, - BOOL * redirect, - struct in_addr *Dest_IP, - int *port); --- squid/ntlm_auth_modules/NTLMSSP/smbval/rfcnb.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,55 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * RFCNB Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* Error responses */ - -#include "rfcnb-error.h" -#include "rfcnb-common.h" -#include "smblib-priv.h" - -/* Defines we need */ - -#define RFCNB_Default_Port 139 - -/* Definition of routines we define */ - -void *RFCNB_Call(char *Called_Name, char *Calling_Name, char *Called_Address, - int port); - -int RFCNB_Send(void *Con_Handle, struct RFCNB_Pkt *Data, int Length); - -int RFCNB_Recv(void *Con_Handle, struct RFCNB_Pkt *Data, int Length); - -int RFCNB_Hangup(void *con_Handle); - -void *RFCNB_Listen(); - -void RFCNB_Get_Error(char *buffer, int buf_len); - -struct RFCNB_Pkt *RFCNB_Alloc_Pkt(int n); - -void RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt); - -int RFCNB_Set_Sock_NoDelay(void *con_Handle, BOOL yn); --- squid/ntlm_auth_modules/NTLMSSP/smbval/session.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,388 +0,0 @@ -/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation - * - * Version 1.0 - * Session Routines ... - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include - -int RFCNB_errno = 0; -int RFCNB_saved_errno = 0; -#define RFCNB_ERRNO - -#include "std-includes.h" -#include -#include "rfcnb-priv.h" -#include "rfcnb-util.h" -#include "rfcnb-io.h" - -/* global data structures */ - -static char *RFCNB_Error_Strings[] = -{ - - "RFCNBE_OK: Routine completed successfully.", - "RFCNBE_NoSpace: No space available for a malloc call.", - "RFCNBE_BadName: NetBIOS name could not be translated to IP address.", - "RFCNBE_BadRead: Read system call returned an error. Check errno.", - "RFCNBE_BadWrite: Write system call returned an error. Check errno.", - "RFCNBE_ProtErr: A protocol error has occurred.", - "RFCNBE_ConGone: Connection dropped during a read or write system call.", - "RFCNBE_BadHandle: Bad connection handle passed.", - "RFCNBE_BadSocket: Problems creating socket.", - "RFCNBE_ConnectFailed: Connection failed. See errno.", - "RFCNBE_CallRejNLOCN: Call rejected. Not listening on called name.", - "RFCNBE_CallRejNLFCN: Call rejected. Not listening for called name.", - "RFCNBE_CallRejCNNP: Call rejected. Called name not present.", - "RFCNBE_CallRejInfRes: Call rejected. Name present, but insufficient resources.", - "RFCNBE_CallRejUnSpec: Call rejected. Unspecified error.", - "RFCNBE_BadParam: Bad parameters passed to a routine.", - "RFCNBE_Timeout: IO Operation timed out ..." - -}; - -int RFCNB_Stats[RFCNB_MAX_STATS]; - -void (*Prot_Print_Routine) () = NULL; /* Pointer to print routine */ - -/* Set up a session with a remote name. We are passed Called_Name as a - * string which we convert to a NetBIOS name, ie space terminated, up to - * 16 characters only if we need to. If Called_Address is not empty, then - * we use it to connect to the remote end, but put in Called_Name ... Called - * Address can be a DNS based name, or a TCP/IP address ... - */ - -void * -RFCNB_Call(char *Called_Name, char *Calling_Name, char *Called_Address, - int port) -{ - struct RFCNB_Con *con; - struct in_addr Dest_IP; - int Client; - BOOL redirect; - struct redirect_addr *redir_addr; - char *Service_Address; - - /* Now, we really should look up the port in /etc/services ... */ - - if (port == 0) - port = RFCNB_Default_Port; - - /* Create a connection structure first */ - - if ((con = (struct RFCNB_Con *) malloc(sizeof(struct RFCNB_Con))) == NULL) { /* Error in size */ - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (NULL); - - } - con->fd = -0; /* no descriptor yet */ - con->rfc_errno = 0; /* no error yet */ - con->timeout = 0; /* no timeout */ - con->redirects = 0; - con->redirect_list = NULL; /* Fix bug still in version 0.50 */ - - /* Resolve that name into an IP address */ - - Service_Address = Called_Name; - if (strcmp(Called_Address, "") != 0) { /* If the Called Address = "" */ - Service_Address = Called_Address; - } - if ((errno = RFCNB_Name_To_IP(Service_Address, &Dest_IP)) < 0) { /* Error */ - - /* No need to modify RFCNB_errno as it was done by RFCNB_Name_To_IP */ - - return (NULL); - - } - /* Now connect to the remote end */ - - redirect = TRUE; /* Fudge this one so we go once through */ - - while (redirect) { /* Connect and get session info etc */ - - redirect = FALSE; /* Assume all OK */ - - /* Build the redirect info. First one is first addr called */ - /* And tack it onto the list of addresses we called */ - - if ((redir_addr = (struct redirect_addr *) malloc(sizeof(struct redirect_addr))) == NULL) { /* Could not get space */ - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (NULL); - - } - memcpy((char *) &(redir_addr->ip_addr), (char *) &Dest_IP, sizeof(Dest_IP)); - redir_addr->port = port; - redir_addr->next = NULL; - - if (con->redirect_list == NULL) { /* Stick on head */ - - con->redirect_list = con->last_addr = redir_addr; - - } else { - - con->last_addr->next = redir_addr; - con->last_addr = redir_addr; - - } - - /* Now, make that connection */ - - if ((Client = RFCNB_IP_Connect(Dest_IP, port)) < 0) { /* Error */ - - /* No need to modify RFCNB_errno as it was done by RFCNB_IP_Connect */ - - return (NULL); - - } - con->fd = Client; - - /* Now send and handle the RFCNB session request */ - /* If we get a redirect, we will comeback with redirect true - * and a new IP address in DEST_IP */ - - if ((errno = RFCNB_Session_Req(con, - Called_Name, - Calling_Name, - &redirect, &Dest_IP, &port)) < 0) { - - /* No need to modify RFCNB_errno as it was done by RFCNB_Session.. */ - - return (NULL); - - } - if (redirect) { - - /* We have to close the connection, and then try again */ - - (con->redirects)++; - - RFCNB_Close(con->fd); /* Close it */ - - } - } - - return (con); - -} - -/* We send a packet to the other end ... for the moment, we treat the - * data as a series of pointers to blocks of data ... we should check the - * length ... */ - -int -RFCNB_Send(struct RFCNB_Con *Con_Handle, struct RFCNB_Pkt *udata, int Length) -{ - struct RFCNB_Pkt *pkt; - char *hdr; - int len; - - /* Plug in the header and send the data */ - - pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Hdr_Len); - - if (pkt == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - pkt->next = udata; /* The user data we want to send */ - - hdr = pkt->data; - - /* Following crap is for portability across multiple UNIX machines */ - - *(hdr + RFCNB_Pkt_Type_Offset) = RFCNB_SESSION_MESSAGE; - RFCNB_Put_Pkt_Len(hdr, Length); - -#ifdef RFCNB_DEBUG - - fprintf(stderr, "Sending packet: "); - -#endif - - if ((len = RFCNB_Put_Pkt(Con_Handle, pkt, Length + RFCNB_Pkt_Hdr_Len)) < 0) { - - /* No need to change RFCNB_errno as it was done by put_pkt ... */ - - return (RFCNBE_Bad); /* Should be able to write that lot ... */ - - } - /* Now we have sent that lot, let's get rid of the RFCNB Header and return */ - - pkt->next = NULL; - - RFCNB_Free_Pkt(pkt); - - return (len); - -} - -/* We pick up a message from the internet ... We have to worry about - * non-message packets ... */ - -int -RFCNB_Recv(void *con_Handle, struct RFCNB_Pkt *Data, int Length) -{ - struct RFCNB_Pkt *pkt; - int ret_len; - - if (con_Handle == NULL) { - - RFCNB_errno = RFCNBE_BadHandle; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - /* Now get a packet from below. We allocate a header first */ - - /* Plug in the header and send the data */ - - pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Hdr_Len); - - if (pkt == NULL) { - - RFCNB_errno = RFCNBE_NoSpace; - RFCNB_saved_errno = errno; - return (RFCNBE_Bad); - - } - pkt->next = Data; /* Plug in the data portion */ - - if ((ret_len = RFCNB_Get_Pkt(con_Handle, pkt, Length + RFCNB_Pkt_Hdr_Len)) < 0) { - -#ifdef RFCNB_DEBUG - fprintf(stderr, "Bad packet return in RFCNB_Recv... \n"); -#endif - - return (RFCNBE_Bad); - - } - /* We should check that we go a message and not a keep alive */ - - pkt->next = NULL; - - RFCNB_Free_Pkt(pkt); - - return (ret_len); - -} - -/* We just disconnect from the other end, as there is nothing in the RFCNB */ -/* protocol that specifies any exchange as far as I can see */ - -int -RFCNB_Hangup(struct RFCNB_Con *con_Handle) -{ - - if (con_Handle != NULL) { - RFCNB_Close(con_Handle->fd); /* Could this fail? */ - free(con_Handle); - } - return 0; - - -} - -/* Set TCP_NODELAY on the socket */ - -int -RFCNB_Set_Sock_NoDelay(struct RFCNB_Con *con_Handle, BOOL yn) -{ - - return (setsockopt(con_Handle->fd, IPPROTO_TCP, TCP_NODELAY, - (char *) &yn, sizeof(yn))); - -} - - -/* Listen for a connection on a port???, when */ -/* the connection comes in, we return with the connection */ - -void * -RFCNB_Listen() -{ - fprintf(stderr, "RFCNB_Listen NOT IMPLEMENTED as yet!\n"); - return NULL; -} - -/* Pick up the last error response as a string, hmmm, this routine should */ -/* have been different ... */ - -void -RFCNB_Get_Error(char *buffer, int buf_len) -{ - - if (RFCNB_saved_errno <= 0) { - sprintf(buffer, "%s", RFCNB_Error_Strings[RFCNB_errno]); - } else { - sprintf(buffer, "%s\n\terrno:%s", RFCNB_Error_Strings[RFCNB_errno], - strerror(RFCNB_saved_errno)); - } - -} - -/* Pick up the last error response and returns as a code */ - -int -RFCNB_Get_Last_Error() -{ - - return (RFCNB_errno); - -} - -/* Pick up saved errno as well */ - -int -RFCNB_Get_Last_Errno() -{ - - return (RFCNB_saved_errno); - -} - -/* Pick up the last error response and return in string ... */ - -void -RFCNB_Get_Error_Msg(int code, char *msg_buf, int len) -{ - - strncpy(msg_buf, RFCNB_Error_Strings[abs(code)], len); - -} - -/* Register a higher level protocol print routine */ - -void -RFCNB_Register_Print_Routine(void (*fn) ()) -{ - - Prot_Print_Routine = fn; - -} --- squid/ntlm_auth_modules/NTLMSSP/smbval/smbdes.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,364 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * - * a partial implementation of DES designed for use in the - * SMB authentication protocol - * - * Copyright (C) Andrew Tridgell 1997 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -/* NOTES: - * - * This code makes no attempt to be fast! In fact, it is a very - * slow implementation - * - * This code is NOT a complete DES implementation. It implements only - * the minimum necessary for SMB authentication, as used by all SMB - * products (including every copy of Microsoft Windows95 ever sold) - * - * In particular, it can only do a unchained forward DES pass. This - * means it is not possible to use this code for encryption/decryption - * of data, instead it is only useful as a "hash" algorithm. - * - * There is no entry point into this code that allows normal DES operation. - * - * I believe this means that this code does not come under ITAR - * regulations but this is NOT a legal opinion. If you are concerned - * about the applicability of ITAR regulations to this code then you - * should confirm it for yourself (and maybe let me know if you come - * up with a different answer to the one above) - */ - - - -static int perm1[56] = -{57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4}; - -static int perm2[48] = -{14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32}; - -static int perm3[64] = -{58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7}; - -static int perm4[48] = -{32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1}; - -static int perm5[32] = -{16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25}; - - -static int perm6[64] = -{40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25}; - - -static int sc[16] = -{1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}; - -static int sbox[8][4][16] = -{ - { - {14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, - {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, - {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, - {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, - - { - {15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, - {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, - {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, - {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, - - { - {10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, - {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, - {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, - {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, - - { - {7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, - {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, - {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, - {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, - - { - {2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, - {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, - {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, - {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, - - { - {12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, - {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, - {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, - {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, - - { - {4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, - {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, - {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, - {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, - - { - {13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, - {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, - {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, - {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}}; - -static void -permute(char *out, char *in, int *p, int n) -{ - int i; - for (i = 0; i < n; i++) - out[i] = in[p[i] - 1]; -} - -static void -lshift(char *d, int count, int n) -{ - char out[64]; - int i; - for (i = 0; i < n; i++) - out[i] = d[(i + count) % n]; - for (i = 0; i < n; i++) - d[i] = out[i]; -} - -static void -concat(char *out, char *in1, char *in2, int l1, int l2) -{ - while (l1--) - *out++ = *in1++; - while (l2--) - *out++ = *in2++; -} - -static void -xor(char *out, char *in1, char *in2, int n) -{ - int i; - for (i = 0; i < n; i++) - out[i] = in1[i] ^ in2[i]; -} - -static void -dohash(char *out, char *in, char *key) -{ - int i, j, k; - char pk1[56]; - char c[28]; - char d[28]; - char cd[56]; - char ki[16][48]; - char pd1[64]; - char l[32], r[32]; - char rl[64]; - - permute(pk1, key, perm1, 56); - - for (i = 0; i < 28; i++) - c[i] = pk1[i]; - for (i = 0; i < 28; i++) - d[i] = pk1[i + 28]; - - for (i = 0; i < 16; i++) { - lshift(c, sc[i], 28); - lshift(d, sc[i], 28); - - concat(cd, c, d, 28, 28); - permute(ki[i], cd, perm2, 48); - } - - permute(pd1, in, perm3, 64); - - for (j = 0; j < 32; j++) { - l[j] = pd1[j]; - r[j] = pd1[j + 32]; - } - - for (i = 0; i < 16; i++) { - char er[48]; - char erk[48]; - char b[8][6]; - char cb[32]; - char pcb[32]; - char r2[32]; - - permute(er, r, perm4, 48); - - xor(erk, er, ki[i], 48); - - for (j = 0; j < 8; j++) - for (k = 0; k < 6; k++) - b[j][k] = erk[j * 6 + k]; - - for (j = 0; j < 8; j++) { - int m, n; - m = (b[j][0] << 1) | b[j][5]; - - n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4]; - - for (k = 0; k < 4; k++) - b[j][k] = (sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0; - } - - for (j = 0; j < 8; j++) - for (k = 0; k < 4; k++) - cb[j * 4 + k] = b[j][k]; - permute(pcb, cb, perm5, 32); - - xor(r2, l, pcb, 32); - - for (j = 0; j < 32; j++) - l[j] = r[j]; - - for (j = 0; j < 32; j++) - r[j] = r2[j]; - } - - concat(rl, r, l, 32, 32); - - permute(out, rl, perm6, 64); -} - -static void -str_to_key(unsigned char *str, unsigned char *key) -{ - int i; - - key[0] = str[0] >> 1; - key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); - key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3); - key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4); - key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5); - key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6); - key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7); - key[7] = str[6] & 0x7F; - for (i = 0; i < 8; i++) { - key[i] = (key[i] << 1); - } -} - - -static void -smbhash(unsigned char *out, unsigned char *in, unsigned char *key) -{ - int i; - char outb[64]; - char inb[64]; - char keyb[64]; - unsigned char key2[8]; - - str_to_key(key, key2); - - for (i = 0; i < 64; i++) { - inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; - keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; - outb[i] = 0; - } - - dohash(outb, inb, keyb); - - for (i = 0; i < 8; i++) { - out[i] = 0; - } - - for (i = 0; i < 64; i++) { - if (outb[i]) - out[i / 8] |= (1 << (7 - (i % 8))); - } -} - -void -E_P16(unsigned char *p14, unsigned char *p16) -{ - unsigned char sp8[8] = - {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; - smbhash(p16, sp8, p14); - smbhash(p16 + 8, sp8, p14 + 7); -} - -void -E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24) -{ - smbhash(p24, c8, p21); - smbhash(p24 + 8, c8, p21 + 7); - smbhash(p24 + 16, c8, p21 + 14); -} - -void -cred_hash1(unsigned char *out, unsigned char *in, unsigned char *key) -{ - unsigned char buf[8]; - - smbhash(buf, in, key); - smbhash(out, buf, key + 9); -} - -void -cred_hash2(unsigned char *out, unsigned char *in, unsigned char *key) -{ - unsigned char buf[8]; - static unsigned char key2[8]; - - smbhash(buf, in, key); - key2[0] = key[7]; - smbhash(out, buf, key2); -} --- squid/ntlm_auth_modules/NTLMSSP/smbval/smbdes.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,2 +0,0 @@ -void E_P16(unsigned char *p14, unsigned char *p16); -void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24); --- squid/ntlm_auth_modules/NTLMSSP/smbval/smbencrypt.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,208 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * SMB parameters and setup - * Copyright (C) Andrew Tridgell 1992-1997 - * Modified by Jeremy Allison 1995. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include -#include -//#include -#include -#include -//#include -#include -#include - -#include "smblib-priv.h" -#include "md4.h" -#include "smbdes.h" -#define uchar unsigned char -extern int DEBUGLEVEL; - -#include "byteorder.h" - -char *StrnCpy(char *dest, char *src, int n); -void strupper(char *s); - -/* - * This implements the X/Open SMB password encryption - * It takes a password, a 8 byte "crypt key" and puts 24 bytes of - * encrypted password into p24 */ -void -SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) -{ - uchar p14[15], p21[21]; - - memset(p21, '\0', 21); - memset(p14, '\0', 14); - StrnCpy((char *) p14, (char *) passwd, 14); - - strupper((char *) p14); - E_P16(p14, p21); - E_P24(p21, c8, p24); -} - -/* Routines for Windows NT MD4 Hash functions. */ -static int -_my_wcslen(int16 * str) -{ - int len = 0; - while (*str++ != 0) - len++; - return len; -} - -/* - * Convert a string into an NT UNICODE string. - * Note that regardless of processor type - * this must be in intel (little-endian) - * format. - */ - -static int -_my_mbstowcs(int16 * dst, uchar * src, int len) -{ - int i; - int16 val; - - for (i = 0; i < len; i++) { - val = *src; - SSVAL(dst, 0, val); - dst++; - src++; - if (val == 0) - break; - } - return i; -} - -/* - * Creates the MD4 Hash of the users password in NT UNICODE. - */ - -void -E_md4hash(uchar * passwd, uchar * p16) -{ - int len; - int16 wpwd[129]; - - /* Password cannot be longer than 128 characters */ - len = strlen((char *) passwd); - if (len > 128) - len = 128; - /* Password must be converted to NT unicode */ - _my_mbstowcs(wpwd, passwd, len); - wpwd[len] = 0; /* Ensure string is null terminated */ - /* Calculate length in bytes */ - len = _my_wcslen(wpwd) * sizeof(int16); - - mdfour(p16, (unsigned char *) wpwd, len); -} - -/* Does the NT MD4 hash then des encryption. */ - -void -SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) -{ - uchar p21[21]; - - memset(p21, '\0', 21); - - E_md4hash(passwd, p21); - E_P24(p21, c8, p24); -} - -/* Does both the NT and LM owfs of a user's password */ - -void -nt_lm_owf_gen(char *pwd, char *nt_p16, char *p16) -{ - char passwd[130]; - StrnCpy(passwd, pwd, sizeof(passwd) - 1); - - /* Calculate the MD4 hash (NT compatible) of the password */ - memset(nt_p16, '\0', 16); - E_md4hash((uchar *) passwd, (uchar *) nt_p16); - - /* Mangle the passwords into Lanman format */ - passwd[14] = '\0'; - strupper(passwd); - - /* Calculate the SMB (lanman) hash functions of the password */ - - memset(p16, '\0', 16); - E_P16((uchar *) passwd, (uchar *) p16); - - /* clear out local copy of user's password (just being paranoid). */ - bzero(passwd, sizeof(passwd)); -} - -/**************************************************************************** -line strncpy but always null terminates. Make sure there is room! -****************************************************************************/ -char * -StrnCpy(char *dest, char *src, int n) -{ - char *d = dest; - if (!dest) - return (NULL); - if (!src) { - *dest = 0; - return (dest); - } - while (n-- && (*d++ = *src++)); - *d = 0; - return (dest); -} - -void -strupper(char *s) -{ - while (*s) { - /* - * #if !defined(KANJI_WIN95_COMPATIBILITY) - * if(lp_client_code_page() == KANJI_CODEPAGE) - * { - * - * if (is_shift_jis (*s)) - * { - * if (is_sj_lower (s[0], s[1])) - * s[1] = sj_toupper2 (s[1]); - * s += 2; - * } - * else if (is_kana (*s)) - * { - * s++; - * } - * else - * { - * if (islower(*s)) - * *s = toupper(*s); - * s++; - * } - * } - * else - * #endif *//* KANJI_WIN95_COMPATIBILITY */ - { - if (islower(*s)) - *s = toupper(*s); - s++; - } - } -} --- squid/ntlm_auth_modules/NTLMSSP/smbval/smbencrypt.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1 +0,0 @@ -void SMBencrypt(uchar * passwd, uchar * c8, uchar * p24); --- squid/ntlm_auth_modules/NTLMSSP/smbval/smblib-common.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,189 +0,0 @@ -#ifndef __SMBLIB_COMMON_H__ -#define __SMBLIB_COMMON_H__ - -/* UNIX SMBlib NetBIOS implementation - * - * Version 1.0 - * SMBlib Common Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/* To get the error class we want the first 8 bits */ -/* Because we just grab 4bytes from the SMB header, we have to re-order */ -/* here, but it makes the NtStatus part easier in future */ - -#define SMBlib_Error_Class(p) (p & 0x000000FF) - -/* To get the error code, we want the bottom 16 bits */ - -#define SMBlib_Error_Code(p) (((unsigned int)p & 0xFFFF0000) >>16) - -/* Error CLASS codes and etc ... */ - -#define SMBC_SUCCESS 0 -#define SMBC_ERRDOS 0x01 -#define SMBC_ERRSRV 0x02 -#define SMBC_ERRHRD 0x03 -#define SMBC_ERRCMD 0xFF - -/* Success error codes */ - -#define SMBS_BUFFERED 0x54 -#define SMBS_LOGGED 0x55 -#define SMBS_DISPLAYED 0x56 - -/* ERRDOS Error codes */ - -#define SMBD_badfunc 0x01 -#define SMBD_badfile 0x02 -#define SMBD_badpath 0x03 -#define SMBD_nofids 0x04 -#define SMBD_noaccess 0x05 -#define SMBD_badfid 0x06 -#define SMBD_badmcb 0x07 -#define SMBD_nomem 0x08 -#define SMBD_badmem 0x09 -#define SMBD_badenv 0x0A -#define SMBD_badformat 0x0B -#define SMBD_badaccess 0x0C -#define SMBD_baddata 0x0D -#define SMBD_reserved 0x0E -#define SMBD_baddrive 0x0F -#define SMBD_remcd 0x10 -#define SMBD_diffdevice 0x11 -#define SMBD_nofiles 0x12 -#define SMBD_badshare 0x20 -#define SMBD_errlock 0x21 -#define SMBD_filexists 0x50 - -/* Server errors ... */ - -#define SMBV_error 0x01 /* Generic error */ -#define SMBV_badpw 0x02 -#define SMBV_badtype 0x03 -#define SMBV_access 0x04 -#define SMBV_invnid 0x05 -#define SMBV_invnetname 0x06 -#define SMBV_invdevice 0x07 -#define SMBV_qfull 0x31 -#define SMBV_qtoobig 0x32 -#define SMBV_qeof 0x33 -#define SMBV_invpfid 0x34 -#define SMBV_paused 0x51 -#define SMBV_msgoff 0x52 -#define SMBV_noroom 0x53 -#define SMBV_rmuns 0x57 -#define SMBV_nosupport 0xFFFF - -/* Hardware error codes ... */ - -#define SMBH_nowrite 0x13 -#define SMBH_badunit 0x14 -#define SMBH_notready 0x15 -#define SMBH_badcmd 0x16 -#define SMBH_data 0x17 -#define SMBH_badreq 0x18 -#define SMBH_seek 0x19 -#define SMBH_badmedia 0x1A -#define SMBH_badsector 0x1B -#define SMBH_nopaper 0x1C -#define SMBH_write 0x1D -#define SMBH_read 0x1E -#define SMBH_general 0x1F -#define SMBH_badshare 0x20 - -/* Access mode defines ... */ - -#define SMB_AMODE_WTRU 0x4000 -#define SMB_AMODE_NOCACHE 0x1000 -#define SMB_AMODE_COMPAT 0x0000 -#define SMB_AMODE_DENYRWX 0x0010 -#define SMB_AMODE_DENYW 0x0020 -#define SMB_AMODE_DENYRX 0x0030 -#define SMB_AMODE_DENYNONE 0x0040 -#define SMB_AMODE_OPENR 0x0000 -#define SMB_AMODE_OPENW 0x0001 -#define SMB_AMODE_OPENRW 0x0002 -#define SMB_AMODE_OPENX 0x0003 -#define SMB_AMODE_FCBOPEN 0x00FF -#define SMB_AMODE_LOCUNKN 0x0000 -#define SMB_AMODE_LOCMSEQ 0x0100 -#define SMB_AMODE_LOCMRAN 0x0200 -#define SMB_AMODE_LOCRAL 0x0300 - -/* File attribute encoding ... */ - -#define SMB_FA_ORD 0x00 -#define SMB_FA_ROF 0x01 -#define SMB_FA_HID 0x02 -#define SMB_FA_SYS 0x04 -#define SMB_FA_VOL 0x08 -#define SMB_FA_DIR 0x10 -#define SMB_FA_ARC 0x20 - -/* Define the protocol types ... */ - -#define SMB_P_Unknown -1 /* Hmmm, is this smart? */ -#define SMB_P_Core 0 -#define SMB_P_CorePlus 1 -#define SMB_P_DOSLanMan1 2 -#define SMB_P_LanMan1 3 -#define SMB_P_DOSLanMan2 4 -#define SMB_P_LanMan2 5 -#define SMB_P_DOSLanMan2_1 6 -#define SMB_P_LanMan2_1 7 -#define SMB_P_NT1 8 - -/* SMBlib return codes */ -/* We want something that indicates whether or not the return code was a */ -/* remote error, a local error in SMBlib or returned from lower layer ... */ -/* Wonder if this will work ... */ -/* SMBlibE_Remote = 1 indicates remote error */ -/* SMBlibE_ values < 0 indicate local error with more info available */ -/* SMBlibE_ values >1 indicate local from SMBlib code errors? */ - -#define SMBlibE_Success 0 -#define SMBlibE_Remote 1 /* Remote error, get more info from con */ -#define SMBlibE_BAD -1 -#define SMBlibE_LowerLayer 2 /* Lower layer error */ -#define SMBlibE_NotImpl 3 /* Function not yet implemented */ -#define SMBlibE_ProtLow 4 /* Protocol negotiated does not support req */ -#define SMBlibE_NoSpace 5 /* No space to allocate a structure */ -#define SMBlibE_BadParam 6 /* Bad parameters */ -#define SMBlibE_NegNoProt 7 /* None of our protocols was liked */ -#define SMBlibE_SendFailed 8 /* Sending an SMB failed */ -#define SMBlibE_RecvFailed 9 /* Receiving an SMB failed */ -#define SMBlibE_GuestOnly 10 /* Logged in as guest */ -#define SMBlibE_CallFailed 11 /* Call remote end failed */ -#define SMBlibE_ProtUnknown 12 /* Protocol unknown */ -#define SMBlibE_NoSuchMsg 13 /* Keep this up to date */ - -typedef struct { /* A structure for a Dirent */ - - unsigned char resume_key[21]; /* Don't touch this */ - unsigned char file_attributes; /* Attributes of file */ - unsigned int date_time; /* date and time of last mod */ - unsigned int size; - char filename[13]; /* The name of the file */ - -} SMB_CP_dirent; - -#endif /* __SMBLIB_COMMON_H__ */ --- squid/ntlm_auth_modules/NTLMSSP/smbval/smblib-priv.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,655 +0,0 @@ -#ifndef __SMBLIB_PRIV_H__ -#define __SMBLIB_PRIV_H__ - -/* UNIX SMBlib NetBIOS implementation - * - * Version 1.0 - * SMBlib private Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "std-defines.h" -#include "smblib-common.h" -#include -#include - -typedef unsigned short uint16; -typedef unsigned int uint32; - -#include "byteorder.h" /* Hmmm ... hot good */ - -#define max(a,b) (a < b ? b : a) - -#define SMB_DEF_IDF 0x424D53FF /* "\377SMB" */ - -/* Core protocol commands */ - -#define SMBmkdir 0x00 /* create directory */ -#define SMBrmdir 0x01 /* delete directory */ -#define SMBopen 0x02 /* open file */ -#define SMBcreate 0x03 /* create file */ -#define SMBclose 0x04 /* close file */ -#define SMBflush 0x05 /* flush file */ -#define SMBunlink 0x06 /* delete file */ -#define SMBmv 0x07 /* rename file */ -#define SMBgetatr 0x08 /* get file attributes */ -#define SMBsetatr 0x09 /* set file attributes */ -#define SMBread 0x0A /* read from file */ -#define SMBwrite 0x0B /* write to file */ -#define SMBlock 0x0C /* lock byte range */ -#define SMBunlock 0x0D /* unlock byte range */ -#define SMBctemp 0x0E /* create temporary file */ -#define SMBmknew 0x0F /* make new file */ -#define SMBchkpth 0x10 /* check directory path */ -#define SMBexit 0x11 /* process exit */ -#define SMBlseek 0x12 /* seek */ -#define SMBtcon 0x70 /* tree connect */ -#define SMBtdis 0x71 /* tree disconnect */ -#define SMBnegprot 0x72 /* negotiate protocol */ -#define SMBdskattr 0x80 /* get disk attributes */ -#define SMBsearch 0x81 /* search directory */ -#define SMBsplopen 0xC0 /* open print spool file */ -#define SMBsplwr 0xC1 /* write to print spool file */ -#define SMBsplclose 0xC2 /* close print spool file */ -#define SMBsplretq 0xC3 /* return print queue */ -#define SMBsends 0xD0 /* send single block message */ -#define SMBsendb 0xD1 /* send broadcast message */ -#define SMBfwdname 0xD2 /* forward user name */ -#define SMBcancelf 0xD3 /* cancel forward */ -#define SMBgetmac 0xD4 /* get machine name */ -#define SMBsendstrt 0xD5 /* send start of multi-block message */ -#define SMBsendend 0xD6 /* send end of multi-block message */ -#define SMBsendtxt 0xD7 /* send text of multi-block message */ - -/* CorePlus protocol */ - -#define SMBlockread 0x13 /* Lock a range and read it */ -#define SMBwriteunlock 0x14 /* Unlock a range and then write */ -#define SMBreadbraw 0x1a /* read a block of data without smb header ohead */ -#define SMBwritebraw 0x1d /* write a block of data without smb header ohead */ -#define SMBwritec 0x20 /* secondary write request */ -#define SMBwriteclose 0x2c /* write a file and then close it */ - -/* DOS Extended Protocol */ - -#define SMBreadBraw 0x1A /* read block raw */ -#define SMBreadBmpx 0x1B /* read block multiplexed */ -#define SMBreadBs 0x1C /* read block (secondary response) */ -#define SMBwriteBraw 0x1D /* write block raw */ -#define SMBwriteBmpx 0x1E /* write block multiplexed */ -#define SMBwriteBs 0x1F /* write block (secondary request) */ -#define SMBwriteC 0x20 /* write complete response */ -#define SMBsetattrE 0x22 /* set file attributes expanded */ -#define SMBgetattrE 0x23 /* get file attributes expanded */ -#define SMBlockingX 0x24 /* lock/unlock byte ranges and X */ -#define SMBtrans 0x25 /* transaction - name, bytes in/out */ -#define SMBtranss 0x26 /* transaction (secondary request/response) */ -#define SMBioctl 0x27 /* IOCTL */ -#define SMBioctls 0x28 /* IOCTL (secondary request/response) */ -#define SMBcopy 0x29 /* copy */ -#define SMBmove 0x2A /* move */ -#define SMBecho 0x2B /* echo */ -#define SMBopenX 0x2D /* open and X */ -#define SMBreadX 0x2E /* read and X */ -#define SMBwriteX 0x2F /* write and X */ -#define SMBsesssetupX 0x73 /* Session Set Up & X (including User Logon) */ -#define SMBtconX 0x75 /* tree connect and X */ -#define SMBffirst 0x82 /* find first */ -#define SMBfunique 0x83 /* find unique */ -#define SMBfclose 0x84 /* find close */ -#define SMBinvalid 0xFE /* invalid command */ - -/* Any more ? */ - -#define SMBdatablockID 0x01 /* A data block identifier */ -#define SMBdialectID 0x02 /* A dialect id */ -#define SMBpathnameID 0x03 /* A pathname ID */ -#define SMBasciiID 0x04 /* An ascii string ID */ -#define SMBvariableblockID 0x05 /* A variable block ID */ - -/* some other defines we need */ - -/* Flags defines ... */ - -#define SMB_FLG2_NON_DOS 0x01 /* We know non dos names */ -#define SMB_FLG2_EXT_ATR 0x02 /* We know about Extended Attributes */ -#define SMB_FLG2_LNG_NAM 0x04 /* Long names ? */ - -typedef unsigned short WORD; -typedef unsigned short UWORD; -typedef unsigned int ULONG; -typedef unsigned char BYTE; -typedef unsigned char UCHAR; - -/* Some macros to allow access to actual packet data so that we */ -/* can change the underlying representation of packets. */ -/* */ -/* The current formats vying for attention are a fragment */ -/* approach where the SMB header is a fragment linked to the */ -/* data portion with the transport protocol (rfcnb or whatever) */ -/* being linked on the front. */ -/* */ -/* The other approach is where the whole packet is one array */ -/* of bytes with space allowed on the front for the packet */ -/* headers. */ - -#define SMB_Hdr(p) (char *)(p -> data) - -/* SMB Hdr def for File Sharing Protocol? From MS and Intel, */ -/* Intel PN 138446 Doc Version 2.0, Nov 7, 1988. This def also */ -/* applies to LANMAN1.0 as well as the Core Protocol */ -/* The spec states that wct and bcc must be present, even if 0 */ - -/* We define these as offsets into a char SMB[] array for the */ -/* sake of portability */ - -/* NOTE!. Some of the lenght defines, SMB__len do not include */ -/* the data that follows in the SMB packet, so the code will have to */ -/* take that into account. */ - -#define SMB_hdr_idf_offset 0 /* 0xFF,'SMB' 0-3 */ -#define SMB_hdr_com_offset 4 /* BYTE 4 */ -#define SMB_hdr_rcls_offset 5 /* BYTE 5 */ -#define SMB_hdr_reh_offset 6 /* BYTE 6 */ -#define SMB_hdr_err_offset 7 /* WORD 7 */ -#define SMB_hdr_reb_offset 9 /* BYTE 9 */ -#define SMB_hdr_flg_offset 9 /* same as reb ... */ -#define SMB_hdr_res_offset 10 /* 7 WORDs 10 */ -#define SMB_hdr_res0_offset 10 /* WORD 10 */ -#define SMB_hdr_flg2_offset 10 /* WORD */ -#define SMB_hdr_res1_offset 12 /* WORD 12 */ -#define SMB_hdr_res2_offset 14 -#define SMB_hdr_res3_offset 16 -#define SMB_hdr_res4_offset 18 -#define SMB_hdr_res5_offset 20 -#define SMB_hdr_res6_offset 22 -#define SMB_hdr_tid_offset 24 -#define SMB_hdr_pid_offset 26 -#define SMB_hdr_uid_offset 28 -#define SMB_hdr_mid_offset 30 -#define SMB_hdr_wct_offset 32 - -#define SMB_hdr_len 33 /* 33 byte header? */ - -#define SMB_hdr_axc_offset 33 /* AndX Command */ -#define SMB_hdr_axr_offset 34 /* AndX Reserved */ -#define SMB_hdr_axo_offset 35 /* Offset from start to WCT of AndX cmd */ - -/* Format of the Negotiate Protocol SMB */ - -#define SMB_negp_bcc_offset 33 -#define SMB_negp_buf_offset 35 /* Where the buffer starts */ -#define SMB_negp_len 35 /* plus the data */ - -/* Format of the Negotiate Response SMB, for CoreProtocol, LM1.2 and */ -/* NT LM 0.12. wct will be 1 for CoreProtocol, 13 for LM 1.2, and 17 */ -/* for NT LM 0.12 */ - -#define SMB_negrCP_idx_offset 33 /* Response to the neg req */ -#define SMB_negrCP_bcc_offset 35 -#define SMB_negrLM_idx_offset 33 /* dialect index */ -#define SMB_negrLM_sec_offset 35 /* Security mode */ -#define SMB_sec_user_mask 0x01 /* 0 = share, 1 = user */ -#define SMB_sec_encrypt_mask 0x02 /* pick out encrypt */ -#define SMB_negrLM_mbs_offset 37 /* max buffer size */ -#define SMB_negrLM_mmc_offset 39 /* max mpx count */ -#define SMB_negrLM_mnv_offset 41 /* max number of VCs */ -#define SMB_negrLM_rm_offset 43 /* raw mode support bit vec */ -#define SMB_read_raw_mask 0x01 -#define SMB_write_raw_mask 0x02 -#define SMB_negrLM_sk_offset 45 /* session key, 32 bits */ -#define SMB_negrLM_st_offset 49 /* Current server time */ -#define SMB_negrLM_sd_offset 51 /* Current server date */ -#define SMB_negrLM_stz_offset 53 /* Server Time Zone */ -#define SMB_negrLM_ekl_offset 55 /* encryption key length */ -#define SMB_negrLM_res_offset 57 /* reserved */ -#define SMB_negrLM_bcc_offset 59 /* bcc */ -#define SMB_negrLM_len 61 /* 61 bytes ? */ -#define SMB_negrLM_buf_offset 61 /* Where the fun begins */ - -#define SMB_negrNTLM_idx_offset 33 /* Selected protocol */ -#define SMB_negrNTLM_sec_offset 35 /* Security more */ -#define SMB_negrNTLM_mmc_offset 36 /* Different format above */ -#define SMB_negrNTLM_mnv_offset 38 /* Max VCs */ -#define SMB_negrNTLM_mbs_offset 40 /* MBS now a long */ -#define SMB_negrNTLM_mrs_offset 44 /* Max raw size */ -#define SMB_negrNTLM_sk_offset 48 /* Session Key */ -#define SMB_negrNTLM_cap_offset 52 /* Capabilities */ -#define SMB_negrNTLM_stl_offset 56 /* Server time low */ -#define SMB_negrNTLM_sth_offset 60 /* Server time high */ -#define SMB_negrNTLM_stz_offset 64 /* Server time zone */ -#define SMB_negrNTLM_ekl_offset 66 /* Encrypt key len */ -#define SMB_negrNTLM_bcc_offset 67 /* Bcc */ -#define SMB_negrNTLM_len 69 -#define SMB_negrNTLM_buf_offset 69 - -/* Offsets related to Tree Connect */ - -#define SMB_tcon_bcc_offset 33 -#define SMB_tcon_buf_offset 35 /* where the data is for tcon */ -#define SMB_tcon_len 35 /* plus the data */ - -#define SMB_tconr_mbs_offset 33 /* max buffer size */ -#define SMB_tconr_tid_offset 35 /* returned tree id */ -#define SMB_tconr_bcc_offset 37 -#define SMB_tconr_len 39 - -#define SMB_tconx_axc_offset 33 /* And X Command */ -#define SMB_tconx_axr_offset 34 /* reserved */ -#define SMB_tconx_axo_offset 35 /* Next command offset */ -#define SMB_tconx_flg_offset 37 /* Flags, bit0=1 means disc TID */ -#define SMB_tconx_pwl_offset 39 /* Password length */ -#define SMB_tconx_bcc_offset 41 /* bcc */ -#define SMB_tconx_buf_offset 43 /* buffer */ -#define SMB_tconx_len 43 /* up to data ... */ - -#define SMB_tconxr_axc_offset 33 /* Where the AndX Command is */ -#define SMB_tconxr_axr_offset 34 /* Reserved */ -#define SMB_tconxr_axo_offset 35 /* AndX offset location */ - -/* Offsets related to tree_disconnect */ - -#define SMB_tdis_bcc_offset 33 /* bcc */ -#define SMB_tdis_len 35 /* total len */ - -#define SMB_tdisr_bcc_offset 33 /* bcc */ -#define SMB_tdisr_len 35 - -/* Offsets related to Open Request */ - -#define SMB_open_mod_offset 33 /* Mode to open with */ -#define SMB_open_atr_offset 35 /* Attributes of file */ -#define SMB_open_bcc_offset 37 /* bcc */ -#define SMB_open_buf_offset 39 /* File name */ -#define SMB_open_len 39 /* Plus the file name */ - -#define SMB_openx_axc_offset 33 /* Next command */ -#define SMB_openx_axr_offset 34 /* Reserved */ -#define SMB_openx_axo_offset 35 /* offset of next wct */ -#define SMB_openx_flg_offset 37 /* Flags, bit0 = need more info */ - /* bit1 = exclusive oplock */ - /* bit2 = batch oplock */ -#define SMB_openx_mod_offset 39 /* mode to open with */ -#define SMB_openx_atr_offset 41 /* search attributes */ -#define SMB_openx_fat_offset 43 /* File attributes */ -#define SMB_openx_tim_offset 45 /* time and date of creat */ -#define SMB_openx_ofn_offset 49 /* Open function */ -#define SMB_openx_als_offset 51 /* Space to allocate on */ -#define SMB_openx_res_offset 55 /* reserved */ -#define SMB_openx_bcc_offset 63 /* bcc */ -#define SMB_openx_buf_offset 65 /* Where file name goes */ -#define SMB_openx_len 65 - -#define SMB_openr_fid_offset 33 /* FID returned */ -#define SMB_openr_atr_offset 35 /* Attributes opened with */ -#define SMB_openr_tim_offset 37 /* Last mod time of file */ -#define SMB_openr_fsz_offset 41 /* File size 4 bytes */ -#define SMB_openr_acc_offset 45 /* Access allowed */ -#define SMB_openr_bcc_offset 47 -#define SMB_openr_len 49 - -#define SMB_openxr_axc_offset 33 /* And X command */ -#define SMB_openxr_axr_offset 34 /* reserved */ -#define SMB_openxr_axo_offset 35 /* offset to next command */ -#define SMB_openxr_fid_offset 37 /* FID returned */ -#define SMB_openxr_fat_offset 39 /* File attributes returned */ -#define SMB_openxr_tim_offset 41 /* File creation date etc */ -#define SMB_openxr_fsz_offset 45 /* Size of file */ -#define SMB_openxr_acc_offset 49 /* Access granted */ - -#define SMB_clos_fid_offset 33 /* FID to close */ -#define SMB_clos_tim_offset 35 /* Last mod time */ -#define SMB_clos_bcc_offset 39 /* bcc */ -#define SMB_clos_len 41 - -/* Offsets related to Write requests */ - -#define SMB_write_fid_offset 33 /* FID to write */ -#define SMB_write_cnt_offset 35 /* bytes to write */ -#define SMB_write_ofs_offset 37 /* location to write to */ -#define SMB_write_clf_offset 41 /* advisory count left */ -#define SMB_write_bcc_offset 43 /* bcc = data bytes + 3 */ -#define SMB_write_buf_offset 45 /* Data=0x01, len, data */ -#define SMB_write_len 45 /* plus the data ... */ - -#define SMB_writr_cnt_offset 33 /* Count of bytes written */ -#define SMB_writr_bcc_offset 35 /* bcc */ -#define SMB_writr_len 37 - -/* Offsets related to read requests */ - -#define SMB_read_fid_offset 33 /* FID of file to read */ -#define SMB_read_cnt_offset 35 /* count of words to read */ -#define SMB_read_ofs_offset 37 /* Where to read from */ -#define SMB_read_clf_offset 41 /* Advisory count to go */ -#define SMB_read_bcc_offset 43 -#define SMB_read_len 45 - -#define SMB_readr_cnt_offset 33 /* Count of bytes returned */ -#define SMB_readr_res_offset 35 /* 4 shorts reserved, 8 bytes */ -#define SMB_readr_bcc_offset 43 /* bcc */ -#define SMB_readr_bff_offset 45 /* buffer format char = 0x01 */ -#define SMB_readr_len_offset 46 /* buffer len */ -#define SMB_readr_len 45 /* length of the readr before data */ - -/* Offsets for Create file */ - -#define SMB_creat_atr_offset 33 /* Attributes of new file ... */ -#define SMB_creat_tim_offset 35 /* Time of creation */ -#define SMB_creat_dat_offset 37 /* 4004BCE :-) */ -#define SMB_creat_bcc_offset 39 /* bcc */ -#define SMB_creat_buf_offset 41 -#define SMB_creat_len 41 /* Before the data */ - -#define SMB_creatr_fid_offset 33 /* FID of created file */ - -/* Offsets for Delete file */ - -#define SMB_delet_sat_offset 33 /* search attribites */ -#define SMB_delet_bcc_offset 35 /* bcc */ -#define SMB_delet_buf_offset 37 -#define SMB_delet_len 37 - -/* Offsets for SESSION_SETUP_ANDX for both LM and NT LM protocols */ - -#define SMB_ssetpLM_mbs_offset 37 /* Max buffer Size, allow for AndX */ -#define SMB_ssetpLM_mmc_offset 39 /* max multiplex count */ -#define SMB_ssetpLM_vcn_offset 41 /* VC number if new VC */ -#define SMB_ssetpLM_snk_offset 43 /* Session Key */ -#define SMB_ssetpLM_pwl_offset 47 /* password length */ -#define SMB_ssetpLM_res_offset 49 /* reserved */ -#define SMB_ssetpLM_bcc_offset 53 /* bcc */ -#define SMB_ssetpLM_len 55 /* before data ... */ -#define SMB_ssetpLM_buf_offset 55 - -#define SMB_ssetpNTLM_mbs_offset 37 /* Max Buffer Size for NT LM 0.12 */ - /* and above */ -#define SMB_ssetpNTLM_mmc_offset 39 /* Max Multiplex count */ -#define SMB_ssetpNTLM_vcn_offset 41 /* VC Number */ -#define SMB_ssetpNTLM_snk_offset 43 /* Session key */ -#define SMB_ssetpNTLM_cipl_offset 47 /* Case Insensitive PW Len */ -#define SMB_ssetpNTLM_cspl_offset 49 /* Unicode pw len */ -#define SMB_ssetpNTLM_res_offset 51 /* reserved */ -#define SMB_ssetpNTLM_cap_offset 55 /* server capabilities */ -#define SMB_ssetpNTLM_bcc_offset 59 /* bcc */ -#define SMB_ssetpNTLM_len 61 /* before data */ -#define SMB_ssetpNTLM_buf_offset 61 - -#define SMB_ssetpr_axo_offset 35 /* Offset of next response ... */ -#define SMB_ssetpr_act_offset 37 /* action, bit 0 = 1 => guest */ -#define SMB_ssetpr_bcc_offset 39 /* bcc */ -#define SMB_ssetpr_buf_offset 41 /* Native OS etc */ - -/* Offsets for SMB create directory */ - -#define SMB_creatdir_bcc_offset 33 /* only a bcc here */ -#define SMB_creatdir_buf_offset 35 /* Where things start */ -#define SMB_creatdir_len 35 - -/* Offsets for SMB delete directory */ - -#define SMB_deletdir_bcc_offset 33 /* only a bcc here */ -#define SMB_deletdir_buf_offset 35 /* where things start */ -#define SMB_deletdir_len 35 - -/* Offsets for SMB check directory */ - -#define SMB_checkdir_bcc_offset 33 /* Only a bcc here */ -#define SMB_checkdir_buf_offset 35 /* where things start */ -#define SMB_checkdir_len 35 - -/* Offsets for SMB search */ - -#define SMB_search_mdc_offset 33 /* Max Dir ents to return */ -#define SMB_search_atr_offset 35 /* Search attributes */ -#define SMB_search_bcc_offset 37 /* bcc */ -#define SMB_search_buf_offset 39 /* where the action is */ -#define SMB_search_len 39 - -#define SMB_searchr_dec_offset 33 /* Dir ents returned */ -#define SMB_searchr_bcc_offset 35 /* bcc */ -#define SMB_searchr_buf_offset 37 /* Where the action starts */ -#define SMB_searchr_len 37 /* before the dir ents */ - -#define SMB_searchr_dirent_len 43 /* 53 bytes */ - -/* Defines for SMB transact and transact2 calls */ - -#define SMB_trans_tpc_offset 33 /* Total param count */ -#define SMB_trans_tdc_offset 35 /* total Data count */ -#define SMB_trans_mpc_offset 37 /* Max params bytes to return */ -#define SMB_trans_mdc_offset 39 /* Max data bytes to return */ -#define SMB_trans_msc_offset 41 /* Max setup words to return */ -#define SMB_trans_rs1_offset 42 /* Reserved byte */ -#define SMB_trans_flg_offset 43 /* flags */ -#define SMB_trans_tmo_offset 45 /* Timeout, long */ -#define SMB_trans_rs2_offset 49 /* Next reserved */ -#define SMB_trans_pbc_offset 51 /* Param Byte count in buf */ -#define SMB_trans_pbo_offset 53 /* Offset to param bytes */ -#define SMB_trans_dbc_offset 55 /* Data byte count in buf */ -#define SMB_trans_dbo_offset 57 /* Data byte offset */ -#define SMB_trans_suc_offset 59 /* Setup count - byte */ -#define SMB_trans_rs3_offset 60 /* Reserved to pad ... */ -#define SMB_trans_len 61 /* Up to setup, still need bcc */ - -#define SMB_transr_tpc_offset 33 /* Total param bytes returned */ -#define SMB_transr_tdc_offset 35 -#define SMB_transr_rs1_offset 37 -#define SMB_transr_pbc_offset 39 -#define SMB_transr_pbo_offset 41 -#define SMB_transr_pdi_offset 43 /* parameter displacement */ -#define SMB_transr_dbc_offset 45 -#define SMB_transr_dbo_offset 47 -#define SMB_transr_ddi_offset 49 -#define SMB_transr_suc_offset 51 -#define SMB_transr_rs2_offset 52 -#define SMB_transr_len 53 - -/* Bit masks for SMB Capabilities ... */ - -#define SMB_cap_raw_mode 0x0001 -#define SMB_cap_mpx_mode 0x0002 -#define SMB_cap_unicode 0x0004 -#define SMB_cap_large_files 0x0008 -#define SMB_cap_nt_smbs 0x0010 -#define SMB_rpc_remote_apis 0x0020 -#define SMB_cap_nt_status 0x0040 -#define SMB_cap_level_II_oplocks 0x0080 -#define SMB_cap_lock_and_read 0x0100 -#define SMB_cap_nt_find 0x0200 - -/* SMB LANMAN api call defines */ - -#define SMB_LMapi_SetUserInfo 0x0072 -#define SMB_LMapi_UserPasswordSet 0x0073 - -/* Structures and defines we use in the client interface */ - -/* The protocols we might support. Perhaps a bit ambitious, as only RFCNB */ -/* has any support so far 0(sometimes called NBT) */ - -typedef enum { - SMB_RFCNB, SMB_IPXNB, SMB_NETBEUI, SMB_X25 -} SMB_Transport_Types; - -typedef enum { - SMB_Con_FShare, SMB_Con_PShare, SMB_Con_IPC -} SMB_Con_Types; - -typedef enum { - SMB_State_NoState, SMB_State_Stopped, SMB_State_Started -} SMB_State_Types; - -/* The following two arrays need to be in step! */ -/* We must make it possible for callers to specify these ... */ - - -extern char *SMB_Prots[]; - -/* - * static char *SMB_Prots[] = {"PC NETWORK PROGRAM 1.0", - * "MICROSOFT NETWORKS 1.03", - * "MICROSOFT NETWORKS 3.0", - * "DOS LANMAN1.0", - * "LANMAN1.0", - * "DOS LM1.2X002", - * "LM1.2X002", - * "DOS LANMAN2.1", - * "LANMAN2.1", - * "Samba", - * "NT LM 0.12", - * "NT LANMAN 1.0", - * NULL}; - */ -extern int SMB_Types[]; - -/* - * static int SMB_Types[] = {SMB_P_Core, - * SMB_P_CorePlus, - * SMB_P_DOSLanMan1, - * SMB_P_DOSLanMan1, - * SMB_P_LanMan1, - * SMB_P_DOSLanMan2, - * SMB_P_LanMan2, - * SMB_P_LanMan2_1, - * SMB_P_LanMan2_1, - * SMB_P_NT1, - * SMB_P_NT1, - * SMB_P_NT1, - * -1}; - */ -typedef struct SMB_Status { - - union { - struct { - unsigned char ErrorClass; - unsigned char Reserved; - unsigned short Error; - } DosError; - unsigned int NtStatus; - } status; -} SMB_Status; - -typedef struct SMB_Tree_Structure *SMB_Tree_Handle; - -typedef struct SMB_Connect_Def *SMB_Handle_Type; - -struct SMB_Connect_Def { - - SMB_Handle_Type Next_Con, Prev_Con; /* Next and previous conn */ - int protocol; /* What is the protocol */ - int prot_IDX; /* And what is the index */ - void *Trans_Connect; /* The connection */ - - /* All these strings should be malloc'd */ - - char service[80], username[80], password[80], desthost[80], sock_options[80]; - char address[80], myname[80]; - - SMB_Tree_Handle first_tree, last_tree; /* List of trees on this server */ - - int gid; /* Group ID, do we need it? */ - int mid; /* Multiplex ID? We might need one per con */ - int pid; /* Process ID */ - - int uid; /* Authenticated user id. */ - - /* It is pretty clear that we need to bust some of */ - /* these out into a per TCon record, as there may */ - /* be multiple TCon's per server, etc ... later */ - - int port; /* port to use in case not default, this is a TCPism! */ - - int max_xmit; /* Max xmit permitted by server */ - int Security; /* 0 = share, 1 = user */ - int Raw_Support; /* bit 0 = 1 = Read Raw supported, 1 = 1 Write raw */ - BOOL encrypt_passwords; /* FALSE = don't */ - int MaxMPX, MaxVC, MaxRaw; - unsigned int SessionKey, Capabilities; - int SvrTZ; /* Server Time Zone */ - int Encrypt_Key_Len; - char Encrypt_Key[80], Domain[80], PDomain[80], OSName[80], LMType[40]; - char Svr_OS[80], Svr_LMType[80], Svr_PDom[80]; - -}; - -#ifndef SMBLIB_DEFAULT_DOMAIN -#define SMBLIB_DEFAULT_DOMAIN "STAFF" -#endif -#define SMBLIB_DEFAULT_OSNAME "UNIX of some type" -#define SMBLIB_DEFAULT_LMTYPE "SMBlib LM2.1 minus a bit" -#define SMBLIB_MAX_XMIT 65535 - -#define SMB_Sec_Mode_Share 0 -#define SMB_Sec_Mode_User 1 - -/* A Tree_Structure */ - -struct SMB_Tree_Structure { - - SMB_Tree_Handle next, prev; - SMB_Handle_Type con; - char path[129]; - char device_type[20]; - int mbs; /* Local MBS */ - int tid; - -}; - -typedef struct SMB_File_Def SMB_File; - -struct SMB_File_Def { - - SMB_Tree_Handle tree; - char filename[256]; /* We should malloc this ... */ - UWORD fid; - unsigned int lastmod; - unsigned int size; /* Could blow up if 64bit files supported */ - UWORD access; - off_t fileloc; - -}; - -/* global Variables for the library */ - -extern SMB_State_Types SMBlib_State; - -#ifndef SMBLIB_ERRNO -extern int SMBlib_errno; -extern int SMBlib_SMB_Error; /* last Error */ -#endif - -SMB_Tree_Handle SMB_TreeConnect(SMB_Handle_Type con, SMB_Tree_Handle tree, - char *path, char *password, char *dev); - -int SMB_Init(); -void SMB_Get_My_Name(char *name, int len); -int SMB_Negotiate(SMB_Handle_Type Con_Handle, char *Prots[]); -int SMB_Discon(SMB_Handle_Type Con_Handle, BOOL KeepHandle); - -int SMB_Logon_Server(SMB_Handle_Type Con_Handle, char *UserName, - char *PassWord, char *UserDomain, int precrypted); - -int SMB_Get_Error_Msg(int msg, char *msgbuf, int len); - -int SMB_Get_Last_Error(); - -#endif /* __SMBLIB_PRIV_H__ */ --- squid/ntlm_auth_modules/NTLMSSP/smbval/smblib-util.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,801 +0,0 @@ -/* UNIX SMBlib NetBIOS implementation - * - * Version 1.0 - * SMBlib Utility Routines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "smblib-priv.h" -#include -#include - -#include "rfcnb.h" - -/* global data structures */ - -static int SMB_Types[] = -{SMB_P_Core, - SMB_P_CorePlus, - SMB_P_DOSLanMan1, - SMB_P_DOSLanMan1, - SMB_P_LanMan1, - SMB_P_DOSLanMan2, - SMB_P_LanMan2, - SMB_P_LanMan2_1, - SMB_P_LanMan2_1, - SMB_P_NT1, - SMB_P_NT1, - SMB_P_NT1, - -1}; - -static char *SMB_Prots[] = -{"PC NETWORK PROGRAM 1.0", - "MICROSOFT NETWORKS 1.03", - "MICROSOFT NETWORKS 3.0", - "DOS LANMAN1.0", - "LANMAN1.0", - "DOS LM1.2X002", - "LM1.2X002", - "DOS LANMAN2.1", - "LANMAN2.1", - "Samba", - "NT LM 0.12", - "NT LANMAN 1.0", - NULL}; - -/* Print out an SMB pkt in all its gory detail ... */ - -void -SMB_Print_Pkt(FILE fd, RFCNB_Pkt * pkt, BOOL command, int Offset, int Len) -{ - - /* Well, just how do we do this ... print it I suppose */ - - /* Print out the SMB header ... */ - - /* Print the command */ - - /* Print the other bits in the header */ - - - /* etc */ - -} - -/* Convert a DOS Date_Time to a local host type date time for printing */ - -char * -SMB_DOSTimToStr(int DOS_time) -{ - static char SMB_Time_Temp[48]; - int DOS_sec, DOS_min, DOS_hour, DOS_day, DOS_month, DOS_year; - - SMB_Time_Temp[0] = 0; - - DOS_sec = (DOS_time & 0x001F) * 2; - DOS_min = (DOS_time & 0x07E0) >> 5; - DOS_hour = ((DOS_time & 0xF800) >> 11); - - DOS_day = (DOS_time & 0x001F0000) >> 16; - DOS_month = (DOS_time & 0x01E00000) >> 21; - DOS_year = ((DOS_time & 0xFE000000) >> 25) + 80; - - sprintf(SMB_Time_Temp, "%2d/%02d/%2d %2d:%02d:%02d", DOS_day, DOS_month, - DOS_year, DOS_hour, DOS_min, DOS_sec); - - return (SMB_Time_Temp); - -} - -/* Convert an attribute byte/word etc to a string ... We return a pointer - * to a static string which we guarantee is long enough. If verbose is - * true, we print out long form of strings ... */ - -char * -SMB_AtrToStr(int attribs, BOOL verbose) -{ - static char SMB_Attrib_Temp[128]; - - SMB_Attrib_Temp[0] = 0; - - if (attribs & SMB_FA_ROF) - strcat(SMB_Attrib_Temp, (verbose ? "Read Only " : "R")); - - if (attribs & SMB_FA_HID) - strcat(SMB_Attrib_Temp, (verbose ? "Hidden " : "H")); - - if (attribs & SMB_FA_SYS) - strcat(SMB_Attrib_Temp, (verbose ? "System " : "S")); - - if (attribs & SMB_FA_VOL) - strcat(SMB_Attrib_Temp, (verbose ? "Volume " : "V")); - - if (attribs & SMB_FA_DIR) - strcat(SMB_Attrib_Temp, (verbose ? "Directory " : "D")); - - if (attribs & SMB_FA_ARC) - strcat(SMB_Attrib_Temp, (verbose ? "Archive " : "A")); - - return (SMB_Attrib_Temp); - -} - -/* Pick up the Max Buffer Size from the Tree Structure ... */ - -int -SMB_Get_Tree_MBS(SMB_Tree_Handle tree) -{ - if (tree != NULL) { - return (tree->mbs); - } else { - return (SMBlibE_BAD); - } -} - -/* Pick up the Max buffer size */ - -int -SMB_Get_Max_Buf_Siz(SMB_Handle_Type Con_Handle) -{ - if (Con_Handle != NULL) { - return (Con_Handle->max_xmit); - } else { - return (SMBlibE_BAD); - } - -} -/* Pickup the protocol index from the connection structure */ - -int -SMB_Get_Protocol_IDX(SMB_Handle_Type Con_Handle) -{ - if (Con_Handle != NULL) { - return (Con_Handle->prot_IDX); - } else { - return (0xFFFF); /* Invalid protocol */ - } - -} - -/* Pick up the protocol from the connection structure */ - -int -SMB_Get_Protocol(SMB_Handle_Type Con_Handle) -{ - if (Con_Handle != NULL) { - return (Con_Handle->protocol); - } else { - return (0xFFFF); /* Invalid protocol */ - } - -} - -/* Figure out what protocol was accepted, given the list of dialect strings */ -/* We offered, and the index back from the server. We allow for a user */ -/* supplied list, and assume that it is a subset of our list */ - -int -SMB_Figure_Protocol(char *dialects[], int prot_index) -{ - int i; - - if (dialects == SMB_Prots) { /* The jobs is easy, just index into table */ - - return (SMB_Types[prot_index]); - } else { /* Search through SMB_Prots looking for a match */ - - for (i = 0; SMB_Prots[i] != NULL; i++) { - - if (strcmp(dialects[prot_index], SMB_Prots[i]) == 0) { /* A match */ - - return (SMB_Types[i]); - - } - } - - /* If we got here, then we are in trouble, because the protocol was not */ - /* One we understand ... */ - - return (SMB_P_Unknown); - - } - -} - - -/* Negotiate the protocol we will use from the list passed in Prots */ -/* we return the index of the accepted protocol in NegProt, -1 indicates */ -/* none acceptible, and our return value is 0 if ok, <0 if problems */ - -int -SMB_Negotiate(SMB_Handle_Type Con_Handle, char *Prots[]) -{ - struct RFCNB_Pkt *pkt; - int prots_len, i, pkt_len, prot, alloc_len; - char *p; - - /* Figure out how long the prot list will be and allocate space for it */ - - prots_len = 0; - - for (i = 0; Prots[i] != NULL; i++) { - - prots_len = prots_len + strlen(Prots[i]) + 2; /* Account for null etc */ - - } - - /* The -1 accounts for the one byte smb_buf we have because some systems */ - /* don't like char msg_buf[] */ - - pkt_len = SMB_negp_len + prots_len; - - /* Make sure that the pkt len is long enough for the max response ... */ - /* Which is a problem, because the encryption key len eec may be long */ - - if (pkt_len < (SMB_hdr_wct_offset + (19 * 2) + 40)) { - - alloc_len = SMB_hdr_wct_offset + (19 * 2) + 40; - - } else { - - alloc_len = pkt_len; - - } - - pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(alloc_len); - - if (pkt == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - return (SMBlibE_BAD); - - } - /* Now plug in the bits we need */ - - bzero(SMB_Hdr(pkt), SMB_negp_len); - SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ - *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBnegprot; - SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); - *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; - - SSVAL(SMB_Hdr(pkt), SMB_negp_bcc_offset, prots_len); - - /* Now copy the prot strings in with the right stuff */ - - p = (char *) (SMB_Hdr(pkt) + SMB_negp_buf_offset); - - for (i = 0; Prots[i] != NULL; i++) { - - *p = SMBdialectID; - strcpy(p + 1, Prots[i]); - p = p + strlen(Prots[i]) + 2; /* Adjust len of p for null plus dialectID */ - - } - - /* Now send the packet and sit back ... */ - - if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { - - -#ifdef DEBUG - fprintf(stderr, "Error sending negotiate protocol\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_SendFailed; /* Failed, check lower layer errno */ - return (SMBlibE_BAD); - - } - /* Now get the response ... */ - - if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, alloc_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error receiving response to negotiate\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_RecvFailed; /* Failed, check lower layer errno */ - return (SMBlibE_BAD); - - } - if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ - -#ifdef DEBUG - fprintf(stderr, "SMB_Negotiate failed with errorclass = %i, Error Code = %i\n", - CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), - SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); -#endif - - SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_Remote; - return (SMBlibE_BAD); - - } - if (SVAL(SMB_Hdr(pkt), SMB_negrCP_idx_offset) == 0xFFFF) { - -#ifdef DEBUG - fprintf(stderr, "None of our protocols was accepted ... "); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_NegNoProt; - return (SMBlibE_BAD); - - } - /* Now, unpack the info from the response, if any and evaluate the proto */ - /* selected. We must make sure it is one we like ... */ - - Con_Handle->prot_IDX = prot = SVAL(SMB_Hdr(pkt), SMB_negrCP_idx_offset); - Con_Handle->protocol = SMB_Figure_Protocol(Prots, prot); - - if (Con_Handle->protocol == SMB_P_Unknown) { /* No good ... */ - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_ProtUnknown; - return (SMBlibE_BAD); - - } - switch (CVAL(SMB_Hdr(pkt), SMB_hdr_wct_offset)) { - - case 0x01: /* No more info ... */ - - break; - - case 13: /* Up to and including LanMan 2.1 */ - - Con_Handle->Security = SVAL(SMB_Hdr(pkt), SMB_negrLM_sec_offset); - Con_Handle->encrypt_passwords = ((Con_Handle->Security & SMB_sec_encrypt_mask) != 0x00); - Con_Handle->Security = Con_Handle->Security & SMB_sec_user_mask; - - Con_Handle->max_xmit = SVAL(SMB_Hdr(pkt), SMB_negrLM_mbs_offset); - Con_Handle->MaxMPX = SVAL(SMB_Hdr(pkt), SMB_negrLM_mmc_offset); - Con_Handle->MaxVC = SVAL(SMB_Hdr(pkt), SMB_negrLM_mnv_offset); - Con_Handle->Raw_Support = SVAL(SMB_Hdr(pkt), SMB_negrLM_rm_offset); - Con_Handle->SessionKey = IVAL(SMB_Hdr(pkt), SMB_negrLM_sk_offset); - Con_Handle->SvrTZ = SVAL(SMB_Hdr(pkt), SMB_negrLM_stz_offset); - Con_Handle->Encrypt_Key_Len = SVAL(SMB_Hdr(pkt), SMB_negrLM_ekl_offset); - - p = (SMB_Hdr(pkt) + SMB_negrLM_buf_offset); - fprintf(stderr, "%8s", (char *) (SMB_Hdr(pkt) + SMB_negrLM_buf_offset)); - memcpy(Con_Handle->Encrypt_Key, p, 8); - - p = (SMB_Hdr(pkt) + SMB_negrLM_buf_offset + Con_Handle->Encrypt_Key_Len); - - strncpy(p, Con_Handle->Svr_PDom, sizeof(Con_Handle->Svr_PDom) - 1); - - break; - - case 17: /* NT LM 0.12 and LN LM 1.0 */ - - Con_Handle->Security = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_sec_offset); - Con_Handle->encrypt_passwords = ((Con_Handle->Security & SMB_sec_encrypt_mask) != 0x00); - Con_Handle->Security = Con_Handle->Security & SMB_sec_user_mask; - - Con_Handle->max_xmit = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_mbs_offset); - Con_Handle->MaxMPX = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_mmc_offset); - Con_Handle->MaxVC = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_mnv_offset); - Con_Handle->MaxRaw = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_mrs_offset); - Con_Handle->SessionKey = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_sk_offset); - Con_Handle->SvrTZ = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_stz_offset); - Con_Handle->Encrypt_Key_Len = CVAL(SMB_Hdr(pkt), SMB_negrNTLM_ekl_offset); - - p = (SMB_Hdr(pkt) + SMB_negrNTLM_buf_offset); - memcpy(Con_Handle->Encrypt_Key, p, 8); - p = (SMB_Hdr(pkt) + SMB_negrNTLM_buf_offset + Con_Handle->Encrypt_Key_Len); - - strncpy(p, Con_Handle->Svr_PDom, sizeof(Con_Handle->Svr_PDom) - 1); - - break; - - default: - -#ifdef DEBUG - fprintf(stderr, "Unknown NegProt response format ... Ignored\n"); - fprintf(stderr, " wct = %i\n", CVAL(SMB_Hdr(pkt), SMB_hdr_wct_offset)); -#endif - - break; - } - -#ifdef DEBUG - fprintf(stderr, "Protocol selected is: %i:%s\n", prot, Prots[prot]); -#endif - - RFCNB_Free_Pkt(pkt); - return (0); - -} - -/* Get our hostname */ - -void -SMB_Get_My_Name(char *name, int len) -{ - - if (gethostname(name, len) < 0) { /* Error getting name */ - - strncpy(name, "unknown", len); - - /* Should check the error */ - -#ifdef DEBUG - fprintf(stderr, "gethostname in SMB_Get_My_Name returned error:"); - perror(""); -#endif - - } - /* only keep the portion up to the first "." */ - - -} - -/* Send a TCON to the remote server ... */ - -SMB_Tree_Handle -SMB_TreeConnect(SMB_Handle_Type Con_Handle, - SMB_Tree_Handle Tree_Handle, - char *path, - char *password, - char *device) -{ - struct RFCNB_Pkt *pkt; - int param_len, pkt_len; - char *p; - SMB_Tree_Handle tree; - - /* Figure out how much space is needed for path, password, dev ... */ - - if ((path == NULL) || (password == NULL) || (device == NULL)) { - -#ifdef DEBUG - fprintf(stderr, "Bad parameter passed to SMB_TreeConnect\n"); -#endif - - SMBlib_errno = SMBlibE_BadParam; - return (NULL); - - } - /* The + 2 is because of the \0 and the marker ... */ - - param_len = strlen(path) + 2 + strlen(password) + 2 + strlen(device) + 2; - - /* The -1 accounts for the one byte smb_buf we have because some systems */ - /* don't like char msg_buf[] */ - - pkt_len = SMB_tcon_len + param_len; - - pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); - - if (pkt == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - return (NULL); /* Should handle the error */ - - } - /* Now allocate a tree for this to go into ... */ - - if (Tree_Handle == NULL) { - - tree = (SMB_Tree_Handle) malloc(sizeof(struct SMB_Tree_Structure)); - - if (tree == NULL) { - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_NoSpace; - return (NULL); - - } - } else { - - tree = Tree_Handle; - - } - - tree->next = tree->prev = NULL; - tree->con = Con_Handle; - strncpy(tree->path, path, sizeof(tree->path)); - strncpy(tree->device_type, device, sizeof(tree->device_type)); - - /* Now plug in the values ... */ - - bzero(SMB_Hdr(pkt), SMB_tcon_len); - SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ - *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBtcon; - SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); - *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; - - SSVAL(SMB_Hdr(pkt), SMB_tcon_bcc_offset, param_len); - - /* Now copy the param strings in with the right stuff */ - - p = (char *) (SMB_Hdr(pkt) + SMB_tcon_buf_offset); - *p = SMBasciiID; - strcpy(p + 1, path); - p = p + strlen(path) + 2; - *p = SMBasciiID; - strcpy(p + 1, password); - p = p + strlen(password) + 2; - *p = SMBasciiID; - strcpy(p + 1, device); - - /* Now send the packet and sit back ... */ - - if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error sending TCon request\n"); -#endif - - if (Tree_Handle == NULL) - free(tree); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_SendFailed; - return (NULL); - - } - /* Now get the response ... */ - - if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error receiving response to TCon\n"); -#endif - - if (Tree_Handle == NULL) - free(tree); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_RecvFailed; - return (NULL); - - } - /* Check out the response type ... */ - - if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ - -#ifdef DEBUG - fprintf(stderr, "SMB_TCon failed with errorclass = %i, Error Code = %i\n", - CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), - SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); -#endif - - if (Tree_Handle == NULL) - free(tree); - SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_Remote; - return (NULL); - - } - tree->tid = SVAL(SMB_Hdr(pkt), SMB_tconr_tid_offset); - tree->mbs = SVAL(SMB_Hdr(pkt), SMB_tconr_mbs_offset); - -#ifdef DEBUG - fprintf(stderr, "TConn succeeded, with TID=%i, Max Xmit=%i\n", - tree->tid, tree->mbs); -#endif - - /* Now link the Tree to the Server Structure ... */ - - if (Con_Handle->first_tree == NULL) { - - Con_Handle->first_tree = tree; - Con_Handle->last_tree = tree; - - } else { - - Con_Handle->last_tree->next = tree; - tree->prev = Con_Handle->last_tree; - Con_Handle->last_tree = tree; - - } - - RFCNB_Free_Pkt(pkt); - return (tree); - -} - -int -SMB_TreeDisconnect(SMB_Tree_Handle Tree_Handle, BOOL discard) -{ - struct RFCNB_Pkt *pkt; - int pkt_len; - - pkt_len = SMB_tdis_len; - - pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); - - if (pkt == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - return (SMBlibE_BAD); /* Should handle the error */ - - } - /* Now plug in the values ... */ - - bzero(SMB_Hdr(pkt), SMB_tdis_len); - SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ - *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBtdis; - SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Tree_Handle->con->pid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Tree_Handle->con->mid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Tree_Handle->con->uid); - *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; - - SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, Tree_Handle->tid); - SSVAL(SMB_Hdr(pkt), SMB_tcon_bcc_offset, 0); - - /* Now send the packet and sit back ... */ - - if (RFCNB_Send(Tree_Handle->con->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error sending TDis request\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_SendFailed; - return (SMBlibE_BAD); - - } - /* Now get the response ... */ - - if (RFCNB_Recv(Tree_Handle->con->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error receiving response to TCon\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = -SMBlibE_RecvFailed; - return (SMBlibE_BAD); - - } - /* Check out the response type ... */ - - if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ - -#ifdef DEBUG - fprintf(stderr, "SMB_TDis failed with errorclass = %i, Error Code = %i\n", - CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), - SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); -#endif - - SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_Remote; - return (SMBlibE_BAD); - - } - Tree_Handle->tid = 0xFFFF; /* Invalid TID */ - Tree_Handle->mbs = 0; /* Invalid */ - -#ifdef DEBUG - - fprintf(stderr, "Tree disconnect successful ...\n"); - -#endif - - /* What about the tree handle ? */ - - if (discard == TRUE) { /* Unlink it and free it ... */ - - if (Tree_Handle->next == NULL) - Tree_Handle->con->first_tree = Tree_Handle->prev; - else - Tree_Handle->next->prev = Tree_Handle->prev; - - if (Tree_Handle->prev == NULL) - Tree_Handle->con->last_tree = Tree_Handle->next; - else - Tree_Handle->prev->next = Tree_Handle->next; - - } - RFCNB_Free_Pkt(pkt); - return (0); - -} - -/* Pick up the last LMBlib error ... */ - -int -SMB_Get_Last_Error() -{ - - return (SMBlib_errno); - -} - -/* Pick up the last error returned in an SMB packet */ -/* We will need macros to extract error class and error code */ - -int -SMB_Get_Last_SMB_Err() -{ - - return (SMBlib_SMB_Error); - -} - -/* Pick up the error message associated with an error from SMBlib */ - -/* Keep this table in sync with the message codes in smblib-common.h */ - -static char *SMBlib_Error_Messages[] = -{ - - "Request completed sucessfully.", - "Server returned a non-zero SMB Error Class and Code.", - "A lower layer protocol error occurred.", - "Function not yet implemented.", - "The protocol negotiated does not support the request.", - "No space available for operation.", - "One or more bad parameters passed.", - "None of the protocols we offered were accepted.", - "The attempt to send an SMB request failed. See protocol error info.", - "The attempt to get an SMB response failed. See protocol error info.", - "The logon request failed, but you were logged in as guest.", - "The attempt to call the remote server failed. See protocol error info.", - "The protocol dialect specified in a NegProt and accepted by the server is unknown.", - /* This next one simplifies error handling */ - "No such error code.", - NULL}; - -int -SMB_Get_Error_Msg(int msg, char *msgbuf, int len) -{ - - if (msg >= 0) { - - strncpy(msgbuf, - SMBlib_Error_Messages[msg > SMBlibE_NoSuchMsg ? SMBlibE_NoSuchMsg : msg], - len - 1); - msgbuf[len - 1] = 0; /* Make sure it is a string */ - } else { /* Add the lower layer message ... */ - - char prot_msg[1024]; - - msg = -msg; /* Make it positive */ - - strncpy(msgbuf, - SMBlib_Error_Messages[msg > SMBlibE_NoSuchMsg ? SMBlibE_NoSuchMsg : msg], - len - 1); - - msgbuf[len - 1] = 0; /* make sure it is a string */ - - if (strlen(msgbuf) < len) { /* If there is space, put rest in */ - - strncat(msgbuf, "\n\t", len - strlen(msgbuf)); - - RFCNB_Get_Error(prot_msg, sizeof(prot_msg) - 1); - - strncat(msgbuf, prot_msg, len - strlen(msgbuf)); - - } - } - return 0; -} --- squid/ntlm_auth_modules/NTLMSSP/smbval/smblib.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,574 +0,0 @@ -/* UNIX SMBlib NetBIOS implementation - * - * Version 1.0 - * SMBlib Routines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "config.h" -#include -#include -#include - -int SMBlib_errno; -int SMBlib_SMB_Error; -#define SMBLIB_ERRNO -#define uchar unsigned char -#include "smblib-priv.h" - -#include "rfcnb.h" -#include "smbencrypt.h" - -#include - -#define DEBUG - -SMB_State_Types SMBlib_State; - -/* Initialize the SMBlib package */ - -int -SMB_Init() -{ - - SMBlib_State = SMB_State_Started; - - signal(SIGPIPE, SIG_IGN); /* Ignore these ... */ - -/* If SMBLIB_Instrument is defines, turn on the instrumentation stuff */ -#ifdef SMBLIB_INSTRUMENT - - SMBlib_Instrument_Init(); - -#endif - - return 0; - -} - -int -SMB_Term() -{ - -#ifdef SMBLIB_INSTRUMENT - - SMBlib_Instrument_Term(); /* Clean up and print results */ - -#endif - - return 0; - -} - -/* SMB_Create: Create a connection structure and return for later use */ -/* We have other helper routines to set variables */ - -SMB_Handle_Type -SMB_Create_Con_Handle() -{ - - SMBlib_errno = SMBlibE_NotImpl; - return (NULL); - -} - -int -SMBlib_Set_Sock_NoDelay(SMB_Handle_Type Con_Handle, BOOL yn) -{ - - - if (RFCNB_Set_Sock_NoDelay(Con_Handle->Trans_Connect, yn) < 0) { - -#ifdef DEBUG -#endif - - fprintf(stderr, "Setting no-delay on TCP socket failed ...\n"); - - } - return (0); - -} - -/* SMB_Connect_Server: Connect to a server, but don't negotiate protocol */ -/* or anything else ... */ - -SMB_Handle_Type -SMB_Connect_Server(SMB_Handle_Type Con_Handle, - char *server, char *NTdomain) -{ - SMB_Handle_Type con; - char called[80], calling[80], *address; - int i; - - /* Get a connection structure if one does not exist */ - - con = Con_Handle; - - if (Con_Handle == NULL) { - - if ((con = (struct SMB_Connect_Def *) malloc(sizeof(struct SMB_Connect_Def))) == NULL) { - - - SMBlib_errno = SMBlibE_NoSpace; - return NULL; - } - } - /* Init some things ... */ - - strcpy(con->service, ""); - strcpy(con->username, ""); - strcpy(con->password, ""); - strcpy(con->sock_options, ""); - strcpy(con->address, ""); - strcpy(con->desthost, server); - strcpy(con->PDomain, NTdomain); - strcpy(con->OSName, SMBLIB_DEFAULT_OSNAME); - strcpy(con->LMType, SMBLIB_DEFAULT_LMTYPE); - con->first_tree = con->last_tree = NULL; - - /* ugh. This is horribly broken. */ -/* SMB_Get_My_Name(con -> myname, sizeof(con -> myname)); */ - /* hacked by Kinkie */ - i = gethostname(con->myname, sizeof(con->myname)); - if (i == -1) { - strcpy(con->myname, "unknown"); - } else { - if (NULL != (address = strchr(con->myname, '.'))) { - *address = '\0'; /* truncate at first '.' */ - } - } - - - con->port = 0; /* No port selected */ - - /* Get some things we need for the SMB Header */ - - con->pid = getpid(); - con->mid = con->pid; /* This will do for now ... */ - con->uid = 0; /* Until we have done a logon, no uid ... */ - con->gid = getgid(); - - /* Now connect to the remote end, but first upper case the name of the - * service we are going to call, sine some servers want it in uppercase */ - - for (i = 0; i < strlen(server); i++) - called[i] = toupper(server[i]); - - called[strlen(server)] = 0; /* Make it a string */ - - for (i = 0; i < strlen(con->myname); i++) - calling[i] = toupper(con->myname[i]); - - calling[strlen(con->myname)] = 0; /* Make it a string */ - - if (strcmp(con->address, "") == 0) - address = con->desthost; - else - address = con->address; - - con->Trans_Connect = RFCNB_Call(called, - calling, - address, /* Protocol specific */ - con->port); - - /* Did we get one? */ - - if (con->Trans_Connect == NULL) { - - if (Con_Handle == NULL) { - Con_Handle = NULL; - free(con); - } - SMBlib_errno = -SMBlibE_CallFailed; - return NULL; - - } - return (con); - -} - -/* SMB_Connect: Connect to the indicated server */ -/* If Con_Handle == NULL then create a handle and connect, otherwise */ -/* use the handle passed */ - -char *SMB_Prots_Restrict[] = -{"PC NETWORK PROGRAM 1.0", - NULL}; - - -SMB_Handle_Type -SMB_Connect(SMB_Handle_Type Con_Handle, - SMB_Tree_Handle * tree, - char *service, - char *username, - char *password) -{ - SMB_Handle_Type con; - char *host, *address; - char temp[80], called[80], calling[80]; - int i; - - /* Get a connection structure if one does not exist */ - - con = Con_Handle; - - if (Con_Handle == NULL) { - - if ((con = (struct SMB_Connect_Def *) malloc(sizeof(struct SMB_Connect_Def))) == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - return NULL; - } - } - /* Init some things ... */ - - strcpy(con->service, service); - strcpy(con->username, username); - strcpy(con->password, password); - strcpy(con->sock_options, ""); - strcpy(con->address, ""); - strcpy(con->PDomain, SMBLIB_DEFAULT_DOMAIN); - strcpy(con->OSName, SMBLIB_DEFAULT_OSNAME); - strcpy(con->LMType, SMBLIB_DEFAULT_LMTYPE); - con->first_tree = con->last_tree = NULL; - - SMB_Get_My_Name(con->myname, sizeof(con->myname)); - - con->port = 0; /* No port selected */ - - /* Get some things we need for the SMB Header */ - - con->pid = getpid(); - con->mid = con->pid; /* This will do for now ... */ - con->uid = 0; /* Until we have done a logon, no uid */ - con->gid = getgid(); - - /* Now figure out the host portion of the service */ - - strcpy(temp, service); - host = (char *) strtok(temp, "/\\"); /* Separate host name portion */ - strcpy(con->desthost, host); - - /* Now connect to the remote end, but first upper case the name of the - * service we are going to call, sine some servers want it in uppercase */ - - for (i = 0; i < strlen(host); i++) - called[i] = toupper(host[i]); - - called[strlen(host)] = 0; /* Make it a string */ - - for (i = 0; i < strlen(con->myname); i++) - calling[i] = toupper(con->myname[i]); - - calling[strlen(con->myname)] = 0; /* Make it a string */ - - if (strcmp(con->address, "") == 0) - address = con->desthost; - else - address = con->address; - - con->Trans_Connect = RFCNB_Call(called, - calling, - address, /* Protocol specific */ - con->port); - - /* Did we get one? */ - - if (con->Trans_Connect == NULL) { - - if (Con_Handle == NULL) { - free(con); - Con_Handle = NULL; - } - SMBlib_errno = -SMBlibE_CallFailed; - return NULL; - - } - /* Now, negotiate the protocol */ - - if (SMB_Negotiate(con, SMB_Prots_Restrict) < 0) { - - /* Hmmm what should we do here ... We have a connection, but could not - * negotiate ... */ - - return NULL; - - } - /* Now connect to the service ... */ - - if ((*tree = SMB_TreeConnect(con, NULL, service, password, "A:")) == NULL) { - - return NULL; - - } - return (con); - -} - -/* Logon to the server. That is, do a session setup if we can. We do not do */ -/* Unicode yet! */ - -int -SMB_Logon_Server(SMB_Handle_Type Con_Handle, char *UserName, - char *PassWord, char *UserDomain, int precrypted) -{ - struct RFCNB_Pkt *pkt; - int param_len, pkt_len, pass_len; - char *p, pword[128]; - - /* First we need a packet etc ... but we need to know what protocol has */ - /* been negotiated to figure out if we can do it and what SMB format to */ - /* use ... */ - - if (Con_Handle->protocol < SMB_P_LanMan1) { - - SMBlib_errno = SMBlibE_ProtLow; - return (SMBlibE_BAD); - - } - if (precrypted) { - pass_len = 24; - memcpy(pword, PassWord, 24); - } else { - strcpy(pword, PassWord); - if (Con_Handle->encrypt_passwords) { - pass_len = 24; - SMBencrypt((uchar *) PassWord, (uchar *) Con_Handle->Encrypt_Key, (uchar *) pword); - } else - pass_len = strlen(pword); - } - - /* Now build the correct structure */ - - if (Con_Handle->protocol < SMB_P_NT1) { - - param_len = strlen(UserName) + 1 + pass_len + 1 + - strlen(UserDomain) + 1 + - strlen(Con_Handle->OSName) + 1; - - pkt_len = SMB_ssetpLM_len + param_len; - - pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); - - if (pkt == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - fprintf(stderr, "SMB_Logon_server: Couldn't allocate packet\n"); - return (SMBlibE_BAD); /* Should handle the error */ - } - bzero(SMB_Hdr(pkt), SMB_ssetpLM_len); - SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ - *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBsesssetupX; - SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); - *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 10; - *(SMB_Hdr(pkt) + SMB_hdr_axc_offset) = 0xFF; /* No extra command */ - SSVAL(SMB_Hdr(pkt), SMB_hdr_axo_offset, 0); - - SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_mbs_offset, SMBLIB_MAX_XMIT); - SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_mmc_offset, 2); - SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_vcn_offset, Con_Handle->pid); - SIVAL(SMB_Hdr(pkt), SMB_ssetpLM_snk_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_pwl_offset, pass_len + 1); - SIVAL(SMB_Hdr(pkt), SMB_ssetpLM_res_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_bcc_offset, param_len); - - /* Now copy the param strings in with the right stuff */ - - p = (char *) (SMB_Hdr(pkt) + SMB_ssetpLM_buf_offset); - - /* Copy in password, then the rest. Password has a null at end */ - - memcpy(p, pword, pass_len); - - p = p + pass_len + 1; - - strcpy(p, UserName); - p = p + strlen(UserName); - *p = 0; - - p = p + 1; - - strcpy(p, UserDomain); - p = p + strlen(UserDomain); - *p = 0; - p = p + 1; - - strcpy(p, Con_Handle->OSName); - p = p + strlen(Con_Handle->OSName); - *p = 0; - - } else { - - /* We don't admit to UNICODE support ... */ - - param_len = strlen(UserName) + 1 + pass_len + - strlen(UserDomain) + 1 + - strlen(Con_Handle->OSName) + 1 + - strlen(Con_Handle->LMType) + 1; - - pkt_len = SMB_ssetpNTLM_len + param_len; - - pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); - - if (pkt == NULL) { - - SMBlib_errno = SMBlibE_NoSpace; - fprintf(stderr, "SMB_Logon_server: Couldn't allocate packet\n"); - return (-1); /* Should handle the error */ - } - bzero(SMB_Hdr(pkt), SMB_ssetpNTLM_len); - SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ - *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBsesssetupX; - SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); - SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); - *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 13; - *(SMB_Hdr(pkt) + SMB_hdr_axc_offset) = 0xFF; /* No extra command */ - SSVAL(SMB_Hdr(pkt), SMB_hdr_axo_offset, 0); - - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_mbs_offset, SMBLIB_MAX_XMIT); - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_mmc_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_vcn_offset, 0); - SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_snk_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cipl_offset, pass_len); - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cspl_offset, 0); - SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_res_offset, 0); - SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cap_offset, 0); - SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_bcc_offset, param_len); - - /* Now copy the param strings in with the right stuff */ - - p = (char *) (SMB_Hdr(pkt) + SMB_ssetpNTLM_buf_offset); - - /* Copy in password, then the rest. Password has no null at end */ - - memcpy(p, pword, pass_len); - - p = p + pass_len; - - strcpy(p, UserName); - p = p + strlen(UserName); - *p = 0; - - p = p + 1; - - strcpy(p, UserDomain); - p = p + strlen(UserDomain); - *p = 0; - p = p + 1; - - strcpy(p, Con_Handle->OSName); - p = p + strlen(Con_Handle->OSName); - *p = 0; - p = p + 1; - - strcpy(p, Con_Handle->LMType); - p = p + strlen(Con_Handle->LMType); - *p = 0; - - } - - /* Now send it and get a response */ - - if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error sending SessSetupX request\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_SendFailed; - return (SMBlibE_BAD); - - } - /* Now get the response ... */ - - if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { - -#ifdef DEBUG - fprintf(stderr, "Error receiving response to SessSetupAndX\n"); -#endif - - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_RecvFailed; - return (SMBlibE_BAD); - - } - /* Check out the response type ... */ - - if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ - -#ifdef DEBUG - fprintf(stderr, "SMB_SessSetupAndX failed with errorclass = %i, Error Code = %i\n", - CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), - SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); -#endif - - SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); - RFCNB_Free_Pkt(pkt); - SMBlib_errno = SMBlibE_Remote; - return (SMBlibE_BAD); - - } -/** @@@ mdz: check for guest login { **/ - if (SVAL(SMB_Hdr(pkt), SMB_ssetpr_act_offset) & 0x1) { - /* do we allow guest login? NO! */ - return (SMBlibE_BAD); - - } -/** @@@ mdz: } **/ - - -#ifdef DEBUG - fprintf(stderr, "SessSetupAndX response. Action = %i\n", - SVAL(SMB_Hdr(pkt), SMB_ssetpr_act_offset)); -#endif - - /* Now pick up the UID for future reference ... */ - - Con_Handle->uid = SVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset); - RFCNB_Free_Pkt(pkt); - - return (0); - -} - - -/* Disconnect from the server, and disconnect all tree connects */ - -int -SMB_Discon(SMB_Handle_Type Con_Handle, BOOL KeepHandle) -{ - - /* We just disconnect the connection for now ... */ - if (Con_Handle != NULL) - RFCNB_Hangup(Con_Handle->Trans_Connect); - - if (!KeepHandle) - free(Con_Handle); - - return (0); - -} --- squid/ntlm_auth_modules/NTLMSSP/smbval/smblib.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,98 +0,0 @@ -/* UNIX SMBlib NetBIOS implementation - * - * Version 1.0 - * SMBlib Defines - * - * Copyright (C) Richard Sharpe 1996 - * - */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "std-defines.h" -#include "smblib-common.h" - -/* Just define all the entry points */ - -/* Create a handle to allow us to set/override some parameters ... */ - -void *SMB_Create_Con_Handle(); - -/* Connect to a server, but do not do a tree con etc ... */ - -void *SMB_Connect_Server(void *Con, char *server, char *NTdomain); - -/* Connect to a server and give us back a handle. If Con == NULL, create */ -/* The handle and populate it with defaults */ - -void *SMB_Connect(void *Con, void **tree, - char *name, char *User, char *Password); - -/* Negotiate a protocol */ - -int SMB_Negotiate(void *Con_Handle, char *Prots[]); - -/* Connect to a tree ... */ - -void *SMB_TreeConnect(void *con_handle, void *tree_handle, - char *path, char *password, char *dev); - -/* Disconnect a tree ... */ - -int SMB_TreeDisconect(void *tree_handle); - -/* Open a file */ - -void *SMB_Open(void *tree_handle, - void *file_handle, - char *file_name, - unsigned short mode, - unsigned short search); - -/* Close a file */ - -int SMB_Close(void *file_handle); - -/* Disconnect from server. Has flag to specify whether or not we keep the */ -/* handle. */ - -int SMB_Discon(void *Con, BOOL KeepHandle); - -void *SMB_Create(void *Tree_Handle, - void *File_Handle, - char *file_name, - short search); - -int SMB_Delete(void *tree, char *file_name, short search); - -int SMB_Create_Dir(void *tree, char *dir_name); - -int SMB_Delete_Dir(void *tree, char *dir_name); - -int SMB_Check_Dir(void *tree, char *dir_name); - -int SMB_Get_Last_Error(); - -int SMB_Get_Last_SMB_Err(); - -int SMB_Get_Error_Msg(int msg, char *msgbuf, int len); - -void *SMB_Logon_And_TCon(void *con, void *tree, char *user, char *pass, - char *service, char *st); - - -#define SMBLIB_DEFAULT_DOMAIN "anydom" --- squid/ntlm_auth_modules/NTLMSSP/smbval/std-defines.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,45 +0,0 @@ -#ifndef __STD_DEFINES__ -#define __STD_DEFINES__ - -/* RFCNB Standard includes ... */ -/* - * - * SMBlib Standard Includes - * - * Copyright (C) 1996, Richard Sharpe - * - * One day we will conditionalize these on OS types ... */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#define BOOL int -typedef short int16; - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define TRUE 1 -#define FALSE 0 - -#endif /* __STD_DEFINES__ */ --- squid/ntlm_auth_modules/NTLMSSP/smbval/std-includes.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,45 +0,0 @@ -/* RFCNB Standard includes ... */ -/* - * - * RFCNB Standard Includes - * - * Copyright (C) 1996, Richard Sharpe - * - * One day we will conditionalize these on OS types ... */ - -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#define BOOL int -typedef short int16; - -#include -#include -#include -#include -#include -#include -#include -#include - -#define TRUE 1 -#define FALSE 0 - -/* Pick up define for INADDR_NONE */ - -#ifndef INADDR_NONE -#define INADDR_NONE -1 -#endif --- squid/ntlm_auth_modules/NTLMSSP/smbval/valid.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,105 +0,0 @@ -#include -#include -#include -#include "smblib-priv.h" -#include "valid.h" - -SMB_Handle_Type SMB_Connect_Server(void *, char *, char *); - -int -Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN) -{ - int pass_is_precrypted_p = 0; - char *SMB_Prots[] = - { -/* "PC NETWORK PROGRAM 1.0", */ -/* "MICROSOFT NETWORKS 1.03", */ -/* "MICROSOFT NETWORKS 3.0", */ - "LANMAN1.0", - "LM1.2X002", - "Samba", -/* "NT LM 0.12", */ -/* "NT LANMAN 1.0", */ - NULL}; - SMB_Handle_Type con; - - SMB_Init(); - con = SMB_Connect_Server(NULL, SERVER, DOMAIN); - if (con == NULL) { /* Error ... */ - con = SMB_Connect_Server(NULL, BACKUP, DOMAIN); - if (con == NULL) { - return (NTV_SERVER_ERROR); - } - } - if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */ - SMB_Discon(con, 0); - return (NTV_PROTOCOL_ERROR); - } - /* Test for a server in share level mode do not authenticate against it */ - if (con->Security == 0) { - SMB_Discon(con, 0); - return (NTV_PROTOCOL_ERROR); - } - if (SMB_Logon_Server(con, USERNAME, PASSWORD, DOMAIN, pass_is_precrypted_p) < 0) { - SMB_Discon(con, 0); - return (NTV_LOGON_ERROR); - } - SMB_Discon(con, 0); - return (NTV_NO_ERROR); -} - -void * -NTLM_Connect(char *SERVER, char *BACKUP, char *DOMAIN, char *nonce) -{ - char *SMB_Prots[] = - { -/* "PC NETWORK PROGRAM 1.0", */ -/* "MICROSOFT NETWORKS 1.03", */ -/* "MICROSOFT NETWORKS 3.0", */ - "LANMAN1.0", - "LM1.2X002", - "Samba", -/* "NT LM 0.12", */ -/* "NT LANMAN 1.0", */ - NULL}; - SMB_Handle_Type con; - - SMB_Init(); - con = SMB_Connect_Server(NULL, SERVER, DOMAIN); - if (con == NULL) { /* Error ... */ - con = SMB_Connect_Server(NULL, BACKUP, DOMAIN); - if (con == NULL) { - return (NULL); - } - } - if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */ - SMB_Discon(con, 0); - return (NULL); - } - /* Test for a server in share level mode do not authenticate against it */ - if (con->Security == 0) { - SMB_Discon(con, 0); - return (NULL); - } - memcpy(nonce, con->Encrypt_Key, 8); - - return (con); -} - -int -NTLM_Auth(void *handle, char *USERNAME, char *PASSWORD, int flag) -{ - SMB_Handle_Type con = handle; - - if (SMB_Logon_Server(con, USERNAME, PASSWORD, NULL, flag) < 0) { - return (NTV_LOGON_ERROR); - } - return (NTV_NO_ERROR); -} - -void -NTLM_Disconnect(void *handle) -{ - SMB_Handle_Type con = handle; - SMB_Discon(con, 0); -} --- squid/ntlm_auth_modules/NTLMSSP/smbval/valid.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,15 +0,0 @@ -#ifndef _VALID_H_ -#define _VALID_H_ -/* SMB User verification function */ - -#define NTV_NO_ERROR 0 -#define NTV_SERVER_ERROR 1 -#define NTV_PROTOCOL_ERROR 2 -#define NTV_LOGON_ERROR 3 - -int Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN); -void *NTLM_Connect(char *SERVER, char *BACKUP, char *DOMAIN, char *nonce); -int NTLM_Auth(void *handle, char *USERNAME, char *PASSWORD, int flag); -void NTLM_Disconnect(void *handle); - -#endif --- squid/ntlm_auth_modules/fakeauth/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,80 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id: Makefile.in,v 1.1.2.1.2.2 2001/01/07 02:49:32 rbcollins Exp $ -# -# Uncomment and customize the following to suit your needs: -# - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -# Gotta love the DOS legacy -# -FAKEAUTH_AUTH_EXE = fakeauth_auth$(exec_suffix) - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -CRYPTLIB = @CRYPTLIB@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh - - -INCLUDE = -I. -I../../include -I$(top_srcdir)/include -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -AUTH_LIBS = -L../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) - -PROGS = $(FAKEAUTH_AUTH_EXE) -OBJS = fakeauth_auth.o - -all: $(FAKEAUTH_AUTH_EXE) - -$(OBJS): $(top_srcdir)/include/version.h - -$(FAKEAUTH_AUTH_EXE): $(OBJS) - $(CC) $(LDFLAGS) $(OBJS) -o $@ $(AUTH_LIBS) - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(bindir); then \ - echo "mkdir $(bindir)"; \ - mkdir $(bindir); \ - fi - -install: all install-mkdirs - @for f in $(PROGS); do \ - if test -f $(bindir)/$$f; then \ - echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(bindir); \ - $(INSTALL_BIN) $$f $(bindir); \ - if test -f $(bindir)/-$$f; then \ - echo $(RM) -f $(bindir)/-$$f; \ - $(RM) -f $(bindir)/-$$f; \ - fi; \ - done - -clean: - -rm -rf *.o *pure_* core $(PROGS) - -distclean: clean - -rm -f Makefile - -depend: - $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- squid/ntlm_auth_modules/fakeauth/fakeauth_auth.c Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,310 +0,0 @@ -/* - * - * AUTHOR: Robert Collins - * - * Example ntlm authentication program for Squid, based on the - * original proxy_auth code from client_side.c, written by - * Jon Thackray . and the inital ntlm code - * Andy Doran. - * - * This code gets the username and returns it. No validation is done. - * and by the way: it is a complete patch-up. Use the "real thing" NTLMSSP - * if you can. - */ - -#include "config.h" - -#include "ntlm.h" -#include "util.h" -#include - -#if HAVE_STDIO_H -#include -#endif -#if HAVE_STDLIB_H -#include -#endif -#if HAVE_UNISTD_H -#include -#endif -#if HAVE_STRING_H -#include -#endif -#if HAVE_CRYPT_H -#include -#endif -#if HAVE_PWD_H -#include -#endif - - -#define ERR "ERR\n" -#define OK "OK\n" - -#if 0 -#define NTLM_STATIC_CHALLENGE "deadbeef" -#endif -static char *authenticate_ntlm_domain = "LIFELESSWKS"; - -/* NTLM authentication by ad@netbsd.org - 07/1999 */ -/* XXX this is not done cleanly... */ - -/* makes a null-terminated string lower-case. Changes CONTENTS! */ -static void -lc(char *string) -{ - char *p = string, c; - while ((c = *p)) { - *p = tolower(c); - p++; - } -} - - -/* - * Generates a challenge request. The randomness of the 8 byte - * challenge strings can be guarenteed to be poor at best. - */ -void -ntlmMakeChallenge(struct ntlm_challenge *chal) -{ -#ifndef NTLM_STATIC_CHALLENGE - static unsigned hash; - int r; -#endif - char *d; - int i; - - memset(chal, 0, sizeof(*chal)); - memcpy(chal->hdr.signature, "NTLMSSP", 8); - chal->flags = WSWAP(0x00018206); - chal->hdr.type = WSWAP(NTLM_CHALLENGE); - chal->unknown[6] = SSWAP(0x003a); - - d = (char *) chal + 48; - i = 0; - - if (authenticate_ntlm_domain != NULL) - while (authenticate_ntlm_domain[i++]); - - - chal->target.offset = WSWAP(48); - chal->target.maxlen = SSWAP(i); - chal->target.len = chal->target.maxlen; - -#ifdef NTLM_STATIC_CHALLENGE - memcpy(chal->challenge, NTLM_STATIC_CHALLENGE, 8); -#else - r = (int) rand(); - r = (hash ^ r) + r; - - for (i = 0; i < 8; i++) { - chal->challenge[i] = r; - r = (r >> 2) ^ r; - } - - hash = r; -#endif -} - -/* - * Check the vailidity of a request header. Return -1 on error. - */ -int -ntlmCheckHeader(struct ntlmhdr *hdr, int type) -{ - /* - * Must be the correct security package and request type. The - * 8 bytes compared includes the ASCII 'NUL'. - */ - if (memcmp(hdr->signature, "NTLMSSP", 8) != 0) { - fprintf(stderr, "ntlmCheckHeader: bad header signature\n"); - return (-1); - } - if (type == NTLM_ANY) - return 0; - - if (WSWAP(hdr->type) != type) { -/* don't report this error - it's ok as we do a if() around this function */ -// fprintf(stderr, "ntlmCheckHeader: type is %d, wanted %d\n", - // WSWAP(hdr->type), type); - return (-1); - } - return (0); -} - -/* - * Extract a string from an NTLM request and return as ASCII. - */ -char * -ntlmGetString(ntlmhdr * hdr, strhdr * str, int flags) -{ - static char buf[512]; - u_short *s, c; - char *d, *sc; - int l, o; - - l = SSWAP(str->len); - o = WSWAP(str->offset); - - /* Sanity checks. XXX values arbitrarialy chosen */ - if (l <= 0 || l >= 32 || o >= 256) { - fprintf(stderr, "ntlmGetString: insane: l:%d o:%d\n", l, o); - return (NULL); - } - if ((flags & 2) == 0) { - /* UNICODE string */ - s = (u_short *) ((char *) hdr + o); - d = buf; - - for (l >>= 1; l; s++, l--) { - c = SSWAP(*s); - if (c > 254 || c == '\0' || !isprint(c)) { - fprintf(stderr, "ntlmGetString: bad uni: %04x\n", c); - return (NULL); - } - *d++ = c; - fprintf(stderr, "ntlmGetString: conv: '%c'\n", c); - } - - *d = 0; - } else { - /* ASCII string */ - sc = (char *) hdr + o; - d = buf; - - for (; l; l--) { - if (*sc == '\0' || !isprint(*sc)) { - fprintf(stderr, "ntlmGetString: bad ascii: %04x\n", *sc); - return (NULL); - } - *d++ = *sc++; - } - - *d = 0; - } - - return (buf); -} - -/* - * Decode the strings in an NTLM authentication request - */ -int -ntlmDecodeAuth(struct ntlm_authenticate *auth, char *buf, size_t size) -{ - char *p, *origbuf; - int s; - - if (!buf) { - return 1; - } - origbuf = buf; - if (ntlmCheckHeader(&auth->hdr, NTLM_AUTHENTICATE)) { - - fprintf(stderr, "ntlmDecodeAuth: header check fails\n"); - return -1; - } -/* only on when you need to debug - * fprintf(stderr,"ntlmDecodeAuth: size of %d\n", size); - * fprintf(stderr,"ntlmDecodeAuth: flg %08x\n", auth->flags); - * fprintf(stderr,"ntlmDecodeAuth: usr o(%d) l(%d)\n", auth->user.offset, auth->user.len); - */ - if ((p = ntlmGetString(&auth->hdr, &auth->domain, 2)) == NULL) - p = authenticate_ntlm_domain; -// fprintf(stderr,"ntlmDecodeAuth: Domain '%s'.\n",p); - if ((s = strlen(p) + 1) >= size) - return 1; - strcpy(buf, p); -// fprintf(stdout,"ntlmDecodeAuth: Domain '%s'.\n",buf); - - size -= s; - buf += (s - 1); - *buf++ = '\\'; /* Using \ is more consistent with MS-proxy */ - - p = ntlmGetString(&auth->hdr, &auth->user, 2); - if ((s = strlen(p) + 1) >= size) - return 1; - while (*p) - *buf++ = (*p++); //tolower - - *buf++ = '\0'; - size -= s; -// fprintf(stderr, "ntlmDecodeAuth: user: %s%s\n",origbuf, p); - - - return 0; -} - - -int -main() -{ - char buf[256]; - char user[256], *p, *cleartext; - struct ntlm_challenge chal; - int len; - char *data = NULL; - - setbuf(stdout, NULL); - while (fgets(buf, 256, stdin) != NULL) { - user[0] = '\0'; /*no usercode */ - - if ((p = strchr(buf, '\n')) != NULL) - *p = '\0'; /* strip \n */ -#if defined(NTLMHELPPROTOCOLV3) || !defined(NTLMHELPPROTOCOLV2) - if (strncasecmp(buf, "YR", 2) == 0) { - ntlmMakeChallenge(&chal); - len = - sizeof(chal) - sizeof(chal.pad) + - SSWAP(chal.target.maxlen); - data = (char *) base64_encode_bin((char *) &chal, len); - printf("TT %s\n", data); - } else if (strncasecmp(buf, "KK ", 3) == 0) { - cleartext = (char *) uudecode(buf + 3); - if (!ntlmCheckHeader((struct ntlmhdr *) cleartext, NTLM_AUTHENTICATE)) { - if (!ntlmDecodeAuth((struct ntlm_authenticate *) cleartext, user, 256)) { - lc(user); - printf("AF %s\n", user); - } else { - lc(user); - printf("NA invalid credentials%s\n", user); - } - } else { - lc(user); - printf("BH wrong packet type!%s\n", user); - } - } -#endif -#ifdef NTLMHELPPROTOCOLV2 -/* V2 of the protocol */ - if (strncasecmp(buf, "RESET", 5) == 0) { - printf("RESET OK\n"); - } else { - cleartext = (char *) uudecode(buf); - if (!ntlmCheckHeader((struct ntlmhdr *) cleartext, NTLM_NEGOTIATE)) { - ntlmMakeChallenge(&chal); - len = - sizeof(chal) - sizeof(chal.pad) + - SSWAP(chal.target.maxlen); - data = (char *) base64_encode_bin((char *) &chal, len); - printf("CH %s\n", data); - } else if (!ntlmCheckHeader - ((struct ntlmhdr *) cleartext, NTLM_AUTHENTICATE)) { - if (!ntlmDecodeAuth - ((struct ntlm_authenticate *) cleartext, user, 256)) { - lc(user); - printf("OK %s\n", user); - } else { - lc(user); - printf("ERR %s\n", user); - } - } else { - lc(user); - printf("ERR %s\n", user); - } - } -#endif /*v2 */ - } - exit(0); -} --- squid/ntlm_auth_modules/fakeauth/ntlm.h Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,105 +0,0 @@ -/* - * $Id: ntlm.h,v 1.1.2.3.2.3 2001/01/07 09:48:30 hno Exp $ - * - * AUTHOR: Andy Doran - * - * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ - * -------------------------------------------------------- - * - * Squid is the result of efforts by numerous individuals from the - * Internet community. Development is led by Duane Wessels of the - * National Laboratory for Applied Network Research and funded by - * the National Science Foundation. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - */ - -#ifndef _NTLM_H_ -#define _NTLM_H_ - -/* undefine this to have strict protocol adherence. You don't really need - * that though */ -#define IGNORANCE_IS_BLISS - -#include - -/* All of this cruft is little endian */ -#ifdef WORDS_BIGENDIAN -#define SSWAP(x) (bswap16((x))) -#define WSWAP(x) (bswap32((x))) -#else -#define SSWAP(x) (x) -#define WSWAP(x) (x) -#endif - -/* NTLM request types that we know about */ -#define NTLM_NEGOTIATE 1 -#define NTLM_CHALLENGE 2 -#define NTLM_AUTHENTICATE 3 -#define NTLM_ANY 0 - -/* Header proceeding each request */ -typedef struct ntlmhdr { - char signature[8]; /* NTLMSSP */ - int32_t type; /* One of NTLM_* from above */ -} ntlmhdr; - -/* String header. String data resides at the end of the request */ -typedef struct strhdr { - int16_t len; /* Length in bytes */ - int16_t maxlen; /* Allocated space in bytes */ - int32_t offset; /* Offset from start of request */ -} strhdr; - -/* Negotiation request sent by client */ -struct ntlm_negotiate { - ntlmhdr hdr; /* NTLM header */ - int32_t flags; /* Request flags */ - strhdr domain; /* Domain we wish to authenticate in */ - strhdr workstation; /* Client workstation name */ - char pad[256]; /* String data */ -}; - -/* Challenge request sent by server. */ -struct ntlm_challenge { - ntlmhdr hdr; /* NTLM header */ - strhdr target; /* Authentication target (domain/server ...) */ - int32_t flags; /* Request flags */ - u_char challenge[8]; /* Challenge string */ - int16_t unknown[8]; /* Some sort of context data */ - char pad[256]; /* String data */ -}; - -/* Authentication request sent by client in response to challenge */ -struct ntlm_authenticate { - ntlmhdr hdr; /* NTLM header */ - strhdr lmresponse; /* LANMAN challenge response */ - strhdr ntresponse; /* NT challenge response */ - strhdr domain; /* Domain to authenticate against */ - strhdr user; /* Username */ - strhdr workstation; /* Workstation name */ - strhdr sessionkey; /* Session key for server's use */ - int32_t flags; /* Request flags */ - char pad[256 * 6]; /* String data */ -}; - -char *ntlmGetString(ntlmhdr * hdr, strhdr * str, int flags); -void ntlmMakeChallenge(struct ntlm_challenge *chal); -int ntlmCheckHeader(struct ntlmhdr *hdr, int type); -int ntlmCheckNegotiation(struct ntlm_negotiate *neg); -int ntlmAuthenticate(struct ntlm_authenticate *neg); - -#endif /* _NTLM_H_ */ --- squid/ntlm_auth_modules/no_check/Makefile.in Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,80 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id: Makefile.in,v 1.1.2.1.2.2 2001/01/07 02:49:32 rbcollins Exp $ -# -# Uncomment and customize the following to suit your needs: -# - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -exec_suffix = @exec_suffix@ -top_srcdir = @top_srcdir@ -bindir = @bindir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -# Gotta love the DOS legacy -# -NO_CHECK = no_check - -CC = @CC@ -MAKEDEPEND = @MAKEDEPEND@ -INSTALL = @INSTALL@ -INSTALL_BIN = @INSTALL_PROGRAM@ -CRYPTLIB = @CRYPTLIB@ -AC_CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ -XTRA_LIBS = @XTRA_LIBS@ -XTRA_OBJS = @XTRA_OBJS@ -MV = @MV@ -RM = @RM@ -SHELL = /bin/sh - - -INCLUDE = -I. -I../../include -I$(top_srcdir)/include -CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) -AUTH_LIBS = -L../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) - -PROGS = $(NO_CHECK).pl -OBJS = $(NO_CHECK) - -all: $(PROGS) - -#$(OBJS): - -$(NO_CHECK).pl: $(OBJS) - cp $(srcdir)/$(NO_CHECK) ./$(NO_CHECK).pl - -install-mkdirs: - -@if test ! -d $(prefix); then \ - echo "mkdir $(prefix)"; \ - mkdir $(prefix); \ - fi - -@if test ! -d $(bindir); then \ - echo "mkdir $(bindir)"; \ - mkdir $(bindir); \ - fi - -install: all install-mkdirs - @for f in $(PROGS); do \ - if test -f $(bindir)/$$f; then \ - echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - $(MV) $(bindir)/$$f $(bindir)/-$$f; \ - fi; \ - echo $(INSTALL_BIN) $$f $(bindir); \ - $(INSTALL_BIN) $$f $(bindir); \ - if test -f $(bindir)/-$$f; then \ - echo $(RM) -f $(bindir)/-$$f; \ - $(RM) -f $(bindir)/-$$f; \ - fi; \ - done - -clean: - -rm -rf *.o *pure_* core $(PROGS) - -distclean: clean - -rm -f Makefile - -depend: - $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- squid/ntlm_auth_modules/no_check/README.no_check_ntlm_auth Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,10 +0,0 @@ -This is a dummy NTLM authentication module for Squid. -It performs the NTLM challenge, but then it doesn't verify the -user's credentials, it just takes the client's domain and username -at face value. -It's included mostly for demonstration purposes. - -(C) 2000 Francesco Chemolli -Distributed freely under the terms of the GNU General Public License, -version 2. For the licensing terms, see the file COPYING that -came with Squid. --- squid/ntlm_auth_modules/no_check/no_check Wed Feb 14 00:48:19 2007 +++ /dev/null Wed Feb 14 00:45:56 2007 @@ -1,210 +0,0 @@ -#!/usr/bin/perl -# (C) 2000 Francesco Chemolli -# -# TODO: use command-line arguments - -#use MIME::Base64; - -$|=1; -#$authdomain="your_domain_goes_here"; -$challenge="deadbeef"; - -$authdomain=$ARGV[0] if ($#ARGV >=0); - -die ("Edit $0 to configure a domain!") unless (defined($authdomain)); - -while() { - chop; - if ($_ eq "YR") { - print "TT ".encode_base64(&make_ntlm_static_challenge); - next; - } - $got=substr($_,3); - %res=decode_ntlm_any(decode_base64($got)); -# print STDERR "got: ".hash_to_string(%res); - if (!res) { # broken NTLM, deny - print "BH Couldn't decode NTLM packet\n"; - next; - } - if ($res{type} eq "negotiate") { # ok, send a challenge - print "BH Squid-helper protocol error: unexpected negotiate-request\n"; - next; - } - if ($res{type} eq "challenge") { # Huh? WE are the challengers. - print "BH Squid-helper protocol error: unexpected challenge-request\n"; - next; - } - if ($res{type} eq "authentication") { - print "AF $res{domain}\\$res{user}\n"; - next; - } - print "BH internal error\n"; # internal error -} - - -sub make_ntlm_static_challenge { - $rv = pack ("a8 V", "NTLMSSP", 0x2); - $payload = ""; - - $rv .= add_to_data(uc($authdomain),\$payload); - $rv .= pack ("V Z8 v8", 0x18206, $challenge,0,0,0,0,0,0,0x3a,0); - #flags, challenge, 8 bytes of unknown stuff - - return $rv.$payload; -} - -#gets as argument the decoded authenticate packet. -#returns either undef (failure to decode) or an hash with the decoded -# fields. -sub decode_ntlm_authentication { - my ($got)=$_[0]; - my ($signature, $type, %rv, $hdr, $rest); - ($signature, $type, $rest) = unpack ("a8 V a*",$got); - return unless ($signature eq "NTLMSSP\0"); - return unless ($type == 0x3); - $rv{type}="authentication"; - ($hdr, $rest) = unpack ("a8 a*", $rest); - $rv{lmresponse}=get_from_data($hdr,$got); - ($hdr, $rest) = unpack ("a8 a*", $rest); - $rv{ntresponse}=get_from_data($hdr,$got); - ($hdr, $rest) = unpack ("a8 a*", $rest); - $rv{domain}=get_from_data($hdr,$got); - ($hdr, $rest) = unpack ("a8 a*", $rest); - $rv{user}=get_from_data($hdr,$got); - ($hdr, $rest) = unpack ("a8 a*", $rest); - $rv{workstation}=get_from_data($hdr,$got); - ($hdr, $rest) = unpack ("a8 a*", $rest); - $rv{sessionkey}=get_from_data($hdr,$got); - $rv{flags}=unpack("V",$rest); - return %rv; -} - -#args: len, maxlen, offset -sub make_ntlm_hdr { - return pack ("v v V", @_); -} - -#args: string to add, ref to payload -# returns ntlm header. -sub add_to_data { - my ($toadd, $pl) = @_; - my ($offset); -# $toadd.='\0' unless ($toadd[-1]=='\0'); #broken - $offset=48+length $pl; #48 is the length of the header - $$pl.=$toadd; - return make_ntlm_hdr (length $toadd, length $toadd, $offset); -} - -#args: encoded descriptor, entire decoded packet -# returns the decoded data -sub get_from_data { - my($desc,$packet) = @_; - my($offset,$length, $rv); - ($length, undef, $offset) = unpack ("v v V", $desc); - return unless ($length+$offset <= length $packet); - $rv = unpack ("x$offset a$length",$packet); - return $rv; -} - -sub hash_to_string { - my (%hash) = @_; - my ($rv); - foreach (sort keys %hash) { - $rv.=$_." => ".$hash{$_}."\n"; - } - return $rv; -} - - -#more decoder functions, added more for debugging purposes -#than for any real use in the application. -#args: the base64-decoded packet -#returns: either undef or an hash describing the packet. -sub decode_ntlm_negotiate { - my($got)=$_[0]; - my($signature, $type, %rv, $hdr, $rest); - ($signature, $type, $rest) = unpack ("a8 V a*",$got); - return unless ($signature eq "NTLMSSP\0"); - return unless ($type == 0x1); - $rv{type}="negotiate"; - ($rv{flags}, $rest)=unpack("V a*",$rest); - ($hdr, $rest) = unpack ("a8 a*", $rest); - $rv{domain}=get_from_data($hdr,$got); - ($hdr, $rest) = unpack ("a8 a*", $rest); - $rv{workstation}=get_from_data($hdr,$got); - return %rv; -} - -sub decode_ntlm_challenge { - my($got)=$_[0]; - my($signature, $type, %rv, $hdr, $rest, $j); - ($signature, $type, $rest) = unpack ("a8 V a*",$got); - return unless ($signature eq "NTLMSSP\0"); - return unless ($type == 0x2); - $rv{type}="challenge"; - ($rv{flags}, $rest)=unpack("V a*",$rest); - ($rv{challenge}, $rest)=unpack("a8 a*",$rest); - for ($j=0;$j<8;$j++) { # don't shoot on the programmer, please. - ($rv{"context.$j"},$rest)=unpack("v a*",$rest); - } - return %rv; -} - -#decodes any NTLMSSP packet. -#arg: the encoded packet, returns an hash with packet info -sub decode_ntlm_any { - my($got)=$_[0]; - my ($signature, $type); - ($signature, $type, undef) = unpack ("a8 V a*",$got); - return unless ($signature eq "NTLMSSP\0"); - return decode_ntlm_negotiate($got) if ($type == 1); - return decode_ntlm_challenge($got) if ($type == 2); - return decode_ntlm_authentication($got) if ($type == 3); - return undef; # default -} - - -use integer; - -sub encode_base64 ($;$) -{ - my $res = ""; - my $eol = $_[1]; - $eol = "\n" unless defined $eol; - pos($_[0]) = 0; # ensure start at the beginning - while ($_[0] =~ /(.{1,45})/gs) { - $res .= substr(pack('u', $1), 1); - chop($res); - } - $res =~ tr|` -_|AA-Za-z0-9+/|; # `# help emacs - # fix padding at the end - my $padding = (3 - length($_[0]) % 3) % 3; - $res =~ s/.{$padding}$/'=' x $padding/e if $padding; - # break encoded string into lines of no more than 76 characters each - if (length $eol) { - $res =~ s/(.{1,76})/$1$eol/g; - } - $res; -} - - -sub decode_base64 ($) -{ - local($^W) = 0; # unpack("u",...) gives bogus warning in 5.00[123] - - my $str = shift; - my $res = ""; - - $str =~ tr|A-Za-z0-9+=/||cd; # remove non-base64 chars - if (length($str) % 4) { - require Carp; - Carp::carp("Length of base64 data not a multiple of 4") - } - $str =~ s/=+$//; # remove padding - $str =~ tr|A-Za-z0-9+/| -_|; # convert to uuencoded format - while ($str =~ /(.{1,60})/gs) { - my $len = chr(32 + length($1)*3/4); # compute length byte - $res .= unpack("u", $len . $1 ); # uudecode - } - $res; -} Index: squid/src/auth/basic/Makefile.in =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/basic/Attic/Makefile.in,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- squid/src/auth/basic/Makefile.in 7 Jan 2001 00:24:26 -0000 1.1.2.2 +++ squid/src/auth/basic/Makefile.in 7 Jan 2001 14:52:24 -0000 1.1.2.3 @@ -6,6 +6,9 @@ AUTH = basic +SUBDIRS = helpers + + top_srcdir = @top_srcdir@ VPATH = @srcdir@ @@ -26,6 +29,11 @@ all: $(OUT) + @for dir in $(SUBDIRS); do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) all" || exit 1; \ + fi; \ + done; $(OUT): $(OBJS) @rm -f ../stamp @@ -40,11 +48,21 @@ clean: -rm -rf *.o *pure_* core ../$(AUTH).a + -for dir in *; do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) clean"; \ + fi; \ + done distclean: clean -rm -f Makefile -rm -f Makefile.bak -rm -f tags + -for dir in *; do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) distclean"; \ + fi; \ + done install: --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/Makefile.in Wed Feb 14 00:48:19 2007 @@ -0,0 +1,38 @@ +# Makefile for storage modules in the Squid Object Cache server +# +# $Id$ +# + +# The 'nop' is in the SUBDIRS list because some Unixes that can't +# handle empty for lists. + +SUBDIRS = @AUTH_BASIC_HELPERS@ nop + +all: + @for dir in $(SUBDIRS); do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) all" || exit 1; \ + fi; \ + done; + +clean: + -for dir in *; do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) clean"; \ + fi; \ + done + +distclean: + -rm -f Makefile + -for dir in *; do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) distclean"; \ + fi; \ + done + +.DEFAULT: + @for dir in $(SUBDIRS); do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) $@" || exit 1; \ + fi; \ + done; --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/LDAP/Makefile.in Wed Feb 14 00:48:19 2007 @@ -0,0 +1,76 @@ + +OBJS = squid_ldap_auth.o +LIBS = -lldap -llber +LDAP_EXE = squid_ldap_auth + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +cgi_suffix = @cgi_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +libexecdir = @libexecdir@ +sysconfdir = @sysconfdir@ +localstatedir = @localstatedir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +INSTALL_FILE = @INSTALL_DATA@ +INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 +RANLIB = @RANLIB@ +LN_S = @LN_S@ +PERL = @PERL@ +CRYPTLIB = @CRYPTLIB@ +REGEXLIB = @REGEXLIB@ +PTHREADLIB = @PTHREADLIB@ +MALLOCLIB = @LIB_MALLOC@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +MV = @MV@ +RM = @RM@ +SHELL = /bin/sh + + +all: $(LDAP_EXE) + +$(LDAP_EXE): $(OBJS) + $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(XTRA_LIBS) + +install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ + mkdir $(prefix); \ + fi + -@if test ! -d $(libexecdir); then \ + echo "mkdir $(libexecdir)"; \ + mkdir $(libexecdir); \ + fi + +# Michael Lupp wants to know about additions +# to the install target. +install: all install-mkdirs + @for f in $(LDAP_EXE); do \ + if test -f $(libexecdir)/$$f; then \ + echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ + $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(libexecdir); \ + $(INSTALL_BIN) $$f $(libexecdir); \ + if test -f $(libexecdir)/-$$f; then \ + echo $(RM) -f $(libexecdir)/-$$f; \ + $(RM) -f $(libexecdir)/-$$f; \ + fi; \ + done + +clean: + -$(RM) -f $(OBJS) + -$(RM) -f $(LDAP_EXE) + +distclean: clean + -$(RM) -f Makefile --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/LDAP/README Wed Feb 14 00:48:19 2007 @@ -0,0 +1,8 @@ +This LDAP Authentication code is written by Glen Newton +. + +Please see his Web page at: +http://orca.cisti.nrc.ca/~gnewton/opensource/squid_ldap_auth/ + +In order to use squid_ldap_auth, you will also need to install +the OpenLDAP libraries (ldap lber) from http://www.openldap.org. --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/LDAP/squid_ldap_auth.c Wed Feb 14 00:48:19 2007 @@ -0,0 +1,97 @@ +/* + * + * squid_ldap_auth: authentication via ldap for squid proxy server + * + * Author: Glen Newton + * glen.newton@nrc.ca + * Advanced Services + * CISTI + * National Research Council + * + * Usage: squid_ldap_auth + * + * Dependencies: You need to get the OpenLDAP libraries + * from http://www.openldap.org + * + * License: squid_ldap_auth is free software; you can redistribute it + * and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2, + * or (at your option) any later version. + */ + +#include +#include +#include +#include +#include + +/* Change this to your search base */ +#define SEARCHBASE "ou=people,o=nrc.ca" + +int checkLDAP(LDAP * ld, char *userid, char *password); + +int +main(int argc, char **argv) +{ + char buf[256]; + char *user, *passwd, *p; + char *ldapServer; + LDAP *ld; + LDAPMessage *result, *e; + + setbuf(stdout, NULL); + + if (argc != 2) { + fprintf(stderr, "Usage: squid_ldap_auth ldap_server_name\n"); + exit(1); + } + ldapServer = (char *) argv[1]; + + while (fgets(buf, 256, stdin) != NULL) { + /* You can put this ldap connect outside the loop, but i didn't want to + * have the connection open too much. If you have a site which will + * be doing >1 authentication per second, you should move this (and the + * below ldap_unbind()) outside the loop. + */ + if ((ld = ldap_init(ldapServer, LDAP_PORT)) == NULL) { + fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", + ldapServer, LDAP_PORT); + exit(1); + } + if ((p = strchr(buf, '\n')) != NULL) + *p = '\0'; /* strip \n */ + + if ((user = strtok(buf, " ")) == NULL) { + printf("ERR\n"); + continue; + } + if ((passwd = strtok(NULL, "")) == NULL) { + printf("ERR\n"); + continue; + } + if (checkLDAP(ld, user, passwd) != 0) { + printf("ERR\n"); + continue; + } else { + printf("OK\n"); + } + ldap_unbind(ld); + } +} + + + +int +checkLDAP(LDAP * ld, char *userid, char *password) +{ + char str[256]; + + /*sprintf(str,"uid=[%s][%s], %s",userid, password, SEARCHBASE); */ + sprintf(str, "uid=%s, %s", userid, SEARCHBASE); + + if (ldap_simple_bind_s(ld, str, password) != LDAP_SUCCESS) { + /*fprintf(stderr, "\nUnable to bind\n"); */ + return 33; + } + return 0; +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/COPYING-2.0 Wed Feb 14 00:48:19 2007 @@ -0,0 +1,341 @@ + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 675 Mass Ave, Cambridge, MA 02139, USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + Appendix: How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. + --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/Makefile.in Wed Feb 14 00:48:19 2007 @@ -0,0 +1,98 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id$ +# +# Uncomment and customize the following to suit your needs: +# + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +cgi_suffix = @cgi_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +libexecdir = @libexecdir@ +sysconfdir = @sysconfdir@ +localstatedir = @localstatedir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +# Gotta love the DOS legacy +# +AUTH_EXE = msnt_auth$(exec_suffix) + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +INSTALL_FILE = @INSTALL_DATA@ +INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 +RANLIB = @RANLIB@ +LN_S = @LN_S@ +PERL = @PERL@ +CRYPTLIB = @CRYPTLIB@ +REGEXLIB = @REGEXLIB@ +PTHREADLIB = @PTHREADLIB@ +SNMPLIB = @SNMPLIB@ +MALLOCLIB = @LIB_MALLOC@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +MV = @MV@ +RM = @RM@ +SHELL = /bin/sh +DEFINES = + +INCLUDE = -I. -I../../../../../include -I$(top_srcdir)/include +CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) +AUTH_LIBS = $(XTRA_LIBS) + +LIBPROGS = $(AUTH_EXE) +OBJS = md4.o rfcnb-io.o rfcnb-util.o session.o msntauth.o \ + smbdes.o smbencrypt.o smblib-util.o smblib.o \ + valid.o denyusers.o allowusers.o confload.o + +all: $(AUTH_EXE) + +$(AUTH_EXE): $(OBJS) + $(CC) $(LDFLAGS) $(OBJS) -o $@ $(AUTH_LIBS) + +install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ + mkdir $(prefix); \ + fi + -@if test ! -d $(libexecdir); then \ + echo "mkdir $(libexecdir)"; \ + mkdir $(libexecdir); \ + fi + +# Michael Lupp wants to know about additions +# to the install target. +install: all install-mkdirs + @for f in $(LIBPROGS); do \ + if test -f $(libexecdir)/$$f; then \ + echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ + $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(libexecdir); \ + $(INSTALL_BIN) $$f $(libexecdir); \ + if test -f $(libexecdir)/-$$f; then \ + echo $(RM) -f $(libexecdir)/-$$f; \ + $(RM) -f $(libexecdir)/-$$f; \ + fi; \ + done + +clean: + -rm -rf *.o *.a *pure_* core $(LIBPROGS) + +distclean: clean + -rm -f Makefile + +tags: + ctags *.[ch] + +depend: + $(MAKEDEPEND) -fMakefile *.c --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/README.html Wed Feb 14 00:48:19 2007 @@ -0,0 +1,317 @@ + + +MSNTAUTH readme + + + + + +

+MSNT Auth v2.0.1
+Squid web proxy Authentication module
+Antonino Iannella, Stellar-X Pty Ltd
+Fri Sep 29 15:53:33 CST 2000 +

+ +

Contents

+ + + +

Introduction

+ +

+This is an authentication module for the Squid proxy server +to authenticate users on an NT domain. + +

+It originates from the Samba and SMB packages by Andrew Tridgell +and Richard Sharpe. This version is sourced from the Pike +authentication module by William Welliver (hwellive@intersil.com). + +

+Usage is simple. It accepts a username and password on standard input +and will return OK if the username/password is valid for the domain, +or ERR if there was some problem. +Check syslog messages for reported problems. + +

+Msntauth is released under the GNU General Public License and +is available from http://stellarx.tripod.com. + +

Installation

+ +

+Make any changes to the source code you need. + +

+Type 'make', then 'make install', then 'make clean'. + +

+To avoid using the makefile, it may compile with + + gcc -O2 -s -o msntauth *.c + +

+'Make install' will put 'msntauth' into +/usr/local/squid/bin by default. + +

+Hopefully nobody has problems compiling msntauth. +In the future I plan to use GNU automake. + +

Other compiling issues

+ +

+The Makefile uses the GCC compiler, and assumes that it is in the current PATH. +Msntauth is known to compile properly on Redhat Linux 6, and FreeBSD 3.1 +without problems. Other operating systems are untested, +but use a recent copy of the GNU C compiler. +Smbencrypt.c has the '#include ' line commented out. +Remove the comment for S5R4 systems, like Solaris. + +

+When compiling under Solaris, the socket libraries must be linked to. +In the Makefile, hash the default CFLAGS line, and unhash the Solaris +CFLAGS line. It always helps to have /usr/ccs/bin in your path +prior to compiling. + +

Configuration file

+ +

+Msntauth uses a configuration file which is a break from previous +releases. The file is /usr/local/squid/etc/msntauth.conf. +If this needs to be changed, it is defined in confload.h. + +

+An example configuration file is provided. It looks like + +

+# Sample MSNT authenticator configuration file
+# Antonino Iannella, Stellar-X Pty Ltd
+# Tue Sep 26 17:26:59 CST 2000
+
+server my_PDC           my_BDC          my_NTdomain
+server other_PDC        other_BDC       otherdomain
+
+denyusers       /usr/local/squid/etc/denyusers
+allowusers      /usr/local/squid/etc/allowusers
+
+ +

+All comments start with '#'. + +

+NT servers are used to query user accounts. The 'server' lines +are used for this, with the PDC, BDC, and NT domain as parameters. +Up to 5 servers/domains can be queried. If this is not enough +modify the MAXSERVERS define in confload.h. +At least one server must be specified, or msntauth will not +run. + +

+When a user provides a username/password, each of these +servers will be queried to authenticate the username. +It stops after a user has been successfully authenticated, +so it makes sense to specify the most commonly queried +server first. Make sure the servers can be reached and +are active, or else msntauth will start failing user accounts! + +

+The 'denyusers' and 'allowusers' lines give the absolute path +to files of user accounts. They can be used to deny or allow +access to the proxy. Do not use these directives if you +do not need these features. + +

Denying users

+ +

+Users who are not allowed to access the web proxy can be added to +the denied user list. This list is read around every minute, or when +the msntauth process receives a SIGHUP signal. + +

+The denied user file is set using the 'denyusers' directive +in msntauth.h. The denied user file +contains a list of usernames in no particular structure or form. +If the file does not exist, no users are denied. +The file must be readable by the web proxy user. + +

+Msntauth will send syslog messages if a user was denied, +at LOG_USER facility. + +

Allowing users

+ +

+Similar to denying users, you can allow users to access the proxy +by username. This is useful if only a number of people are +allowed supposed to be accessing a proxy. + +

+The allowed user file is set using the 'allowusers' directive +in msntauth.h. +If the file does not exist or if empty, all users are allowed. + +

+You could make use of the SHOWMBRS tool in Microsoft Technet. +This gives you a list of users which are in a particular +NT Domain Group. This list can be made into the allowed users +file. + +

+Some other rules - + +

    +
  1. The operation of the denied user file is independent of the +allowed user file. The former file is checked first. +
  2. You can use none, one, or both files. +
  3. If a username appears in the denied user file, they will +be denied, even if they are in the allowed user file. +
  4. If a username is not in either file, they will be denied, +because they have not been allowed. +
  5. If the allowed user file is in use and is empty, all +users will be allowed. +
+ +

+Hopefully this wasn't too confusing. + +

Squid.conf changes

+ +

+Refer to Squid documentation for the required changes to squid.conf. +You will need to set the following lines to enable authentication for +your access list - + +

+  acl  proxy_auth REQUIRED
+  http_access allow password
+  http_access allow 
+  http_access deny all
+
+
+ +

+You will also need to review the following directives - + +

+  proxy_auth_realm enterprise web gateway
+  authenticate_program /usr/local/squid/bin/msntauth
+  authenticate_ttl 5
+  authenticate_children 20
+
+ +

Testing

+ +

+I strongly urge that Msntauth is tested prior to being used in a +production environment. It may behave differently on different platforms. +To test it, run it from the command line. Enter username and password +pairs separated by a space. + +

+It should behave in the following way - +

+ - Press ENTER to get an OK or ERR message.
+ - Make sure pressing CTRL-D behaves the same as a carriage return.
+ - Make sure pressing CTRL-C aborts the program.
+ - Test that entering no details does not result in an OK or ERR message.
+ - Test that entering an invalid username and password results in
+   an ERR message. Note that if NT guest user access is allowed on
+   the PDC, an OK message may be returned instead of ERR.
+ - Test that entering an valid username and password results in an OK message.
+   Try usernames which are and aren't in the denied/allowed user files,
+   if they're in use.
+ - Test that entering a guest username and password returns the correct response.
+
+ +

+If the above didn't work as expected, you may need to modify the main() +function in msntauth.c. Inform the maintainer of any problems. + +

Contact details

+ +

+To contact the maintainer of this package, email Antonino Iannella +at antonino@usa.net, antonino.iannella@usa.net, or +antonino.iannella@camtech.com.au. + +

+The latest version may be found on http://members.tripod.com/stellarx. +It is also distributed as part of Squid. + +

Reported problem

+ +

+For an unknown username, Msntauth returns OK. +This is because the PDC returns guest access for unknown users, +even if guest access is disabled. +This problem was reported by Mr Vadim Popov (vap@iilsr.minsk.by). +I am not able to replicate this. + +

+The tested environment consisted of PDC on Windows NT 4, SP 6. +Squid 2.3 and Msntauth was tested on SuSe, RedHat, and Debian Linux. +A fix was provided in case you have this problem. +Apply the provided patch before compiling, using + +

+  patch smblib.c < smblib.c.patch
+
+ +

Known limitation

+ +

+Usernames are checked if they are allowed or denied. If a username +is found as a substring of a different username in these files, +the user will be affected somehow. For example, if 'jpeterman' has +been explicitly denied in the denyusers file, then 'jpeter' who +is trying to use the proxy, will be denied. If this causes anyone +any problems, then I'll fix it. + +

+As of version 2.0.1, this problem has been fixed. + +

Changes since last revision

+ +

+The following list of changes have been made to improve msntauth. +I have not had a chance to do too much testing due +to lack of resources. There should be no problems, though. + +

    +
  • Added many patches from Duane Wessels to stop compilation errors (?) +
  • Improved the main() function yet again +
  • Created a more informative Makefile +
  • Added an 'allowed users' feature to complement the 'denied users' feature +
  • Stopped the use of alarm() which was causing problems under Solaris +
  • Added more syslog messages for authentication problems +
  • Added the use of a configuration file, instead of hard-coding NT server details +
  • Allowed for querying multiple NT servers and domains (this was a hot issue) +
  • Changed README into an HTML document to improve readability +
  • Didn't make use of GNU autoconf. I will in future, I promise. +
  • Removed denied/allowed username substring search limitation. +
+ +

+Hopefully msntauth and Squid is now a more valuable product. +Feel free to send me success or problem stories. + + + --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/allowusers.c Wed Feb 14 00:48:19 2007 @@ -0,0 +1,192 @@ + +/* + * allowusers.c + * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd + * Released under GPL, see COPYING-2.0 for details. + * + * These routines are to allow users attempting to use the proxy which + * have been explicitly allowed by the system administrator. + * The code originated from denyusers.c. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define NAMELEN 50 /* Maximum username length */ + +/* Global variables */ + +char *AllowedUsers; /* Pointer to string of allowed users */ +off_t AllowUserSize; /* Size of allowed users file */ +struct stat FileBuf; /* Stat data buffer */ +time_t LastModTime; /* Last allowed user file modification time */ + +char Allowuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */ + +/* Function declarations */ + +int Read_allowusers(); +int Check_ifuserallowed(char *); +void Checkforchange(); +void Checktimer(); + +/* + * Reads the allowed users file for all users to be permitted. + * Returns 0 if the user list was successfully loaded, + * and 1 in case of error. + * Logs any messages to the syslog daemon. + */ + +int +Read_allowusers() +{ + FILE *AFile; /* Allowed users file pointer */ + off_t APos = 0; /* File counter */ + char AChar; /* Character buffer */ + + /* Stat the file. If it does not exist, save the size as zero. + * Clear the allowed user string. Return. */ + if (stat(Allowuserpath, &FileBuf) == -1) { + if (errno == ENOENT) { + LastModTime = (time_t) 0; + AllowUserSize = 0; + free(AllowedUsers); + AllowedUsers = malloc(sizeof(char)); + AllowedUsers[0] = '\0'; + return 0; + } else { + syslog(LOG_USER | LOG_ERR, strerror(errno)); + return 1; + } + } + /* If it exists, save the modification time and size */ + LastModTime = FileBuf.st_mtime; + AllowUserSize = FileBuf.st_size; + + /* Handle the special case of a zero length file */ + if (AllowUserSize == 0) { + free(AllowedUsers); + AllowedUsers = malloc(sizeof(char)); + AllowedUsers[0] = '\0'; + return 0; + } + /* Free and allocate space for a string to store the allowed usernames */ + free(AllowedUsers); + + if ((AllowedUsers = malloc(sizeof(char) * (AllowUserSize + 3))) == NULL) { + syslog(LOG_USER | LOG_ERR, "Read_allowusers: malloc(AllowedUsers) failed."); + return 1; + } + /* Open the allowed users file. Report any errors. */ + + if ((AFile = fopen(Allowuserpath, "r")) == NULL) { + syslog(LOG_USER | LOG_ERR, "Read_allowusers: Failed to open allowed user file."); + syslog(LOG_USER | LOG_ERR, strerror(errno)); + return 1; + } + /* Read user names into the AllowedUsers string. + * Make sure each string is delimited by a space. */ + + AllowedUsers[APos++] = ' '; + + while (!feof(AFile)) { + if ((AChar = fgetc(AFile)) == EOF) + break; + else { + if (isspace(AChar)) + AllowedUsers[APos++] = ' '; + else + AllowedUsers[APos++] = toupper(AChar); + } + } + + AllowedUsers[APos++] = ' '; + AllowedUsers[APos] = '\0'; + fclose(AFile); + return 0; +} + +/* + * Check to see if the username provided by Squid appears in the allowed + * user list. Returns 0 if the user was not found, and 1 if they were. + */ + +int +Check_ifuserallowed(char *ConnectingUser) +{ + static char CUBuf[NAMELEN + 1]; + static int x; + static char AllowMsg[256]; + + /* If user string is empty, allow */ + if (ConnectingUser[0] == '\0') + return 1; + + /* If allowed user list is empty, allow all users. + * If no users are supposed to be using the proxy, stop squid instead. */ + if (AllowUserSize == 0) + return 1; + + /* Check if username string is found in the allowed user list. + * If so, allow. If not, deny. Reconstruct the username + * to have whitespace, to avoid finding wrong string subsets. */ + + sscanf(ConnectingUser, " %s ", CUBuf); + sprintf(CUBuf, " %s ", CUBuf); + + for (x = 0; x <= strlen(CUBuf); x++) + CUBuf[x] = toupper(CUBuf[x]); + + if (strstr(AllowedUsers, CUBuf) != NULL) + return 1; + else { /* If NULL, they are not allowed to use the proxy */ + sprintf(AllowMsg, "Denied access to user '%s'.", CUBuf); + syslog(LOG_USER | LOG_ERR, AllowMsg); + return 0; + } +} + +/* + * Checks if there has been a change in the allowed users file. + * If the modification time has changed, then reload the allowed user list. + * This function is called by the SIGHUP signal handler. + */ + +void +Check_forallowchange() +{ + struct stat ChkBuf; /* Stat data buffer */ + + /* Stat the allowed users file. If it cannot be accessed, return. */ + + if (stat(Allowuserpath, &ChkBuf) == -1) { + if (errno == ENOENT) { + LastModTime = (time_t) 0; + AllowUserSize = 0; + free(AllowedUsers); + AllowedUsers = malloc(sizeof(char)); + AllowedUsers[0] = '\0'; + return; + } else { /* Report error when accessing file */ + syslog(LOG_USER | LOG_ERR, strerror(errno)); + return; + } + } + /* If found, compare the modification time with the previously-recorded + * modification time. + * If the modification time has changed, reload the allowed user list. + * Log a message of its actions. */ + + if (ChkBuf.st_mtime != LastModTime) { + syslog(LOG_USER | LOG_INFO, "Check_forallowchange: Reloading allowed user list."); + Read_allowusers(); + } +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/byteorder.h Wed Feb 14 00:48:19 2007 @@ -0,0 +1,87 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * SMB Byte handling + * Copyright (C) Andrew Tridgell 1992-1995 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _BYTEORDER_H_ +#define _BYTEORDER_H_ + +/* + * This file implements macros for machine independent short and + * int manipulation + */ + +#undef CAREFUL_ALIGNMENT + +/* we know that the 386 can handle misalignment and has the "right" + * byteorder */ +#ifdef __i386__ +#define CAREFUL_ALIGNMENT 0 +#endif + +#ifndef CAREFUL_ALIGNMENT +#define CAREFUL_ALIGNMENT 1 +#endif + +#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) +#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) +#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) + +typedef unsigned short uint16; +typedef unsigned int uint32; + +#if CAREFUL_ALIGNMENT +#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) +#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) +#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) +#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) +#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) +#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) +#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) +#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) +#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) +#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) +#else +/* this handles things for architectures like the 386 that can handle + * alignment errors */ +/* + * WARNING: This section is dependent on the length of int16 and int32 + * being correct + */ +#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) +#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) +#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) +#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) +#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) +#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) +#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) +#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) +#endif + + +/* now the reverse routines - these are used in nmb packets (mostly) */ +#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) +#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) + +#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) +#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) +#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) +#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) + +#endif /* _BYTEORDER_H_ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/confload.c Wed Feb 14 00:48:19 2007 @@ -0,0 +1,235 @@ + +/* + * confload.c + * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd + * Released under GPL, see COPYING-2.0 for details. + * + * These routines load the msntauth configuration file. + * It stores the servers to query, sets the denied and + * allowed user files, and provides the + * authenticating function. + */ + +#include +#include +#include +#include +#include +#include + +#define CONFIGFILE "/usr/local/squid/etc/msntauth.conf" /* Path to configuration file */ +#define DENYUSERSDEFAULT "/usr/local/squid/etc/denyusers" +#define ALLOWUSERSDEFAULT "/usr/local/squid/etc/allowusers" + +#define MAXSERVERS 5 /* Maximum number of servers to query. This number can be increased. */ +#define NTHOSTLEN 65 + +extern char Denyuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */ +extern char Allowuserpath[MAXPATHLEN]; + +typedef struct _ServerTuple { + char pdc[NTHOSTLEN]; + char bdc[NTHOSTLEN]; + char domain[NTHOSTLEN]; +} ServerTuple; + +ServerTuple ServerArray[MAXSERVERS]; /* Array of servers to query */ +int Serversqueried = 0; /* Number of servers queried */ + +/* Declarations */ + +int OpenConfigFile(); +void ProcessLine(char *); +void AddServer(char *, char *, char *); +int QueryServers(char *, char *); +int QueryServerForUser(int, char *, char *); +extern int Valid_User(char *, char *, char *, char *, char *); + + +/* + * Opens and reads the configuration file. + * Returns 0 on success, or 1 for error. + */ + +int +OpenConfigFile() +{ + FILE *ConfigFile; + char Confbuf[2049]; /* Line reading buffer */ + + /* Initialise defaults */ + + Serversqueried = 0; + strcpy(Denyuserpath, DENYUSERSDEFAULT); + strcpy(Allowuserpath, ALLOWUSERSDEFAULT); + + /* Open file */ + if ((ConfigFile = fopen(CONFIGFILE, "r")) == NULL) { + syslog(LOG_USER | LOG_ERR, "OpenConfigFile: Failed to open %s.", CONFIGFILE); + syslog(LOG_USER | LOG_ERR, strerror(errno)); + return 1; + } + /* Read in, one line at a time */ + + while (!feof(ConfigFile)) { + Confbuf[0] = '\0'; + fgets(Confbuf, 2049, ConfigFile); + ProcessLine(Confbuf); + } + + /* Check that at least one server is being queried. Report error if not. + * Denied and allowed user files are hardcoded, so it's fine if they're + * not set in the confugration file. */ + + if (Serversqueried == 0) { + syslog(LOG_USER | LOG_ERR, "OpenConfigFile: No servers set in %s. At least one is needed.", CONFIGFILE); + return 1; + } + fclose(ConfigFile); + return 0; +} + +/* Parses a configuration file line. */ + +void +ProcessLine(char *Linebuf) +{ + char *Directive; + char *Param1; + char *Param2; + char *Param3; + + /* Ignore empty lines */ + if (strlen(Linebuf) == 0) + return; + + /* Break up on whitespaces */ + if ((Directive = strtok(Linebuf, " \t\n")) == NULL) + return; + + /* Check for a comment line. If found, stop . */ + if (Directive[0] == '#') + return; + + /* Check for server line. Check for 3 parameters. */ + if (strcasecmp(Directive, "server") == 0) { + Param1 = strtok(NULL, " \t\n"); + Param2 = strtok(NULL, " \t\n"); + Param3 = strtok(NULL, " \t\n"); + + if ((Param1[0] == '\0') || + (Param2[0] == '\0') || + (Param3[0] == '\0')) { + syslog(LOG_USER | LOG_ERR, "ProcessLine: A 'server' line needs PDC, BDC, and domain parameters."); + return; + } + AddServer(Param1, Param2, Param3); + return; + } + /* Check for denyusers line */ + if (strcasecmp(Directive, "denyusers") == 0) { + Param1 = strtok(NULL, " \t\n"); + + if (Param1[0] == '\0') { + syslog(LOG_USER | LOG_ERR, "ProcessLine: A 'denyusers' line needs a filename parameter."); + return; + } + strcpy(Denyuserpath, Param1); + return; + } + /* Check for allowusers line */ + if (strcasecmp(Directive, "allowusers") == 0) { + Param1 = strtok(NULL, " \t\n"); + + if (Param1[0] == '\0') { + syslog(LOG_USER | LOG_ERR, "ProcessLine: An 'allowusers' line needs a filename parameter."); + return; + } + strcpy(Allowuserpath, Param1); + return; + } + /* Reports error for unknown line */ + syslog(LOG_USER | LOG_ERR, "ProcessLine: Ignoring '%s' line.", Directive); +} + +/* + * Adds a server to query to the server array. + * Checks if the number of servers to query is not exceeded. + * Does not allow parameters longer than NTHOSTLEN. + */ + +void +AddServer(char *ParamPDC, char *ParamBDC, char *ParamDomain) +{ + if (Serversqueried + 1 > MAXSERVERS) { + syslog(LOG_USER | LOG_ERR, "ProcessLine: Ignoring '%s' server line; too many servers.", ParamPDC); + return; + } + Serversqueried++; + strncpy(ServerArray[Serversqueried].pdc, ParamPDC, NTHOSTLEN); + strncpy(ServerArray[Serversqueried].bdc, ParamBDC, NTHOSTLEN); + strncpy(ServerArray[Serversqueried].domain, ParamDomain, NTHOSTLEN); + ServerArray[Serversqueried].pdc[NTHOSTLEN - 1] = '\0'; + ServerArray[Serversqueried].bdc[NTHOSTLEN - 1] = '\0'; + ServerArray[Serversqueried].domain[NTHOSTLEN - 1] = '\0'; +} + +/* + * Cycles through all servers to query. + * Returns 0 if one server could authenticate the user. + * Returns 1 if no server authenticated the user. + */ + +int +QueryServers(char *username, char *password) +{ + int Queryresult = 1; /* Default result is an error */ + int x = 1; + + while (x <= Serversqueried) { /* Query one server. Change Queryresult if user passed. */ + if (QueryServerForUser(x++, username, password) == 0) { + Queryresult = 0; + break; + } + } + + return Queryresult; +} + +/* + * Attempts to authenticate the user with one server. + * Logs syslog messages for different errors. + * Returns 0 on success, non-zero on failure. + */ + +int +QueryServerForUser(int x, char *username, char *password) +{ + int result = 1; + + result = Valid_User(username, password, ServerArray[x].pdc, + ServerArray[x].bdc, ServerArray[x].domain); + + switch (result) { /* Write any helpful syslog messages */ + case 0: + break; + case 1: + syslog(LOG_AUTHPRIV | LOG_INFO, "Server error when checking %s.", username); + break; + case 2: + syslog(LOG_AUTHPRIV | LOG_INFO, "Protocol error when checking %s.", username); + break; + case 3: + syslog(LOG_AUTHPRIV | LOG_INFO, "Authentication failed for %s.", username); + } + + return result; +} + +/* Valid_User return codes - + * + * 0 - User authenticated successfully. + * 1 - Server error. + * 2 - Protocol error. + * 3 - Logon error; Incorrect password or username given. + */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/denyusers.c Wed Feb 14 00:48:19 2007 @@ -0,0 +1,249 @@ + +/* + * denyusers.c + * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd + * Released under GPL, see COPYING-2.0 for details. + * + * These routines are to block users attempting to use the proxy which + * have been explicitly denied by the system administrator. + * Routines at the bottom also use the allowed user functions. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define NAMELEN 50 /* Maximum username length */ + +/* Global variables */ + +char *DeniedUsers; /* Pointer to string of denied users */ +off_t DenyUserSize; /* Size of denied user file */ +struct stat FileBuf; /* Stat data buffer */ +time_t LastModTime; /* Last denied user file modification time */ + +char Denyuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */ + +/* Function declarations */ + +int Read_denyusers(); +int Check_ifuserdenied(char *); +int Check_user(char *); +void Checktimer(); +void Check_forchange(); +void Check_fordenychange(); +extern void Check_forallowchange(); /* For allowed users */ +extern int Check_ifuserallowed(char *); + +/* + * Reads Denyuserpath for all users to be excluded. + * Returns 0 if the user list was successfully loaded, + * and 1 in case of error. + * Logs any messages to the syslog daemon. + */ + +int +Read_denyusers() +{ + FILE *DFile; /* Denied user file pointer */ + off_t DPos = 0; /* File counter */ + char DChar; /* Character buffer */ + + /* Stat the file. If it does not exist, save the size as zero. + * Clear the denied user string. Return. */ + if (stat(Denyuserpath, &FileBuf) == -1) { + if (errno == ENOENT) { + LastModTime = (time_t) 0; + DenyUserSize = 0; + free(DeniedUsers); + DeniedUsers = malloc(sizeof(char)); + DeniedUsers[0] = '\0'; + return 0; + } else { + syslog(LOG_USER | LOG_ERR, strerror(errno)); + return 1; + } + } + /* If it exists, save the modification time and size */ + LastModTime = FileBuf.st_mtime; + DenyUserSize = FileBuf.st_size; + + /* Handle the special case of a zero length file */ + if (DenyUserSize == 0) { + free(DeniedUsers); + DeniedUsers = malloc(sizeof(char)); + DeniedUsers[0] = '\0'; + return 0; + } + /* Free and allocate space for a string to store the denied usernames */ + free(DeniedUsers); + + if ((DeniedUsers = malloc(sizeof(char) * (DenyUserSize + 3))) == NULL) { + syslog(LOG_USER | LOG_ERR, "Read_denyusers: malloc(DeniedUsers) failed."); + return 1; + } + /* Open the denied user file. Report any errors. */ + + if ((DFile = fopen(Denyuserpath, "r")) == NULL) { + syslog(LOG_USER | LOG_ERR, "Read_denyusers: Failed to open denied user file."); + syslog(LOG_USER | LOG_ERR, strerror(errno)); + return 1; + } + /* Read user names into the DeniedUsers string. + * Make sure each string is delimited by a space. */ + + DeniedUsers[DPos++] = ' '; + + while (!feof(DFile)) { + if ((DChar = fgetc(DFile)) == EOF) + break; + else { + if (isspace(DChar)) + DeniedUsers[DPos++] = ' '; + else + DeniedUsers[DPos++] = toupper(DChar); + } + } + + DeniedUsers[DPos++] = ' '; + DeniedUsers[DPos] = '\0'; + fclose(DFile); + return 0; +} + +/* + * Check to see if the username provided by Squid appears in the denied + * user list. Returns 0 if the user was not found, and 1 if they were. + */ + +int +Check_ifuserdenied(char *ConnectingUser) +{ + static char CUBuf[NAMELEN + 1]; + static int x; + static char DenyMsg[256]; + + /* If user string is empty, deny */ + if (ConnectingUser[0] == '\0') + return 1; + + /* If denied user list is empty, allow */ + if (DenyUserSize == 0) + return 0; + + /* Check if username string is found in the denied user list. + * If so, deny. If not, allow. Reconstruct the username + * to have whitespace, to avoid finding wrong string subsets. */ + + sscanf(ConnectingUser, " %s ", CUBuf); + sprintf(CUBuf, " %s ", CUBuf); + + for (x = 0; x <= strlen(CUBuf); x++) + CUBuf[x] = toupper(CUBuf[x]); + + if (strstr(DeniedUsers, CUBuf) == NULL) + return 0; + else { + sprintf(DenyMsg, "Denied access to user '%s'.", CUBuf); + syslog(LOG_USER | LOG_ERR, DenyMsg); + return 1; + } +} + +/* + * Checks if there has been a change in the denied user file. + * If the modification time has changed, then reload the denied user list. + * This function is called by the SIGHUP signal handler. + */ + +void +Check_fordenychange() +{ + struct stat ChkBuf; /* Stat data buffer */ + + /* Stat the denied user file. If it cannot be accessed, return. */ + + if (stat(Denyuserpath, &ChkBuf) == -1) { + if (errno == ENOENT) { + LastModTime = (time_t) 0; + DenyUserSize = 0; + free(DeniedUsers); + DeniedUsers = malloc(sizeof(char)); + DeniedUsers[0] = '\0'; + return; + } else { /* Report error when accessing file */ + syslog(LOG_USER | LOG_ERR, strerror(errno)); + return; + } + } + /* If found, compare the modification time with the previously-recorded + * modification time. + * If the modification time has changed, reload the denied user list. + * Log a message of its actions. */ + + if (ChkBuf.st_mtime != LastModTime) { + syslog(LOG_USER | LOG_INFO, "Check_fordenychange: Reloading denied user list."); + Read_denyusers(); + } +} + +/* + * Decides if a user is denied or allowed. + * If they have been denied, or not allowed, return 1. + * Else return 0. + */ + +int +Check_user(char *ConnectingUser) +{ + if (Check_ifuserdenied(ConnectingUser) == 1) + return 1; + + if (Check_ifuserallowed(ConnectingUser) == 0) + return 1; + + return 0; +} + +/* + * Checks the denied and allowed user files for change. + * This function is invoked when a SIGHUP signal is received. + * It is also run after every 60 seconds, at the next request. + */ + +void +Check_forchange() +{ + Check_fordenychange(); + Check_forallowchange(); +} + +/* + * Checks the timer. If longer than 1 minute has passed since the last + * time someone has accessed the proxy, then check for changes in the + * denied user file. If longer than one minute hasn't passed, return. + */ + +void +Checktimer() +{ + static time_t Lasttime; /* The last time the timer was checked */ + static time_t Currenttime; /* The current time */ + + Currenttime = time(NULL); + + /* If timeout has expired, check the denied user file, else return */ + if (difftime(Currenttime, Lasttime) < 60) + return; + else { + Check_forchange(); + Lasttime = Currenttime; + } +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/md4.c Wed Feb 14 00:48:19 2007 @@ -0,0 +1,209 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * a implementation of MD4 designed for use in the SMB authentication protocol + * Copyright (C) Andrew Tridgell 1997 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +/* NOTE: This code makes no attempt to be fast! + * + * It assumes that a int is at least 32 bits long + */ + +typedef unsigned int uint32; + +static uint32 A, B, C, D; + +static uint32 +F(uint32 X, uint32 Y, uint32 Z) +{ + return (X & Y) | ((~X) & Z); +} + +static uint32 +G(uint32 X, uint32 Y, uint32 Z) +{ + return (X & Y) | (X & Z) | (Y & Z); +} + +static uint32 +H(uint32 X, uint32 Y, uint32 Z) +{ + return X ^ Y ^ Z; +} + +static uint32 +lshift(uint32 x, int s) +{ + x &= 0xFFFFFFFF; + return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); +} + +#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) +#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) +#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) + +/* this applies md4 to 64 byte chunks */ +static void +mdfour64(uint32 * M) +{ + int j; + uint32 AA, BB, CC, DD; + uint32 X[16]; + + for (j = 0; j < 16; j++) + X[j] = M[j]; + + AA = A; + BB = B; + CC = C; + DD = D; + + ROUND1(A, B, C, D, 0, 3); + ROUND1(D, A, B, C, 1, 7); + ROUND1(C, D, A, B, 2, 11); + ROUND1(B, C, D, A, 3, 19); + ROUND1(A, B, C, D, 4, 3); + ROUND1(D, A, B, C, 5, 7); + ROUND1(C, D, A, B, 6, 11); + ROUND1(B, C, D, A, 7, 19); + ROUND1(A, B, C, D, 8, 3); + ROUND1(D, A, B, C, 9, 7); + ROUND1(C, D, A, B, 10, 11); + ROUND1(B, C, D, A, 11, 19); + ROUND1(A, B, C, D, 12, 3); + ROUND1(D, A, B, C, 13, 7); + ROUND1(C, D, A, B, 14, 11); + ROUND1(B, C, D, A, 15, 19); + + ROUND2(A, B, C, D, 0, 3); + ROUND2(D, A, B, C, 4, 5); + ROUND2(C, D, A, B, 8, 9); + ROUND2(B, C, D, A, 12, 13); + ROUND2(A, B, C, D, 1, 3); + ROUND2(D, A, B, C, 5, 5); + ROUND2(C, D, A, B, 9, 9); + ROUND2(B, C, D, A, 13, 13); + ROUND2(A, B, C, D, 2, 3); + ROUND2(D, A, B, C, 6, 5); + ROUND2(C, D, A, B, 10, 9); + ROUND2(B, C, D, A, 14, 13); + ROUND2(A, B, C, D, 3, 3); + ROUND2(D, A, B, C, 7, 5); + ROUND2(C, D, A, B, 11, 9); + ROUND2(B, C, D, A, 15, 13); + + ROUND3(A, B, C, D, 0, 3); + ROUND3(D, A, B, C, 8, 9); + ROUND3(C, D, A, B, 4, 11); + ROUND3(B, C, D, A, 12, 15); + ROUND3(A, B, C, D, 2, 3); + ROUND3(D, A, B, C, 10, 9); + ROUND3(C, D, A, B, 6, 11); + ROUND3(B, C, D, A, 14, 15); + ROUND3(A, B, C, D, 1, 3); + ROUND3(D, A, B, C, 9, 9); + ROUND3(C, D, A, B, 5, 11); + ROUND3(B, C, D, A, 13, 15); + ROUND3(A, B, C, D, 3, 3); + ROUND3(D, A, B, C, 11, 9); + ROUND3(C, D, A, B, 7, 11); + ROUND3(B, C, D, A, 15, 15); + + A += AA; + B += BB; + C += CC; + D += DD; + + A &= 0xFFFFFFFF; + B &= 0xFFFFFFFF; + C &= 0xFFFFFFFF; + D &= 0xFFFFFFFF; + + for (j = 0; j < 16; j++) + X[j] = 0; +} + +static void +copy64(uint32 * M, unsigned char *in) +{ + int i; + + for (i = 0; i < 16; i++) + M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | + (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0); +} + +static void +copy4(unsigned char *out, uint32 x) +{ + out[0] = x & 0xFF; + out[1] = (x >> 8) & 0xFF; + out[2] = (x >> 16) & 0xFF; + out[3] = (x >> 24) & 0xFF; +} + +/* produce a md4 message digest from data of length n bytes */ +void +mdfour(unsigned char *out, unsigned char *in, int n) +{ + unsigned char buf[128]; + uint32 M[16]; + uint32 b = n * 8; + int i; + + A = 0x67452301; + B = 0xefcdab89; + C = 0x98badcfe; + D = 0x10325476; + + while (n > 64) { + copy64(M, in); + mdfour64(M); + in += 64; + n -= 64; + } + + for (i = 0; i < 128; i++) + buf[i] = 0; + memcpy(buf, in, n); + buf[n] = 0x80; + + if (n <= 55) { + copy4(buf + 56, b); + copy64(M, buf); + mdfour64(M); + } else { + copy4(buf + 120, b); + copy64(M, buf); + mdfour64(M); + copy64(M, buf + 64); + mdfour64(M); + } + + for (i = 0; i < 128; i++) + buf[i] = 0; + copy64(M, buf); + + copy4(out, A); + copy4(out + 4, B); + copy4(out + 8, C); + copy4(out + 12, D); + + A = B = C = D = 0; +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/msntauth-v2.0.lsm Wed Feb 14 00:48:19 2007 @@ -0,0 +1,13 @@ +Begin3 +Title: msntauth +Version: 2.0 +Entered-date: 10OCT00 +Description: Squid web proxy NT domain authentication module +Keywords: Squid WWW proxy SMB NT domain authentication module source +Author: antonino.iannella@usa.net (Antonino Iannella) +Maintained-by: antonino.iannella@usa.net (Antonino Iannella) +Primary-site: sunsite.unc.edu /pub/Linux/system/network/misc + msntauth-v2.0.tgz +Original-site: http://stellarx.tripod.com +Copying-policy: GPL +End --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/msntauth.c Wed Feb 14 00:48:19 2007 @@ -0,0 +1,114 @@ + +/* + * MSNT - Microsoft Windows NT domain squid authenticator module + * Version 1.2 by Stellar-X Pty Ltd, Antonino Iannella + * Fri Sep 22 00:56:05 CST 2000 + * + * Modified to act as a Squid authenticator module. + * Removed all Pike stuff. + * Returns OK for a successful authentication, or ERR upon error. + * + * Uses code from - + * Andrew Tridgell 1997 + * Richard Sharpe 1996 + * Bill Welliver 1999 + * Duane Wessels 2000 + * + * Released under GNU Public License + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include +#include +#include + +extern int OpenConfigFile(); +extern int QueryServers(char *, char *); +extern void Checktimer(); +extern void Check_forchange(); +extern int Read_denyusers(void); +extern int Read_allowusers(void); +extern int Check_user(char *); + +/* Main program for simple authentication. + * Reads the denied user file. Sets alarm timer. + * Scans and checks for Squid input, and attempts to validate the user. + */ + +int +main() +{ + char username[256]; + char password[256]; + char wstr[256]; + + /* Read configuration file. Abort wildly if error. */ + if (OpenConfigFile() == 1) + return 1; + + /* Read denied and allowed user files. + * If they fails, there is a serious problem. + * Check syslog messages. Deny all users while in this state. + * The msntauth process should then be killed. */ + + if ((Read_denyusers() == 1) || (Read_allowusers() == 1)) { + while (1) { + fgets(wstr, 255, stdin); + puts("ERR"); + fflush(stdout); + } + } + /* Make Check_forchange() the handle for HUP signals. + * Don't use alarms any more. I don't think it was very + * portable between systems. */ + signal(SIGHUP, Check_forchange); + + while (1) { + /* Read whole line from standard input. Terminate on break. */ + if (fgets(wstr, 255, stdin) == NULL) + break; + + /* Clear any current settings */ + username[0] = '\0'; + password[0] = '\0'; + sscanf(wstr, "%s %s", username, password); /* Extract parameters */ + + /* Check for invalid or blank entries */ + if ((username[0] == '\0') || (password[0] == '\0')) { + puts("ERR"); + fflush(stdout); + continue; + } + Checktimer(); /* Check if the user lists have changed */ + + /* Check if user is explicitly denied or allowed. + * If user passes both checks, they can be authenticated. */ + + if (Check_user(username) == 1) + puts("ERR"); + else { + if (QueryServers(username, password) == 0) + puts("OK"); + else + puts("ERR"); + } + + fflush(stdout); + } + + return 0; +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/msntauth.conf Wed Feb 14 00:48:19 2007 @@ -0,0 +1,11 @@ + +# Sample MSNT authenticator configuration file +# Antonino Iannella, Stellar-X Pty Ltd +# Tue Sep 26 17:26:59 CST 2000 + +server my_PDC my_BDC my_NTdomain +server other_PDC other_BDC otherdomain + +denyusers /usr/local/squid/etc/denyusers +allowusers /usr/local/squid/etc/allowusers + --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/rfcnb-common.h Wed Feb 14 00:48:19 2007 @@ -0,0 +1,40 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Common Structures etc Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _RFCNB_COMMON_H_ +#define _RFCNB_COMMON_H_ + +/* A data structure we need */ + +typedef struct RFCNB_Pkt { + + char *data; /* The data in this portion */ + int len; + struct RFCNB_Pkt *next; + +} RFCNB_Pkt; + + +#endif /* _RFCNB_COMMON_H_ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/rfcnb-error.h Wed Feb 14 00:48:19 2007 @@ -0,0 +1,57 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Error Response Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _RFCNB_ERROR_H_ +#define _RFCNB_ERROR_H_ + +/* Error responses */ + +#define RFCNBE_Bad -1 /* Bad response */ +#define RFCNBE_OK 0 + +/* these should follow the spec ... is there one ? */ + +#define RFCNBE_NoSpace 1 /* Could not allocate space for a struct */ +#define RFCNBE_BadName 2 /* Could not translate a name */ +#define RFCNBE_BadRead 3 /* Read sys call failed */ +#define RFCNBE_BadWrite 4 /* Write Sys call failed */ +#define RFCNBE_ProtErr 5 /* Protocol Error */ +#define RFCNBE_ConGone 6 /* Connection dropped */ +#define RFCNBE_BadHandle 7 /* Handle passed was bad */ +#define RFCNBE_BadSocket 8 /* Problems creating socket */ +#define RFCNBE_ConnectFailed 9 /* Connect failed */ +#define RFCNBE_CallRejNLOCN 10 /* Call rejected, not listening on CN */ +#define RFCNBE_CallRejNLFCN 11 /* Call rejected, not listening for CN */ +#define RFCNBE_CallRejCNNP 12 /* Call rejected, called name not present */ +#define RFCNBE_CallRejInfRes 13 /* Call rejetced, name ok, no resources */ +#define RFCNBE_CallRejUnSpec 14 /* Call rejected, unspecified error */ +#define RFCNBE_BadParam 15 /* Bad parameters passed ... */ +#define RFCNBE_Timeout 16 /* IO Timed out */ + +/* Text strings for the error responses */ + +extern char *RFCNB_Error_Strings[]; + +#endif /* _RFCNB_ERROR_H_ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/rfcnb-io.c Wed Feb 14 00:48:19 2007 @@ -0,0 +1,415 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NEtBIOS implementation + * + * Version 1.0 + * RFCNB IO Routines ... + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +/* #include */ +#include "std-includes.h" +#include "rfcnb-priv.h" +#include "rfcnb-util.h" +#include "rfcnb-io.h" +#include +#include + +int RFCNB_Timeout = 0; /* Timeout in seconds ... */ + +void +rfcnb_alarm(int sig) +{ + + fprintf(stderr, "IO Timed out ...\n"); + +} + +/* Set timeout value and setup signal handling */ + +int +RFCNB_Set_Timeout(int seconds) +{ +#ifdef __GLIBC__ + int temp; +#endif + /* If we are on a Bezerkeley system, use sigvec, else sigaction */ +#ifndef SA_RESTART + struct sigvec invec, outvec; +#else + struct sigaction inact, outact; +#endif + + RFCNB_Timeout = seconds; + + if (RFCNB_Timeout > 0) { /* Set up handler to ignore but not restart */ + +#ifndef SA_RESTART + invec.sv_handler = (void (*)()) rfcnb_alarm; + invec.sv_mask = 0; + invec.sv_flags = SV_INTERRUPT; + + if (sigvec(SIGALRM, &invec, &outvec) < 0) + return (-1); +#else + inact.sa_handler = (void (*)()) rfcnb_alarm; +#ifdef SOLARIS + /* Solaris seems to have an array of vectors ... */ + inact.sa_mask.__sigbits[0] = 0; + inact.sa_mask.__sigbits[1] = 0; + inact.sa_mask.__sigbits[2] = 0; + inact.sa_mask.__sigbits[3] = 0; +#else +#ifdef __GLIBC__ + for (temp = 0; temp < 32; temp++) + inact.sa_mask.__val[temp] = 0; +#else + inact.sa_mask = 0; +#endif +#endif + inact.sa_flags = 0; /* Don't restart */ + + if (sigaction(SIGALRM, &inact, &outact) < 0) + return (-1); + +#endif + + } + return (0); + +} + +/* Discard the rest of an incoming packet as we do not have space for it + * in the buffer we allocated or were passed ... */ + +int +RFCNB_Discard_Rest(struct RFCNB_Con *con, int len) +{ + char temp[100]; /* Read into here */ + int rest, this_read, bytes_read; + + /* len is the amount we should read */ + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Discard_Rest called to discard: %i\n", len); +#endif + + rest = len; + + while (rest > 0) { + + this_read = (rest > sizeof(temp) ? sizeof(temp) : rest); + + bytes_read = read(con->fd, temp, this_read); + + if (bytes_read <= 0) { /* Error so return */ + + if (bytes_read < 0) + RFCNB_errno = RFCNBE_BadRead; + else + RFCNB_errno = RFCNBE_ConGone; + + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + rest = rest - bytes_read; + + } + + return (0); + +} + + +/* Send an RFCNB packet to the connection. + * + * We just send each of the blocks linked together ... + * + * If we can, try to send it as one iovec ... + * + */ + +int +RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len) +{ + int len_sent, tot_sent, this_len; + struct RFCNB_Pkt *pkt_ptr; + char *this_data; + int i; + struct iovec io_list[10]; /* We should never have more */ + /* If we do, this will blow up ... */ + + /* Try to send the data ... We only send as many bytes as len claims */ + /* We should try to stuff it into an IOVEC and send as one write */ + + + pkt_ptr = pkt; + len_sent = tot_sent = 0; /* Nothing sent so far */ + i = 0; + + while ((pkt_ptr != NULL) & (i < 10)) { /* Watch that magic number! */ + + this_len = pkt_ptr->len; + this_data = pkt_ptr->data; + if ((tot_sent + this_len) > len) + this_len = len - tot_sent; /* Adjust so we don't send too much */ + + /* Now plug into the iovec ... */ + + io_list[i].iov_len = this_len; + io_list[i].iov_base = this_data; + i++; + + tot_sent += this_len; + + if (tot_sent == len) + break; /* Let's not send too much */ + + pkt_ptr = pkt_ptr->next; + + } + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Frags = %i, tot_sent = %i\n", i, tot_sent); +#endif + + /* Set up an alarm if timeouts are set ... */ + + if (RFCNB_Timeout > 0) + alarm(RFCNB_Timeout); + + if ((len_sent = writev(con->fd, io_list, i)) < 0) { /* An error */ + + con->rfc_errno = errno; + if (errno == EINTR) /* We were interrupted ... */ + RFCNB_errno = RFCNBE_Timeout; + else + RFCNB_errno = RFCNBE_BadWrite; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + if (len_sent < tot_sent) { /* Less than we wanted */ + if (errno == EINTR) /* We were interrupted */ + RFCNB_errno = RFCNBE_Timeout; + else + RFCNB_errno = RFCNBE_BadWrite; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + } + if (RFCNB_Timeout > 0) + alarm(0); /* Reset that sucker */ + +#ifdef RFCNB_DEBUG + + fprintf(stderr, "Len sent = %i ...\n", len_sent); + RFCNB_Print_Pkt(stderr, "sent", pkt, len_sent); /* Print what send ... */ + +#endif + + return (len_sent); + +} + +/* Read an RFCNB packet off the connection. + * + * We read the first 4 bytes, that tells us the length, then read the + * rest. We should implement a timeout, but we don't just yet + * + */ + + +int +RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len) +{ + int read_len, pkt_len; + char hdr[RFCNB_Pkt_Hdr_Len]; /* Local space for the header */ + struct RFCNB_Pkt *pkt_frag; + int more, this_time, offset, frag_len, this_len; + BOOL seen_keep_alive = TRUE; + + /* Read that header straight into the buffer */ + + if (len < RFCNB_Pkt_Hdr_Len) { /* What a bozo */ + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Trying to read less than a packet:"); + perror(""); +#endif + RFCNB_errno = RFCNBE_BadParam; + return (RFCNBE_Bad); + + } + /* We discard keep alives here ... */ + + if (RFCNB_Timeout > 0) + alarm(RFCNB_Timeout); + + while (seen_keep_alive) { + + if ((read_len = read(con->fd, hdr, sizeof(hdr))) < 0) { /* Problems */ +#ifdef RFCNB_DEBUG + fprintf(stderr, "Reading the packet, we got:"); + perror(""); +#endif + if (errno == EINTR) + RFCNB_errno = RFCNBE_Timeout; + else + RFCNB_errno = RFCNBE_BadRead; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + /* Now we check out what we got */ + + if (read_len == 0) { /* Connection closed, send back eof? */ + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Connection closed reading\n"); +#endif + + if (errno == EINTR) + RFCNB_errno = RFCNBE_Timeout; + else + RFCNB_errno = RFCNBE_ConGone; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + if (RFCNB_Pkt_Type(hdr) == RFCNB_SESSION_KEEP_ALIVE) { + +#ifdef RFCNB_DEBUG + fprintf(stderr, "RFCNB KEEP ALIVE received\n"); +#endif + + } else { + seen_keep_alive = FALSE; + } + + } + + /* What if we got less than or equal to a hdr size in bytes? */ + + if (read_len < sizeof(hdr)) { /* We got a small packet */ + + /* Now we need to copy the hdr portion we got into the supplied packet */ + + memcpy(pkt->data, hdr, read_len); /*Copy data */ + +#ifdef RFCNB_DEBUG + RFCNB_Print_Pkt(stderr, "rcvd", pkt, read_len); +#endif + + return (read_len); + + } + /* Now, if we got at least a hdr size, alloc space for rest, if we need it */ + + pkt_len = RFCNB_Pkt_Len(hdr); + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Reading Pkt: Length = %i\n", pkt_len); +#endif + + /* Now copy in the hdr */ + + memcpy(pkt->data, hdr, sizeof(hdr)); + + /* Get the rest of the packet ... first figure out how big our buf is? */ + /* And make sure that we handle the fragments properly ... Sure should */ + /* use an iovec ... */ + + if (len < pkt_len) /* Only get as much as we have space for */ + more = len - RFCNB_Pkt_Hdr_Len; + else + more = pkt_len; + + this_time = 0; + + /* We read for each fragment ... */ + + if (pkt->len == read_len) { /* If this frag was exact size */ + pkt_frag = pkt->next; /* Stick next lot in next frag */ + offset = 0; /* then we start at 0 in next */ + } else { + pkt_frag = pkt; /* Otherwise use rest of this frag */ + offset = RFCNB_Pkt_Hdr_Len; /* Otherwise skip the header */ + } + + frag_len = pkt_frag->len; + + if (more <= frag_len) /* If len left to get less than frag space */ + this_len = more; /* Get the rest ... */ + else + this_len = frag_len - offset; + + while (more > 0) { + + if ((this_time = read(con->fd, (pkt_frag->data) + offset, this_len)) <= 0) { /* Problems */ + + if (errno == EINTR) { + + RFCNB_errno = RFCNB_Timeout; + + } else { + if (this_time < 0) + RFCNB_errno = RFCNBE_BadRead; + else + RFCNB_errno = RFCNBE_ConGone; + } + + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } +#ifdef RFCNB_DEBUG + fprintf(stderr, "Frag_Len = %i, this_time = %i, this_len = %i, more = %i\n", frag_len, + this_time, this_len, more); +#endif + + read_len = read_len + this_time; /* How much have we read ... */ + + /* Now set up the next part */ + + if (pkt_frag->next == NULL) + break; /* That's it here */ + + pkt_frag = pkt_frag->next; + this_len = pkt_frag->len; + offset = 0; + + more = more - this_time; + + } + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Pkt Len = %i, read_len = %i\n", pkt_len, read_len); + RFCNB_Print_Pkt(stderr, "rcvd", pkt, read_len + sizeof(hdr)); +#endif + + if (read_len < (pkt_len + sizeof(hdr))) { /* Discard the rest */ + + return (RFCNB_Discard_Rest(con, (pkt_len + sizeof(hdr)) - read_len)); + + } + if (RFCNB_Timeout > 0) + alarm(0); /* Reset that sucker */ + + return (read_len + sizeof(RFCNB_Hdr)); +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/rfcnb-io.h Wed Feb 14 00:48:19 2007 @@ -0,0 +1,28 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB IO Routines Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +int RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len); + +int RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len); --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/rfcnb-priv.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,150 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* Defines we need */ + + +#define GLOBAL extern + +#include "rfcnb-error.h" +#include "rfcnb-common.h" +#include "byteorder.h" + +#ifdef RFCNB_PORT +#define RFCNB_Default_Port RFCNB_PORT +#else +#define RFCNB_Default_Port 139 +#endif + +#define RFCNB_MAX_STATS 1 + +/* Protocol defines we need */ + +#define RFCNB_SESSION_MESSAGE 0 +#define RFCNB_SESSION_REQUEST 0x81 +#define RFCNB_SESSION_ACK 0x82 +#define RFCNB_SESSION_REJ 0x83 +#define RFCNB_SESSION_RETARGET 0x84 +#define RFCNB_SESSION_KEEP_ALIVE 0x85 + +/* Structures */ + +typedef struct redirect_addr *redirect_ptr; + +struct redirect_addr { + + struct in_addr ip_addr; + int port; + redirect_ptr next; + +}; + +typedef struct RFCNB_Con { + + int fd; /* File descripter for TCP/IP connection */ + int rfc_errno; /* last error */ + int timeout; /* How many milli-secs before IO times out */ + int redirects; /* How many times we were redirected */ + struct redirect_addr *redirect_list; /* First is first address */ + struct redirect_addr *last_addr; + +} RFCNB_Con; + +typedef char RFCNB_Hdr[4]; /* The header is 4 bytes long with */ + /* char[0] as the type, char[1] the */ + /* flags, and char[2..3] the length */ + +/* Macros to extract things from the header. These are for portability + * between architecture types where we are worried about byte order */ + +#define RFCNB_Pkt_Hdr_Len 4 +#define RFCNB_Pkt_Sess_Len 72 +#define RFCNB_Pkt_Retarg_Len 10 +#define RFCNB_Pkt_Nack_Len 5 +#define RFCNB_Pkt_Type_Offset 0 +#define RFCNB_Pkt_Flags_Offset 1 +#define RFCNB_Pkt_Len_Offset 2 /* Length is 2 bytes plus a flag bit */ +#define RFCNB_Pkt_N1Len_Offset 4 +#define RFCNB_Pkt_Called_Offset 5 +#define RFCNB_Pkt_N2Len_Offset 38 +#define RFCNB_Pkt_Calling_Offset 39 +#define RFCNB_Pkt_Error_Offset 4 +#define RFCNB_Pkt_IP_Offset 4 +#define RFCNB_Pkt_Port_Offset 8 + +/* The next macro isolates the length of a packet, including the bit in the + * flags */ + +#define RFCNB_Pkt_Len(p) (PVAL(p, 3) | (PVAL(p, 2) << 8) | \ + ((PVAL(p, RFCNB_Pkt_Flags_Offset) & 0x01) << 16)) + +#define RFCNB_Put_Pkt_Len(p, v) (p[1] = ((v >> 16) & 1)); \ + (p[2] = ((v >> 8) & 0xFF)); \ + (p[3] = (v & 0xFF)); + +#define RFCNB_Pkt_Type(p) (CVAL(p, RFCNB_Pkt_Type_Offset)) + +/*typedef struct RFCNB_Hdr { + * + * unsigned char type; + * unsigned char flags; + * int16 len; + * + * } RFCNB_Hdr; + * + * typedef struct RFCNB_Sess_Pkt { + * unsigned char type; + * unsigned char flags; + * int16 length; + * unsigned char n1_len; + * char called_name[33]; + * unsigned char n2_len; + * char calling_name[33]; + * } RFCNB_Sess_Pkt; + * + * + * typedef struct RFCNB_Nack_Pkt { + * + * struct RFCNB_Hdr hdr; + * unsigned char error; + * + * } RFCNB_Nack_Pkt; + * + * typedef struct RFCNB_Retarget_Pkt { + * + * struct RFCNB_Hdr hdr; + * int dest_ip; + * unsigned char port; + * + * } RFCNB_Redir_Pkt; */ + +/* Static variables */ + +/* Only declare this if not defined */ + +#ifndef RFCNB_ERRNO +extern int RFCNB_errno; +extern int RFCNB_saved_errno; /* Save this from point of error */ +#endif --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/rfcnb-util.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,555 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Utility Routines ... + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "std-includes.h" +#include "rfcnb-priv.h" +#include "rfcnb-util.h" +#include "rfcnb-io.h" + +#include +#include +#include +#include +#include +#include +#include + +char *RFCNB_Error_Strings[] = +{ + + "RFCNBE_OK: Routine completed successfully.", + "RFCNBE_NoSpace: No space available for a malloc call.", + "RFCNBE_BadName: NetBIOS name could not be translated to IP address.", + "RFCNBE_BadRead: Read system call returned an error. Check errno.", + "RFCNBE_BadWrite: Write system call returned an error. Check errno.", + "RFCNBE_ProtErr: A protocol error has occurred.", + "RFCNBE_ConGone: Connection dropped during a read or write system call.", + "RFCNBE_BadHandle: Bad connection handle passed.", + "RFCNBE_BadSocket: Problems creating socket.", + "RFCNBE_ConnectFailed: Connection failed. See errno.", + "RFCNBE_CallRejNLOCN: Call rejected. Not listening on called name.", + "RFCNBE_CallRejNLFCN: Call rejected. Not listening for called name.", + "RFCNBE_CallRejCNNP: Call rejected. Called name not present.", + "RFCNBE_CallRejInfRes: Call rejected. Name present, but insufficient resources.", + "RFCNBE_CallRejUnSpec: Call rejected. Unspecified error.", + "RFCNBE_BadParam: Bad parameters passed to a routine.", + "RFCNBE_Timeout: IO Operation timed out ..." + +}; + +extern void (*Prot_Print_Routine) (); /* Pointer to protocol print routine */ + +/* Convert name and pad to 16 chars as needed */ +/* Name 1 is a C string with null termination, name 2 may not be */ +/* If SysName is true, then put a <00> on end, else space> */ + +void +RFCNB_CvtPad_Name(char *name1, char *name2) +{ + char c, c1, c2; + int i, len; + + len = strlen(name1); + + for (i = 0; i < 16; i++) { + + if (i >= len) { + + c1 = 'C'; + c2 = 'A'; /* CA is a space */ + + } else { + + c = name1[i]; + c1 = (char) ((int) c / 16 + (int) 'A'); + c2 = (char) ((int) c % 16 + (int) 'A'); + } + + name2[i * 2] = c1; + name2[i * 2 + 1] = c2; + + } + + name2[32] = 0; /* Put in the nll ... */ + +} + +/* Converts an Ascii NB Name (16 chars) to an RFCNB Name (32 chars) + * Uses the encoding in RFC1001. Each nibble of byte is added to 'A' + * to produce the next byte in the name. + * + * This routine assumes that AName is 16 bytes long and that NBName has + * space for 32 chars, so be careful ... + * + */ + +void +RFCNB_AName_To_NBName(char *AName, char *NBName) +{ + char c, c1, c2; + int i; + + for (i = 0; i < 16; i++) { + + c = AName[i]; + + c1 = (char) ((c >> 4) + 'A'); + c2 = (char) ((c & 0xF) + 'A'); + + NBName[i * 2] = c1; + NBName[i * 2 + 1] = c2; + } + + NBName[32] = 0; /* Put in a null */ + +} + +/* Do the reverse of the above ... */ + +void +RFCNB_NBName_To_AName(char *NBName, char *AName) +{ + char c, c1, c2; + int i; + + for (i = 0; i < 16; i++) { + + c1 = NBName[i * 2]; + c2 = NBName[i * 2 + 1]; + + c = (char) (((int) c1 - (int) 'A') * 16 + ((int) c2 - (int) 'A')); + + AName[i] = c; + + } + + AName[i] = 0; /* Put a null on the end ... */ + +} + +/* Print a string of bytes in HEX etc */ + +void +RFCNB_Print_Hex(FILE * fd, struct RFCNB_Pkt *pkt, int Offset, int Len) +{ + char c1, c2, outbuf1[33]; + unsigned char c; + int i, j; + struct RFCNB_Pkt *pkt_ptr = pkt; + static char Hex_List[17] = "0123456789ABCDEF"; + + j = 0; + + /* We only want to print as much as sepcified in Len */ + + while (pkt_ptr != NULL) { + + for (i = 0; + i < ((Len > (pkt_ptr->len) ? pkt_ptr->len : Len) - Offset); + i++) { + + c = pkt_ptr->data[i + Offset]; + c1 = Hex_List[c >> 4]; + c2 = Hex_List[c & 0xF]; + + outbuf1[j++] = c1; + outbuf1[j++] = c2; + + if (j == 32) { /* Print and reset */ + outbuf1[j] = 0; + fprintf(fd, " %s\n", outbuf1); + j = 0; + } + } + + Offset = 0; + Len = Len - pkt_ptr->len; /* Reduce amount by this much */ + pkt_ptr = pkt_ptr->next; + + } + + /* Print last lot in the buffer ... */ + + if (j > 0) { + + outbuf1[j] = 0; + fprintf(fd, " %s\n", outbuf1); + + } + fprintf(fd, "\n"); + +} + +/* Get a packet of size n */ + +struct RFCNB_Pkt * +RFCNB_Alloc_Pkt(int n) +{ + RFCNB_Pkt *pkt; + + if ((pkt = (struct RFCNB_Pkt *) malloc(sizeof(struct RFCNB_Pkt))) == NULL) { + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + return (NULL); + + } + pkt->next = NULL; + pkt->len = n; + + if (n == 0) + return (pkt); + + if ((pkt->data = (char *) malloc(n)) == NULL) { + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + free(pkt); + return (NULL); + + } + return (pkt); + +} + +/* Free up a packet */ + +void +RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt) +{ + struct RFCNB_Pkt *pkt_next; + char *data_ptr; + + while (pkt != NULL) { + + pkt_next = pkt->next; + + data_ptr = pkt->data; + + if (data_ptr != NULL) + free(data_ptr); + + free(pkt); + + pkt = pkt_next; + + } + +} + +/* Print an RFCNB packet */ + +void +RFCNB_Print_Pkt(FILE * fd, char *dirn, struct RFCNB_Pkt *pkt, int len) +{ + char lname[17]; + + /* We assume that the first fragment is the RFCNB Header */ + /* We should loop through the fragments printing them out */ + + fprintf(fd, "RFCNB Pkt %s:", dirn); + + switch (RFCNB_Pkt_Type(pkt->data)) { + + case RFCNB_SESSION_MESSAGE: + + fprintf(fd, "SESSION MESSAGE: Length = %i\n", RFCNB_Pkt_Len(pkt->data)); + RFCNB_Print_Hex(fd, pkt, RFCNB_Pkt_Hdr_Len, +#ifdef RFCNB_PRINT_DATA + RFCNB_Pkt_Len(pkt->data) - RFCNB_Pkt_Hdr_Len); +#else + 40); +#endif + + if (Prot_Print_Routine != 0) { /* Print the rest of the packet */ + + Prot_Print_Routine(fd, strcmp(dirn, "sent"), pkt, RFCNB_Pkt_Hdr_Len, + RFCNB_Pkt_Len(pkt->data) - RFCNB_Pkt_Hdr_Len); + + } + break; + + case RFCNB_SESSION_REQUEST: + + fprintf(fd, "SESSION REQUEST: Length = %i\n", + RFCNB_Pkt_Len(pkt->data)); + RFCNB_NBName_To_AName((char *) (pkt->data + RFCNB_Pkt_Called_Offset), lname); + fprintf(fd, " Called Name: %s\n", lname); + RFCNB_NBName_To_AName((char *) (pkt->data + RFCNB_Pkt_Calling_Offset), lname); + fprintf(fd, " Calling Name: %s\n", lname); + + break; + + case RFCNB_SESSION_ACK: + + fprintf(fd, "RFCNB SESSION ACK: Length = %i\n", + RFCNB_Pkt_Len(pkt->data)); + + break; + + case RFCNB_SESSION_REJ: + fprintf(fd, "RFCNB SESSION REJECT: Length = %i\n", + RFCNB_Pkt_Len(pkt->data)); + + if (RFCNB_Pkt_Len(pkt->data) < 1) { + fprintf(fd, " Protocol Error, short Reject packet!\n"); + } else { + fprintf(fd, " Error = %x\n", CVAL(pkt->data, RFCNB_Pkt_Error_Offset)); + } + + break; + + case RFCNB_SESSION_RETARGET: + + fprintf(fd, "RFCNB SESSION RETARGET: Length = %i\n", + RFCNB_Pkt_Len(pkt->data)); + + /* Print out the IP address etc and the port? */ + + break; + + case RFCNB_SESSION_KEEP_ALIVE: + + fprintf(fd, "RFCNB SESSION KEEP ALIVE: Length = %i\n", + RFCNB_Pkt_Len(pkt->data)); + break; + + default: + + break; + } + +} + +/* Resolve a name into an address */ + +int +RFCNB_Name_To_IP(char *host, struct in_addr *Dest_IP) +{ + int addr; /* Assumes IP4, 32 bit network addresses */ + struct hostent *hp; + + /* Use inet_addr to try to convert the address */ + + if ((addr = inet_addr(host)) == INADDR_NONE) { /* Oh well, a good try :-) */ + + /* Now try a name look up with gethostbyname */ + + if ((hp = gethostbyname(host)) == NULL) { /* Not in DNS */ + + /* Try NetBIOS name lookup, how the hell do we do that? */ + + RFCNB_errno = RFCNBE_BadName; /* Is this right? */ + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } else { /* We got a name */ + + memcpy((void *) Dest_IP, (void *) hp->h_addr_list[0], sizeof(struct in_addr)); + + } + } else { /* It was an IP address */ + + memcpy((void *) Dest_IP, (void *) &addr, sizeof(struct in_addr)); + + } + + return 0; + +} + +/* Disconnect the TCP connection to the server */ + +int +RFCNB_Close(int socket) +{ + + close(socket); + + /* If we want to do error recovery, here is where we put it */ + + return 0; + +} + +/* Connect to the server specified in the IP address. + * Not sure how to handle socket options etc. */ + +int +RFCNB_IP_Connect(struct in_addr Dest_IP, int port) +{ + struct sockaddr_in Socket; + int fd; + + /* Create a socket */ + + if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) { /* Handle the error */ + + RFCNB_errno = RFCNBE_BadSocket; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + } + bzero((char *) &Socket, sizeof(Socket)); + memcpy((char *) &Socket.sin_addr, (char *) &Dest_IP, sizeof(Dest_IP)); + + Socket.sin_port = htons(port); + Socket.sin_family = PF_INET; + + /* Now connect to the destination */ + + if (connect(fd, (struct sockaddr *) &Socket, sizeof(Socket)) < 0) { /* Error */ + + close(fd); + RFCNB_errno = RFCNBE_ConnectFailed; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + } + return (fd); + +} + +/* handle the details of establishing the RFCNB session with remote + * end + * + */ + +int +RFCNB_Session_Req(struct RFCNB_Con *con, + char *Called_Name, + char *Calling_Name, + BOOL * redirect, + struct in_addr *Dest_IP, + int *port) +{ + char *sess_pkt; + + /* Response packet should be no more than 9 bytes, make 16 jic */ + + char resp[16]; + int len; + struct RFCNB_Pkt *pkt, res_pkt; + + /* We build and send the session request, then read the response */ + + pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Sess_Len); + + if (pkt == NULL) { + + return (RFCNBE_Bad); /* Leave the error that RFCNB_Alloc_Pkt gives) */ + + } + sess_pkt = pkt->data; /* Get pointer to packet proper */ + + sess_pkt[RFCNB_Pkt_Type_Offset] = RFCNB_SESSION_REQUEST; + RFCNB_Put_Pkt_Len(sess_pkt, (RFCNB_Pkt_Sess_Len - RFCNB_Pkt_Hdr_Len)); + sess_pkt[RFCNB_Pkt_N1Len_Offset] = 32; + sess_pkt[RFCNB_Pkt_N2Len_Offset] = 32; + + RFCNB_CvtPad_Name(Called_Name, (sess_pkt + RFCNB_Pkt_Called_Offset)); + RFCNB_CvtPad_Name(Calling_Name, (sess_pkt + RFCNB_Pkt_Calling_Offset)); + + /* Now send the packet */ + +#ifdef RFCNB_DEBUG + + fprintf(stderr, "Sending packet: "); + +#endif + + if ((len = RFCNB_Put_Pkt(con, pkt, RFCNB_Pkt_Sess_Len)) < 0) { + + return (RFCNBE_Bad); /* Should be able to write that lot ... */ + + } +#ifdef RFCNB_DEBUG + + fprintf(stderr, "Getting packet.\n"); + +#endif + + res_pkt.data = resp; + res_pkt.len = sizeof(resp); + res_pkt.next = NULL; + + if ((len = RFCNB_Get_Pkt(con, &res_pkt, sizeof(resp))) < 0) { + + return (RFCNBE_Bad); + + } + /* Now analyze the packet ... */ + + switch (RFCNB_Pkt_Type(resp)) { + + case RFCNB_SESSION_REJ: /* Didnt like us ... too bad */ + + /* Why did we get rejected ? */ + + switch (CVAL(resp, RFCNB_Pkt_Error_Offset)) { + + case 0x80: + RFCNB_errno = RFCNBE_CallRejNLOCN; + break; + case 0x81: + RFCNB_errno = RFCNBE_CallRejNLFCN; + break; + case 0x82: + RFCNB_errno = RFCNBE_CallRejCNNP; + break; + case 0x83: + RFCNB_errno = RFCNBE_CallRejInfRes; + break; + case 0x8F: + RFCNB_errno = RFCNBE_CallRejUnSpec; + break; + default: + RFCNB_errno = RFCNBE_ProtErr; + break; + } + + return (RFCNBE_Bad); + break; + + case RFCNB_SESSION_ACK: /* Got what we wanted ... */ + + return (0); + break; + + case RFCNB_SESSION_RETARGET: /* Go elsewhere */ + + *redirect = TRUE; /* Copy port and ip addr */ + + memcpy(Dest_IP, (resp + RFCNB_Pkt_IP_Offset), sizeof(struct in_addr)); + *port = SVAL(resp, RFCNB_Pkt_Port_Offset); + + return (0); + break; + + default: /* A protocol error */ + + RFCNB_errno = RFCNBE_ProtErr; + return (RFCNBE_Bad); + break; + } +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/rfcnb-util.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,51 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Utility Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +void RFCNB_CvtPad_Name(char *name1, char *name2); + +void RFCNB_AName_To_NBName(char *AName, char *NBName); + +void RFCNB_NBName_To_AName(char *NBName, char *AName); + +void RFCNB_Print_Hex(FILE * fd, struct RFCNB_Pkt *pkt, int Offset, int Len); + +struct RFCNB_Pkt *RFCNB_Alloc_Pkt(int n); + +void RFCNB_Print_Pkt(FILE * fd, char *dirn, struct RFCNB_Pkt *pkt, int len); + +int RFCNB_Name_To_IP(char *host, struct in_addr *Dest_IP); + +int RFCNB_Close(int socket); + +int RFCNB_IP_Connect(struct in_addr Dest_IP, int port); + +int RFCNB_Session_Req(RFCNB_Con * con, + char *Called_Name, + char *Calling_Name, + BOOL * redirect, + struct in_addr *Dest_IP, + int *port); + +void RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt); --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/rfcnb.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,48 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* Error responses */ + +#include "rfcnb-error.h" +#include "rfcnb-common.h" + +/* Defines we need */ + +#define RFCNB_Default_Port 139 + +/* Definition of routines we define */ + +void *RFCNB_Call(char *Called_Name, char *Calling_Name, char *Called_Address, + int port); + +int RFCNB_Send(void *Con_Handle, struct RFCNB_Pkt *Data, int Length); + +int RFCNB_Recv(void *Con_Handle, struct RFCNB_Pkt *Data, int Length); + +int RFCNB_Hangup(void *con_Handle); + +void *RFCNB_Listen(); + +void RFCNB_Get_Error(char *buffer, int buf_len); --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/session.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,363 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * Session Routines ... + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +int RFCNB_errno = 0; +int RFCNB_saved_errno = 0; +#define RFCNB_ERRNO + +#include "std-includes.h" +#include +#include "rfcnb-priv.h" +#include "rfcnb-util.h" +#include "rfcnb-io.h" + +#include +#include +#include + +int RFCNB_Stats[RFCNB_MAX_STATS]; + +void (*Prot_Print_Routine) () = NULL; /* Pointer to print routine */ + +/* Set up a session with a remote name. We are passed Called_Name as a + * string which we convert to a NetBIOS name, ie space terminated, up to + * 16 characters only if we need to. If Called_Address is not empty, then + * we use it to connect to the remote end, but put in Called_Name ... Called + * Address can be a DNS based name, or a TCP/IP address ... + */ + +void * +RFCNB_Call(char *Called_Name, char *Calling_Name, char *Called_Address, + int port) +{ + struct RFCNB_Con *con; + struct in_addr Dest_IP; + int Client; + BOOL redirect; + struct redirect_addr *redir_addr; + char *Service_Address; + + /* Now, we really should look up the port in /etc/services ... */ + + if (port == 0) + port = RFCNB_Default_Port; + + /* Create a connection structure first */ + + if ((con = (struct RFCNB_Con *) malloc(sizeof(struct RFCNB_Con))) == NULL) { /* Error in size */ + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + return (NULL); + + } + con->fd = -0; /* no descriptor yet */ + con->rfc_errno = 0; /* no error yet */ + con->timeout = 0; /* no timeout */ + con->redirects = 0; + con->redirect_list = NULL; /* Fix bug still in version 0.50 */ + + /* Resolve that name into an IP address */ + + Service_Address = Called_Name; + if (strcmp(Called_Address, "") != 0) { /* If the Called Address = "" */ + Service_Address = Called_Address; + } + if ((errno = RFCNB_Name_To_IP(Service_Address, &Dest_IP)) < 0) { /* Error */ + + /* No need to modify RFCNB_errno as it was done by RFCNB_Name_To_IP */ + + return (NULL); + + } + /* Now connect to the remote end */ + + redirect = TRUE; /* Fudge this one so we go once through */ + + while (redirect) { /* Connect and get session info etc */ + + redirect = FALSE; /* Assume all OK */ + + /* Build the redirect info. First one is first addr called */ + /* And tack it onto the list of addresses we called */ + + if ((redir_addr = (struct redirect_addr *) malloc(sizeof(struct redirect_addr))) == NULL) { /* Could not get space */ + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + return (NULL); + + } + memcpy((char *) &(redir_addr->ip_addr), (char *) &Dest_IP, sizeof(Dest_IP)); + redir_addr->port = port; + redir_addr->next = NULL; + + if (con->redirect_list == NULL) { /* Stick on head */ + + con->redirect_list = con->last_addr = redir_addr; + + } else { + + con->last_addr->next = redir_addr; + con->last_addr = redir_addr; + + } + + /* Now, make that connection */ + + if ((Client = RFCNB_IP_Connect(Dest_IP, port)) < 0) { /* Error */ + + /* No need to modify RFCNB_errno as it was done by RFCNB_IP_Connect */ + + return (NULL); + + } + con->fd = Client; + + /* Now send and handle the RFCNB session request */ + /* If we get a redirect, we will comeback with redirect true + * and a new IP address in DEST_IP */ + + if ((errno = RFCNB_Session_Req(con, + Called_Name, + Calling_Name, + &redirect, &Dest_IP, &port)) < 0) { + + /* No need to modify RFCNB_errno as it was done by RFCNB_Session.. */ + + return (NULL); + + } + if (redirect) { + + /* We have to close the connection, and then try again */ + + (con->redirects)++; + + RFCNB_Close(con->fd); /* Close it */ + + } + } + + return (con); + +} + +/* We send a packet to the other end ... for the moment, we treat the + * data as a series of pointers to blocks of data ... we should check the + * length ... */ + +int +RFCNB_Send(struct RFCNB_Con *Con_Handle, struct RFCNB_Pkt *udata, int Length) +{ + struct RFCNB_Pkt *pkt; + char *hdr; + int len; + + /* Plug in the header and send the data */ + + pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Hdr_Len); + + if (pkt == NULL) { + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + pkt->next = udata; /* The user data we want to send */ + + hdr = pkt->data; + + /* Following crap is for portability across multiple UNIX machines */ + + *(hdr + RFCNB_Pkt_Type_Offset) = RFCNB_SESSION_MESSAGE; + RFCNB_Put_Pkt_Len(hdr, Length); + +#ifdef RFCNB_DEBUG + + fprintf(stderr, "Sending packet: "); + +#endif + + if ((len = RFCNB_Put_Pkt(Con_Handle, pkt, Length + RFCNB_Pkt_Hdr_Len)) < 0) { + + /* No need to change RFCNB_errno as it was done by put_pkt ... */ + + return (RFCNBE_Bad); /* Should be able to write that lot ... */ + + } + /* Now we have sent that lot, let's get rid of the RFCNB Header and return */ + + pkt->next = NULL; + + RFCNB_Free_Pkt(pkt); + + return (len); + +} + +/* We pick up a message from the internet ... We have to worry about + * non-message packets ... */ + +int +RFCNB_Recv(void *con_Handle, struct RFCNB_Pkt *Data, int Length) +{ + struct RFCNB_Pkt *pkt; + int ret_len; + + if (con_Handle == NULL) { + + RFCNB_errno = RFCNBE_BadHandle; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + /* Now get a packet from below. We allocate a header first */ + + /* Plug in the header and send the data */ + + pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Hdr_Len); + + if (pkt == NULL) { + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + pkt->next = Data; /* Plug in the data portion */ + + if ((ret_len = RFCNB_Get_Pkt(con_Handle, pkt, Length + RFCNB_Pkt_Hdr_Len)) < 0) { + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Bad packet return in RFCNB_Recv... \n"); +#endif + + return (RFCNBE_Bad); + + } + /* We should check that we go a message and not a keep alive */ + + pkt->next = NULL; + + RFCNB_Free_Pkt(pkt); + + return (ret_len); + +} + +/* We just disconnect from the other end, as there is nothing in the RFCNB */ +/* protocol that specifies any exchange as far as I can see */ + +int +RFCNB_Hangup(struct RFCNB_Con *con_Handle) +{ + + if (con_Handle != NULL) { + RFCNB_Close(con_Handle->fd); /* Could this fail? */ + free(con_Handle); + } + return 0; + + +} + +/* Set TCP_NODELAY on the socket */ + +int +RFCNB_Set_Sock_NoDelay(struct RFCNB_Con *con_Handle, BOOL yn) +{ + + return (setsockopt(con_Handle->fd, IPPROTO_TCP, TCP_NODELAY, + (char *) &yn, sizeof(yn))); + +} + + +/* Listen for a connection on a port???, when */ +/* the connection comes in, we return with the connection */ + +void +RFCNB_Listen() +{ + +} + +/* Pick up the last error response as a string, hmmm, this routine should */ +/* have been different ... */ + +void +RFCNB_Get_Error(char *buffer, int buf_len) +{ + + if (RFCNB_saved_errno <= 0) { + sprintf(buffer, "%s", RFCNB_Error_Strings[RFCNB_errno]); + } else { + sprintf(buffer, "%s\n\terrno:%s", RFCNB_Error_Strings[RFCNB_errno], + strerror(RFCNB_saved_errno)); + } + +} + +/* Pick up the last error response and returns as a code */ + +int +RFCNB_Get_Last_Error() +{ + + return (RFCNB_errno); + +} + +/* Pick up saved errno as well */ + +int +RFCNB_Get_Last_Errno() +{ + + return (RFCNB_saved_errno); + +} + +/* Pick up the last error response and return in string ... */ + +void +RFCNB_Get_Error_Msg(int code, char *msg_buf, int len) +{ + + strncpy(msg_buf, RFCNB_Error_Strings[abs(code)], len); + +} + +/* Register a higher level protocol print routine */ + +void +RFCNB_Register_Print_Routine(void (*fn) ()) +{ + + Prot_Print_Routine = fn; + +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/smbdes.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,364 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * + * a partial implementation of DES designed for use in the + * SMB authentication protocol + * + * Copyright (C) Andrew Tridgell 1997 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +/* NOTES: + * + * This code makes no attempt to be fast! In fact, it is a very + * slow implementation + * + * This code is NOT a complete DES implementation. It implements only + * the minimum necessary for SMB authentication, as used by all SMB + * products (including every copy of Microsoft Windows95 ever sold) + * + * In particular, it can only do a unchained forward DES pass. This + * means it is not possible to use this code for encryption/decryption + * of data, instead it is only useful as a "hash" algorithm. + * + * There is no entry point into this code that allows normal DES operation. + * + * I believe this means that this code does not come under ITAR + * regulations but this is NOT a legal opinion. If you are concerned + * about the applicability of ITAR regulations to this code then you + * should confirm it for yourself (and maybe let me know if you come + * up with a different answer to the one above) + */ + + + +static int perm1[56] = +{57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4}; + +static int perm2[48] = +{14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32}; + +static int perm3[64] = +{58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7}; + +static int perm4[48] = +{32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1}; + +static int perm5[32] = +{16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25}; + + +static int perm6[64] = +{40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25}; + + +static int sc[16] = +{1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}; + +static int sbox[8][4][16] = +{ + { + {14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, + {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, + {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, + {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, + + { + {15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, + {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, + {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, + {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, + + { + {10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, + {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, + {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, + {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, + + { + {7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, + {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, + {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, + {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, + + { + {2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, + {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, + {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, + {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, + + { + {12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, + {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, + {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, + {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, + + { + {4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, + {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, + {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, + {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, + + { + {13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, + {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, + {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, + {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}}; + +static void +permute(char *out, char *in, int *p, int n) +{ + int i; + for (i = 0; i < n; i++) + out[i] = in[p[i] - 1]; +} + +static void +lshift(char *d, int count, int n) +{ + char out[64]; + int i; + for (i = 0; i < n; i++) + out[i] = d[(i + count) % n]; + for (i = 0; i < n; i++) + d[i] = out[i]; +} + +static void +concat(char *out, char *in1, char *in2, int l1, int l2) +{ + while (l1--) + *out++ = *in1++; + while (l2--) + *out++ = *in2++; +} + +static void +xor(char *out, char *in1, char *in2, int n) +{ + int i; + for (i = 0; i < n; i++) + out[i] = in1[i] ^ in2[i]; +} + +static void +dohash(char *out, char *in, char *key) +{ + int i, j, k; + char pk1[56]; + char c[28]; + char d[28]; + char cd[56]; + char ki[16][48]; + char pd1[64]; + char l[32], r[32]; + char rl[64]; + + permute(pk1, key, perm1, 56); + + for (i = 0; i < 28; i++) + c[i] = pk1[i]; + for (i = 0; i < 28; i++) + d[i] = pk1[i + 28]; + + for (i = 0; i < 16; i++) { + lshift(c, sc[i], 28); + lshift(d, sc[i], 28); + + concat(cd, c, d, 28, 28); + permute(ki[i], cd, perm2, 48); + } + + permute(pd1, in, perm3, 64); + + for (j = 0; j < 32; j++) { + l[j] = pd1[j]; + r[j] = pd1[j + 32]; + } + + for (i = 0; i < 16; i++) { + char er[48]; + char erk[48]; + char b[8][6]; + char cb[32]; + char pcb[32]; + char r2[32]; + + permute(er, r, perm4, 48); + + xor(erk, er, ki[i], 48); + + for (j = 0; j < 8; j++) + for (k = 0; k < 6; k++) + b[j][k] = erk[j * 6 + k]; + + for (j = 0; j < 8; j++) { + int m, n; + m = (b[j][0] << 1) | b[j][5]; + + n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4]; + + for (k = 0; k < 4; k++) + b[j][k] = (sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0; + } + + for (j = 0; j < 8; j++) + for (k = 0; k < 4; k++) + cb[j * 4 + k] = b[j][k]; + permute(pcb, cb, perm5, 32); + + xor(r2, l, pcb, 32); + + for (j = 0; j < 32; j++) + l[j] = r[j]; + + for (j = 0; j < 32; j++) + r[j] = r2[j]; + } + + concat(rl, r, l, 32, 32); + + permute(out, rl, perm6, 64); +} + +static void +str_to_key(unsigned char *str, unsigned char *key) +{ + int i; + + key[0] = str[0] >> 1; + key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); + key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3); + key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4); + key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5); + key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6); + key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7); + key[7] = str[6] & 0x7F; + for (i = 0; i < 8; i++) { + key[i] = (key[i] << 1); + } +} + + +static void +smbhash(unsigned char *out, unsigned char *in, unsigned char *key) +{ + int i; + char outb[64]; + char inb[64]; + char keyb[64]; + unsigned char key2[8]; + + str_to_key(key, key2); + + for (i = 0; i < 64; i++) { + inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; + keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; + outb[i] = 0; + } + + dohash(outb, inb, keyb); + + for (i = 0; i < 8; i++) { + out[i] = 0; + } + + for (i = 0; i < 64; i++) { + if (outb[i]) + out[i / 8] |= (1 << (7 - (i % 8))); + } +} + +void +E_P16(unsigned char *p14, unsigned char *p16) +{ + unsigned char sp8[8] = + {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; + smbhash(p16, sp8, p14); + smbhash(p16 + 8, sp8, p14 + 7); +} + +void +E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24) +{ + smbhash(p24, c8, p21); + smbhash(p24 + 8, c8, p21 + 7); + smbhash(p24 + 16, c8, p21 + 14); +} + +void +cred_hash1(unsigned char *out, unsigned char *in, unsigned char *key) +{ + unsigned char buf[8]; + + smbhash(buf, in, key); + smbhash(out, buf, key + 9); +} + +void +cred_hash2(unsigned char *out, unsigned char *in, unsigned char *key) +{ + unsigned char buf[8]; + static unsigned char key2[8]; + + smbhash(buf, in, key); + key2[0] = key[7]; + smbhash(out, buf, key2); +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/smbencrypt.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,205 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1997 + * Modified by Jeremy Allison 1995. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +/* Antonino #include */ + +#include "smblib-priv.h" +#define uchar unsigned char +extern int DEBUGLEVEL; + +#include "byteorder.h" + +char *StrnCpy(char *dest, char *src, int n); +void strupper(char *s); +extern void E_P16(unsigned char *, unsigned char *); +extern void E_P24(unsigned char *, unsigned char *, unsigned char *); +extern void mdfour(unsigned char *, unsigned char *, int); + + +/* + * This implements the X/Open SMB password encryption + * It takes a password, a 8 byte "crypt key" and puts 24 bytes of + * encrypted password into p24 */ +void +SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) +{ + uchar p14[15], p21[21]; + + memset(p21, '\0', 21); + memset(p14, '\0', 14); + StrnCpy((char *) p14, (char *) passwd, 14); + + strupper((char *) p14); + E_P16(p14, p21); + E_P24(p21, c8, p24); +} + +/* Routines for Windows NT MD4 Hash functions. */ +static int +_my_wcslen(int16 * str) +{ + int len = 0; + while (*str++ != 0) + len++; + return len; +} + +/* + * Convert a string into an NT UNICODE string. + * Note that regardless of processor type + * this must be in intel (little-endian) + * format. + */ + +static int +_my_mbstowcs(int16 * dst, uchar * src, int len) +{ + int i; + int16 val; + + for (i = 0; i < len; i++) { + val = *src; + SSVAL(dst, 0, val); + dst++; + src++; + if (val == 0) + break; + } + return i; +} + +/* + * Creates the MD4 Hash of the users password in NT UNICODE. + */ + +void +E_md4hash(uchar * passwd, uchar * p16) +{ + int len; + int16 wpwd[129]; + + /* Password cannot be longer than 128 characters */ + len = strlen((char *) passwd); + if (len > 128) + len = 128; + /* Password must be converted to NT unicode */ + _my_mbstowcs(wpwd, passwd, len); + wpwd[len] = 0; /* Ensure string is null terminated */ + /* Calculate length in bytes */ + len = _my_wcslen(wpwd) * sizeof(int16); + + mdfour(p16, (unsigned char *) wpwd, len); +} + +/* Does the NT MD4 hash then des encryption. */ + +void +SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) +{ + uchar p21[21]; + + memset(p21, '\0', 21); + + E_md4hash(passwd, p21); + E_P24(p21, c8, p24); +} + +/* Does both the NT and LM owfs of a user's password */ + +void +nt_lm_owf_gen(char *pwd, char *nt_p16, char *p16) +{ + char passwd[130]; + StrnCpy(passwd, pwd, sizeof(passwd) - 1); + + /* Calculate the MD4 hash (NT compatible) of the password */ + memset(nt_p16, '\0', 16); + E_md4hash((uchar *) passwd, (uchar *) nt_p16); + + /* Mangle the passwords into Lanman format */ + passwd[14] = '\0'; + strupper(passwd); + + /* Calculate the SMB (lanman) hash functions of the password */ + + memset(p16, '\0', 16); + E_P16((uchar *) passwd, (uchar *) p16); + + /* clear out local copy of user's password (just being paranoid). */ + bzero(passwd, sizeof(passwd)); +} + +/**************************************************************************** +line strncpy but always null terminates. Make sure there is room! +****************************************************************************/ +char * +StrnCpy(char *dest, char *src, int n) +{ + char *d = dest; + if (!dest) + return (NULL); + if (!src) { + *dest = 0; + return (dest); + } + while (n-- && (*d++ = *src++)); + *d = 0; + return (dest); +} + +void +strupper(char *s) +{ + while (*s) { +#if UNUSED_CODE +#if !defined(KANJI_WIN95_COMPATIBILITY) + if (lp_client_code_page() == KANJI_CODEPAGE) { + + if (is_shift_jis(*s)) { + if (is_sj_lower(s[0], s[1])) + s[1] = sj_toupper2(s[1]); + s += 2; + } else if (is_kana(*s)) { + s++; + } else { + if (islower(*s)) + *s = toupper(*s); + s++; + } + } else +#endif /* KANJI_WIN95_COMPATIBILITY */ +#endif /* UNUSED_CODE */ + { + if (islower(*s)) + *s = toupper(*s); + s++; + } + } +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/smblib-common.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,189 @@ +/* UNIX SMBlib NetBIOS implementation + * + * Version 1.0 + * SMBlib Common Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* To get the error class we want the first 8 bits */ +/* Because we just grab 4bytes from the SMB header, we have to re-order */ +/* here, but it makes the NtStatus part easier in future */ + +#ifndef _SMBLIB_COMMON_H_ +#define _SMBLIB_COMMON_H_ + +#define SMBlib_Error_Class(p) (p & 0x000000FF) + +/* To get the error code, we want the bottom 16 bits */ + +#define SMBlib_Error_Code(p) (((unsigned int)p & 0xFFFF0000) >>16) + +/* Error CLASS codes and etc ... */ + +#define SMBC_SUCCESS 0 +#define SMBC_ERRDOS 0x01 +#define SMBC_ERRSRV 0x02 +#define SMBC_ERRHRD 0x03 +#define SMBC_ERRCMD 0xFF + +/* Success error codes */ + +#define SMBS_BUFFERED 0x54 +#define SMBS_LOGGED 0x55 +#define SMBS_DISPLAYED 0x56 + +/* ERRDOS Error codes */ + +#define SMBD_badfunc 0x01 +#define SMBD_badfile 0x02 +#define SMBD_badpath 0x03 +#define SMBD_nofids 0x04 +#define SMBD_noaccess 0x05 +#define SMBD_badfid 0x06 +#define SMBD_badmcb 0x07 +#define SMBD_nomem 0x08 +#define SMBD_badmem 0x09 +#define SMBD_badenv 0x0A +#define SMBD_badformat 0x0B +#define SMBD_badaccess 0x0C +#define SMBD_baddata 0x0D +#define SMBD_reserved 0x0E +#define SMBD_baddrive 0x0F +#define SMBD_remcd 0x10 +#define SMBD_diffdevice 0x11 +#define SMBD_nofiles 0x12 +#define SMBD_badshare 0x20 +#define SMBD_errlock 0x21 +#define SMBD_filexists 0x50 + +/* Server errors ... */ + +#define SMBV_error 0x01 /* Generic error */ +#define SMBV_badpw 0x02 +#define SMBV_badtype 0x03 +#define SMBV_access 0x04 +#define SMBV_invnid 0x05 +#define SMBV_invnetname 0x06 +#define SMBV_invdevice 0x07 +#define SMBV_qfull 0x31 +#define SMBV_qtoobig 0x32 +#define SMBV_qeof 0x33 +#define SMBV_invpfid 0x34 +#define SMBV_paused 0x51 +#define SMBV_msgoff 0x52 +#define SMBV_noroom 0x53 +#define SMBV_rmuns 0x57 +#define SMBV_nosupport 0xFFFF + +/* Hardware error codes ... */ + +#define SMBH_nowrite 0x13 +#define SMBH_badunit 0x14 +#define SMBH_notready 0x15 +#define SMBH_badcmd 0x16 +#define SMBH_data 0x17 +#define SMBH_badreq 0x18 +#define SMBH_seek 0x19 +#define SMBH_badmedia 0x1A +#define SMBH_badsector 0x1B +#define SMBH_nopaper 0x1C +#define SMBH_write 0x1D +#define SMBH_read 0x1E +#define SMBH_general 0x1F +#define SMBH_badshare 0x20 + +/* Access mode defines ... */ + +#define SMB_AMODE_WTRU 0x4000 +#define SMB_AMODE_NOCACHE 0x1000 +#define SMB_AMODE_COMPAT 0x0000 +#define SMB_AMODE_DENYRWX 0x0010 +#define SMB_AMODE_DENYW 0x0020 +#define SMB_AMODE_DENYRX 0x0030 +#define SMB_AMODE_DENYNONE 0x0040 +#define SMB_AMODE_OPENR 0x0000 +#define SMB_AMODE_OPENW 0x0001 +#define SMB_AMODE_OPENRW 0x0002 +#define SMB_AMODE_OPENX 0x0003 +#define SMB_AMODE_FCBOPEN 0x00FF +#define SMB_AMODE_LOCUNKN 0x0000 +#define SMB_AMODE_LOCMSEQ 0x0100 +#define SMB_AMODE_LOCMRAN 0x0200 +#define SMB_AMODE_LOCRAL 0x0300 + +/* File attribute encoding ... */ + +#define SMB_FA_ORD 0x00 +#define SMB_FA_ROF 0x01 +#define SMB_FA_HID 0x02 +#define SMB_FA_SYS 0x04 +#define SMB_FA_VOL 0x08 +#define SMB_FA_DIR 0x10 +#define SMB_FA_ARC 0x20 + +/* Define the protocol types ... */ + +#define SMB_P_Unknown -1 /* Hmmm, is this smart? */ +#define SMB_P_Core 0 +#define SMB_P_CorePlus 1 +#define SMB_P_DOSLanMan1 2 +#define SMB_P_LanMan1 3 +#define SMB_P_DOSLanMan2 4 +#define SMB_P_LanMan2 5 +#define SMB_P_DOSLanMan2_1 6 +#define SMB_P_LanMan2_1 7 +#define SMB_P_NT1 8 + +/* SMBlib return codes */ +/* We want something that indicates whether or not the return code was a */ +/* remote error, a local error in SMBlib or returned from lower layer ... */ +/* Wonder if this will work ... */ +/* SMBlibE_Remote = 1 indicates remote error */ +/* SMBlibE_ values < 0 indicate local error with more info available */ +/* SMBlibE_ values >1 indicate local from SMBlib code errors? */ + +#define SMBlibE_Success 0 +#define SMBlibE_Remote 1 /* Remote error, get more info from con */ +#define SMBlibE_BAD -1 +#define SMBlibE_LowerLayer 2 /* Lower layer error */ +#define SMBlibE_NotImpl 3 /* Function not yet implemented */ +#define SMBlibE_ProtLow 4 /* Protocol negotiated does not support req */ +#define SMBlibE_NoSpace 5 /* No space to allocate a structure */ +#define SMBlibE_BadParam 6 /* Bad parameters */ +#define SMBlibE_NegNoProt 7 /* None of our protocols was liked */ +#define SMBlibE_SendFailed 8 /* Sending an SMB failed */ +#define SMBlibE_RecvFailed 9 /* Receiving an SMB failed */ +#define SMBlibE_GuestOnly 10 /* Logged in as guest */ +#define SMBlibE_CallFailed 11 /* Call remote end failed */ +#define SMBlibE_ProtUnknown 12 /* Protocol unknown */ +#define SMBlibE_NoSuchMsg 13 /* Keep this up to date */ + +typedef struct { /* A structure for a Dirent */ + + unsigned char resume_key[21]; /* Don't touch this */ + unsigned char file_attributes; /* Attributes of file */ + unsigned int date_time; /* date and time of last mod */ + unsigned int size; + char filename[13]; /* The name of the file */ + +} SMB_CP_dirent; + +#endif /* _SMBLIB_COMMON_H_ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/smblib-priv.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,604 @@ +/* UNIX SMBlib NetBIOS implementation + * + * Version 1.0 + * SMBlib private Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _SMBLIB_PRIV_H_ +#define _SMBLIB_PRIV_H_ + +#include "std-defines.h" +#include "smblib-common.h" +#include +#include + +#include "byteorder.h" /* Hmmm ... hot good */ + +#define max(a,b) (a < b ? b : a) + +#define SMB_DEF_IDF 0x424D53FF /* "\377SMB" */ + +/* Core protocol commands */ + +#define SMBmkdir 0x00 /* create directory */ +#define SMBrmdir 0x01 /* delete directory */ +#define SMBopen 0x02 /* open file */ +#define SMBcreate 0x03 /* create file */ +#define SMBclose 0x04 /* close file */ +#define SMBflush 0x05 /* flush file */ +#define SMBunlink 0x06 /* delete file */ +#define SMBmv 0x07 /* rename file */ +#define SMBgetatr 0x08 /* get file attributes */ +#define SMBsetatr 0x09 /* set file attributes */ +#define SMBread 0x0A /* read from file */ +#define SMBwrite 0x0B /* write to file */ +#define SMBlock 0x0C /* lock byte range */ +#define SMBunlock 0x0D /* unlock byte range */ +#define SMBctemp 0x0E /* create temporary file */ +#define SMBmknew 0x0F /* make new file */ +#define SMBchkpth 0x10 /* check directory path */ +#define SMBexit 0x11 /* process exit */ +#define SMBlseek 0x12 /* seek */ +#define SMBtcon 0x70 /* tree connect */ +#define SMBtdis 0x71 /* tree disconnect */ +#define SMBnegprot 0x72 /* negotiate protocol */ +#define SMBdskattr 0x80 /* get disk attributes */ +#define SMBsearch 0x81 /* search directory */ +#define SMBsplopen 0xC0 /* open print spool file */ +#define SMBsplwr 0xC1 /* write to print spool file */ +#define SMBsplclose 0xC2 /* close print spool file */ +#define SMBsplretq 0xC3 /* return print queue */ +#define SMBsends 0xD0 /* send single block message */ +#define SMBsendb 0xD1 /* send broadcast message */ +#define SMBfwdname 0xD2 /* forward user name */ +#define SMBcancelf 0xD3 /* cancel forward */ +#define SMBgetmac 0xD4 /* get machine name */ +#define SMBsendstrt 0xD5 /* send start of multi-block message */ +#define SMBsendend 0xD6 /* send end of multi-block message */ +#define SMBsendtxt 0xD7 /* send text of multi-block message */ + +/* CorePlus protocol */ + +#define SMBlockread 0x13 /* Lock a range and read it */ +#define SMBwriteunlock 0x14 /* Unlock a range and then write */ +#define SMBreadbraw 0x1a /* read a block of data without smb header ohead */ +#define SMBwritebraw 0x1d /* write a block of data without smb header ohead */ +#define SMBwritec 0x20 /* secondary write request */ +#define SMBwriteclose 0x2c /* write a file and then close it */ + +/* DOS Extended Protocol */ + +#define SMBreadBraw 0x1A /* read block raw */ +#define SMBreadBmpx 0x1B /* read block multiplexed */ +#define SMBreadBs 0x1C /* read block (secondary response) */ +#define SMBwriteBraw 0x1D /* write block raw */ +#define SMBwriteBmpx 0x1E /* write block multiplexed */ +#define SMBwriteBs 0x1F /* write block (secondary request) */ +#define SMBwriteC 0x20 /* write complete response */ +#define SMBsetattrE 0x22 /* set file attributes expanded */ +#define SMBgetattrE 0x23 /* get file attributes expanded */ +#define SMBlockingX 0x24 /* lock/unlock byte ranges and X */ +#define SMBtrans 0x25 /* transaction - name, bytes in/out */ +#define SMBtranss 0x26 /* transaction (secondary request/response) */ +#define SMBioctl 0x27 /* IOCTL */ +#define SMBioctls 0x28 /* IOCTL (secondary request/response) */ +#define SMBcopy 0x29 /* copy */ +#define SMBmove 0x2A /* move */ +#define SMBecho 0x2B /* echo */ +#define SMBopenX 0x2D /* open and X */ +#define SMBreadX 0x2E /* read and X */ +#define SMBwriteX 0x2F /* write and X */ +#define SMBsesssetupX 0x73 /* Session Set Up & X (including User Logon) */ +#define SMBtconX 0x75 /* tree connect and X */ +#define SMBffirst 0x82 /* find first */ +#define SMBfunique 0x83 /* find unique */ +#define SMBfclose 0x84 /* find close */ +#define SMBinvalid 0xFE /* invalid command */ + +/* Any more ? */ + +#define SMBdatablockID 0x01 /* A data block identifier */ +#define SMBdialectID 0x02 /* A dialect id */ +#define SMBpathnameID 0x03 /* A pathname ID */ +#define SMBasciiID 0x04 /* An ascii string ID */ +#define SMBvariableblockID 0x05 /* A variable block ID */ + +/* some other defines we need */ + +/* Flags defines ... */ + +#define SMB_FLG2_NON_DOS 0x01 /* We know non dos names */ +#define SMB_FLG2_EXT_ATR 0x02 /* We know about Extended Attributes */ +#define SMB_FLG2_LNG_NAM 0x04 /* Long names ? */ + +typedef unsigned short WORD; +typedef unsigned short UWORD; +typedef unsigned int ULONG; +typedef unsigned char BYTE; +typedef unsigned char UCHAR; + +/* Some macros to allow access to actual packet data so that we */ +/* can change the underlying representation of packets. */ +/* */ +/* The current formats vying for attention are a fragment */ +/* approach where the SMB header is a fragment linked to the */ +/* data portion with the transport protocol (rfcnb or whatever) */ +/* being linked on the front. */ +/* */ +/* The other approach is where the whole packet is one array */ +/* of bytes with space allowed on the front for the packet */ +/* headers. */ + +#define SMB_Hdr(p) (char *)(p -> data) + +/* SMB Hdr def for File Sharing Protocol? From MS and Intel, */ +/* Intel PN 138446 Doc Version 2.0, Nov 7, 1988. This def also */ +/* applies to LANMAN1.0 as well as the Core Protocol */ +/* The spec states that wct and bcc must be present, even if 0 */ + +/* We define these as offsets into a char SMB[] array for the */ +/* sake of portability */ + +/* NOTE!. Some of the lenght defines, SMB__len do not include */ +/* the data that follows in the SMB packet, so the code will have to */ +/* take that into account. */ + +#define SMB_hdr_idf_offset 0 /* 0xFF,'SMB' 0-3 */ +#define SMB_hdr_com_offset 4 /* BYTE 4 */ +#define SMB_hdr_rcls_offset 5 /* BYTE 5 */ +#define SMB_hdr_reh_offset 6 /* BYTE 6 */ +#define SMB_hdr_err_offset 7 /* WORD 7 */ +#define SMB_hdr_reb_offset 9 /* BYTE 9 */ +#define SMB_hdr_flg_offset 9 /* same as reb ... */ +#define SMB_hdr_res_offset 10 /* 7 WORDs 10 */ +#define SMB_hdr_res0_offset 10 /* WORD 10 */ +#define SMB_hdr_flg2_offset 10 /* WORD */ +#define SMB_hdr_res1_offset 12 /* WORD 12 */ +#define SMB_hdr_res2_offset 14 +#define SMB_hdr_res3_offset 16 +#define SMB_hdr_res4_offset 18 +#define SMB_hdr_res5_offset 20 +#define SMB_hdr_res6_offset 22 +#define SMB_hdr_tid_offset 24 +#define SMB_hdr_pid_offset 26 +#define SMB_hdr_uid_offset 28 +#define SMB_hdr_mid_offset 30 +#define SMB_hdr_wct_offset 32 + +#define SMB_hdr_len 33 /* 33 byte header? */ + +#define SMB_hdr_axc_offset 33 /* AndX Command */ +#define SMB_hdr_axr_offset 34 /* AndX Reserved */ +#define SMB_hdr_axo_offset 35 /* Offset from start to WCT of AndX cmd */ + +/* Format of the Negotiate Protocol SMB */ + +#define SMB_negp_bcc_offset 33 +#define SMB_negp_buf_offset 35 /* Where the buffer starts */ +#define SMB_negp_len 35 /* plus the data */ + +/* Format of the Negotiate Response SMB, for CoreProtocol, LM1.2 and */ +/* NT LM 0.12. wct will be 1 for CoreProtocol, 13 for LM 1.2, and 17 */ +/* for NT LM 0.12 */ + +#define SMB_negrCP_idx_offset 33 /* Response to the neg req */ +#define SMB_negrCP_bcc_offset 35 +#define SMB_negrLM_idx_offset 33 /* dialect index */ +#define SMB_negrLM_sec_offset 35 /* Security mode */ +#define SMB_sec_user_mask 0x01 /* 0 = share, 1 = user */ +#define SMB_sec_encrypt_mask 0x02 /* pick out encrypt */ +#define SMB_negrLM_mbs_offset 37 /* max buffer size */ +#define SMB_negrLM_mmc_offset 39 /* max mpx count */ +#define SMB_negrLM_mnv_offset 41 /* max number of VCs */ +#define SMB_negrLM_rm_offset 43 /* raw mode support bit vec */ +#define SMB_read_raw_mask 0x01 +#define SMB_write_raw_mask 0x02 +#define SMB_negrLM_sk_offset 45 /* session key, 32 bits */ +#define SMB_negrLM_st_offset 49 /* Current server time */ +#define SMB_negrLM_sd_offset 51 /* Current server date */ +#define SMB_negrLM_stz_offset 53 /* Server Time Zone */ +#define SMB_negrLM_ekl_offset 55 /* encryption key length */ +#define SMB_negrLM_res_offset 57 /* reserved */ +#define SMB_negrLM_bcc_offset 59 /* bcc */ +#define SMB_negrLM_len 61 /* 61 bytes ? */ +#define SMB_negrLM_buf_offset 61 /* Where the fun begins */ + +#define SMB_negrNTLM_idx_offset 33 /* Selected protocol */ +#define SMB_negrNTLM_sec_offset 35 /* Security more */ +#define SMB_negrNTLM_mmc_offset 36 /* Different format above */ +#define SMB_negrNTLM_mnv_offset 38 /* Max VCs */ +#define SMB_negrNTLM_mbs_offset 40 /* MBS now a long */ +#define SMB_negrNTLM_mrs_offset 44 /* Max raw size */ +#define SMB_negrNTLM_sk_offset 48 /* Session Key */ +#define SMB_negrNTLM_cap_offset 52 /* Capabilities */ +#define SMB_negrNTLM_stl_offset 56 /* Server time low */ +#define SMB_negrNTLM_sth_offset 60 /* Server time high */ +#define SMB_negrNTLM_stz_offset 64 /* Server time zone */ +#define SMB_negrNTLM_ekl_offset 66 /* Encrypt key len */ +#define SMB_negrNTLM_bcc_offset 67 /* Bcc */ +#define SMB_negrNTLM_len 69 +#define SMB_negrNTLM_buf_offset 69 + +/* Offsets related to Tree Connect */ + +#define SMB_tcon_bcc_offset 33 +#define SMB_tcon_buf_offset 35 /* where the data is for tcon */ +#define SMB_tcon_len 35 /* plus the data */ + +#define SMB_tconr_mbs_offset 33 /* max buffer size */ +#define SMB_tconr_tid_offset 35 /* returned tree id */ +#define SMB_tconr_bcc_offset 37 +#define SMB_tconr_len 39 + +#define SMB_tconx_axc_offset 33 /* And X Command */ +#define SMB_tconx_axr_offset 34 /* reserved */ +#define SMB_tconx_axo_offset 35 /* Next command offset */ +#define SMB_tconx_flg_offset 37 /* Flags, bit0=1 means disc TID */ +#define SMB_tconx_pwl_offset 39 /* Password length */ +#define SMB_tconx_bcc_offset 41 /* bcc */ +#define SMB_tconx_buf_offset 43 /* buffer */ +#define SMB_tconx_len 43 /* up to data ... */ + +#define SMB_tconxr_axc_offset 33 /* Where the AndX Command is */ +#define SMB_tconxr_axr_offset 34 /* Reserved */ +#define SMB_tconxr_axo_offset 35 /* AndX offset location */ + +/* Offsets related to tree_disconnect */ + +#define SMB_tdis_bcc_offset 33 /* bcc */ +#define SMB_tdis_len 35 /* total len */ + +#define SMB_tdisr_bcc_offset 33 /* bcc */ +#define SMB_tdisr_len 35 + +/* Offsets related to Open Request */ + +#define SMB_open_mod_offset 33 /* Mode to open with */ +#define SMB_open_atr_offset 35 /* Attributes of file */ +#define SMB_open_bcc_offset 37 /* bcc */ +#define SMB_open_buf_offset 39 /* File name */ +#define SMB_open_len 39 /* Plus the file name */ + +#define SMB_openx_axc_offset 33 /* Next command */ +#define SMB_openx_axr_offset 34 /* Reserved */ +#define SMB_openx_axo_offset 35 /* offset of next wct */ +#define SMB_openx_flg_offset 37 /* Flags, bit0 = need more info */ + /* bit1 = exclusive oplock */ + /* bit2 = batch oplock */ +#define SMB_openx_mod_offset 39 /* mode to open with */ +#define SMB_openx_atr_offset 41 /* search attributes */ +#define SMB_openx_fat_offset 43 /* File attributes */ +#define SMB_openx_tim_offset 45 /* time and date of creat */ +#define SMB_openx_ofn_offset 49 /* Open function */ +#define SMB_openx_als_offset 51 /* Space to allocate on */ +#define SMB_openx_res_offset 55 /* reserved */ +#define SMB_openx_bcc_offset 63 /* bcc */ +#define SMB_openx_buf_offset 65 /* Where file name goes */ +#define SMB_openx_len 65 + +#define SMB_openr_fid_offset 33 /* FID returned */ +#define SMB_openr_atr_offset 35 /* Attributes opened with */ +#define SMB_openr_tim_offset 37 /* Last mod time of file */ +#define SMB_openr_fsz_offset 41 /* File size 4 bytes */ +#define SMB_openr_acc_offset 45 /* Access allowed */ +#define SMB_openr_bcc_offset 47 +#define SMB_openr_len 49 + +#define SMB_openxr_axc_offset 33 /* And X command */ +#define SMB_openxr_axr_offset 34 /* reserved */ +#define SMB_openxr_axo_offset 35 /* offset to next command */ +#define SMB_openxr_fid_offset 37 /* FID returned */ +#define SMB_openxr_fat_offset 39 /* File attributes returned */ +#define SMB_openxr_tim_offset 41 /* File creation date etc */ +#define SMB_openxr_fsz_offset 45 /* Size of file */ +#define SMB_openxr_acc_offset 49 /* Access granted */ + +#define SMB_clos_fid_offset 33 /* FID to close */ +#define SMB_clos_tim_offset 35 /* Last mod time */ +#define SMB_clos_bcc_offset 39 /* bcc */ +#define SMB_clos_len 41 + +/* Offsets related to Write requests */ + +#define SMB_write_fid_offset 33 /* FID to write */ +#define SMB_write_cnt_offset 35 /* bytes to write */ +#define SMB_write_ofs_offset 37 /* location to write to */ +#define SMB_write_clf_offset 41 /* advisory count left */ +#define SMB_write_bcc_offset 43 /* bcc = data bytes + 3 */ +#define SMB_write_buf_offset 45 /* Data=0x01, len, data */ +#define SMB_write_len 45 /* plus the data ... */ + +#define SMB_writr_cnt_offset 33 /* Count of bytes written */ +#define SMB_writr_bcc_offset 35 /* bcc */ +#define SMB_writr_len 37 + +/* Offsets related to read requests */ + +#define SMB_read_fid_offset 33 /* FID of file to read */ +#define SMB_read_cnt_offset 35 /* count of words to read */ +#define SMB_read_ofs_offset 37 /* Where to read from */ +#define SMB_read_clf_offset 41 /* Advisory count to go */ +#define SMB_read_bcc_offset 43 +#define SMB_read_len 45 + +#define SMB_readr_cnt_offset 33 /* Count of bytes returned */ +#define SMB_readr_res_offset 35 /* 4 shorts reserved, 8 bytes */ +#define SMB_readr_bcc_offset 43 /* bcc */ +#define SMB_readr_bff_offset 45 /* buffer format char = 0x01 */ +#define SMB_readr_len_offset 46 /* buffer len */ +#define SMB_readr_len 45 /* length of the readr before data */ + +/* Offsets for Create file */ + +#define SMB_creat_atr_offset 33 /* Attributes of new file ... */ +#define SMB_creat_tim_offset 35 /* Time of creation */ +#define SMB_creat_dat_offset 37 /* 4004BCE :-) */ +#define SMB_creat_bcc_offset 39 /* bcc */ +#define SMB_creat_buf_offset 41 +#define SMB_creat_len 41 /* Before the data */ + +#define SMB_creatr_fid_offset 33 /* FID of created file */ + +/* Offsets for Delete file */ + +#define SMB_delet_sat_offset 33 /* search attribites */ +#define SMB_delet_bcc_offset 35 /* bcc */ +#define SMB_delet_buf_offset 37 +#define SMB_delet_len 37 + +/* Offsets for SESSION_SETUP_ANDX for both LM and NT LM protocols */ + +#define SMB_ssetpLM_mbs_offset 37 /* Max buffer Size, allow for AndX */ +#define SMB_ssetpLM_mmc_offset 39 /* max multiplex count */ +#define SMB_ssetpLM_vcn_offset 41 /* VC number if new VC */ +#define SMB_ssetpLM_snk_offset 43 /* Session Key */ +#define SMB_ssetpLM_pwl_offset 47 /* password length */ +#define SMB_ssetpLM_res_offset 49 /* reserved */ +#define SMB_ssetpLM_bcc_offset 53 /* bcc */ +#define SMB_ssetpLM_len 55 /* before data ... */ +#define SMB_ssetpLM_buf_offset 55 + +#define SMB_ssetpNTLM_mbs_offset 37 /* Max Buffer Size for NT LM 0.12 */ + /* and above */ +#define SMB_ssetpNTLM_mmc_offset 39 /* Max Multiplex count */ +#define SMB_ssetpNTLM_vcn_offset 41 /* VC Number */ +#define SMB_ssetpNTLM_snk_offset 43 /* Session key */ +#define SMB_ssetpNTLM_cipl_offset 47 /* Case Insensitive PW Len */ +#define SMB_ssetpNTLM_cspl_offset 49 /* Unicode pw len */ +#define SMB_ssetpNTLM_res_offset 51 /* reserved */ +#define SMB_ssetpNTLM_cap_offset 55 /* server capabilities */ +#define SMB_ssetpNTLM_bcc_offset 59 /* bcc */ +#define SMB_ssetpNTLM_len 61 /* before data */ +#define SMB_ssetpNTLM_buf_offset 61 + +#define SMB_ssetpr_axo_offset 35 /* Offset of next response ... */ +#define SMB_ssetpr_act_offset 37 /* action, bit 0 = 1 => guest */ +#define SMB_ssetpr_bcc_offset 39 /* bcc */ +#define SMB_ssetpr_buf_offset 41 /* Native OS etc */ + +/* Offsets for SMB create directory */ + +#define SMB_creatdir_bcc_offset 33 /* only a bcc here */ +#define SMB_creatdir_buf_offset 35 /* Where things start */ +#define SMB_creatdir_len 35 + +/* Offsets for SMB delete directory */ + +#define SMB_deletdir_bcc_offset 33 /* only a bcc here */ +#define SMB_deletdir_buf_offset 35 /* where things start */ +#define SMB_deletdir_len 35 + +/* Offsets for SMB check directory */ + +#define SMB_checkdir_bcc_offset 33 /* Only a bcc here */ +#define SMB_checkdir_buf_offset 35 /* where things start */ +#define SMB_checkdir_len 35 + +/* Offsets for SMB search */ + +#define SMB_search_mdc_offset 33 /* Max Dir ents to return */ +#define SMB_search_atr_offset 35 /* Search attributes */ +#define SMB_search_bcc_offset 37 /* bcc */ +#define SMB_search_buf_offset 39 /* where the action is */ +#define SMB_search_len 39 + +#define SMB_searchr_dec_offset 33 /* Dir ents returned */ +#define SMB_searchr_bcc_offset 35 /* bcc */ +#define SMB_searchr_buf_offset 37 /* Where the action starts */ +#define SMB_searchr_len 37 /* before the dir ents */ + +#define SMB_searchr_dirent_len 43 /* 53 bytes */ + +/* Defines for SMB transact and transact2 calls */ + +#define SMB_trans_tpc_offset 33 /* Total param count */ +#define SMB_trans_tdc_offset 35 /* total Data count */ +#define SMB_trans_mpc_offset 37 /* Max params bytes to return */ +#define SMB_trans_mdc_offset 39 /* Max data bytes to return */ +#define SMB_trans_msc_offset 41 /* Max setup words to return */ +#define SMB_trans_rs1_offset 42 /* Reserved byte */ +#define SMB_trans_flg_offset 43 /* flags */ +#define SMB_trans_tmo_offset 45 /* Timeout, long */ +#define SMB_trans_rs2_offset 49 /* Next reserved */ +#define SMB_trans_pbc_offset 51 /* Param Byte count in buf */ +#define SMB_trans_pbo_offset 53 /* Offset to param bytes */ +#define SMB_trans_dbc_offset 55 /* Data byte count in buf */ +#define SMB_trans_dbo_offset 57 /* Data byte offset */ +#define SMB_trans_suc_offset 59 /* Setup count - byte */ +#define SMB_trans_rs3_offset 60 /* Reserved to pad ... */ +#define SMB_trans_len 61 /* Up to setup, still need bcc */ + +#define SMB_transr_tpc_offset 33 /* Total param bytes returned */ +#define SMB_transr_tdc_offset 35 +#define SMB_transr_rs1_offset 37 +#define SMB_transr_pbc_offset 39 +#define SMB_transr_pbo_offset 41 +#define SMB_transr_pdi_offset 43 /* parameter displacement */ +#define SMB_transr_dbc_offset 45 +#define SMB_transr_dbo_offset 47 +#define SMB_transr_ddi_offset 49 +#define SMB_transr_suc_offset 51 +#define SMB_transr_rs2_offset 52 +#define SMB_transr_len 53 + +/* Bit masks for SMB Capabilities ... */ + +#define SMB_cap_raw_mode 0x0001 +#define SMB_cap_mpx_mode 0x0002 +#define SMB_cap_unicode 0x0004 +#define SMB_cap_large_files 0x0008 +#define SMB_cap_nt_smbs 0x0010 +#define SMB_rpc_remote_apis 0x0020 +#define SMB_cap_nt_status 0x0040 +#define SMB_cap_level_II_oplocks 0x0080 +#define SMB_cap_lock_and_read 0x0100 +#define SMB_cap_nt_find 0x0200 + +/* SMB LANMAN api call defines */ + +#define SMB_LMapi_SetUserInfo 0x0072 +#define SMB_LMapi_UserPasswordSet 0x0073 + +/* Structures and defines we use in the client interface */ + +/* The protocols we might support. Perhaps a bit ambitious, as only RFCNB */ +/* has any support so far 0(sometimes called NBT) */ + +typedef enum { + SMB_RFCNB, SMB_IPXNB, SMB_NETBEUI, SMB_X25 +} SMB_Transport_Types; + +typedef enum { + SMB_Con_FShare, SMB_Con_PShare, SMB_Con_IPC +} SMB_Con_Types; + +typedef enum { + SMB_State_NoState, SMB_State_Stopped, SMB_State_Started +} SMB_State_Types; + +/* The following two arrays need to be in step! */ +/* We must make it possible for callers to specify these ... */ + + +extern char *SMB_Prots[]; +extern int SMB_Types[]; + +typedef struct SMB_Status { + + union { + struct { + unsigned char ErrorClass; + unsigned char Reserved; + unsigned short Error; + } DosError; + unsigned int NtStatus; + } status; +} SMB_Status; + +typedef struct SMB_Tree_Structure *SMB_Tree_Handle; + +typedef struct SMB_Connect_Def *SMB_Handle_Type; + +struct SMB_Connect_Def { + + SMB_Handle_Type Next_Con, Prev_Con; /* Next and previous conn */ + int protocol; /* What is the protocol */ + int prot_IDX; /* And what is the index */ + void *Trans_Connect; /* The connection */ + + /* All these strings should be malloc'd */ + + char service[80], username[80], password[80], desthost[80], sock_options[80]; + char address[80], myname[80]; + + SMB_Tree_Handle first_tree, last_tree; /* List of trees on this server */ + + int gid; /* Group ID, do we need it? */ + int mid; /* Multiplex ID? We might need one per con */ + int pid; /* Process ID */ + + int uid; /* Authenticated user id. */ + + /* It is pretty clear that we need to bust some of */ + /* these out into a per TCon record, as there may */ + /* be multiple TCon's per server, etc ... later */ + + int port; /* port to use in case not default, this is a TCPism! */ + + int max_xmit; /* Max xmit permitted by server */ + int Security; /* 0 = share, 1 = user */ + int Raw_Support; /* bit 0 = 1 = Read Raw supported, 1 = 1 Write raw */ + BOOL encrypt_passwords; /* FALSE = don't */ + int MaxMPX, MaxVC, MaxRaw; + unsigned int SessionKey, Capabilities; + int SvrTZ; /* Server Time Zone */ + int Encrypt_Key_Len; + char Encrypt_Key[80], Domain[80], PDomain[80], OSName[80], LMType[40]; + char Svr_OS[80], Svr_LMType[80], Svr_PDom[80]; + +}; + +#define SMBLIB_DEFAULT_DOMAIN "STAFF" +#define SMBLIB_DEFAULT_OSNAME "UNIX of some type" +#define SMBLIB_DEFAULT_LMTYPE "SMBlib LM2.1 minus a bit" +#define SMBLIB_MAX_XMIT 65535 + +#define SMB_Sec_Mode_Share 0 +#define SMB_Sec_Mode_User 1 + +/* A Tree_Structure */ + +struct SMB_Tree_Structure { + + SMB_Tree_Handle next, prev; + SMB_Handle_Type con; + char path[129]; + char device_type[20]; + int mbs; /* Local MBS */ + int tid; + +}; + +typedef struct SMB_File_Def SMB_File; + +struct SMB_File_Def { + + SMB_Tree_Handle tree; + char filename[256]; /* We should malloc this ... */ + UWORD fid; + unsigned int lastmod; + unsigned int size; /* Could blow up if 64bit files supported */ + UWORD access; + off_t fileloc; + +}; + +/* global Variables for the library */ + +extern SMB_State_Types SMBlib_State; + +#ifndef SMBLIB_ERRNO +extern int SMBlib_errno; +extern int SMBlib_SMB_Error; /* last Error */ +#endif + +#endif /* _SMBLIB_PRIV_H_ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/smblib-util.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,803 @@ +/* UNIX SMBlib NetBIOS implementation + * + * Version 1.0 + * SMBlib Utility Routines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "smblib-priv.h" + +#include "rfcnb.h" +#include "rfcnb-priv.h" +#include "rfcnb-util.h" + +#include +#include +#include + +char *SMB_Prots[] = +{"PC NETWORK PROGRAM 1.0", + "MICROSOFT NETWORKS 1.03", + "MICROSOFT NETWORKS 3.0", + "DOS LANMAN1.0", + "LANMAN1.0", + "DOS LM1.2X002", + "LM1.2X002", + "DOS LANMAN2.1", + "LANMAN2.1", + "Samba", + "NT LM 0.12", + "NT LANMAN 1.0", + NULL}; + +int SMB_Types[] = +{SMB_P_Core, + SMB_P_CorePlus, + SMB_P_DOSLanMan1, + SMB_P_DOSLanMan1, + SMB_P_LanMan1, + SMB_P_DOSLanMan2, + SMB_P_LanMan2, + SMB_P_LanMan2_1, + SMB_P_LanMan2_1, + SMB_P_NT1, + SMB_P_NT1, + SMB_P_NT1, + -1}; + +/* Print out an SMB pkt in all its gory detail ... */ + +void +SMB_Print_Pkt(FILE fd, RFCNB_Pkt * pkt, BOOL command, int Offset, int Len) +{ + + /* Well, just how do we do this ... print it I suppose */ + + /* Print out the SMB header ... */ + + /* Print the command */ + + /* Print the other bits in the header */ + + + /* etc */ + +} + +/* Convert a DOS Date_Time to a local host type date time for printing */ + +char * +SMB_DOSTimToStr(int DOS_time) +{ + static char SMB_Time_Temp[48]; + int DOS_sec, DOS_min, DOS_hour, DOS_day, DOS_month, DOS_year; + + SMB_Time_Temp[0] = 0; + + DOS_sec = (DOS_time & 0x001F) * 2; + DOS_min = (DOS_time & 0x07E0) >> 5; + DOS_hour = ((DOS_time & 0xF800) >> 11); + + DOS_day = (DOS_time & 0x001F0000) >> 16; + DOS_month = (DOS_time & 0x01E00000) >> 21; + DOS_year = ((DOS_time & 0xFE000000) >> 25) + 80; + + sprintf(SMB_Time_Temp, "%2d/%02d/%2d %2d:%02d:%02d", DOS_day, DOS_month, + DOS_year, DOS_hour, DOS_min, DOS_sec); + + return (SMB_Time_Temp); + +} + +/* Convert an attribute byte/word etc to a string ... We return a pointer + * to a static string which we guarantee is long enough. If verbose is + * true, we print out long form of strings ... */ + +char * +SMB_AtrToStr(int attribs, BOOL verbose) +{ + static char SMB_Attrib_Temp[128]; + + SMB_Attrib_Temp[0] = 0; + + if (attribs & SMB_FA_ROF) + strcat(SMB_Attrib_Temp, (verbose ? "Read Only " : "R")); + + if (attribs & SMB_FA_HID) + strcat(SMB_Attrib_Temp, (verbose ? "Hidden " : "H")); + + if (attribs & SMB_FA_SYS) + strcat(SMB_Attrib_Temp, (verbose ? "System " : "S")); + + if (attribs & SMB_FA_VOL) + strcat(SMB_Attrib_Temp, (verbose ? "Volume " : "V")); + + if (attribs & SMB_FA_DIR) + strcat(SMB_Attrib_Temp, (verbose ? "Directory " : "D")); + + if (attribs & SMB_FA_ARC) + strcat(SMB_Attrib_Temp, (verbose ? "Archive " : "A")); + + return (SMB_Attrib_Temp); + +} + +/* Pick up the Max Buffer Size from the Tree Structure ... */ + +int +SMB_Get_Tree_MBS(SMB_Tree_Handle tree) +{ + if (tree != NULL) { + return (tree->mbs); + } else { + return (SMBlibE_BAD); + } +} + +/* Pick up the Max buffer size */ + +int +SMB_Get_Max_Buf_Siz(SMB_Handle_Type Con_Handle) +{ + if (Con_Handle != NULL) { + return (Con_Handle->max_xmit); + } else { + return (SMBlibE_BAD); + } + +} +/* Pickup the protocol index from the connection structure */ + +int +SMB_Get_Protocol_IDX(SMB_Handle_Type Con_Handle) +{ + if (Con_Handle != NULL) { + return (Con_Handle->prot_IDX); + } else { + return (0xFFFF); /* Invalid protocol */ + } + +} + +/* Pick up the protocol from the connection structure */ + +int +SMB_Get_Protocol(SMB_Handle_Type Con_Handle) +{ + if (Con_Handle != NULL) { + return (Con_Handle->protocol); + } else { + return (0xFFFF); /* Invalid protocol */ + } + +} + +/* Figure out what protocol was accepted, given the list of dialect strings */ +/* We offered, and the index back from the server. We allow for a user */ +/* supplied list, and assume that it is a subset of our list */ + +int +SMB_Figure_Protocol(char *dialects[], int prot_index) +{ + int i; + + if (dialects == SMB_Prots) { /* The jobs is easy, just index into table */ + + return (SMB_Types[prot_index]); + } else { /* Search through SMB_Prots looking for a match */ + + for (i = 0; SMB_Prots[i] != NULL; i++) { + + if (strcmp(dialects[prot_index], SMB_Prots[i]) == 0) { /* A match */ + + return (SMB_Types[i]); + + } + } + + /* If we got here, then we are in trouble, because the protocol was not */ + /* One we understand ... */ + + return (SMB_P_Unknown); + + } + +} + + +/* Negotiate the protocol we will use from the list passed in Prots */ +/* we return the index of the accepted protocol in NegProt, -1 indicates */ +/* none acceptible, and our return value is 0 if ok, <0 if problems */ + +int +SMB_Negotiate(SMB_Handle_Type Con_Handle, char *Prots[]) +{ + struct RFCNB_Pkt *pkt; + int prots_len, i, pkt_len, prot, alloc_len; + char *p; + + /* Figure out how long the prot list will be and allocate space for it */ + + prots_len = 0; + + for (i = 0; Prots[i] != NULL; i++) { + + prots_len = prots_len + strlen(Prots[i]) + 2; /* Account for null etc */ + + } + + /* The -1 accounts for the one byte smb_buf we have because some systems */ + /* don't like char msg_buf[] */ + + pkt_len = SMB_negp_len + prots_len; + + /* Make sure that the pkt len is long enough for the max response ... */ + /* Which is a problem, because the encryption key len eec may be long */ + + if (pkt_len < (SMB_hdr_wct_offset + (19 * 2) + 40)) { + + alloc_len = SMB_hdr_wct_offset + (19 * 2) + 40; + + } else { + + alloc_len = pkt_len; + + } + + pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(alloc_len); + + if (pkt == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + return (SMBlibE_BAD); + + } + /* Now plug in the bits we need */ + + bzero(SMB_Hdr(pkt), SMB_negp_len); + SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ + *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBnegprot; + SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); + *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; + + SSVAL(SMB_Hdr(pkt), SMB_negp_bcc_offset, prots_len); + + /* Now copy the prot strings in with the right stuff */ + + p = (char *) (SMB_Hdr(pkt) + SMB_negp_buf_offset); + + for (i = 0; Prots[i] != NULL; i++) { + + *p = SMBdialectID; + strcpy(p + 1, Prots[i]); + p = p + strlen(Prots[i]) + 2; /* Adjust len of p for null plus dialectID */ + + } + + /* Now send the packet and sit back ... */ + + if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { + + +#ifdef DEBUG + fprintf(stderr, "Error sending negotiate protocol\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_SendFailed; /* Failed, check lower layer errno */ + return (SMBlibE_BAD); + + } + /* Now get the response ... */ + + if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, alloc_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error receiving response to negotiate\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_RecvFailed; /* Failed, check lower layer errno */ + return (SMBlibE_BAD); + + } + if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ + +#ifdef DEBUG + fprintf(stderr, "SMB_Negotiate failed with errorclass = %i, Error Code = %i\n", + CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), + SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); +#endif + + SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_Remote; + return (SMBlibE_BAD); + + } + if (SVAL(SMB_Hdr(pkt), SMB_negrCP_idx_offset) == 0xFFFF) { + +#ifdef DEBUG + fprintf(stderr, "None of our protocols was accepted ... "); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_NegNoProt; + return (SMBlibE_BAD); + + } + /* Now, unpack the info from the response, if any and evaluate the proto */ + /* selected. We must make sure it is one we like ... */ + + Con_Handle->prot_IDX = prot = SVAL(SMB_Hdr(pkt), SMB_negrCP_idx_offset); + Con_Handle->protocol = SMB_Figure_Protocol(Prots, prot); + + if (Con_Handle->protocol == SMB_P_Unknown) { /* No good ... */ + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_ProtUnknown; + return (SMBlibE_BAD); + + } + switch (CVAL(SMB_Hdr(pkt), SMB_hdr_wct_offset)) { + + case 0x01: /* No more info ... */ + + break; + + case 13: /* Up to and including LanMan 2.1 */ + + Con_Handle->Security = SVAL(SMB_Hdr(pkt), SMB_negrLM_sec_offset); + Con_Handle->encrypt_passwords = ((Con_Handle->Security & SMB_sec_encrypt_mask) != 0x00); + Con_Handle->Security = Con_Handle->Security & SMB_sec_user_mask; + + Con_Handle->max_xmit = SVAL(SMB_Hdr(pkt), SMB_negrLM_mbs_offset); + Con_Handle->MaxMPX = SVAL(SMB_Hdr(pkt), SMB_negrLM_mmc_offset); + Con_Handle->MaxVC = SVAL(SMB_Hdr(pkt), SMB_negrLM_mnv_offset); + Con_Handle->Raw_Support = SVAL(SMB_Hdr(pkt), SMB_negrLM_rm_offset); + Con_Handle->SessionKey = IVAL(SMB_Hdr(pkt), SMB_negrLM_sk_offset); + Con_Handle->SvrTZ = SVAL(SMB_Hdr(pkt), SMB_negrLM_stz_offset); + Con_Handle->Encrypt_Key_Len = SVAL(SMB_Hdr(pkt), SMB_negrLM_ekl_offset); + + p = (SMB_Hdr(pkt) + SMB_negrLM_buf_offset); + fprintf(stderr, "%d", (int) (SMB_Hdr(pkt) + SMB_negrLM_buf_offset)); + memcpy(Con_Handle->Encrypt_Key, p, 8); + + p = (SMB_Hdr(pkt) + SMB_negrLM_buf_offset + Con_Handle->Encrypt_Key_Len); + + strncpy(p, Con_Handle->Svr_PDom, sizeof(Con_Handle->Svr_PDom) - 1); + + break; + + case 17: /* NT LM 0.12 and LN LM 1.0 */ + + Con_Handle->Security = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_sec_offset); + Con_Handle->encrypt_passwords = ((Con_Handle->Security & SMB_sec_encrypt_mask) != 0x00); + Con_Handle->Security = Con_Handle->Security & SMB_sec_user_mask; + + Con_Handle->max_xmit = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_mbs_offset); + Con_Handle->MaxMPX = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_mmc_offset); + Con_Handle->MaxVC = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_mnv_offset); + Con_Handle->MaxRaw = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_mrs_offset); + Con_Handle->SessionKey = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_sk_offset); + Con_Handle->SvrTZ = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_stz_offset); + Con_Handle->Encrypt_Key_Len = CVAL(SMB_Hdr(pkt), SMB_negrNTLM_ekl_offset); + + p = (SMB_Hdr(pkt) + SMB_negrNTLM_buf_offset); + memcpy(Con_Handle->Encrypt_Key, p, 8); + p = (SMB_Hdr(pkt) + SMB_negrNTLM_buf_offset + Con_Handle->Encrypt_Key_Len); + + strncpy(p, Con_Handle->Svr_PDom, sizeof(Con_Handle->Svr_PDom) - 1); + + break; + + default: + +#ifdef DEBUG + fprintf(stderr, "Unknown NegProt response format ... Ignored\n"); + fprintf(stderr, " wct = %i\n", CVAL(SMB_Hdr(pkt), SMB_hdr_wct_offset)); +#endif + + break; + } + +#ifdef DEBUG + fprintf(stderr, "Protocol selected is: %i:%s\n", prot, Prots[prot]); +#endif + + RFCNB_Free_Pkt(pkt); + return (0); + +} + +/* Get our hostname */ + +void +SMB_Get_My_Name(char *name, int len) +{ + + if (gethostname(name, len) < 0) { /* Error getting name */ + + strncpy(name, "unknown", len); + + /* Should check the error */ + +#ifdef DEBUG + fprintf(stderr, "gethostname in SMB_Get_My_Name returned error:"); + perror(""); +#endif + + } + /* only keep the portion up to the first "." */ + + +} + +/* Send a TCON to the remote server ... */ + +SMB_Tree_Handle +SMB_TreeConnect(SMB_Handle_Type Con_Handle, + SMB_Tree_Handle Tree_Handle, + char *path, + char *password, + char *device) +{ + struct RFCNB_Pkt *pkt; + int param_len, pkt_len; + char *p; + SMB_Tree_Handle tree; + + /* Figure out how much space is needed for path, password, dev ... */ + + if ((path == NULL) | (password == NULL) | (device == NULL)) { + +#ifdef DEBUG + fprintf(stderr, "Bad parameter passed to SMB_TreeConnect\n"); +#endif + + SMBlib_errno = SMBlibE_BadParam; + return (NULL); + + } + /* The + 2 is because of the \0 and the marker ... */ + + param_len = strlen(path) + 2 + strlen(password) + 2 + strlen(device) + 2; + + /* The -1 accounts for the one byte smb_buf we have because some systems */ + /* don't like char msg_buf[] */ + + pkt_len = SMB_tcon_len + param_len; + + pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); + + if (pkt == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + return (NULL); /* Should handle the error */ + + } + /* Now allocate a tree for this to go into ... */ + + if (Tree_Handle == NULL) { + + tree = (SMB_Tree_Handle) malloc(sizeof(struct SMB_Tree_Structure)); + + if (tree == NULL) { + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_NoSpace; + return (NULL); + + } + } else { + + tree = Tree_Handle; + + } + + tree->next = tree->prev = NULL; + tree->con = Con_Handle; + strncpy(tree->path, path, sizeof(tree->path)); + strncpy(tree->device_type, device, sizeof(tree->device_type)); + + /* Now plug in the values ... */ + + bzero(SMB_Hdr(pkt), SMB_tcon_len); + SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ + *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBtcon; + SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); + *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; + + SSVAL(SMB_Hdr(pkt), SMB_tcon_bcc_offset, param_len); + + /* Now copy the param strings in with the right stuff */ + + p = (char *) (SMB_Hdr(pkt) + SMB_tcon_buf_offset); + *p = SMBasciiID; + strcpy(p + 1, path); + p = p + strlen(path) + 2; + *p = SMBasciiID; + strcpy(p + 1, password); + p = p + strlen(password) + 2; + *p = SMBasciiID; + strcpy(p + 1, device); + + /* Now send the packet and sit back ... */ + + if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error sending TCon request\n"); +#endif + + if (Tree_Handle == NULL) + free(tree); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_SendFailed; + return (NULL); + + } + /* Now get the response ... */ + + if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error receiving response to TCon\n"); +#endif + + if (Tree_Handle == NULL) + free(tree); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_RecvFailed; + return (NULL); + + } + /* Check out the response type ... */ + + if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ + +#ifdef DEBUG + fprintf(stderr, "SMB_TCon failed with errorclass = %i, Error Code = %i\n", + CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), + SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); +#endif + + if (Tree_Handle == NULL) + free(tree); + SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_Remote; + return (NULL); + + } + tree->tid = SVAL(SMB_Hdr(pkt), SMB_tconr_tid_offset); + tree->mbs = SVAL(SMB_Hdr(pkt), SMB_tconr_mbs_offset); + +#ifdef DEBUG + fprintf(stderr, "TConn succeeded, with TID=%i, Max Xmit=%i\n", + tree->tid, tree->mbs); +#endif + + /* Now link the Tree to the Server Structure ... */ + + if (Con_Handle->first_tree == NULL) { + + Con_Handle->first_tree = tree; + Con_Handle->last_tree = tree; + + } else { + + Con_Handle->last_tree->next = tree; + tree->prev = Con_Handle->last_tree; + Con_Handle->last_tree = tree; + + } + + RFCNB_Free_Pkt(pkt); + return (tree); + +} + +int +SMB_TreeDisconnect(SMB_Tree_Handle Tree_Handle, BOOL discard) +{ + struct RFCNB_Pkt *pkt; + int pkt_len; + + pkt_len = SMB_tdis_len; + + pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); + + if (pkt == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + return (SMBlibE_BAD); /* Should handle the error */ + + } + /* Now plug in the values ... */ + + bzero(SMB_Hdr(pkt), SMB_tdis_len); + SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ + *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBtdis; + SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Tree_Handle->con->pid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Tree_Handle->con->mid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Tree_Handle->con->uid); + *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; + + SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, Tree_Handle->tid); + SSVAL(SMB_Hdr(pkt), SMB_tcon_bcc_offset, 0); + + /* Now send the packet and sit back ... */ + + if (RFCNB_Send(Tree_Handle->con->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error sending TDis request\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_SendFailed; + return (SMBlibE_BAD); + + } + /* Now get the response ... */ + + if (RFCNB_Recv(Tree_Handle->con->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error receiving response to TCon\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_RecvFailed; + return (SMBlibE_BAD); + + } + /* Check out the response type ... */ + + if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ + +#ifdef DEBUG + fprintf(stderr, "SMB_TDis failed with errorclass = %i, Error Code = %i\n", + CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), + SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); +#endif + + SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_Remote; + return (SMBlibE_BAD); + + } + Tree_Handle->tid = 0xFFFF; /* Invalid TID */ + Tree_Handle->mbs = 0; /* Invalid */ + +#ifdef DEBUG + + fprintf(stderr, "Tree disconnect successful ...\n"); + +#endif + + /* What about the tree handle ? */ + + if (discard == TRUE) { /* Unlink it and free it ... */ + + if (Tree_Handle->next == NULL) + Tree_Handle->con->first_tree = Tree_Handle->prev; + else + Tree_Handle->next->prev = Tree_Handle->prev; + + if (Tree_Handle->prev == NULL) + Tree_Handle->con->last_tree = Tree_Handle->next; + else + Tree_Handle->prev->next = Tree_Handle->next; + + } + RFCNB_Free_Pkt(pkt); + return (0); + +} + +/* Pick up the last LMBlib error ... */ + +int +SMB_Get_Last_Error() +{ + + return (SMBlib_errno); + +} + +/* Pick up the last error returned in an SMB packet */ +/* We will need macros to extract error class and error code */ + +int +SMB_Get_Last_SMB_Err() +{ + + return (SMBlib_SMB_Error); + +} + +/* Pick up the error message associated with an error from SMBlib */ + +/* Keep this table in sync with the message codes in smblib-common.h */ + +static char *SMBlib_Error_Messages[] = +{ + + "Request completed sucessfully.", + "Server returned a non-zero SMB Error Class and Code.", + "A lower layer protocol error occurred.", + "Function not yet implemented.", + "The protocol negotiated does not support the request.", + "No space available for operation.", + "One or more bad parameters passed.", + "None of the protocols we offered were accepted.", + "The attempt to send an SMB request failed. See protocol error info.", + "The attempt to get an SMB response failed. See protocol error info.", + "The logon request failed, but you were logged in as guest.", + "The attempt to call the remote server failed. See protocol error info.", + "The protocol dialect specified in a NegProt and accepted by the server is unknown.", + /* This next one simplifies error handling */ + "No such error code.", + NULL}; + +void +SMB_Get_Error_Msg(int msg, char *msgbuf, int len) +{ + + if (msg >= 0) { + + strncpy(msgbuf, + SMBlib_Error_Messages[msg > SMBlibE_NoSuchMsg ? SMBlibE_NoSuchMsg : msg], + len - 1); + msgbuf[len - 1] = 0; /* Make sure it is a string */ + } else { /* Add the lower layer message ... */ + + char prot_msg[1024]; + + msg = -msg; /* Make it positive */ + + strncpy(msgbuf, + SMBlib_Error_Messages[msg > SMBlibE_NoSuchMsg ? SMBlibE_NoSuchMsg : msg], + len - 1); + + msgbuf[len - 1] = 0; /* make sure it is a string */ + + if (strlen(msgbuf) < len) { /* If there is space, put rest in */ + + strncat(msgbuf, "\n\t", len - strlen(msgbuf)); + + RFCNB_Get_Error(prot_msg, sizeof(prot_msg) - 1); + + strncat(msgbuf, prot_msg, len - strlen(msgbuf)); + + } + } + +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/smblib.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,555 @@ +/* UNIX SMBlib NetBIOS implementation + * + * Version 1.0 + * SMBlib Routines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +int SMBlib_errno; +int SMBlib_SMB_Error; +#define SMBLIB_ERRNO +#define uchar unsigned char +#include "smblib-priv.h" +#include "smblib.h" +#include "rfcnb-priv.h" +#include "rfcnb.h" +#include "rfcnb-util.h" + +#include +#include +#include +#include + +#include + +SMB_State_Types SMBlib_State; + +extern int RFCNB_Set_Sock_NoDelay(RFCNB_Con *, BOOL); +extern void SMB_Get_My_Name(char *, int); + +/* Initialize the SMBlib package */ + +int +SMB_Init() +{ + + SMBlib_State = SMB_State_Started; + + signal(SIGPIPE, SIG_IGN); /* Ignore these ... */ + +/* If SMBLIB_Instrument is defines, turn on the instrumentation stuff */ +#ifdef SMBLIB_INSTRUMENT + + SMBlib_Instrument_Init(); + +#endif + + return 0; + +} + +int +SMB_Term() +{ + +#ifdef SMBLIB_INSTRUMENT + + SMBlib_Instrument_Term(); /* Clean up and print results */ + +#endif + + return 0; + +} + +/* SMB_Create: Create a connection structure and return for later use */ +/* We have other helper routines to set variables */ + +SMB_Handle_Type +SMB_Create_Con_Handle(void) +{ + + SMBlib_errno = SMBlibE_NotImpl; + return (NULL); + +} + +int +SMBlib_Set_Sock_NoDelay(SMB_Handle_Type Con_Handle, BOOL yn) +{ + + + if (RFCNB_Set_Sock_NoDelay(Con_Handle->Trans_Connect, yn) < 0) { + +#ifdef DEBUG +#endif + + fprintf(stderr, "Setting no-delay on TCP socket failed ...\n"); + + } + return (0); + +} + +/* SMB_Connect_Server: Connect to a server, but don't negotiate protocol */ +/* or anything else ... */ + +SMB_Handle_Type +SMB_Connect_Server(SMB_Handle_Type Con_Handle, + char *server, char *NTdomain) +{ + SMB_Handle_Type con; + char called[80], calling[80], *address; + int i; + + /* Get a connection structure if one does not exist */ + + con = Con_Handle; + + if (Con_Handle == NULL) { + + if ((con = (struct SMB_Connect_Def *) malloc(sizeof(struct SMB_Connect_Def))) == NULL) { + + + SMBlib_errno = SMBlibE_NoSpace; + return NULL; + } + } + /* Init some things ... */ + + strcpy(con->service, ""); + strcpy(con->username, ""); + strcpy(con->password, ""); + strcpy(con->sock_options, ""); + strcpy(con->address, ""); + strcpy(con->desthost, server); + strcpy(con->PDomain, NTdomain); + strcpy(con->OSName, SMBLIB_DEFAULT_OSNAME); + strcpy(con->LMType, SMBLIB_DEFAULT_LMTYPE); + con->first_tree = con->last_tree = NULL; + + SMB_Get_My_Name(con->myname, sizeof(con->myname)); + + con->port = 0; /* No port selected */ + + /* Get some things we need for the SMB Header */ + + con->pid = getpid(); + con->mid = con->pid; /* This will do for now ... */ + con->uid = 0; /* Until we have done a logon, no uid ... */ + con->gid = getgid(); + + /* Now connect to the remote end, but first upper case the name of the + * service we are going to call, sine some servers want it in uppercase */ + + for (i = 0; i < strlen(server); i++) + called[i] = toupper(server[i]); + + called[strlen(server)] = 0; /* Make it a string */ + + for (i = 0; i < strlen(con->myname); i++) + calling[i] = toupper(con->myname[i]); + + calling[strlen(con->myname)] = 0; /* Make it a string */ + + if (strcmp(con->address, "") == 0) + address = con->desthost; + else + address = con->address; + + con->Trans_Connect = RFCNB_Call(called, + calling, + address, /* Protocol specific */ + con->port); + + /* Did we get one? */ + + if (con->Trans_Connect == NULL) { + + if (Con_Handle == NULL) { + Con_Handle = NULL; + free(con); + } + SMBlib_errno = -SMBlibE_CallFailed; + return NULL; + + } + return (con); + +} + +/* SMB_Connect: Connect to the indicated server */ +/* If Con_Handle == NULL then create a handle and connect, otherwise */ +/* use the handle passed */ + +char *SMB_Prots_Restrict[] = +{"PC NETWORK PROGRAM 1.0", + NULL}; + + +SMB_Handle_Type +SMB_Connect(SMB_Handle_Type Con_Handle, + SMB_Tree_Handle * tree, + char *service, + char *username, + char *password) +{ + SMB_Handle_Type con; + char *host, *address; + char temp[80], called[80], calling[80]; + int i; + + /* Get a connection structure if one does not exist */ + + con = Con_Handle; + + if (Con_Handle == NULL) { + + if ((con = (struct SMB_Connect_Def *) malloc(sizeof(struct SMB_Connect_Def))) == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + return NULL; + } + } + /* Init some things ... */ + + strcpy(con->service, service); + strcpy(con->username, username); + strcpy(con->password, password); + strcpy(con->sock_options, ""); + strcpy(con->address, ""); + strcpy(con->PDomain, SMBLIB_DEFAULT_DOMAIN); + strcpy(con->OSName, SMBLIB_DEFAULT_OSNAME); + strcpy(con->LMType, SMBLIB_DEFAULT_LMTYPE); + con->first_tree = con->last_tree = NULL; + + SMB_Get_My_Name(con->myname, sizeof(con->myname)); + + con->port = 0; /* No port selected */ + + /* Get some things we need for the SMB Header */ + + con->pid = getpid(); + con->mid = con->pid; /* This will do for now ... */ + con->uid = 0; /* Until we have done a logon, no uid */ + con->gid = getgid(); + + /* Now figure out the host portion of the service */ + + strcpy(temp, service); + /* AI - Added (char *) to stop compiler warnings */ + host = (char *) strtok(temp, "/\\"); /* Separate host name portion */ + strcpy(con->desthost, host); + + /* Now connect to the remote end, but first upper case the name of the + * service we are going to call, sine some servers want it in uppercase */ + + for (i = 0; i < strlen(host); i++) + called[i] = toupper(host[i]); + + called[strlen(host)] = 0; /* Make it a string */ + + for (i = 0; i < strlen(con->myname); i++) + calling[i] = toupper(con->myname[i]); + + calling[strlen(con->myname)] = 0; /* Make it a string */ + + if (strcmp(con->address, "") == 0) + address = con->desthost; + else + address = con->address; + + con->Trans_Connect = RFCNB_Call(called, + calling, + address, /* Protocol specific */ + con->port); + + /* Did we get one? */ + + if (con->Trans_Connect == NULL) { + + if (Con_Handle == NULL) { + free(con); + Con_Handle = NULL; + } + SMBlib_errno = -SMBlibE_CallFailed; + return NULL; + + } + /* Now, negotiate the protocol */ + + if (SMB_Negotiate(con, SMB_Prots_Restrict) < 0) { + + /* Hmmm what should we do here ... We have a connection, but could not + * negotiate ... */ + + return NULL; + + } + /* Now connect to the service ... */ + + if ((*tree = SMB_TreeConnect(con, NULL, service, password, "A:")) == NULL) { + + return NULL; + + } + return (con); + +} + +/* Logon to the server. That is, do a session setup if we can. We do not do */ +/* Unicode yet! */ + +int +SMB_Logon_Server(SMB_Handle_Type Con_Handle, char *UserName, + char *PassWord) +{ + struct RFCNB_Pkt *pkt; + int param_len, pkt_len, pass_len; + char *p, pword[128]; + + /* First we need a packet etc ... but we need to know what protocol has */ + /* been negotiated to figure out if we can do it and what SMB format to */ + /* use ... */ + + if (Con_Handle->protocol < SMB_P_LanMan1) { + + SMBlib_errno = SMBlibE_ProtLow; + return (SMBlibE_BAD); + + } + strcpy(pword, PassWord); +#ifdef PAM_SMB_ENC_PASS + if (Con_Handle->encrypt_passwords) { + pass_len = 24; + SMBencrypt((uchar *) PassWord, (uchar *) Con_Handle->Encrypt_Key, (uchar *) pword); + } else +#endif + pass_len = strlen(pword); + + + /* Now build the correct structure */ + + if (Con_Handle->protocol < SMB_P_NT1) { + + param_len = strlen(UserName) + 1 + pass_len + 1 + + strlen(Con_Handle->PDomain) + 1 + + strlen(Con_Handle->OSName) + 1; + + pkt_len = SMB_ssetpLM_len + param_len; + + pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); + + if (pkt == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + return (SMBlibE_BAD); /* Should handle the error */ + + } + bzero(SMB_Hdr(pkt), SMB_ssetpLM_len); + SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ + *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBsesssetupX; + SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); + *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 10; + *(SMB_Hdr(pkt) + SMB_hdr_axc_offset) = 0xFF; /* No extra command */ + SSVAL(SMB_Hdr(pkt), SMB_hdr_axo_offset, 0); + + SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_mbs_offset, SMBLIB_MAX_XMIT); + SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_mmc_offset, 2); + SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_vcn_offset, Con_Handle->pid); + SIVAL(SMB_Hdr(pkt), SMB_ssetpLM_snk_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_pwl_offset, pass_len + 1); + SIVAL(SMB_Hdr(pkt), SMB_ssetpLM_res_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_bcc_offset, param_len); + + /* Now copy the param strings in with the right stuff */ + + p = (char *) (SMB_Hdr(pkt) + SMB_ssetpLM_buf_offset); + + /* Copy in password, then the rest. Password has a null at end */ + + memcpy(p, pword, pass_len); + + p = p + pass_len + 1; + + strcpy(p, UserName); + p = p + strlen(UserName); + *p = 0; + + p = p + 1; + + strcpy(p, Con_Handle->PDomain); + p = p + strlen(Con_Handle->PDomain); + *p = 0; + p = p + 1; + + strcpy(p, Con_Handle->OSName); + p = p + strlen(Con_Handle->OSName); + *p = 0; + + } else { + + /* We don't admit to UNICODE support ... */ + + param_len = strlen(UserName) + 1 + pass_len + + strlen(Con_Handle->PDomain) + 1 + + strlen(Con_Handle->OSName) + 1 + + strlen(Con_Handle->LMType) + 1; + + pkt_len = SMB_ssetpNTLM_len + param_len; + + pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); + + if (pkt == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + return (-1); /* Should handle the error */ + + } + bzero(SMB_Hdr(pkt), SMB_ssetpNTLM_len); + SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ + *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBsesssetupX; + SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); + *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 13; + *(SMB_Hdr(pkt) + SMB_hdr_axc_offset) = 0xFF; /* No extra command */ + SSVAL(SMB_Hdr(pkt), SMB_hdr_axo_offset, 0); + + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_mbs_offset, SMBLIB_MAX_XMIT); + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_mmc_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_vcn_offset, 0); + SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_snk_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cipl_offset, pass_len); + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cspl_offset, 0); + SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_res_offset, 0); + SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cap_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_bcc_offset, param_len); + + /* Now copy the param strings in with the right stuff */ + + p = (char *) (SMB_Hdr(pkt) + SMB_ssetpNTLM_buf_offset); + + /* Copy in password, then the rest. Password has no null at end */ + + memcpy(p, pword, pass_len); + + p = p + pass_len; + + strcpy(p, UserName); + p = p + strlen(UserName); + *p = 0; + + p = p + 1; + + strcpy(p, Con_Handle->PDomain); + p = p + strlen(Con_Handle->PDomain); + *p = 0; + p = p + 1; + + strcpy(p, Con_Handle->OSName); + p = p + strlen(Con_Handle->OSName); + *p = 0; + p = p + 1; + + strcpy(p, Con_Handle->LMType); + p = p + strlen(Con_Handle->LMType); + *p = 0; + + } + + /* Now send it and get a response */ + + if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error sending SessSetupX request\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_SendFailed; + return (SMBlibE_BAD); + + } + /* Now get the response ... */ + + if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error receiving response to SessSetupAndX\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_RecvFailed; + return (SMBlibE_BAD); + + } + /* Check out the response type ... */ + + if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ + +#ifdef DEBUG + fprintf(stderr, "SMB_SessSetupAndX failed with errorclass = %i, Error Code = %i\n", + CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), + SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); +#endif + + SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_Remote; + return (SMBlibE_BAD); + + } +#ifdef DEBUG + fprintf(stderr, "SessSetupAndX response. Action = %i\n", + SVAL(SMB_Hdr(pkt), SMB_ssetpr_act_offset)); +#endif + + /* Now pick up the UID for future reference ... */ + + Con_Handle->uid = SVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset); + RFCNB_Free_Pkt(pkt); + + return (0); + +} + + +/* Disconnect from the server, and disconnect all tree connects */ + +int +SMB_Discon(SMB_Handle_Type Con_Handle, BOOL KeepHandle) +{ + + /* We just disconnect the connection for now ... */ + + RFCNB_Hangup(Con_Handle->Trans_Connect); + + if (!KeepHandle) + free(Con_Handle); + + return (0); + +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/smblib.c.patch Wed Feb 14 00:48:20 2007 @@ -0,0 +1,25 @@ +7a8,9 +> (2000/02/11) Added some tricks to SMB_Logon_Server to control logons of users with illegal name +> Vadim A. Popov +520c522 +< +--- +> +523a526,542 +> return(SMBlibE_BAD); +> +> } +> +> /* Check out the special case: illegal user reported as Action=0x01 ... */ +> +> if (SVAL(SMB_Hdr(pkt), SMB_ssetpr_act_offset)&&0x01 != 0) { /* Process error */ +> +> #ifdef DEBUG +> fprintf(stderr, "SMB_SessSetupAndX failed with errorclass = %i, Error Code = %i\n", +> CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), +> SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); +> #endif +> +> SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); +> RFCNB_Free_Pkt(pkt); +> SMBlib_errno = SMBlibE_GuestOnly; --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/smblib.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,98 @@ +/* UNIX SMBlib NetBIOS implementation + * + * Version 1.0 + * SMBlib Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "std-defines.h" +#include "smblib-common.h" + +/* Just define all the entry points */ + +/* Create a handle to allow us to set/override some parameters ... */ + +SMB_Handle_Type SMB_Create_Con_Handle(); + +/* Connect to a server, but do not do a tree con etc ... */ + +SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type, char *server, char *NTdomain); + +/* Connect to a server and give us back a handle. If Con == NULL, create */ +/* The handle and populate it with defaults */ + +SMB_Handle_Type SMB_Connect(SMB_Handle_Type Con_Handle, + SMB_Tree_Handle * tree, + char *service, + char *username, + char *password); + +/* Negotiate a protocol */ + +int SMB_Negotiate(void *Con_Handle, char *Prots[]); + +/* Connect to a tree ... */ + +void *SMB_TreeConnect(void *con_handle, void *tree_handle, + char *path, char *password, char *dev); + +/* Disconnect a tree ... */ + +int SMB_TreeDisconect(void *tree_handle); + +/* Open a file */ + +void *SMB_Open(void *tree_handle, + void *file_handle, + char *file_name, + unsigned short mode, + unsigned short search); + +/* Close a file */ + +int SMB_Close(void *file_handle); + +/* Disconnect from server. Has flag to specify whether or not we keep the */ +/* handle. */ + +int SMB_Discon(SMB_Handle_Type Con_Handle, BOOL KeepHandle); + +void *SMB_Create(void *Tree_Handle, + void *File_Handle, + char *file_name, + short search); + +int SMB_Delete(void *tree, char *file_name, short search); + +int SMB_Create_Dir(void *tree, char *dir_name); + +int SMB_Delete_Dir(void *tree, char *dir_name); + +int SMB_Check_Dir(void *tree, char *dir_name); + +int SMB_Get_Last_Error(); + +int SMB_Get_Last_SMB_Err(); + +int SMB_Get_Error_Msg(int msg, char *msgbuf, int len); + +void *SMB_Logon_And_TCon(void *con, void *tree, char *user, char *pass, + char *service, char *st); --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/std-defines.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,45 @@ +/* RFCNB Standard includes ... */ +/* + * + * SMBlib Standard Includes + * + * Copyright (C) 1996, Richard Sharpe + */ +/* One day we will conditionalize these on OS types ... */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _STD_DEFINES_H_ +#define _STD_DEFINES_H_ + +#define BOOL int +typedef short int16; + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define TRUE 1 +#define FALSE 0 + +#endif /* _STD_DEFINES_H_ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/std-includes.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,45 @@ +/* RFCNB Standard includes ... */ +/* + * + * RFCNB Standard Includes + * + * Copyright (C) 1996, Richard Sharpe + */ +/* One day we will conditionalize these on OS types ... */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#define BOOL int +typedef short int16; + +#include +#include +#include +#include +#include +#include +#include +#include + +#define TRUE 1 +#define FALSE 0 + +/* Pick up define for INADDR_NONE */ + +#ifndef INADDR_NONE +#define INADDR_NONE -1 +#endif --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/valid.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,45 @@ +#include +#include +#include +#include "smblib-priv.h" +#include "smblib.h" +#include "valid.h" + +extern int SMB_Init(void); +extern int SMB_Logon_Server(SMB_Handle_Type, char *, char *); + + +int +Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN) +{ + char *SMB_Prots[] = + {"PC NETWORK PROGRAM 1.0", + "MICROSOFT NETWORKS 1.03", + "MICROSOFT NETWORKS 3.0", + "LANMAN1.0", + "LM1.2X002", + "Samba", + "NT LM 0.12", + "NT LANMAN 1.0", + NULL}; + void *con; + + SMB_Init(); + con = SMB_Connect_Server(NULL, SERVER, DOMAIN); + if (con == NULL) { /* Error ... */ + con = SMB_Connect_Server(NULL, BACKUP, DOMAIN); + if (con == NULL) { + return (NTV_SERVER_ERROR); + } + } + if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */ + SMB_Discon(con, 0); + return (NTV_PROTOCOL_ERROR); + } + if (SMB_Logon_Server(con, USERNAME, PASSWORD) < 0) { + SMB_Discon(con, 0); + return (NTV_LOGON_ERROR); + } + SMB_Discon(con, 0); + return (NTV_NO_ERROR); +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/MSNT/valid.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,12 @@ +#ifndef _VALID_H_ +#define _VALID_H_ +/* SMB User verification function */ + +#define NTV_NO_ERROR 0 +#define NTV_SERVER_ERROR 1 +#define NTV_PROTOCOL_ERROR 2 +#define NTV_LOGON_ERROR 3 + +int Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN); + +#endif --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/NCSA/Makefile.in Wed Feb 14 00:48:20 2007 @@ -0,0 +1,100 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id$ +# +# Uncomment and customize the following to suit your needs: +# + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +cgi_suffix = @cgi_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +libexecdir = @libexecdir@ +sysconfdir = @sysconfdir@ +localstatedir = @localstatedir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +# Gotta love the DOS legacy +# +NCSA_AUTH_EXE = ncsa_auth$(exec_suffix) + +DEFAULT_PASSWD_FILE = $(sysconfdir)/passwd + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +INSTALL_FILE = @INSTALL_DATA@ +INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 +RANLIB = @RANLIB@ +LN_S = @LN_S@ +PERL = @PERL@ +CRYPTLIB = @CRYPTLIB@ +REGEXLIB = @REGEXLIB@ +PTHREADLIB = @PTHREADLIB@ +SNMPLIB = @SNMPLIB@ +MALLOCLIB = @LIB_MALLOC@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +MV = @MV@ +RM = @RM@ +SHELL = /bin/sh + + +INCLUDE = -I. -I../../../../../include -I$(top_srcdir)/include +CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) +AUTH_LIBS = -L../../../../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) + +PROGS = $(NCSA_AUTH_EXE) +OBJS = ncsa_auth.o + +all: $(NCSA_AUTH_EXE) + +$(OBJS): $(top_srcdir)/include/version.h + +$(NCSA_AUTH_EXE): ncsa_auth.o + $(CC) $(LDFLAGS) ncsa_auth.o -o $@ $(AUTH_LIBS) + +install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ + mkdir $(prefix); \ + fi + -@if test ! -d $(bindir); then \ + echo "mkdir $(bindir)"; \ + mkdir $(bindir); \ + fi + +# Michael Lupp wants to know about additions +# to the install target. +install: all install-mkdirs + @for f in $(PROGS); do \ + if test -f $(bindir)/$$f; then \ + echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(bindir); \ + $(INSTALL_BIN) $$f $(bindir); \ + if test -f $(bindir)/-$$f; then \ + echo $(RM) -f $(bindir)/-$$f; \ + $(RM) -f $(bindir)/-$$f; \ + fi; \ + done + +clean: + -rm -rf *.o *pure_* core $(PROGS) + +distclean: clean + -rm -f Makefile + +tags: + ctags *.[ch] ../include/*.h ../lib/*.[ch] + +depend: + $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/NCSA/ncsa_auth.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,143 @@ +/* + * ncsa_auth.c + * + * AUTHOR: Arjan de Vet + * + * Example authentication program for Squid, based on the original + * proxy_auth code from client_side.c, written by + * Jon Thackray . + * + * Uses a NCSA httpd style password file for authentication with the + * following improvements suggested by various people: + * + * - comment lines are possible and should start with a '#'; + * - empty or blank lines are possible; + * - extra fields in the password file are ignored; this makes it + * possible to use a Unix password file but I do not recommend that. + * + */ + +#include "config.h" +#if HAVE_STDIO_H +#include +#endif +#if HAVE_STDLIB_H +#include +#endif +#if HAVE_UNISTD_H +#include +#endif +#if HAVE_STRING_H +#include +#endif +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_STAT_H +#include +#endif +#if HAVE_CRYPT_H +#include +#endif + +#include "util.h" +#include "hash.h" + +static hash_table *hash = NULL; +static HASHFREE my_free; + +typedef struct _user_data { + /* first two items must be same as hash_link */ + char *user; + struct _user_data *next; + char *passwd; +} user_data; + +static void +my_free(void *p) +{ + user_data *u = p; + xfree(u->user); + xfree(u->passwd); + xfree(u); +} + +static void +read_passwd_file(const char *passwdfile) +{ + FILE *f; + char buf[8192]; + user_data *u; + char *user; + char *passwd; + if (hash != NULL) { + hashFreeItems(hash, my_free); + } + /* initial setup */ + hash = hash_create((HASHCMP *) strcmp, 7921, hash_string); + if (NULL == hash) { + fprintf(stderr, "ncsa_auth: cannot create hash table\n"); + exit(1); + } + f = fopen(passwdfile, "r"); + while (fgets(buf, 8192, f) != NULL) { + if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') || + (buf[0] == '\n')) + continue; + user = strtok(buf, ":\n"); + passwd = strtok(NULL, ":\n"); + if ((strlen(user) > 0) && passwd) { + u = xmalloc(sizeof(*u)); + u->user = xstrdup(user); + u->passwd = xstrdup(passwd); + hash_join(hash, (hash_link *) u); + } + } + fclose(f); +} + +int +main(int argc, char **argv) +{ + struct stat sb; + time_t change_time = 0; + char buf[256]; + char *user, *passwd, *p; + user_data *u; + setbuf(stdout, NULL); + if (argc != 2) { + fprintf(stderr, "Usage: ncsa_auth \n"); + exit(1); + } + if (stat(argv[1], &sb) != 0) { + fprintf(stderr, "cannot stat %s\n", argv[1]); + exit(1); + } + while (fgets(buf, 256, stdin) != NULL) { + if ((p = strchr(buf, '\n')) != NULL) + *p = '\0'; /* strip \n */ + if (stat(argv[1], &sb) == 0) { + if (sb.st_mtime != change_time) { + read_passwd_file(argv[1]); + change_time = sb.st_mtime; + } + } + if ((user = strtok(buf, " ")) == NULL) { + printf("ERR\n"); + continue; + } + if ((passwd = strtok(NULL, "")) == NULL) { + printf("ERR\n"); + continue; + } + u = hash_lookup(hash, user); + if (u == NULL) { + printf("ERR\n"); + } else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd))) { + printf("ERR\n"); + } else { + printf("OK\n"); + } + } + exit(0); +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/PAM/Makefile.in Wed Feb 14 00:48:20 2007 @@ -0,0 +1,96 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id$ +# +# Uncomment and customize the following to suit your needs: +# + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +cgi_suffix = @cgi_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +libexecdir = @libexecdir@ +sysconfdir = @sysconfdir@ +localstatedir = @localstatedir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +# Gotta love the DOS legacy +# +PAM_AUTH_EXE = pam_auth$(exec_suffix) + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +INSTALL_FILE = @INSTALL_DATA@ +INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 +RANLIB = @RANLIB@ +LN_S = @LN_S@ +PERL = @PERL@ +CRYPTLIB = @CRYPTLIB@ +REGEXLIB = @REGEXLIB@ +PTHREADLIB = @PTHREADLIB@ +SNMPLIB = @SNMPLIB@ +MALLOCLIB = @LIB_MALLOC@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ @DLLIB@ +XTRA_OBJS = @XTRA_OBJS@ +MV = @MV@ +RM = @RM@ +SHELL = /bin/sh +DEFINES = + +INCLUDE = -I. -I../../../../../include -I$(top_srcdir)/include +CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) +AUTH_LIBS = -lpam $(XTRA_LIBS) + +LIBPROGS = $(PAM_AUTH_EXE) +OBJS = pam_auth.o + +all: $(PAM_AUTH_EXE) + +$(PAM_AUTH_EXE): pam_auth.o + $(CC) $(LDFLAGS) pam_auth.o -o $@ $(AUTH_LIBS) + +install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ + mkdir $(prefix); \ + fi + -@if test ! -d $(libexecdir); then \ + echo "mkdir $(libexecdir)"; \ + mkdir $(libexecdir); \ + fi + +# Michael Lupp wants to know about additions +# to the install target. +install: all install-mkdirs + @for f in $(LIBPROGS); do \ + if test -f $(libexecdir)/$$f; then \ + echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ + $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(libexecdir); \ + $(INSTALL_BIN) $$f $(libexecdir); \ + if test -f $(libexecdir)/-$$f; then \ + echo $(RM) -f $(libexecdir)/-$$f; \ + $(RM) -f $(libexecdir)/-$$f; \ + fi; \ + done + +clean: + -rm -rf *.o *pure_* core $(LIBPROGS) + +distclean: clean + -rm -f Makefile + +tags: + ctags *.[ch] + +depend: + $(MAKEDEPEND) -fMakefile *.c --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/PAM/pam_auth.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,190 @@ +/* + * $Id$ + * + * PAM authenticator module for Squid. + * Copyright (C) 1999 Henrik Nordstrom + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + * + * Install instructions: + * + * This program authenticates users against a PAM configured authentication + * service "squid". This allows you to authenticate Squid users to any + * authentication source for which you have a PAM module. Commonly available + * PAM modules includes "UNIX", RADIUS, Kerberos and SMB, but a lot of other + * PAM modules are available from various sources. + * + * Example PAM configuration for standard UNIX passwd authentication: + * /etc/pam.conf: + * squid auth required /lib/security/pam_unix.so.1 + * squid account required /lib/security/pam_unix.so.1 + * + * Note that some PAM modules (for example shadow password authentication) + * requires the program to be installed suid root, or PAM will not allow + * it to authenticate other users than it runs as (this is a security + * limitation of PAM to avoid automated probing of passwords). + * + * Compile this program with: gcc -o pam_auth pam_auth.c -lpam -ldl + * + */ + +#include +#include +#include +#include +#include +#include + +#include + +#define BUFSIZE 8192 + + +/* The default PAM service name */ +#ifndef SQUID_PAM_SERVICE +#define SQUID_PAM_SERVICE "squid" +#endif + +/* How often to reinitialize PAM, in seconds. Undefined = never, 0=always */ +/* #define PAM_CONNECTION_TTL 60 */ + +static int reset_pam = 1; /* Set to one if it is time to reset PAM processing */ + +static char *password = NULL; /* Workaround for Solaris 2.6 brokenness */ + +/* + * A simple "conversation" function returning the supplied password. + * Has a bit to much error control, but this is my first PAM application + * so I'd rather check everything than make any mistakes. The function + * expects a single converstation message of type PAM_PROMPT_ECHO_OFF. + */ +static int +password_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) +{ + if (num_msg != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF) { + fprintf(stderr, "ERROR: Unexpected PAM converstaion '%d/%s'\n", msg[0]->msg_style, msg[0]->msg); + return PAM_CONV_ERR; + } + if (!appdata_ptr) { + /* Workaround for Solaris 2.6 where the PAM library is broken + * and does not pass appdata_ptr to the conversation routine + */ + appdata_ptr = password; + } + if (!appdata_ptr) { + fprintf(stderr, "ERROR: No password available to password_converstation!\n"); + return PAM_CONV_ERR; + } + *resp = calloc(num_msg, sizeof(struct pam_response)); + if (!*resp) { + fprintf(stderr, "ERROR: Out of memory!\n"); + return PAM_CONV_ERR; + } + (*resp)[0].resp = strdup((char *) appdata_ptr); + (*resp)[0].resp_retcode = 0; + + return ((*resp)[0].resp ? PAM_SUCCESS : PAM_CONV_ERR); +} + +static struct pam_conv conv = +{ + &password_conversation, + NULL +}; + +void +signal_received(int sig) +{ + reset_pam = 1; + signal(sig, signal_received); +} + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh = NULL; + int retval; + char *user; + /* char *password; */ + char buf[BUFSIZE]; + time_t pamh_created = 0; + + signal(SIGHUP, signal_received); + + /* make standard output line buffered */ + setvbuf(stdout, NULL, _IOLBF, 0); + + while (retval = PAM_SUCCESS, fgets(buf, BUFSIZE, stdin)) { + user = buf; + password = strchr(buf, '\n'); + if (!password) { + fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf); + fprintf(stdout, "ERR\n"); + continue; + } + *password = '\0'; + password = strchr(buf, ' '); + if (!password) { + fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf); + fprintf(stdout, "ERR\n"); + continue; + } + *password++ = '\0'; + conv.appdata_ptr = (char *) password; /* from buf above. not allocated */ +#ifdef PAM_CONNECTION_TTL + if (pamh_created + PAM_CONNECTION_TTL >= time(NULL)) + reset_pam = 1; +#endif + if (reset_pam && pamh) { + /* Close previous PAM connection */ + retval = pam_end(pamh, retval); + if (retval != PAM_SUCCESS) { + fprintf(stderr, "ERROR: failed to release PAM authenticator\n"); + } + pamh = NULL; + } + if (!pamh) { + /* Initialize PAM connection */ + retval = pam_start(SQUID_PAM_SERVICE, "squid@", &conv, &pamh); + if (retval != PAM_SUCCESS) { + fprintf(stderr, "ERROR: failed to create PAM authenticator\n"); + } + reset_pam = 0; + pamh_created = time(NULL); + } + if (retval == PAM_SUCCESS) + retval = pam_set_item(pamh, PAM_USER, user); + if (retval == PAM_SUCCESS) + retval = pam_set_item(pamh, PAM_CONV, &conv); + if (retval == PAM_SUCCESS) + retval = pam_authenticate(pamh, 0); + if (retval == PAM_SUCCESS) + retval = pam_acct_mgmt(pamh, 0); + if (retval == PAM_SUCCESS) { + fprintf(stdout, "OK\n"); + } else { + fprintf(stdout, "ERR\n"); + } + } + + if (pamh) { + retval = pam_end(pamh, retval); + if (retval != PAM_SUCCESS) { + pamh = NULL; + fprintf(stderr, "ERROR: failed to release PAM authenticator\n"); + } + } + return (retval == PAM_SUCCESS ? 0 : 1); /* indicate success */ +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/SMB/COPYING-2.0 Wed Feb 14 00:48:20 2007 @@ -0,0 +1,341 @@ + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 675 Mass Ave, Cambridge, MA 02139, USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + Appendix: How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. + --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/SMB/Changelog Wed Feb 14 00:48:20 2007 @@ -0,0 +1,56 @@ +28 September 1999, version 0.05 + +- Easier debugging: added the -d option to smb_auth. + +- Bugfix: a password containing a backslash character was always + denied. Reported by Menno Stevens. + +- The -S option now accepts both slashes and backslashes and + allows the share name to be preceded by a (back)slash. + +5 June 1999, version 0.04 + +- Allow for both \n and \r\n end-of-line termination in the + proxyauth file located on the PDC. This eliminates the most + common installation problem. + +- The location of the proxyauth file can be changed (for each + domain) using the new -S option. Useful when the NETLOGON + share is located on a FAT filesystem. + Thanks to Colin Manning . + +2 Februari 1999, version 0.03 + +- Support for pass-through authentication (trust relationships) + added. Suggested by Matthew Wood . + +- Bugfix: smb_auth.sh searched for the PDC only. + +- Many documentation improvements. + +9 December 1998, version 0.02 + +- smb_auth now uses Samba instead of pam_smb. This simplifies the + installation of smb_auth and increases platform support. + +- Access control by user and group: smb_auth now tries to read + the file \netlogon\proxyauth. By restricting read access on + this file access to the proxy can be controlled. + +- Easier configuration: + + - smb_auth is now fully configurable with command-line options + (i.e. in squid.conf). No more hacking in the source code. + + - In most cases it is sufficient to specify just the domain name. + smb_auth searches for a working domain controller on each + authentication request (note that Squid caches valid requests). + +- Easier installation: Makefile added. Simply typing "make install" + will work for most people. + +- In a multi-domain situation, users must now enter domain\user + instead of user\domain. This conforms to NT notation. Thanks to + Jason Haar for pointing this out. + +31 July 1998, version 0.01 --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/SMB/Makefile.in Wed Feb 14 00:48:20 2007 @@ -0,0 +1,118 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id$ +# +# Uncomment and customize the following to suit your needs: +# + +# SAMBAPREFIX must point to the directory where Samba has been installed. +# By default, Samba is installed in /usr/local/samba. If you changed this +# by using the --prefix option when configuring Samba, you need to change +# SAMBAPREFIX accordingly. + +SAMBAPREFIX=/usr/local/samba + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +cgi_suffix = @cgi_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +libexecdir = @libexecdir@ +sysconfdir = @sysconfdir@ +localstatedir = @localstatedir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +# Gotta love the DOS legacy +# +SMB_AUTH_EXE = smb_auth$(exec_suffix) +SMB_AUTH_HELPER = smb_auth.sh +SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +INSTALL_FILE = @INSTALL_DATA@ +INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 +RANLIB = @RANLIB@ +LN_S = @LN_S@ +PERL = @PERL@ +CRYPTLIB = @CRYPTLIB@ +REGEXLIB = @REGEXLIB@ +PTHREADLIB = @PTHREADLIB@ +SNMPLIB = @SNMPLIB@ +MALLOCLIB = @LIB_MALLOC@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +MV = @MV@ +RM = @RM@ +SHELL = /bin/sh +DEFINES = -DSAMBAPREFIX=\"$(SAMBAPREFIX)\" -DHELPERSCRIPT=\"$(SMB_AUTH_HELPER_PATH)\" + +INCLUDE = -I. -I../../../../../include -I$(top_srcdir)/include +CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) +AUTH_LIBS = $(XTRA_LIBS) + +LIBPROGS = $(SMB_AUTH_EXE) +LIBSCRIPTS = $(SMB_AUTH_HELPER) +OBJS = smb_auth.o + +all: $(LIBPROGS) + +$(SMB_AUTH_EXE): smb_auth.o + $(CC) $(LDFLAGS) smb_auth.o -o $@ $(AUTH_LIBS) + +install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ + mkdir $(prefix); \ + fi + -@if test ! -d $(libexecdir); then \ + echo "mkdir $(libexecdir)"; \ + mkdir $(libexecdir); \ + fi + +# Michael Lupp wants to know about additions +# to the install target. +install: all install-mkdirs + @for f in $(LIBPROGS); do \ + if test -f $(libexecdir)/$$f; then \ + echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ + $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(libexecdir); \ + $(INSTALL_BIN) $$f $(libexecdir); \ + if test -f $(libexecdir)/-$$f; then \ + echo $(RM) -f $(libexecdir)/-$$f; \ + $(RM) -f $(libexecdir)/-$$f; \ + fi; \ + done + @for f in $(LIBSCRIPTS); do \ + if test -f $(libexecdir)/$$f; then \ + echo $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ + $(MV) $(libexecdir)/$$f $(libexecdir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(libexecdir); \ + $(INSTALL_BIN) $(srcdir)/$$f $(libexecdir); \ + if test -f $(libexecdir)/-$$f; then \ + echo $(RM) -f $(libexecdir)/-$$f; \ + $(RM) -f $(libexecdir)/-$$f; \ + fi; \ + done + +clean: + -rm -rf *.o *pure_* core $(LIBPROGS) + +distclean: clean + -rm -f Makefile + +tags: + ctags *.[ch] + +depend: + $(MAKEDEPEND) -fMakefile *.c --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/SMB/README Wed Feb 14 00:48:20 2007 @@ -0,0 +1,3 @@ +For documentation, please refer to + + http://www.hacom.nl/~richard/software/smb_auth.html --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/SMB/smb_auth.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,232 @@ +/* + * smb_auth - SMB proxy authentication module + * Copyright (C) 1998 Richard Huveneers + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include +#include + +#define BUFSIZE 256 +#define NMB_UNICAST 1 +#define NMB_BROADCAST 2 + +struct SMBDOMAIN { + char *name; /* domain name */ + char *sname; /* match this with user input */ + char *passthrough; /* pass-through authentication */ + char *nmbaddr; /* name service address */ + int nmbcast; /* broadcast or unicast */ + char *authshare; /* share name of auth file */ + char *authfile; /* pathname of auth file */ + struct SMBDOMAIN *next; /* linked list */ +}; + +struct SMBDOMAIN *firstdom = NULL; +struct SMBDOMAIN *lastdom = NULL; + +/* + * escape the backslash character, since it has a special meaning + * to the read command of the bourne shell. + */ + +void +print_esc(FILE * p, char *s) +{ + char buf[256]; + char *t; + int i = 0; + + for (t = s; *t != '\0'; t++) { + if (i > 250) { + buf[i] = '\0'; + (void) fputs(buf, p); + i = 0; + } + if (*t == '\\') + buf[i++] = '\\'; + + buf[i++] = *t; + } + + if (i > 0) { + buf[i] = '\0'; + (void) fputs(buf, p); + } +} + +int +main(int argc, char *argv[]) +{ + int i; + char buf[BUFSIZE]; + struct SMBDOMAIN *dom; + char *s; + char *user; + char *pass; + char *domname; + FILE *p; + int debug = 0; + char *shcmd; + + /* make standard output line buffered */ + if (setvbuf(stdout, NULL, _IOLBF, 0) != 0) + return 1; + + /* parse command line arguments */ + for (i = 1; i < argc; i++) { + if (strcmp(argv[i], "-d") == 0) { + debug = 1; + continue; + } + /* the next options require an argument */ + if (i + 1 == argc) + break; + + if (strcmp(argv[i], "-W") == 0) { + if ((dom = (struct SMBDOMAIN *) malloc(sizeof(struct SMBDOMAIN))) == NULL) + return 1; + + dom->name = dom->sname = argv[++i]; + dom->passthrough = ""; + dom->nmbaddr = ""; + dom->nmbcast = NMB_BROADCAST; + dom->authshare = "NETLOGON"; + dom->authfile = "proxyauth"; + dom->next = NULL; + + /* append to linked list */ + if (lastdom != NULL) + lastdom->next = dom; + else + firstdom = dom; + + lastdom = dom; + continue; + } + if (strcmp(argv[i], "-w") == 0) { + if (lastdom != NULL) + lastdom->sname = argv[++i]; + continue; + } + if (strcmp(argv[i], "-P") == 0) { + if (lastdom != NULL) + lastdom->passthrough = argv[++i]; + continue; + } + if (strcmp(argv[i], "-B") == 0) { + if (lastdom != NULL) { + lastdom->nmbaddr = argv[++i]; + lastdom->nmbcast = NMB_BROADCAST; + } + continue; + } + if (strcmp(argv[i], "-U") == 0) { + if (lastdom != NULL) { + lastdom->nmbaddr = argv[++i]; + lastdom->nmbcast = NMB_UNICAST; + } + continue; + } + if (strcmp(argv[i], "-S") == 0) { + if (lastdom != NULL) { + if ((lastdom->authshare = strdup(argv[++i])) == NULL) + return 1; + + /* convert backslashes to forward slashes */ + for (s = lastdom->authshare; *s != '\0'; s++) + if (*s == '\\') + *s = '/'; + + /* strip leading forward slash from share name */ + if (*lastdom->authshare == '/') + lastdom->authshare++; + + if ((s = strchr(lastdom->authshare, '/')) != NULL) { + *s = '\0'; + lastdom->authfile = s + 1; + } + } + continue; + } + } + + shcmd = debug ? HELPERSCRIPT : HELPERSCRIPT " > /dev/null 2>&1"; + + /* pass to helper script */ + if (putenv("SAMBAPREFIX=" SAMBAPREFIX) != 0) + return 1; + + while (1) { + if (fgets(buf, BUFSIZE, stdin) == NULL) + break; + + if ((s = strchr(buf, '\n')) == NULL) + continue; + *s = '\0'; + + if ((s = strchr(buf, ' ')) == NULL) { + (void) printf("ERR\n"); + continue; + } + *s = '\0'; + + user = buf; + pass = s + 1; + domname = NULL; + + if ((s = strchr(user, '\\')) != NULL) { + *s = '\0'; + domname = user; + user = s + 1; + } + /* match domname with linked list */ + if (domname != NULL && strlen(domname) > 0) { + for (dom = firstdom; dom != NULL; dom = dom->next) + if (strcasecmp(dom->sname, domname) == 0) + break; + } else + dom = firstdom; + + if (dom == NULL) { + (void) printf("ERR\n"); + continue; + } + if ((p = popen(shcmd, "w")) == NULL) { + (void) printf("ERR\n"); + continue; + } + (void) fprintf(p, "%s\n", dom->name); + (void) fprintf(p, "%s\n", dom->passthrough); + (void) fprintf(p, "%s\n", dom->nmbaddr); + (void) fprintf(p, "%d\n", dom->nmbcast); + (void) fprintf(p, "%s\n", dom->authshare); + (void) fprintf(p, "%s\n", dom->authfile); + (void) fprintf(p, "%s\n", user); + /* the password can contain special characters */ + print_esc(p, pass); + (void) fputc('\n', p); + (void) fflush(p); + + if (pclose(p) == 0) + (void) printf("OK\n"); + else + (void) printf("ERR\n"); + + } /* while (1) */ + return 0; +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/SMB/smb_auth.sh Wed Feb 14 00:48:20 2007 @@ -0,0 +1,71 @@ +#!/bin/sh +# +# smb_auth - SMB proxy authentication module +# Copyright (C) 1998 Richard Huveneers +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +read DOMAINNAME +read PASSTHROUGH +read NMBADDR +read NMBCAST +read AUTHSHARE +read AUTHFILE +read SMBUSER +read SMBPASS + +# Find domain controller +echo "Domain name: $DOMAINNAME" +if [ -n "$PASSTHROUGH" ] +then + echo "Pass-through authentication: yes: $PASSTHROUGH" +else + echo "Pass-through authentication: no" + PASSTHROUGH="$DOMAINNAME" +fi +if [ -n "$NMBADDR" ] +then + if [ "$NMBCAST" = "1" ] + then + addropt="-U $NMBADDR -R" + else + addropt="-B $NMBADDR" + fi +else + addropt="" +fi +echo "Query address options: $addropt" +dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` +echo "Domain controller IP address: $dcip" +[ -n "$dcip" ] || exit 1 + +# All right, we have the IP address of a domain controller, +# but we need its name too +dcname=`$SAMBAPREFIX/bin/nmblookup -A $dcip | awk '$2 == "<00>" { print $1 ; exit }'` +echo "Domain controller NETBIOS name: $dcname" +[ -n "$dcname" ] || exit 1 + +# Pass password to smbclient through environment. Not really safe. +USER="$SMBUSER%$SMBPASS" +export USER + +# Read the contents of the file $AUTHFILE on the $AUTHSHARE share +authfilebs=`echo "$AUTHFILE" | tr / '\\\\'` +authinfo=`$SAMBAPREFIX/bin/smbclient "//$dcname/$AUTHSHARE" -I $dcip -d 0 -E -W "$DOMAINNAME" -c "get $authfilebs -" 2>/dev/null` +echo "Contents of //$dcname/$AUTHSHARE/$AUTHFILE: $authinfo" + +# Allow for both \n and \r\n end-of-line termination +[ "$authinfo" = "allow" -o "$authinfo" = "allow " ] || exit 1 +exit 0 --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/YP/Makefile.in Wed Feb 14 00:48:20 2007 @@ -0,0 +1,100 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id$ +# +# Uncomment and customize the following to suit your needs: +# + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +cgi_suffix = @cgi_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +libexecdir = @libexecdir@ +sysconfdir = @sysconfdir@ +localstatedir = @localstatedir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +# Gotta love the DOS legacy +# +YP_AUTH_EXE = yp_auth$(exec_suffix) + +DEFAULT_PASSWD_FILE = $(sysconfdir)/passwd + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +INSTALL_FILE = @INSTALL_DATA@ +INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755 +RANLIB = @RANLIB@ +LN_S = @LN_S@ +PERL = @PERL@ +CRYPTLIB = @CRYPTLIB@ +REGEXLIB = @REGEXLIB@ +PTHREADLIB = @PTHREADLIB@ +SNMPLIB = @SNMPLIB@ +MALLOCLIB = @LIB_MALLOC@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +MV = @MV@ +RM = @RM@ +SHELL = /bin/sh + + +INCLUDE = -I. -I../../../../../include -I$(top_srcdir)/include +CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) +AUTH_LIBS = -L../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) + +PROGS = $(YP_AUTH_EXE) +OBJS = yp_auth.o nis_support.o + +all: $(YP_AUTH_EXE) + +$(OBJS): $(top_srcdir)/include/version.h + +$(YP_AUTH_EXE): $(OBJS) + $(CC) $(LDFLAGS) $(OBJS) -o $@ $(AUTH_LIBS) + +install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ + mkdir $(prefix); \ + fi + -@if test ! -d $(bindir); then \ + echo "mkdir $(bindir)"; \ + mkdir $(bindir); \ + fi + +# Michael Lupp wants to know about additions +# to the install target. +install: all install-mkdirs + @for f in $(PROGS); do \ + if test -f $(bindir)/$$f; then \ + echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(bindir); \ + $(INSTALL_BIN) $$f $(bindir); \ + if test -f $(bindir)/-$$f; then \ + echo $(RM) -f $(bindir)/-$$f; \ + $(RM) -f $(bindir)/-$$f; \ + fi; \ + done + +clean: + -rm -rf *.o *pure_* core $(PROGS) + +distclean: clean + -rm -f Makefile + +tags: + ctags *.[ch] ../include/*.h ../lib/*.[ch] + +depend: + $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/YP/nis_support.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,46 @@ +/* + * Written By Rabellino Sergio (rabellino@di.unito.it) For Solaris 2.x + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define NO_YPERR 0 /* There is no error */ + +int +get_nis_password(char *user, char *passwd, char *nisdomain, char *nismap) +{ + char *val = NULL; + char *username = NULL; + int vallen, res; + +#ifdef DEBUG + printf("Domain is set to %s\n", nisdomain); + printf("YP Map is set to %s\n", nismap); +#endif + + /* Get NIS entry */ + res = yp_match(nisdomain, nismap, user, strlen(user), &val, &vallen); + + switch (res) { + case NO_YPERR: + username = strtok(val, ":"); + strcpy(passwd, strtok(NULL, ":")); + free(val); + break; + case YPERR_YPBIND: + syslog(LOG_ERR, "Squid Authentication through ypbind failure: can't communicate with ypbind"); + return 1; + case YPERR_KEY: /* No such key in map */ + return 1; + default: + return 1; + } + return 0; +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/YP/yp_auth.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,81 @@ +/* + * Adapted By Rabellino Sergio (rabellino@di.unito.it) For Solaris 2.x + * From NCSA Authentication module + */ + +#include "config.h" +#if HAVE_STDIO_H +#include +#endif +#if HAVE_STDLIB_H +#include +#endif +#if HAVE_UNISTD_H +#include +#endif +#if HAVE_STRING_H +#include +#endif +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_SYS_STAT_H +#include +#endif +#if HAVE_CRYPT_H +#include +#endif + +#include "util.h" +#include "hash.h" + +int get_nis_password(); + + +int +main(int argc, char **argv) +{ + char buf[256]; + char nispasswd[15]; + char *nisdomain; + char *nismap; + char *user, *passwd, *p; + int res; + setbuf(stdout, NULL); + + if (argc != 3) { + fprintf(stderr, "Usage: yp_auth \n"); + fprintf(stderr, "\n"); + fprintf(stderr, "Example yp_auth mydomain.com passwd.byname\n"); + exit(1); + } + nisdomain = argv[1]; + nismap = argv[2]; + + while (fgets(buf, 256, stdin) != NULL) { + if ((p = strchr(buf, '\n')) != NULL) + *p = '\0'; /* strip \n */ + + if ((user = strtok(buf, " ")) == NULL) { + printf("ERR\n"); + continue; + } + if ((passwd = strtok(NULL, "")) == NULL) { + printf("ERR\n"); + continue; + } + res = get_nis_password(user, nispasswd, nisdomain, nismap); + + if (res) { + /* User does not exist */ + printf("ERR\n"); + } else if (strcmp(nispasswd, (char *) crypt(passwd, nispasswd))) { + /* Password incorrect */ + printf("ERR\n"); + } else { + /* All ok !, thanks... */ + printf("OK\n"); + } + } + exit(0); +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/getpwnam/Makefile.in Wed Feb 14 00:48:20 2007 @@ -0,0 +1,80 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id$ +# +# Uncomment and customize the following to suit your needs: +# + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +# Gotta love the DOS legacy +# +GETPWNAM_AUTH_EXE = getpwnam_auth$(exec_suffix) + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +CRYPTLIB = @CRYPTLIB@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +MV = @MV@ +RM = @RM@ +SHELL = /bin/sh + + +INCLUDE = -I. -I../../../../../include -I$(top_srcdir)/include +CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) +AUTH_LIBS = -L../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) + +PROGS = $(GETPWNAM_AUTH_EXE) +OBJS = getpwnam_auth.o + +all: $(GETPWNAM_AUTH_EXE) + +$(OBJS): $(top_srcdir)/include/version.h + +$(GETPWNAM_AUTH_EXE): $(OBJS) + $(CC) $(LDFLAGS) $(OBJS) -o $@ $(AUTH_LIBS) + +install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ + mkdir $(prefix); \ + fi + -@if test ! -d $(bindir); then \ + echo "mkdir $(bindir)"; \ + mkdir $(bindir); \ + fi + +install: all install-mkdirs + @for f in $(PROGS); do \ + if test -f $(bindir)/$$f; then \ + echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(bindir); \ + $(INSTALL_BIN) $$f $(bindir); \ + if test -f $(bindir)/-$$f; then \ + echo $(RM) -f $(bindir)/-$$f; \ + $(RM) -f $(bindir)/-$$f; \ + fi; \ + done + +clean: + -rm -rf *.o *pure_* core $(PROGS) + +distclean: clean + -rm -f Makefile + +depend: + $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/getpwnam/getpwnam_auth.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,80 @@ +/* + * getpwnam_auth.c + * + * AUTHOR: Erik Hofman + * Robin Elfrink + * + * Example authentication program for Squid, based on the + * original proxy_auth code from client_side.c, written by + * Jon Thackray . + * + * Uses getpwnam() routines for authentication. + * This has the following advantages over the NCSA module: + * + * - Allow authentication of all know local users + * - Allows authentication through nsswitch.conf + * + can handle NIS(+) requests + * + can handle LDAP request + * + can handle PAM request + * + */ + +#include "config.h" + +#if HAVE_STDIO_H +#include +#endif +#if HAVE_STDLIB_H +#include +#endif +#if HAVE_UNISTD_H +#include +#endif +#if HAVE_STRING_H +#include +#endif +#if HAVE_CRYPT_H +#include +#endif +#if HAVE_PWD_H +#include +#endif + + +#define ERR "ERR\n" +#define OK "OK\n" + +int +main() +{ + char buf[256]; + struct passwd *pwd; + char *user, *passwd, *p; + + setbuf(stdout, NULL); + while (fgets(buf, 256, stdin) != NULL) { + + if ((p = strchr(buf, '\n')) != NULL) + *p = '\0'; /* strip \n */ + + if ((user = strtok(buf, " ")) == NULL) { + printf(ERR); + continue; + } + if ((passwd = strtok(NULL, "")) == NULL) { + printf(ERR); + continue; + } + pwd = getpwnam(user); + if (pwd == NULL) { + printf(ERR); + } else { + if (strcmp(pwd->pw_passwd, (char *) crypt(passwd, pwd->pw_passwd))) { + printf(ERR); + } else { + printf(OK); + } + } + } + exit(0); +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/multi-domain-NTLM/README.txt Wed Feb 14 00:48:20 2007 @@ -0,0 +1,17 @@ + +From: "Chemolli Francesco (USI)" +Subject: Multiple NT domains authenticator +Date: Fri, 7 Jul 2000 15:37:32 +0200 + +This is the multi-domain NTLM authenticator, blissfully undocumented +(but there's a few strategic comments, so that at least the user +is not left alone). + +The user is expected to enter his/her credentials as domain\username +or domain/username (in analogy to what M$-Proxy does). + +Requires Authen::SMB from CPAN and Samba if you need to perform netbios +queries. + + Francesco 'Kinkie' Chemolli + --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl Wed Feb 14 00:48:20 2007 @@ -0,0 +1,132 @@ +#!/usr/bin/perl + +#if you define this, debugging output will be printed to STDERR. +$debug=1; + +#to force using some DC for some domains, fill in this hash. +#the key is a regexp matched against the domain name +# the value is an array ref with PDC and BDC. +# the order the names are matched in is UNDEFINED. +#i.e.: +# %controllers = ( "domain" => ["pdc","bdc"]); + +#%controllers = ( ".*" => ["tlc5",undef]); + +#define this if you wish to use a WINS server. If undefined, broadcast +# will be attempted. +$wins_server="c0wins"; + + +# Some servers (at least mine) really really want to be called by address. +# If this variable is defined, we'll ask nmblookup to do a reverse DNS on the +# DC addresses. It might fail though, for instance because you have a crappy +# DNS with no reverse zones or records. If it doesn't work, you'll have to +# fall back to the %controllers hack. +$try_reverse_dns=1; + +# Soem servers (at least mine) don't like to be called by their fully +# qualified name. define this if you wish to call them ONLY by their +# hostname. +$dont_use_fqdn=1; + +#no more user-serviceable parts +use Authen::Smb; + +#variables: +# %pdc used to cache the domain -> pdc_ip values. IT NEVER EXPIRES! + + +while (<>) { + if (! m;([^\\]+)(\\|/)(\S+)\s(.*); ) { #parse the line + print "ERR\n"; + next; + } + $domain=$1; + $user=$3; + $pass=$4; + print STDERR "domain: $domain, user: $user, pass=$pass\n" + if (defined ($debug)); + # check out that we know the PDC address + if (!$pdc{$domain}) { + ($pdc,$bdc)=&discover_dc($domain); + if ($pdc) { + $pdc{$domain}=$pdc; + $bdc{$domain}=$bdc; + } + } + $pdc=$pdc{$domain}; + $bdc=$bdc{$domain}; + if (!$pdc) { + #a pdc was not found + print "ERR\n"; + print STDERR "No PDC found\n" if (defined($debug)); + next; + } + + print STDERR "querying '$pdc' and '$bdc' for user '$domain\\$user', ". + "pass $pass\n" if (defined($debug)); + $result=Authen::Smb::authen($user,$pass,$pdc,$bdc,$domain); + print STDERR "result is: $nt_results{$result} ($result)\n" + if (defined($debug)); + if ($result == NTV_NO_ERROR) { + print STDERR ("OK for user '$domain\\$user'\n") if (defined($debug)); + print ("OK\n"); + } else { + print STDERR "Could not authenticate user '$domain\\$user'\n"; + print ("ERR\n"); + } +} + +#why do Microsoft servers have to be so damn picky and convoluted? +sub discover_dc { + my $domain = shift @_; + my ($pdc, $bdc, $lookupstring, $datum); + + foreach (keys %controllers) { + if ($domain =~ /$_/) { + print STDERR "DCs forced by user: $_ => ". + join(',',@{$controllers{$_}}). + "\n" if (defined($debug)); + return @{$controllers{$_}}; + } + } + $lookupstring="nmblookup"; + $lookupstring.=" -R -U $wins_server" if (defined($wins_server)); + $lookupstring.=" -T" if (defined($try_reverse_dns)); + $lookupstring.=" '$domain#1c'"; + print STDERR "Discovering PDC: $lookupstring\n" + if (defined($debug)); + #discover the PDC address + open(PDC,"$lookupstring|"); + while () { + print STDERR "response line: $_" if (defined($debug)); + if (m|(.*), (\d+\.\d+\.\d+\.\d+)|) { + $datum=$1; + print STDERR "matched $datum\n" if (defined($debug)); + if (defined($dont_use_fqdn) && $datum =~ /^([^.]+)\..*/) { + $datum=$1; + print STDERR "stripped domain name: $datum\n" if (defined($debug)); + } + } elsif (m|^(\d+\.\d+\.\d+\.\d+)|) { + $datum=$1; + } else { + #no data here, go to next line + next; + } + if ($datum) { + if ($pdc) { + $bdc=$datum; + print STDERR "BDC is $datum\n" if (defined($debug)); + last; + } else { + $pdc=$datum; + print STDERR "PDC is $datum\n" if (defined($debug)); + } + last; + } + } + close(PDC); + return ($pdc,$bdc) if ($pdc); + return 0; +} + Index: squid/src/auth/ntlm/Makefile.in =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/Attic/Makefile.in,v retrieving revision 1.1.2.4 retrieving revision 1.1.2.5 diff -u -r1.1.2.4 -r1.1.2.5 --- squid/src/auth/ntlm/Makefile.in 7 Jan 2001 02:49:32 -0000 1.1.2.4 +++ squid/src/auth/ntlm/Makefile.in 7 Jan 2001 14:52:25 -0000 1.1.2.5 @@ -6,6 +6,8 @@ AUTH = ntlm +SUBDIRS = helpers + top_srcdir = @top_srcdir@ VPATH = @srcdir@ @@ -26,6 +28,11 @@ all: $(OUT) + @for dir in $(SUBDIRS); do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) all" || exit 1; \ + fi; \ + done; $(OUT): $(OBJS) @rm -f ../stamp @@ -40,11 +47,21 @@ clean: -rm -rf *.o *pure_* core ../$(AUTH).a + -for dir in *; do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) clean"; \ + fi; \ + done distclean: clean -rm -f Makefile -rm -f Makefile.bak -rm -f tags + -for dir in *; do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) distclean"; \ + fi; \ + done install: --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/Makefile.in Wed Feb 14 00:48:20 2007 @@ -0,0 +1,38 @@ +# Makefile for storage modules in the Squid Object Cache server +# +# $Id$ +# + +# The 'nop' is in the SUBDIRS list because some Unixes that can't +# handle empty for lists. + +SUBDIRS = @NTLM_AUTH_HELPERS@ nop + +all: + @for dir in $(SUBDIRS); do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) all" || exit 1; \ + fi; \ + done; + +clean: + -for dir in *; do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) clean"; \ + fi; \ + done + +distclean: + -rm -f Makefile + -for dir in *; do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) distclean"; \ + fi; \ + done + +.DEFAULT: + @for dir in $(SUBDIRS); do \ + if [ -f $$dir/Makefile ]; then \ + sh -c "cd $$dir && $(MAKE) $@" || exit 1; \ + fi; \ + done; --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/Makefile.in Wed Feb 14 00:48:20 2007 @@ -0,0 +1,86 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id$ +# +# Uncomment and customize the following to suit your needs: +# + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +# Gotta love the DOS legacy +# +NTLM_AUTH_EXE = ntlm_auth$(exec_suffix) + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +CRYPTLIB = @CRYPTLIB@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +MV = @MV@ +RM = @RM@ +SHELL = /bin/sh + + +INCLUDE = -I. -I../../../../../include -I$(srcdir)/smbval -I$(top_srcdir)/include +CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) +AUTH_LIBS = -L../../../../../lib -lntlmauth -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) + +PROGS = $(NTLM_AUTH_EXE) +OBJS = ntlm_auth.o libntlmssp.o + +all: $(NTLM_AUTH_EXE) smbval/smbvalid.a + +$(OBJS): $(top_srcdir)/include/version.h ntlm.h + +$(NTLM_AUTH_EXE): $(OBJS) smbval/smbvalid.a + $(CC) $(LDFLAGS) $(OBJS) smbval/smbvalid.a -o $@ $(AUTH_LIBS) + +smbval/smbvalid.a: smbval/stamp + +smbval smbval/stamp: + @sh -c "cd smbval && $(MAKE) all" + +install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ + mkdir $(prefix); \ + fi + -@if test ! -d $(bindir); then \ + echo "mkdir $(bindir)"; \ + mkdir $(bindir); \ + fi + +install: all install-mkdirs + @for f in $(PROGS); do \ + if test -f $(bindir)/$$f; then \ + echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(bindir); \ + $(INSTALL_BIN) $$f $(bindir); \ + if test -f $(bindir)/-$$f; then \ + echo $(RM) -f $(bindir)/-$$f; \ + $(RM) -f $(bindir)/-$$f; \ + fi; \ + done + +clean: + -rm -rf *.o *pure_* core $(PROGS) + cd smbval; make clean + +distclean: clean + -rm -f Makefile + +depend: + $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/libntlmssp.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,221 @@ +/* + * (C) 2000 Francesco Chemolli + * Distributed freely under the terms of the GNU General Public License, + * version 2. See the file COPYING for licensing details + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + */ + + +#include "ntlm.h" +#include "util.h" /* from Squid */ +#include "valid.h" + +#if HAVE_STRING_H +#include +#endif /* HAVE_STRING_H */ +#if HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ +#ifdef HAVE_UNISTD_H +#include +#endif + +#include "smblib-priv.h" /* for SMB_Handle_Type */ + +/* a few forward-declarations. Hackish, but I don't care right now */ +SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type Con_Handle, + char *server, char *NTdomain); + +/* this one is reallllly haackiish. We really should be using anything from smblib-priv.h + */ +static char *SMB_Prots[] = +{"PC NETWORK PROGRAM 1.0", + "MICROSOFT NETWORKS 1.03", + "MICROSOFT NETWORKS 3.0", + "DOS LANMAN1.0", + "LANMAN1.0", + "DOS LM1.2X002", + "LM1.2X002", + "DOS LANMAN2.1", + "LANMAN2.1", + "Samba", + "NT LM 0.12", + "NT LANMAN 1.0", + NULL}; + +#if 0 +int SMB_Discon(SMB_Handle_Type Con_Handle, BOOL KeepHandle); +int SMB_Negotiate(void *Con_Handle, char *Prots[]); +int SMB_Logon_Server(SMB_Handle_Type Con_Handle, char *UserName, + char *PassWord, char *Domain, int precrypted); +#endif + +#ifdef DEBUG +#define debug_dump_ntlmssp_flags dump_ntlmssp_flags +#else /* DEBUG */ +#define debug_dump_ntlmssp_flags(X) /* empty */ +#endif /* DEBUG */ + + +static char challenge[NONCE_LEN]; +SMB_Handle_Type handle = NULL; + +/* Disconnects from the DC. A reconnection will be done upon the next request + */ +void +dc_disconnect() +{ + if (handle != NULL) + SMB_Discon(handle, 0); + handle = NULL; +} + +int +connectedp() +{ + return (handle != NULL); +} + + +/* Tries to connect to a DC. Returns 0 on failure, 1 on OK */ +int +is_dc_ok(char *domain, + char *domain_controller) +{ + SMB_Handle_Type h = SMB_Connect_Server(NULL, domain_controller, domain); + if (h == NULL) + return 0; + SMB_Discon(h, 0); + return 1; +} + + +/* returns 0 on success, > 0 on failure */ +static int +init_challenge(char *domain, char *domain_controller) +{ + int smberr; + char errstr[100]; + + if (handle != NULL) { + return 0; + } + debug("Connecting to server %s domain %s\n", domain_controller, domain); + handle = SMB_Connect_Server(NULL, domain_controller, domain); + smberr = SMB_Get_Last_Error(); + SMB_Get_Error_Msg(smberr, errstr, 100); + + + if (handle == NULL) { /* couldn't connect */ + debug("Couldn't connect to SMB Server. Error:%s\n", errstr); + return 1; + } + if (SMB_Negotiate(handle, SMB_Prots) < 0) { /* An error */ + debug("Error negotiating protocol with SMB Server\n"); + SMB_Discon(handle, 0); + handle = NULL; + return 2; + } + if (handle->Security == 0) { /* share-level security, unuseable */ + debug("SMB Server uses share-level security .. we need user sercurity.\n"); + SMB_Discon(handle, 0); + handle = NULL; + return 3; + } + memcpy(challenge, handle->Encrypt_Key, NONCE_LEN); + return 0; +} + +const char * +make_challenge(char *domain, char *domain_controller) +{ + if (init_challenge(domain, domain_controller) > 0) + return NULL; + return ntlm_make_challenge(domain, domain_controller, challenge, + NONCE_LEN); +} + +#define min(A,B) (Almresponse); + if (tmp.str == NULL) { + fprintf(stderr, "No auth at all. Returning no-auth\n"); + ntlm_errno = NTLM_LOGON_ERROR; + return NULL; + } + memcpy(pass, tmp.str, tmp.l); + pass[25] = '\0'; + +/* debug("fetching domain\n"); */ + tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->domain); + if (tmp.str == NULL) { + debug("No domain supplied. Returning no-auth\n"); + ntlm_errno = NTLM_LOGON_ERROR; + return NULL; + } + memcpy(domain, tmp.str, tmp.l); + user = domain + tmp.l; + *user++ = '\0'; + +/* debug("fetching user name\n"); */ + tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->user); + if (tmp.str == NULL) { + debug("No username supplied. Returning no-auth\n"); + ntlm_errno = NTLM_LOGON_ERROR; + return NULL; + } + memcpy(user, tmp.str, tmp.l); + *(user + tmp.l) = '\0'; + + debug("checking domain: '%s', user: '%s', pass='%s'\n", domain, user, pass); + + rv = SMB_Logon_Server(handle, user, pass, domain, 1); + + while ((rv == NTLM_BAD_PROTOCOL || rv == NTLM_SERVER_ERROR) + && retries < BAD_DC_RETRIES_NUMBER) { + retries++; + usleep((unsigned long) 100000); + rv = SMB_Logon_Server(handle, user, pass, domain, 1); + } + + debug("\tresult is %d\n", rv); + + if (rv != NTV_NO_ERROR) { /* failed */ + ntlm_errno = rv; + return NULL; + } + *(user - 1) = '\\'; + + debug("credentials: %s\n", credentials); + return credentials; +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/ntlm.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,100 @@ +/* + * (C) 2000 Francesco Chemolli , + * inspired by previous work by Andy Doran + * + * Distributed freely under the terms of the GNU General Public License, + * version 2. See the file COPYING for licensing details + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + */ + +#ifndef _NTLM_H_ +#define _NTLM_H_ + +#include "config.h" +#include "ntlmauth.h" + +/* for time_t */ +#if HAVE_TIME_H +#include +#endif +#if HAVE_SYS_TIME_H +#include +#endif + +/************* CONFIGURATION ***************/ +/* + * define this if you want debugging + */ +#define DEBUG + +/* + * Number of authentication attempts to perform in case of certain errors + */ +#define BAD_DC_RETRIES_NUMBER 3 + +/************* END CONFIGURATION ***************/ + +#include + + +/* Debugging stuff */ + +#ifdef __GNUC__ /* this is really a gcc-ism */ +#ifdef DEBUG +#include +#include +static char *__foo; +#define debug(X...) fprintf(stderr,"ntlm-auth[%d](%s:%d): ", getpid(), \ + ((__foo=strrchr(__FILE__,'/'))==NULL?__FILE__:__foo+1),\ + __LINE__);\ + fprintf(stderr,X) +#else /* DEBUG */ +#define debug(X...) /* */ +#endif /* DEBUG */ +#else /* __GNUC__ */ +#define debug(char *format, ...) {} /* Too lazy to write va_args stuff */ +#endif + + +/* A couple of harmless helper macros */ +#define SEND(X) debug("sending '%s' to squid\n",X); printf(X); printf("\n"); +#define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X,Y);\ + printf("\n"); + +extern int ntlm_errno; +#define NTLM_NO_ERROR 0 +#define NTLM_SERVER_ERROR 1 +#define NTLM_PROTOCOL_ERROR 2 +#define NTLM_LOGON_ERROR 3 +#define NTLM_BAD_PROTOCOL -1 +#define NTLM_NOT_CONNECTED 10 + + +const char *make_challenge(char *domain, char *controller); +extern char *ntlm_check_auth(ntlm_authenticate * auth, int auth_length); +void dc_disconnect(void); +int connectedp(void); +int is_dc_ok(char *domain, char *domain_controller); + +/* flags used for dc status */ +#define DC_OK 0x0 +#define DC_DEAD 0x1 + +typedef struct _dc dc; +struct _dc { + char *domain; + char *controller; + unsigned char status; + dc *next; +}; + + +#endif /* _NTLM_H_ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,336 @@ +/* + * (C) 2000 Francesco Chemolli + * Distributed freely under the terms of the GNU General Public License, + * version 2. See the file COPYING for licensing details + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + * + * Warning! We MIGHT be open to buffer overflows caused by malformed headers + * + * DONE list: + * use hashtable to cache authentications. Yummy performance-boost, security + * loss should be negligible for two reasons: + * - if they-re using NT, there's no security to speak of anyways + * - it can't get worse than basic authentication. + * cache expiration + * challenge hash expiry and renewal. + * PDC disconnect, after X minutes of inactivity + * + * TODO list: + * change syntax from options-driven to args-driven, with args domain + * or domain[/\]server, and an arbitrary number of backup Domain Controllers + * we don't really need the "status" management, it's more for debugging + * purposes. Remove it. + * Maybe we can cache the created challenge, saving more time? + * + */ + + +#include "config.h" +#include "ntlmauth.h" +#include "ntlm.h" +#include "util.h" + +#define BUFFER_SIZE 10240 + +#if HAVE_STDLIB_H +#include +#endif + + +#if HAVE_GETOPT_H +#include +#endif + + + +#ifdef HAVE_STRING_H +#include +#endif +#ifdef HAVE_CTYPE_H +#include +#endif + +char load_balance = 0, failover_enabled = 0, protocol_pedantic = 0; + +dc *controllers = NULL; +int numcontrollers = 0; +dc *current_dc; + +/* housekeeping cycle and periodic operations */ +static unsigned char need_dc_resurrection = 0; +static void +resurrect_dead_dc() +{ + int j; + dc *c = controllers; + + need_dc_resurrection = 0; + for (j = 0; j < numcontrollers; j++) + if (c->status != DC_OK && is_dc_ok(c->domain, c->controller)) + c->status = DC_OK; +} + +/* makes a null-terminated string upper-case. Changes CONTENTS! */ +static void +uc(char *string) +{ + char *p = string, c; + while ((c = *p)) { + *p = toupper(c); + p++; + } +} + +/* makes a null-terminated string lower-case. Changes CONTENTS! */ +static void +lc(char *string) +{ + char *p = string, c; + while ((c = *p)) { + *p = tolower(c); + p++; + } +} + +/* + * options: + * -b try load-balancing the domain-controllers + * -f fail-over to another DC if DC connection fails. + * domain\controller ... + */ +void +process_options(int argc, char *argv[]) +{ + int opt, j, had_error = 0; + dc *new_dc = NULL, *last_dc = NULL; + while (-1 != (opt = getopt(argc, argv, "bf"))) { + switch (opt) { + case 'b': + load_balance = 1; + break; + case 'f': + failover_enabled = 1; + break; + default: + fprintf(stderr, "unknown option: -%c. Exiting\n", opt); + had_error = 1; + } + } + if (had_error) + exit(1); + /* Okay, now begin filling controllers up */ + /* we can avoid memcpy-ing, and just reuse argv[] */ + for (j = optind; j < argc; j++) { + char *d, *c; + d = argv[j]; + if (NULL == (c = strchr(d, '\\')) && NULL == (c = strchr(d, '/'))) { + fprintf(stderr, "Couldn't grok domain-controller %s\n", d); + continue; + } + *c++ = '\0'; + new_dc = (dc *) malloc(sizeof(dc)); + if (!new_dc) { + fprintf(stderr, "Malloc error while parsing DC options\n"); + continue; + } + /* capitalize */ + uc(c); + uc(d); + numcontrollers++; + new_dc->domain = d; + new_dc->controller = c; + new_dc->status = DC_OK; + if (controllers == NULL) { /* first controller */ + controllers = new_dc; + last_dc = new_dc; + } else { + last_dc->next = new_dc; /* can't be null */ + last_dc = new_dc; + } + } + if (numcontrollers == 0) { + fprintf(stderr, "You must specify at least one domain-controller!\n"); + exit(1); + } + last_dc->next = controllers; /* close the queue, now it's circular */ +} + +/* tries connecting to the domain controllers in the "controllers" ring, + * with failover if the adequate option is specified. + */ +const char * +obtain_challenge() +{ + int j = 0; + const char *ch; + for (j = 0; j < numcontrollers; j++) { + if (current_dc->status == DC_OK) { + ch = make_challenge(current_dc->domain, current_dc->controller); + if (ch) + return ch; /* All went OK, returning */ + /* Huston, we've got a problem. Take this DC out of the loop */ + current_dc->status = DC_DEAD; + need_dc_resurrection = 1; + } + if (failover_enabled == 0) /* No failover. Just return */ + return NULL; + /* Try with the next */ + current_dc = current_dc->next; + } + return NULL; +} + +void +manage_request() +{ + ntlmhdr *fast_header; + char buf[10240]; + const char *ch; + char *ch2, *decoded, *cred; + int plen; + + if (fgets(buf, BUFFER_SIZE, stdin) == NULL) + exit(0); /* BIIG buffer */ + ch2 = memchr(buf, '\n', BUFFER_SIZE); /* safer against overrun than strchr */ + if (ch2) { + *ch2 = '\0'; /* terminate the string at newline. */ + ch = ch2; + } + debug("ntlm authenticator. Got '%s' from Squid\n", buf); + + if (memcmp(buf, "KK ", 3) == 0) { /* authenticate-request */ + /* figure out what we got */ + decoded = base64_decode(buf + 3); + /* Note: we don't need to manage memory at this point, since + * base64_decode returns a pointer to static storage. + */ + + if (!decoded) { /* decoding failure, return error */ + SEND("NA Packet format error, couldn't base64-decode"); + return; + } + /* fast-track-decode request type. */ + fast_header = (struct _ntlmhdr *) decoded; + + /* sanity-check: it IS a NTLMSSP packet, isn't it? */ + if (memcmp(fast_header->signature, "NTLMSSP", 8) != 0) { + SEND("NA Broken authentication packet"); + return; + } + switch (fast_header->type) { + case NTLM_NEGOTIATE: + SEND("NA Invalid negotiation request received"); + return; + /* notreached */ + case NTLM_CHALLENGE: + SEND("NA Got a challenge. We refuse to have our authority disputed"); + return; + /* notreached */ + case NTLM_AUTHENTICATE: + /* check against the DC */ + plen = strlen(buf) * 3 / 4; /* we only need it here. Optimization */ + cred = ntlm_check_auth((ntlm_authenticate *) decoded, plen); + if (cred == NULL) { + switch (ntlm_errno) { + case NTLM_LOGON_ERROR: + SEND("NA authentication failure"); + dc_disconnect(); + current_dc = current_dc->next; + return; + case NTLM_SERVER_ERROR: + SEND("BH Domain Controller Error"); + dc_disconnect(); + current_dc = current_dc->next; + return; + case NTLM_PROTOCOL_ERROR: + SEND("BH Domain Controller communication error"); + dc_disconnect(); + current_dc = current_dc->next; + return; + case NTLM_NOT_CONNECTED: + SEND("BH Domain Controller (or network) died on us"); + dc_disconnect(); + current_dc = current_dc->next; + return; + case NTLM_BAD_PROTOCOL: + SEND("BH Domain controller failure"); + dc_disconnect(); + current_dc = current_dc->next; + return; + default: + SEND("BH Unhandled error while talking to Domain Controller"); + dc_disconnect(); + current_dc = current_dc->next; + return; + } + } + lc(cred); /* let's lowercase them for our convenience */ + SEND2("AF %s", cred); + return; + default: + SEND("BH unknown authentication packet type"); + return; + } + + + return; + } + if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ + dc_disconnect(); + ch = obtain_challenge(); + while (ch == NULL) { + sleep(30); + ch = obtain_challenge(); + } + SEND2("TT %s", ch); + if (need_dc_resurrection) /* looks like a good moment... */ + resurrect_dead_dc(); + return; + } + SEND("BH Helper detected protocol error"); + return; +/********* END ********/ + + +} + +int +main(int argc, char *argv[]) +{ + + debug("starting up...\n"); + + process_options(argc, argv); + + debug("options processed OK\n"); + + /* initialize FDescs */ + setbuf(stdout, NULL); + setbuf(stderr, NULL); + + /* select the first domain controller we're going to use */ + current_dc = controllers; + if (load_balance != 0 && numcontrollers > 1) { + int n; + pid_t pid = getpid(); + n = pid % numcontrollers; + debug("load balancing. Selected controller #%d\n", n); + while (n > 0) { + current_dc = current_dc->next; + n--; + } + } + while (1) { + debug("managing request\n"); + manage_request(); + } + return 0; +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/Makefile.in Wed Feb 14 00:48:20 2007 @@ -0,0 +1,52 @@ +# makefile for smblib +# Type make system, where system is ULTRIX, DU, DECOSF1, Solaris etc + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +INSTALL_FILE = @INSTALL_DATA@ +RANLIB = @RANLIB@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ +RM = @RM@ +AR_R = @AR_R@ + +CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) +# CFLAGS = -fpic -g + +INCLUDE = -I. -I../../../../../../include -I$(top_srcdir)/include +INCLUDES = smblib.h smblib-priv.h + +#RFCNB = session.o rfcnb-util.o rfcnb-io.o + +#OBJS = smblib.o smblib-util.o file.o smb-errors.o exper.o smblib-api.o smbencrypt.o smbdes.o md4.o + +VALIDATE = valid.o session.o rfcnb-util.o \ + rfcnb-io.o smblib-util.o smblib.o smbencrypt.o smbdes.o md4.o + +#.SUFFIXES: .c .o .h + +dummy: all + +smbvalid.a: $(VALIDATE) + $(RM) -f $@ + $(AR_R) $@ $(VALIDATE) + $(RANLIB) $@ + +all: smbvalid.a + +#.c.o: $(INCLUDES) + +clean: + $(RM) -f *.o smbvalid.a *~ + --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/byteorder.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,80 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * SMB Byte handling + * Copyright (C) Andrew Tridgell 1992-1995 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* + * This file implements macros for machine independent short and + * int manipulation + */ + +#undef CAREFUL_ALIGNMENT + +/* we know that the 386 can handle misalignment and has the "right" + * byteorder */ +#ifdef __i386__ +#define CAREFUL_ALIGNMENT 0 +#endif + +#ifndef CAREFUL_ALIGNMENT +#define CAREFUL_ALIGNMENT 1 +#endif + +#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) +#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) +#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) + + +#if CAREFUL_ALIGNMENT +#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) +#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) +#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) +#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) +#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) +#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) +#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) +#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) +#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) +#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) +#else +/* this handles things for architectures like the 386 that can handle + * alignment errors */ +/* + * WARNING: This section is dependent on the length of int16 and int32 + * being correct + */ +#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) +#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) +#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) +#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) +#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) +#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) +#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) +#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) +#endif + + +/* now the reverse routines - these are used in nmb packets (mostly) */ +#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) +#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) + +#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) +#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) +#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) +#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/md4.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,210 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * a implementation of MD4 designed for use in the SMB authentication protocol + * Copyright (C) Andrew Tridgell 1997 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +/* NOTE: This code makes no attempt to be fast! + * + * It assumes that a int is at least 32 bits long + */ +#include + +typedef unsigned int uint32; + +static uint32 A, B, C, D; + +static uint32 +F(uint32 X, uint32 Y, uint32 Z) +{ + return (X & Y) | ((~X) & Z); +} + +static uint32 +G(uint32 X, uint32 Y, uint32 Z) +{ + return (X & Y) | (X & Z) | (Y & Z); +} + +static uint32 +H(uint32 X, uint32 Y, uint32 Z) +{ + return X ^ Y ^ Z; +} + +static uint32 +lshift(uint32 x, int s) +{ + x &= 0xFFFFFFFF; + return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); +} + +#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) +#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) +#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) + +/* this applies md4 to 64 byte chunks */ +static void +mdfour64(uint32 * M) +{ + int j; + uint32 AA, BB, CC, DD; + uint32 X[16]; + + for (j = 0; j < 16; j++) + X[j] = M[j]; + + AA = A; + BB = B; + CC = C; + DD = D; + + ROUND1(A, B, C, D, 0, 3); + ROUND1(D, A, B, C, 1, 7); + ROUND1(C, D, A, B, 2, 11); + ROUND1(B, C, D, A, 3, 19); + ROUND1(A, B, C, D, 4, 3); + ROUND1(D, A, B, C, 5, 7); + ROUND1(C, D, A, B, 6, 11); + ROUND1(B, C, D, A, 7, 19); + ROUND1(A, B, C, D, 8, 3); + ROUND1(D, A, B, C, 9, 7); + ROUND1(C, D, A, B, 10, 11); + ROUND1(B, C, D, A, 11, 19); + ROUND1(A, B, C, D, 12, 3); + ROUND1(D, A, B, C, 13, 7); + ROUND1(C, D, A, B, 14, 11); + ROUND1(B, C, D, A, 15, 19); + + ROUND2(A, B, C, D, 0, 3); + ROUND2(D, A, B, C, 4, 5); + ROUND2(C, D, A, B, 8, 9); + ROUND2(B, C, D, A, 12, 13); + ROUND2(A, B, C, D, 1, 3); + ROUND2(D, A, B, C, 5, 5); + ROUND2(C, D, A, B, 9, 9); + ROUND2(B, C, D, A, 13, 13); + ROUND2(A, B, C, D, 2, 3); + ROUND2(D, A, B, C, 6, 5); + ROUND2(C, D, A, B, 10, 9); + ROUND2(B, C, D, A, 14, 13); + ROUND2(A, B, C, D, 3, 3); + ROUND2(D, A, B, C, 7, 5); + ROUND2(C, D, A, B, 11, 9); + ROUND2(B, C, D, A, 15, 13); + + ROUND3(A, B, C, D, 0, 3); + ROUND3(D, A, B, C, 8, 9); + ROUND3(C, D, A, B, 4, 11); + ROUND3(B, C, D, A, 12, 15); + ROUND3(A, B, C, D, 2, 3); + ROUND3(D, A, B, C, 10, 9); + ROUND3(C, D, A, B, 6, 11); + ROUND3(B, C, D, A, 14, 15); + ROUND3(A, B, C, D, 1, 3); + ROUND3(D, A, B, C, 9, 9); + ROUND3(C, D, A, B, 5, 11); + ROUND3(B, C, D, A, 13, 15); + ROUND3(A, B, C, D, 3, 3); + ROUND3(D, A, B, C, 11, 9); + ROUND3(C, D, A, B, 7, 11); + ROUND3(B, C, D, A, 15, 15); + + A += AA; + B += BB; + C += CC; + D += DD; + + A &= 0xFFFFFFFF; + B &= 0xFFFFFFFF; + C &= 0xFFFFFFFF; + D &= 0xFFFFFFFF; + + for (j = 0; j < 16; j++) + X[j] = 0; +} + +static void +copy64(uint32 * M, unsigned char *in) +{ + int i; + + for (i = 0; i < 16; i++) + M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | + (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0); +} + +static void +copy4(unsigned char *out, uint32 x) +{ + out[0] = x & 0xFF; + out[1] = (x >> 8) & 0xFF; + out[2] = (x >> 16) & 0xFF; + out[3] = (x >> 24) & 0xFF; +} + +/* produce a md4 message digest from data of length n bytes */ +void +mdfour(unsigned char *out, unsigned char *in, int n) +{ + unsigned char buf[128]; + uint32 M[16]; + uint32 b = n * 8; + int i; + + A = 0x67452301; + B = 0xefcdab89; + C = 0x98badcfe; + D = 0x10325476; + + while (n > 64) { + copy64(M, in); + mdfour64(M); + in += 64; + n -= 64; + } + + for (i = 0; i < 128; i++) + buf[i] = 0; + memcpy(buf, in, n); + buf[n] = 0x80; + + if (n <= 55) { + copy4(buf + 56, b); + copy64(M, buf); + mdfour64(M); + } else { + copy4(buf + 120, b); + copy64(M, buf); + mdfour64(M); + copy64(M, buf + 64); + mdfour64(M); + } + + for (i = 0; i < 128; i++) + buf[i] = 0; + copy64(M, buf); + + copy4(out, A); + copy4(out + 4, B); + copy4(out + 8, C); + copy4(out + 12, D); + + A = B = C = D = 0; +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/md4.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1 @@ +void mdfour(unsigned char *out, unsigned char *in, int n); --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-common.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,34 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Common Structures etc Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* A data structure we need */ + +typedef struct RFCNB_Pkt { + + char *data; /* The data in this portion */ + int len; + struct RFCNB_Pkt *next; + +} RFCNB_Pkt; --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-error.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,74 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Error Response Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* Error responses */ + +#define RFCNBE_Bad -1 /* Bad response */ +#define RFCNBE_OK 0 + +/* these should follow the spec ... is there one ? */ + +#define RFCNBE_NoSpace 1 /* Could not allocate space for a struct */ +#define RFCNBE_BadName 2 /* Could not translate a name */ +#define RFCNBE_BadRead 3 /* Read sys call failed */ +#define RFCNBE_BadWrite 4 /* Write Sys call failed */ +#define RFCNBE_ProtErr 5 /* Protocol Error */ +#define RFCNBE_ConGone 6 /* Connection dropped */ +#define RFCNBE_BadHandle 7 /* Handle passed was bad */ +#define RFCNBE_BadSocket 8 /* Problems creating socket */ +#define RFCNBE_ConnectFailed 9 /* Connect failed */ +#define RFCNBE_CallRejNLOCN 10 /* Call rejected, not listening on CN */ +#define RFCNBE_CallRejNLFCN 11 /* Call rejected, not listening for CN */ +#define RFCNBE_CallRejCNNP 12 /* Call rejected, called name not present */ +#define RFCNBE_CallRejInfRes 13 /* Call rejetced, name ok, no resources */ +#define RFCNBE_CallRejUnSpec 14 /* Call rejected, unspecified error */ +#define RFCNBE_BadParam 15 /* Bad parameters passed ... */ +#define RFCNBE_Timeout 16 /* IO Timed out */ + +/* Text strings for the error responses */ +extern char *RFCNB_Error_Strings[]; +/* + * static char *RFCNB_Error_Strings[] = { + * + * "RFCNBE_OK: Routine completed successfully.", + * "RFCNBE_NoSpace: No space available for a malloc call.", + * "RFCNBE_BadName: NetBIOS name could not be translated to IP address.", + * "RFCNBE_BadRead: Read system call returned an error. Check errno.", + * "RFCNBE_BadWrite: Write system call returned an error. Check errno.", + * "RFCNBE_ProtErr: A protocol error has occurred.", + * "RFCNBE_ConGone: Connection dropped during a read or write system call.", + * "RFCNBE_BadHandle: Bad connection handle passed.", + * "RFCNBE_BadSocket: Problems creating socket.", + * "RFCNBE_ConnectFailed: Connection failed. See errno.", + * "RFCNBE_CallRejNLOCN: Call rejected. Not listening on called name.", + * "RFCNBE_CallRejNLFCN: Call rejected. Not listening for called name.", + * "RFCNBE_CallRejCNNP: Call rejected. Called name not present.", + * "RFCNBE_CallRejInfRes: Call rejected. Name present, but insufficient resources.", + * "RFCNBE_CallRejUnSpec: Call rejected. Unspecified error.", + * "RFCNBE_BadParam: Bad parameters passed to a routine.", + * "RFCNBE_Timeout: IO Operation timed out ..." + * + * }; + */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-io.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,400 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NEtBIOS implementation + * + * Version 1.0 + * RFCNB IO Routines ... + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +/* #include */ +#include "config.h" +#include "std-includes.h" +#include "rfcnb-priv.h" +#include "rfcnb-util.h" +#include "rfcnb-io.h" +#include +#include +#include + +int RFCNB_Timeout = 0; /* Timeout in seconds ... */ + +void +rfcnb_alarm(int sig) +{ + + fprintf(stderr, "IO Timed out ...\n"); + +} + +/* Set timeout value and setup signal handling */ + +int +RFCNB_Set_Timeout(int seconds) +{ + /* If we are on a Bezerkeley system, use sigvec, else sigaction */ +#if HAVE_SIGACTION + struct sigaction inact, outact; +#else + struct sigvec invec, outvec; +#endif + + RFCNB_Timeout = seconds; + + if (RFCNB_Timeout > 0) { /* Set up handler to ignore but not restart */ + +#if HAVE_SIGACTION + inact.sa_handler = (void (*)()) rfcnb_alarm; + sigemptyset(&inact.sa_mask); + inact.sa_flags = 0; /* Don't restart */ + + if (sigaction(SIGALRM, &inact, &outact) < 0) + return (-1); +#else + invec.sv_handler = (void (*)()) rfcnb_alarm; + invec.sv_mask = 0; + invec.sv_flags = SV_INTERRUPT; + + if (sigvec(SIGALRM, &invec, &outvec) < 0) + return (-1); +#endif + + } + return (0); + +} + +/* Discard the rest of an incoming packet as we do not have space for it + * in the buffer we allocated or were passed ... */ + +int +RFCNB_Discard_Rest(struct RFCNB_Con *con, int len) +{ + char temp[100]; /* Read into here */ + int rest, this_read, bytes_read; + + /* len is the amount we should read */ + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Discard_Rest called to discard: %i\n", len); +#endif + + rest = len; + + while (rest > 0) { + + this_read = (rest > sizeof(temp) ? sizeof(temp) : rest); + + bytes_read = read(con->fd, temp, this_read); + + if (bytes_read <= 0) { /* Error so return */ + + if (bytes_read < 0) + RFCNB_errno = RFCNBE_BadRead; + else + RFCNB_errno = RFCNBE_ConGone; + + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + rest = rest - bytes_read; + + } + + return (0); + +} + + +/* Send an RFCNB packet to the connection. + * + * We just send each of the blocks linked together ... + * + * If we can, try to send it as one iovec ... + * + */ + +int +RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len) +{ + int len_sent, tot_sent, this_len; + struct RFCNB_Pkt *pkt_ptr; + char *this_data; + int i; + struct iovec io_list[10]; /* We should never have more */ + /* If we do, this will blow up ... */ + + /* Try to send the data ... We only send as many bytes as len claims */ + /* We should try to stuff it into an IOVEC and send as one write */ + + + pkt_ptr = pkt; + len_sent = tot_sent = 0; /* Nothing sent so far */ + i = 0; + + while ((pkt_ptr != NULL) & (i < 10)) { /* Watch that magic number! */ + + this_len = pkt_ptr->len; + this_data = pkt_ptr->data; + if ((tot_sent + this_len) > len) + this_len = len - tot_sent; /* Adjust so we don't send too much */ + + /* Now plug into the iovec ... */ + + io_list[i].iov_len = this_len; + io_list[i].iov_base = this_data; + i++; + + tot_sent += this_len; + + if (tot_sent == len) + break; /* Let's not send too much */ + + pkt_ptr = pkt_ptr->next; + + } + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Frags = %i, tot_sent = %i\n", i, tot_sent); +#endif + + /* Set up an alarm if timeouts are set ... */ + + if (RFCNB_Timeout > 0) + alarm(RFCNB_Timeout); + + if ((len_sent = writev(con->fd, io_list, i)) < 0) { /* An error */ + + con->rfc_errno = errno; + if (errno == EINTR) /* We were interrupted ... */ + RFCNB_errno = RFCNBE_Timeout; + else + RFCNB_errno = RFCNBE_BadWrite; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + if (len_sent < tot_sent) { /* Less than we wanted */ + if (errno == EINTR) /* We were interrupted */ + RFCNB_errno = RFCNBE_Timeout; + else + RFCNB_errno = RFCNBE_BadWrite; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + } + if (RFCNB_Timeout > 0) + alarm(0); /* Reset that sucker */ + +#ifdef RFCNB_DEBUG + + fprintf(stderr, "Len sent = %i ...\n", len_sent); + RFCNB_Print_Pkt(stderr, "sent", pkt, len_sent); /* Print what send ... */ + +#endif + + return (len_sent); + +} + +/* Read an RFCNB packet off the connection. + * + * We read the first 4 bytes, that tells us the length, then read the + * rest. We should implement a timeout, but we don't just yet + * + */ + + +int +RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len) +{ + int read_len, pkt_len; + char hdr[RFCNB_Pkt_Hdr_Len]; /* Local space for the header */ + struct RFCNB_Pkt *pkt_frag; + int more, this_time, offset, frag_len, this_len; + BOOL seen_keep_alive = TRUE; + + /* Read that header straight into the buffer */ + + if (len < RFCNB_Pkt_Hdr_Len) { /* What a bozo */ + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Trying to read less than a packet:"); + perror(""); +#endif + RFCNB_errno = RFCNBE_BadParam; + return (RFCNBE_Bad); + + } + /* We discard keep alives here ... */ + + if (RFCNB_Timeout > 0) + alarm(RFCNB_Timeout); + + while (seen_keep_alive) { + + if ((read_len = read(con->fd, hdr, sizeof(hdr))) < 0) { /* Problems */ +#ifdef RFCNB_DEBUG + fprintf(stderr, "Reading the packet, we got:"); + perror(""); +#endif + if (errno == EINTR) + RFCNB_errno = RFCNBE_Timeout; + else + RFCNB_errno = RFCNBE_BadRead; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + /* Now we check out what we got */ + + if (read_len == 0) { /* Connection closed, send back eof? */ + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Connection closed reading\n"); +#endif + + if (errno == EINTR) + RFCNB_errno = RFCNBE_Timeout; + else + RFCNB_errno = RFCNBE_ConGone; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + if (RFCNB_Pkt_Type(hdr) == RFCNB_SESSION_KEEP_ALIVE) { + +#ifdef RFCNB_DEBUG + fprintf(stderr, "RFCNB KEEP ALIVE received\n"); +#endif + + } else { + seen_keep_alive = FALSE; + } + + } + + /* What if we got less than or equal to a hdr size in bytes? */ + + if (read_len < sizeof(hdr)) { /* We got a small packet */ + + /* Now we need to copy the hdr portion we got into the supplied packet */ + + memcpy(pkt->data, hdr, read_len); /*Copy data */ + +#ifdef RFCNB_DEBUG + RFCNB_Print_Pkt(stderr, "rcvd", pkt, read_len); +#endif + + return (read_len); + + } + /* Now, if we got at least a hdr size, alloc space for rest, if we need it */ + + pkt_len = RFCNB_Pkt_Len(hdr); + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Reading Pkt: Length = %i\n", pkt_len); +#endif + + /* Now copy in the hdr */ + + memcpy(pkt->data, hdr, sizeof(hdr)); + + /* Get the rest of the packet ... first figure out how big our buf is? */ + /* And make sure that we handle the fragments properly ... Sure should */ + /* use an iovec ... */ + + if (len < pkt_len) /* Only get as much as we have space for */ + more = len - RFCNB_Pkt_Hdr_Len; + else + more = pkt_len; + + this_time = 0; + + /* We read for each fragment ... */ + + if (pkt->len == read_len) { /* If this frag was exact size */ + pkt_frag = pkt->next; /* Stick next lot in next frag */ + offset = 0; /* then we start at 0 in next */ + } else { + pkt_frag = pkt; /* Otherwise use rest of this frag */ + offset = RFCNB_Pkt_Hdr_Len; /* Otherwise skip the header */ + } + + frag_len = pkt_frag->len; + + if (more <= frag_len) /* If len left to get less than frag space */ + this_len = more; /* Get the rest ... */ + else + this_len = frag_len - offset; + + while (more > 0) { + + if ((this_time = read(con->fd, (pkt_frag->data) + offset, this_len)) <= 0) { /* Problems */ + + if (errno == EINTR) { + + RFCNB_errno = RFCNB_Timeout; + + } else { + if (this_time < 0) + RFCNB_errno = RFCNBE_BadRead; + else + RFCNB_errno = RFCNBE_ConGone; + } + + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } +#ifdef RFCNB_DEBUG + fprintf(stderr, "Frag_Len = %i, this_time = %i, this_len = %i, more = %i\n", frag_len, + this_time, this_len, more); +#endif + + read_len = read_len + this_time; /* How much have we read ... */ + + /* Now set up the next part */ + + if (pkt_frag->next == NULL) + break; /* That's it here */ + + pkt_frag = pkt_frag->next; + this_len = pkt_frag->len; + offset = 0; + + more = more - this_time; + + } + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Pkt Len = %i, read_len = %i\n", pkt_len, read_len); + RFCNB_Print_Pkt(stderr, "rcvd", pkt, read_len + sizeof(hdr)); +#endif + + if (read_len < (pkt_len + sizeof(hdr))) { /* Discard the rest */ + + return (RFCNB_Discard_Rest(con, (pkt_len + sizeof(hdr)) - read_len)); + + } + if (RFCNB_Timeout > 0) + alarm(0); /* Reset that sucker */ + + return (read_len + sizeof(RFCNB_Hdr)); +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-io.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,30 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB IO Routines Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +int RFCNB_Put_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len); + +int RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len); + +void RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt); --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-priv.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,156 @@ +#ifndef __RFCNB_H__ +#define __RFCNB_H__ + +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* Defines we need */ + +typedef unsigned short uint16; + +#define GLOBAL extern + +#include "rfcnb-error.h" +#include "rfcnb-common.h" +#include "byteorder.h" + +#ifdef RFCNB_PORT +#define RFCNB_Default_Port RFCNB_PORT +#else +#define RFCNB_Default_Port 139 +#endif + +#define RFCNB_MAX_STATS 1 + +/* Protocol defines we need */ + +#define RFCNB_SESSION_MESSAGE 0 +#define RFCNB_SESSION_REQUEST 0x81 +#define RFCNB_SESSION_ACK 0x82 +#define RFCNB_SESSION_REJ 0x83 +#define RFCNB_SESSION_RETARGET 0x84 +#define RFCNB_SESSION_KEEP_ALIVE 0x85 + +/* Structures */ + +typedef struct redirect_addr *redirect_ptr; + +struct redirect_addr { + + struct in_addr ip_addr; + int port; + redirect_ptr next; + +}; + +typedef struct RFCNB_Con { + + int fd; /* File descripter for TCP/IP connection */ + int rfc_errno; /* last error */ + int timeout; /* How many milli-secs before IO times out */ + int redirects; /* How many times we were redirected */ + struct redirect_addr *redirect_list; /* First is first address */ + struct redirect_addr *last_addr; + +} RFCNB_Con; + +typedef char RFCNB_Hdr[4]; /* The header is 4 bytes long with */ + /* char[0] as the type, char[1] the */ + /* flags, and char[2..3] the length */ + +/* Macros to extract things from the header. These are for portability + * between architecture types where we are worried about byte order */ + +#define RFCNB_Pkt_Hdr_Len 4 +#define RFCNB_Pkt_Sess_Len 72 +#define RFCNB_Pkt_Retarg_Len 10 +#define RFCNB_Pkt_Nack_Len 5 +#define RFCNB_Pkt_Type_Offset 0 +#define RFCNB_Pkt_Flags_Offset 1 +#define RFCNB_Pkt_Len_Offset 2 /* Length is 2 bytes plus a flag bit */ +#define RFCNB_Pkt_N1Len_Offset 4 +#define RFCNB_Pkt_Called_Offset 5 +#define RFCNB_Pkt_N2Len_Offset 38 +#define RFCNB_Pkt_Calling_Offset 39 +#define RFCNB_Pkt_Error_Offset 4 +#define RFCNB_Pkt_IP_Offset 4 +#define RFCNB_Pkt_Port_Offset 8 + +/* The next macro isolates the length of a packet, including the bit in the + * flags */ + +#define RFCNB_Pkt_Len(p) (PVAL(p, 3) | (PVAL(p, 2) << 8) | \ + ((PVAL(p, RFCNB_Pkt_Flags_Offset) & 0x01) << 16)) + +#define RFCNB_Put_Pkt_Len(p, v) (p[1] = (((v) >> 16) & 1)); \ + (p[2] = (((v) >> 8) & 0xFF)); \ + (p[3] = ((v) & 0xFF)); + +#define RFCNB_Pkt_Type(p) (CVAL(p, RFCNB_Pkt_Type_Offset)) + +/*typedef struct RFCNB_Hdr { + * + * unsigned char type; + * unsigned char flags; + * int16 len; + * + * } RFCNB_Hdr; + * + * typedef struct RFCNB_Sess_Pkt { + * unsigned char type; + * unsigned char flags; + * int16 length; + * unsigned char n1_len; + * char called_name[33]; + * unsigned char n2_len; + * char calling_name[33]; + * } RFCNB_Sess_Pkt; + * + * + * typedef struct RFCNB_Nack_Pkt { + * + * struct RFCNB_Hdr hdr; + * unsigned char error; + * + * } RFCNB_Nack_Pkt; + * + * typedef struct RFCNB_Retarget_Pkt { + * + * struct RFCNB_Hdr hdr; + * int dest_ip; + * unsigned char port; + * + * } RFCNB_Redir_Pkt; */ + +/* Static variables */ + +/* Only declare this if not defined */ + +#ifndef RFCNB_ERRNO +extern int RFCNB_errno; +extern int RFCNB_saved_errno; /* Save this from point of error */ +#endif + +#endif /* __RFCNB_H__ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-util.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,529 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Utility Routines ... + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include + +#include "std-includes.h" +#include "rfcnb-priv.h" +#include "rfcnb-util.h" +#include "rfcnb-io.h" +#include + + +extern void (*Prot_Print_Routine) (); /* Pointer to protocol print routine */ + +/* Convert name and pad to 16 chars as needed */ +/* Name 1 is a C string with null termination, name 2 may not be */ +/* If SysName is true, then put a <00> on end, else space> */ + +void +RFCNB_CvtPad_Name(char *name1, char *name2) +{ + char c, c1, c2; + int i, len; + + len = strlen(name1); + + for (i = 0; i < 16; i++) { + + if (i >= len) { + + c1 = 'C'; + c2 = 'A'; /* CA is a space */ + + } else { + + c = name1[i]; + c1 = (char) ((int) c / 16 + (int) 'A'); + c2 = (char) ((int) c % 16 + (int) 'A'); + } + + name2[i * 2] = c1; + name2[i * 2 + 1] = c2; + + } + + name2[32] = 0; /* Put in the nll ... */ + +} + +/* Converts an Ascii NB Name (16 chars) to an RFCNB Name (32 chars) + * Uses the encoding in RFC1001. Each nibble of byte is added to 'A' + * to produce the next byte in the name. + * + * This routine assumes that AName is 16 bytes long and that NBName has + * space for 32 chars, so be careful ... + * + */ + +void +RFCNB_AName_To_NBName(char *AName, char *NBName) +{ + char c, c1, c2; + int i; + + for (i = 0; i < 16; i++) { + + c = AName[i]; + + c1 = (char) ((c >> 4) + 'A'); + c2 = (char) ((c & 0xF) + 'A'); + + NBName[i * 2] = c1; + NBName[i * 2 + 1] = c2; + } + + NBName[32] = 0; /* Put in a null */ + +} + +/* Do the reverse of the above ... */ + +void +RFCNB_NBName_To_AName(char *NBName, char *AName) +{ + char c, c1, c2; + int i; + + for (i = 0; i < 16; i++) { + + c1 = NBName[i * 2]; + c2 = NBName[i * 2 + 1]; + + c = (char) (((int) c1 - (int) 'A') * 16 + ((int) c2 - (int) 'A')); + + AName[i] = c; + + } + + AName[i] = 0; /* Put a null on the end ... */ + +} + +/* Print a string of bytes in HEX etc */ + +void +RFCNB_Print_Hex(FILE * fd, struct RFCNB_Pkt *pkt, int Offset, int Len) +{ + char c1, c2, outbuf1[33]; + unsigned char c; + int i, j; + struct RFCNB_Pkt *pkt_ptr = pkt; + static char Hex_List[17] = "0123456789ABCDEF"; + + j = 0; + + /* We only want to print as much as sepcified in Len */ + + while (pkt_ptr != NULL) { + + for (i = 0; + i < ((Len > (pkt_ptr->len) ? pkt_ptr->len : Len) - Offset); + i++) { + + c = pkt_ptr->data[i + Offset]; + c1 = Hex_List[c >> 4]; + c2 = Hex_List[c & 0xF]; + + outbuf1[j++] = c1; + outbuf1[j++] = c2; + + if (j == 32) { /* Print and reset */ + outbuf1[j] = 0; + fprintf(fd, " %s\n", outbuf1); + j = 0; + } + } + + Offset = 0; + Len = Len - pkt_ptr->len; /* Reduce amount by this much */ + pkt_ptr = pkt_ptr->next; + + } + + /* Print last lot in the buffer ... */ + + if (j > 0) { + + outbuf1[j] = 0; + fprintf(fd, " %s\n", outbuf1); + + } + fprintf(fd, "\n"); + +} + +/* Get a packet of size n */ + +struct RFCNB_Pkt * +RFCNB_Alloc_Pkt(int n) +{ + RFCNB_Pkt *pkt; + + if ((pkt = (struct RFCNB_Pkt *) malloc(sizeof(struct RFCNB_Pkt))) == NULL) { + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + return (NULL); + + } + pkt->next = NULL; + pkt->len = n; + + if (n == 0) + return (pkt); + + if ((pkt->data = (char *) malloc(n)) == NULL) { + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + free(pkt); + return (NULL); + + } + return (pkt); + +} + +/* Free up a packet */ + +void +RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt) +{ + struct RFCNB_Pkt *pkt_next; + char *data_ptr; + + while (pkt != NULL) { + + pkt_next = pkt->next; + + data_ptr = pkt->data; + + if (data_ptr != NULL) + free(data_ptr); + + free(pkt); + + pkt = pkt_next; + + } + +} + +/* Print an RFCNB packet */ + +void +RFCNB_Print_Pkt(FILE * fd, char *dirn, struct RFCNB_Pkt *pkt, int len) +{ + char lname[17]; + + /* We assume that the first fragment is the RFCNB Header */ + /* We should loop through the fragments printing them out */ + + fprintf(fd, "RFCNB Pkt %s:", dirn); + + switch (RFCNB_Pkt_Type(pkt->data)) { + + case RFCNB_SESSION_MESSAGE: + + fprintf(fd, "SESSION MESSAGE: Length = %i\n", RFCNB_Pkt_Len(pkt->data)); + RFCNB_Print_Hex(fd, pkt, RFCNB_Pkt_Hdr_Len, +#ifdef RFCNB_PRINT_DATA + RFCNB_Pkt_Len(pkt->data) - RFCNB_Pkt_Hdr_Len); +#else + 40); +#endif + + if (Prot_Print_Routine != 0) { /* Print the rest of the packet */ + + Prot_Print_Routine(fd, strcmp(dirn, "sent"), pkt, RFCNB_Pkt_Hdr_Len, + RFCNB_Pkt_Len(pkt->data) - RFCNB_Pkt_Hdr_Len); + + } + break; + + case RFCNB_SESSION_REQUEST: + + fprintf(fd, "SESSION REQUEST: Length = %i\n", + RFCNB_Pkt_Len(pkt->data)); + RFCNB_NBName_To_AName((char *) (pkt->data + RFCNB_Pkt_Called_Offset), lname); + fprintf(fd, " Called Name: %s\n", lname); + RFCNB_NBName_To_AName((char *) (pkt->data + RFCNB_Pkt_Calling_Offset), lname); + fprintf(fd, " Calling Name: %s\n", lname); + + break; + + case RFCNB_SESSION_ACK: + + fprintf(fd, "RFCNB SESSION ACK: Length = %i\n", + RFCNB_Pkt_Len(pkt->data)); + + break; + + case RFCNB_SESSION_REJ: + fprintf(fd, "RFCNB SESSION REJECT: Length = %i\n", + RFCNB_Pkt_Len(pkt->data)); + + if (RFCNB_Pkt_Len(pkt->data) < 1) { + fprintf(fd, " Protocol Error, short Reject packet!\n"); + } else { + fprintf(fd, " Error = %x\n", CVAL(pkt->data, RFCNB_Pkt_Error_Offset)); + } + + break; + + case RFCNB_SESSION_RETARGET: + + fprintf(fd, "RFCNB SESSION RETARGET: Length = %i\n", + RFCNB_Pkt_Len(pkt->data)); + + /* Print out the IP address etc and the port? */ + + break; + + case RFCNB_SESSION_KEEP_ALIVE: + + fprintf(fd, "RFCNB SESSION KEEP ALIVE: Length = %i\n", + RFCNB_Pkt_Len(pkt->data)); + break; + + default: + + break; + } + +} + +/* Resolve a name into an address */ + +int +RFCNB_Name_To_IP(char *host, struct in_addr *Dest_IP) +{ + int addr; /* Assumes IP4, 32 bit network addresses */ + struct hostent *hp; + + /* Use inet_addr to try to convert the address */ + + if ((addr = inet_addr(host)) == INADDR_NONE) { /* Oh well, a good try :-) */ + + /* Now try a name look up with gethostbyname */ + + if ((hp = gethostbyname(host)) == NULL) { /* Not in DNS */ + + /* Try NetBIOS name lookup, how the hell do we do that? */ + + RFCNB_errno = RFCNBE_BadName; /* Is this right? */ + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } else { /* We got a name */ + + memcpy((void *) Dest_IP, (void *) hp->h_addr_list[0], sizeof(struct in_addr)); + + } + } else { /* It was an IP address */ + + memcpy((void *) Dest_IP, (void *) &addr, sizeof(struct in_addr)); + + } + + return 0; + +} + +/* Disconnect the TCP connection to the server */ + +int +RFCNB_Close(int socket) +{ + + close(socket); + + /* If we want to do error recovery, here is where we put it */ + + return 0; + +} + +/* Connect to the server specified in the IP address. + * Not sure how to handle socket options etc. */ + +int +RFCNB_IP_Connect(struct in_addr Dest_IP, int port) +{ + struct sockaddr_in Socket; + int fd; + + /* Create a socket */ + + if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) { /* Handle the error */ + + RFCNB_errno = RFCNBE_BadSocket; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + } + bzero((char *) &Socket, sizeof(Socket)); + memcpy((char *) &Socket.sin_addr, (char *) &Dest_IP, sizeof(Dest_IP)); + + Socket.sin_port = htons(port); + Socket.sin_family = PF_INET; + + /* Now connect to the destination */ + + if (connect(fd, (struct sockaddr *) &Socket, sizeof(Socket)) < 0) { /* Error */ + + close(fd); + RFCNB_errno = RFCNBE_ConnectFailed; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + } + return (fd); + +} + +/* handle the details of establishing the RFCNB session with remote + * end + * + */ + +int +RFCNB_Session_Req(struct RFCNB_Con *con, + char *Called_Name, + char *Calling_Name, + BOOL * redirect, + struct in_addr *Dest_IP, + int *port) +{ + char *sess_pkt; + + /* Response packet should be no more than 9 bytes, make 16 jic */ + + char resp[16]; + int len; + struct RFCNB_Pkt *pkt, res_pkt; + + /* We build and send the session request, then read the response */ + + pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Sess_Len); + + if (pkt == NULL) { + + return (RFCNBE_Bad); /* Leave the error that RFCNB_Alloc_Pkt gives) */ + + } + sess_pkt = pkt->data; /* Get pointer to packet proper */ + + sess_pkt[RFCNB_Pkt_Type_Offset] = RFCNB_SESSION_REQUEST; + RFCNB_Put_Pkt_Len(sess_pkt, RFCNB_Pkt_Sess_Len - RFCNB_Pkt_Hdr_Len); + sess_pkt[RFCNB_Pkt_N1Len_Offset] = 32; + sess_pkt[RFCNB_Pkt_N2Len_Offset] = 32; + + RFCNB_CvtPad_Name(Called_Name, (sess_pkt + RFCNB_Pkt_Called_Offset)); + RFCNB_CvtPad_Name(Calling_Name, (sess_pkt + RFCNB_Pkt_Calling_Offset)); + + /* Now send the packet */ + +#ifdef RFCNB_DEBUG + + fprintf(stderr, "Sending packet: "); + +#endif + + if ((len = RFCNB_Put_Pkt(con, pkt, RFCNB_Pkt_Sess_Len)) < 0) { + + return (RFCNBE_Bad); /* Should be able to write that lot ... */ + + } +#ifdef RFCNB_DEBUG + + fprintf(stderr, "Getting packet.\n"); + +#endif + + res_pkt.data = resp; + res_pkt.len = sizeof(resp); + res_pkt.next = NULL; + + if ((len = RFCNB_Get_Pkt(con, &res_pkt, sizeof(resp))) < 0) { + + return (RFCNBE_Bad); + + } + /* Now analyze the packet ... */ + + switch (RFCNB_Pkt_Type(resp)) { + + case RFCNB_SESSION_REJ: /* Didnt like us ... too bad */ + + /* Why did we get rejected ? */ + + switch (CVAL(resp, RFCNB_Pkt_Error_Offset)) { + + case 0x80: + RFCNB_errno = RFCNBE_CallRejNLOCN; + break; + case 0x81: + RFCNB_errno = RFCNBE_CallRejNLFCN; + break; + case 0x82: + RFCNB_errno = RFCNBE_CallRejCNNP; + break; + case 0x83: + RFCNB_errno = RFCNBE_CallRejInfRes; + break; + case 0x8F: + RFCNB_errno = RFCNBE_CallRejUnSpec; + break; + default: + RFCNB_errno = RFCNBE_ProtErr; + break; + } + + return (RFCNBE_Bad); + break; + + case RFCNB_SESSION_ACK: /* Got what we wanted ... */ + + return (0); + break; + + case RFCNB_SESSION_RETARGET: /* Go elsewhere */ + + *redirect = TRUE; /* Copy port and ip addr */ + + memcpy(Dest_IP, (resp + RFCNB_Pkt_IP_Offset), sizeof(struct in_addr)); + *port = SVAL(resp, RFCNB_Pkt_Port_Offset); + + return (0); + break; + + default: /* A protocol error */ + + RFCNB_errno = RFCNBE_ProtErr; + return (RFCNBE_Bad); + break; + } +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb-util.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,50 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Utility Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +void RFCNB_CvtPad_Name(char *name1, char *name2); + +void RFCNB_AName_To_NBName(char *AName, char *NBName); + +void RFCNB_NBName_To_AName(char *NBName, char *AName); + +void RFCNB_Print_Hex(FILE * fd, struct RFCNB_Pkt *pkt, int Offset, int Len); + +struct RFCNB_Pkt *RFCNB_Alloc_Pkt(int n); + +void RFCNB_Print_Pkt(FILE * fd, char *dirn, struct RFCNB_Pkt *pkt, int len); + +int RFCNB_Name_To_IP(char *host, struct in_addr *Dest_IP); + +int RFCNB_Close(int socket); + +int RFCNB_IP_Connect(struct in_addr Dest_IP, int port); + +int RFCNB_Session_Req(struct RFCNB_Con *con, + char *Called_Name, + char *Calling_Name, + BOOL * redirect, + struct in_addr *Dest_IP, + int *port); --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/rfcnb.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,55 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * RFCNB Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* Error responses */ + +#include "rfcnb-error.h" +#include "rfcnb-common.h" +#include "smblib-priv.h" + +/* Defines we need */ + +#define RFCNB_Default_Port 139 + +/* Definition of routines we define */ + +void *RFCNB_Call(char *Called_Name, char *Calling_Name, char *Called_Address, + int port); + +int RFCNB_Send(void *Con_Handle, struct RFCNB_Pkt *Data, int Length); + +int RFCNB_Recv(void *Con_Handle, struct RFCNB_Pkt *Data, int Length); + +int RFCNB_Hangup(void *con_Handle); + +void *RFCNB_Listen(); + +void RFCNB_Get_Error(char *buffer, int buf_len); + +struct RFCNB_Pkt *RFCNB_Alloc_Pkt(int n); + +void RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt); + +int RFCNB_Set_Sock_NoDelay(void *con_Handle, BOOL yn); --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/session.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,388 @@ +/* UNIX RFCNB (RFC1001/RFC1002) NetBIOS implementation + * + * Version 1.0 + * Session Routines ... + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include + +int RFCNB_errno = 0; +int RFCNB_saved_errno = 0; +#define RFCNB_ERRNO + +#include "std-includes.h" +#include +#include "rfcnb-priv.h" +#include "rfcnb-util.h" +#include "rfcnb-io.h" + +/* global data structures */ + +static char *RFCNB_Error_Strings[] = +{ + + "RFCNBE_OK: Routine completed successfully.", + "RFCNBE_NoSpace: No space available for a malloc call.", + "RFCNBE_BadName: NetBIOS name could not be translated to IP address.", + "RFCNBE_BadRead: Read system call returned an error. Check errno.", + "RFCNBE_BadWrite: Write system call returned an error. Check errno.", + "RFCNBE_ProtErr: A protocol error has occurred.", + "RFCNBE_ConGone: Connection dropped during a read or write system call.", + "RFCNBE_BadHandle: Bad connection handle passed.", + "RFCNBE_BadSocket: Problems creating socket.", + "RFCNBE_ConnectFailed: Connection failed. See errno.", + "RFCNBE_CallRejNLOCN: Call rejected. Not listening on called name.", + "RFCNBE_CallRejNLFCN: Call rejected. Not listening for called name.", + "RFCNBE_CallRejCNNP: Call rejected. Called name not present.", + "RFCNBE_CallRejInfRes: Call rejected. Name present, but insufficient resources.", + "RFCNBE_CallRejUnSpec: Call rejected. Unspecified error.", + "RFCNBE_BadParam: Bad parameters passed to a routine.", + "RFCNBE_Timeout: IO Operation timed out ..." + +}; + +int RFCNB_Stats[RFCNB_MAX_STATS]; + +void (*Prot_Print_Routine) () = NULL; /* Pointer to print routine */ + +/* Set up a session with a remote name. We are passed Called_Name as a + * string which we convert to a NetBIOS name, ie space terminated, up to + * 16 characters only if we need to. If Called_Address is not empty, then + * we use it to connect to the remote end, but put in Called_Name ... Called + * Address can be a DNS based name, or a TCP/IP address ... + */ + +void * +RFCNB_Call(char *Called_Name, char *Calling_Name, char *Called_Address, + int port) +{ + struct RFCNB_Con *con; + struct in_addr Dest_IP; + int Client; + BOOL redirect; + struct redirect_addr *redir_addr; + char *Service_Address; + + /* Now, we really should look up the port in /etc/services ... */ + + if (port == 0) + port = RFCNB_Default_Port; + + /* Create a connection structure first */ + + if ((con = (struct RFCNB_Con *) malloc(sizeof(struct RFCNB_Con))) == NULL) { /* Error in size */ + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + return (NULL); + + } + con->fd = -0; /* no descriptor yet */ + con->rfc_errno = 0; /* no error yet */ + con->timeout = 0; /* no timeout */ + con->redirects = 0; + con->redirect_list = NULL; /* Fix bug still in version 0.50 */ + + /* Resolve that name into an IP address */ + + Service_Address = Called_Name; + if (strcmp(Called_Address, "") != 0) { /* If the Called Address = "" */ + Service_Address = Called_Address; + } + if ((errno = RFCNB_Name_To_IP(Service_Address, &Dest_IP)) < 0) { /* Error */ + + /* No need to modify RFCNB_errno as it was done by RFCNB_Name_To_IP */ + + return (NULL); + + } + /* Now connect to the remote end */ + + redirect = TRUE; /* Fudge this one so we go once through */ + + while (redirect) { /* Connect and get session info etc */ + + redirect = FALSE; /* Assume all OK */ + + /* Build the redirect info. First one is first addr called */ + /* And tack it onto the list of addresses we called */ + + if ((redir_addr = (struct redirect_addr *) malloc(sizeof(struct redirect_addr))) == NULL) { /* Could not get space */ + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + return (NULL); + + } + memcpy((char *) &(redir_addr->ip_addr), (char *) &Dest_IP, sizeof(Dest_IP)); + redir_addr->port = port; + redir_addr->next = NULL; + + if (con->redirect_list == NULL) { /* Stick on head */ + + con->redirect_list = con->last_addr = redir_addr; + + } else { + + con->last_addr->next = redir_addr; + con->last_addr = redir_addr; + + } + + /* Now, make that connection */ + + if ((Client = RFCNB_IP_Connect(Dest_IP, port)) < 0) { /* Error */ + + /* No need to modify RFCNB_errno as it was done by RFCNB_IP_Connect */ + + return (NULL); + + } + con->fd = Client; + + /* Now send and handle the RFCNB session request */ + /* If we get a redirect, we will comeback with redirect true + * and a new IP address in DEST_IP */ + + if ((errno = RFCNB_Session_Req(con, + Called_Name, + Calling_Name, + &redirect, &Dest_IP, &port)) < 0) { + + /* No need to modify RFCNB_errno as it was done by RFCNB_Session.. */ + + return (NULL); + + } + if (redirect) { + + /* We have to close the connection, and then try again */ + + (con->redirects)++; + + RFCNB_Close(con->fd); /* Close it */ + + } + } + + return (con); + +} + +/* We send a packet to the other end ... for the moment, we treat the + * data as a series of pointers to blocks of data ... we should check the + * length ... */ + +int +RFCNB_Send(struct RFCNB_Con *Con_Handle, struct RFCNB_Pkt *udata, int Length) +{ + struct RFCNB_Pkt *pkt; + char *hdr; + int len; + + /* Plug in the header and send the data */ + + pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Hdr_Len); + + if (pkt == NULL) { + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + pkt->next = udata; /* The user data we want to send */ + + hdr = pkt->data; + + /* Following crap is for portability across multiple UNIX machines */ + + *(hdr + RFCNB_Pkt_Type_Offset) = RFCNB_SESSION_MESSAGE; + RFCNB_Put_Pkt_Len(hdr, Length); + +#ifdef RFCNB_DEBUG + + fprintf(stderr, "Sending packet: "); + +#endif + + if ((len = RFCNB_Put_Pkt(Con_Handle, pkt, Length + RFCNB_Pkt_Hdr_Len)) < 0) { + + /* No need to change RFCNB_errno as it was done by put_pkt ... */ + + return (RFCNBE_Bad); /* Should be able to write that lot ... */ + + } + /* Now we have sent that lot, let's get rid of the RFCNB Header and return */ + + pkt->next = NULL; + + RFCNB_Free_Pkt(pkt); + + return (len); + +} + +/* We pick up a message from the internet ... We have to worry about + * non-message packets ... */ + +int +RFCNB_Recv(void *con_Handle, struct RFCNB_Pkt *Data, int Length) +{ + struct RFCNB_Pkt *pkt; + int ret_len; + + if (con_Handle == NULL) { + + RFCNB_errno = RFCNBE_BadHandle; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + /* Now get a packet from below. We allocate a header first */ + + /* Plug in the header and send the data */ + + pkt = RFCNB_Alloc_Pkt(RFCNB_Pkt_Hdr_Len); + + if (pkt == NULL) { + + RFCNB_errno = RFCNBE_NoSpace; + RFCNB_saved_errno = errno; + return (RFCNBE_Bad); + + } + pkt->next = Data; /* Plug in the data portion */ + + if ((ret_len = RFCNB_Get_Pkt(con_Handle, pkt, Length + RFCNB_Pkt_Hdr_Len)) < 0) { + +#ifdef RFCNB_DEBUG + fprintf(stderr, "Bad packet return in RFCNB_Recv... \n"); +#endif + + return (RFCNBE_Bad); + + } + /* We should check that we go a message and not a keep alive */ + + pkt->next = NULL; + + RFCNB_Free_Pkt(pkt); + + return (ret_len); + +} + +/* We just disconnect from the other end, as there is nothing in the RFCNB */ +/* protocol that specifies any exchange as far as I can see */ + +int +RFCNB_Hangup(struct RFCNB_Con *con_Handle) +{ + + if (con_Handle != NULL) { + RFCNB_Close(con_Handle->fd); /* Could this fail? */ + free(con_Handle); + } + return 0; + + +} + +/* Set TCP_NODELAY on the socket */ + +int +RFCNB_Set_Sock_NoDelay(struct RFCNB_Con *con_Handle, BOOL yn) +{ + + return (setsockopt(con_Handle->fd, IPPROTO_TCP, TCP_NODELAY, + (char *) &yn, sizeof(yn))); + +} + + +/* Listen for a connection on a port???, when */ +/* the connection comes in, we return with the connection */ + +void * +RFCNB_Listen() +{ + fprintf(stderr, "RFCNB_Listen NOT IMPLEMENTED as yet!\n"); + return NULL; +} + +/* Pick up the last error response as a string, hmmm, this routine should */ +/* have been different ... */ + +void +RFCNB_Get_Error(char *buffer, int buf_len) +{ + + if (RFCNB_saved_errno <= 0) { + sprintf(buffer, "%s", RFCNB_Error_Strings[RFCNB_errno]); + } else { + sprintf(buffer, "%s\n\terrno:%s", RFCNB_Error_Strings[RFCNB_errno], + strerror(RFCNB_saved_errno)); + } + +} + +/* Pick up the last error response and returns as a code */ + +int +RFCNB_Get_Last_Error() +{ + + return (RFCNB_errno); + +} + +/* Pick up saved errno as well */ + +int +RFCNB_Get_Last_Errno() +{ + + return (RFCNB_saved_errno); + +} + +/* Pick up the last error response and return in string ... */ + +void +RFCNB_Get_Error_Msg(int code, char *msg_buf, int len) +{ + + strncpy(msg_buf, RFCNB_Error_Strings[abs(code)], len); + +} + +/* Register a higher level protocol print routine */ + +void +RFCNB_Register_Print_Routine(void (*fn) ()) +{ + + Prot_Print_Routine = fn; + +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/smbdes.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,364 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * + * a partial implementation of DES designed for use in the + * SMB authentication protocol + * + * Copyright (C) Andrew Tridgell 1997 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +/* NOTES: + * + * This code makes no attempt to be fast! In fact, it is a very + * slow implementation + * + * This code is NOT a complete DES implementation. It implements only + * the minimum necessary for SMB authentication, as used by all SMB + * products (including every copy of Microsoft Windows95 ever sold) + * + * In particular, it can only do a unchained forward DES pass. This + * means it is not possible to use this code for encryption/decryption + * of data, instead it is only useful as a "hash" algorithm. + * + * There is no entry point into this code that allows normal DES operation. + * + * I believe this means that this code does not come under ITAR + * regulations but this is NOT a legal opinion. If you are concerned + * about the applicability of ITAR regulations to this code then you + * should confirm it for yourself (and maybe let me know if you come + * up with a different answer to the one above) + */ + + + +static int perm1[56] = +{57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4}; + +static int perm2[48] = +{14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32}; + +static int perm3[64] = +{58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7}; + +static int perm4[48] = +{32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1}; + +static int perm5[32] = +{16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25}; + + +static int perm6[64] = +{40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25}; + + +static int sc[16] = +{1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}; + +static int sbox[8][4][16] = +{ + { + {14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, + {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, + {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, + {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, + + { + {15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, + {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, + {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, + {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, + + { + {10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, + {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, + {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, + {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, + + { + {7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, + {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, + {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, + {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, + + { + {2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, + {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, + {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, + {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, + + { + {12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, + {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, + {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, + {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, + + { + {4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, + {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, + {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, + {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, + + { + {13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, + {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, + {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, + {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}}; + +static void +permute(char *out, char *in, int *p, int n) +{ + int i; + for (i = 0; i < n; i++) + out[i] = in[p[i] - 1]; +} + +static void +lshift(char *d, int count, int n) +{ + char out[64]; + int i; + for (i = 0; i < n; i++) + out[i] = d[(i + count) % n]; + for (i = 0; i < n; i++) + d[i] = out[i]; +} + +static void +concat(char *out, char *in1, char *in2, int l1, int l2) +{ + while (l1--) + *out++ = *in1++; + while (l2--) + *out++ = *in2++; +} + +static void +xor(char *out, char *in1, char *in2, int n) +{ + int i; + for (i = 0; i < n; i++) + out[i] = in1[i] ^ in2[i]; +} + +static void +dohash(char *out, char *in, char *key) +{ + int i, j, k; + char pk1[56]; + char c[28]; + char d[28]; + char cd[56]; + char ki[16][48]; + char pd1[64]; + char l[32], r[32]; + char rl[64]; + + permute(pk1, key, perm1, 56); + + for (i = 0; i < 28; i++) + c[i] = pk1[i]; + for (i = 0; i < 28; i++) + d[i] = pk1[i + 28]; + + for (i = 0; i < 16; i++) { + lshift(c, sc[i], 28); + lshift(d, sc[i], 28); + + concat(cd, c, d, 28, 28); + permute(ki[i], cd, perm2, 48); + } + + permute(pd1, in, perm3, 64); + + for (j = 0; j < 32; j++) { + l[j] = pd1[j]; + r[j] = pd1[j + 32]; + } + + for (i = 0; i < 16; i++) { + char er[48]; + char erk[48]; + char b[8][6]; + char cb[32]; + char pcb[32]; + char r2[32]; + + permute(er, r, perm4, 48); + + xor(erk, er, ki[i], 48); + + for (j = 0; j < 8; j++) + for (k = 0; k < 6; k++) + b[j][k] = erk[j * 6 + k]; + + for (j = 0; j < 8; j++) { + int m, n; + m = (b[j][0] << 1) | b[j][5]; + + n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4]; + + for (k = 0; k < 4; k++) + b[j][k] = (sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0; + } + + for (j = 0; j < 8; j++) + for (k = 0; k < 4; k++) + cb[j * 4 + k] = b[j][k]; + permute(pcb, cb, perm5, 32); + + xor(r2, l, pcb, 32); + + for (j = 0; j < 32; j++) + l[j] = r[j]; + + for (j = 0; j < 32; j++) + r[j] = r2[j]; + } + + concat(rl, r, l, 32, 32); + + permute(out, rl, perm6, 64); +} + +static void +str_to_key(unsigned char *str, unsigned char *key) +{ + int i; + + key[0] = str[0] >> 1; + key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); + key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3); + key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4); + key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5); + key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6); + key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7); + key[7] = str[6] & 0x7F; + for (i = 0; i < 8; i++) { + key[i] = (key[i] << 1); + } +} + + +static void +smbhash(unsigned char *out, unsigned char *in, unsigned char *key) +{ + int i; + char outb[64]; + char inb[64]; + char keyb[64]; + unsigned char key2[8]; + + str_to_key(key, key2); + + for (i = 0; i < 64; i++) { + inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; + keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; + outb[i] = 0; + } + + dohash(outb, inb, keyb); + + for (i = 0; i < 8; i++) { + out[i] = 0; + } + + for (i = 0; i < 64; i++) { + if (outb[i]) + out[i / 8] |= (1 << (7 - (i % 8))); + } +} + +void +E_P16(unsigned char *p14, unsigned char *p16) +{ + unsigned char sp8[8] = + {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; + smbhash(p16, sp8, p14); + smbhash(p16 + 8, sp8, p14 + 7); +} + +void +E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24) +{ + smbhash(p24, c8, p21); + smbhash(p24 + 8, c8, p21 + 7); + smbhash(p24 + 16, c8, p21 + 14); +} + +void +cred_hash1(unsigned char *out, unsigned char *in, unsigned char *key) +{ + unsigned char buf[8]; + + smbhash(buf, in, key); + smbhash(out, buf, key + 9); +} + +void +cred_hash2(unsigned char *out, unsigned char *in, unsigned char *key) +{ + unsigned char buf[8]; + static unsigned char key2[8]; + + smbhash(buf, in, key); + key2[0] = key[7]; + smbhash(out, buf, key2); +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/smbdes.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,2 @@ +void E_P16(unsigned char *p14, unsigned char *p16); +void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24); --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/smbencrypt.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,208 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1997 + * Modified by Jeremy Allison 1995. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include +#include +//#include +#include +#include +//#include +#include +#include + +#include "smblib-priv.h" +#include "md4.h" +#include "smbdes.h" +#define uchar unsigned char +extern int DEBUGLEVEL; + +#include "byteorder.h" + +char *StrnCpy(char *dest, char *src, int n); +void strupper(char *s); + +/* + * This implements the X/Open SMB password encryption + * It takes a password, a 8 byte "crypt key" and puts 24 bytes of + * encrypted password into p24 */ +void +SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) +{ + uchar p14[15], p21[21]; + + memset(p21, '\0', 21); + memset(p14, '\0', 14); + StrnCpy((char *) p14, (char *) passwd, 14); + + strupper((char *) p14); + E_P16(p14, p21); + E_P24(p21, c8, p24); +} + +/* Routines for Windows NT MD4 Hash functions. */ +static int +_my_wcslen(int16 * str) +{ + int len = 0; + while (*str++ != 0) + len++; + return len; +} + +/* + * Convert a string into an NT UNICODE string. + * Note that regardless of processor type + * this must be in intel (little-endian) + * format. + */ + +static int +_my_mbstowcs(int16 * dst, uchar * src, int len) +{ + int i; + int16 val; + + for (i = 0; i < len; i++) { + val = *src; + SSVAL(dst, 0, val); + dst++; + src++; + if (val == 0) + break; + } + return i; +} + +/* + * Creates the MD4 Hash of the users password in NT UNICODE. + */ + +void +E_md4hash(uchar * passwd, uchar * p16) +{ + int len; + int16 wpwd[129]; + + /* Password cannot be longer than 128 characters */ + len = strlen((char *) passwd); + if (len > 128) + len = 128; + /* Password must be converted to NT unicode */ + _my_mbstowcs(wpwd, passwd, len); + wpwd[len] = 0; /* Ensure string is null terminated */ + /* Calculate length in bytes */ + len = _my_wcslen(wpwd) * sizeof(int16); + + mdfour(p16, (unsigned char *) wpwd, len); +} + +/* Does the NT MD4 hash then des encryption. */ + +void +SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) +{ + uchar p21[21]; + + memset(p21, '\0', 21); + + E_md4hash(passwd, p21); + E_P24(p21, c8, p24); +} + +/* Does both the NT and LM owfs of a user's password */ + +void +nt_lm_owf_gen(char *pwd, char *nt_p16, char *p16) +{ + char passwd[130]; + StrnCpy(passwd, pwd, sizeof(passwd) - 1); + + /* Calculate the MD4 hash (NT compatible) of the password */ + memset(nt_p16, '\0', 16); + E_md4hash((uchar *) passwd, (uchar *) nt_p16); + + /* Mangle the passwords into Lanman format */ + passwd[14] = '\0'; + strupper(passwd); + + /* Calculate the SMB (lanman) hash functions of the password */ + + memset(p16, '\0', 16); + E_P16((uchar *) passwd, (uchar *) p16); + + /* clear out local copy of user's password (just being paranoid). */ + bzero(passwd, sizeof(passwd)); +} + +/**************************************************************************** +line strncpy but always null terminates. Make sure there is room! +****************************************************************************/ +char * +StrnCpy(char *dest, char *src, int n) +{ + char *d = dest; + if (!dest) + return (NULL); + if (!src) { + *dest = 0; + return (dest); + } + while (n-- && (*d++ = *src++)); + *d = 0; + return (dest); +} + +void +strupper(char *s) +{ + while (*s) { + /* + * #if !defined(KANJI_WIN95_COMPATIBILITY) + * if(lp_client_code_page() == KANJI_CODEPAGE) + * { + * + * if (is_shift_jis (*s)) + * { + * if (is_sj_lower (s[0], s[1])) + * s[1] = sj_toupper2 (s[1]); + * s += 2; + * } + * else if (is_kana (*s)) + * { + * s++; + * } + * else + * { + * if (islower(*s)) + * *s = toupper(*s); + * s++; + * } + * } + * else + * #endif *//* KANJI_WIN95_COMPATIBILITY */ + { + if (islower(*s)) + *s = toupper(*s); + s++; + } + } +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/smbencrypt.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1 @@ +void SMBencrypt(uchar * passwd, uchar * c8, uchar * p24); --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/smblib-common.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,189 @@ +#ifndef __SMBLIB_COMMON_H__ +#define __SMBLIB_COMMON_H__ + +/* UNIX SMBlib NetBIOS implementation + * + * Version 1.0 + * SMBlib Common Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* To get the error class we want the first 8 bits */ +/* Because we just grab 4bytes from the SMB header, we have to re-order */ +/* here, but it makes the NtStatus part easier in future */ + +#define SMBlib_Error_Class(p) (p & 0x000000FF) + +/* To get the error code, we want the bottom 16 bits */ + +#define SMBlib_Error_Code(p) (((unsigned int)p & 0xFFFF0000) >>16) + +/* Error CLASS codes and etc ... */ + +#define SMBC_SUCCESS 0 +#define SMBC_ERRDOS 0x01 +#define SMBC_ERRSRV 0x02 +#define SMBC_ERRHRD 0x03 +#define SMBC_ERRCMD 0xFF + +/* Success error codes */ + +#define SMBS_BUFFERED 0x54 +#define SMBS_LOGGED 0x55 +#define SMBS_DISPLAYED 0x56 + +/* ERRDOS Error codes */ + +#define SMBD_badfunc 0x01 +#define SMBD_badfile 0x02 +#define SMBD_badpath 0x03 +#define SMBD_nofids 0x04 +#define SMBD_noaccess 0x05 +#define SMBD_badfid 0x06 +#define SMBD_badmcb 0x07 +#define SMBD_nomem 0x08 +#define SMBD_badmem 0x09 +#define SMBD_badenv 0x0A +#define SMBD_badformat 0x0B +#define SMBD_badaccess 0x0C +#define SMBD_baddata 0x0D +#define SMBD_reserved 0x0E +#define SMBD_baddrive 0x0F +#define SMBD_remcd 0x10 +#define SMBD_diffdevice 0x11 +#define SMBD_nofiles 0x12 +#define SMBD_badshare 0x20 +#define SMBD_errlock 0x21 +#define SMBD_filexists 0x50 + +/* Server errors ... */ + +#define SMBV_error 0x01 /* Generic error */ +#define SMBV_badpw 0x02 +#define SMBV_badtype 0x03 +#define SMBV_access 0x04 +#define SMBV_invnid 0x05 +#define SMBV_invnetname 0x06 +#define SMBV_invdevice 0x07 +#define SMBV_qfull 0x31 +#define SMBV_qtoobig 0x32 +#define SMBV_qeof 0x33 +#define SMBV_invpfid 0x34 +#define SMBV_paused 0x51 +#define SMBV_msgoff 0x52 +#define SMBV_noroom 0x53 +#define SMBV_rmuns 0x57 +#define SMBV_nosupport 0xFFFF + +/* Hardware error codes ... */ + +#define SMBH_nowrite 0x13 +#define SMBH_badunit 0x14 +#define SMBH_notready 0x15 +#define SMBH_badcmd 0x16 +#define SMBH_data 0x17 +#define SMBH_badreq 0x18 +#define SMBH_seek 0x19 +#define SMBH_badmedia 0x1A +#define SMBH_badsector 0x1B +#define SMBH_nopaper 0x1C +#define SMBH_write 0x1D +#define SMBH_read 0x1E +#define SMBH_general 0x1F +#define SMBH_badshare 0x20 + +/* Access mode defines ... */ + +#define SMB_AMODE_WTRU 0x4000 +#define SMB_AMODE_NOCACHE 0x1000 +#define SMB_AMODE_COMPAT 0x0000 +#define SMB_AMODE_DENYRWX 0x0010 +#define SMB_AMODE_DENYW 0x0020 +#define SMB_AMODE_DENYRX 0x0030 +#define SMB_AMODE_DENYNONE 0x0040 +#define SMB_AMODE_OPENR 0x0000 +#define SMB_AMODE_OPENW 0x0001 +#define SMB_AMODE_OPENRW 0x0002 +#define SMB_AMODE_OPENX 0x0003 +#define SMB_AMODE_FCBOPEN 0x00FF +#define SMB_AMODE_LOCUNKN 0x0000 +#define SMB_AMODE_LOCMSEQ 0x0100 +#define SMB_AMODE_LOCMRAN 0x0200 +#define SMB_AMODE_LOCRAL 0x0300 + +/* File attribute encoding ... */ + +#define SMB_FA_ORD 0x00 +#define SMB_FA_ROF 0x01 +#define SMB_FA_HID 0x02 +#define SMB_FA_SYS 0x04 +#define SMB_FA_VOL 0x08 +#define SMB_FA_DIR 0x10 +#define SMB_FA_ARC 0x20 + +/* Define the protocol types ... */ + +#define SMB_P_Unknown -1 /* Hmmm, is this smart? */ +#define SMB_P_Core 0 +#define SMB_P_CorePlus 1 +#define SMB_P_DOSLanMan1 2 +#define SMB_P_LanMan1 3 +#define SMB_P_DOSLanMan2 4 +#define SMB_P_LanMan2 5 +#define SMB_P_DOSLanMan2_1 6 +#define SMB_P_LanMan2_1 7 +#define SMB_P_NT1 8 + +/* SMBlib return codes */ +/* We want something that indicates whether or not the return code was a */ +/* remote error, a local error in SMBlib or returned from lower layer ... */ +/* Wonder if this will work ... */ +/* SMBlibE_Remote = 1 indicates remote error */ +/* SMBlibE_ values < 0 indicate local error with more info available */ +/* SMBlibE_ values >1 indicate local from SMBlib code errors? */ + +#define SMBlibE_Success 0 +#define SMBlibE_Remote 1 /* Remote error, get more info from con */ +#define SMBlibE_BAD -1 +#define SMBlibE_LowerLayer 2 /* Lower layer error */ +#define SMBlibE_NotImpl 3 /* Function not yet implemented */ +#define SMBlibE_ProtLow 4 /* Protocol negotiated does not support req */ +#define SMBlibE_NoSpace 5 /* No space to allocate a structure */ +#define SMBlibE_BadParam 6 /* Bad parameters */ +#define SMBlibE_NegNoProt 7 /* None of our protocols was liked */ +#define SMBlibE_SendFailed 8 /* Sending an SMB failed */ +#define SMBlibE_RecvFailed 9 /* Receiving an SMB failed */ +#define SMBlibE_GuestOnly 10 /* Logged in as guest */ +#define SMBlibE_CallFailed 11 /* Call remote end failed */ +#define SMBlibE_ProtUnknown 12 /* Protocol unknown */ +#define SMBlibE_NoSuchMsg 13 /* Keep this up to date */ + +typedef struct { /* A structure for a Dirent */ + + unsigned char resume_key[21]; /* Don't touch this */ + unsigned char file_attributes; /* Attributes of file */ + unsigned int date_time; /* date and time of last mod */ + unsigned int size; + char filename[13]; /* The name of the file */ + +} SMB_CP_dirent; + +#endif /* __SMBLIB_COMMON_H__ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/smblib-priv.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,655 @@ +#ifndef __SMBLIB_PRIV_H__ +#define __SMBLIB_PRIV_H__ + +/* UNIX SMBlib NetBIOS implementation + * + * Version 1.0 + * SMBlib private Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "std-defines.h" +#include "smblib-common.h" +#include +#include + +typedef unsigned short uint16; +typedef unsigned int uint32; + +#include "byteorder.h" /* Hmmm ... hot good */ + +#define max(a,b) (a < b ? b : a) + +#define SMB_DEF_IDF 0x424D53FF /* "\377SMB" */ + +/* Core protocol commands */ + +#define SMBmkdir 0x00 /* create directory */ +#define SMBrmdir 0x01 /* delete directory */ +#define SMBopen 0x02 /* open file */ +#define SMBcreate 0x03 /* create file */ +#define SMBclose 0x04 /* close file */ +#define SMBflush 0x05 /* flush file */ +#define SMBunlink 0x06 /* delete file */ +#define SMBmv 0x07 /* rename file */ +#define SMBgetatr 0x08 /* get file attributes */ +#define SMBsetatr 0x09 /* set file attributes */ +#define SMBread 0x0A /* read from file */ +#define SMBwrite 0x0B /* write to file */ +#define SMBlock 0x0C /* lock byte range */ +#define SMBunlock 0x0D /* unlock byte range */ +#define SMBctemp 0x0E /* create temporary file */ +#define SMBmknew 0x0F /* make new file */ +#define SMBchkpth 0x10 /* check directory path */ +#define SMBexit 0x11 /* process exit */ +#define SMBlseek 0x12 /* seek */ +#define SMBtcon 0x70 /* tree connect */ +#define SMBtdis 0x71 /* tree disconnect */ +#define SMBnegprot 0x72 /* negotiate protocol */ +#define SMBdskattr 0x80 /* get disk attributes */ +#define SMBsearch 0x81 /* search directory */ +#define SMBsplopen 0xC0 /* open print spool file */ +#define SMBsplwr 0xC1 /* write to print spool file */ +#define SMBsplclose 0xC2 /* close print spool file */ +#define SMBsplretq 0xC3 /* return print queue */ +#define SMBsends 0xD0 /* send single block message */ +#define SMBsendb 0xD1 /* send broadcast message */ +#define SMBfwdname 0xD2 /* forward user name */ +#define SMBcancelf 0xD3 /* cancel forward */ +#define SMBgetmac 0xD4 /* get machine name */ +#define SMBsendstrt 0xD5 /* send start of multi-block message */ +#define SMBsendend 0xD6 /* send end of multi-block message */ +#define SMBsendtxt 0xD7 /* send text of multi-block message */ + +/* CorePlus protocol */ + +#define SMBlockread 0x13 /* Lock a range and read it */ +#define SMBwriteunlock 0x14 /* Unlock a range and then write */ +#define SMBreadbraw 0x1a /* read a block of data without smb header ohead */ +#define SMBwritebraw 0x1d /* write a block of data without smb header ohead */ +#define SMBwritec 0x20 /* secondary write request */ +#define SMBwriteclose 0x2c /* write a file and then close it */ + +/* DOS Extended Protocol */ + +#define SMBreadBraw 0x1A /* read block raw */ +#define SMBreadBmpx 0x1B /* read block multiplexed */ +#define SMBreadBs 0x1C /* read block (secondary response) */ +#define SMBwriteBraw 0x1D /* write block raw */ +#define SMBwriteBmpx 0x1E /* write block multiplexed */ +#define SMBwriteBs 0x1F /* write block (secondary request) */ +#define SMBwriteC 0x20 /* write complete response */ +#define SMBsetattrE 0x22 /* set file attributes expanded */ +#define SMBgetattrE 0x23 /* get file attributes expanded */ +#define SMBlockingX 0x24 /* lock/unlock byte ranges and X */ +#define SMBtrans 0x25 /* transaction - name, bytes in/out */ +#define SMBtranss 0x26 /* transaction (secondary request/response) */ +#define SMBioctl 0x27 /* IOCTL */ +#define SMBioctls 0x28 /* IOCTL (secondary request/response) */ +#define SMBcopy 0x29 /* copy */ +#define SMBmove 0x2A /* move */ +#define SMBecho 0x2B /* echo */ +#define SMBopenX 0x2D /* open and X */ +#define SMBreadX 0x2E /* read and X */ +#define SMBwriteX 0x2F /* write and X */ +#define SMBsesssetupX 0x73 /* Session Set Up & X (including User Logon) */ +#define SMBtconX 0x75 /* tree connect and X */ +#define SMBffirst 0x82 /* find first */ +#define SMBfunique 0x83 /* find unique */ +#define SMBfclose 0x84 /* find close */ +#define SMBinvalid 0xFE /* invalid command */ + +/* Any more ? */ + +#define SMBdatablockID 0x01 /* A data block identifier */ +#define SMBdialectID 0x02 /* A dialect id */ +#define SMBpathnameID 0x03 /* A pathname ID */ +#define SMBasciiID 0x04 /* An ascii string ID */ +#define SMBvariableblockID 0x05 /* A variable block ID */ + +/* some other defines we need */ + +/* Flags defines ... */ + +#define SMB_FLG2_NON_DOS 0x01 /* We know non dos names */ +#define SMB_FLG2_EXT_ATR 0x02 /* We know about Extended Attributes */ +#define SMB_FLG2_LNG_NAM 0x04 /* Long names ? */ + +typedef unsigned short WORD; +typedef unsigned short UWORD; +typedef unsigned int ULONG; +typedef unsigned char BYTE; +typedef unsigned char UCHAR; + +/* Some macros to allow access to actual packet data so that we */ +/* can change the underlying representation of packets. */ +/* */ +/* The current formats vying for attention are a fragment */ +/* approach where the SMB header is a fragment linked to the */ +/* data portion with the transport protocol (rfcnb or whatever) */ +/* being linked on the front. */ +/* */ +/* The other approach is where the whole packet is one array */ +/* of bytes with space allowed on the front for the packet */ +/* headers. */ + +#define SMB_Hdr(p) (char *)(p -> data) + +/* SMB Hdr def for File Sharing Protocol? From MS and Intel, */ +/* Intel PN 138446 Doc Version 2.0, Nov 7, 1988. This def also */ +/* applies to LANMAN1.0 as well as the Core Protocol */ +/* The spec states that wct and bcc must be present, even if 0 */ + +/* We define these as offsets into a char SMB[] array for the */ +/* sake of portability */ + +/* NOTE!. Some of the lenght defines, SMB__len do not include */ +/* the data that follows in the SMB packet, so the code will have to */ +/* take that into account. */ + +#define SMB_hdr_idf_offset 0 /* 0xFF,'SMB' 0-3 */ +#define SMB_hdr_com_offset 4 /* BYTE 4 */ +#define SMB_hdr_rcls_offset 5 /* BYTE 5 */ +#define SMB_hdr_reh_offset 6 /* BYTE 6 */ +#define SMB_hdr_err_offset 7 /* WORD 7 */ +#define SMB_hdr_reb_offset 9 /* BYTE 9 */ +#define SMB_hdr_flg_offset 9 /* same as reb ... */ +#define SMB_hdr_res_offset 10 /* 7 WORDs 10 */ +#define SMB_hdr_res0_offset 10 /* WORD 10 */ +#define SMB_hdr_flg2_offset 10 /* WORD */ +#define SMB_hdr_res1_offset 12 /* WORD 12 */ +#define SMB_hdr_res2_offset 14 +#define SMB_hdr_res3_offset 16 +#define SMB_hdr_res4_offset 18 +#define SMB_hdr_res5_offset 20 +#define SMB_hdr_res6_offset 22 +#define SMB_hdr_tid_offset 24 +#define SMB_hdr_pid_offset 26 +#define SMB_hdr_uid_offset 28 +#define SMB_hdr_mid_offset 30 +#define SMB_hdr_wct_offset 32 + +#define SMB_hdr_len 33 /* 33 byte header? */ + +#define SMB_hdr_axc_offset 33 /* AndX Command */ +#define SMB_hdr_axr_offset 34 /* AndX Reserved */ +#define SMB_hdr_axo_offset 35 /* Offset from start to WCT of AndX cmd */ + +/* Format of the Negotiate Protocol SMB */ + +#define SMB_negp_bcc_offset 33 +#define SMB_negp_buf_offset 35 /* Where the buffer starts */ +#define SMB_negp_len 35 /* plus the data */ + +/* Format of the Negotiate Response SMB, for CoreProtocol, LM1.2 and */ +/* NT LM 0.12. wct will be 1 for CoreProtocol, 13 for LM 1.2, and 17 */ +/* for NT LM 0.12 */ + +#define SMB_negrCP_idx_offset 33 /* Response to the neg req */ +#define SMB_negrCP_bcc_offset 35 +#define SMB_negrLM_idx_offset 33 /* dialect index */ +#define SMB_negrLM_sec_offset 35 /* Security mode */ +#define SMB_sec_user_mask 0x01 /* 0 = share, 1 = user */ +#define SMB_sec_encrypt_mask 0x02 /* pick out encrypt */ +#define SMB_negrLM_mbs_offset 37 /* max buffer size */ +#define SMB_negrLM_mmc_offset 39 /* max mpx count */ +#define SMB_negrLM_mnv_offset 41 /* max number of VCs */ +#define SMB_negrLM_rm_offset 43 /* raw mode support bit vec */ +#define SMB_read_raw_mask 0x01 +#define SMB_write_raw_mask 0x02 +#define SMB_negrLM_sk_offset 45 /* session key, 32 bits */ +#define SMB_negrLM_st_offset 49 /* Current server time */ +#define SMB_negrLM_sd_offset 51 /* Current server date */ +#define SMB_negrLM_stz_offset 53 /* Server Time Zone */ +#define SMB_negrLM_ekl_offset 55 /* encryption key length */ +#define SMB_negrLM_res_offset 57 /* reserved */ +#define SMB_negrLM_bcc_offset 59 /* bcc */ +#define SMB_negrLM_len 61 /* 61 bytes ? */ +#define SMB_negrLM_buf_offset 61 /* Where the fun begins */ + +#define SMB_negrNTLM_idx_offset 33 /* Selected protocol */ +#define SMB_negrNTLM_sec_offset 35 /* Security more */ +#define SMB_negrNTLM_mmc_offset 36 /* Different format above */ +#define SMB_negrNTLM_mnv_offset 38 /* Max VCs */ +#define SMB_negrNTLM_mbs_offset 40 /* MBS now a long */ +#define SMB_negrNTLM_mrs_offset 44 /* Max raw size */ +#define SMB_negrNTLM_sk_offset 48 /* Session Key */ +#define SMB_negrNTLM_cap_offset 52 /* Capabilities */ +#define SMB_negrNTLM_stl_offset 56 /* Server time low */ +#define SMB_negrNTLM_sth_offset 60 /* Server time high */ +#define SMB_negrNTLM_stz_offset 64 /* Server time zone */ +#define SMB_negrNTLM_ekl_offset 66 /* Encrypt key len */ +#define SMB_negrNTLM_bcc_offset 67 /* Bcc */ +#define SMB_negrNTLM_len 69 +#define SMB_negrNTLM_buf_offset 69 + +/* Offsets related to Tree Connect */ + +#define SMB_tcon_bcc_offset 33 +#define SMB_tcon_buf_offset 35 /* where the data is for tcon */ +#define SMB_tcon_len 35 /* plus the data */ + +#define SMB_tconr_mbs_offset 33 /* max buffer size */ +#define SMB_tconr_tid_offset 35 /* returned tree id */ +#define SMB_tconr_bcc_offset 37 +#define SMB_tconr_len 39 + +#define SMB_tconx_axc_offset 33 /* And X Command */ +#define SMB_tconx_axr_offset 34 /* reserved */ +#define SMB_tconx_axo_offset 35 /* Next command offset */ +#define SMB_tconx_flg_offset 37 /* Flags, bit0=1 means disc TID */ +#define SMB_tconx_pwl_offset 39 /* Password length */ +#define SMB_tconx_bcc_offset 41 /* bcc */ +#define SMB_tconx_buf_offset 43 /* buffer */ +#define SMB_tconx_len 43 /* up to data ... */ + +#define SMB_tconxr_axc_offset 33 /* Where the AndX Command is */ +#define SMB_tconxr_axr_offset 34 /* Reserved */ +#define SMB_tconxr_axo_offset 35 /* AndX offset location */ + +/* Offsets related to tree_disconnect */ + +#define SMB_tdis_bcc_offset 33 /* bcc */ +#define SMB_tdis_len 35 /* total len */ + +#define SMB_tdisr_bcc_offset 33 /* bcc */ +#define SMB_tdisr_len 35 + +/* Offsets related to Open Request */ + +#define SMB_open_mod_offset 33 /* Mode to open with */ +#define SMB_open_atr_offset 35 /* Attributes of file */ +#define SMB_open_bcc_offset 37 /* bcc */ +#define SMB_open_buf_offset 39 /* File name */ +#define SMB_open_len 39 /* Plus the file name */ + +#define SMB_openx_axc_offset 33 /* Next command */ +#define SMB_openx_axr_offset 34 /* Reserved */ +#define SMB_openx_axo_offset 35 /* offset of next wct */ +#define SMB_openx_flg_offset 37 /* Flags, bit0 = need more info */ + /* bit1 = exclusive oplock */ + /* bit2 = batch oplock */ +#define SMB_openx_mod_offset 39 /* mode to open with */ +#define SMB_openx_atr_offset 41 /* search attributes */ +#define SMB_openx_fat_offset 43 /* File attributes */ +#define SMB_openx_tim_offset 45 /* time and date of creat */ +#define SMB_openx_ofn_offset 49 /* Open function */ +#define SMB_openx_als_offset 51 /* Space to allocate on */ +#define SMB_openx_res_offset 55 /* reserved */ +#define SMB_openx_bcc_offset 63 /* bcc */ +#define SMB_openx_buf_offset 65 /* Where file name goes */ +#define SMB_openx_len 65 + +#define SMB_openr_fid_offset 33 /* FID returned */ +#define SMB_openr_atr_offset 35 /* Attributes opened with */ +#define SMB_openr_tim_offset 37 /* Last mod time of file */ +#define SMB_openr_fsz_offset 41 /* File size 4 bytes */ +#define SMB_openr_acc_offset 45 /* Access allowed */ +#define SMB_openr_bcc_offset 47 +#define SMB_openr_len 49 + +#define SMB_openxr_axc_offset 33 /* And X command */ +#define SMB_openxr_axr_offset 34 /* reserved */ +#define SMB_openxr_axo_offset 35 /* offset to next command */ +#define SMB_openxr_fid_offset 37 /* FID returned */ +#define SMB_openxr_fat_offset 39 /* File attributes returned */ +#define SMB_openxr_tim_offset 41 /* File creation date etc */ +#define SMB_openxr_fsz_offset 45 /* Size of file */ +#define SMB_openxr_acc_offset 49 /* Access granted */ + +#define SMB_clos_fid_offset 33 /* FID to close */ +#define SMB_clos_tim_offset 35 /* Last mod time */ +#define SMB_clos_bcc_offset 39 /* bcc */ +#define SMB_clos_len 41 + +/* Offsets related to Write requests */ + +#define SMB_write_fid_offset 33 /* FID to write */ +#define SMB_write_cnt_offset 35 /* bytes to write */ +#define SMB_write_ofs_offset 37 /* location to write to */ +#define SMB_write_clf_offset 41 /* advisory count left */ +#define SMB_write_bcc_offset 43 /* bcc = data bytes + 3 */ +#define SMB_write_buf_offset 45 /* Data=0x01, len, data */ +#define SMB_write_len 45 /* plus the data ... */ + +#define SMB_writr_cnt_offset 33 /* Count of bytes written */ +#define SMB_writr_bcc_offset 35 /* bcc */ +#define SMB_writr_len 37 + +/* Offsets related to read requests */ + +#define SMB_read_fid_offset 33 /* FID of file to read */ +#define SMB_read_cnt_offset 35 /* count of words to read */ +#define SMB_read_ofs_offset 37 /* Where to read from */ +#define SMB_read_clf_offset 41 /* Advisory count to go */ +#define SMB_read_bcc_offset 43 +#define SMB_read_len 45 + +#define SMB_readr_cnt_offset 33 /* Count of bytes returned */ +#define SMB_readr_res_offset 35 /* 4 shorts reserved, 8 bytes */ +#define SMB_readr_bcc_offset 43 /* bcc */ +#define SMB_readr_bff_offset 45 /* buffer format char = 0x01 */ +#define SMB_readr_len_offset 46 /* buffer len */ +#define SMB_readr_len 45 /* length of the readr before data */ + +/* Offsets for Create file */ + +#define SMB_creat_atr_offset 33 /* Attributes of new file ... */ +#define SMB_creat_tim_offset 35 /* Time of creation */ +#define SMB_creat_dat_offset 37 /* 4004BCE :-) */ +#define SMB_creat_bcc_offset 39 /* bcc */ +#define SMB_creat_buf_offset 41 +#define SMB_creat_len 41 /* Before the data */ + +#define SMB_creatr_fid_offset 33 /* FID of created file */ + +/* Offsets for Delete file */ + +#define SMB_delet_sat_offset 33 /* search attribites */ +#define SMB_delet_bcc_offset 35 /* bcc */ +#define SMB_delet_buf_offset 37 +#define SMB_delet_len 37 + +/* Offsets for SESSION_SETUP_ANDX for both LM and NT LM protocols */ + +#define SMB_ssetpLM_mbs_offset 37 /* Max buffer Size, allow for AndX */ +#define SMB_ssetpLM_mmc_offset 39 /* max multiplex count */ +#define SMB_ssetpLM_vcn_offset 41 /* VC number if new VC */ +#define SMB_ssetpLM_snk_offset 43 /* Session Key */ +#define SMB_ssetpLM_pwl_offset 47 /* password length */ +#define SMB_ssetpLM_res_offset 49 /* reserved */ +#define SMB_ssetpLM_bcc_offset 53 /* bcc */ +#define SMB_ssetpLM_len 55 /* before data ... */ +#define SMB_ssetpLM_buf_offset 55 + +#define SMB_ssetpNTLM_mbs_offset 37 /* Max Buffer Size for NT LM 0.12 */ + /* and above */ +#define SMB_ssetpNTLM_mmc_offset 39 /* Max Multiplex count */ +#define SMB_ssetpNTLM_vcn_offset 41 /* VC Number */ +#define SMB_ssetpNTLM_snk_offset 43 /* Session key */ +#define SMB_ssetpNTLM_cipl_offset 47 /* Case Insensitive PW Len */ +#define SMB_ssetpNTLM_cspl_offset 49 /* Unicode pw len */ +#define SMB_ssetpNTLM_res_offset 51 /* reserved */ +#define SMB_ssetpNTLM_cap_offset 55 /* server capabilities */ +#define SMB_ssetpNTLM_bcc_offset 59 /* bcc */ +#define SMB_ssetpNTLM_len 61 /* before data */ +#define SMB_ssetpNTLM_buf_offset 61 + +#define SMB_ssetpr_axo_offset 35 /* Offset of next response ... */ +#define SMB_ssetpr_act_offset 37 /* action, bit 0 = 1 => guest */ +#define SMB_ssetpr_bcc_offset 39 /* bcc */ +#define SMB_ssetpr_buf_offset 41 /* Native OS etc */ + +/* Offsets for SMB create directory */ + +#define SMB_creatdir_bcc_offset 33 /* only a bcc here */ +#define SMB_creatdir_buf_offset 35 /* Where things start */ +#define SMB_creatdir_len 35 + +/* Offsets for SMB delete directory */ + +#define SMB_deletdir_bcc_offset 33 /* only a bcc here */ +#define SMB_deletdir_buf_offset 35 /* where things start */ +#define SMB_deletdir_len 35 + +/* Offsets for SMB check directory */ + +#define SMB_checkdir_bcc_offset 33 /* Only a bcc here */ +#define SMB_checkdir_buf_offset 35 /* where things start */ +#define SMB_checkdir_len 35 + +/* Offsets for SMB search */ + +#define SMB_search_mdc_offset 33 /* Max Dir ents to return */ +#define SMB_search_atr_offset 35 /* Search attributes */ +#define SMB_search_bcc_offset 37 /* bcc */ +#define SMB_search_buf_offset 39 /* where the action is */ +#define SMB_search_len 39 + +#define SMB_searchr_dec_offset 33 /* Dir ents returned */ +#define SMB_searchr_bcc_offset 35 /* bcc */ +#define SMB_searchr_buf_offset 37 /* Where the action starts */ +#define SMB_searchr_len 37 /* before the dir ents */ + +#define SMB_searchr_dirent_len 43 /* 53 bytes */ + +/* Defines for SMB transact and transact2 calls */ + +#define SMB_trans_tpc_offset 33 /* Total param count */ +#define SMB_trans_tdc_offset 35 /* total Data count */ +#define SMB_trans_mpc_offset 37 /* Max params bytes to return */ +#define SMB_trans_mdc_offset 39 /* Max data bytes to return */ +#define SMB_trans_msc_offset 41 /* Max setup words to return */ +#define SMB_trans_rs1_offset 42 /* Reserved byte */ +#define SMB_trans_flg_offset 43 /* flags */ +#define SMB_trans_tmo_offset 45 /* Timeout, long */ +#define SMB_trans_rs2_offset 49 /* Next reserved */ +#define SMB_trans_pbc_offset 51 /* Param Byte count in buf */ +#define SMB_trans_pbo_offset 53 /* Offset to param bytes */ +#define SMB_trans_dbc_offset 55 /* Data byte count in buf */ +#define SMB_trans_dbo_offset 57 /* Data byte offset */ +#define SMB_trans_suc_offset 59 /* Setup count - byte */ +#define SMB_trans_rs3_offset 60 /* Reserved to pad ... */ +#define SMB_trans_len 61 /* Up to setup, still need bcc */ + +#define SMB_transr_tpc_offset 33 /* Total param bytes returned */ +#define SMB_transr_tdc_offset 35 +#define SMB_transr_rs1_offset 37 +#define SMB_transr_pbc_offset 39 +#define SMB_transr_pbo_offset 41 +#define SMB_transr_pdi_offset 43 /* parameter displacement */ +#define SMB_transr_dbc_offset 45 +#define SMB_transr_dbo_offset 47 +#define SMB_transr_ddi_offset 49 +#define SMB_transr_suc_offset 51 +#define SMB_transr_rs2_offset 52 +#define SMB_transr_len 53 + +/* Bit masks for SMB Capabilities ... */ + +#define SMB_cap_raw_mode 0x0001 +#define SMB_cap_mpx_mode 0x0002 +#define SMB_cap_unicode 0x0004 +#define SMB_cap_large_files 0x0008 +#define SMB_cap_nt_smbs 0x0010 +#define SMB_rpc_remote_apis 0x0020 +#define SMB_cap_nt_status 0x0040 +#define SMB_cap_level_II_oplocks 0x0080 +#define SMB_cap_lock_and_read 0x0100 +#define SMB_cap_nt_find 0x0200 + +/* SMB LANMAN api call defines */ + +#define SMB_LMapi_SetUserInfo 0x0072 +#define SMB_LMapi_UserPasswordSet 0x0073 + +/* Structures and defines we use in the client interface */ + +/* The protocols we might support. Perhaps a bit ambitious, as only RFCNB */ +/* has any support so far 0(sometimes called NBT) */ + +typedef enum { + SMB_RFCNB, SMB_IPXNB, SMB_NETBEUI, SMB_X25 +} SMB_Transport_Types; + +typedef enum { + SMB_Con_FShare, SMB_Con_PShare, SMB_Con_IPC +} SMB_Con_Types; + +typedef enum { + SMB_State_NoState, SMB_State_Stopped, SMB_State_Started +} SMB_State_Types; + +/* The following two arrays need to be in step! */ +/* We must make it possible for callers to specify these ... */ + + +extern char *SMB_Prots[]; + +/* + * static char *SMB_Prots[] = {"PC NETWORK PROGRAM 1.0", + * "MICROSOFT NETWORKS 1.03", + * "MICROSOFT NETWORKS 3.0", + * "DOS LANMAN1.0", + * "LANMAN1.0", + * "DOS LM1.2X002", + * "LM1.2X002", + * "DOS LANMAN2.1", + * "LANMAN2.1", + * "Samba", + * "NT LM 0.12", + * "NT LANMAN 1.0", + * NULL}; + */ +extern int SMB_Types[]; + +/* + * static int SMB_Types[] = {SMB_P_Core, + * SMB_P_CorePlus, + * SMB_P_DOSLanMan1, + * SMB_P_DOSLanMan1, + * SMB_P_LanMan1, + * SMB_P_DOSLanMan2, + * SMB_P_LanMan2, + * SMB_P_LanMan2_1, + * SMB_P_LanMan2_1, + * SMB_P_NT1, + * SMB_P_NT1, + * SMB_P_NT1, + * -1}; + */ +typedef struct SMB_Status { + + union { + struct { + unsigned char ErrorClass; + unsigned char Reserved; + unsigned short Error; + } DosError; + unsigned int NtStatus; + } status; +} SMB_Status; + +typedef struct SMB_Tree_Structure *SMB_Tree_Handle; + +typedef struct SMB_Connect_Def *SMB_Handle_Type; + +struct SMB_Connect_Def { + + SMB_Handle_Type Next_Con, Prev_Con; /* Next and previous conn */ + int protocol; /* What is the protocol */ + int prot_IDX; /* And what is the index */ + void *Trans_Connect; /* The connection */ + + /* All these strings should be malloc'd */ + + char service[80], username[80], password[80], desthost[80], sock_options[80]; + char address[80], myname[80]; + + SMB_Tree_Handle first_tree, last_tree; /* List of trees on this server */ + + int gid; /* Group ID, do we need it? */ + int mid; /* Multiplex ID? We might need one per con */ + int pid; /* Process ID */ + + int uid; /* Authenticated user id. */ + + /* It is pretty clear that we need to bust some of */ + /* these out into a per TCon record, as there may */ + /* be multiple TCon's per server, etc ... later */ + + int port; /* port to use in case not default, this is a TCPism! */ + + int max_xmit; /* Max xmit permitted by server */ + int Security; /* 0 = share, 1 = user */ + int Raw_Support; /* bit 0 = 1 = Read Raw supported, 1 = 1 Write raw */ + BOOL encrypt_passwords; /* FALSE = don't */ + int MaxMPX, MaxVC, MaxRaw; + unsigned int SessionKey, Capabilities; + int SvrTZ; /* Server Time Zone */ + int Encrypt_Key_Len; + char Encrypt_Key[80], Domain[80], PDomain[80], OSName[80], LMType[40]; + char Svr_OS[80], Svr_LMType[80], Svr_PDom[80]; + +}; + +#ifndef SMBLIB_DEFAULT_DOMAIN +#define SMBLIB_DEFAULT_DOMAIN "STAFF" +#endif +#define SMBLIB_DEFAULT_OSNAME "UNIX of some type" +#define SMBLIB_DEFAULT_LMTYPE "SMBlib LM2.1 minus a bit" +#define SMBLIB_MAX_XMIT 65535 + +#define SMB_Sec_Mode_Share 0 +#define SMB_Sec_Mode_User 1 + +/* A Tree_Structure */ + +struct SMB_Tree_Structure { + + SMB_Tree_Handle next, prev; + SMB_Handle_Type con; + char path[129]; + char device_type[20]; + int mbs; /* Local MBS */ + int tid; + +}; + +typedef struct SMB_File_Def SMB_File; + +struct SMB_File_Def { + + SMB_Tree_Handle tree; + char filename[256]; /* We should malloc this ... */ + UWORD fid; + unsigned int lastmod; + unsigned int size; /* Could blow up if 64bit files supported */ + UWORD access; + off_t fileloc; + +}; + +/* global Variables for the library */ + +extern SMB_State_Types SMBlib_State; + +#ifndef SMBLIB_ERRNO +extern int SMBlib_errno; +extern int SMBlib_SMB_Error; /* last Error */ +#endif + +SMB_Tree_Handle SMB_TreeConnect(SMB_Handle_Type con, SMB_Tree_Handle tree, + char *path, char *password, char *dev); + +int SMB_Init(); +void SMB_Get_My_Name(char *name, int len); +int SMB_Negotiate(SMB_Handle_Type Con_Handle, char *Prots[]); +int SMB_Discon(SMB_Handle_Type Con_Handle, BOOL KeepHandle); + +int SMB_Logon_Server(SMB_Handle_Type Con_Handle, char *UserName, + char *PassWord, char *UserDomain, int precrypted); + +int SMB_Get_Error_Msg(int msg, char *msgbuf, int len); + +int SMB_Get_Last_Error(); + +#endif /* __SMBLIB_PRIV_H__ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/smblib-util.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,801 @@ +/* UNIX SMBlib NetBIOS implementation + * + * Version 1.0 + * SMBlib Utility Routines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "smblib-priv.h" +#include +#include + +#include "rfcnb.h" + +/* global data structures */ + +static int SMB_Types[] = +{SMB_P_Core, + SMB_P_CorePlus, + SMB_P_DOSLanMan1, + SMB_P_DOSLanMan1, + SMB_P_LanMan1, + SMB_P_DOSLanMan2, + SMB_P_LanMan2, + SMB_P_LanMan2_1, + SMB_P_LanMan2_1, + SMB_P_NT1, + SMB_P_NT1, + SMB_P_NT1, + -1}; + +static char *SMB_Prots[] = +{"PC NETWORK PROGRAM 1.0", + "MICROSOFT NETWORKS 1.03", + "MICROSOFT NETWORKS 3.0", + "DOS LANMAN1.0", + "LANMAN1.0", + "DOS LM1.2X002", + "LM1.2X002", + "DOS LANMAN2.1", + "LANMAN2.1", + "Samba", + "NT LM 0.12", + "NT LANMAN 1.0", + NULL}; + +/* Print out an SMB pkt in all its gory detail ... */ + +void +SMB_Print_Pkt(FILE fd, RFCNB_Pkt * pkt, BOOL command, int Offset, int Len) +{ + + /* Well, just how do we do this ... print it I suppose */ + + /* Print out the SMB header ... */ + + /* Print the command */ + + /* Print the other bits in the header */ + + + /* etc */ + +} + +/* Convert a DOS Date_Time to a local host type date time for printing */ + +char * +SMB_DOSTimToStr(int DOS_time) +{ + static char SMB_Time_Temp[48]; + int DOS_sec, DOS_min, DOS_hour, DOS_day, DOS_month, DOS_year; + + SMB_Time_Temp[0] = 0; + + DOS_sec = (DOS_time & 0x001F) * 2; + DOS_min = (DOS_time & 0x07E0) >> 5; + DOS_hour = ((DOS_time & 0xF800) >> 11); + + DOS_day = (DOS_time & 0x001F0000) >> 16; + DOS_month = (DOS_time & 0x01E00000) >> 21; + DOS_year = ((DOS_time & 0xFE000000) >> 25) + 80; + + sprintf(SMB_Time_Temp, "%2d/%02d/%2d %2d:%02d:%02d", DOS_day, DOS_month, + DOS_year, DOS_hour, DOS_min, DOS_sec); + + return (SMB_Time_Temp); + +} + +/* Convert an attribute byte/word etc to a string ... We return a pointer + * to a static string which we guarantee is long enough. If verbose is + * true, we print out long form of strings ... */ + +char * +SMB_AtrToStr(int attribs, BOOL verbose) +{ + static char SMB_Attrib_Temp[128]; + + SMB_Attrib_Temp[0] = 0; + + if (attribs & SMB_FA_ROF) + strcat(SMB_Attrib_Temp, (verbose ? "Read Only " : "R")); + + if (attribs & SMB_FA_HID) + strcat(SMB_Attrib_Temp, (verbose ? "Hidden " : "H")); + + if (attribs & SMB_FA_SYS) + strcat(SMB_Attrib_Temp, (verbose ? "System " : "S")); + + if (attribs & SMB_FA_VOL) + strcat(SMB_Attrib_Temp, (verbose ? "Volume " : "V")); + + if (attribs & SMB_FA_DIR) + strcat(SMB_Attrib_Temp, (verbose ? "Directory " : "D")); + + if (attribs & SMB_FA_ARC) + strcat(SMB_Attrib_Temp, (verbose ? "Archive " : "A")); + + return (SMB_Attrib_Temp); + +} + +/* Pick up the Max Buffer Size from the Tree Structure ... */ + +int +SMB_Get_Tree_MBS(SMB_Tree_Handle tree) +{ + if (tree != NULL) { + return (tree->mbs); + } else { + return (SMBlibE_BAD); + } +} + +/* Pick up the Max buffer size */ + +int +SMB_Get_Max_Buf_Siz(SMB_Handle_Type Con_Handle) +{ + if (Con_Handle != NULL) { + return (Con_Handle->max_xmit); + } else { + return (SMBlibE_BAD); + } + +} +/* Pickup the protocol index from the connection structure */ + +int +SMB_Get_Protocol_IDX(SMB_Handle_Type Con_Handle) +{ + if (Con_Handle != NULL) { + return (Con_Handle->prot_IDX); + } else { + return (0xFFFF); /* Invalid protocol */ + } + +} + +/* Pick up the protocol from the connection structure */ + +int +SMB_Get_Protocol(SMB_Handle_Type Con_Handle) +{ + if (Con_Handle != NULL) { + return (Con_Handle->protocol); + } else { + return (0xFFFF); /* Invalid protocol */ + } + +} + +/* Figure out what protocol was accepted, given the list of dialect strings */ +/* We offered, and the index back from the server. We allow for a user */ +/* supplied list, and assume that it is a subset of our list */ + +int +SMB_Figure_Protocol(char *dialects[], int prot_index) +{ + int i; + + if (dialects == SMB_Prots) { /* The jobs is easy, just index into table */ + + return (SMB_Types[prot_index]); + } else { /* Search through SMB_Prots looking for a match */ + + for (i = 0; SMB_Prots[i] != NULL; i++) { + + if (strcmp(dialects[prot_index], SMB_Prots[i]) == 0) { /* A match */ + + return (SMB_Types[i]); + + } + } + + /* If we got here, then we are in trouble, because the protocol was not */ + /* One we understand ... */ + + return (SMB_P_Unknown); + + } + +} + + +/* Negotiate the protocol we will use from the list passed in Prots */ +/* we return the index of the accepted protocol in NegProt, -1 indicates */ +/* none acceptible, and our return value is 0 if ok, <0 if problems */ + +int +SMB_Negotiate(SMB_Handle_Type Con_Handle, char *Prots[]) +{ + struct RFCNB_Pkt *pkt; + int prots_len, i, pkt_len, prot, alloc_len; + char *p; + + /* Figure out how long the prot list will be and allocate space for it */ + + prots_len = 0; + + for (i = 0; Prots[i] != NULL; i++) { + + prots_len = prots_len + strlen(Prots[i]) + 2; /* Account for null etc */ + + } + + /* The -1 accounts for the one byte smb_buf we have because some systems */ + /* don't like char msg_buf[] */ + + pkt_len = SMB_negp_len + prots_len; + + /* Make sure that the pkt len is long enough for the max response ... */ + /* Which is a problem, because the encryption key len eec may be long */ + + if (pkt_len < (SMB_hdr_wct_offset + (19 * 2) + 40)) { + + alloc_len = SMB_hdr_wct_offset + (19 * 2) + 40; + + } else { + + alloc_len = pkt_len; + + } + + pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(alloc_len); + + if (pkt == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + return (SMBlibE_BAD); + + } + /* Now plug in the bits we need */ + + bzero(SMB_Hdr(pkt), SMB_negp_len); + SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ + *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBnegprot; + SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); + *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; + + SSVAL(SMB_Hdr(pkt), SMB_negp_bcc_offset, prots_len); + + /* Now copy the prot strings in with the right stuff */ + + p = (char *) (SMB_Hdr(pkt) + SMB_negp_buf_offset); + + for (i = 0; Prots[i] != NULL; i++) { + + *p = SMBdialectID; + strcpy(p + 1, Prots[i]); + p = p + strlen(Prots[i]) + 2; /* Adjust len of p for null plus dialectID */ + + } + + /* Now send the packet and sit back ... */ + + if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { + + +#ifdef DEBUG + fprintf(stderr, "Error sending negotiate protocol\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_SendFailed; /* Failed, check lower layer errno */ + return (SMBlibE_BAD); + + } + /* Now get the response ... */ + + if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, alloc_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error receiving response to negotiate\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_RecvFailed; /* Failed, check lower layer errno */ + return (SMBlibE_BAD); + + } + if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ + +#ifdef DEBUG + fprintf(stderr, "SMB_Negotiate failed with errorclass = %i, Error Code = %i\n", + CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), + SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); +#endif + + SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_Remote; + return (SMBlibE_BAD); + + } + if (SVAL(SMB_Hdr(pkt), SMB_negrCP_idx_offset) == 0xFFFF) { + +#ifdef DEBUG + fprintf(stderr, "None of our protocols was accepted ... "); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_NegNoProt; + return (SMBlibE_BAD); + + } + /* Now, unpack the info from the response, if any and evaluate the proto */ + /* selected. We must make sure it is one we like ... */ + + Con_Handle->prot_IDX = prot = SVAL(SMB_Hdr(pkt), SMB_negrCP_idx_offset); + Con_Handle->protocol = SMB_Figure_Protocol(Prots, prot); + + if (Con_Handle->protocol == SMB_P_Unknown) { /* No good ... */ + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_ProtUnknown; + return (SMBlibE_BAD); + + } + switch (CVAL(SMB_Hdr(pkt), SMB_hdr_wct_offset)) { + + case 0x01: /* No more info ... */ + + break; + + case 13: /* Up to and including LanMan 2.1 */ + + Con_Handle->Security = SVAL(SMB_Hdr(pkt), SMB_negrLM_sec_offset); + Con_Handle->encrypt_passwords = ((Con_Handle->Security & SMB_sec_encrypt_mask) != 0x00); + Con_Handle->Security = Con_Handle->Security & SMB_sec_user_mask; + + Con_Handle->max_xmit = SVAL(SMB_Hdr(pkt), SMB_negrLM_mbs_offset); + Con_Handle->MaxMPX = SVAL(SMB_Hdr(pkt), SMB_negrLM_mmc_offset); + Con_Handle->MaxVC = SVAL(SMB_Hdr(pkt), SMB_negrLM_mnv_offset); + Con_Handle->Raw_Support = SVAL(SMB_Hdr(pkt), SMB_negrLM_rm_offset); + Con_Handle->SessionKey = IVAL(SMB_Hdr(pkt), SMB_negrLM_sk_offset); + Con_Handle->SvrTZ = SVAL(SMB_Hdr(pkt), SMB_negrLM_stz_offset); + Con_Handle->Encrypt_Key_Len = SVAL(SMB_Hdr(pkt), SMB_negrLM_ekl_offset); + + p = (SMB_Hdr(pkt) + SMB_negrLM_buf_offset); + fprintf(stderr, "%8s", (char *) (SMB_Hdr(pkt) + SMB_negrLM_buf_offset)); + memcpy(Con_Handle->Encrypt_Key, p, 8); + + p = (SMB_Hdr(pkt) + SMB_negrLM_buf_offset + Con_Handle->Encrypt_Key_Len); + + strncpy(p, Con_Handle->Svr_PDom, sizeof(Con_Handle->Svr_PDom) - 1); + + break; + + case 17: /* NT LM 0.12 and LN LM 1.0 */ + + Con_Handle->Security = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_sec_offset); + Con_Handle->encrypt_passwords = ((Con_Handle->Security & SMB_sec_encrypt_mask) != 0x00); + Con_Handle->Security = Con_Handle->Security & SMB_sec_user_mask; + + Con_Handle->max_xmit = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_mbs_offset); + Con_Handle->MaxMPX = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_mmc_offset); + Con_Handle->MaxVC = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_mnv_offset); + Con_Handle->MaxRaw = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_mrs_offset); + Con_Handle->SessionKey = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_sk_offset); + Con_Handle->SvrTZ = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_stz_offset); + Con_Handle->Encrypt_Key_Len = CVAL(SMB_Hdr(pkt), SMB_negrNTLM_ekl_offset); + + p = (SMB_Hdr(pkt) + SMB_negrNTLM_buf_offset); + memcpy(Con_Handle->Encrypt_Key, p, 8); + p = (SMB_Hdr(pkt) + SMB_negrNTLM_buf_offset + Con_Handle->Encrypt_Key_Len); + + strncpy(p, Con_Handle->Svr_PDom, sizeof(Con_Handle->Svr_PDom) - 1); + + break; + + default: + +#ifdef DEBUG + fprintf(stderr, "Unknown NegProt response format ... Ignored\n"); + fprintf(stderr, " wct = %i\n", CVAL(SMB_Hdr(pkt), SMB_hdr_wct_offset)); +#endif + + break; + } + +#ifdef DEBUG + fprintf(stderr, "Protocol selected is: %i:%s\n", prot, Prots[prot]); +#endif + + RFCNB_Free_Pkt(pkt); + return (0); + +} + +/* Get our hostname */ + +void +SMB_Get_My_Name(char *name, int len) +{ + + if (gethostname(name, len) < 0) { /* Error getting name */ + + strncpy(name, "unknown", len); + + /* Should check the error */ + +#ifdef DEBUG + fprintf(stderr, "gethostname in SMB_Get_My_Name returned error:"); + perror(""); +#endif + + } + /* only keep the portion up to the first "." */ + + +} + +/* Send a TCON to the remote server ... */ + +SMB_Tree_Handle +SMB_TreeConnect(SMB_Handle_Type Con_Handle, + SMB_Tree_Handle Tree_Handle, + char *path, + char *password, + char *device) +{ + struct RFCNB_Pkt *pkt; + int param_len, pkt_len; + char *p; + SMB_Tree_Handle tree; + + /* Figure out how much space is needed for path, password, dev ... */ + + if ((path == NULL) || (password == NULL) || (device == NULL)) { + +#ifdef DEBUG + fprintf(stderr, "Bad parameter passed to SMB_TreeConnect\n"); +#endif + + SMBlib_errno = SMBlibE_BadParam; + return (NULL); + + } + /* The + 2 is because of the \0 and the marker ... */ + + param_len = strlen(path) + 2 + strlen(password) + 2 + strlen(device) + 2; + + /* The -1 accounts for the one byte smb_buf we have because some systems */ + /* don't like char msg_buf[] */ + + pkt_len = SMB_tcon_len + param_len; + + pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); + + if (pkt == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + return (NULL); /* Should handle the error */ + + } + /* Now allocate a tree for this to go into ... */ + + if (Tree_Handle == NULL) { + + tree = (SMB_Tree_Handle) malloc(sizeof(struct SMB_Tree_Structure)); + + if (tree == NULL) { + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_NoSpace; + return (NULL); + + } + } else { + + tree = Tree_Handle; + + } + + tree->next = tree->prev = NULL; + tree->con = Con_Handle; + strncpy(tree->path, path, sizeof(tree->path)); + strncpy(tree->device_type, device, sizeof(tree->device_type)); + + /* Now plug in the values ... */ + + bzero(SMB_Hdr(pkt), SMB_tcon_len); + SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ + *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBtcon; + SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); + *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; + + SSVAL(SMB_Hdr(pkt), SMB_tcon_bcc_offset, param_len); + + /* Now copy the param strings in with the right stuff */ + + p = (char *) (SMB_Hdr(pkt) + SMB_tcon_buf_offset); + *p = SMBasciiID; + strcpy(p + 1, path); + p = p + strlen(path) + 2; + *p = SMBasciiID; + strcpy(p + 1, password); + p = p + strlen(password) + 2; + *p = SMBasciiID; + strcpy(p + 1, device); + + /* Now send the packet and sit back ... */ + + if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error sending TCon request\n"); +#endif + + if (Tree_Handle == NULL) + free(tree); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_SendFailed; + return (NULL); + + } + /* Now get the response ... */ + + if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error receiving response to TCon\n"); +#endif + + if (Tree_Handle == NULL) + free(tree); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_RecvFailed; + return (NULL); + + } + /* Check out the response type ... */ + + if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ + +#ifdef DEBUG + fprintf(stderr, "SMB_TCon failed with errorclass = %i, Error Code = %i\n", + CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), + SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); +#endif + + if (Tree_Handle == NULL) + free(tree); + SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_Remote; + return (NULL); + + } + tree->tid = SVAL(SMB_Hdr(pkt), SMB_tconr_tid_offset); + tree->mbs = SVAL(SMB_Hdr(pkt), SMB_tconr_mbs_offset); + +#ifdef DEBUG + fprintf(stderr, "TConn succeeded, with TID=%i, Max Xmit=%i\n", + tree->tid, tree->mbs); +#endif + + /* Now link the Tree to the Server Structure ... */ + + if (Con_Handle->first_tree == NULL) { + + Con_Handle->first_tree = tree; + Con_Handle->last_tree = tree; + + } else { + + Con_Handle->last_tree->next = tree; + tree->prev = Con_Handle->last_tree; + Con_Handle->last_tree = tree; + + } + + RFCNB_Free_Pkt(pkt); + return (tree); + +} + +int +SMB_TreeDisconnect(SMB_Tree_Handle Tree_Handle, BOOL discard) +{ + struct RFCNB_Pkt *pkt; + int pkt_len; + + pkt_len = SMB_tdis_len; + + pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); + + if (pkt == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + return (SMBlibE_BAD); /* Should handle the error */ + + } + /* Now plug in the values ... */ + + bzero(SMB_Hdr(pkt), SMB_tdis_len); + SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ + *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBtdis; + SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Tree_Handle->con->pid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Tree_Handle->con->mid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Tree_Handle->con->uid); + *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 0; + + SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, Tree_Handle->tid); + SSVAL(SMB_Hdr(pkt), SMB_tcon_bcc_offset, 0); + + /* Now send the packet and sit back ... */ + + if (RFCNB_Send(Tree_Handle->con->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error sending TDis request\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_SendFailed; + return (SMBlibE_BAD); + + } + /* Now get the response ... */ + + if (RFCNB_Recv(Tree_Handle->con->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error receiving response to TCon\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = -SMBlibE_RecvFailed; + return (SMBlibE_BAD); + + } + /* Check out the response type ... */ + + if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ + +#ifdef DEBUG + fprintf(stderr, "SMB_TDis failed with errorclass = %i, Error Code = %i\n", + CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), + SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); +#endif + + SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_Remote; + return (SMBlibE_BAD); + + } + Tree_Handle->tid = 0xFFFF; /* Invalid TID */ + Tree_Handle->mbs = 0; /* Invalid */ + +#ifdef DEBUG + + fprintf(stderr, "Tree disconnect successful ...\n"); + +#endif + + /* What about the tree handle ? */ + + if (discard == TRUE) { /* Unlink it and free it ... */ + + if (Tree_Handle->next == NULL) + Tree_Handle->con->first_tree = Tree_Handle->prev; + else + Tree_Handle->next->prev = Tree_Handle->prev; + + if (Tree_Handle->prev == NULL) + Tree_Handle->con->last_tree = Tree_Handle->next; + else + Tree_Handle->prev->next = Tree_Handle->next; + + } + RFCNB_Free_Pkt(pkt); + return (0); + +} + +/* Pick up the last LMBlib error ... */ + +int +SMB_Get_Last_Error() +{ + + return (SMBlib_errno); + +} + +/* Pick up the last error returned in an SMB packet */ +/* We will need macros to extract error class and error code */ + +int +SMB_Get_Last_SMB_Err() +{ + + return (SMBlib_SMB_Error); + +} + +/* Pick up the error message associated with an error from SMBlib */ + +/* Keep this table in sync with the message codes in smblib-common.h */ + +static char *SMBlib_Error_Messages[] = +{ + + "Request completed sucessfully.", + "Server returned a non-zero SMB Error Class and Code.", + "A lower layer protocol error occurred.", + "Function not yet implemented.", + "The protocol negotiated does not support the request.", + "No space available for operation.", + "One or more bad parameters passed.", + "None of the protocols we offered were accepted.", + "The attempt to send an SMB request failed. See protocol error info.", + "The attempt to get an SMB response failed. See protocol error info.", + "The logon request failed, but you were logged in as guest.", + "The attempt to call the remote server failed. See protocol error info.", + "The protocol dialect specified in a NegProt and accepted by the server is unknown.", + /* This next one simplifies error handling */ + "No such error code.", + NULL}; + +int +SMB_Get_Error_Msg(int msg, char *msgbuf, int len) +{ + + if (msg >= 0) { + + strncpy(msgbuf, + SMBlib_Error_Messages[msg > SMBlibE_NoSuchMsg ? SMBlibE_NoSuchMsg : msg], + len - 1); + msgbuf[len - 1] = 0; /* Make sure it is a string */ + } else { /* Add the lower layer message ... */ + + char prot_msg[1024]; + + msg = -msg; /* Make it positive */ + + strncpy(msgbuf, + SMBlib_Error_Messages[msg > SMBlibE_NoSuchMsg ? SMBlibE_NoSuchMsg : msg], + len - 1); + + msgbuf[len - 1] = 0; /* make sure it is a string */ + + if (strlen(msgbuf) < len) { /* If there is space, put rest in */ + + strncat(msgbuf, "\n\t", len - strlen(msgbuf)); + + RFCNB_Get_Error(prot_msg, sizeof(prot_msg) - 1); + + strncat(msgbuf, prot_msg, len - strlen(msgbuf)); + + } + } + return 0; +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/smblib.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,574 @@ +/* UNIX SMBlib NetBIOS implementation + * + * Version 1.0 + * SMBlib Routines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "config.h" +#include +#include +#include + +int SMBlib_errno; +int SMBlib_SMB_Error; +#define SMBLIB_ERRNO +#define uchar unsigned char +#include "smblib-priv.h" + +#include "rfcnb.h" +#include "smbencrypt.h" + +#include + +#define DEBUG + +SMB_State_Types SMBlib_State; + +/* Initialize the SMBlib package */ + +int +SMB_Init() +{ + + SMBlib_State = SMB_State_Started; + + signal(SIGPIPE, SIG_IGN); /* Ignore these ... */ + +/* If SMBLIB_Instrument is defines, turn on the instrumentation stuff */ +#ifdef SMBLIB_INSTRUMENT + + SMBlib_Instrument_Init(); + +#endif + + return 0; + +} + +int +SMB_Term() +{ + +#ifdef SMBLIB_INSTRUMENT + + SMBlib_Instrument_Term(); /* Clean up and print results */ + +#endif + + return 0; + +} + +/* SMB_Create: Create a connection structure and return for later use */ +/* We have other helper routines to set variables */ + +SMB_Handle_Type +SMB_Create_Con_Handle() +{ + + SMBlib_errno = SMBlibE_NotImpl; + return (NULL); + +} + +int +SMBlib_Set_Sock_NoDelay(SMB_Handle_Type Con_Handle, BOOL yn) +{ + + + if (RFCNB_Set_Sock_NoDelay(Con_Handle->Trans_Connect, yn) < 0) { + +#ifdef DEBUG +#endif + + fprintf(stderr, "Setting no-delay on TCP socket failed ...\n"); + + } + return (0); + +} + +/* SMB_Connect_Server: Connect to a server, but don't negotiate protocol */ +/* or anything else ... */ + +SMB_Handle_Type +SMB_Connect_Server(SMB_Handle_Type Con_Handle, + char *server, char *NTdomain) +{ + SMB_Handle_Type con; + char called[80], calling[80], *address; + int i; + + /* Get a connection structure if one does not exist */ + + con = Con_Handle; + + if (Con_Handle == NULL) { + + if ((con = (struct SMB_Connect_Def *) malloc(sizeof(struct SMB_Connect_Def))) == NULL) { + + + SMBlib_errno = SMBlibE_NoSpace; + return NULL; + } + } + /* Init some things ... */ + + strcpy(con->service, ""); + strcpy(con->username, ""); + strcpy(con->password, ""); + strcpy(con->sock_options, ""); + strcpy(con->address, ""); + strcpy(con->desthost, server); + strcpy(con->PDomain, NTdomain); + strcpy(con->OSName, SMBLIB_DEFAULT_OSNAME); + strcpy(con->LMType, SMBLIB_DEFAULT_LMTYPE); + con->first_tree = con->last_tree = NULL; + + /* ugh. This is horribly broken. */ +/* SMB_Get_My_Name(con -> myname, sizeof(con -> myname)); */ + /* hacked by Kinkie */ + i = gethostname(con->myname, sizeof(con->myname)); + if (i == -1) { + strcpy(con->myname, "unknown"); + } else { + if (NULL != (address = strchr(con->myname, '.'))) { + *address = '\0'; /* truncate at first '.' */ + } + } + + + con->port = 0; /* No port selected */ + + /* Get some things we need for the SMB Header */ + + con->pid = getpid(); + con->mid = con->pid; /* This will do for now ... */ + con->uid = 0; /* Until we have done a logon, no uid ... */ + con->gid = getgid(); + + /* Now connect to the remote end, but first upper case the name of the + * service we are going to call, sine some servers want it in uppercase */ + + for (i = 0; i < strlen(server); i++) + called[i] = toupper(server[i]); + + called[strlen(server)] = 0; /* Make it a string */ + + for (i = 0; i < strlen(con->myname); i++) + calling[i] = toupper(con->myname[i]); + + calling[strlen(con->myname)] = 0; /* Make it a string */ + + if (strcmp(con->address, "") == 0) + address = con->desthost; + else + address = con->address; + + con->Trans_Connect = RFCNB_Call(called, + calling, + address, /* Protocol specific */ + con->port); + + /* Did we get one? */ + + if (con->Trans_Connect == NULL) { + + if (Con_Handle == NULL) { + Con_Handle = NULL; + free(con); + } + SMBlib_errno = -SMBlibE_CallFailed; + return NULL; + + } + return (con); + +} + +/* SMB_Connect: Connect to the indicated server */ +/* If Con_Handle == NULL then create a handle and connect, otherwise */ +/* use the handle passed */ + +char *SMB_Prots_Restrict[] = +{"PC NETWORK PROGRAM 1.0", + NULL}; + + +SMB_Handle_Type +SMB_Connect(SMB_Handle_Type Con_Handle, + SMB_Tree_Handle * tree, + char *service, + char *username, + char *password) +{ + SMB_Handle_Type con; + char *host, *address; + char temp[80], called[80], calling[80]; + int i; + + /* Get a connection structure if one does not exist */ + + con = Con_Handle; + + if (Con_Handle == NULL) { + + if ((con = (struct SMB_Connect_Def *) malloc(sizeof(struct SMB_Connect_Def))) == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + return NULL; + } + } + /* Init some things ... */ + + strcpy(con->service, service); + strcpy(con->username, username); + strcpy(con->password, password); + strcpy(con->sock_options, ""); + strcpy(con->address, ""); + strcpy(con->PDomain, SMBLIB_DEFAULT_DOMAIN); + strcpy(con->OSName, SMBLIB_DEFAULT_OSNAME); + strcpy(con->LMType, SMBLIB_DEFAULT_LMTYPE); + con->first_tree = con->last_tree = NULL; + + SMB_Get_My_Name(con->myname, sizeof(con->myname)); + + con->port = 0; /* No port selected */ + + /* Get some things we need for the SMB Header */ + + con->pid = getpid(); + con->mid = con->pid; /* This will do for now ... */ + con->uid = 0; /* Until we have done a logon, no uid */ + con->gid = getgid(); + + /* Now figure out the host portion of the service */ + + strcpy(temp, service); + host = (char *) strtok(temp, "/\\"); /* Separate host name portion */ + strcpy(con->desthost, host); + + /* Now connect to the remote end, but first upper case the name of the + * service we are going to call, sine some servers want it in uppercase */ + + for (i = 0; i < strlen(host); i++) + called[i] = toupper(host[i]); + + called[strlen(host)] = 0; /* Make it a string */ + + for (i = 0; i < strlen(con->myname); i++) + calling[i] = toupper(con->myname[i]); + + calling[strlen(con->myname)] = 0; /* Make it a string */ + + if (strcmp(con->address, "") == 0) + address = con->desthost; + else + address = con->address; + + con->Trans_Connect = RFCNB_Call(called, + calling, + address, /* Protocol specific */ + con->port); + + /* Did we get one? */ + + if (con->Trans_Connect == NULL) { + + if (Con_Handle == NULL) { + free(con); + Con_Handle = NULL; + } + SMBlib_errno = -SMBlibE_CallFailed; + return NULL; + + } + /* Now, negotiate the protocol */ + + if (SMB_Negotiate(con, SMB_Prots_Restrict) < 0) { + + /* Hmmm what should we do here ... We have a connection, but could not + * negotiate ... */ + + return NULL; + + } + /* Now connect to the service ... */ + + if ((*tree = SMB_TreeConnect(con, NULL, service, password, "A:")) == NULL) { + + return NULL; + + } + return (con); + +} + +/* Logon to the server. That is, do a session setup if we can. We do not do */ +/* Unicode yet! */ + +int +SMB_Logon_Server(SMB_Handle_Type Con_Handle, char *UserName, + char *PassWord, char *UserDomain, int precrypted) +{ + struct RFCNB_Pkt *pkt; + int param_len, pkt_len, pass_len; + char *p, pword[128]; + + /* First we need a packet etc ... but we need to know what protocol has */ + /* been negotiated to figure out if we can do it and what SMB format to */ + /* use ... */ + + if (Con_Handle->protocol < SMB_P_LanMan1) { + + SMBlib_errno = SMBlibE_ProtLow; + return (SMBlibE_BAD); + + } + if (precrypted) { + pass_len = 24; + memcpy(pword, PassWord, 24); + } else { + strcpy(pword, PassWord); + if (Con_Handle->encrypt_passwords) { + pass_len = 24; + SMBencrypt((uchar *) PassWord, (uchar *) Con_Handle->Encrypt_Key, (uchar *) pword); + } else + pass_len = strlen(pword); + } + + /* Now build the correct structure */ + + if (Con_Handle->protocol < SMB_P_NT1) { + + param_len = strlen(UserName) + 1 + pass_len + 1 + + strlen(UserDomain) + 1 + + strlen(Con_Handle->OSName) + 1; + + pkt_len = SMB_ssetpLM_len + param_len; + + pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); + + if (pkt == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + fprintf(stderr, "SMB_Logon_server: Couldn't allocate packet\n"); + return (SMBlibE_BAD); /* Should handle the error */ + } + bzero(SMB_Hdr(pkt), SMB_ssetpLM_len); + SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ + *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBsesssetupX; + SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); + *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 10; + *(SMB_Hdr(pkt) + SMB_hdr_axc_offset) = 0xFF; /* No extra command */ + SSVAL(SMB_Hdr(pkt), SMB_hdr_axo_offset, 0); + + SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_mbs_offset, SMBLIB_MAX_XMIT); + SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_mmc_offset, 2); + SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_vcn_offset, Con_Handle->pid); + SIVAL(SMB_Hdr(pkt), SMB_ssetpLM_snk_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_pwl_offset, pass_len + 1); + SIVAL(SMB_Hdr(pkt), SMB_ssetpLM_res_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_bcc_offset, param_len); + + /* Now copy the param strings in with the right stuff */ + + p = (char *) (SMB_Hdr(pkt) + SMB_ssetpLM_buf_offset); + + /* Copy in password, then the rest. Password has a null at end */ + + memcpy(p, pword, pass_len); + + p = p + pass_len + 1; + + strcpy(p, UserName); + p = p + strlen(UserName); + *p = 0; + + p = p + 1; + + strcpy(p, UserDomain); + p = p + strlen(UserDomain); + *p = 0; + p = p + 1; + + strcpy(p, Con_Handle->OSName); + p = p + strlen(Con_Handle->OSName); + *p = 0; + + } else { + + /* We don't admit to UNICODE support ... */ + + param_len = strlen(UserName) + 1 + pass_len + + strlen(UserDomain) + 1 + + strlen(Con_Handle->OSName) + 1 + + strlen(Con_Handle->LMType) + 1; + + pkt_len = SMB_ssetpNTLM_len + param_len; + + pkt = (struct RFCNB_Pkt *) RFCNB_Alloc_Pkt(pkt_len); + + if (pkt == NULL) { + + SMBlib_errno = SMBlibE_NoSpace; + fprintf(stderr, "SMB_Logon_server: Couldn't allocate packet\n"); + return (-1); /* Should handle the error */ + } + bzero(SMB_Hdr(pkt), SMB_ssetpNTLM_len); + SIVAL(SMB_Hdr(pkt), SMB_hdr_idf_offset, SMB_DEF_IDF); /* Plunk in IDF */ + *(SMB_Hdr(pkt) + SMB_hdr_com_offset) = SMBsesssetupX; + SSVAL(SMB_Hdr(pkt), SMB_hdr_pid_offset, Con_Handle->pid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_tid_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_hdr_mid_offset, Con_Handle->mid); + SSVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset, Con_Handle->uid); + *(SMB_Hdr(pkt) + SMB_hdr_wct_offset) = 13; + *(SMB_Hdr(pkt) + SMB_hdr_axc_offset) = 0xFF; /* No extra command */ + SSVAL(SMB_Hdr(pkt), SMB_hdr_axo_offset, 0); + + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_mbs_offset, SMBLIB_MAX_XMIT); + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_mmc_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_vcn_offset, 0); + SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_snk_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cipl_offset, pass_len); + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cspl_offset, 0); + SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_res_offset, 0); + SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cap_offset, 0); + SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_bcc_offset, param_len); + + /* Now copy the param strings in with the right stuff */ + + p = (char *) (SMB_Hdr(pkt) + SMB_ssetpNTLM_buf_offset); + + /* Copy in password, then the rest. Password has no null at end */ + + memcpy(p, pword, pass_len); + + p = p + pass_len; + + strcpy(p, UserName); + p = p + strlen(UserName); + *p = 0; + + p = p + 1; + + strcpy(p, UserDomain); + p = p + strlen(UserDomain); + *p = 0; + p = p + 1; + + strcpy(p, Con_Handle->OSName); + p = p + strlen(Con_Handle->OSName); + *p = 0; + p = p + 1; + + strcpy(p, Con_Handle->LMType); + p = p + strlen(Con_Handle->LMType); + *p = 0; + + } + + /* Now send it and get a response */ + + if (RFCNB_Send(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error sending SessSetupX request\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_SendFailed; + return (SMBlibE_BAD); + + } + /* Now get the response ... */ + + if (RFCNB_Recv(Con_Handle->Trans_Connect, pkt, pkt_len) < 0) { + +#ifdef DEBUG + fprintf(stderr, "Error receiving response to SessSetupAndX\n"); +#endif + + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_RecvFailed; + return (SMBlibE_BAD); + + } + /* Check out the response type ... */ + + if (CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset) != SMBC_SUCCESS) { /* Process error */ + +#ifdef DEBUG + fprintf(stderr, "SMB_SessSetupAndX failed with errorclass = %i, Error Code = %i\n", + CVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset), + SVAL(SMB_Hdr(pkt), SMB_hdr_err_offset)); +#endif + + SMBlib_SMB_Error = IVAL(SMB_Hdr(pkt), SMB_hdr_rcls_offset); + RFCNB_Free_Pkt(pkt); + SMBlib_errno = SMBlibE_Remote; + return (SMBlibE_BAD); + + } +/** @@@ mdz: check for guest login { **/ + if (SVAL(SMB_Hdr(pkt), SMB_ssetpr_act_offset) & 0x1) { + /* do we allow guest login? NO! */ + return (SMBlibE_BAD); + + } +/** @@@ mdz: } **/ + + +#ifdef DEBUG + fprintf(stderr, "SessSetupAndX response. Action = %i\n", + SVAL(SMB_Hdr(pkt), SMB_ssetpr_act_offset)); +#endif + + /* Now pick up the UID for future reference ... */ + + Con_Handle->uid = SVAL(SMB_Hdr(pkt), SMB_hdr_uid_offset); + RFCNB_Free_Pkt(pkt); + + return (0); + +} + + +/* Disconnect from the server, and disconnect all tree connects */ + +int +SMB_Discon(SMB_Handle_Type Con_Handle, BOOL KeepHandle) +{ + + /* We just disconnect the connection for now ... */ + if (Con_Handle != NULL) + RFCNB_Hangup(Con_Handle->Trans_Connect); + + if (!KeepHandle) + free(Con_Handle); + + return (0); + +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/smblib.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,98 @@ +/* UNIX SMBlib NetBIOS implementation + * + * Version 1.0 + * SMBlib Defines + * + * Copyright (C) Richard Sharpe 1996 + * + */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "std-defines.h" +#include "smblib-common.h" + +/* Just define all the entry points */ + +/* Create a handle to allow us to set/override some parameters ... */ + +void *SMB_Create_Con_Handle(); + +/* Connect to a server, but do not do a tree con etc ... */ + +void *SMB_Connect_Server(void *Con, char *server, char *NTdomain); + +/* Connect to a server and give us back a handle. If Con == NULL, create */ +/* The handle and populate it with defaults */ + +void *SMB_Connect(void *Con, void **tree, + char *name, char *User, char *Password); + +/* Negotiate a protocol */ + +int SMB_Negotiate(void *Con_Handle, char *Prots[]); + +/* Connect to a tree ... */ + +void *SMB_TreeConnect(void *con_handle, void *tree_handle, + char *path, char *password, char *dev); + +/* Disconnect a tree ... */ + +int SMB_TreeDisconect(void *tree_handle); + +/* Open a file */ + +void *SMB_Open(void *tree_handle, + void *file_handle, + char *file_name, + unsigned short mode, + unsigned short search); + +/* Close a file */ + +int SMB_Close(void *file_handle); + +/* Disconnect from server. Has flag to specify whether or not we keep the */ +/* handle. */ + +int SMB_Discon(void *Con, BOOL KeepHandle); + +void *SMB_Create(void *Tree_Handle, + void *File_Handle, + char *file_name, + short search); + +int SMB_Delete(void *tree, char *file_name, short search); + +int SMB_Create_Dir(void *tree, char *dir_name); + +int SMB_Delete_Dir(void *tree, char *dir_name); + +int SMB_Check_Dir(void *tree, char *dir_name); + +int SMB_Get_Last_Error(); + +int SMB_Get_Last_SMB_Err(); + +int SMB_Get_Error_Msg(int msg, char *msgbuf, int len); + +void *SMB_Logon_And_TCon(void *con, void *tree, char *user, char *pass, + char *service, char *st); + + +#define SMBLIB_DEFAULT_DOMAIN "anydom" --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/std-defines.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,45 @@ +#ifndef __STD_DEFINES__ +#define __STD_DEFINES__ + +/* RFCNB Standard includes ... */ +/* + * + * SMBlib Standard Includes + * + * Copyright (C) 1996, Richard Sharpe + * + * One day we will conditionalize these on OS types ... */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#define BOOL int +typedef short int16; + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define TRUE 1 +#define FALSE 0 + +#endif /* __STD_DEFINES__ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/std-includes.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,45 @@ +/* RFCNB Standard includes ... */ +/* + * + * RFCNB Standard Includes + * + * Copyright (C) 1996, Richard Sharpe + * + * One day we will conditionalize these on OS types ... */ + +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#define BOOL int +typedef short int16; + +#include +#include +#include +#include +#include +#include +#include +#include + +#define TRUE 1 +#define FALSE 0 + +/* Pick up define for INADDR_NONE */ + +#ifndef INADDR_NONE +#define INADDR_NONE -1 +#endif --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/valid.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,105 @@ +#include +#include +#include +#include "smblib-priv.h" +#include "valid.h" + +SMB_Handle_Type SMB_Connect_Server(void *, char *, char *); + +int +Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN) +{ + int pass_is_precrypted_p = 0; + char *SMB_Prots[] = + { +/* "PC NETWORK PROGRAM 1.0", */ +/* "MICROSOFT NETWORKS 1.03", */ +/* "MICROSOFT NETWORKS 3.0", */ + "LANMAN1.0", + "LM1.2X002", + "Samba", +/* "NT LM 0.12", */ +/* "NT LANMAN 1.0", */ + NULL}; + SMB_Handle_Type con; + + SMB_Init(); + con = SMB_Connect_Server(NULL, SERVER, DOMAIN); + if (con == NULL) { /* Error ... */ + con = SMB_Connect_Server(NULL, BACKUP, DOMAIN); + if (con == NULL) { + return (NTV_SERVER_ERROR); + } + } + if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */ + SMB_Discon(con, 0); + return (NTV_PROTOCOL_ERROR); + } + /* Test for a server in share level mode do not authenticate against it */ + if (con->Security == 0) { + SMB_Discon(con, 0); + return (NTV_PROTOCOL_ERROR); + } + if (SMB_Logon_Server(con, USERNAME, PASSWORD, DOMAIN, pass_is_precrypted_p) < 0) { + SMB_Discon(con, 0); + return (NTV_LOGON_ERROR); + } + SMB_Discon(con, 0); + return (NTV_NO_ERROR); +} + +void * +NTLM_Connect(char *SERVER, char *BACKUP, char *DOMAIN, char *nonce) +{ + char *SMB_Prots[] = + { +/* "PC NETWORK PROGRAM 1.0", */ +/* "MICROSOFT NETWORKS 1.03", */ +/* "MICROSOFT NETWORKS 3.0", */ + "LANMAN1.0", + "LM1.2X002", + "Samba", +/* "NT LM 0.12", */ +/* "NT LANMAN 1.0", */ + NULL}; + SMB_Handle_Type con; + + SMB_Init(); + con = SMB_Connect_Server(NULL, SERVER, DOMAIN); + if (con == NULL) { /* Error ... */ + con = SMB_Connect_Server(NULL, BACKUP, DOMAIN); + if (con == NULL) { + return (NULL); + } + } + if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */ + SMB_Discon(con, 0); + return (NULL); + } + /* Test for a server in share level mode do not authenticate against it */ + if (con->Security == 0) { + SMB_Discon(con, 0); + return (NULL); + } + memcpy(nonce, con->Encrypt_Key, 8); + + return (con); +} + +int +NTLM_Auth(void *handle, char *USERNAME, char *PASSWORD, int flag) +{ + SMB_Handle_Type con = handle; + + if (SMB_Logon_Server(con, USERNAME, PASSWORD, NULL, flag) < 0) { + return (NTV_LOGON_ERROR); + } + return (NTV_NO_ERROR); +} + +void +NTLM_Disconnect(void *handle) +{ + SMB_Handle_Type con = handle; + SMB_Discon(con, 0); +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/NTLMSSP/smbval/valid.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,15 @@ +#ifndef _VALID_H_ +#define _VALID_H_ +/* SMB User verification function */ + +#define NTV_NO_ERROR 0 +#define NTV_SERVER_ERROR 1 +#define NTV_PROTOCOL_ERROR 2 +#define NTV_LOGON_ERROR 3 + +int Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN); +void *NTLM_Connect(char *SERVER, char *BACKUP, char *DOMAIN, char *nonce); +int NTLM_Auth(void *handle, char *USERNAME, char *PASSWORD, int flag); +void NTLM_Disconnect(void *handle); + +#endif --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/fakeauth/Makefile.in Wed Feb 14 00:48:20 2007 @@ -0,0 +1,80 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id$ +# +# Uncomment and customize the following to suit your needs: +# + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +# Gotta love the DOS legacy +# +FAKEAUTH_AUTH_EXE = fakeauth_auth$(exec_suffix) + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +CRYPTLIB = @CRYPTLIB@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +MV = @MV@ +RM = @RM@ +SHELL = /bin/sh + + +INCLUDE = -I. -I../../../../../include -I$(top_srcdir)/include +CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) +AUTH_LIBS = -L../../../../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) + +PROGS = $(FAKEAUTH_AUTH_EXE) +OBJS = fakeauth_auth.o + +all: $(FAKEAUTH_AUTH_EXE) + +$(OBJS): $(top_srcdir)/include/version.h + +$(FAKEAUTH_AUTH_EXE): $(OBJS) + $(CC) $(LDFLAGS) $(OBJS) -o $@ $(AUTH_LIBS) + +install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ + mkdir $(prefix); \ + fi + -@if test ! -d $(bindir); then \ + echo "mkdir $(bindir)"; \ + mkdir $(bindir); \ + fi + +install: all install-mkdirs + @for f in $(PROGS); do \ + if test -f $(bindir)/$$f; then \ + echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(bindir); \ + $(INSTALL_BIN) $$f $(bindir); \ + if test -f $(bindir)/-$$f; then \ + echo $(RM) -f $(bindir)/-$$f; \ + $(RM) -f $(bindir)/-$$f; \ + fi; \ + done + +clean: + -rm -rf *.o *pure_* core $(PROGS) + +distclean: clean + -rm -f Makefile + +depend: + $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/fakeauth/fakeauth_auth.c Wed Feb 14 00:48:20 2007 @@ -0,0 +1,310 @@ +/* + * + * AUTHOR: Robert Collins + * + * Example ntlm authentication program for Squid, based on the + * original proxy_auth code from client_side.c, written by + * Jon Thackray . and the inital ntlm code + * Andy Doran. + * + * This code gets the username and returns it. No validation is done. + * and by the way: it is a complete patch-up. Use the "real thing" NTLMSSP + * if you can. + */ + +#include "config.h" + +#include "ntlm.h" +#include "util.h" +#include + +#if HAVE_STDIO_H +#include +#endif +#if HAVE_STDLIB_H +#include +#endif +#if HAVE_UNISTD_H +#include +#endif +#if HAVE_STRING_H +#include +#endif +#if HAVE_CRYPT_H +#include +#endif +#if HAVE_PWD_H +#include +#endif + + +#define ERR "ERR\n" +#define OK "OK\n" + +#if 0 +#define NTLM_STATIC_CHALLENGE "deadbeef" +#endif +static char *authenticate_ntlm_domain = "LIFELESSWKS"; + +/* NTLM authentication by ad@netbsd.org - 07/1999 */ +/* XXX this is not done cleanly... */ + +/* makes a null-terminated string lower-case. Changes CONTENTS! */ +static void +lc(char *string) +{ + char *p = string, c; + while ((c = *p)) { + *p = tolower(c); + p++; + } +} + + +/* + * Generates a challenge request. The randomness of the 8 byte + * challenge strings can be guarenteed to be poor at best. + */ +void +ntlmMakeChallenge(struct ntlm_challenge *chal) +{ +#ifndef NTLM_STATIC_CHALLENGE + static unsigned hash; + int r; +#endif + char *d; + int i; + + memset(chal, 0, sizeof(*chal)); + memcpy(chal->hdr.signature, "NTLMSSP", 8); + chal->flags = WSWAP(0x00018206); + chal->hdr.type = WSWAP(NTLM_CHALLENGE); + chal->unknown[6] = SSWAP(0x003a); + + d = (char *) chal + 48; + i = 0; + + if (authenticate_ntlm_domain != NULL) + while (authenticate_ntlm_domain[i++]); + + + chal->target.offset = WSWAP(48); + chal->target.maxlen = SSWAP(i); + chal->target.len = chal->target.maxlen; + +#ifdef NTLM_STATIC_CHALLENGE + memcpy(chal->challenge, NTLM_STATIC_CHALLENGE, 8); +#else + r = (int) rand(); + r = (hash ^ r) + r; + + for (i = 0; i < 8; i++) { + chal->challenge[i] = r; + r = (r >> 2) ^ r; + } + + hash = r; +#endif +} + +/* + * Check the vailidity of a request header. Return -1 on error. + */ +int +ntlmCheckHeader(struct ntlmhdr *hdr, int type) +{ + /* + * Must be the correct security package and request type. The + * 8 bytes compared includes the ASCII 'NUL'. + */ + if (memcmp(hdr->signature, "NTLMSSP", 8) != 0) { + fprintf(stderr, "ntlmCheckHeader: bad header signature\n"); + return (-1); + } + if (type == NTLM_ANY) + return 0; + + if (WSWAP(hdr->type) != type) { +/* don't report this error - it's ok as we do a if() around this function */ +// fprintf(stderr, "ntlmCheckHeader: type is %d, wanted %d\n", + // WSWAP(hdr->type), type); + return (-1); + } + return (0); +} + +/* + * Extract a string from an NTLM request and return as ASCII. + */ +char * +ntlmGetString(ntlmhdr * hdr, strhdr * str, int flags) +{ + static char buf[512]; + u_short *s, c; + char *d, *sc; + int l, o; + + l = SSWAP(str->len); + o = WSWAP(str->offset); + + /* Sanity checks. XXX values arbitrarialy chosen */ + if (l <= 0 || l >= 32 || o >= 256) { + fprintf(stderr, "ntlmGetString: insane: l:%d o:%d\n", l, o); + return (NULL); + } + if ((flags & 2) == 0) { + /* UNICODE string */ + s = (u_short *) ((char *) hdr + o); + d = buf; + + for (l >>= 1; l; s++, l--) { + c = SSWAP(*s); + if (c > 254 || c == '\0' || !isprint(c)) { + fprintf(stderr, "ntlmGetString: bad uni: %04x\n", c); + return (NULL); + } + *d++ = c; + fprintf(stderr, "ntlmGetString: conv: '%c'\n", c); + } + + *d = 0; + } else { + /* ASCII string */ + sc = (char *) hdr + o; + d = buf; + + for (; l; l--) { + if (*sc == '\0' || !isprint(*sc)) { + fprintf(stderr, "ntlmGetString: bad ascii: %04x\n", *sc); + return (NULL); + } + *d++ = *sc++; + } + + *d = 0; + } + + return (buf); +} + +/* + * Decode the strings in an NTLM authentication request + */ +int +ntlmDecodeAuth(struct ntlm_authenticate *auth, char *buf, size_t size) +{ + char *p, *origbuf; + int s; + + if (!buf) { + return 1; + } + origbuf = buf; + if (ntlmCheckHeader(&auth->hdr, NTLM_AUTHENTICATE)) { + + fprintf(stderr, "ntlmDecodeAuth: header check fails\n"); + return -1; + } +/* only on when you need to debug + * fprintf(stderr,"ntlmDecodeAuth: size of %d\n", size); + * fprintf(stderr,"ntlmDecodeAuth: flg %08x\n", auth->flags); + * fprintf(stderr,"ntlmDecodeAuth: usr o(%d) l(%d)\n", auth->user.offset, auth->user.len); + */ + if ((p = ntlmGetString(&auth->hdr, &auth->domain, 2)) == NULL) + p = authenticate_ntlm_domain; +// fprintf(stderr,"ntlmDecodeAuth: Domain '%s'.\n",p); + if ((s = strlen(p) + 1) >= size) + return 1; + strcpy(buf, p); +// fprintf(stdout,"ntlmDecodeAuth: Domain '%s'.\n",buf); + + size -= s; + buf += (s - 1); + *buf++ = '\\'; /* Using \ is more consistent with MS-proxy */ + + p = ntlmGetString(&auth->hdr, &auth->user, 2); + if ((s = strlen(p) + 1) >= size) + return 1; + while (*p) + *buf++ = (*p++); //tolower + + *buf++ = '\0'; + size -= s; +// fprintf(stderr, "ntlmDecodeAuth: user: %s%s\n",origbuf, p); + + + return 0; +} + + +int +main() +{ + char buf[256]; + char user[256], *p, *cleartext; + struct ntlm_challenge chal; + int len; + char *data = NULL; + + setbuf(stdout, NULL); + while (fgets(buf, 256, stdin) != NULL) { + user[0] = '\0'; /*no usercode */ + + if ((p = strchr(buf, '\n')) != NULL) + *p = '\0'; /* strip \n */ +#if defined(NTLMHELPPROTOCOLV3) || !defined(NTLMHELPPROTOCOLV2) + if (strncasecmp(buf, "YR", 2) == 0) { + ntlmMakeChallenge(&chal); + len = + sizeof(chal) - sizeof(chal.pad) + + SSWAP(chal.target.maxlen); + data = (char *) base64_encode_bin((char *) &chal, len); + printf("TT %s\n", data); + } else if (strncasecmp(buf, "KK ", 3) == 0) { + cleartext = (char *) uudecode(buf + 3); + if (!ntlmCheckHeader((struct ntlmhdr *) cleartext, NTLM_AUTHENTICATE)) { + if (!ntlmDecodeAuth((struct ntlm_authenticate *) cleartext, user, 256)) { + lc(user); + printf("AF %s\n", user); + } else { + lc(user); + printf("NA invalid credentials%s\n", user); + } + } else { + lc(user); + printf("BH wrong packet type!%s\n", user); + } + } +#endif +#ifdef NTLMHELPPROTOCOLV2 +/* V2 of the protocol */ + if (strncasecmp(buf, "RESET", 5) == 0) { + printf("RESET OK\n"); + } else { + cleartext = (char *) uudecode(buf); + if (!ntlmCheckHeader((struct ntlmhdr *) cleartext, NTLM_NEGOTIATE)) { + ntlmMakeChallenge(&chal); + len = + sizeof(chal) - sizeof(chal.pad) + + SSWAP(chal.target.maxlen); + data = (char *) base64_encode_bin((char *) &chal, len); + printf("CH %s\n", data); + } else if (!ntlmCheckHeader + ((struct ntlmhdr *) cleartext, NTLM_AUTHENTICATE)) { + if (!ntlmDecodeAuth + ((struct ntlm_authenticate *) cleartext, user, 256)) { + lc(user); + printf("OK %s\n", user); + } else { + lc(user); + printf("ERR %s\n", user); + } + } else { + lc(user); + printf("ERR %s\n", user); + } + } +#endif /*v2 */ + } + exit(0); +} --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/fakeauth/ntlm.h Wed Feb 14 00:48:20 2007 @@ -0,0 +1,105 @@ +/* + * $Id$ + * + * AUTHOR: Andy Doran + * + * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ + * -------------------------------------------------------- + * + * Squid is the result of efforts by numerous individuals from the + * Internet community. Development is led by Duane Wessels of the + * National Laboratory for Applied Network Research and funded by + * the National Science Foundation. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + * + */ + +#ifndef _NTLM_H_ +#define _NTLM_H_ + +/* undefine this to have strict protocol adherence. You don't really need + * that though */ +#define IGNORANCE_IS_BLISS + +#include + +/* All of this cruft is little endian */ +#ifdef WORDS_BIGENDIAN +#define SSWAP(x) (bswap16((x))) +#define WSWAP(x) (bswap32((x))) +#else +#define SSWAP(x) (x) +#define WSWAP(x) (x) +#endif + +/* NTLM request types that we know about */ +#define NTLM_NEGOTIATE 1 +#define NTLM_CHALLENGE 2 +#define NTLM_AUTHENTICATE 3 +#define NTLM_ANY 0 + +/* Header proceeding each request */ +typedef struct ntlmhdr { + char signature[8]; /* NTLMSSP */ + int32_t type; /* One of NTLM_* from above */ +} ntlmhdr; + +/* String header. String data resides at the end of the request */ +typedef struct strhdr { + int16_t len; /* Length in bytes */ + int16_t maxlen; /* Allocated space in bytes */ + int32_t offset; /* Offset from start of request */ +} strhdr; + +/* Negotiation request sent by client */ +struct ntlm_negotiate { + ntlmhdr hdr; /* NTLM header */ + int32_t flags; /* Request flags */ + strhdr domain; /* Domain we wish to authenticate in */ + strhdr workstation; /* Client workstation name */ + char pad[256]; /* String data */ +}; + +/* Challenge request sent by server. */ +struct ntlm_challenge { + ntlmhdr hdr; /* NTLM header */ + strhdr target; /* Authentication target (domain/server ...) */ + int32_t flags; /* Request flags */ + u_char challenge[8]; /* Challenge string */ + int16_t unknown[8]; /* Some sort of context data */ + char pad[256]; /* String data */ +}; + +/* Authentication request sent by client in response to challenge */ +struct ntlm_authenticate { + ntlmhdr hdr; /* NTLM header */ + strhdr lmresponse; /* LANMAN challenge response */ + strhdr ntresponse; /* NT challenge response */ + strhdr domain; /* Domain to authenticate against */ + strhdr user; /* Username */ + strhdr workstation; /* Workstation name */ + strhdr sessionkey; /* Session key for server's use */ + int32_t flags; /* Request flags */ + char pad[256 * 6]; /* String data */ +}; + +char *ntlmGetString(ntlmhdr * hdr, strhdr * str, int flags); +void ntlmMakeChallenge(struct ntlm_challenge *chal); +int ntlmCheckHeader(struct ntlmhdr *hdr, int type); +int ntlmCheckNegotiation(struct ntlm_negotiate *neg); +int ntlmAuthenticate(struct ntlm_authenticate *neg); + +#endif /* _NTLM_H_ */ --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/no_check/Makefile.in Wed Feb 14 00:48:20 2007 @@ -0,0 +1,80 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id$ +# +# Uncomment and customize the following to suit your needs: +# + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +exec_suffix = @exec_suffix@ +top_srcdir = @top_srcdir@ +bindir = @bindir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +# Gotta love the DOS legacy +# +NO_CHECK = no_check + +CC = @CC@ +MAKEDEPEND = @MAKEDEPEND@ +INSTALL = @INSTALL@ +INSTALL_BIN = @INSTALL_PROGRAM@ +CRYPTLIB = @CRYPTLIB@ +AC_CFLAGS = @CFLAGS@ +LDFLAGS = @LDFLAGS@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +MV = @MV@ +RM = @RM@ +SHELL = /bin/sh + + +INCLUDE = -I. -I../../../../../include -I$(top_srcdir)/include +CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES) +AUTH_LIBS = -L../../../../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) + +PROGS = $(NO_CHECK).pl +OBJS = $(NO_CHECK) + +all: $(PROGS) + +#$(OBJS): + +$(NO_CHECK).pl: $(OBJS) + cp $(srcdir)/$(NO_CHECK) ./$(NO_CHECK).pl + +install-mkdirs: + -@if test ! -d $(prefix); then \ + echo "mkdir $(prefix)"; \ + mkdir $(prefix); \ + fi + -@if test ! -d $(bindir); then \ + echo "mkdir $(bindir)"; \ + mkdir $(bindir); \ + fi + +install: all install-mkdirs + @for f in $(PROGS); do \ + if test -f $(bindir)/$$f; then \ + echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + $(MV) $(bindir)/$$f $(bindir)/-$$f; \ + fi; \ + echo $(INSTALL_BIN) $$f $(bindir); \ + $(INSTALL_BIN) $$f $(bindir); \ + if test -f $(bindir)/-$$f; then \ + echo $(RM) -f $(bindir)/-$$f; \ + $(RM) -f $(bindir)/-$$f; \ + fi; \ + done + +clean: + -rm -rf *.o *pure_* core $(PROGS) + +distclean: clean + -rm -f Makefile + +depend: + $(MAKEDEPEND) -I../include -I. -fMakefile *.c --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/no_check/README.no_check_ntlm_auth Wed Feb 14 00:48:20 2007 @@ -0,0 +1,10 @@ +This is a dummy NTLM authentication module for Squid. +It performs the NTLM challenge, but then it doesn't verify the +user's credentials, it just takes the client's domain and username +at face value. +It's included mostly for demonstration purposes. + +(C) 2000 Francesco Chemolli +Distributed freely under the terms of the GNU General Public License, +version 2. For the licensing terms, see the file COPYING that +came with Squid. --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/ntlm/helpers/no_check/no_check Wed Feb 14 00:48:20 2007 @@ -0,0 +1,210 @@ +#!/usr/bin/perl +# (C) 2000 Francesco Chemolli +# +# TODO: use command-line arguments + +#use MIME::Base64; + +$|=1; +#$authdomain="your_domain_goes_here"; +$challenge="deadbeef"; + +$authdomain=$ARGV[0] if ($#ARGV >=0); + +die ("Edit $0 to configure a domain!") unless (defined($authdomain)); + +while() { + chop; + if ($_ eq "YR") { + print "TT ".encode_base64(&make_ntlm_static_challenge); + next; + } + $got=substr($_,3); + %res=decode_ntlm_any(decode_base64($got)); +# print STDERR "got: ".hash_to_string(%res); + if (!res) { # broken NTLM, deny + print "BH Couldn't decode NTLM packet\n"; + next; + } + if ($res{type} eq "negotiate") { # ok, send a challenge + print "BH Squid-helper protocol error: unexpected negotiate-request\n"; + next; + } + if ($res{type} eq "challenge") { # Huh? WE are the challengers. + print "BH Squid-helper protocol error: unexpected challenge-request\n"; + next; + } + if ($res{type} eq "authentication") { + print "AF $res{domain}\\$res{user}\n"; + next; + } + print "BH internal error\n"; # internal error +} + + +sub make_ntlm_static_challenge { + $rv = pack ("a8 V", "NTLMSSP", 0x2); + $payload = ""; + + $rv .= add_to_data(uc($authdomain),\$payload); + $rv .= pack ("V Z8 v8", 0x18206, $challenge,0,0,0,0,0,0,0x3a,0); + #flags, challenge, 8 bytes of unknown stuff + + return $rv.$payload; +} + +#gets as argument the decoded authenticate packet. +#returns either undef (failure to decode) or an hash with the decoded +# fields. +sub decode_ntlm_authentication { + my ($got)=$_[0]; + my ($signature, $type, %rv, $hdr, $rest); + ($signature, $type, $rest) = unpack ("a8 V a*",$got); + return unless ($signature eq "NTLMSSP\0"); + return unless ($type == 0x3); + $rv{type}="authentication"; + ($hdr, $rest) = unpack ("a8 a*", $rest); + $rv{lmresponse}=get_from_data($hdr,$got); + ($hdr, $rest) = unpack ("a8 a*", $rest); + $rv{ntresponse}=get_from_data($hdr,$got); + ($hdr, $rest) = unpack ("a8 a*", $rest); + $rv{domain}=get_from_data($hdr,$got); + ($hdr, $rest) = unpack ("a8 a*", $rest); + $rv{user}=get_from_data($hdr,$got); + ($hdr, $rest) = unpack ("a8 a*", $rest); + $rv{workstation}=get_from_data($hdr,$got); + ($hdr, $rest) = unpack ("a8 a*", $rest); + $rv{sessionkey}=get_from_data($hdr,$got); + $rv{flags}=unpack("V",$rest); + return %rv; +} + +#args: len, maxlen, offset +sub make_ntlm_hdr { + return pack ("v v V", @_); +} + +#args: string to add, ref to payload +# returns ntlm header. +sub add_to_data { + my ($toadd, $pl) = @_; + my ($offset); +# $toadd.='\0' unless ($toadd[-1]=='\0'); #broken + $offset=48+length $pl; #48 is the length of the header + $$pl.=$toadd; + return make_ntlm_hdr (length $toadd, length $toadd, $offset); +} + +#args: encoded descriptor, entire decoded packet +# returns the decoded data +sub get_from_data { + my($desc,$packet) = @_; + my($offset,$length, $rv); + ($length, undef, $offset) = unpack ("v v V", $desc); + return unless ($length+$offset <= length $packet); + $rv = unpack ("x$offset a$length",$packet); + return $rv; +} + +sub hash_to_string { + my (%hash) = @_; + my ($rv); + foreach (sort keys %hash) { + $rv.=$_." => ".$hash{$_}."\n"; + } + return $rv; +} + + +#more decoder functions, added more for debugging purposes +#than for any real use in the application. +#args: the base64-decoded packet +#returns: either undef or an hash describing the packet. +sub decode_ntlm_negotiate { + my($got)=$_[0]; + my($signature, $type, %rv, $hdr, $rest); + ($signature, $type, $rest) = unpack ("a8 V a*",$got); + return unless ($signature eq "NTLMSSP\0"); + return unless ($type == 0x1); + $rv{type}="negotiate"; + ($rv{flags}, $rest)=unpack("V a*",$rest); + ($hdr, $rest) = unpack ("a8 a*", $rest); + $rv{domain}=get_from_data($hdr,$got); + ($hdr, $rest) = unpack ("a8 a*", $rest); + $rv{workstation}=get_from_data($hdr,$got); + return %rv; +} + +sub decode_ntlm_challenge { + my($got)=$_[0]; + my($signature, $type, %rv, $hdr, $rest, $j); + ($signature, $type, $rest) = unpack ("a8 V a*",$got); + return unless ($signature eq "NTLMSSP\0"); + return unless ($type == 0x2); + $rv{type}="challenge"; + ($rv{flags}, $rest)=unpack("V a*",$rest); + ($rv{challenge}, $rest)=unpack("a8 a*",$rest); + for ($j=0;$j<8;$j++) { # don't shoot on the programmer, please. + ($rv{"context.$j"},$rest)=unpack("v a*",$rest); + } + return %rv; +} + +#decodes any NTLMSSP packet. +#arg: the encoded packet, returns an hash with packet info +sub decode_ntlm_any { + my($got)=$_[0]; + my ($signature, $type); + ($signature, $type, undef) = unpack ("a8 V a*",$got); + return unless ($signature eq "NTLMSSP\0"); + return decode_ntlm_negotiate($got) if ($type == 1); + return decode_ntlm_challenge($got) if ($type == 2); + return decode_ntlm_authentication($got) if ($type == 3); + return undef; # default +} + + +use integer; + +sub encode_base64 ($;$) +{ + my $res = ""; + my $eol = $_[1]; + $eol = "\n" unless defined $eol; + pos($_[0]) = 0; # ensure start at the beginning + while ($_[0] =~ /(.{1,45})/gs) { + $res .= substr(pack('u', $1), 1); + chop($res); + } + $res =~ tr|` -_|AA-Za-z0-9+/|; # `# help emacs + # fix padding at the end + my $padding = (3 - length($_[0]) % 3) % 3; + $res =~ s/.{$padding}$/'=' x $padding/e if $padding; + # break encoded string into lines of no more than 76 characters each + if (length $eol) { + $res =~ s/(.{1,76})/$1$eol/g; + } + $res; +} + + +sub decode_base64 ($) +{ + local($^W) = 0; # unpack("u",...) gives bogus warning in 5.00[123] + + my $str = shift; + my $res = ""; + + $str =~ tr|A-Za-z0-9+=/||cd; # remove non-base64 chars + if (length($str) % 4) { + require Carp; + Carp::carp("Length of base64 data not a multiple of 4") + } + $str =~ s/=+$//; # remove padding + $str =~ tr|A-Za-z0-9+/| -_|; # convert to uuencoded format + while ($str =~ /(.{1,60})/gs) { + my $len = chr(32 + length($1)*3/4); # compute length byte + $res .= unpack("u", $len . $1 ); # uudecode + } + $res; +}