--------------------- PatchSet 4629 Date: 2002/08/11 15:57:25 Author: serassio Branch: cygwin-svc-2_5 Tag: (none) Log: Synced with nt-2_5 work Members: helpers/basic_auth/win32_locallogon/NT_auth.c:1.1.8.1->1.1.8.2 helpers/external_acl/win32_group/win32_check_group.c:1.1.10.2->1.1.10.3 helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h:1.1.6.1->1.1.6.2 helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c:1.1.6.2->1.1.6.3 src/fs/ufs/store_dir_ufs.c:1.21.6.1.2.6->1.21.6.1.2.7 Index: squid/helpers/basic_auth/win32_locallogon/NT_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid/helpers/basic_auth/win32_locallogon/Attic/NT_auth.c,v retrieving revision 1.1.8.1 retrieving revision 1.1.8.2 diff -u -r1.1.8.1 -r1.1.8.2 --- squid/helpers/basic_auth/win32_locallogon/NT_auth.c 15 Jul 2002 11:25:27 -0000 1.1.8.1 +++ squid/helpers/basic_auth/win32_locallogon/NT_auth.c 11 Aug 2002 15:57:25 -0000 1.1.8.2 @@ -52,9 +52,10 @@ { fprintf(stderr, "%s usage:\n%s [-a UserGroup] [-d UserGroup] [-D DefaultDomain] \n" - "-a can specify a Windows Local Group name allowed to authenticate.\n" - "-d can specify a Windows Local Group name not allowed to authenticate.\n", - "-D can specify the default Domain against to authenticate.\n\n", + "-a can specify a Windows Local Group name allowed to authenticate\n" + "-d can specify a Windows Local Group name not allowed to authenticate\n" + "-D can specify the default Domain against to authenticate\n" + "-h this message\n\n", my_program_name, my_program_name); } @@ -62,7 +63,7 @@ process_options(int argc, char *argv[]) { int opt, had_error = 0; - while (-1 != (opt = getopt(argc, argv, "a:d:D:"))) { + while (-1 != (opt = getopt(argc, argv, "ha:d:D:"))) { switch (opt) { case 'a': safe_free(NTAllowedGroup); @@ -77,8 +78,14 @@ case 'D': strcpy(Default_NTDomain, optarg); break; + case 'h': + usage(argv[0]); + exit(0); + case '?': + opt = optopt; + /* fall thru to default */ default: - fprintf(stderr, "unknown option: -%c. Exiting\n", opt); + fprintf(stderr, "Unknown option: -%c. Exiting\n", opt); had_error = 1; } } @@ -100,6 +107,7 @@ char username[256]; char password[256]; char *p; + int err = 0; my_program_name = argv[0]; process_options(argc, argv); @@ -118,6 +126,16 @@ /* Read whole line from standard input. Terminate on break. */ if (fgets(wstr, 255, stdin) == NULL) break; + + if (NULL == strchr(wstr, '\n')) { + err = 1; + continue; + } + if (err) { + fprintf(stderr, "Oversized message\n"); + goto error; + } + if ((p = strchr(wstr, '\n')) != NULL) *p = '\0'; /* strip \n */ if ((p = strchr(wstr, '\r')) != NULL) @@ -126,8 +144,10 @@ username[0] = '\0'; password[0] = '\0'; sscanf(wstr, "%s %s", username, password); /* Extract parameters */ + /* Check for invalid or blank entries */ if ((username[0] == '\0') || (password[0] == '\0')) { + fprintf(stderr, "Invalid Request\n"); puts("ERR"); fflush(stdout); continue; @@ -135,7 +155,9 @@ if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR) puts("OK"); else +error: puts("ERR"); + err = 0; fflush(stdout); } return 0; Index: squid/helpers/external_acl/win32_group/win32_check_group.c =================================================================== RCS file: /cvsroot/squid-sf//squid/helpers/external_acl/win32_group/Attic/win32_check_group.c,v retrieving revision 1.1.10.2 retrieving revision 1.1.10.3 diff -u -r1.1.10.2 -r1.1.10.3 --- squid/helpers/external_acl/win32_group/win32_check_group.c 16 Jul 2002 09:08:54 -0000 1.1.10.2 +++ squid/helpers/external_acl/win32_group/win32_check_group.c 11 Aug 2002 15:57:25 -0000 1.1.10.3 @@ -1,5 +1,5 @@ /* - * $Id: win32_check_group.c,v 1.1.10.2 2002/07/16 09:08:54 serassio Exp $ + * $Id: win32_check_group.c,v 1.1.10.3 2002/08/11 15:57:25 serassio Exp $ * * This is a helper for the external ACL interface for Squid Cache * Copyright (C) 2002 Guido Serassio @@ -395,13 +395,23 @@ return result; } +static void +usage(char *program) +{ + fprintf(stderr,"Usage: %s [-d] [-h]\n" + " -d enable debugging\n" + " -G enable Domain Global group mode\n" + " -h this message\n", + program); +} void process_options(int argc, char *argv[]) { int opt; - while (-1 != (opt = getopt(argc, argv, "Gd"))) { + opterr = 0; + while (-1 != (opt = getopt(argc, argv, "Gdh"))) { switch (opt) { case 'G': use_global = 1; @@ -409,8 +419,15 @@ case 'd': debug_enabled = 1; break; + case 'h': + usage(argv[0]); + exit(0); + case '?': + opt = optopt; + /* fall thru to default */ default: fprintf(stderr, "%s Unknown option: -%c. Exiting\n", myname, opt); + usage(argv[0]); exit(1); break; /* not reached */ } @@ -426,6 +443,7 @@ char buf[BUFSIZE]; char *username; char *group; + int err = 0; if (argc > 0) { /* should always be true */ myname=strrchr(argv[0],'/'); @@ -456,6 +474,14 @@ /* Main Loop */ while (fgets (buf, BUFSIZE, stdin)) { + if (NULL == strchr(buf, '\n')) { + err = 1; + continue; + } + if (err) { + fprintf(stderr, "Oversized message\n"); + goto error; + } if ((p = strchr(buf, '\n')) != NULL) *p = '\0'; /* strip \n */ @@ -464,14 +490,21 @@ debug("Got '%s' from Squid (length: %d).\n",buf,sizeof(buf)); + if (buf[0] == '\0') { + fprintf(stderr, "Invalid Request\n"); + goto error; + } + username = strwordtok(buf, &t); group = strwordtok(NULL, &t); if ((use_global ? Valid_Global_Group(username, group) : Valid_Local_Group(username, group))) { printf ("OK\n"); } else { +error: printf ("ERR\n"); } + err = 0; } return 0; } Index: squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h =================================================================== RCS file: /cvsroot/squid-sf//squid/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/ntlm.h,v retrieving revision 1.1.6.1 retrieving revision 1.1.6.2 diff -u -r1.1.6.1 -r1.1.6.2 --- squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h 16 Jul 2002 09:07:00 -0000 1.1.6.1 +++ squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h 11 Aug 2002 15:57:25 -0000 1.1.6.2 @@ -29,17 +29,9 @@ /* * define this if you want debugging */ -#ifdef _SQUID_MSWIN_ -#ifdef _DEBUG -#define DEBUG -#endif -#else #ifndef DEBUG #define DEBUG #endif -#endif - -#define DEAD_DC_RETRY_INTERVAL 30 /************* END CONFIGURATION ***************/ Index: squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/ntlm_auth.c,v retrieving revision 1.1.6.2 retrieving revision 1.1.6.3 diff -u -r1.1.6.2 -r1.1.6.3 --- squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c 16 Jul 2002 12:06:49 -0000 1.1.6.2 +++ squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c 11 Aug 2002 15:57:25 -0000 1.1.6.3 @@ -1,5 +1,5 @@ /* - * $Id: ntlm_auth.c,v 1.1.6.2 2002/07/16 12:06:49 serassio Exp $ + * $Id: ntlm_auth.c,v 1.1.6.3 2002/08/11 15:57:25 serassio Exp $ * * This is a helper for NTLM Authentication for Squid Cache * Copyright (C) 2002 Guido Serassio @@ -65,6 +65,11 @@ } } +void +helperfail(const char *reason) +{ + SEND2("BH %s", reason); +} void send_bh_or_ld(char *bhmessage, ntlm_authenticate * failedauth, int authlen) @@ -102,16 +107,17 @@ { fprintf(stderr, #ifdef NTLM_FAIL_OPEN - "%s usage:\n%s [-v] [-a UserGroup] [-d UserGroup] [-l]\n" + "%s usage:\n%s [-v] [-a UserGroup] [-d UserGroup] [-l] [-h]\n" #else - "%s usage:\n%s [-v] [-a UserGroup] [-d UserGroup]\n" + "%s usage:\n%s [-v] [-a UserGroup] [-d UserGroup] [-h]\n" #endif - "-v enables verbose debugging statements if DEBUG was defined at build-time.\n" + "-v enables verbose debugging statements was defined at build-time.\n" #ifdef NTLM_FAIL_OPEN - "-l if specified, changes behavior on failures to last-ditch.\n" + "-l if specified, changes behavior on failures to last-ditch\n" #endif - "-a can specify a Windows Local Group name allowed to authenticate.\n" - "-d can specify a Windows Local Group name not allowed to authenticate.\n\n", + "-a specify a Windows Local Group name allowed to authenticate\n" + "-d specify a Windows Local Group name not allowed to authenticate\n" + "-h this message\n\n", my_program_name, my_program_name); } @@ -120,10 +126,12 @@ process_options(int argc, char *argv[]) { int opt, had_error = 0; + + opterr =0; #ifdef NTLM_FAIL_OPEN - while (-1 != (opt = getopt(argc, argv, "vla:d:"))) { + while (-1 != (opt = getopt(argc, argv, "hvla:d:"))) { #else - while (-1 != (opt = getopt(argc, argv, "va:d:"))) { + while (-1 != (opt = getopt(argc, argv, "hva:d:"))) { #endif switch (opt) { case 'a': @@ -144,6 +152,12 @@ case 'v': debug_enabled=1; break; + case 'h': + usage(); + exit(0); + case '?': + opt = optopt; + /* fall thru to default */ default: fprintf(stderr, "unknown option: -%c. Exiting\n", opt); usage(); @@ -179,23 +193,37 @@ { ntlmhdr *fast_header; char buf[BUFFER_SIZE]; - const char *ch; - char *ch2, *decoded, *cred; + char *c, *decoded, *cred; int plen; + int oversized = 0; +try_again: if (fgets(buf, BUFFER_SIZE, stdin) == NULL) { debug("fgets() failed! dying..... errno=%d (%s)\n", errno, strerror(errno)); exit(1); /* BIIG buffer */ } - debug("managing request\n"); - ch2 = memchr(buf, '\n', BUFFER_SIZE); /* safer against overrun than strchr */ - if (ch2) { - *ch2 = '\0'; /* terminate the string at newline. */ - ch = ch2; + c = memchr(buf, '\n', BUFFER_SIZE); /* safer against overrun than strchr */ + if (c) { + if (oversized) { + helperfail("illegal request received"); + fprintf(stderr, "Illegal request received: '%s'\n", buf); + return; + } + *c = '\0'; + } else { + fprintf(stderr, "No newline in '%s'\n", buf); + oversized = 1; + goto try_again; } - debug("ntlm authenticator. Got '%s' from Squid\n", buf); + debug("Got '%s' from Squid\n", buf); + + if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ + c = (char *) obtain_challenge(); + SEND2("TT %s", c); + return; + } if (memcmp(buf, "KK ", 3) == 0) { /* authenticate-request */ /* figure out what we got */ decoded = base64_decode(buf + 3); @@ -249,17 +277,16 @@ SEND2("AF %s", cred); return; default: - SEND("BH unknown authentication packet type"); + helperfail("unknown authentication packet type"); return; } return; - } - if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ - ch = obtain_challenge(); - SEND2("TT %s", ch); + } else { /* not an auth-request */ + helperfail("illegal request received"); + fprintf(stderr, "Illegal request received: '%s'\n", buf); return; } - SEND("BH Helper detected protocol error"); + helperfail("detected protocol error"); return; /********* END ********/ } Index: squid/src/fs/ufs/store_dir_ufs.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/fs/ufs/store_dir_ufs.c,v retrieving revision 1.21.6.1.2.6 retrieving revision 1.21.6.1.2.7 diff -u -r1.21.6.1.2.6 -r1.21.6.1.2.7 --- squid/src/fs/ufs/store_dir_ufs.c 22 Jul 2002 09:14:33 -0000 1.21.6.1.2.6 +++ squid/src/fs/ufs/store_dir_ufs.c 11 Aug 2002 15:57:26 -0000 1.21.6.1.2.7 @@ -466,9 +466,9 @@ tmpe.hash.key = key; /* check sizes */ if (tmpe.swap_file_sz == 0) { - tmpe.swap_file_sz = sb.st_size; + tmpe.swap_file_sz = (size_t) sb.st_size; } else if (tmpe.swap_file_sz == sb.st_size - swap_hdr_len) { - tmpe.swap_file_sz = sb.st_size; + tmpe.swap_file_sz = (size_t) sb.st_size; } else if (tmpe.swap_file_sz != sb.st_size) { debug(47, 1) ("storeUfsDirRebuildFromDirectory: SIZE MISMATCH %ld!=%ld\n", (long int) tmpe.swap_file_sz, (long int) sb.st_size); @@ -910,14 +910,11 @@ } ufsinfo->swaplog_fd = fd; /* open a read-only stream of the old log */ - fp = fopen(swaplog_path, "r"); + fp = fopen(swaplog_path, "rb"); if (fp == NULL) { debug(50, 0) ("%s: %s\n", swaplog_path, xstrerror()); fatal("Failed to open swap log for reading"); } -#if defined(_SQUID_MSWIN_) || defined(_SQUID_CYGWIN_) - setmode(fileno(fp), O_BINARY); -#endif memset(&clean_sb, '\0', sizeof(struct stat)); if (stat(clean_path, &clean_sb) < 0) *clean_flag = 0; @@ -1063,7 +1060,7 @@ fd = state->fd; /* rename */ if (state->fd >= 0) { -#if defined(_SQUID_OS2_) || defined (_SQUID_CYGWIN_) || defined (_SQUID_MSWIN_) +#if defined(_SQUID_OS2_) || defined(_SQUID_CYGWIN_) || defined(_SQUID_MSWIN_) file_close(state->fd); state->fd = -1; if (unlink(state->cur) < 0)