---------------------
PatchSet 7028 
Date: 2005/09/13 15:44:27
Author: serassio
Branch: nt-2_5
Tag: (none) 
Log:
Updated native Windows basic authenticator helper:
- Added debugging capabilities (-d option)
- Changed command line options
- Renamed to win32_auth

Members: 
	helpers/basic_auth/win32_locallogon/Makefile.am:1.1.4.5->1.1.4.6 
	helpers/basic_auth/win32_locallogon/NT_auth.c:1.1.4.5->1.1.4.6 
	helpers/basic_auth/win32_locallogon/README.txt:1.1.4.6->1.1.4.7 
	helpers/basic_auth/win32_locallogon/valid.c:1.1.4.5->1.1.4.6 
	helpers/basic_auth/win32_locallogon/valid.h:1.1.4.4->1.1.4.5 
	port/win32/update.cmd:1.1.2.24->1.1.2.25 

Index: squid/helpers/basic_auth/win32_locallogon/Makefile.am
===================================================================
RCS file: /cvsroot/squid-sf//squid/helpers/basic_auth/win32_locallogon/Attic/Makefile.am,v
retrieving revision 1.1.4.5
retrieving revision 1.1.4.6
diff -u -r1.1.4.5 -r1.1.4.6
--- squid/helpers/basic_auth/win32_locallogon/Makefile.am	21 Feb 2003 08:07:12 -0000	1.1.4.5
+++ squid/helpers/basic_auth/win32_locallogon/Makefile.am	13 Sep 2005 15:44:27 -0000	1.1.4.6
@@ -1,13 +1,13 @@
 #
 #  Makefile for the Squid Object Cache server
 #
-#  $Id: Makefile.am,v 1.1.4.5 2003/02/21 08:07:12 serassio Exp $
+#  $Id: Makefile.am,v 1.1.4.6 2005/09/13 15:44:27 serassio Exp $
 #
 #  Uncomment and customize the following to suit your needs:
 #
 
 
-libexec_PROGRAMS = nt_auth
+libexec_PROGRAMS = win32_auth
 
 nt_auth_SOURCES = NT_auth.c valid.c valid.h
 
Index: squid/helpers/basic_auth/win32_locallogon/NT_auth.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/helpers/basic_auth/win32_locallogon/Attic/NT_auth.c,v
retrieving revision 1.1.4.5
retrieving revision 1.1.4.6
diff -u -r1.1.4.5 -r1.1.4.6
--- squid/helpers/basic_auth/win32_locallogon/NT_auth.c	8 Jul 2005 09:23:11 -0000	1.1.4.5
+++ squid/helpers/basic_auth/win32_locallogon/NT_auth.c	13 Sep 2005 15:44:27 -0000	1.1.4.6
@@ -36,6 +36,7 @@
 char * NTDisAllowedGroup;
 int UseDisallowedGroup = 0;
 int UseAllowedGroup = 0;
+int debug_enabled = 0;
 
 /*
  * options:
@@ -49,10 +50,11 @@
 usage()
 {
     fprintf(stderr,
-	"%s usage:\n%s [-a UserGroup] [-d UserGroup] [-D DefaultDomain] \n"
-	"-a can specify a Windows Local Group name allowed to authenticate\n"
-	"-d can specify a Windows Local Group name not allowed to authenticate\n"
-	"-D can specify the default Domain against to authenticate\n"
+	"%s usage:\n%s [-A|D UserGroup][-O DefaultDomain][-d]\n"
+	"-A can specify a Windows Local Group name allowed to authenticate\n"
+	"-D can specify a Windows Local Group name not allowed to authenticate\n"
+	"-O can specify the default Domain against to authenticate\n"
+	"-d enable debugging.\n"
 	"-h this message\n\n",
 	my_program_name, my_program_name);
 }
@@ -61,21 +63,24 @@
 process_options(int argc, char *argv[])
 {
     int opt, had_error = 0;
-    while (-1 != (opt = getopt(argc, argv, "ha:d:D:"))) {
+    while (-1 != (opt = getopt(argc, argv, "dhA:D:O:"))) {
 	switch (opt) {
-	case 'a':
+	case 'A':
 	    safe_free(NTAllowedGroup);
 	    NTAllowedGroup=xstrdup(optarg);
 	    UseAllowedGroup = 1;
 	    break;
-	case 'd':
+	case 'D':
 	    safe_free(NTDisAllowedGroup);
 	    NTDisAllowedGroup=xstrdup(optarg);
 	    UseDisallowedGroup = 1;
 	    break;
-	case 'D':
+	case 'O':
 	    strncpy(Default_NTDomain, optarg, DNLEN);
 	    break;
+	case 'd':
+	    debug_enabled = 1;
+	    break;
 	case 'h':
 	    usage(argv[0]);
 	    exit(0);
@@ -110,10 +115,14 @@
     my_program_name = argv[0];
     process_options(argc, argv);
 
+    debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
+
     if (LoadSecurityDll(SSP_BASIC) == NULL) {
 	fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n");
 	exit(1);
     }
+    debug("SSPI initialized OK\n");
+
     atexit(UnloadSecurityDll);
 
         /* initialize FDescs */
@@ -143,6 +152,8 @@
 	username[0] = '\0';
 	password[0] = '\0';
 	sscanf(wstr, "%s %s", username, password);	/* Extract parameters */
+
+        debug("Got %s from Squid\n", wstr);
 	
 	/* Check for invalid or blank entries */
 	if ((username[0] == '\0') || (password[0] == '\0')) {
@@ -153,6 +164,9 @@
 	}
 	rfc1738_unescape(username);
 	rfc1738_unescape(password);
+
+        debug("Trying to validate; %s %s\n", username, password);
+
 	if (Valid_User(username, password, NTGroup) == NTV_NO_ERROR)
 	    puts("OK");
 	else
Index: squid/helpers/basic_auth/win32_locallogon/README.txt
===================================================================
RCS file: /cvsroot/squid-sf//squid/helpers/basic_auth/win32_locallogon/Attic/README.txt,v
retrieving revision 1.1.4.6
retrieving revision 1.1.4.7
diff -u -r1.1.4.6 -r1.1.4.7
--- squid/helpers/basic_auth/win32_locallogon/README.txt	28 Feb 2004 08:35:14 -0000	1.1.4.6
+++ squid/helpers/basic_auth/win32_locallogon/README.txt	13 Sep 2005 15:44:27 -0000	1.1.4.7
@@ -12,11 +12,12 @@
 Program Syntax
 ==============
 
-nt_auth [-a UserGroup] [-d UserGroup] [-D DefaultDomain]
+win32_auth [-A UserGroup][-D UserGroup][-O DefaultDomain][-d]
 
--a can specify a Windows Local Group name allowed to authenticate.
--d can specify a Windows Local Group name not allowed to authenticate.
--D can specify the default Domain against to authenticate.
+-A can specify a Windows Local Group name allowed to authenticate.
+-D can specify a Windows Local Group name not allowed to authenticate.
+-O can specify the default Domain against to authenticate.
+-d enable debugging.
 
 This is released under the GNU General Public License.
 
@@ -40,17 +41,17 @@
 
 Type 'make', then 'make install', then 'make clean'.
 
-On Cygwin the default is to install 'nt_auth' into /usr/local/squid/libexec,
+On Cygwin the default is to install 'win32_auth' into /usr/local/squid/libexec,
 with other Windows environments into c:/squid/libexec.
 
 Refer to Squid documentation for the required changes to squid.conf.
 You will need to set the following line to enable the authenticator:
 
-auth_param basic program /usr/local/squid/libexec/nt_auth [options]
+auth_param basic program /usr/local/squid/libexec/win32_auth [options]
 
 or
 
-auth_param basic program c:/squid/libexec/nt_auth [options]
+auth_param basic program c:/squid/libexec/win32_auth [options]
 
 You will need to set the following lines to enable authentication for
 your access list -
@@ -58,7 +59,7 @@
   acl <yourACL> proxy_auth REQUIRED
   http_access allow <yourACL>
 
-You will need to specify the absolute path to nt_auth in the 
+You will need to specify the absolute path to win32_auth in the 
 'auth_param basic program' directive, and check the 'auth_param basic children'
 and 'auth_param basic credentialsttl'.
 
@@ -68,7 +69,7 @@
 ==================
 
 The Makefile assumes that GCC is in the current PATH.
-NT_auth compile ONLY on Cygwin Environment, MinGW + MSYS Environment
+win32_auth compile ONLY on Cygwin Environment, MinGW + MSYS Environment
 or MS VC++.
 
 
@@ -76,7 +77,7 @@
 Testing
 =======
 
-I strongly urge that NT_auth is tested prior to being used in a 
+I strongly urge that win32_auth is tested prior to being used in a 
 production environment. It may behave differently on different platforms.
 To test it, run it from the command line. Enter username and password
 pairs separated by a space. Press ENTER to get an OK or ERR message.
Index: squid/helpers/basic_auth/win32_locallogon/valid.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/helpers/basic_auth/win32_locallogon/Attic/valid.c,v
retrieving revision 1.1.4.5
retrieving revision 1.1.4.6
diff -u -r1.1.4.5 -r1.1.4.6
--- squid/helpers/basic_auth/win32_locallogon/valid.c	8 Jul 2005 09:23:11 -0000	1.1.4.5
+++ squid/helpers/basic_auth/win32_locallogon/valid.c	13 Sep 2005 15:44:27 -0000	1.1.4.6
@@ -149,6 +149,7 @@
     if (!SSP_LogonUser(User, Password, NTDomain)) {
 	result = NTV_LOGON_ERROR;
         errormsg = NTV_LOGON_ERROR_MSG;
+        debug("%s\n", errormsg);
     } else {
 	result = NTV_NO_ERROR;
 	if (strcmp(NTDomain, NTV_DEFAULT_DOMAIN) == 0)
@@ -162,12 +163,14 @@
 	    if (!Valid_Group(DomainUser, NTAllowedGroup)) {
 		result = NTV_GROUP_ERROR;
                 errormsg = NTV_GROUP_ERROR_MSG;
+                debug("%s\n", errormsg);
 	    }
 	}
 	if (UseDisallowedGroup) {
 	    if (Valid_Group(DomainUser, NTDisAllowedGroup)) {
 		result = NTV_GROUP_ERROR;
                 errormsg = NTV_GROUP_ERROR_MSG;
+                debug("%s\n", errormsg);
 	    }
 	}
     }
Index: squid/helpers/basic_auth/win32_locallogon/valid.h
===================================================================
RCS file: /cvsroot/squid-sf//squid/helpers/basic_auth/win32_locallogon/Attic/valid.h,v
retrieving revision 1.1.4.4
retrieving revision 1.1.4.5
diff -u -r1.1.4.4 -r1.1.4.5
--- squid/helpers/basic_auth/win32_locallogon/valid.h	13 Sep 2005 13:15:25 -0000	1.1.4.4
+++ squid/helpers/basic_auth/win32_locallogon/valid.h	13 Sep 2005 15:44:27 -0000	1.1.4.5
@@ -34,6 +34,15 @@
 #endif
 #include <lm.h>
 #include "sspwin32.h"
+#undef debug
+
+/************* CONFIGURATION ***************/
+/*
+ * define this if you want debugging
+ */
+#ifndef DEBUG
+#define DEBUG
+#endif
 
 /* SMB User verification function */
 
@@ -52,9 +61,49 @@
 extern char * NTDisAllowedGroup;
 extern int UseDisallowedGroup;
 extern int UseAllowedGroup;
+extern int debug_enabled;
 extern char Default_NTDomain[DNLEN+1];
 extern const char * errormsg;
 
+#include <sys/types.h>
+
+/* Debugging stuff */
+
+#ifdef __GNUC__			/* this is really a gcc-ism */
+#ifdef DEBUG
+#include <stdio.h>
+#include <unistd.h>
+static char *__foo;
+#define debug(X...) if (debug_enabled) { \
+                    fprintf(stderr,"nt_auth[%d](%s:%d): ", getpid(), \
+                    ((__foo=strrchr(__FILE__,'/'))==NULL?__FILE__:__foo+1),\
+                    __LINE__);\
+                    fprintf(stderr,X); }
+#else /* DEBUG */
+#define debug(X...)		/* */
+#endif /* DEBUG */
+#else /* __GNUC__ */
+static void
+debug(char *format,...) 
+{
+#ifdef DEBUG
+#ifdef _SQUID_MSWIN_
+    if (debug_enabled) {
+	va_list args;
+
+	va_start(args,format);
+	fprintf(stderr, "nt_auth[%d]: ",getpid());
+	vfprintf(stderr, format, args);
+	va_end(args);
+    }
+#endif /* _SQUID_MSWIN_ */
+#endif /* DEBUG */
+}
+#endif /* __GNUC__ */
+
+
+
+
 int Valid_User(char *,char *, char *);
 
 #endif
Index: squid/port/win32/update.cmd
===================================================================
RCS file: /cvsroot/squid-sf//squid/port/win32/Attic/update.cmd,v
retrieving revision 1.1.2.24
retrieving revision 1.1.2.25
diff -u -r1.1.2.24 -r1.1.2.25
--- squid/port/win32/update.cmd	3 Jun 2005 19:02:31 -0000	1.1.2.24
+++ squid/port/win32/update.cmd	13 Sep 2005 15:46:20 -0000	1.1.2.25
@@ -18,7 +18,7 @@
 copy %0\..\pinger\%1\pinger.exe %2\libexec\pinger.exe
 copy %0\..\squidclient\%1\squidclient.exe %2\bin\squidclient.exe
 copy %0\..\fake_auth\%1\fake_auth.exe %2\libexec\fakeauth_auth.exe
-copy %0\..\nt_auth\%1\nt_auth.exe %2\libexec\nt_auth.exe
+copy %0\..\nt_auth\%1\nt_auth.exe %2\libexec\win32_auth.exe
 copy %0\..\ncsa_auth\%1\ncsa_auth.exe %2\libexec\ncsa_auth.exe
 copy %0\..\ntlm_win32_auth\%1\ntlm_win32_auth.exe %2\libexec\win32_ntlm_auth.exe
 copy %0\..\ldap_auth\%1\ldap_auth.exe %2\libexec\squid_ldap_auth.exe