--------------------- PatchSet 2022 Date: 2005/10/30 19:19:40 Author: serassio Branch: nt Tag: (none) Log: Added Windows native negotiate helper Members: configure.in:1.26.2.65->1.26.2.66 helpers/Makefile.am:1.1->1.1.2.1 helpers/basic_auth/mswin_sspi/Makefile.am:1.1.2.1->1.1.2.2 helpers/basic_auth/mswin_sspi/mswin_auth.c:1.1.2.1->1.1.2.2 helpers/negotiate_auth/.cvsignore:1.1->1.1.2.1 helpers/negotiate_auth/Makefile.am:1.1->1.1.2.1 helpers/negotiate_auth/mswin_sspi/.cvsignore:1.1->1.1.2.1 helpers/negotiate_auth/mswin_sspi/Makefile.am:1.1->1.1.2.1 helpers/negotiate_auth/mswin_sspi/libnegotiatessp.c:1.1->1.1.2.1 helpers/negotiate_auth/mswin_sspi/negotiate.h:1.1->1.1.2.1 helpers/negotiate_auth/mswin_sspi/negotiate_auth.c:1.1->1.1.2.1 helpers/ntlm_auth/mswin_sspi/Makefile.am:1.1.2.1->1.1.2.2 helpers/ntlm_auth/mswin_sspi/libntlmssp.c:1.1.2.1->1.1.2.2 helpers/ntlm_auth/mswin_sspi/ntlm.h:1.1.2.1->1.1.2.2 helpers/ntlm_auth/mswin_sspi/ntlm_auth.c:1.1.2.1->1.1.2.2 Index: squid3/configure.in =================================================================== RCS file: /cvsroot/squid-sf//squid3/configure.in,v retrieving revision 1.26.2.65 retrieving revision 1.26.2.66 diff -u -r1.26.2.65 -r1.26.2.66 --- squid3/configure.in 30 Oct 2005 17:29:09 -0000 1.26.2.65 +++ squid3/configure.in 30 Oct 2005 19:20:15 -0000 1.26.2.66 @@ -3,7 +3,7 @@ dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.26.2.65 2005/10/30 17:29:09 serassio Exp $ +dnl $Id: configure.in,v 1.26.2.66 2005/10/30 19:20:15 serassio Exp $ dnl dnl dnl @@ -13,7 +13,7 @@ AC_CONFIG_AUX_DIR(cfgaux) AM_INIT_AUTOMAKE(squid, 3.0-PRE3-NT-CVS) AM_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.26.2.65 $)dnl +AC_REVISION($Revision: 1.26.2.66 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -1390,6 +1390,43 @@ fi AC_SUBST(NTLM_AUTH_HELPERS) +dnl Select negotiate auth helpers to build +NEGOTIATE_AUTH_HELPERS= +AC_ARG_ENABLE(negotiate-auth-helpers, +[ --enable-negotiate-auth-helpers=\"list of helpers\" + This option selects which proxy_auth negotiate helpers + to build and install as part of the normal build + process. For a list of available helpers see + the helpers/negotiate_auth directory.], +[ case "$enableval" in + yes) + for dir in $srcdir/helpers/negotiate_auth/*; do + helper="`basename $dir`" + if test -d "$dir" && test "$helper" != CVS; then + NEGOTIATE_AUTH_HELPERS="$NEGOTIATE_AUTH_HELPERS $helper" + fi + done + ;; + no) + ;; + *) + NEGOTIATE_AUTH_HELPERS="`echo $enableval| sed -e 's/,/ /g;s/ */ /g'`" + ;; + esac +]) +if test -n "$NEGOTIATE_AUTH_HELPERS"; then + for helper in $NEGOTIATE_AUTH_HELPERS; do + if test -d $srcdir/helpers/negotiate_auth/$helper; then + : + else + echo "ERROR: Negotiate Auth helper $helper does not exists" + exit 1 + fi + done + echo "Negotiate auth helpers built: $NEGOTIATE_AUTH_HELPERS" +fi +AC_SUBST(NEGOTIATE_AUTH_HELPERS) + dnl Select digest auth scheme helpers to build DIGEST_AUTH_HELPERS= AC_ARG_ENABLE(digest-auth-helpers, @@ -2973,6 +3010,7 @@ helpers/ntlm_auth/SMB/Makefile \ helpers/ntlm_auth/SMB/smbval/Makefile \ helpers/ntlm_auth/mswin_sspi/Makefile \ + helpers/negotiate_auth/mswin_sspi/Makefile \ helpers/external_acl/Makefile \ helpers/external_acl/ip_user/Makefile \ helpers/external_acl/ldap_group/Makefile \ Index: squid3/helpers/Makefile.am =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/Makefile.am,v retrieving revision 1.1 retrieving revision 1.1.2.1 diff -u -r1.1 -r1.1.2.1 --- squid3/helpers/Makefile.am 14 Oct 2002 00:18:14 -0000 1.1 +++ squid3/helpers/Makefile.am 30 Oct 2005 19:19:40 -0000 1.1.2.1 @@ -1 +1 @@ -SUBDIRS = basic_auth ntlm_auth digest_auth external_acl +SUBDIRS = basic_auth ntlm_auth digest_auth negotiate_auth external_acl Index: squid3/helpers/basic_auth/mswin_sspi/Makefile.am =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/basic_auth/mswin_sspi/Makefile.am,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid3/helpers/basic_auth/mswin_sspi/Makefile.am 30 Oct 2005 17:26:10 -0000 1.1.2.1 +++ squid3/helpers/basic_auth/mswin_sspi/Makefile.am 30 Oct 2005 19:19:40 -0000 1.1.2.2 @@ -1,7 +1,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.am,v 1.1.2.1 2005/10/30 17:26:10 serassio Exp $ +# $Id: Makefile.am,v 1.1.2.2 2005/10/30 19:19:40 serassio Exp $ # # Uncomment and customize the following to suit your needs: # @@ -9,7 +9,7 @@ libexec_PROGRAMS = mswin_auth -win32_auth_SOURCES = mswin_auth.c valid.c valid.h +mswin_auth_SOURCES = mswin_auth.c valid.c valid.h LDADD = -L$(top_builddir)/lib -lnetapi32 -ladvapi32 -lsspwin32 \ -lmiscutil $(XTRA_LIBS) Index: squid3/helpers/basic_auth/mswin_sspi/mswin_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/basic_auth/mswin_sspi/mswin_auth.c,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid3/helpers/basic_auth/mswin_sspi/mswin_auth.c 30 Oct 2005 17:26:10 -0000 1.1.2.1 +++ squid3/helpers/basic_auth/mswin_sspi/mswin_auth.c 30 Oct 2005 19:19:40 -0000 1.1.2.2 @@ -120,7 +120,7 @@ debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name); - if (LoadSecurityDll(SSP_BASIC) == NULL) { + if (LoadSecurityDll(SSP_BASIC, NTLM_PACKAGE_NAME) == NULL) { fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n"); exit(1); } --- /dev/null Wed Feb 14 13:33:00 2007 +++ squid3/helpers/negotiate_auth/.cvsignore Wed Feb 14 13:35:26 2007 @@ -0,0 +1,3 @@ +.cvsignore +Makefile.in +Makefile --- /dev/null Wed Feb 14 13:33:00 2007 +++ squid3/helpers/negotiate_auth/Makefile.am Wed Feb 14 13:35:26 2007 @@ -0,0 +1,7 @@ +# Makefile for negotiate authentication helpers in the Squid Object Cache server +# +# $Id: Makefile.am,v 1.1.2.1 2005/10/30 19:19:40 serassio Exp $ +# + +DIST_SUBDIRS = mswin_sspi +SUBDIRS = @NEGOTIATE_AUTH_HELPERS@ --- /dev/null Wed Feb 14 13:33:00 2007 +++ squid3/helpers/negotiate_auth/mswin_sspi/.cvsignore Wed Feb 14 13:35:26 2007 @@ -0,0 +1,2 @@ +.cvsignore +Makefile.in --- /dev/null Wed Feb 14 13:33:00 2007 +++ squid3/helpers/negotiate_auth/mswin_sspi/Makefile.am Wed Feb 14 13:35:26 2007 @@ -0,0 +1,16 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id: Makefile.am,v 1.1.2.1 2005/10/30 19:19:40 serassio Exp $ +# + +libexec_PROGRAMS = mswin_negotiate_auth + +mswin_negotiate_auth_SOURCES = libnegotiatessp.c negotiate_auth.c negotiate.h + +INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)/src + +LDADD = -L$(top_builddir)/lib -lsspwin32 -lnetapi32 \ + -ladvapi32 -lmiscutil $(XTRA_LIBS) + +EXTRA_DIST = readme.txt --- /dev/null Wed Feb 14 13:33:00 2007 +++ squid3/helpers/negotiate_auth/mswin_sspi/libnegotiatessp.c Wed Feb 14 13:35:26 2007 @@ -0,0 +1,83 @@ +/* + * (C) 2002 Guido Serassio + * Based on previous work of Francesco Chemolli and Robert Collins + * Distributed freely under the terms of the GNU General Public License, + * version 2. See the file COPYING for licensing details + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + */ + +typedef unsigned char uchar; + +#include "util.h" +#include "negotiate.h" +#if HAVE_CTYPE_H +#include +#endif + +void hex_dump(void *data, int size) +{ + /* dumps size bytes of *data to stdout. Looks like: + * [0000] 75 6E 6B 6E 6F 77 6E 20 + * 30 FF 00 00 00 00 39 00 unknown 0.....9. + * (in a single line of course) + */ + + if (!data) + return; + + if (debug_enabled) { + unsigned char *p = data; + unsigned char c; + int n; + char bytestr[4] = {0}; + char addrstr[10] = {0}; + char hexstr[ 16*3 + 5] = {0}; + char charstr[16*1 + 5] = {0}; + for(n=1;n<=size;n++) { + if (n%16 == 1) { + /* store address for this line */ + snprintf(addrstr, sizeof(addrstr), "%.4x", + ((unsigned int)p-(unsigned int)data) ); + } + + c = *p; + if (isalnum(c) == 0) { + c = '.'; + } + + /* store hex str (for left side) */ + snprintf(bytestr, sizeof(bytestr), "%02X ", *p); + strncat(hexstr, bytestr, sizeof(hexstr)-strlen(hexstr)-1); + + /* store char str (for right side) */ + snprintf(bytestr, sizeof(bytestr), "%c", c); + strncat(charstr, bytestr, sizeof(charstr)-strlen(charstr)-1); + + if(n%16 == 0) { + /* line completed */ + fprintf(stderr, "[%4.4s] %-50.50s %s\n", addrstr, hexstr, charstr); + hexstr[0] = 0; + charstr[0] = 0; + } else if(n%8 == 0) { + /* half line: add whitespaces */ + strncat(hexstr, " ", sizeof(hexstr)-strlen(hexstr)-1); + strncat(charstr, " ", sizeof(charstr)-strlen(charstr)-1); + } + p++; /* next byte */ + } + + if (strlen(hexstr) > 0) { + /* print rest of buffer if not empty */ + fprintf(stderr, "[%4.4s] %-50.50s %s\n", addrstr, hexstr, charstr); + } + } +} + --- /dev/null Wed Feb 14 13:33:00 2007 +++ squid3/helpers/negotiate_auth/mswin_sspi/negotiate.h Wed Feb 14 13:35:27 2007 @@ -0,0 +1,116 @@ +/* + * (C) 2002 Guido Serassio + * Based on previous work of Francesco Chemolli, Robert Collins and Andrew Doran + * + * Distributed freely under the terms of the GNU General Public License, + * version 2. See the file COPYING for licensing details + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + */ + +#ifndef _NTLM_H_ +#define _NTLM_H_ + +#include "sspwin32.h" +#include +#include +#include +#include "ntlmauth.h" +#undef debug + +/************* CONFIGURATION ***************/ +/* + * define this if you want debugging + */ +#ifndef DEBUG +#define DEBUG +#endif + +#define FAIL_DEBUG 0 + +/************* END CONFIGURATION ***************/ + +#include + +extern int debug_enabled; +#if FAIL_DEBUG +extern int fail_debug_enabled; +#endif + +/* Debugging stuff */ + +#ifdef __GNUC__ /* this is really a gcc-ism */ +#ifdef DEBUG +#include +#include +static char *__foo; +#define debug(X...) if (debug_enabled) { \ + fprintf(stderr,"ntlm-auth[%d](%s:%d): ", getpid(), \ + ((__foo=strrchr(__FILE__,'/'))==NULL?__FILE__:__foo+1),\ + __LINE__);\ + fprintf(stderr,X); } +#else /* DEBUG */ +#define debug(X...) /* */ +#endif /* DEBUG */ +#else /* __GNUC__ */ +static void +debug(char *format,...) +{ +#ifdef DEBUG +#ifdef _SQUID_MSWIN_ +#if FAIL_DEBUG + if (debug_enabled || fail_debug_enabled) { +#else + if (debug_enabled) { +#endif + va_list args; + + va_start(args,format); + fprintf(stderr, "negotiate-auth[%d]: ",getpid()); + vfprintf(stderr, format, args); + va_end(args); +#if FAIL_DEBUG + fail_debug_enabled = 0; +#endif + } +#endif /* _SQUID_MSWIN_ */ +#endif /* DEBUG */ +} +#endif /* __GNUC__ */ + + +/* A couple of harmless helper macros */ +#define SEND(X) debug("sending '%s' to squid\n",X); printf(X "\n"); +#ifdef __GNUC__ +#define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y); +#define SEND3(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y); +#else +/* no gcc, no debugging. varargs macros are a gcc extension */ +#define SEND2(X,Y) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y); +#define SEND3(X,Y,Z) debug("sending '" X "' to squid\n",Y,Z); printf(X "\n",Y,Z); +#endif + +extern int ntlm_errno; + +#define NTLM_NO_ERROR 0 +#define NTLM_SSPI_ERROR 1 +#define NTLM_BAD_NTGROUP 2 +#define NTLM_BAD_REQUEST 3 + +#define NEGOTIATE_LENGTH 16 + +extern void uc(char *); + +extern char *negotiate_check_auth(SSP_blobP auth, int auth_length); +extern void hex_dump(void *, int); + +#define safe_free(x) if (x) { free(x); x = NULL; } + +#endif /* _NTLM_H_ */ --- /dev/null Wed Feb 14 13:33:00 2007 +++ squid3/helpers/negotiate_auth/mswin_sspi/negotiate_auth.c Wed Feb 14 13:35:27 2007 @@ -0,0 +1,316 @@ +/* + * win32_ntlm_auth: helper for NTLM Authentication for Squid Cache + * + * (C)2005 Guido Serassio - Acme Consulting S.r.l. + * + * Authors: + * Guido Serassio + * Acme Consulting S.r.l., Italy + * + * With contributions from others mentioned in the change history section + * below. + * + * Based on previous work of Francesco Chemolli and Robert Collins. + * + * Dependencies: Windows NT4 SP4 and later. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + * + * History: + * + * Version 1.0 + * 29-10-2005 Guido Serassio + * First release. + * + * + */ + +#include "util.h" +#if HAVE_GETOPT_H +#include +#endif +#include "negotiate.h" +#if HAVE_CTYPE_H +#include +#endif + +#define BUFFER_SIZE 10240 + +int debug_enabled = 0; +int Negotiate_packet_debug_enabled = 0; + +static int have_serverblob; + +/* makes a null-terminated string upper-case. Changes CONTENTS! */ +void +uc(char *string) +{ + char *p = string, c; + while ((c = *p)) { + *p = toupper(c); + p++; + } +} + +/* makes a null-terminated string lower-case. Changes CONTENTS! */ +static void +lc(char *string) +{ + char *p = string, c; + while ((c = *p)) { + *p = tolower(c); + p++; + } +} + +void +helperfail(const char *reason) +{ +#if FAIL_DEBUG + fail_debug_enabled =1; +#endif + SEND2("BH %s", reason); +} + +/* + options: + -d enable debugging. + -v enable verbose NTLM packet debugging. + */ +char *my_program_name = NULL; + +void +usage() +{ + fprintf(stderr, + "Usage: %s [-d] [-v] [-h]\n" + " -d enable debugging.\n" + " -v enable verbose NTLM packet debugging.\n" + " -h this message\n\n", + my_program_name); +} + + +void +process_options(int argc, char *argv[]) +{ + int opt, had_error = 0; + + opterr =0; + while (-1 != (opt = getopt(argc, argv, "hdv"))) { + switch (opt) { + case 'd': + debug_enabled = 1; + break; + case 'v': + debug_enabled = 1; + Negotiate_packet_debug_enabled = 1; + break; + case 'h': + usage(); + exit(0); + case '?': + opt = optopt; + /* fall thru to default */ + default: + fprintf(stderr, "unknown option: -%c. Exiting\n", opt); + usage(); + had_error = 1; + } + } + if (had_error) + exit(1); +} + +int +manage_request() +{ + char buf[BUFFER_SIZE]; + char helper_command[3]; + char *c, *decoded; + int plen, status; + int oversized = 0; + char * ErrorMessage; + static char cred[SSP_MAX_CRED_LEN+1]; + BOOL Done = FALSE; + +try_again: + if (fgets(buf, BUFFER_SIZE, stdin) == NULL) + return 0; + + c = memchr(buf, '\n', BUFFER_SIZE); /* safer against overrun than strchr */ + if (c) { + if (oversized) { + helperfail("illegal request received"); + fprintf(stderr, "Illegal request received: '%s'\n", buf); + return 1; + } + *c = '\0'; + } else { + fprintf(stderr, "No newline in '%s'\n", buf); + oversized = 1; + goto try_again; + } + + if ((strlen(buf) > 3) && Negotiate_packet_debug_enabled) { + decoded = base64_decode(buf + 3); + strncpy(helper_command, buf, 2); + debug("Got '%s' from Squid with data:\n", helper_command); + hex_dump(decoded, ((strlen(buf) - 3) * 3) / 4); + } else + debug("Got '%s' from Squid\n", buf); + + if (memcmp(buf, "YR ", 3) == 0) { /* refresh-request */ + /* figure out what we got */ + decoded = base64_decode(buf + 3); + /* Note: we don't need to manage memory at this point, since + * base64_decode returns a pointer to static storage. + */ + if (!decoded) { /* decoding failure, return error */ + SEND("NA * Packet format error, couldn't base64-decode"); + return 1; + } + /* Obtain server blob against SSPI */ + plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */ + c = (char *) SSP_MakeNegotiateBlob(decoded, plen, &Done, &status, cred); + + if (status == SSP_OK) { + if (Done) { + lc(cred); /* let's lowercase them for our convenience */ + have_serverblob = 0; + Done = FALSE; + if (Negotiate_packet_debug_enabled) { + printf("AF %s %s\n",c,cred); + decoded = base64_decode(c); + debug("sending 'AF' %s to squid with data:\n", cred); + hex_dump(decoded, (strlen(c) * 3) / 4); + } else + SEND3("AF %s %s", c, cred); + } else { + if (Negotiate_packet_debug_enabled) { + printf("TT %s\n",c); + decoded = base64_decode(c); + debug("sending 'TT' to squid with data:\n"); + hex_dump(decoded, (strlen(c) * 3) / 4); + } else { + SEND2("TT %s", c); + } + have_serverblob = 1; + } + } else + helperfail("can't obtain server blob"); + return 1; + } + + if (memcmp(buf, "KK ", 3) == 0) { /* authenticate-request */ + if (!have_serverblob) { + helperfail("invalid server blob"); + return 1; + } + /* figure out what we got */ + decoded = base64_decode(buf + 3); + /* Note: we don't need to manage memory at this point, since + * base64_decode returns a pointer to static storage. + */ + if (!decoded) { /* decoding failure, return error */ + SEND("NA * Packet format error, couldn't base64-decode"); + return 1; + } + + /* check against SSPI */ + plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */ + c = (char *) SSP_ValidateNegotiateCredentials(decoded, plen, &Done, &status, cred); + + if (status == SSP_ERROR) { +#if FAIL_DEBUG + fail_debug_enabled = 1; +#endif + FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | + FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, + GetLastError(), + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ + (LPTSTR) &ErrorMessage, + 0, + NULL); + if (ErrorMessage[strlen(ErrorMessage) - 1] == '\n') + ErrorMessage[strlen(ErrorMessage) - 1] = '\0'; + if (ErrorMessage[strlen(ErrorMessage) - 1] == '\r') + ErrorMessage[strlen(ErrorMessage) - 1] = '\0'; + SEND2("NA * %s", ErrorMessage); + LocalFree(ErrorMessage); + return 1; + } + + if (Done) { + lc(cred); /* let's lowercase them for our convenience */ + have_serverblob = 0; + Done = FALSE; + if (Negotiate_packet_debug_enabled) { + printf("AF %s %s\n",c,cred); + decoded = base64_decode(c); + debug("sending 'AF' %s to squid with data:\n", cred); + hex_dump(decoded, (strlen(c) * 3) / 4); + } else { + SEND3("AF %s %s", c, cred); + } + return 1; + } else { + if (Negotiate_packet_debug_enabled) { + printf("TT %s\n",c); + decoded = base64_decode(c); + debug("sending 'TT' to squid with data:\n"); + hex_dump(decoded, (strlen(c) * 3) / 4); + } else + SEND2("TT %s", c); + return 1; + } + + } else { /* not an auth-request */ + helperfail("illegal request received"); + fprintf(stderr, "Illegal request received: '%s'\n", buf); + return 1; + } + helperfail("detected protocol error"); + return 1; +/********* END ********/ +} + +int +main(int argc, char *argv[]) +{ + my_program_name = argv[0]; + + process_options(argc, argv); + + debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name); + + if (LoadSecurityDll(SSP_NTLM, NEGOTIATE_PACKAGE_NAME) == NULL) { + fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n"); + exit(1); + } + debug("SSPI initialized OK\n"); + + atexit(UnloadSecurityDll); + + /* initialize FDescs */ + setbuf(stdout, NULL); + setbuf(stderr, NULL); + + while (manage_request()) { + /* everything is done within manage_request */ + } + exit(0); +} Index: squid3/helpers/ntlm_auth/mswin_sspi/Makefile.am =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/ntlm_auth/mswin_sspi/Makefile.am,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid3/helpers/ntlm_auth/mswin_sspi/Makefile.am 30 Oct 2005 16:48:08 -0000 1.1.2.1 +++ squid3/helpers/ntlm_auth/mswin_sspi/Makefile.am 30 Oct 2005 19:19:40 -0000 1.1.2.2 @@ -1,16 +1,16 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.am,v 1.1.2.1 2005/10/30 16:48:08 serassio Exp $ +# $Id: Makefile.am,v 1.1.2.2 2005/10/30 19:19:40 serassio Exp $ # libexec_PROGRAMS = mswin_ntlm_auth -win32_ntlm_auth_SOURCES = libntlmssp.c ntlm_auth.c ntlm.h +mswin_ntlm_auth_SOURCES = libntlmssp.c ntlm_auth.c ntlm.h INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)/src LDADD = -L$(top_builddir)/lib -lntlmauth -lsspwin32 -lnetapi32 \ - -ladvapi32 -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) + -ladvapi32 -lmiscutil $(XTRA_LIBS) EXTRA_DIST = readme.txt Index: squid3/helpers/ntlm_auth/mswin_sspi/libntlmssp.c =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/ntlm_auth/mswin_sspi/libntlmssp.c,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid3/helpers/ntlm_auth/mswin_sspi/libntlmssp.c 30 Oct 2005 16:48:08 -0000 1.1.2.1 +++ squid3/helpers/ntlm_auth/mswin_sspi/libntlmssp.c 30 Oct 2005 19:19:40 -0000 1.1.2.2 @@ -271,7 +271,7 @@ } else debug("checking local user\n"); - rv = SSP_ValidateCredentials(auth, auth_length, credentials); + rv = SSP_ValidateNTLMCredentials(auth, auth_length, credentials); debug("Login attempt had result %d\n", rv); @@ -329,6 +329,9 @@ * (in a single line of course) */ + if (!data) + return; + if (debug_enabled) { unsigned char *p = data; unsigned char c; Index: squid3/helpers/ntlm_auth/mswin_sspi/ntlm.h =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/ntlm_auth/mswin_sspi/ntlm.h,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid3/helpers/ntlm_auth/mswin_sspi/ntlm.h 30 Oct 2005 16:48:08 -0000 1.1.2.1 +++ squid3/helpers/ntlm_auth/mswin_sspi/ntlm.h 30 Oct 2005 19:19:40 -0000 1.1.2.2 @@ -40,7 +40,7 @@ #include extern int debug_enabled; -#ifdef FAIL_DEBUG +#if FAIL_DEBUG extern int fail_debug_enabled; #endif @@ -65,14 +65,18 @@ { #ifdef DEBUG #ifdef _SQUID_MSWIN_ +#if FAIL_DEBUG if (debug_enabled || fail_debug_enabled) { +#else + if (debug_enabled) { +#endif va_list args; va_start(args,format); fprintf(stderr, "ntlm-auth[%d]: ",getpid()); vfprintf(stderr, format, args); va_end(args); -#ifdef FAIL_DEBUG +#if FAIL_DEBUG fail_debug_enabled = 0; #endif } Index: squid3/helpers/ntlm_auth/mswin_sspi/ntlm_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/ntlm_auth/mswin_sspi/ntlm_auth.c,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid3/helpers/ntlm_auth/mswin_sspi/ntlm_auth.c 30 Oct 2005 16:48:08 -0000 1.1.2.1 +++ squid3/helpers/ntlm_auth/mswin_sspi/ntlm_auth.c 30 Oct 2005 19:19:40 -0000 1.1.2.2 @@ -63,10 +63,6 @@ #define BUFFER_SIZE 10240 -#ifdef NTLM_FAIL_OPEN -int last_ditch_enabled = 0; -#endif - int debug_enabled = 0; int NTLM_packet_debug_enabled = 0; @@ -76,7 +72,7 @@ char * NTDisAllowedGroup; int UseDisallowedGroup = 0; int UseAllowedGroup = 0; -#ifdef FAIL_DEBUG +#if FAIL_DEBUG int fail_debug_enabled = 0; #endif @@ -105,7 +101,7 @@ void helperfail(const char *reason) { -#ifdef FAIL_DEBUG +#if FAIL_DEBUG fail_debug_enabled =1; #endif SEND2("BH %s", reason); @@ -125,16 +121,9 @@ usage() { fprintf(stderr, -#ifdef NTLM_FAIL_OPEN - "Usage: %s [-d] [-v] [-A|D LocalUserGroup] [-l] [-h]\n" -#else "Usage: %s [-d] [-v] [-A|D LocalUserGroup] [-h]\n" -#endif " -d enable debugging.\n" " -v enable verbose NTLM packet debugging.\n" -#ifdef NTLM_FAIL_OPEN - " -l if specified, changes behavior on failures to last-ditch\n" -#endif " -A specify a Windows Local Group name allowed to authenticate\n" " -D specify a Windows Local Group name not allowed to authenticate\n" " -h this message\n\n", @@ -148,11 +137,7 @@ int opt, had_error = 0; opterr =0; -#ifdef NTLM_FAIL_OPEN - while (-1 != (opt = getopt(argc, argv, "hdvlA:D:"))) { -#else while (-1 != (opt = getopt(argc, argv, "hdvA:D:"))) { -#endif switch (opt) { case 'A': safe_free(NTAllowedGroup); @@ -164,11 +149,6 @@ NTDisAllowedGroup=xstrdup(optarg); UseDisallowedGroup = 1; break; -#ifdef NTLM_FAIL_OPEN - case 'l': - last_ditch_enabled = 1; - break; -#endif case 'd': debug_enabled = 1; break; @@ -342,7 +322,7 @@ cred = ntlm_check_auth((ntlm_authenticate *) decoded, plen); have_challenge = 0; if (cred == NULL) { -#ifdef FAIL_DEBUG +#if FAIL_DEBUG fail_debug_enabled =1; #endif switch (ntlm_errno) { @@ -402,7 +382,7 @@ debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name); - if (LoadSecurityDll(SSP_NTLM) == NULL) { + if (LoadSecurityDll(SSP_NTLM, NTLM_PACKAGE_NAME) == NULL) { fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n"); exit(1); }