--------------------- PatchSet 989 Date: 2004/02/28 09:01:02 Author: serassio Branch: nt Tag: (none) Log: Synced all changes of native Windows helpers from nt-2_5 branch Members: helpers/basic_auth/LDAP/Makefile.am:1.1.2.1->1.1.2.2 helpers/basic_auth/LDAP/squid_ldap_auth.c:1.4.12.5->1.4.12.6 helpers/basic_auth/win32_locallogon/NT_auth.c:1.2.18.1->1.2.18.2 helpers/basic_auth/win32_locallogon/README.txt:1.2.18.2->1.2.18.3 helpers/basic_auth/win32_locallogon/valid.h:1.2.18.1->1.2.18.2 helpers/external_acl/ldap_group/Makefile.am:1.2.4.1->1.2.4.2 helpers/external_acl/ldap_group/squid_ldap_group.c:1.5.2.3->1.5.2.4 helpers/external_acl/win32_group/readme.txt:1.2.18.2->1.2.18.3 helpers/external_acl/win32_group/win32_check_group.c:1.2.18.3->1.2.18.4 helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c:1.2.18.4->1.2.18.5 helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h:1.2.18.2->1.2.18.3 helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c:1.2.18.4->1.2.18.5 helpers/ntlm_auth/NTLMSSP-WIN32/readme.txt:1.2.18.3->1.2.18.4 port/win32/update.cmd:1.2.18.4->1.2.18.5 Index: squid3/helpers/basic_auth/LDAP/Makefile.am =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/basic_auth/LDAP/Makefile.am,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid3/helpers/basic_auth/LDAP/Makefile.am 25 Feb 2003 02:48:19 -0000 1.1.2.1 +++ squid3/helpers/basic_auth/LDAP/Makefile.am 28 Feb 2004 09:01:02 -0000 1.1.2.2 @@ -1,7 +1,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.am,v 1.1.2.1 2003/02/25 02:48:19 hno Exp $ +# $Id: Makefile.am,v 1.1.2.2 2004/02/28 09:01:02 serassio Exp $ # # Uncomment and customize the following to suit your needs: # @@ -11,10 +11,11 @@ EXTRA_DIST = squid_ldap_auth.8 squid_ldap_auth_SOURCES = squid_ldap_auth.c -LDADD = -L$(top_builddir)/lib -lmiscutil -lldap -llber $(XTRA_LIBS) if ENABLE_MINGW32SPECIFIC +LDADD = -L$(top_builddir)/lib -lmiscutil -lwldap32 $(XTRA_LIBS) INCLUDES = -I$(top_srcdir)/port/win32/include -I$(top_builddir)/include \ -I$(top_srcdir)/include else +LDADD = -L$(top_builddir)/lib -lmiscutil -lldap -llber $(XTRA_LIBS) INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include endif Index: squid3/helpers/basic_auth/LDAP/squid_ldap_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/basic_auth/LDAP/squid_ldap_auth.c,v retrieving revision 1.4.12.5 retrieving revision 1.4.12.6 diff -u -r1.4.12.5 -r1.4.12.6 --- squid3/helpers/basic_auth/LDAP/squid_ldap_auth.c 3 Jan 2004 15:18:47 -0000 1.4.12.5 +++ squid3/helpers/basic_auth/LDAP/squid_ldap_auth.c 28 Feb 2004 09:01:02 -0000 1.4.12.6 @@ -76,6 +76,9 @@ #define snprintf _snprintf #include #include +#ifndef LDAPAPI +#define LDAPAPI __cdecl +#endif #ifdef LDAP_VERSION3 #define LDAP_OPT_SUCCESS LDAP_SUCCESS /* Some tricks to allow dynamic bind with ldap_start_tls_s entry point at Index: squid3/helpers/basic_auth/win32_locallogon/NT_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/basic_auth/win32_locallogon/Attic/NT_auth.c,v retrieving revision 1.2.18.1 retrieving revision 1.2.18.2 diff -u -r1.2.18.1 -r1.2.18.2 --- squid3/helpers/basic_auth/win32_locallogon/NT_auth.c 25 Feb 2003 02:48:20 -0000 1.2.18.1 +++ squid3/helpers/basic_auth/win32_locallogon/NT_auth.c 28 Feb 2004 09:01:03 -0000 1.2.18.2 @@ -26,10 +26,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. */ -#include "config.h" -#include -#include -#include "util.h" +#include "squid.h" /* Check if we try to compile on a Windows Platform */ #if defined(_SQUID_CYGWIN_) || defined(_SQUID_MSWIN_) Index: squid3/helpers/basic_auth/win32_locallogon/README.txt =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/basic_auth/win32_locallogon/Attic/README.txt,v retrieving revision 1.2.18.2 retrieving revision 1.2.18.3 diff -u -r1.2.18.2 -r1.2.18.3 --- squid3/helpers/basic_auth/win32_locallogon/README.txt 3 Jan 2004 16:20:44 -0000 1.2.18.2 +++ squid3/helpers/basic_auth/win32_locallogon/README.txt 28 Feb 2004 09:01:03 -0000 1.2.18.3 @@ -41,7 +41,7 @@ Type 'make', then 'make install', then 'make clean'. On Cygwin the default is to install 'nt_auth' into /usr/local/squid/libexec, -with other environment into c:/squid/libexec. +with other Windows environments into c:/squid/libexec. Refer to Squid documentation for the required changes to squid.conf. You will need to set the following line to enable the authenticator: Index: squid3/helpers/basic_auth/win32_locallogon/valid.h =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/basic_auth/win32_locallogon/Attic/valid.h,v retrieving revision 1.2.18.1 retrieving revision 1.2.18.2 diff -u -r1.2.18.1 -r1.2.18.2 --- squid3/helpers/basic_auth/win32_locallogon/valid.h 25 Feb 2003 02:48:21 -0000 1.2.18.1 +++ squid3/helpers/basic_auth/win32_locallogon/valid.h 28 Feb 2004 09:01:03 -0000 1.2.18.2 @@ -52,6 +52,4 @@ int Valid_User(char *,char *, char *); -#define safe_free(x) if (x) { free(x); x = NULL; } - #endif Index: squid3/helpers/external_acl/ldap_group/Makefile.am =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/external_acl/ldap_group/Makefile.am,v retrieving revision 1.2.4.1 retrieving revision 1.2.4.2 diff -u -r1.2.4.1 -r1.2.4.2 --- squid3/helpers/external_acl/ldap_group/Makefile.am 25 Feb 2003 02:48:23 -0000 1.2.4.1 +++ squid3/helpers/external_acl/ldap_group/Makefile.am 28 Feb 2004 09:01:03 -0000 1.2.4.2 @@ -1,7 +1,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.am,v 1.2.4.1 2003/02/25 02:48:23 hno Exp $ +# $Id: Makefile.am,v 1.2.4.2 2004/02/28 09:01:03 serassio Exp $ # # Uncomment and customize the following to suit your needs: # @@ -11,10 +11,11 @@ EXTRA_DIST = squid_ldap_group.8 squid_ldap_group_SOURCES = squid_ldap_group.c -LDADD = -lldap -llber $(XTRA_LIBS) if ENABLE_MINGW32SPECIFIC +LDADD = -lwldap32 $(XTRA_LIBS) INCLUDES = -I$(top_srcdir)/port/win32/include -I$(top_builddir)/include \ -I$(top_srcdir)/include else +LDADD = -lldap -llber $(XTRA_LIBS) INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include endif Index: squid3/helpers/external_acl/ldap_group/squid_ldap_group.c =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/external_acl/ldap_group/squid_ldap_group.c,v retrieving revision 1.5.2.3 retrieving revision 1.5.2.4 diff -u -r1.5.2.3 -r1.5.2.4 --- squid3/helpers/external_acl/ldap_group/squid_ldap_group.c 3 Jan 2004 15:18:47 -0000 1.5.2.3 +++ squid3/helpers/external_acl/ldap_group/squid_ldap_group.c 28 Feb 2004 09:01:03 -0000 1.5.2.4 @@ -41,6 +41,9 @@ #define snprintf _snprintf #include #include +#ifndef LDAPAPI +#define LDAPAPI __cdecl +#endif #ifdef LDAP_VERSION3 #define LDAP_OPT_SUCCESS LDAP_SUCCESS /* Some tricks to allow dynamic bind with ldap_start_tls_s entry point at Index: squid3/helpers/external_acl/win32_group/readme.txt =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/external_acl/win32_group/Attic/readme.txt,v retrieving revision 1.2.18.2 retrieving revision 1.2.18.3 diff -u -r1.2.18.2 -r1.2.18.3 --- squid3/helpers/external_acl/win32_group/readme.txt 2 May 2003 14:24:46 -0000 1.2.18.2 +++ squid3/helpers/external_acl/win32_group/readme.txt 28 Feb 2004 09:01:03 -0000 1.2.18.3 @@ -26,8 +26,8 @@ squid.conf usage ================ -external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/win32_check_group -G -external_acl_type NT_local_group %LOGIN /usr/local/squid/libexec/win32_check_group +external_acl_type NT_global_group %LOGIN c:/squid/libexec/win32_check_group -G +external_acl_type NT_local_group %LOGIN c:/squid/libexec/win32_check_group acl GProxyUsers external NT_global_group GProxyUsers acl LProxyUsers external NT_local_group LProxyUsers @@ -45,7 +45,7 @@ the acl data ("Domain Users") must be placed into a separate file included by specifying "/path/to/file". The previous example will be: -acl ProxyUsers external NT_global_group "/usr/local/squid/etc/DomainUsers" +acl ProxyUsers external NT_global_group "c:/squid/etc/DomainUsers" and the DomainUsers files will contain only the following line: @@ -57,7 +57,7 @@ It's possible to enable not case sensitive group name comparation (-c), but on on some non - English locales, the results can be unexpected. - Native WIN32 NTLM and Basic Helpers must be used without the - -a & -d switches. + -A & -D switches. Refer to Squid documentation for the more details on squid.conf. Index: squid3/helpers/external_acl/win32_group/win32_check_group.c =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/external_acl/win32_group/Attic/win32_check_group.c,v retrieving revision 1.2.18.3 retrieving revision 1.2.18.4 diff -u -r1.2.18.3 -r1.2.18.4 --- squid3/helpers/external_acl/win32_group/win32_check_group.c 2 May 2003 14:52:29 -0000 1.2.18.3 +++ squid3/helpers/external_acl/win32_group/win32_check_group.c 28 Feb 2004 09:01:03 -0000 1.2.18.4 @@ -449,10 +449,10 @@ usage(char *program) { fprintf(stderr,"Usage: %s [-G][-c][-d][-h]\n" - " -G enable Domain Global group mode\n" - " -c use case insensitive compare\n" - " -d enable debugging\n" - " -h this message\n", + " -G enable Domain Global group mode\n" + " -c use case insensitive compare\n" + " -d enable debugging\n" + " -h this message\n", program); } Index: squid3/helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/libntlmssp.c,v retrieving revision 1.2.18.4 retrieving revision 1.2.18.5 diff -u -r1.2.18.4 -r1.2.18.5 --- squid3/helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c 3 Jan 2004 19:28:05 -0000 1.2.18.4 +++ squid3/helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c 28 Feb 2004 09:01:14 -0000 1.2.18.5 @@ -16,9 +16,8 @@ typedef unsigned char uchar; -#include "util.h" +#include "squid.h" #include "ntlm.h" -#include #include #include @@ -295,8 +294,8 @@ const char *encoded; memset(&ne, 0, sizeof(ntlm_negotiate)); /* reset */ memcpy(ne.signature, "NTLMSSP", 8); /* set the signature */ - ne.type = htole32(NTLM_NEGOTIATE); /* this is a challenge */ - ne.flags = htole32( + ne.type = WSWAP(NTLM_NEGOTIATE); /* this is a challenge */ + ne.flags = WSWAP( NEGOTIATE_ALWAYS_SIGN | NEGOTIATE_USE_NTLM | NEGOTIATE_USE_LM | @@ -304,6 +303,7 @@ 0 ); encoded = base64_encode_bin((char *) &ne, NEGOTIATE_LENGTH); + debug("Negotiate packet not supplied - self generated\n"); return encoded; } Index: squid3/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/ntlm.h,v retrieving revision 1.2.18.2 retrieving revision 1.2.18.3 diff -u -r1.2.18.2 -r1.2.18.3 --- squid3/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h 3 Jan 2004 16:20:44 -0000 1.2.18.2 +++ squid3/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h 28 Feb 2004 09:01:14 -0000 1.2.18.3 @@ -81,7 +81,6 @@ } #endif /* __GNUC__ */ -#define safe_free(x) if (x) { free(x); x = NULL; } /* A couple of harmless helper macros */ #define SEND(X) debug("sending '%s' to squid\n",X); printf(X "\n"); Index: squid3/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/ntlm_auth.c,v retrieving revision 1.2.18.4 retrieving revision 1.2.18.5 diff -u -r1.2.18.4 -r1.2.18.5 --- squid3/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c 3 Jan 2004 19:28:05 -0000 1.2.18.4 +++ squid3/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c 28 Feb 2004 09:01:14 -0000 1.2.18.5 @@ -30,11 +30,15 @@ * * History: * + * Version 1.21 + * 21-02-2004 Guido Serassio + * Removed control of use of NTLM NEGOTIATE packet from + * command line, now the support is automatic. * Version 1.20 * 30-11-2003 Guido Serassio * Added support for NTLM local calls. - Added control of use of NTLM NEGOTIATE packet from - command line. + * Added control of use of NTLM NEGOTIATE packet from + * command line. * Updated documentation. * Version 1.10 * 07-09-2003 Guido Serassio @@ -48,10 +52,8 @@ * */ -#include "util.h" -#include "getopt.h" +#include "squid.h" #include "ntlm.h" -#include #define BUFFER_SIZE 10240 @@ -68,14 +70,10 @@ char * NTDisAllowedGroup; int UseDisallowedGroup = 0; int UseAllowedGroup = 0; -int UseNtlmNegotiate = 0; #ifdef FAIL_DEBUG int fail_debug_enabled = 0; #endif -char YR_String[4] = "YR"; -int YR_Length = 2; - /* makes a null-terminated string upper-case. Changes CONTENTS! */ void uc(char *string) @@ -114,7 +112,6 @@ -l if specified, changes behavior on failures to last-ditch. -A can specify a Windows Local Group name allowed to authenticate. -D can specify a Windows Local Group name not allowed to authenticate. - -N enable use of NTLM NEGOTIATE packet */ char *my_program_name = NULL; @@ -123,19 +120,18 @@ { fprintf(stderr, #ifdef NTLM_FAIL_OPEN - "Usage: %s [-d] [-v] [-N] [-A|D LocalUserGroup] [-l] [-h]\n" + "Usage: %s [-d] [-v] [-A|D LocalUserGroup] [-l] [-h]\n" #else - "Usage: %s [-d] [-v] [-N] [-A|D LocalUserGroup] [-h]\n" + "Usage: %s [-d] [-v] [-A|D LocalUserGroup] [-h]\n" #endif - " -d enable debugging.\n" - " -v enable verbose NTLM packet debugging.\n" + " -d enable debugging.\n" + " -v enable verbose NTLM packet debugging.\n" #ifdef NTLM_FAIL_OPEN - " -l if specified, changes behavior on failures to last-ditch\n" + " -l if specified, changes behavior on failures to last-ditch\n" #endif - " -A specify a Windows Local Group name allowed to authenticate\n" - " -D specify a Windows Local Group name not allowed to authenticate\n" - " -N enable use of NTLM NEGOTIATE packet\n" - " -h this message\n\n", + " -A specify a Windows Local Group name allowed to authenticate\n" + " -D specify a Windows Local Group name not allowed to authenticate\n" + " -h this message\n\n", my_program_name); } @@ -147,9 +143,9 @@ opterr =0; #ifdef NTLM_FAIL_OPEN - while (-1 != (opt = getopt(argc, argv, "hdvlA:D:N"))) { + while (-1 != (opt = getopt(argc, argv, "hdvlA:D:"))) { #else - while (-1 != (opt = getopt(argc, argv, "hdvA:D:N"))) { + while (-1 != (opt = getopt(argc, argv, "hdvA:D:"))) { #endif switch (opt) { case 'A': @@ -162,11 +158,6 @@ NTDisAllowedGroup=xstrdup(optarg); UseDisallowedGroup = 1; break; - case 'N': - UseNtlmNegotiate = 1; - strcpy(YR_String, "YR "); - YR_Length = 3; - break; #ifdef NTLM_FAIL_OPEN case 'l': last_ditch_enabled = 1; @@ -246,9 +237,9 @@ hex_dump(decoded, ((strlen(buf) - 3) * 3) / 4); } else debug("Got '%s' from Squid\n", buf); - if (memcmp(buf, YR_String, YR_Length) == 0) { /* refresh-request */ + if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ /* figure out what we got */ - if (UseNtlmNegotiate) + if (strlen(buf) > 3) decoded = base64_decode(buf + 3); else decoded = base64_decode(ntlm_make_negotiate()); @@ -270,7 +261,7 @@ switch (fast_header->type) { case NTLM_NEGOTIATE: /* Obtain challenge against SSPI */ - if (UseNtlmNegotiate) + if (strlen(buf) > 3) plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */ else plen = NEGOTIATE_LENGTH; Index: squid3/helpers/ntlm_auth/NTLMSSP-WIN32/readme.txt =================================================================== RCS file: /cvsroot/squid-sf//squid3/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/readme.txt,v retrieving revision 1.2.18.3 retrieving revision 1.2.18.4 diff -u -r1.2.18.3 -r1.2.18.4 --- squid3/helpers/ntlm_auth/NTLMSSP-WIN32/readme.txt 3 Jan 2004 16:20:44 -0000 1.2.18.3 +++ squid3/helpers/ntlm_auth/NTLMSSP-WIN32/readme.txt 28 Feb 2004 09:01:14 -0000 1.2.18.4 @@ -1,19 +1,18 @@ -ntlm_auth.exe +win32_ntlm_auth.exe -Native Windows NTLM/NTLMv2 authenticator for Squid 3.0. +Native Windows NTLM/NTLMv2 authenticator for Squid 2.5 with +automatic support for NTLM NEGOTIATE packets. ===== Usage ===== -ntlm_auth [-d] [-v] [-N] [-A|D LocalUserGroup] [-l] [-h] +win32_ntlm_auth [-d] [-v] [-A|D LocalUserGroup] [-h] -d enables debugging. -v enables verbose NTLM packet debugging. --l if specified, changes behavior on failures to last-ditch. -A specify a Windows Local Group name allowed to authenticate. -D specify a Windows Local Group name not allowed to authenticate. --N enable use of NTLM NEGOTIATE packet. -h print program usage This is released under the GNU General Public License @@ -38,18 +37,18 @@ Squid.conf typical minimal required changes: -auth_param ntlm program c:/squid/libexec/ntlm_auth.exe -N +auth_param ntlm program c:/squid/libexec/win32_ntlm_auth.exe auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes -auth_param ntlm use_ntlm_negotiate on <== needs (or needed by) -N option +auth_param ntlm use_ntlm_negotiate on acl password proxy_auth REQUIRED http_access allow password http_access deny all -When using -N option, "use_ntlm_negotiate on" is MANDATORY and +When using "use_ntlm_negotiate on" max_challenge_reuses and max_challenge_lifetime parameters must be specified but they are are ignored. Index: squid3/port/win32/update.cmd =================================================================== RCS file: /cvsroot/squid-sf//squid3/port/win32/Attic/update.cmd,v retrieving revision 1.2.18.4 retrieving revision 1.2.18.5 diff -u -r1.2.18.4 -r1.2.18.5 --- squid3/port/win32/update.cmd 3 Jan 2004 16:30:46 -0000 1.2.18.4 +++ squid3/port/win32/update.cmd 28 Feb 2004 09:01:14 -0000 1.2.18.5 @@ -19,7 +19,7 @@ copy %0\..\fake_auth\%1\fake_auth.exe %2\libexec\fakeauth_auth.exe copy %0\..\nt_auth\%1\nt_auth.exe %2\libexec\nt_auth.exe copy %0\..\ncsa_auth\%1\ncsa_auth.exe %2\libexec\ncsa_auth.exe -copy %0\..\ntlm_win32_auth\%1\ntlm_win32_auth.exe %2\libexec\ntlm_auth.exe +copy %0\..\ntlm_win32_auth\%1\ntlm_win32_auth.exe %2\libexec\win32_ntlm_auth.exe copy %0\..\ldap_auth\%1\ldap_auth.exe %2\libexec\squid_ldap_auth.exe copy %0\..\ldap_group\%1\ldap_group.exe %2\libexec\squid_ldap_group.exe copy %0\..\win32_check_group\%1\win32_check_group.exe %2\libexec\win32_check_group.exe @@ -33,7 +33,7 @@ copy %0\..\..\..\icons\*.gif %2\share\icons > NUL -copy %0\..\..\..\helpers\ntlm_auth\NTLMSSP-WIN32\readme.txt %2\docs\ntlm_win32_auth.txt +copy %0\..\..\..\helpers\ntlm_auth\NTLMSSP-WIN32\readme.txt %2\docs\win32_ntlm_auth.txt copy %0\..\..\..\helpers\external_acl\win32_group\readme.txt %2\docs\win32_check_group.txt copy %0\..\..\..\helpers\external_acl\ip_user\README %2\docs\ip_user_check.txt copy %0\..\..\..\helpers\basic_auth\win32_locallogon\readme.txt %2\docs\nt_auth.txt