int main()
{
char username[256];
char password[256];
char wstr[256];
struct itimerval TimeOut;
/* Read denied user file. If it fails there is a serious problem.
Check syslog messages. Deny all users while in this state.
The process should then be killed. */
if (Read_denyusers() == 1)
{
while (1)
{
fgets(wstr, 255, stdin);
puts("ERR");
fflush(stdout);
}
}
/* An alarm timer is used to check the denied user file for changes
every minute. Reload the file if it has changed. */
TimeOut.it_interval.tv_sec = 60;
TimeOut.it_interval.tv_usec = 0;
TimeOut.it_value.tv_sec = 60;
TimeOut.it_value.tv_usec = 0;
setitimer(ITIMER_REAL, &TimeOut, 0);
signal(SIGALRM, Checkforchange);
signal(SIGHUP, Checkforchange);
while (1)
{
/* Read whole line from standard input. Terminate on break. */
if (fgets(wstr, 255, stdin) == NULL)
break;
/* Clear any current settings */
username[0] = '\0';
password[0] = '\0';
sscanf(wstr, "%s %s", username, password); /* Extract parameters */
/* Check for invalid or blank entries */
if ((username[0] == '\0') || (password[0] == '\0'))
{
puts("ERR");
fflush(stdout);
continue;
}
if (Check_user(username) == 1) /* Check if user is denied */
puts("ERR");
else
{
if (Valid_User(username, password, PRIMARY_DC, BACKUP_DC, NTDOMAIN) == 0)
puts("OK");
else
puts("ERR");
}
fflush(stdout);
}
return 0;
}
int
main(int argc, char **argv)
{
char username[256];
char password[256];
char wstr[256];
int err = 0;
openlog("msnt_auth", LOG_PID, LOG_USER);
setbuf(stdout, NULL);
/* Read configuration file. Abort wildly if error. */
if (OpenConfigFile() == 1)
return 1;
/*
* Read denied and allowed user files.
* If they fails, there is a serious problem.
* Check syslog messages. Deny all users while in this state.
* The msntauth process should then be killed.
*/
if ((Read_denyusers() == 1) || (Read_allowusers() == 1)) {
while (1) {
memset(wstr, '\0', sizeof(wstr));
fgets(wstr, 255, stdin);
puts("ERR");
}
}
/*
* Make Check_forchange() the handle for HUP signals.
* Don't use alarms any more. I don't think it was very
* portable between systems.
* XXX this should be sigaction()
*/
signal(SIGHUP, Check_forchange);
while (1) {
int n;
/* Read whole line from standard input. Terminate on break. */
memset(wstr, '\0', sizeof(wstr));
if (fgets(wstr, 255, stdin) == NULL)
break;
/* ignore this line if we didn't get the end-of-line marker */
if (NULL == strchr(wstr, '\n')) {
err = 1;
continue;
}
if (err) {
syslog(LOG_WARNING, "oversized message");
goto error;
}
/*
* extract username and password.
* XXX is sscanf() safe?
*/
username[0] = '\0';
password[0] = '\0';
n = sscanf(wstr, "%s %[^\n]", username, password);
if (2 != n) {
puts("ERR");
continue;
}
/* Check for invalid or blank entries */
if ((username[0] == '\0') || (password[0] == '\0')) {
puts("ERR");
continue;
}
Checktimer(); /* Check if the user lists have changed */
rfc1738_unescape(username);
rfc1738_unescape(password);
/*
* Check if user is explicitly denied or allowed.
* If user passes both checks, they can be authenticated.
*/
if (Check_user(username) == 1) {
syslog(LOG_INFO, "'%s' denied", username);
puts("ERR");
} else if (QueryServers(username, password) == 0)
puts("OK");
else {
syslog(LOG_INFO, "'%s' login failed", username);
error:
puts("ERR");
}
err = 0;
}
return 0;
}
