142
143
char *c, *decoded;
143
144
int plen, status;
144
145
int oversized = 0;
146
static char cred[SSP_MAX_CRED_LEN+1];
147
static char cred[SSP_MAX_CRED_LEN + 1];
147
148
BOOL Done = FALSE;
150
if (fgets(buf, BUFFER_SIZE, stdin) == NULL)
151
if (fgets(buf, BUFFER_SIZE, stdin) == NULL)
153
c = memchr(buf, '\n', BUFFER_SIZE); /* safer against overrun than strchr */
154
c = memchr(buf, '\n', BUFFER_SIZE); /* safer against overrun than strchr */
156
helperfail("illegal request received");
157
fprintf(stderr, "Illegal request received: '%s'\n", buf);
157
helperfail("illegal request received");
158
fprintf(stderr, "Illegal request received: '%s'\n", buf);
162
fprintf(stderr, "No newline in '%s'\n", buf);
163
fprintf(stderr, "No newline in '%s'\n", buf);
167
168
if ((strlen(buf) > 3) && Negotiate_packet_debug_enabled) {
173
174
debug("Got '%s' from Squid\n", buf);
175
176
if (memcmp(buf, "YR ", 3) == 0) { /* refresh-request */
176
/* figure out what we got */
177
/* figure out what we got */
177
178
decoded = base64_decode(buf + 3);
178
/* Note: we don't need to manage memory at this point, since
179
* base64_decode returns a pointer to static storage.
181
if (!decoded) { /* decoding failure, return error */
182
SEND("NA * Packet format error, couldn't base64-decode");
185
/* Obtain server blob against SSPI */
186
plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */
179
/* Note: we don't need to manage memory at this point, since
180
* base64_decode returns a pointer to static storage.
182
if (!decoded) { /* decoding failure, return error */
183
SEND("NA * Packet format error, couldn't base64-decode");
186
/* Obtain server blob against SSPI */
187
plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */
187
188
c = (char *) SSP_MakeNegotiateBlob(decoded, plen, &Done, &status, cred);
189
190
if (status == SSP_OK) {
191
lc(cred); /* let's lowercase them for our convenience */
192
lc(cred); /* let's lowercase them for our convenience */
192
193
have_serverblob = 0;
194
195
if (Negotiate_packet_debug_enabled) {
195
printf("AF %s %s\n",c,cred);
196
196
decoded = base64_decode(c);
197
debug("sending 'AF' %s to squid with data:\n", cred);
198
hex_dump(decoded, (strlen(c) * 3) / 4);
197
debug("sending 'AF' %s to squid with data:\n", cred);
199
hex_dump(decoded, (strlen(c) * 3) / 4);
201
fprintf(stderr, "No data available.\n");
202
printf("AF %s %s\n", c, cred);
200
204
SEND3("AF %s %s", c, cred);
202
206
if (Negotiate_packet_debug_enabled) {
204
207
decoded = base64_decode(c);
205
debug("sending 'TT' to squid with data:\n");
208
debug("sending 'TT' to squid with data:\n");
206
209
hex_dump(decoded, (strlen(c) * 3) / 4);
210
printf("TT %s\n", c);
208
212
SEND2("TT %s", c);
213
217
helperfail("can't obtain server blob");
217
220
if (memcmp(buf, "KK ", 3) == 0) { /* authenticate-request */
218
221
if (!have_serverblob) {
219
helperfail("invalid server blob");
222
/* figure out what we got */
223
decoded = base64_decode(buf + 3);
224
/* Note: we don't need to manage memory at this point, since
225
* base64_decode returns a pointer to static storage.
227
if (!decoded) { /* decoding failure, return error */
228
SEND("NA * Packet format error, couldn't base64-decode");
222
helperfail("invalid server blob");
225
/* figure out what we got */
226
decoded = base64_decode(buf + 3);
227
/* Note: we don't need to manage memory at this point, since
228
* base64_decode returns a pointer to static storage.
230
if (!decoded) { /* decoding failure, return error */
231
SEND("NA * Packet format error, couldn't base64-decode");
232
234
/* check against SSPI */
233
plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */
235
plen = (strlen(buf) - 3) * 3 / 4; /* we only need it here. Optimization */
234
236
c = (char *) SSP_ValidateNegotiateCredentials(decoded, plen, &Done, &status, cred);
236
238
if (status == SSP_ERROR) {
238
240
fail_debug_enabled = 1;
240
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |
242
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |
241
243
FORMAT_MESSAGE_IGNORE_INSERTS,
244
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */
245
(LPTSTR) &ErrorMessage,
246
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */
247
(LPTSTR) & ErrorMessage,
248
250
if (ErrorMessage[strlen(ErrorMessage) - 1] == '\n')
249
251
ErrorMessage[strlen(ErrorMessage) - 1] = '\0';
250
252
if (ErrorMessage[strlen(ErrorMessage) - 1] == '\r')
251
253
ErrorMessage[strlen(ErrorMessage) - 1] = '\0';
252
SEND2("NA * %s", ErrorMessage);
254
SEND2("NA * %s", ErrorMessage);
253
255
LocalFree(ErrorMessage);
258
lc(cred); /* let's lowercase them for our convenience */
259
lc(cred); /* let's lowercase them for our convenience */
259
260
have_serverblob = 0;
261
262
if (Negotiate_packet_debug_enabled) {
262
printf("AF %s %s\n",c,cred);
263
263
decoded = base64_decode(c);
264
debug("sending 'AF' %s to squid with data:\n", cred);
265
hex_dump(decoded, (strlen(c) * 3) / 4);
264
debug("sending 'AF' %s to squid with data:\n", cred);
266
hex_dump(decoded, (strlen(c) * 3) / 4);
268
fprintf(stderr, "No data available.\n");
269
printf("AF %s %s\n", c, cred);
267
271
SEND3("AF %s %s", c, cred);
271
275
if (Negotiate_packet_debug_enabled) {
273
276
decoded = base64_decode(c);
274
debug("sending 'TT' to squid with data:\n");
277
debug("sending 'TT' to squid with data:\n");
275
278
hex_dump(decoded, (strlen(c) * 3) / 4);
279
printf("TT %s\n", c);
281
} else { /* not an auth-request */
282
helperfail("illegal request received");
283
fprintf(stderr, "Illegal request received: '%s'\n", buf);
285
} else { /* not an auth-request */
286
helperfail("illegal request received");
287
fprintf(stderr, "Illegal request received: '%s'\n", buf);
286
290
helperfail("detected protocol error");
288
/********* END ********/
292
/********* END ********/