4
* (C) 2000 Antonino Iannella, Stellar-X Pty Ltd
5
* Released under GPL, see COPYING-2.0 for details.
7
* These routines are to allow users attempting to use the proxy which
8
* have been explicitly allowed by the system administrator.
9
* The code originated from denyusers.c.
21
#include <sys/param.h>
23
#define NAMELEN 50 /* Maximum username length */
25
/* Global variables */
27
char *AllowedUsers; /* Pointer to string of allowed users */
28
off_t AllowUserSize; /* Size of allowed users file */
29
struct stat FileBuf; /* Stat data buffer */
30
time_t LastModTime; /* Last allowed user file modification time */
32
char Allowuserpath[MAXPATHLEN]; /* MAXPATHLEN defined in param.h */
34
/* Function declarations */
36
int Read_allowusers();
37
int Check_ifuserallowed(char *);
38
void Checkforchange();
42
* Reads the allowed users file for all users to be permitted.
43
* Returns 0 if the user list was successfully loaded,
44
* and 1 in case of error.
45
* Logs any messages to the syslog daemon.
51
FILE *AFile; /* Allowed users file pointer */
52
off_t APos = 0; /* File counter */
53
char AChar; /* Character buffer */
55
/* Stat the file. If it does not exist, save the size as zero.
56
* Clear the allowed user string. Return. */
57
if (stat(Allowuserpath, &FileBuf) == -1) {
58
if (errno == ENOENT) {
59
LastModTime = (time_t) 0;
62
AllowedUsers = malloc(sizeof(char));
63
AllowedUsers[0] = '\0';
66
syslog(LOG_USER | LOG_ERR, strerror(errno));
70
/* If it exists, save the modification time and size */
71
LastModTime = FileBuf.st_mtime;
72
AllowUserSize = FileBuf.st_size;
74
/* Handle the special case of a zero length file */
75
if (AllowUserSize == 0) {
77
AllowedUsers = malloc(sizeof(char));
78
AllowedUsers[0] = '\0';
81
/* Free and allocate space for a string to store the allowed usernames */
84
if ((AllowedUsers = malloc(sizeof(char) * (AllowUserSize + 3))) == NULL) {
85
syslog(LOG_USER | LOG_ERR, "Read_allowusers: malloc(AllowedUsers) failed.");
88
/* Open the allowed users file. Report any errors. */
90
if ((AFile = fopen(Allowuserpath, "r")) == NULL) {
91
syslog(LOG_USER | LOG_ERR, "Read_allowusers: Failed to open allowed user file.");
92
syslog(LOG_USER | LOG_ERR, strerror(errno));
95
/* Read user names into the AllowedUsers string.
96
* Make sure each string is delimited by a space. */
98
AllowedUsers[APos++] = ' ';
100
while (!feof(AFile)) {
101
if ((AChar = fgetc(AFile)) == EOF)
105
AllowedUsers[APos++] = ' ';
107
AllowedUsers[APos++] = toupper(AChar);
111
AllowedUsers[APos++] = ' ';
112
AllowedUsers[APos] = '\0';
118
* Check to see if the username provided by Squid appears in the allowed
119
* user list. Returns 0 if the user was not found, and 1 if they were.
123
Check_ifuserallowed(char *ConnectingUser)
125
static char CUBuf[NAMELEN + 1];
127
static char AllowMsg[256];
129
/* If user string is empty, allow */
130
if (ConnectingUser[0] == '\0')
133
/* If allowed user list is empty, allow all users.
134
* If no users are supposed to be using the proxy, stop squid instead. */
135
if (AllowUserSize == 0)
138
/* Check if username string is found in the allowed user list.
139
* If so, allow. If not, deny. Reconstruct the username
140
* to have whitespace, to avoid finding wrong string subsets. */
142
sscanf(ConnectingUser, " %s ", CUBuf);
143
sprintf(CUBuf, " %s ", CUBuf);
145
for (x = 0; x <= strlen(CUBuf); x++)
146
CUBuf[x] = toupper(CUBuf[x]);
148
if (strstr(AllowedUsers, CUBuf) != NULL)
150
else { /* If NULL, they are not allowed to use the proxy */
151
sprintf(AllowMsg, "Denied access to user '%s'.", CUBuf);
152
syslog(LOG_USER | LOG_ERR, AllowMsg);
158
* Checks if there has been a change in the allowed users file.
159
* If the modification time has changed, then reload the allowed user list.
160
* This function is called by the SIGHUP signal handler.
164
Check_forallowchange()
166
struct stat ChkBuf; /* Stat data buffer */
168
/* Stat the allowed users file. If it cannot be accessed, return. */
170
if (stat(Allowuserpath, &ChkBuf) == -1) {
171
if (errno == ENOENT) {
172
LastModTime = (time_t) 0;
175
AllowedUsers = malloc(sizeof(char));
176
AllowedUsers[0] = '\0';
178
} else { /* Report error when accessing file */
179
syslog(LOG_USER | LOG_ERR, strerror(errno));
183
/* If found, compare the modification time with the previously-recorded
185
* If the modification time has changed, reload the allowed user list.
186
* Log a message of its actions. */
188
if (ChkBuf.st_mtime != LastModTime) {
189
syslog(LOG_USER | LOG_INFO, "Check_forallowchange: Reloading allowed user list.");