#! /usr/bin/perl
#
# socks5_auth -passwd <passwd-file> [-log <log-file>] [-stderr]
#
# Arguments:
#
# * passwd-file (squid must be able to read it)
#   . cleartext password file
#   . file format:
#   username_1 password_1
#   ...
#   username_N password_N
#
# * log-file (optional, squid must be able to open it for writing)
#   . log file for testing
# 
# * -stderr (optional, debbuging only)
#   . enables logging to stderr, for testing
#
# $Id: socks5_auth,v 1.1 1999/09/20 20:24:13 everton Exp $

use Fcntl ':flock';

sub remove_trailing_slashes {
    my $path = shift;

    if ($path =~ /(.*[^\/])\/*$/) {
        $path = $1;
    }

    $path;
}

sub basename {
    my $path = shift;

    $path = &remove_trailing_slashes($path);

    $path =~ /\/([^\/]*)$/ ? $1 : $path;
}

$me = &basename($0);

{
    my $use_stderr;

    sub open_stderr {
	$use_stderr = $_[0];
    }

    sub error {
	if ($use_stderr) {
	    my $t = localtime;
	    my $line;
	    foreach $line (@_) {
		print STDERR "$t $me: $line\n";
	    }
	}
    }
}

{
    local *LOG;
    my $log_file;

    sub open_log {
	$log_file = $_[0];
	if ($log_file) {
	    open(LOG, ">>$log_file") || error("can't open log file: $log_file");
	}
    }

    sub log {

	if ($log_file) {
	    my $t = localtime;
	    my $line;

	    flock(LOG, Fcntl::LOCK_EX);
	    foreach $line (@_) {
		print LOG "$t $me: $line\n";
	    }
	    flock(LOG, Fcntl::LOCK_UN);

	}
    }
}

sub report {
    &error(@_);
    &log(@_);
}

{
    my $passwd_file;

    sub open_passwd {
	$passwd_file = $_[0];
	if (!$passwd_file) {
	    &report("undefined password file (use -passwd <file>)");
	}
    }

    sub chkpasswd {
    
	if (!$passwd_file) {
	    &report("undefined password file (use -passwd <file>)");
	    return 0;
	}
    
	my ($username, $password) = @_;
    
	local *IN;
	if (!open(IN, "<$passwd_file")) {
	    &report("can't open password file: $passwd_file");
	    return 0;
	}
    
	my $ok = 0;
	while (<IN>) {
	    chomp;
	    my ($user, $pass) = split;
	    if ( ($user eq $username) && ($pass eq $password) ) {
		$ok = 1;
		last;
	    }
	}
    
	close IN;
    
	$ok;
    }   

}

sub usage {
    warn "usage: $me -passwd <passwd-file> [-log <log-file>] [-stderr]\n";
}

#
# Arguments
# 
my $i;
my $passwd;
my $log;
my $stderr;
for ($i = 0; $i <= $#ARGV; ++$i) {
    my $arg = $ARGV[$i];
    if ($arg eq '-passwd') {
	$passwd = $ARGV[++$i];
    }
    elsif ($arg eq '-log') {
	$log = $ARGV[++$i];
    }
    elsif ($arg eq '-stderr') {
	$stderr = 1;
    }
    else {
	warn "$me: invalid argument: $arg\n";
	&usage();
	exit 1;
    }
}

###############
# Main Program
#

&open_stderr($stderr);
&open_log($log);
&open_passwd($passwd);

$| = 1; # flush on

while (<STDIN>) {
    chomp;
    my ($username, $password) = split;
    if (&chkpasswd($username, $password)) {
	&report("$username: auth: OK");
	print "OK\n";
    }
    else {
	&report("$username: auth: ERR");
	print "ERR\n";
    }
}

#
# End of Main Program
######################