valid.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/*
10 NT_auth - Version 2.0
11
12 Modified to act as a Squid authenticator module.
13 Removed all Pike stuff.
14 Returns OK for a successful authentication, or ERR upon error.
15
16 Guido Serassio, Torino - Italy
17
18 Uses code from -
19 Antonino Iannella 2000
20 Andrew Tridgell 1997
21 Richard Sharpe 1996
22 Bill Welliver 1999
23
24 * Distributed freely under the terms of the GNU General Public License,
25 * version 2 or later. See the file COPYING for licensing details
26 *
27 * This program is distributed in the hope that it will be useful,
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30 * GNU General Public License for more details.
31
32 * You should have received a copy of the GNU General Public License
33 * along with this program; if not, write to the Free Software
34 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
35*/
36
37#include "squid.h"
39#include "util.h"
40
41#include <cwchar>
42
44const char * errormsg;
45
46const char NTV_SERVER_ERROR_MSG[] = "Internal server error";
47const char NTV_GROUP_ERROR_MSG[] = "User not allowed to use this cache";
48const char NTV_LOGON_ERROR_MSG[] = "No such user or wrong password";
49const char NTV_VALID_DOMAIN_SEPARATOR[] = "\\/";
50
51/* returns 1 on success, 0 on failure */
52static int
53Valid_Group(char *UserName, char *Group)
54{
55 int result = FALSE;
56 WCHAR wszUserName[256]; // Unicode user name
57 WCHAR wszGroup[256]; // Unicode Group
58
59 LPLOCALGROUP_USERS_INFO_0 pBuf = nullptr;
60 LPLOCALGROUP_USERS_INFO_0 pTmpBuf;
61 DWORD dwLevel = 0;
62 DWORD dwFlags = LG_INCLUDE_INDIRECT;
63 DWORD dwPrefMaxLen = -1;
64 DWORD dwEntriesRead = 0;
65 DWORD dwTotalEntries = 0;
66 NET_API_STATUS nStatus;
67 DWORD i;
68 DWORD dwTotalCount = 0;
69
70 /* Convert ANSI User Name and Group to Unicode */
71
72 MultiByteToWideChar(CP_ACP, 0, UserName,
73 strlen(UserName) + 1, wszUserName,
74 sizeof(wszUserName) / sizeof(wszUserName[0]));
75 MultiByteToWideChar(CP_ACP, 0, Group,
76 strlen(Group) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0]));
77
78 /*
79 * Call the NetUserGetLocalGroups function
80 * specifying information level 0.
81 *
82 * The LG_INCLUDE_INDIRECT flag specifies that the
83 * function should also return the names of the local
84 * groups in which the user is indirectly a member.
85 */
86 nStatus = NetUserGetLocalGroups(nullptr,
87 wszUserName,
88 dwLevel,
89 dwFlags,
90 (LPBYTE *) & pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries);
91 /*
92 * If the call succeeds,
93 */
94 if (nStatus == NERR_Success) {
95 if ((pTmpBuf = pBuf) != NULL) {
96 for (i = 0; i < dwEntriesRead; ++i) {
97 if (pTmpBuf == NULL) {
98 result = FALSE;
99 break;
100 }
101 if (wcscmp(pTmpBuf->lgrui0_name, wszGroup) == 0) {
102 result = TRUE;
103 break;
104 }
105 ++pTmpBuf;
106 ++dwTotalCount;
107 }
108 }
109 } else
110 result = FALSE;
111 /*
112 * Free the allocated memory.
113 */
114 if (pBuf != NULL)
115 NetApiBufferFree(pBuf);
116 return result;
117}
118
119int
120Valid_User(char *UserName, char *Password, char *)
121{
122 int result = NTV_SERVER_ERROR;
123 size_t i;
124 char NTDomain[256];
125 char *domain_qualify = nullptr;
126 char DomainUser[256];
127 char User[256];
128
130 xstrncpy(NTDomain, UserName, sizeof(NTDomain));
131
132 for (i=0; i < strlen(NTV_VALID_DOMAIN_SEPARATOR); ++i) {
133 if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[i])) != NULL)
134 break;
135 }
136 if (domain_qualify == NULL) {
137 strcpy(User, NTDomain);
138 strcpy(NTDomain, Default_NTDomain);
139 } else {
140 strcpy(User, domain_qualify + 1);
141 domain_qualify[0] = '\0';
142 }
143 /* Log the client on to the local computer. */
144 if (!SSP_LogonUser(User, Password, NTDomain)) {
145 result = NTV_LOGON_ERROR;
147 debug("%s\n", errormsg);
148 } else {
149 result = NTV_NO_ERROR;
150 if (strcmp(NTDomain, NTV_DEFAULT_DOMAIN) == 0)
151 strcpy(DomainUser, User);
152 else {
153 strcpy(DomainUser, NTDomain);
154 strcat(DomainUser, "\\");
155 strcat(DomainUser, User);
156 }
157 if (UseAllowedGroup) {
158 if (!Valid_Group(DomainUser, NTAllowedGroup)) {
159 result = NTV_GROUP_ERROR;
161 debug("%s\n", errormsg);
162 }
163 }
164 if (UseDisallowedGroup) {
165 if (Valid_Group(DomainUser, NTDisAllowedGroup)) {
166 result = NTV_GROUP_ERROR;
168 debug("%s\n", errormsg);
169 }
170 }
171 }
172 return result;
173}
174
int Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *, const char *DOMAIN)
Definition: valid.cc:25
#define NTV_SERVER_ERROR
Definition: valid.h:14
#define NTV_LOGON_ERROR
Definition: valid.h:16
#define NTV_NO_ERROR
Definition: valid.h:13
const char NTV_LOGON_ERROR_MSG[]
Definition: valid.cc:48
const char NTV_GROUP_ERROR_MSG[]
Definition: valid.cc:47
const char NTV_VALID_DOMAIN_SEPARATOR[]
Definition: valid.cc:49
const char NTV_SERVER_ERROR_MSG[]
Definition: valid.cc:46
static int Valid_Group(char *UserName, char *Group)
Definition: valid.cc:53
const char * errormsg
Definition: valid.cc:44
char Default_NTDomain[DNLEN+1]
Definition: valid.cc:43
#define NTV_GROUP_ERROR
Definition: valid.h:50
#define NTV_DEFAULT_DOMAIN
Definition: valid.h:57
char * NTAllowedGroup
int UseAllowedGroup
char * NTDisAllowedGroup
int UseDisallowedGroup
void debug(const char *format,...)
Definition: debug.cc:19
BOOL WINAPI SSP_LogonUser(PTSTR szUser, PTSTR szPassword, PTSTR szDomain)
Definition: sspwin32.cc:390
#define TRUE
Definition: std-includes.h:55
#define FALSE
Definition: std-includes.h:56
#define NULL
Definition: types.h:145
char * xstrncpy(char *dst, const char *src, size_t n)
Definition: xstring.cc:37

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors