valid.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/*
10 NT_auth - Version 2.0
11
12 Modified to act as a Squid authenticator module.
13 Removed all Pike stuff.
14 Returns OK for a successful authentication, or ERR upon error.
15
16 Guido Serassio, Torino - Italy
17
18 Uses code from -
19 Antonino Iannella 2000
20 Andrew Tridgell 1997
21 Richard Sharpe 1996
22 Bill Welliver 1999
23
24 * Distributed freely under the terms of the GNU General Public License,
25 * version 2 or later. See the file COPYING for licensing details
26 *
27 * This program is distributed in the hope that it will be useful,
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30 * GNU General Public License for more details.
31
32 * You should have received a copy of the GNU General Public License
33 * along with this program; if not, write to the Free Software
34 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
35*/
36
37#include "squid.h"
38#include "util.h"
39
40/* Check if we try to compile on a Windows Platform */
41#if !_SQUID_WINDOWS_
42/* NON Windows Platform !!! */
43#error NON WINDOWS PLATFORM
44#endif
45
46#if _SQUID_CYGWIN_
47#include <wchar.h>
48#endif
50
52const char * errormsg;
53
54const char NTV_SERVER_ERROR_MSG[] = "Internal server error";
55const char NTV_GROUP_ERROR_MSG[] = "User not allowed to use this cache";
56const char NTV_LOGON_ERROR_MSG[] = "No such user or wrong password";
57const char NTV_VALID_DOMAIN_SEPARATOR[] = "\\/";
58
59/* returns 1 on success, 0 on failure */
60int
61Valid_Group(char *UserName, char *Group)
62{
63 int result = FALSE;
64 WCHAR wszUserName[256]; // Unicode user name
65 WCHAR wszGroup[256]; // Unicode Group
66
67 LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;
68 LPLOCALGROUP_USERS_INFO_0 pTmpBuf;
69 DWORD dwLevel = 0;
70 DWORD dwFlags = LG_INCLUDE_INDIRECT;
71 DWORD dwPrefMaxLen = -1;
72 DWORD dwEntriesRead = 0;
73 DWORD dwTotalEntries = 0;
74 NET_API_STATUS nStatus;
75 DWORD i;
76 DWORD dwTotalCount = 0;
77
78 /* Convert ANSI User Name and Group to Unicode */
79
80 MultiByteToWideChar(CP_ACP, 0, UserName,
81 strlen(UserName) + 1, wszUserName,
82 sizeof(wszUserName) / sizeof(wszUserName[0]));
83 MultiByteToWideChar(CP_ACP, 0, Group,
84 strlen(Group) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0]));
85
86 /*
87 * Call the NetUserGetLocalGroups function
88 * specifying information level 0.
89 *
90 * The LG_INCLUDE_INDIRECT flag specifies that the
91 * function should also return the names of the local
92 * groups in which the user is indirectly a member.
93 */
94 nStatus = NetUserGetLocalGroups(NULL,
95 wszUserName,
96 dwLevel,
97 dwFlags,
98 (LPBYTE *) & pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries);
99 /*
100 * If the call succeeds,
101 */
102 if (nStatus == NERR_Success) {
103 if ((pTmpBuf = pBuf) != NULL) {
104 for (i = 0; i < dwEntriesRead; ++i) {
105 if (pTmpBuf == NULL) {
106 result = FALSE;
107 break;
108 }
109 if (wcscmp(pTmpBuf->lgrui0_name, wszGroup) == 0) {
110 result = TRUE;
111 break;
112 }
113 ++pTmpBuf;
114 ++dwTotalCount;
115 }
116 }
117 } else
118 result = FALSE;
119 /*
120 * Free the allocated memory.
121 */
122 if (pBuf != NULL)
123 NetApiBufferFree(pBuf);
124 return result;
125}
126
127int
128Valid_User(char *UserName, char *Password, char *Group)
129{
130 int result = NTV_SERVER_ERROR;
131 size_t i;
132 char NTDomain[256];
133 char *domain_qualify = NULL;
134 char DomainUser[256];
135 char User[256];
136
138 strncpy(NTDomain, UserName, sizeof(NTDomain));
139
140 for (i=0; i < strlen(NTV_VALID_DOMAIN_SEPARATOR); ++i) {
141 if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[i])) != NULL)
142 break;
143 }
144 if (domain_qualify == NULL) {
145 strcpy(User, NTDomain);
146 strcpy(NTDomain, Default_NTDomain);
147 } else {
148 strcpy(User, domain_qualify + 1);
149 domain_qualify[0] = '\0';
150 }
151 /* Log the client on to the local computer. */
152 if (!SSP_LogonUser(User, Password, NTDomain)) {
153 result = NTV_LOGON_ERROR;
155 debug("%s\n", errormsg);
156 } else {
157 result = NTV_NO_ERROR;
158 if (strcmp(NTDomain, NTV_DEFAULT_DOMAIN) == 0)
159 strcpy(DomainUser, User);
160 else {
161 strcpy(DomainUser, NTDomain);
162 strcat(DomainUser, "\\");
163 strcat(DomainUser, User);
164 }
165 if (UseAllowedGroup) {
166 if (!Valid_Group(DomainUser, NTAllowedGroup)) {
167 result = NTV_GROUP_ERROR;
169 debug("%s\n", errormsg);
170 }
171 }
172 if (UseDisallowedGroup) {
173 if (Valid_Group(DomainUser, NTDisAllowedGroup)) {
174 result = NTV_GROUP_ERROR;
176 debug("%s\n", errormsg);
177 }
178 }
179 }
180 return result;
181}
182
int Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *, const char *DOMAIN)
Definition: valid.cc:25
#define NTV_SERVER_ERROR
Definition: valid.h:14
#define NTV_LOGON_ERROR
Definition: valid.h:16
#define NTV_NO_ERROR
Definition: valid.h:13
const char NTV_LOGON_ERROR_MSG[]
Definition: valid.cc:56
const char NTV_GROUP_ERROR_MSG[]
Definition: valid.cc:55
const char NTV_VALID_DOMAIN_SEPARATOR[]
Definition: valid.cc:57
const char NTV_SERVER_ERROR_MSG[]
Definition: valid.cc:54
int Valid_Group(char *UserName, char *Group)
Definition: valid.cc:61
const char * errormsg
Definition: valid.cc:52
char Default_NTDomain[DNLEN+1]
Definition: valid.cc:51
#define NTV_GROUP_ERROR
Definition: valid.h:53
#define NTV_DEFAULT_DOMAIN
Definition: valid.h:60
char * NTAllowedGroup
int UseAllowedGroup
char * NTDisAllowedGroup
int UseDisallowedGroup
void debug(const char *format,...)
Definition: debug.cc:19
BOOL WINAPI SSP_LogonUser(PTSTR szUser, PTSTR szPassword, PTSTR szDomain)
Definition: sspwin32.cc:383
#define TRUE
Definition: std-includes.h:55
#define FALSE
Definition: std-includes.h:56
#define NULL
Definition: types.h:160

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors