valid.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /*
10  NT_auth - Version 2.0
11 
12  Modified to act as a Squid authenticator module.
13  Removed all Pike stuff.
14  Returns OK for a successful authentication, or ERR upon error.
15 
16  Guido Serassio, Torino - Italy
17 
18  Uses code from -
19  Antonino Iannella 2000
20  Andrew Tridgell 1997
21  Richard Sharpe 1996
22  Bill Welliver 1999
23 
24  * Distributed freely under the terms of the GNU General Public License,
25  * version 2 or later. See the file COPYING for licensing details
26  *
27  * This program is distributed in the hope that it will be useful,
28  * but WITHOUT ANY WARRANTY; without even the implied warranty of
29  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30  * GNU General Public License for more details.
31 
32  * You should have received a copy of the GNU General Public License
33  * along with this program; if not, write to the Free Software
34  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
35 */
36 
37 #include "squid.h"
38 #include "util.h"
39 
40 /* Check if we try to compile on a Windows Platform */
41 #if !_SQUID_WINDOWS_
42 /* NON Windows Platform !!! */
43 #error NON WINDOWS PLATFORM
44 #endif
45 
46 #if _SQUID_CYGWIN_
47 #include <wchar.h>
48 #endif
49 #include "auth/basic/SSPI/valid.h"
50 
52 const char * errormsg;
53 
54 const char NTV_SERVER_ERROR_MSG[] = "Internal server errror";
55 const char NTV_GROUP_ERROR_MSG[] = "User not allowed to use this cache";
56 const char NTV_LOGON_ERROR_MSG[] = "No such user or wrong password";
57 const char NTV_VALID_DOMAIN_SEPARATOR[] = "\\/";
58 
59 /* returns 1 on success, 0 on failure */
60 int
61 Valid_Group(char *UserName, char *Group)
62 {
63  int result = FALSE;
64  WCHAR wszUserName[256]; // Unicode user name
65  WCHAR wszGroup[256]; // Unicode Group
66 
67  LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;
68  LPLOCALGROUP_USERS_INFO_0 pTmpBuf;
69  DWORD dwLevel = 0;
70  DWORD dwFlags = LG_INCLUDE_INDIRECT;
71  DWORD dwPrefMaxLen = -1;
72  DWORD dwEntriesRead = 0;
73  DWORD dwTotalEntries = 0;
74  NET_API_STATUS nStatus;
75  DWORD i;
76  DWORD dwTotalCount = 0;
77 
78  /* Convert ANSI User Name and Group to Unicode */
79 
80  MultiByteToWideChar(CP_ACP, 0, UserName,
81  strlen(UserName) + 1, wszUserName,
82  sizeof(wszUserName) / sizeof(wszUserName[0]));
83  MultiByteToWideChar(CP_ACP, 0, Group,
84  strlen(Group) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0]));
85 
86  /*
87  * Call the NetUserGetLocalGroups function
88  * specifying information level 0.
89  *
90  * The LG_INCLUDE_INDIRECT flag specifies that the
91  * function should also return the names of the local
92  * groups in which the user is indirectly a member.
93  */
94  nStatus = NetUserGetLocalGroups(NULL,
95  wszUserName,
96  dwLevel,
97  dwFlags,
98  (LPBYTE *) & pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries);
99  /*
100  * If the call succeeds,
101  */
102  if (nStatus == NERR_Success) {
103  if ((pTmpBuf = pBuf) != NULL) {
104  for (i = 0; i < dwEntriesRead; ++i) {
105  if (pTmpBuf == NULL) {
106  result = FALSE;
107  break;
108  }
109  if (wcscmp(pTmpBuf->lgrui0_name, wszGroup) == 0) {
110  result = TRUE;
111  break;
112  }
113  ++pTmpBuf;
114  ++dwTotalCount;
115  }
116  }
117  } else
118  result = FALSE;
119  /*
120  * Free the allocated memory.
121  */
122  if (pBuf != NULL)
123  NetApiBufferFree(pBuf);
124  return result;
125 }
126 
127 int
128 Valid_User(char *UserName, char *Password, char *Group)
129 {
130  int result = NTV_SERVER_ERROR;
131  size_t i;
132  char NTDomain[256];
133  char *domain_qualify = NULL;
134  char DomainUser[256];
135  char User[256];
136 
138  strncpy(NTDomain, UserName, sizeof(NTDomain));
139 
140  for (i=0; i < strlen(NTV_VALID_DOMAIN_SEPARATOR); ++i) {
141  if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[i])) != NULL)
142  break;
143  }
144  if (domain_qualify == NULL) {
145  strcpy(User, NTDomain);
146  strcpy(NTDomain, Default_NTDomain);
147  } else {
148  strcpy(User, domain_qualify + 1);
149  domain_qualify[0] = '\0';
150  }
151  /* Log the client on to the local computer. */
152  if (!SSP_LogonUser(User, Password, NTDomain)) {
153  result = NTV_LOGON_ERROR;
155  debug("%s\n", errormsg);
156  } else {
157  result = NTV_NO_ERROR;
158  if (strcmp(NTDomain, NTV_DEFAULT_DOMAIN) == 0)
159  strcpy(DomainUser, User);
160  else {
161  strcpy(DomainUser, NTDomain);
162  strcat(DomainUser, "\\");
163  strcat(DomainUser, User);
164  }
165  if (UseAllowedGroup) {
166  if (!Valid_Group(DomainUser, NTAllowedGroup)) {
167  result = NTV_GROUP_ERROR;
169  debug("%s\n", errormsg);
170  }
171  }
172  if (UseDisallowedGroup) {
173  if (Valid_Group(DomainUser, NTDisAllowedGroup)) {
174  result = NTV_GROUP_ERROR;
176  debug("%s\n", errormsg);
177  }
178  }
179  }
180  return result;
181 }
182 
char * NTAllowedGroup
const char NTV_SERVER_ERROR_MSG[]
Definition: valid.cc:54
BOOL WINAPI SSP_LogonUser(PTSTR szUser, PTSTR szPassword, PTSTR szDomain)
Definition: sspwin32.cc:383
int i
Definition: membanger.c:49
#define NTV_LOGON_ERROR
Definition: valid.h:16
#define NTV_DEFAULT_DOMAIN
Definition: valid.h:60
#define NTV_NO_ERROR
Definition: valid.h:13
const char NTV_VALID_DOMAIN_SEPARATOR[]
Definition: valid.cc:57
const char * errormsg
Definition: valid.cc:52
static int debug
Definition: tcp-banger3.c:105
#define TRUE
Definition: std-includes.h:55
const char NTV_LOGON_ERROR_MSG[]
Definition: valid.cc:56
#define NTV_GROUP_ERROR
Definition: valid.h:53
typedef DWORD
Definition: WinSvc.cc:73
int Valid_Group(char *UserName, char *Group)
Definition: valid.cc:61
#define FALSE
Definition: std-includes.h:56
char Default_NTDomain[DNLEN+1]
Definition: valid.cc:51
int UseDisallowedGroup
#define NTV_SERVER_ERROR
Definition: valid.h:14
const char NTV_GROUP_ERROR_MSG[]
Definition: valid.cc:55
char * NTDisAllowedGroup
int UseAllowedGroup
#define NULL
Definition: types.h:166
int Valid_User(char *USERNAME, char *PASSWORD, const char *SERVER, char *, const char *DOMAIN)
Definition: valid.cc:25

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors